summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore
diff options
context:
space:
mode:
Diffstat (limited to 'Source/JavaScriptCore')
-rw-r--r--Source/JavaScriptCore/API/JSCallbackObjectFunctions.h314
-rw-r--r--Source/JavaScriptCore/API/JSClassRef.cpp2
-rw-r--r--Source/JavaScriptCore/API/JSValueRef.cpp2
-rw-r--r--Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp2
-rw-r--r--Source/JavaScriptCore/CMakeLists.txt12
-rw-r--r--Source/JavaScriptCore/ChangeLog70083
-rw-r--r--Source/JavaScriptCore/ChangeLog-2012-05-2270902
-rw-r--r--Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig7
-rw-r--r--Source/JavaScriptCore/DerivedSources.make1
-rw-r--r--Source/JavaScriptCore/DerivedSources.pri1
-rw-r--r--Source/JavaScriptCore/GNUmakefile.list.am19
-rw-r--r--Source/JavaScriptCore/JavaScriptCore.gypi7
-rw-r--r--Source/JavaScriptCore/JavaScriptCore.pri2
-rwxr-xr-xSource/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def6
-rw-r--r--Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj28
-rw-r--r--Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj80
-rw-r--r--Source/JavaScriptCore/Target.pri10
-rw-r--r--Source/JavaScriptCore/assembler/ARMAssembler.cpp17
-rw-r--r--Source/JavaScriptCore/assembler/ARMAssembler.h36
-rw-r--r--Source/JavaScriptCore/assembler/ARMv7Assembler.h37
-rw-r--r--Source/JavaScriptCore/assembler/AbstractMacroAssembler.h8
-rw-r--r--Source/JavaScriptCore/assembler/LinkBuffer.h2
-rw-r--r--Source/JavaScriptCore/assembler/MIPSAssembler.h32
-rw-r--r--Source/JavaScriptCore/assembler/SH4Assembler.h13
-rw-r--r--Source/JavaScriptCore/assembler/X86Assembler.h3
-rw-r--r--Source/JavaScriptCore/bytecode/CodeBlock.cpp446
-rw-r--r--Source/JavaScriptCore/bytecode/CodeBlock.h106
-rw-r--r--Source/JavaScriptCore/bytecode/CodeOrigin.h2
-rw-r--r--Source/JavaScriptCore/bytecode/DFGExitProfile.h15
-rw-r--r--Source/JavaScriptCore/bytecode/Operands.h10
-rw-r--r--Source/JavaScriptCore/bytecode/PredictedType.cpp20
-rw-r--r--Source/JavaScriptCore/bytecode/PredictedType.h44
-rw-r--r--Source/JavaScriptCore/bytecode/StructureStubInfo.h14
-rw-r--r--Source/JavaScriptCore/bytecode/ValueRecovery.h12
-rw-r--r--Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp25
-rw-r--r--Source/JavaScriptCore/dfg/DFGAbstractState.cpp766
-rw-r--r--Source/JavaScriptCore/dfg/DFGAbstractState.h87
-rw-r--r--Source/JavaScriptCore/dfg/DFGAbstractValue.h112
-rw-r--r--Source/JavaScriptCore/dfg/DFGAdjacencyList.h31
-rw-r--r--Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp750
-rw-r--r--Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h49
-rw-r--r--Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp8
-rw-r--r--Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h43
-rw-r--r--Source/JavaScriptCore/dfg/DFGBasicBlock.h33
-rw-r--r--Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp329
-rw-r--r--Source/JavaScriptCore/dfg/DFGByteCodeParser.h2
-rw-r--r--Source/JavaScriptCore/dfg/DFGCCallHelpers.h43
-rw-r--r--Source/JavaScriptCore/dfg/DFGCFAPhase.cpp10
-rw-r--r--Source/JavaScriptCore/dfg/DFGCFAPhase.h2
-rw-r--r--Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp730
-rw-r--r--Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.h52
-rw-r--r--Source/JavaScriptCore/dfg/DFGCSEPhase.cpp217
-rw-r--r--Source/JavaScriptCore/dfg/DFGCSEPhase.h4
-rw-r--r--Source/JavaScriptCore/dfg/DFGCapabilities.cpp55
-rw-r--r--Source/JavaScriptCore/dfg/DFGCapabilities.h64
-rw-r--r--Source/JavaScriptCore/dfg/DFGCommon.h23
-rw-r--r--Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp120
-rw-r--r--Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.h48
-rw-r--r--Source/JavaScriptCore/dfg/DFGDominators.cpp109
-rw-r--r--Source/JavaScriptCore/dfg/DFGDominators.h77
-rw-r--r--Source/JavaScriptCore/dfg/DFGDriver.cpp48
-rw-r--r--Source/JavaScriptCore/dfg/DFGDriver.h9
-rw-r--r--Source/JavaScriptCore/dfg/DFGEdge.h4
-rw-r--r--Source/JavaScriptCore/dfg/DFGFixupPhase.cpp30
-rw-r--r--Source/JavaScriptCore/dfg/DFGFixupPhase.h2
-rw-r--r--Source/JavaScriptCore/dfg/DFGGPRInfo.h6
-rw-r--r--Source/JavaScriptCore/dfg/DFGGraph.cpp151
-rw-r--r--Source/JavaScriptCore/dfg/DFGGraph.h210
-rw-r--r--Source/JavaScriptCore/dfg/DFGInsertionSet.h2
-rw-r--r--Source/JavaScriptCore/dfg/DFGJITCompiler.cpp34
-rw-r--r--Source/JavaScriptCore/dfg/DFGJITCompiler.h78
-rw-r--r--Source/JavaScriptCore/dfg/DFGNode.h89
-rw-r--r--Source/JavaScriptCore/dfg/DFGNodeFlags.cpp7
-rw-r--r--Source/JavaScriptCore/dfg/DFGNodeFlags.h2
-rw-r--r--Source/JavaScriptCore/dfg/DFGNodeType.h24
-rw-r--r--Source/JavaScriptCore/dfg/DFGOSREntry.cpp8
-rw-r--r--Source/JavaScriptCore/dfg/DFGOSRExit.cpp11
-rw-r--r--Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp4
-rw-r--r--Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h5
-rw-r--r--Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp125
-rw-r--r--Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp87
-rw-r--r--Source/JavaScriptCore/dfg/DFGOperations.cpp103
-rw-r--r--Source/JavaScriptCore/dfg/DFGOperations.h20
-rw-r--r--Source/JavaScriptCore/dfg/DFGPhase.cpp3
-rw-r--r--Source/JavaScriptCore/dfg/DFGPhase.h11
-rw-r--r--Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp79
-rw-r--r--Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.h2
-rw-r--r--Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.cpp9
-rw-r--r--Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.h2
-rw-r--r--Source/JavaScriptCore/dfg/DFGScoreBoard.h13
-rw-r--r--Source/JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h123
-rw-r--r--Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h496
-rw-r--r--Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp260
-rw-r--r--Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h686
-rw-r--r--Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp723
-rw-r--r--Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp757
-rw-r--r--Source/JavaScriptCore/dfg/DFGThunks.cpp15
-rw-r--r--Source/JavaScriptCore/dfg/DFGValidate.cpp362
-rw-r--r--Source/JavaScriptCore/dfg/DFGValidate.h51
-rw-r--r--Source/JavaScriptCore/dfg/DFGVariableAccessData.h37
-rw-r--r--Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp43
-rw-r--r--Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.h2
-rw-r--r--Source/JavaScriptCore/heap/BlockAllocator.cpp17
-rw-r--r--Source/JavaScriptCore/heap/BlockAllocator.h30
-rw-r--r--Source/JavaScriptCore/heap/CopiedBlock.h51
-rw-r--r--Source/JavaScriptCore/heap/CopiedSpace.cpp65
-rw-r--r--Source/JavaScriptCore/heap/CopiedSpace.h8
-rw-r--r--Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h20
-rw-r--r--Source/JavaScriptCore/heap/Heap.cpp111
-rw-r--r--Source/JavaScriptCore/heap/Heap.h18
-rw-r--r--Source/JavaScriptCore/heap/HeapBlock.h4
-rw-r--r--Source/JavaScriptCore/heap/MachineStackMarker.cpp14
-rw-r--r--Source/JavaScriptCore/heap/MarkedAllocator.cpp10
-rw-r--r--Source/JavaScriptCore/heap/MarkedBlock.cpp20
-rw-r--r--Source/JavaScriptCore/heap/MarkedBlock.h70
-rw-r--r--Source/JavaScriptCore/heap/MarkedSpace.cpp130
-rw-r--r--Source/JavaScriptCore/heap/MarkedSpace.h7
-rw-r--r--Source/JavaScriptCore/heap/PassWeak.h4
-rw-r--r--Source/JavaScriptCore/heap/Weak.h29
-rw-r--r--Source/JavaScriptCore/heap/WeakBlock.cpp25
-rw-r--r--Source/JavaScriptCore/heap/WeakBlock.h25
-rw-r--r--Source/JavaScriptCore/heap/WeakSet.cpp37
-rw-r--r--Source/JavaScriptCore/heap/WeakSet.h66
-rw-r--r--Source/JavaScriptCore/heap/WeakSetInlines.h2
-rw-r--r--Source/JavaScriptCore/interpreter/CallFrame.cpp10
-rw-r--r--Source/JavaScriptCore/interpreter/CallFrame.h5
-rw-r--r--Source/JavaScriptCore/interpreter/Interpreter.cpp24
-rw-r--r--Source/JavaScriptCore/jit/ExecutableAllocator.cpp17
-rw-r--r--Source/JavaScriptCore/jit/ExecutableAllocator.h102
-rw-r--r--Source/JavaScriptCore/jit/HostCallReturnValue.h4
-rw-r--r--Source/JavaScriptCore/jit/JIT.cpp27
-rw-r--r--Source/JavaScriptCore/jit/JIT.h3
-rw-r--r--Source/JavaScriptCore/jit/JITArithmetic.cpp2
-rw-r--r--Source/JavaScriptCore/jit/JITCode.h2
-rw-r--r--Source/JavaScriptCore/jit/JITDriver.h12
-rw-r--r--Source/JavaScriptCore/jit/JITOpcodes.cpp3
-rw-r--r--Source/JavaScriptCore/jit/JITOpcodes32_64.cpp1
-rw-r--r--Source/JavaScriptCore/jit/JITPropertyAccess.cpp2
-rw-r--r--Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp2
-rw-r--r--Source/JavaScriptCore/jit/JITStubs.cpp67
-rw-r--r--Source/JavaScriptCore/jit/JITStubs.h2
-rw-r--r--Source/JavaScriptCore/jit/ThunkGenerators.cpp2
-rw-r--r--Source/JavaScriptCore/jsc.cpp7
-rw-r--r--Source/JavaScriptCore/llint/LLIntSlowPaths.cpp21
-rw-r--r--Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm2
-rw-r--r--Source/JavaScriptCore/llint/LowLevelInterpreter64.asm2
-rw-r--r--Source/JavaScriptCore/runtime/Arguments.cpp30
-rw-r--r--Source/JavaScriptCore/runtime/Arguments.h45
-rw-r--r--Source/JavaScriptCore/runtime/ArrayPrototype.cpp12
-rw-r--r--Source/JavaScriptCore/runtime/BooleanConstructor.cpp4
-rw-r--r--Source/JavaScriptCore/runtime/CommonSlowPaths.h4
-rw-r--r--Source/JavaScriptCore/runtime/Executable.cpp24
-rw-r--r--Source/JavaScriptCore/runtime/Executable.h14
-rw-r--r--Source/JavaScriptCore/runtime/ExecutionHarness.h12
-rw-r--r--Source/JavaScriptCore/runtime/JSActivation.cpp6
-rw-r--r--Source/JavaScriptCore/runtime/JSCell.h2
-rw-r--r--Source/JavaScriptCore/runtime/JSGlobalData.cpp37
-rw-r--r--Source/JavaScriptCore/runtime/JSGlobalData.h54
-rw-r--r--Source/JavaScriptCore/runtime/JSGlobalObject.cpp14
-rw-r--r--Source/JavaScriptCore/runtime/JSGlobalObject.h11
-rw-r--r--Source/JavaScriptCore/runtime/JSObject.cpp5
-rw-r--r--Source/JavaScriptCore/runtime/JSObject.h1
-rw-r--r--Source/JavaScriptCore/runtime/JSString.cpp2
-rw-r--r--Source/JavaScriptCore/runtime/JSString.h10
-rw-r--r--Source/JavaScriptCore/runtime/JSType.h1
-rw-r--r--Source/JavaScriptCore/runtime/JSTypeInfo.h1
-rw-r--r--Source/JavaScriptCore/runtime/JSValue.cpp2
-rw-r--r--Source/JavaScriptCore/runtime/JSValue.h4
-rw-r--r--Source/JavaScriptCore/runtime/JSVariableObject.cpp4
-rw-r--r--Source/JavaScriptCore/runtime/JSVariableObject.h8
-rw-r--r--Source/JavaScriptCore/runtime/Lookup.cpp5
-rw-r--r--Source/JavaScriptCore/runtime/Lookup.h10
-rw-r--r--Source/JavaScriptCore/runtime/NameConstructor.cpp69
-rw-r--r--Source/JavaScriptCore/runtime/NameConstructor.h65
-rw-r--r--Source/JavaScriptCore/runtime/NameInstance.cpp44
-rw-r--r--Source/JavaScriptCore/runtime/NameInstance.h77
-rw-r--r--Source/JavaScriptCore/runtime/NamePrototype.cpp89
-rw-r--r--Source/JavaScriptCore/runtime/NamePrototype.h64
-rw-r--r--Source/JavaScriptCore/runtime/ObjectConstructor.cpp6
-rw-r--r--Source/JavaScriptCore/runtime/PrivateName.h48
-rw-r--r--Source/JavaScriptCore/runtime/PropertyMapHashTable.h5
-rw-r--r--Source/JavaScriptCore/runtime/PropertyName.h37
-rw-r--r--Source/JavaScriptCore/runtime/RegExpCache.cpp23
-rw-r--r--Source/JavaScriptCore/runtime/RegExpConstructor.cpp4
-rw-r--r--Source/JavaScriptCore/runtime/RegExpKey.h1
-rw-r--r--Source/JavaScriptCore/runtime/RegExpPrototype.cpp6
-rw-r--r--Source/JavaScriptCore/runtime/Structure.cpp30
-rw-r--r--Source/JavaScriptCore/runtime/Structure.h2
-rw-r--r--Source/JavaScriptCore/runtime/WeakGCMap.h70
-rw-r--r--Source/JavaScriptCore/tools/CodeProfile.cpp2
190 files changed, 81306 insertions, 71557 deletions
diff --git a/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h b/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
index fdc58fccf..160f48887 100644
--- a/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
+++ b/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
@@ -129,54 +129,56 @@ bool JSCallbackObject<Parent>::getOwnPropertySlot(JSCell* cell, ExecState* exec,
JSObjectRef thisRef = toRef(thisObject);
RefPtr<OpaqueJSString> propertyNameRef;
- for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) {
- // optional optimization to bypass getProperty in cases when we only need to know if the property exists
- if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) {
- if (!propertyNameRef)
- propertyNameRef = OpaqueJSString::create(propertyName.ustring());
- APICallbackShim callbackShim(exec);
- if (hasProperty(ctx, thisRef, propertyNameRef.get())) {
- slot.setCustom(thisObject, callbackGetter);
- return true;
- }
- } else if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) {
- if (!propertyNameRef)
- propertyNameRef = OpaqueJSString::create(propertyName.ustring());
- JSValueRef exception = 0;
- JSValueRef value;
- {
+ if (StringImpl* name = propertyName.publicName()) {
+ for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) {
+ // optional optimization to bypass getProperty in cases when we only need to know if the property exists
+ if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) {
+ if (!propertyNameRef)
+ propertyNameRef = OpaqueJSString::create(name);
APICallbackShim callbackShim(exec);
- value = getProperty(ctx, thisRef, propertyNameRef.get(), &exception);
- }
- if (exception) {
- throwError(exec, toJS(exec, exception));
- slot.setValue(jsUndefined());
- return true;
- }
- if (value) {
- slot.setValue(toJS(exec, value));
- return true;
- }
- }
-
- if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
- if (staticValues->contains(propertyName.impl())) {
- JSValue value = thisObject->getStaticValue(exec, propertyName);
+ if (hasProperty(ctx, thisRef, propertyNameRef.get())) {
+ slot.setCustom(thisObject, callbackGetter);
+ return true;
+ }
+ } else if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) {
+ if (!propertyNameRef)
+ propertyNameRef = OpaqueJSString::create(name);
+ JSValueRef exception = 0;
+ JSValueRef value;
+ {
+ APICallbackShim callbackShim(exec);
+ value = getProperty(ctx, thisRef, propertyNameRef.get(), &exception);
+ }
+ if (exception) {
+ throwError(exec, toJS(exec, exception));
+ slot.setValue(jsUndefined());
+ return true;
+ }
if (value) {
- slot.setValue(value);
+ slot.setValue(toJS(exec, value));
return true;
}
}
- }
-
- if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
- if (staticFunctions->contains(propertyName.impl())) {
- slot.setCustom(thisObject, staticFunctionGetter);
- return true;
+
+ if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+ if (staticValues->contains(name)) {
+ JSValue value = thisObject->getStaticValue(exec, propertyName);
+ if (value) {
+ slot.setValue(value);
+ return true;
+ }
+ }
+ }
+
+ if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+ if (staticFunctions->contains(name)) {
+ slot.setCustom(thisObject, staticFunctionGetter);
+ return true;
+ }
}
}
}
-
+
return Parent::getOwnPropertySlot(thisObject, exec, propertyName, slot);
}
@@ -233,53 +235,55 @@ void JSCallbackObject<Parent>::put(JSCell* cell, ExecState* exec, PropertyName p
RefPtr<OpaqueJSString> propertyNameRef;
JSValueRef valueRef = toRef(exec, value);
- for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) {
- if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) {
- if (!propertyNameRef)
- propertyNameRef = OpaqueJSString::create(propertyName.ustring());
- JSValueRef exception = 0;
- bool result;
- {
- APICallbackShim callbackShim(exec);
- result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception);
- }
- if (exception)
- throwError(exec, toJS(exec, exception));
- if (result || exception)
- return;
- }
-
- if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
- if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) {
- if (entry->attributes & kJSPropertyAttributeReadOnly)
+ if (StringImpl* name = propertyName.publicName()) {
+ for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) {
+ if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) {
+ if (!propertyNameRef)
+ propertyNameRef = OpaqueJSString::create(name);
+ JSValueRef exception = 0;
+ bool result;
+ {
+ APICallbackShim callbackShim(exec);
+ result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception);
+ }
+ if (exception)
+ throwError(exec, toJS(exec, exception));
+ if (result || exception)
return;
- if (JSObjectSetPropertyCallback setProperty = entry->setProperty) {
- if (!propertyNameRef)
- propertyNameRef = OpaqueJSString::create(propertyName.ustring());
- JSValueRef exception = 0;
- bool result;
- {
- APICallbackShim callbackShim(exec);
- result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception);
- }
- if (exception)
- throwError(exec, toJS(exec, exception));
- if (result || exception)
+ }
+
+ if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+ if (StaticValueEntry* entry = staticValues->get(name)) {
+ if (entry->attributes & kJSPropertyAttributeReadOnly)
return;
+ if (JSObjectSetPropertyCallback setProperty = entry->setProperty) {
+ if (!propertyNameRef)
+ propertyNameRef = OpaqueJSString::create(name);
+ JSValueRef exception = 0;
+ bool result;
+ {
+ APICallbackShim callbackShim(exec);
+ result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception);
+ }
+ if (exception)
+ throwError(exec, toJS(exec, exception));
+ if (result || exception)
+ return;
+ }
}
}
- }
-
- if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
- if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) {
- if (entry->attributes & kJSPropertyAttributeReadOnly)
+
+ if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+ if (StaticFunctionEntry* entry = staticFunctions->get(name)) {
+ if (entry->attributes & kJSPropertyAttributeReadOnly)
+ return;
+ thisObject->JSCallbackObject<Parent>::putDirect(exec->globalData(), propertyName, value); // put as override property
return;
- thisObject->JSCallbackObject<Parent>::putDirect(exec->globalData(), propertyName, value); // put as override property
- return;
+ }
}
}
}
-
+
return Parent::put(thisObject, exec, propertyName, value, slot);
}
@@ -291,39 +295,41 @@ bool JSCallbackObject<Parent>::deleteProperty(JSCell* cell, ExecState* exec, Pro
JSObjectRef thisRef = toRef(thisObject);
RefPtr<OpaqueJSString> propertyNameRef;
- for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) {
- if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) {
- if (!propertyNameRef)
- propertyNameRef = OpaqueJSString::create(propertyName.ustring());
- JSValueRef exception = 0;
- bool result;
- {
- APICallbackShim callbackShim(exec);
- result = deleteProperty(ctx, thisRef, propertyNameRef.get(), &exception);
+ if (StringImpl* name = propertyName.publicName()) {
+ for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) {
+ if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) {
+ if (!propertyNameRef)
+ propertyNameRef = OpaqueJSString::create(name);
+ JSValueRef exception = 0;
+ bool result;
+ {
+ APICallbackShim callbackShim(exec);
+ result = deleteProperty(ctx, thisRef, propertyNameRef.get(), &exception);
+ }
+ if (exception)
+ throwError(exec, toJS(exec, exception));
+ if (result || exception)
+ return true;
}
- if (exception)
- throwError(exec, toJS(exec, exception));
- if (result || exception)
- return true;
- }
-
- if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
- if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) {
- if (entry->attributes & kJSPropertyAttributeDontDelete)
- return false;
- return true;
+
+ if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+ if (StaticValueEntry* entry = staticValues->get(name)) {
+ if (entry->attributes & kJSPropertyAttributeDontDelete)
+ return false;
+ return true;
+ }
}
- }
-
- if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
- if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) {
- if (entry->attributes & kJSPropertyAttributeDontDelete)
- return false;
- return true;
+
+ if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+ if (StaticFunctionEntry* entry = staticFunctions->get(name)) {
+ if (entry->attributes & kJSPropertyAttributeDontDelete)
+ return false;
+ return true;
+ }
}
}
}
-
+
return Parent::deleteProperty(thisObject, exec, propertyName);
}
@@ -509,25 +515,30 @@ JSValue JSCallbackObject<Parent>::getStaticValue(ExecState* exec, PropertyName p
JSObjectRef thisRef = toRef(this);
RefPtr<OpaqueJSString> propertyNameRef;
- for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
- if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec))
- if (StaticValueEntry* entry = staticValues->get(propertyName.impl()))
- if (JSObjectGetPropertyCallback getProperty = entry->getProperty) {
- if (!propertyNameRef)
- propertyNameRef = OpaqueJSString::create(propertyName.ustring());
- JSValueRef exception = 0;
- JSValueRef value;
- {
- APICallbackShim callbackShim(exec);
- value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception);
- }
- if (exception) {
- throwError(exec, toJS(exec, exception));
- return jsUndefined();
+ if (StringImpl* name = propertyName.publicName()) {
+ for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+ if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+ if (StaticValueEntry* entry = staticValues->get(name)) {
+ if (JSObjectGetPropertyCallback getProperty = entry->getProperty) {
+ if (!propertyNameRef)
+ propertyNameRef = OpaqueJSString::create(name);
+ JSValueRef exception = 0;
+ JSValueRef value;
+ {
+ APICallbackShim callbackShim(exec);
+ value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception);
+ }
+ if (exception) {
+ throwError(exec, toJS(exec, exception));
+ return jsUndefined();
+ }
+ if (value)
+ return toJS(exec, value);
}
- if (value)
- return toJS(exec, value);
}
+ }
+ }
+ }
return JSValue();
}
@@ -542,19 +553,21 @@ JSValue JSCallbackObject<Parent>::staticFunctionGetter(ExecState* exec, JSValue
if (Parent::getOwnPropertySlot(thisObj, exec, propertyName, slot2))
return slot2.getValue(exec, propertyName);
- for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) {
- if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
- if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) {
- if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) {
-
- JSObject* o = JSCallbackFunction::create(exec, thisObj->globalObject(), callAsFunction, propertyName.ustring());
- thisObj->putDirect(exec->globalData(), propertyName, o, entry->attributes);
- return o;
+ if (StringImpl* name = propertyName.publicName()) {
+ for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) {
+ if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+ if (StaticFunctionEntry* entry = staticFunctions->get(name)) {
+ if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) {
+
+ JSObject* o = JSCallbackFunction::create(exec, thisObj->globalObject(), callAsFunction, name);
+ thisObj->putDirect(exec->globalData(), propertyName, o, entry->attributes);
+ return o;
+ }
}
}
}
}
-
+
return throwError(exec, createReferenceError(exec, "Static function property defined with NULL callAsFunction callback."));
}
@@ -566,24 +579,27 @@ JSValue JSCallbackObject<Parent>::callbackGetter(ExecState* exec, JSValue slotPa
JSObjectRef thisRef = toRef(thisObj);
RefPtr<OpaqueJSString> propertyNameRef;
- for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass)
- if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) {
- if (!propertyNameRef)
- propertyNameRef = OpaqueJSString::create(propertyName.ustring());
- JSValueRef exception = 0;
- JSValueRef value;
- {
- APICallbackShim callbackShim(exec);
- value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception);
- }
- if (exception) {
- throwError(exec, toJS(exec, exception));
- return jsUndefined();
+ if (StringImpl* name = propertyName.publicName()) {
+ for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) {
+ if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) {
+ if (!propertyNameRef)
+ propertyNameRef = OpaqueJSString::create(name);
+ JSValueRef exception = 0;
+ JSValueRef value;
+ {
+ APICallbackShim callbackShim(exec);
+ value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception);
+ }
+ if (exception) {
+ throwError(exec, toJS(exec, exception));
+ return jsUndefined();
+ }
+ if (value)
+ return toJS(exec, value);
}
- if (value)
- return toJS(exec, value);
}
-
+ }
+
return throwError(exec, createReferenceError(exec, "hasProperty callback returned true for a property that doesn't exist."));
}
diff --git a/Source/JavaScriptCore/API/JSClassRef.cpp b/Source/JavaScriptCore/API/JSClassRef.cpp
index 5f67fc37e..134431654 100644
--- a/Source/JavaScriptCore/API/JSClassRef.cpp
+++ b/Source/JavaScriptCore/API/JSClassRef.cpp
@@ -219,6 +219,6 @@ JSObject* OpaqueJSClass::prototype(ExecState* exec)
prototype->setPrototype(exec->globalData(), parentPrototype);
}
- jsClassData.cachedPrototype = PassWeak<JSObject>(prototype, 0);
+ jsClassData.cachedPrototype = PassWeak<JSObject>(prototype);
return prototype;
}
diff --git a/Source/JavaScriptCore/API/JSValueRef.cpp b/Source/JavaScriptCore/API/JSValueRef.cpp
index 9b7268a2d..04d7f661d 100644
--- a/Source/JavaScriptCore/API/JSValueRef.cpp
+++ b/Source/JavaScriptCore/API/JSValueRef.cpp
@@ -266,7 +266,7 @@ bool JSValueToBoolean(JSContextRef ctx, JSValueRef value)
APIEntryShim entryShim(exec);
JSValue jsValue = toJS(exec, value);
- return jsValue.toBoolean(exec);
+ return jsValue.toBoolean();
}
double JSValueToNumber(JSContextRef ctx, JSValueRef value, JSValueRef* exception)
diff --git a/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp b/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp
index bdd56f602..bfb006021 100644
--- a/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp
+++ b/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp
@@ -72,7 +72,7 @@ void JSWeakObjectMapRemove(JSContextRef ctx, JSWeakObjectMapRef map, void* key)
{
ExecState* exec = toJS(ctx);
APIEntryShim entryShim(exec);
- map->map().take(key);
+ map->map().remove(key);
}
// We need to keep this function in the build to keep the nightlies running.
diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
index bf48f970d..cb58b0007 100644
--- a/Source/JavaScriptCore/CMakeLists.txt
+++ b/Source/JavaScriptCore/CMakeLists.txt
@@ -58,12 +58,16 @@ SET(JavaScriptCore_SOURCES
bytecompiler/NodesCodegen.cpp
dfg/DFGAbstractState.cpp
+ dfg/DFGArgumentsSimplificationPhase.cpp
dfg/DFGAssemblyHelpers.cpp
dfg/DFGByteCodeParser.cpp
dfg/DFGCapabilities.cpp
dfg/DFGCFAPhase.cpp
+ dfg/DFGCFGSimplificationPhase.cpp
+ dfg/DFGConstantFoldingPhase.cpp
dfg/DFGCorrectableJumpPoint.cpp
dfg/DFGCSEPhase.cpp
+ dfg/DFGDominators.cpp
dfg/DFGDriver.cpp
dfg/DFGFixupPhase.cpp
dfg/DFGGraph.cpp
@@ -83,6 +87,7 @@ SET(JavaScriptCore_SOURCES
dfg/DFGSpeculativeJIT32_64.cpp
dfg/DFGSpeculativeJIT64.cpp
dfg/DFGThunks.cpp
+ dfg/DFGValidate.cpp
dfg/DFGVirtualRegisterAllocationPhase.cpp
heap/BlockAllocator.cpp
@@ -189,6 +194,12 @@ SET(JavaScriptCore_SOURCES
runtime/LiteralParser.cpp
runtime/Lookup.cpp
runtime/MathObject.cpp
+ runtime/NameConstructor.cpp
+ runtime/NameConstructor.h
+ runtime/NameInstance.cpp
+ runtime/NameInstance.h
+ runtime/NamePrototype.cpp
+ runtime/NamePrototype.h
runtime/NativeErrorConstructor.cpp
runtime/NativeErrorPrototype.cpp
runtime/NumberConstructor.cpp
@@ -240,6 +251,7 @@ SET(JavaScriptCore_LUT_FILES
runtime/JSGlobalObject.cpp
runtime/JSONObject.cpp
runtime/MathObject.cpp
+ runtime/NamePrototype.cpp
runtime/NumberConstructor.cpp
runtime/NumberPrototype.cpp
runtime/ObjectConstructor.cpp
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index e8aac4510..7bea6a152 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,69765 +1,1278 @@
-2012-05-17 Filip Pizlo <fpizlo@apple.com>
-
- Setting array index -1 and looping over array causes bad behavior
- https://bugs.webkit.org/show_bug.cgi?id=86733
- <rdar://problem/11477670>
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGOperations.cpp:
-
-2012-05-17 Geoffrey Garen <ggaren@apple.com>
-
- Not reviewed.
-
- Rolled out r117495 because it caused som out of memory crashes.
-
- * heap/Heap.cpp:
- (JSC::Heap::collect):
-
-2012-05-17 Geoffrey Garen <ggaren@apple.com>
-
- Refactored the Heap to move more MarkedSpace logic into MarkedSpace
- https://bugs.webkit.org/show_bug.cgi?id=86790
-
- Reviewed by Gavin Barraclough.
-
- * heap/Heap.cpp:
- (JSC::Heap::lastChanceToFinalize):
- (JSC::Heap::markRoots):
- (JSC):
- (JSC::Heap::objectCount):
- (JSC::Heap::size):
- (JSC::Heap::capacity):
- (JSC::Heap::collect):
- * heap/Heap.h:
- (Heap): Took all the functors from here...
-
- * heap/MarkedBlock.h:
- (CountFunctor):
- (JSC::MarkedBlock::CountFunctor::CountFunctor):
- (JSC::MarkedBlock::CountFunctor::count):
- (JSC::MarkedBlock::CountFunctor::returnValue):
- (MarkedBlock):
- * heap/MarkedSpace.h:
- (JSC::ClearMarks::operator()):
- (JSC):
- (JSC::Sweep::operator()):
- (JSC::MarkCount::operator()):
- (JSC::Size::operator()):
- (JSC::Capacity::operator()):
- (MarkedSpace):
- (JSC::MarkedSpace::clearMarks):
- (JSC::MarkedSpace::sweep):
- (JSC::MarkedSpace::objectCount):
- (JSC::MarkedSpace::size):
- (JSC::MarkedSpace::capacity): and put them here.
-
-2012-05-17 Geoffrey Garen <ggaren@apple.com>
-
- Increase the GC allocation trigger
- https://bugs.webkit.org/show_bug.cgi?id=86699
-
- Reviewed by Sam Weinig.
-
- This helps a lot when the heap is growing, and helps to resolve
- the regression caused by r116484.
-
- * heap/Heap.cpp:
- (JSC::Heap::collect):
-
-2012-05-16 Mark Hahnenberg <mhahnenberg@apple.com>
-
- GC in the middle of JSObject::allocatePropertyStorage can cause badness
- https://bugs.webkit.org/show_bug.cgi?id=83839
-
- Reviewed by Geoff Garen.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSObject.cpp:
- (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're
- growing our already-existing PropertyStorage.
- * runtime/JSObject.h:
- (JSObject):
- (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage
- and the new structure so that we can be sure a GC never occurs when our Structure
- info is out of sync with our PropertyStorage.
- (JSC):
- (JSC::JSObject::putDirectInternal): Moved the check to see if we should
- allocate more backing store before the actual property insertion into
- the structure.
- (JSC::JSObject::putDirectWithoutTransition): Ditto.
- (JSC::JSObject::transitionTo): Ditto.
- * runtime/Structure.cpp:
- (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy
- for property backing stores contained within the Structure class.
- (JSC):
- * runtime/Structure.h:
- (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion
- into the Structure would require resizing the property backing store so that they can
- preallocate the required storage.
- (Structure):
-
-2012-05-16 Geoffrey Garen <ggaren@apple.com>
-
- GC is not thread-safe when moving values between C stacks
- https://bugs.webkit.org/show_bug.cgi?id=86672
-
- Reviewed by Phil Pizlo.
-
- GC pauses thread A while marking thread A, and then B while marking B,
- which isn't safe against A and B moving values between each others'
- stacks.
-
- This is a theoretical bug -- I haven't been able to reproduce it
- in the wild.
-
- * heap/MachineStackMarker.cpp:
- (JSC::MachineThreads::gatherFromOtherThread):
- (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the
- duration of stack marking, to avoid missing values that might be moving
- between C stacks.
-
-2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Block freeing thread should not free blocks when we are actively requesting them
- https://bugs.webkit.org/show_bug.cgi?id=86519
-
- Reviewed by Geoff Garen.
-
- * heap/BlockAllocator.h:
- (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done
- while we hold the lock to ensure proper locking.
-
-2012-05-15 Filip Pizlo <fpizlo@apple.com>
-
- shrinkToFit() is often not called for Vectors in CodeBlock
- https://bugs.webkit.org/show_bug.cgi?id=86436
-
- Reviewed by Oliver Hunt.
-
- The vectors in CodeBlock are often appended to during various stages of
- compilation, but we neglect to shrink them after compilation finishes. This
- patch takes the most brutal possible approach: shrink all the vectors after
- the bytecompile phase, and then shrink them again after the appropriate
- JITing phase. The two shrinks are necessary because the JIT may append more
- stuff, but may also generate code that directly references things in other
- vectors; hence some can only be shrunk before JIT and some after. Also,
- we may allow a CodeBlock to sit around for a long time - possibly forever -
- before invoking the JIT, hence it makes sense to have two shrinks.
-
- This is performance neutral on the major benchmarks we track.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::shrinkToFit):
- * bytecode/CodeBlock.h:
- (CodeBlock):
- (JSC::CodeBlock::appendWeakReferenceTransition):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::generate):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
-
-2012-05-15 Oliver Hunt <oliver@apple.com>
-
- Make error information available even if all we have is line number information.
- https://bugs.webkit.org/show_bug.cgi?id=86547
-
- Reviewed by Filip Pizlo.
-
- We don't need expression information to generate useful line, file, and stack information,
- so only require that we have line number info available.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
- * runtime/Executable.h:
- (JSC):
-
-2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Block freeing thread should not free blocks when we are actively requesting them
- https://bugs.webkit.org/show_bug.cgi?id=86519
-
- Reviewed by Geoffrey Garen.
-
- The block freeing thread shoots us in the foot if it decides to run while we're actively
- requesting blocks and returning them. This situation can arise when there is a lot of copying
- collection going on in steady state. We allocate a large swath of pages to copy into, then we
- return all the newly free old pages to the BlockAllocator. In this state, if the block freeing
- thread wakes up in between collections (which is more likely than it waking up during a
- collection) and frees half of these pages, they will be needed almost immediately during the
- next collection, causing a storm of VM allocations which we know are going to be very slow.
-
- What we'd like is for when things have quieted down the block freeing thread can then return
- memory to the OS. Usually this will be when a page has fully loaded and has a low allocation
- rate. In this situation, our opportunistic collections will only be running at least every few
- seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say,
- while a page is loading.
-
- * heap/BlockAllocator.cpp:
- (JSC::BlockAllocator::BlockAllocator): Initialize our new field.
- (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently.
- If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out
- on an update, we'll see it when we wake up again.
- * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests.
- (BlockAllocator):
- (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks
- that to true. We don't bother locking since we assume that writing to a bool is atomic.
-
-2012-05-14 Luke Macpherson <macpherson@chromium.org>
+2012-05-24 Tim Horton <timothy_horton@apple.com>
- Introduce ENABLE_CSS_VARIABLES compile flag.
- https://bugs.webkit.org/show_bug.cgi?id=86338
+ Add feature defines for web-facing parts of CSS Regions and Exclusions
+ https://bugs.webkit.org/show_bug.cgi?id=87442
+ <rdar://problem/10887709>
- Reviewed by Dimitri Glazkov.
-
- Add a configuration option for CSS Variables support, disabling it by default.
+ Reviewed by Dan Bernstein.
* Configurations/FeatureDefines.xcconfig:
-2012-05-14 Gavin Barraclough <barraclough@apple.com>
+2012-05-24 Geoffrey Garen <ggaren@apple.com>
- Cannot login to iCloud
- https://bugs.webkit.org/show_bug.cgi?id=86321
+ WebKit should be lazy-finalization-safe (esp. the DOM)
+ https://bugs.webkit.org/show_bug.cgi?id=87456
Reviewed by Filip Pizlo.
- This is a bug introduced by bug#85853, we shouldn't allow assignment to
- the prototype property of functions to be cached, since we need to clear
- the cached inheritorID.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::put):
-
-2012-05-14 Michael Saboff <msaboff@apple.com>
-
- Enh: Add the Ability to Disable / Enable JavaScript GC Timer
- https://bugs.webkit.org/show_bug.cgi?id=86382
-
- Reviewed by Darin Adler.
-
- Add flag to GCActivityCallback to enable / disable activity timer.
- Add api via Heap to set the flag's value.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Windows export
- * heap/Heap.cpp:
- (JSC::Heap::setGarbageCollectionTimerEnabled):
- * heap/Heap.h:
- * runtime/GCActivityCallback.h:
- (JSC::GCActivityCallback::isEnabled):
- (JSC::GCActivityCallback::setEnabled):
- (JSC::GCActivityCallback::GCActivityCallback):
- * runtime/GCActivityCallbackCF.cpp:
- (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
-
-2012-05-14 Michael Saboff <msaboff@apple.com>
-
- Increase Debug Logging in MarkStack::validate()
- https://bugs.webkit.org/show_bug.cgi?id=86408
-
- Rubber-stamped by Filip Pizlo.
-
- Added some descriptive debug messages for the conditions and
- values when a cell validation fails.
-
- * heap/MarkStack.cpp:
- (JSC::MarkStack::validate):
-
-2012-05-14 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Add missing header file.
-
-2012-05-14 Yong Li <yoli@rim.com>
-
- DFG JIT didn't work with ARM EABI.
- https://bugs.webkit.org/show_bug.cgi?id=84449
-
- Reviewed by Filip Pizlo.
-
- Add a 32-bit dummy argument for some callOperation()
- methods to make it work for ARM EABI.
-
- * dfg/DFGCCallHelpers.h:
- (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
- (CCallHelpers):
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::callOperation):
-
-2012-05-13 Gavin Barraclough <barraclough@apple.com>
-
- Introduce PropertyName class
- https://bugs.webkit.org/show_bug.cgi?id=86241
-
- Reviewed by Darin Adler.
-
- This patch introduced a couple of small bugs.
-
- * runtime/PropertyName.h:
- (JSC::toUInt32FromCharacters):
- - Returning wrong value for "" - should not convert to 0.
- (JSC::PropertyName::PropertyName):
- - Remove the ASSERT, it was a little too aspirational.
-
-2012-05-13 Filip Pizlo <fpizlo@apple.com>
-
- DFG performs incorrect constant folding on double-to-uint32 conversion in
- Uint32Array PutByVal
- https://bugs.webkit.org/show_bug.cgi?id=86330
+ Lazy finalization adds one twist to weak pointer use:
- Reviewed by Darin Adler.
-
- static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d).
- In particular, C++ casts on typical hardware (like x86 and similar) will
- return 0x80000000 for double values that are out of range of the int32 domain
- (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call
- for wrap-around; for example the double value 4294967297 ought to become the
- int32 value 1, not 0x80000000.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-
-2012-05-11 Gavin Barraclough <barraclough@apple.com>
+ A HashMap of weak pointers may contain logically null entries.
+ (Weak pointers behave as-if null once their payloads die.)
+ Insertion must not assume that a pre-existing entry is
+ necessarily valid, and iteration must not assume that all
+ entries can be dereferenced.
- Introduce PropertyName class
- https://bugs.webkit.org/show_bug.cgi?id=86241
+ (Previously, I thought that it also added a second twist:
- Reviewed by Geoff Garen.
-
- Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
- This change paves the way to allow for properties keyed by values that are not Identifiers.
-
- This change is largely a mechanical find & replace.
- It also changes JSFunction's constructor to take a UString& instead of an Identifier&
- (since in some cases we can no longer guarantee that we'lll have an Identifier), and
- unifies Identifier's methods to obtain array indices onto PropertyName.
-
- The new PropertyName class retains the ability to support .impl() and .ustring(), but
- in a future patch we may need to rework this, since not all PropertyNames should be
- equal based on their string representation.
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::finishCreation):
- * API/JSCallbackFunction.h:
- (JSCallbackFunction):
- (JSC::JSCallbackFunction::create):
- * API/JSCallbackObject.h:
- (JSCallbackObject):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getOwnPropertySlot):
- (JSC::::getOwnPropertyDescriptor):
- (JSC::::put):
- (JSC::::deleteProperty):
- (JSC::::getStaticValue):
- (JSC::::staticFunctionGetter):
- (JSC::::callbackGetter):
- * API/JSObjectRef.cpp:
- (JSObjectMakeFunctionWithCallback):
- * JSCTypedArrayStubs.h:
- (JSC):
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::getOwnPropertySlot):
- (JSC::DebuggerActivation::put):
- (JSC::DebuggerActivation::putDirectVirtual):
- (JSC::DebuggerActivation::deleteProperty):
- (JSC::DebuggerActivation::getOwnPropertyDescriptor):
- (JSC::DebuggerActivation::defineOwnProperty):
- * debugger/DebuggerActivation.h:
- (DebuggerActivation):
- * jsc.cpp:
- (GlobalObject::addFunction):
- (GlobalObject::addConstructableFunction):
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertySlot):
- (JSC::Arguments::getOwnPropertyDescriptor):
- (JSC::Arguments::put):
- (JSC::Arguments::deleteProperty):
- (JSC::Arguments::defineOwnProperty):
- * runtime/Arguments.h:
- (Arguments):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::finishCreation):
- (JSC::ArrayConstructor::getOwnPropertySlot):
- (JSC::ArrayConstructor::getOwnPropertyDescriptor):
- * runtime/ArrayConstructor.h:
- (ArrayConstructor):
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertySlot):
- (JSC::ArrayPrototype::getOwnPropertyDescriptor):
- (JSC::putProperty):
- * runtime/ArrayPrototype.h:
- (ArrayPrototype):
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::finishCreation):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::getOwnPropertySlot):
- (JSC::BooleanPrototype::getOwnPropertyDescriptor):
- * runtime/BooleanPrototype.h:
- (BooleanPrototype):
- * runtime/ClassInfo.h:
- (MethodTable):
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::finishCreation):
- (JSC::DateConstructor::getOwnPropertySlot):
- (JSC::DateConstructor::getOwnPropertyDescriptor):
- * runtime/DateConstructor.h:
- (DateConstructor):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::getOwnPropertySlot):
- (JSC::DatePrototype::getOwnPropertyDescriptor):
- * runtime/DatePrototype.h:
- (DatePrototype):
- * runtime/Error.h:
- (JSC::StrictModeTypeErrorFunction::create):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::finishCreation):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::getOwnPropertySlot):
- (JSC::ErrorPrototype::getOwnPropertyDescriptor):
- * runtime/ErrorPrototype.h:
- (ErrorPrototype):
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::finishCreation):
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::finishCreation):
- (JSC::FunctionPrototype::addFunctionProperties):
- (JSC::functionProtoFuncBind):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::create):
- (FunctionPrototype):
- * runtime/Identifier.cpp:
- (JSC):
- * runtime/Identifier.h:
- (Identifier):
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::finishCreation):
- * runtime/InternalFunction.h:
- (InternalFunction):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::symbolTableGet):
- (JSC::JSActivation::symbolTablePut):
- (JSC::JSActivation::symbolTablePutWithAttributes):
- (JSC::JSActivation::getOwnPropertySlot):
- (JSC::JSActivation::put):
- (JSC::JSActivation::putDirectVirtual):
- (JSC::JSActivation::deleteProperty):
- (JSC::JSActivation::argumentsGetter):
- * runtime/JSActivation.h:
- (JSActivation):
- * runtime/JSArray.cpp:
- (JSC::JSArray::defineOwnProperty):
- (JSC::JSArray::getOwnPropertySlot):
- (JSC::JSArray::getOwnPropertyDescriptor):
- (JSC::JSArray::put):
- (JSC::JSArray::deleteProperty):
- * runtime/JSArray.h:
- (JSArray):
- (JSC):
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::create):
- (JSC::JSBoundFunction::finishCreation):
- * runtime/JSBoundFunction.h:
- (JSBoundFunction):
- * runtime/JSCell.cpp:
- (JSC::JSCell::getOwnPropertySlot):
- (JSC::JSCell::put):
- (JSC::JSCell::deleteProperty):
- (JSC::JSCell::putDirectVirtual):
- (JSC::JSCell::defineOwnProperty):
- (JSC::JSCell::getOwnPropertyDescriptor):
- * runtime/JSCell.h:
- (JSCell):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::create):
- (JSC::JSFunction::finishCreation):
- (JSC::JSFunction::argumentsGetter):
- (JSC::JSFunction::callerGetter):
- (JSC::JSFunction::lengthGetter):
- (JSC::JSFunction::getOwnPropertySlot):
- (JSC::JSFunction::getOwnPropertyDescriptor):
- (JSC::JSFunction::put):
- (JSC::JSFunction::deleteProperty):
- (JSC::JSFunction::defineOwnProperty):
- (JSC::getCalculatedDisplayName):
- * runtime/JSFunction.h:
- (JSFunction):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::put):
- (JSC::JSGlobalObject::putDirectVirtual):
- (JSC::JSGlobalObject::defineOwnProperty):
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::createThrowTypeError):
- (JSC::JSGlobalObject::getOwnPropertySlot):
- (JSC::JSGlobalObject::getOwnPropertyDescriptor):
- * runtime/JSGlobalObject.h:
- (JSGlobalObject):
- (JSC::JSGlobalObject::hasOwnPropertyForWrite):
- (JSC::JSGlobalObject::symbolTableHasProperty):
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::getOwnPropertySlot):
- (JSC::JSNotAnObject::getOwnPropertyDescriptor):
- (JSC::JSNotAnObject::put):
- (JSC::JSNotAnObject::deleteProperty):
- * runtime/JSNotAnObject.h:
- (JSNotAnObject):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::getOwnPropertySlot):
- (JSC::JSONObject::getOwnPropertyDescriptor):
- * runtime/JSONObject.h:
- (JSONObject):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC::JSObject::putDirectVirtual):
- (JSC::JSObject::putDirectAccessor):
- (JSC::JSObject::hasProperty):
- (JSC::JSObject::deleteProperty):
- (JSC::JSObject::hasOwnProperty):
- (JSC::callDefaultValueFunction):
- (JSC::JSObject::findPropertyHashEntry):
- (JSC::JSObject::getPropertySpecificValue):
- (JSC::JSObject::removeDirect):
- (JSC::JSObject::getOwnPropertyDescriptor):
- (JSC::JSObject::getPropertyDescriptor):
- (JSC::putDescriptor):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- (JSObject):
- (JSC::JSObject::getDirect):
- (JSC::JSObject::getDirectLocation):
- (JSC::JSObject::inlineGetOwnPropertySlot):
- (JSC::JSObject::getOwnPropertySlot):
- (JSC::JSCell::fastGetOwnPropertySlot):
- (JSC::JSObject::getPropertySlot):
- (JSC::JSObject::get):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putOwnDataProperty):
- (JSC::JSObject::putDirect):
- (JSC::JSObject::putDirectWithoutTransition):
- (JSC::JSValue::get):
- (JSC::JSValue::put):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::put):
- (JSC::JSStaticScopeObject::putDirectVirtual):
- (JSC::JSStaticScopeObject::getOwnPropertySlot):
- * runtime/JSStaticScopeObject.h:
- (JSStaticScopeObject):
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlot):
- (JSC::JSString::getStringPropertyDescriptor):
- * runtime/JSString.h:
- (JSString):
- (JSC::JSString::getStringPropertySlot):
- * runtime/JSValue.cpp:
- (JSC::JSValue::putToPrimitive):
- * runtime/JSValue.h:
- (JSC):
- (JSValue):
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::deleteProperty):
- (JSC::JSVariableObject::symbolTableGet):
- (JSC::JSVariableObject::putDirectVirtual):
- * runtime/JSVariableObject.h:
- (JSVariableObject):
- (JSC::JSVariableObject::symbolTableGet):
- (JSC::JSVariableObject::symbolTablePut):
- (JSC::JSVariableObject::symbolTablePutWithAttributes):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- * runtime/Lookup.h:
- (JSC::HashTable::entry):
- (JSC):
- (JSC::getStaticPropertySlot):
- (JSC::getStaticPropertyDescriptor):
- (JSC::getStaticFunctionSlot):
- (JSC::getStaticFunctionDescriptor):
- (JSC::getStaticValueSlot):
- (JSC::getStaticValueDescriptor):
- (JSC::lookupPut):
- * runtime/MathObject.cpp:
- (JSC::MathObject::getOwnPropertySlot):
- (JSC::MathObject::getOwnPropertyDescriptor):
- * runtime/MathObject.h:
- (MathObject):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::finishCreation):
- * runtime/NumberConstructor.cpp:
- (JSC):
- (JSC::NumberConstructor::finishCreation):
- (JSC::NumberConstructor::getOwnPropertySlot):
- (JSC::NumberConstructor::getOwnPropertyDescriptor):
- (JSC::NumberConstructor::put):
- (JSC::numberConstructorNaNValue):
- (JSC::numberConstructorNegInfinity):
- (JSC::numberConstructorPosInfinity):
- (JSC::numberConstructorMaxValue):
- (JSC::numberConstructorMinValue):
- * runtime/NumberConstructor.h:
- (NumberConstructor):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::getOwnPropertySlot):
- (JSC::NumberPrototype::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.h:
- (NumberPrototype):
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::finishCreation):
- (JSC::ObjectConstructor::getOwnPropertySlot):
- (JSC::ObjectConstructor::getOwnPropertyDescriptor):
- * runtime/ObjectConstructor.h:
- (ObjectConstructor):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::put):
- (JSC::ObjectPrototype::defineOwnProperty):
- (JSC::ObjectPrototype::getOwnPropertySlot):
- (JSC::ObjectPrototype::getOwnPropertyDescriptor):
- * runtime/ObjectPrototype.h:
- (ObjectPrototype):
- * runtime/PropertySlot.h:
- (PropertySlot):
- (JSC::PropertySlot::getValue):
- * runtime/RegExpConstructor.cpp:
- (JSC):
- (JSC::RegExpConstructor::finishCreation):
- (JSC::RegExpConstructor::getOwnPropertySlot):
- (JSC::RegExpConstructor::getOwnPropertyDescriptor):
- (JSC::regExpConstructorDollar1):
- (JSC::regExpConstructorDollar2):
- (JSC::regExpConstructorDollar3):
- (JSC::regExpConstructorDollar4):
- (JSC::regExpConstructorDollar5):
- (JSC::regExpConstructorDollar6):
- (JSC::regExpConstructorDollar7):
- (JSC::regExpConstructorDollar8):
- (JSC::regExpConstructorDollar9):
- (JSC::regExpConstructorInput):
- (JSC::regExpConstructorMultiline):
- (JSC::regExpConstructorLastMatch):
- (JSC::regExpConstructorLastParen):
- (JSC::regExpConstructorLeftContext):
- (JSC::regExpConstructorRightContext):
- (JSC::RegExpConstructor::put):
- * runtime/RegExpConstructor.h:
- (RegExpConstructor):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::getOwnPropertySlot):
- (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
- (JSC::RegExpMatchesArray::put):
- (JSC::RegExpMatchesArray::deleteProperty):
- (JSC::RegExpMatchesArray::defineOwnProperty):
- * runtime/RegExpObject.cpp:
- (JSC):
- (JSC::RegExpObject::getOwnPropertySlot):
- (JSC::RegExpObject::getOwnPropertyDescriptor):
- (JSC::RegExpObject::deleteProperty):
- (JSC::RegExpObject::defineOwnProperty):
- (JSC::regExpObjectGlobal):
- (JSC::regExpObjectIgnoreCase):
- (JSC::regExpObjectMultiline):
- (JSC::regExpObjectSource):
- (JSC::RegExpObject::put):
- * runtime/RegExpObject.h:
- (RegExpObject):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::getOwnPropertySlot):
- (JSC::RegExpPrototype::getOwnPropertyDescriptor):
- * runtime/RegExpPrototype.h:
- (RegExpPrototype):
- * runtime/StrictEvalActivation.cpp:
- (JSC::StrictEvalActivation::deleteProperty):
- * runtime/StrictEvalActivation.h:
- (StrictEvalActivation):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::finishCreation):
- (JSC::StringConstructor::getOwnPropertySlot):
- (JSC::StringConstructor::getOwnPropertyDescriptor):
- * runtime/StringConstructor.h:
- (StringConstructor):
- * runtime/StringObject.cpp:
- (JSC::StringObject::getOwnPropertySlot):
- (JSC::StringObject::getOwnPropertyDescriptor):
- (JSC::StringObject::put):
- (JSC::StringObject::defineOwnProperty):
- (JSC::StringObject::deleteProperty):
- * runtime/StringObject.h:
- (StringObject):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::getOwnPropertySlot):
- (JSC::StringPrototype::getOwnPropertyDescriptor):
- * runtime/StringPrototype.h:
- (StringPrototype):
- * runtime/Structure.cpp:
- (JSC::Structure::despecifyDictionaryFunction):
- (JSC::Structure::addPropertyTransitionToExistingStructure):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::removePropertyTransition):
- (JSC::Structure::despecifyFunctionTransition):
- (JSC::Structure::attributeChangeTransition):
- (JSC::Structure::addPropertyWithoutTransition):
- (JSC::Structure::removePropertyWithoutTransition):
- (JSC::Structure::get):
- (JSC::Structure::despecifyFunction):
- (JSC::Structure::putSpecificValue):
- (JSC::Structure::remove):
- * runtime/Structure.h:
- (Structure):
- (JSC::Structure::get):
-
-2012-05-11 Michael Saboff <msaboff@apple.com>
-
- Rolling out r116659.
-
- Causes ASSERT failures on bots.
-
- Rubber stamped by Geoff Garen.
-
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::markingThreadMain):
- (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
- (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
- (JSC::MarkStackThreadSharedData::reset):
- (JSC::MarkStack::reset):
- (JSC):
- (JSC::SlotVisitor::copyAndAppend):
- * heap/MarkStack.h:
- (MarkStackThreadSharedData):
- (MarkStack):
- * runtime/JSString.h:
- (JSString):
- (JSC::JSString::finishCreation):
- (JSC::JSString::is8Bit):
- (JSC::JSRopeString::finishCreation):
-
-2012-05-11 Oliver Hunt <oliver@apple.com>
-
- Appease thread verifier when dealing with the JSC API's shared VM
- https://bugs.webkit.org/show_bug.cgi?id=86268
-
- Reviewed by Geoffrey Garen.
-
- If we're the shared VM, just disable the verifier. This makes debug builds
- livable against non-webkit clients.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
-
-2012-05-11 Filip Pizlo <fpizlo@apple.com>
-
- JIT memory allocator is not returning memory to the OS on Darwin
- https://bugs.webkit.org/show_bug.cgi?id=86047
-
- Reviewed by Geoff Garen.
+ A demand-allocated weak pointer may replace a dead payload
+ before the payload's finalizer runs. In that case, when the
+ payload's finalizer runs, the payload has already been
+ overwritten, and the finalizer should not clear the payload,
+ which now points to something new.
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-
-2012-05-11 Geoffrey Garen <ggaren@apple.com>
-
- Clarified JSGlobalData (JavaScript VM) lifetime
- https://bugs.webkit.org/show_bug.cgi?id=85142
-
- Reviewed by Alexey Proskuryakov.
-
- (Follow-up fix.)
-
- * API/JSContextRef.cpp:
- (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef.
- (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on
- test, because apps might have been linked on older OS's.)
-
-2012-05-11 Sam Weinig <sam@webkit.org>
-
- Fix crash seen when running with libgmalloc
- <rdar://problem/11435411>
- https://bugs.webkit.org/show_bug.cgi?id=86232
-
- Reviewed by Gavin Barraclough.
-
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::markingThreadMain):
- Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its
- destructor.
-
-2012-05-10 Gavin Barraclough <barraclough@apple.com>
-
- Remove op_get_callee
-
- Rubber stamped by Geoff Garen.
-
- This is now redundant.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/Opcode.h:
- (JSC):
- (JSC::padOpcodeName):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- * jit/JITOpcodes.cpp:
- (JSC):
- * jit/JITOpcodes32_64.cpp:
- (JSC):
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
-
-2012-05-10 Gavin Barraclough <barraclough@apple.com>
-
- Cache inheritorID on JSFunction
- https://bugs.webkit.org/show_bug.cgi?id=85853
-
- Reviewed by Geoff Garen & Filip Pizlo.
-
- An object's prototype is indicated via its structure. To create an otherwise
- empty object with object A as its prototype, we require a structure with its
- prototype set to point to A. We wish to use this same structure for all empty
- objects created with a prototype of A, so we presently store this structure as
- a property of A, known as the inheritorID.
-
- When a function F is invoked as a constructor, where F has a property 'prototype'
- set to point to A, in order to create the 'this' value for the constructor to
- use the following steps are taken:
- - the 'prototype' proptery of F is read, via a regular [[Get]] access.
- - the inheritorID internal property of the prototype is read.
- - a new, empty object is constructed with its structure set to point to inheritorID.
-
- There are two drawbacks to the current approach:
- - it requires that every object has an inheritorID field.
- - it requires a [[Get]] access on every constructor call to access the 'prototype' property.
-
- Instead, switch to caching a copy of the inheritorID on the function. Constructor
- calls now only need read the internal property from the callee, saving a [[Get]].
- This also means that JSObject::m_inheritorID is no longer commonly read, and in a
- future patch we can move to storing this in a more memory efficient fashion.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/Opcode.h:
- (JSC):
- (JSC::padOpcodeName):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNodeType.h:
- (DFG):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateJSFunction):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_create_this):
- (JSC::JIT::emitSlow_op_create_this):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_create_this):
- (JSC::JIT::emitSlow_op_create_this):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::cacheInheritorID):
- (JSC):
- (JSC::JSFunction::put):
- (JSC::JSFunction::defineOwnProperty):
- * runtime/JSFunction.h:
- (JSC::JSFunction::cachedInheritorID):
- (JSFunction):
- (JSC::JSFunction::offsetOfCachedInheritorID):
-
-2012-05-10 Michael Saboff <msaboff@apple.com>
-
- Enh: Hash Const JSString in Backing Stores to Save Memory
- https://bugs.webkit.org/show_bug.cgi?id=86024
-
- Reviewed by Filip Pizlo.
-
- During garbage collection, each marking thread keeps a HashMap of
- strings. While visiting via MarkStack::copyAndAppend(), we check to
- see if the string we are visiting is already in the HashMap. If not
- we add it. If so, we change the reference to the current string we're
- visiting to the prior string.
-
- To somewhat reduce the performance impact of this change, if a string
- is unique at the end of a marking it will not be checked during further
- GC phases. In some cases this won't catch all duplicates, but we are
- trying to catch the growth of duplicate strings.
-
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::resetChildren): New method called by the
- main thread to reset the slave threads. This is primarily done to
- clear the m_uniqueStrings HashMap.
- (JSC):
- (JSC::MarkStackThreadSharedData::markingThreadMain):
- (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
- (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
- (JSC::MarkStackThreadSharedData::reset):
- (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
- (JSC::MarkStack::internalAppend): New method that performs the hash consting.
- (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash consting
- internalAppend()
- * heap/MarkStack.h:
- (MarkStackThreadSharedData):
- (MarkStack):
- (JSC::MarkStack::sharedData):
- * runtime/JSString.h:
- (JSString): Added m_isHashConstSingleton flag, accessors for the flag and
- code to initialize the flag.
- (JSC::JSString::finishCreation):
- (JSC::JSString::isHashConstSingleton):
- (JSC::JSString::clearHashConstSingleton):
- (JSC::JSString::setHashConstSingleton):
- (JSC::JSRopeString::finishCreation):
-
-2012-05-09 Filip Pizlo <fpizlo@apple.com>
-
- JIT memory allocator is not returning memory to the OS on Darwin
- https://bugs.webkit.org/show_bug.cgi?id=86047
- <rdar://problem/11414948>
-
- Reviewed by Geoff Garen.
-
- Work around the problem by using a different madvise() flag, but only for the JIT memory
- allocator. Also put in ASSERTs that the call is actually working.
-
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage):
- (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-
-2012-05-09 Filip Pizlo <fpizlo@apple.com>
-
- It should be possible to get useful debug logging from the JIT memory allocator
- https://bugs.webkit.org/show_bug.cgi?id=86042
-
- Reviewed by Geoff Garen.
-
- * jit/ExecutableAllocator.h:
-
-2012-05-09 Gavin Barraclough <barraclough@apple.com>
-
- GC race condition in OpaqueJSClass::prototype
- https://bugs.webkit.org/show_bug.cgi?id=86034
-
- Build fix.
+ But that's not the case here, since we cancel the old payload's
+ finalizer when we over-write it. I've added ASSERTs to verify this
+ assumption, in case it ever changes.)
* API/JSClassRef.cpp:
- (OpaqueJSClass::prototype):
- - Eeeep, landed bad version of patch!
-
-2012-05-09 Gavin Barraclough <barraclough@apple.com>
-
- GC race condition in OpaqueJSClass::prototype
- https://bugs.webkit.org/show_bug.cgi?id=86034
-
- Reviewed by Filip Pizlo.
-
- The bug here is basically:
- if (weakref) weakref->method()
- where a GC may occur between the if & the method call.
-
- * API/JSClassRef.cpp:
- (OpaqueJSClass::prototype):
-
-2012-05-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- CopiedSpace does not add pinned blocks back to the to-space filter
- https://bugs.webkit.org/show_bug.cgi?id=86011
-
- Reviewed by Geoffrey Garen.
-
- After a collection has finished, we go through the blocks in from-space
- and move any of them that are pinned into to-space. At the beginning of
- collection, we reset the to-space block filter that is used during
- conservative scanning and add back the blocks that are filled during the
- collection. However, we neglect to add back those blocks that are moved
- from from-space to to-space, which can cause the conservative scan to
- think that some pinned items are not actually in CopiedSpace.
-
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the
- to-space filter. Also added a comment and assert for future readers that
- indicates that it's okay that we don't also add the block to the
- to-space block set since it was never removed.
-
-
-2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Use independent version numbers for public libraries
- https://bugs.webkit.org/show_bug.cgi?id=85984
-
- Reviewed by Gustavo Noronha Silva.
-
- * GNUmakefile.am: Use LIBJAVASCRIPTCOREGTK_VERSION for library
- version.
-
-2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Do not install JavaScriptCore platform-specific headers
- https://bugs.webkit.org/show_bug.cgi?id=85983
-
- Reviewed by Gustavo Noronha Silva.
-
- JavaScriptCore.h includes JSStringRefCF.h unconditionally. It was
- renamed to JavaScript.h in r29234 and it still exists for
- compatibility with mac and windows users.
-
- * GNUmakefile.list.am: Remove JavaScriptCore.h, JSStringRefCF.h
- and JSStringRefBSTR.h from the sources and headers list.
-
-2012-05-08 Gavin Barraclough <barraclough@apple.com>
-
- ROLLING OUT r114255
-
- GC in the middle of JSObject::allocatePropertyStorage can cause badness
- https://bugs.webkit.org/show_bug.cgi?id=83839
-
- Reviewed by nobody.
-
- This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSObject.cpp:
- (JSC::JSObject::allocatePropertyStorage):
- * runtime/JSObject.h:
- (JSObject):
- (JSC::JSObject::isUsingInlineStorage):
- (JSC):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putDirectWithoutTransition):
- (JSC::JSObject::transitionTo):
- * runtime/Structure.cpp:
- (JSC):
- * runtime/Structure.h:
- (JSC::Structure::didTransition):
-
-2012-05-08 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Heap should not continually allocate new pages in steady state
- https://bugs.webkit.org/show_bug.cgi?id=85936
-
- Reviewed by Geoff Garen.
-
- Currently, in steady state (i.e. a constant amount of live GC
- memory with a constant rate of allocation) assuming we've just
- finished a collection with X live blocks in CopiedSpace, we
- increase our working set by X blocks in CopiedSpace with each
- collection we perform. This is due to the fact that we allocate
- until we run out of free blocks to use in the Heap before we
- consider whether we should run a collection.
-
- In the longer term, this issue will be mostly resolved by
- implementing quick release for the CopiedSpace. In the shorter
- term, we should change our policy to check whether we should
- allocate before trying to use a free block from the Heap. We
- can change our policy to something more appropriate once we
- have implemented quick release.
-
- This change should also have the convenient side effect of
- reducing the variance in GC-heavy tests (e.g. v8-splay) due
- to fact that we are doing less VM allocation during copying
- collection. Overall, this patch is performance neutral across
- the benchmarks we track.
-
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator
- around so that we only do it if the block request must succeed
- i.e. after we've already checked whether we should do a collection.
- * heap/MarkedAllocator.cpp:
- (JSC::MarkedAllocator::allocateSlowCase): Ditto.
- (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this
- function because by the time we've called it, we've already checked whether we
- should run a collection so there's no point in returning null.
- * heap/MarkedAllocator.h: Removing old arguments from function declaration.
- (MarkedAllocator):
-
-2012-05-08 Gavin Barraclough <barraclough@apple.com>
-
- SIGFPE on divide in classic interpreter
- https://bugs.webkit.org/show_bug.cgi?id=85917
-
- Rubber stamped by Oliver Hunt.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- - check for divisor of -1.
-
-2012-05-07 Oliver Hunt <oliver@apple.com>
-
- Rolling out r110287
-
- RS=Filip Pizlo
-
- r110287 was meant to be refactoring only, but changed behavior
- enough to break some websites, including qq.com.
-
-2012-05-07 Andy Estes <aestes@apple.com>
-
- ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-05-07 Oliver Hunt <oliver@apple.com>
-
- Fix release build.
-
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2012-05-07 Oliver Hunt <oliver@apple.com>
-
- LLInt doesn't check for Ropes when performing a character switch
- https://bugs.webkit.org/show_bug.cgi?id=85837
-
- Reviewed by Filip Pizlo.
-
- Make LLint check if the scrutinee of a char switch is a rope, and if
- so fall back to a slow case.
-
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (LLInt):
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
-
-2012-05-07 Eric Seidel <eric@webkit.org>
-
- Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed
- https://bugs.webkit.org/show_bug.cgi?id=85822
-
- Reviewed by Adam Barth.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-05-05 Gavin Barraclough <barraclough@apple.com>
+ (OpaqueJSClass::prototype): No need to specify null; that's the default.
- Remove TrustedImm32::m_isPointer
- https://bugs.webkit.org/show_bug.cgi?id=85726
-
- Rubber stamped by Sam Weinig.
-
- We used to rely on being able to generate code with known, fixed offsets – to do so we
- would inhibit more optimal code generation for pointers. This is no longer necessary.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
- (TrustedImm32):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::store32):
- (JSC::MacroAssemblerARM::move):
- (JSC::MacroAssemblerARM::branch32):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::move):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::add32):
- (JSC::MacroAssemblerMIPS::and32):
- (JSC::MacroAssemblerMIPS::mul32):
- (JSC::MacroAssemblerMIPS::or32):
- (JSC::MacroAssemblerMIPS::sub32):
- (JSC::MacroAssemblerMIPS::store32):
- (JSC::MacroAssemblerMIPS::move):
-
-2012-05-04 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not Flush GetLocal's
- https://bugs.webkit.org/show_bug.cgi?id=85663
- <rdar://problem/11373600>
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::flushArgument):
- (JSC::DFG::ByteCodeParser::handleCall):
-
-2012-05-04 Allan Sandfeld Jensen <allan.jensen@nokia.com>
-
- Doesn't build with ENABLE_JIT=0
- https://bugs.webkit.org/show_bug.cgi?id=85042
-
- Reviewed by Gavin Barraclough.
-
- * bytecode/Operands.h:
-
-2012-05-03 Oliver Hunt <oliver@apple.com>
-
- Regression(r114702): Clobbering the caller frame register before we've stored it.
- https://bugs.webkit.org/show_bug.cgi?id=85564
-
- Reviewed by Filip Pizlo.
-
- Don't use t0 as a temporary, when we're about to use the value in t0.
-
- * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Removing remainder of accidental printfs.
-
- * heap/Heap.cpp:
- (JSC::Heap::collect):
-
-2012-05-03 Andy Estes <aestes@apple.com>
-
- If you add printf()s to your garbage collector, the layout tests are gonna have a bad time.
-
- * runtime/GCActivityCallbackCF.cpp:
- (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
-
-2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection
- https://bugs.webkit.org/show_bug.cgi?id=85543
-
- Reviewed by Filip Pizlo.
-
- Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its
- allocation limit for the current cycle, thus hastening an allocation-triggered collection.
- In reality, it should just affect the opportunistic GC timer. We should track the bytes
- we think have been abandoned and the bytes that have been allocated separately.
-
- * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much
- we think we've abandoned.
- (JSC::Heap::Heap):
- (JSC::Heap::reportAbandonedObjectGraph):
- (JSC):
- (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call
- rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather
- than bytes allocated. Also notifies the timer, summing the two values together.
- (JSC::Heap::collect):
- (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting
- to GCActivityCallback.
- * heap/Heap.h:
- (Heap):
-
-2012-05-02 Eric Seidel <eric@webkit.org>
-
- Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate)
- https://bugs.webkit.org/show_bug.cgi?id=85433
-
- Reviewed by Adam Barth.
-
- I have a script which can autogenerate these xcconfig files as well as the
- vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists
- from a central feature list file.
- In preparation for posting such a tool, I'm re-sorting these xcconfig files to be
- alphabetically ordered (currently they're close, but not quite).
- There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which
- I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-05-02 Hojong Han <hojong.han@samsung.com>
-
- ARM_TRADITIONAL build fix
- https://bugs.webkit.org/show_bug.cgi?id=85358
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::lshift32):
- (MacroAssemblerARM):
- (JSC::MacroAssemblerARM::or32):
- (JSC::MacroAssemblerARM::urshift32):
- (JSC::MacroAssemblerARM::xor32):
- (JSC::MacroAssemblerARM::branchSub32):
-
-2012-05-02 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Opportunistic GC should give up if the Heap is paged out
- https://bugs.webkit.org/show_bug.cgi?id=85411
-
- Reviewed by Filip Pizlo.
-
- Opportunistic GC is punishing us severely in limited memory situations because its
- assumptions about how much time a collection will take are way out of whack when the Heap
- has been paged out by the OS. We should add a simple detection function to the Heap that
- detects if its is paged out. It will do this by iterating each block of both the MarkedSpace
- and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms),
- the function returns true. This function will only be run prior to an opportunistic
- collection (i.e. it will not run during our normal allocation-triggered collections).
-
- In my tests, steady state was drastically improved in high memory pressure situations (i.e.
- the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC
- would be triggered due to pages doing things in the background, which would cause a
- significant pause. As we close pages we now cause normal collections rather than full
- collections, which prevents us from collecting all of the dead memory immediately. One
- nice way to deal with this issue might be to do incremental sweeping.
-
-
- * heap/CopiedSpace.cpp:
- (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over
- to-space, from-space, and the oversize blocks.
- (JSC):
- (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out
- by iterating all of the blocks.
- * heap/CopiedSpace.h:
- (CopiedSpace):
- * heap/Heap.cpp:
- (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the
- MarkedSpace and CopiedSpace if they are paged out.
- (JSC):
- * heap/Heap.h:
- (Heap):
- (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off
- each time it determines that the Heap is paged out.
- * heap/MarkedAllocator.cpp:
- (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's
- list of blocks are paged out.
- (JSC):
- * heap/MarkedAllocator.h:
- (MarkedAllocator):
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out.
- * heap/MarkedSpace.h:
- (MarkedSpace):
- * runtime/GCActivityCallback.cpp:
- (JSC::DefaultGCActivityCallback::cancel):
- (JSC):
- * runtime/GCActivityCallback.h:
- (JSC::GCActivityCallback::cancel):
- (DefaultGCActivityCallback):
- * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining
- whether the Heap is paged out or not.
- (JSC):
- (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we
- should attempt a collection based on whether or not we can iterate the blocks of the Heap in
- 100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to
- do a collection. This gives us a nice linear backoff so we're not constantly re-trying in
- steady state paged-out-ness.
- (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing
- exactly the same thing as willCollect, is more obvious as to what it's doing when we call it
- in timerDidFire.
-
-2012-05-02 Yong Li <yoli@rim.com>
-
- Fix GCC X86 build error
- https://bugs.webkit.org/show_bug.cgi?id=85379
-
- Reviewed by Rob Buis.
-
- Always explicitly claim ".text" to make sure
- functions defined with inline assembly will be
- created in the correct section.
-
- * dfg/DFGOperations.cpp:
- (JSC):
-
-2012-05-02 Oliver Hunt <oliver@apple.com>
-
- Unreviewed, rolling out r115388.
- http://trac.webkit.org/changeset/115388
- https://bugs.webkit.org/show_bug.cgi?id=85011
-
- This caused many weird performance problems, and needs to be
- landed in pieces.
-
- * dfg/DFGOperations.cpp:
- * heap/Heap.cpp:
- (JSC::Heap::getConservativeRegisterRoots):
- (JSC::Heap::markRoots):
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::dumpCaller):
- (JSC):
- * interpreter/CallFrame.h:
- (JSC::ExecState::init):
- (ExecState):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct):
- (JSC::Interpreter::prepareForRepeatCall):
- (JSC::Interpreter::privateExecute):
- * interpreter/Interpreter.h:
- (JSC::Interpreter::execute):
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::growSlowCase):
- (JSC::RegisterFile::gatherConservativeRoots):
- * interpreter/RegisterFile.h:
- (JSC::RegisterFile::end):
- (JSC::RegisterFile::size):
- (JSC::RegisterFile::addressOfEnd):
- (RegisterFile):
- (JSC::RegisterFile::RegisterFile):
- (JSC::RegisterFile::shrink):
- (JSC::RegisterFile::grow):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::jitCompileFor):
- (JSC::lazyLinkFor):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (JSC::LLInt::handleHostCall):
- * llint/LowLevelInterpreter.asm:
- * runtime/CommonSlowPaths.h:
- (JSC::CommonSlowPaths::arityCheckFor):
-
-2012-05-01 Oliver Hunt <oliver@apple.com>
-
- Physijs demo crashes due to DFG not updating topCallFrame correctly.
- https://bugs.webkit.org/show_bug.cgi?id=85311
-
- Reviewed by Filip Pizlo.
-
- A few of the dfg operations failed to correctly set the topCallFrame,
- and so everything goes wrong. This patch corrects the effected operations,
- and makes debug builds poison topCallFrame before calling a dfg operation.
-
- * dfg/DFGOperations.cpp:
- (JSC::DFG::putByVal):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callOperation):
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
- (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
- (JSC::DFG::SpeculativeJIT::appendCallSetResult):
-
-2012-04-30 Gavin Barraclough <barraclough@apple.com>
-
- Should be able to use YARR JIT without the JS language JIT
- https://bugs.webkit.org/show_bug.cgi?id=85252
-
- Reviewed by Geoff Garen.
-
- Need to split canUseRegExpJIT out of canUseJIT.
-
- * runtime/JSGlobalData.cpp:
- (JSC):
- (JSC::useJIT):
- (JSC::JSGlobalData::JSGlobalData):
- - replace m_canUseJIT with m_canUseAssembler
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- (JSC::JSGlobalData::canUseRegExpJIT):
- - Added canUseRegExpJIT, distinct from canUseJIT.
- * runtime/RegExp.cpp:
- (JSC::RegExp::compile):
- (JSC::RegExp::compileMatchOnly):
- - Call canUseRegExpJIT instead of canUseJIT.
-
-2012-04-30 Gavin Barraclough <barraclough@apple.com>
-
- Should be able to build YARR JIT without the JS language JIT
- https://bugs.webkit.org/show_bug.cgi?id=85242
-
- Reviewed by Michael Saboff.
-
- Some build macros are wrong.
-
- * assembler/RepatchBuffer.h:
- * jit/ExecutableAllocator.h:
- (JSC):
- * jit/JITExceptions.cpp:
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
-
-2012-04-26 Gavin Barraclough <barraclough@apple.com>
-
- Arguments object resets attributes on redefinition of a parameter
- https://bugs.webkit.org/show_bug.cgi?id=84994
-
- Rubber stamped by Oliver Hunt.
-
- There is a bug that we always re-add the original property before
- redefinition, doing so in a way that will reset the attributes
- without checking configurability.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::defineOwnProperty):
- - Only instantiate the property once - do not re-add if
- it has already been added, or if it has been deleted.
-
-2012-04-30 Ryosuke Niwa <rniwa@webkit.org>
-
- Remove an erroneous assertion after r115655.
-
- * runtime/NumberPrototype.cpp:
- (JSC::toUStringWithRadix):
-
-2012-04-30 Myles Maxfield <mmaxfield@google.com>
-
- End of Interpreter::tryCacheGetByID can trigger the garbage collector
- https://bugs.webkit.org/show_bug.cgi?id=84927
-
- Reviewed by Oliver Hunt.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::tryCacheGetByID):
-
-2012-04-30 Benjamin Poulain <benjamin@webkit.org>
-
- jsSingleCharacterString and jsSingleCharacterSubstring are not inlined
- https://bugs.webkit.org/show_bug.cgi?id=85147
-
- Reviewed by Darin Adler.
-
- The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined
- by the compiler. This annihilate the gains of using SmallStrings.
-
- On stringProtoFuncCharAt(), this patch improves the performance by 11%.
-
- * runtime/JSString.h:
- (JSC::jsSingleCharacterString):
- (JSC::jsSingleCharacterSubstring):
-
-2012-04-30 Benjamin Poulain <bpoulain@apple.com>
-
- Add fast patch for radix == 10 on numberProtoFuncToString
- https://bugs.webkit.org/show_bug.cgi?id=85120
-
- Reviewed by Darin Adler.
-
- When radix, we use to turn the doubleValue into a JSValue just to convert
- it to a String. The problem is that was using the slow path for conversion and
- for the toString() operation.
-
- This patch shortcuts the creation of a JSValue and uses NumericStrings directly.
- The conversion is split between Integer and Double to ensure the fastest conversion
- for the common case of integer arguments.
-
- Converting number with radix 10 becomes 5% faster.
-
- Due to the simpler conversion of number to string for integer, converting
- integers that do not fall in the two previous optimizations get 32% faster.
-
- * runtime/NumberPrototype.cpp:
- (JSC::extractRadixFromArgs):
- (JSC::integerValueToString):
- (JSC::numberProtoFuncToString):
-
-2012-04-30 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Add missing header.
-
-2012-04-28 Geoffrey Garen <ggaren@apple.com>
-
- Factored threaded block allocation into a separate object
- https://bugs.webkit.org/show_bug.cgi?id=85148
-
- Reviewed by Sam Weinig.
-
- 99% of this patch just moves duplicated block allocation and
- deallocation code into a new object named BlockAllocator, with these
- exceptions:
-
- * heap/BlockAllocator.h: Added.
- (BlockAllocator::BlockAllocator): The order of declarations here now
- guards us against an unlikely race condition during startup.
-
- * heap/BlockAllocator.cpp:
- JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to
- highlight a lack of clarity we have in our block deallocation routines.
-
-2012-04-28 Sam Weinig <sam@webkit.org>
-
- Try to fix the Qt build.
-
- * heap/Heap.cpp:
- (JSC::Heap::lastChanceToFinalize):
-
-2012-04-28 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-28 Geoffrey Garen <ggaren@apple.com>
-
- Clarified JSGlobalData (JavaScript VM) lifetime
- https://bugs.webkit.org/show_bug.cgi?id=85142
-
- Reviewed by Anders Carlsson.
-
- This was so confusing that I didn't feel like I could reason about
- memory lifetime in the heap without fixing it.
-
- The rules are:
-
- (1) JSGlobalData owns the virtual machine and all memory in it.
-
- (2) Deleting a JSGlobalData frees the virtual machine and all memory
- in it.
-
- (Caveat emptor: if you delete the virtual machine while you're running
- JIT code or accessing GC objects, you're gonna have a bad time.)
-
- (I opted not to make arbitrary sub-objects keep the virtual machine
- alive automatically because:
-
- (a) doing that right would be complex and slow;
-
- (b) in the case of an exiting thread or process, there's no
- clear way to give the garbage collector a chance to try again
- later;
-
- (c) continuing to run the garbage collector after we've been
- asked to shut down the virtual machine seems rude;
-
- (d) we've never really supported that feature, anyway.)
-
- (3) Normal ref-counting will do. No need to call a battery of
- specialty functions to tear down a JSGlobalData. Its foibles
- notwithstanding, C++ does in fact know how to execute destructors in
- order.
-
- * API/JSContextRef.cpp:
- (JSGlobalContextCreate): Removed compatibility shim for older
- operating systems because it's no longer used.
-
- (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do
- the right thing", this code is much simpler. We still have one special
- case to notify the garbage collector if we're removing the last
- reference to the global object, since this can improve memory behavior.
-
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::freeAllBlocks):
- * heap/CopiedSpace.h:
- (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true
- destruction-time behaviors should be limited to our C++ destructor.
-
- * heap/Heap.cpp:
- (JSC::Heap::~Heap):
- (JSC):
- (JSC::Heap::lastChanceToFinalize):
- * heap/Heap.h:
- (Heap):
- (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because
- true destruction-time behaviors should be limited to our C++
- destructor.
-
- Reorganized the code, putting code that must run before any objects
- get torn down into lastChanceToFinalize, and code that just tears down
- objects into our destructor.
-
- * heap/Local.h:
- (JSC::LocalStack::LocalStack):
- (JSC::LocalStack::push):
- (LocalStack): See rule (2).
-
- * jsc.cpp:
- (functionQuit):
- (main):
- (printUsageStatement):
- (parseArguments):
- (jscmain):
- * testRegExp.cpp:
- (main):
- (printUsageStatement):
- (parseArguments):
- (realMain): See rule (3).
-
- I removed the feature of ensuring orderly tear-down when calling quit()
- or running in --help mode because it didn't seem very useful and
- making it work with Windows structured exception handling and
- NO_RETURN didn't seem like a fun way to spend a Saturday.
-
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data
- member in JSGlobalData to ensure that it's destructed last, so other
- objects that reference it destruct without crashing. This allowed me
- to remove clearBuiltinStructures() altogether, and helped guarantee
- rule (3).
-
- (JSC::JSGlobalData::~JSGlobalData): Explicitly call
- lastChanceToFinalize() at the head of our destructor to ensure that
- all pending finalizers run while the virtual machine is still in a
- valid state. Trying to resurrect (re-ref) the virtual machine at this
- point is not valid, but all other operations are.
-
- Changed a null to a 0xbbadbeef to clarify just how bad this beef is.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::init):
- * runtime/JSGlobalObject.h:
- (JSGlobalObject):
- (JSC::JSGlobalObject::globalData): See rule (3).
-
-2012-04-27 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the Windows build.
-
- * heap/WeakBlock.h:
- (WeakBlock):
-
-2012-04-27 Geoffrey Garen <ggaren@apple.com>
-
- Made WeakSet::allocate() static and removed its JSGlobalData argument
- https://bugs.webkit.org/show_bug.cgi?id=85128
-
- Reviewed by Anders Carlsson.
-
- This is a step toward faster finalization.
-
- WeakSet::allocate() now deduces which WeakSet to allocate from based on
- its JSCell* argument. (Currently, there's only one WeakSet, but soon
- there will be many.)
-
- This was a global replace of "globalData.heap.weakSet()->allocate" with
- "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument.
-
- * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h.
-
- I had to split out WeakSet::allocate() in to a separate header to avoid
- a cycle.
-
- (JSC::WeakSet::allocate): We can mask the pointer we're passed to
- figure out where to allocate our WeakImpl. (Soon, we'll use this to
- associate the WeakImpl with the GC block it references.)
-
-2012-04-27 Geoffrey Garen <ggaren@apple.com>
-
- Stop using aligned allocation for WeakBlock
- https://bugs.webkit.org/show_bug.cgi?id=85124
-
- Reviewed by Anders Carlsson.
-
- We don't actually use the alignment for anything.
-
- * heap/WeakBlock.cpp:
- (JSC::WeakBlock::create):
- (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular
- allocation.
-
- * heap/WeakBlock.h:
- (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned
- allocation. This change required me to add some declarations that we used
- to inherit from HeapBlock.
-
- (WeakBlock::blockFor): Removed. This function relied on aligned allocation
- but didn't do anything for us.
-
- (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation
- logic, so it shouldn't own the function.
-
- * heap/WeakSet.cpp:
- (JSC::WeakSet::~WeakSet):
- (JSC::WeakSet::finalizeAll):
- (JSC::WeakSet::visitLiveWeakImpls):
- (JSC::WeakSet::visitDeadWeakImpls):
- (JSC::WeakSet::sweep):
- (JSC::WeakSet::shrink):
- (JSC::WeakSet::resetAllocator):
- (JSC::WeakSet::tryFindAllocator):
- * heap/WeakSet.h:
- (WeakSet): Updated declarations to reflect WeakBlock not inheriting from
- HeapBlock. This allowed me to remove some casts, which was nice.
-
- (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of
- asking WeakBlock to do it for us. We don't need to have a WeakBlock
- pointer to set the flag, so stop asking for one.
-
-2012-04-27 Kentaro Hara <haraken@chromium.org>
-
- [JSC] Implement a helper method createNotEnoughArgumentsError()
- https://bugs.webkit.org/show_bug.cgi?id=85102
-
- Reviewed by Geoffrey Garen.
-
- In bug 84787, kbr@ requested to avoid hard-coding
- createTypeError(exec, "Not enough arguments") here and there.
- This patch implements createNotEnoughArgumentsError(exec)
- and uses it in JSC bindings.
-
- c.f. a corresponding bug for V8 bindings is bug 85097.
-
- * runtime/Error.cpp:
- (JSC::createNotEnoughArgumentsError):
- (JSC):
- * runtime/Error.h:
- (JSC):
-
-2012-04-27 Geoffrey Garen <ggaren@apple.com>
-
- Only allow non-null pointers in the WeakSet
- https://bugs.webkit.org/show_bug.cgi?id=85119
-
- Reviewed by Darin Adler.
-
- This is a step toward more efficient finalization.
-
- No clients put non-pointers (JSValues) into Weak<T> and PassWeak<T>.
-
- Some clients put null pointers into Weak<T> and PassWeak<T>, but this is
- more efficient and straight-forward to model with a null in the Weak<T>
- or PassWeak<T> instead of allocating a WeakImpl just to hold null.
+ * API/JSWeakObjectMapRefPrivate.cpp: Use remove, since take() is gone.
* heap/PassWeak.h:
- (JSC): Removed the Unknown (JSValue) type of weak pointer because it's
- unused now.
-
- (PassWeak): Don't provide a default initializer for our JSCell* argument.
- This feature was only used in one place, and it was a bug.
-
- (JSC::::get): Don't check for a null stored inside our WeakImpl: that's
- not allowed anymore.
-
- (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of
- allocating a WeakImpl and storing null into it.
+ (WeakImplAccessor::was): This is no longer a debug-only function, since
+ it's required to reason about lazily finalized pointers.
* heap/Weak.h:
- (Weak):
- (JSC::::Weak): Same changes as in PassWeak<T>.
-
- * heap/WeakBlock.cpp:
- (JSC::WeakBlock::visitLiveWeakImpls):
- (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in
- the WeakSet now, so no need to check for non-cells and null cell pointers.
-
- * heap/WeakImpl.h:
- (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet
- now, so ASSERT that.
-
-2012-04-27 Gavin Barraclough <barraclough@apple.com>
-
- <rdar://problem/7909395> Math in JavaScript is inaccurate on iOS
-
- By defalut IEEE754 denormal support is disabled on iOS;
- turn it on.
-
- Reviewed by Filip Pizlo.
-
- * jsc.cpp:
- (main):
- - clear the appropriate bit in the fpscr.
-
-2012-04-27 Michael Saboff <msaboff@apple.com>
-
- Memory wasted in JSString for non-rope strings
- https://bugs.webkit.org/show_bug.cgi?id=84907
-
- Reviewed by Geoffrey Garen.
-
- Split JSString into two classes, JSString as a base class that does not
- include the fibers of a Rope, and a subclass JSRopeString that has the
- rope functionality. Both classes "share" the same ClassInfo. Added
- a bool to JSString to indicate that the string was allocated as a JSRopeString
- to properly handle visiting the fiber children when the rope is resolved and
- the JSRopeString appears as a JSString. Didn't change the interface of JSString
- to require any JIT changes.
-
- As part of this change, removed "cellSize" from ClassInfo since both classes
- share the same ClassInfo, but have different sizes. The only use I could find
- for cellSize was an ASSERT in allocateCell().
-
- This appears to be neutral on performance tests.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope
- to JSRopeString::resolveRope
- * runtime/ClassInfo.h:
- (JSC):
- (ClassInfo):
- * runtime/JSCell.h:
- (JSC::allocateCell):
- * runtime/JSString.cpp:
- (JSC::JSRopeString::RopeBuilder::expand):
- (JSC::JSString::visitChildren):
- (JSC):
- (JSC::JSRopeString::visitFibers):
- (JSC::JSRopeString::resolveRope):
- (JSC::JSRopeString::resolveRopeSlowCase8):
- (JSC::JSRopeString::resolveRopeSlowCase):
- (JSC::JSRopeString::outOfMemory):
- (JSC::JSRopeString::getIndexSlowCase):
- * runtime/JSString.h:
- (JSC):
- (JSString):
- (JSC::JSString::finishCreation):
- (JSC::JSString::create):
- (JSC::JSString::isRope):
- (JSC::JSString::is8Bit):
- (JSRopeString):
- (RopeBuilder):
- (JSC::JSRopeString::RopeBuilder::RopeBuilder):
- (JSC::JSRopeString::RopeBuilder::append):
- (JSC::JSRopeString::RopeBuilder::release):
- (JSC::JSRopeString::RopeBuilder::length):
- (JSC::JSRopeString::JSRopeString):
- (JSC::JSRopeString::finishCreation):
- (JSC::JSRopeString::createNull):
- (JSC::JSRopeString::create):
- (JSC::JSString::value):
- (JSC::JSString::tryGetValue):
- (JSC::JSString::getIndex):
- (JSC::jsStringBuilder):
- * runtime/Operations.h:
- (JSC::jsString):
- (JSC::jsStringFromArguments):
-
-2012-04-27 Oliver Hunt <oliver@apple.com>
-
- Correct assertion.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
-
-2012-04-27 Oliver Hunt <oliver@apple.com>
-
- Lazy link phase of baseline jit fails to propagate exception
- https://bugs.webkit.org/show_bug.cgi?id=85092
-
- Reviewed by Filip Pizlo.
-
- Very simple patch, when linking produces an error we need to actually store
- the exception prior to throwing it. I can't find any other examples of this,
- but as we're already in the slow path when throwing an exception I've hardened
- exception throwing against null exceptions.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
- * jit/JITStubs.cpp:
- (JSC::lazyLinkFor):
-
-2012-04-27 Benjamin Poulain <benjamin@webkit.org>
-
- Generalize the single character optimization of numberProtoFuncToString
- https://bugs.webkit.org/show_bug.cgi?id=85027
-
- Reviewed by Geoffrey Garen.
-
- The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString()
- when the radix is 36.
-
- This patch generalize the optimization for any radix. Any positive number smaller than its radix
- can be represented by a single character of radixDigits.
-
- This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion.
-
- * runtime/NumberPrototype.cpp:
- (JSC::numberProtoFuncToString):
-
-2012-04-27 Gavin Peters <gavinp@chromium.org>
-
- Add new ENABLE_LINK_PRERENDER define to control the Prerendering API
- https://bugs.webkit.org/show_bug.cgi?id=84871
-
- Reviewed by Adam Barth.
-
- Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
- API separates it from prefetching. Having separate include guards lets ports enable prefetching,
- a relatively easy change, without needing to build the infrastructure for prerendering, which
- is considerably more complicated.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-04-26 Oliver Hunt <oliver@apple.com>
-
- Allocating WeakImpl should not trigger GC, as that makes the world very tricksy.
- https://bugs.webkit.org/show_bug.cgi?id=85020
-
- Reviewed by Gavin Barraclough.
-
- Now in the event that we are unable to find an allocator for a new handle, just
- add a new allocator rather than trying to recover "dead" handles through a GC.
-
- Find allocator is now much simpler, and addAllocator directly reports the
- increased memory usage to the heap without causing any GC to happen immediately.
-
- * heap/WeakSet.cpp:
- (JSC::WeakSet::findAllocator):
- (JSC::WeakSet::addAllocator):
-
-2012-04-26 Oliver Hunt <oliver@apple.com>
-
- Remove RegisterFile::end()/m_end
- https://bugs.webkit.org/show_bug.cgi?id=85011
-
- Reviewed by Gavin Barraclough.
-
- Get rid of end() and m_end from RegisterFile. From now on
- we only care about the end of the committed region when calling
- code. When re-entering the VM we now plant the new CallFrame
- immediately after whatever the current topCallFrame is. This
- required adding a routine to CallFrame to determine exactly what
- we should be doing (in the absence of an existing CallFrame, we
- can't reason about the frameExtent() so we check for that).
-
- This also now means that the GC only marks the portion of the
- RegisterFile that is actually in use, and that VM re-entry doesn't
- exhaust the RegisterFile as rapidly.
-
- * dfg/DFGOperations.cpp:
- * heap/Heap.cpp:
- (JSC::Heap::getConservativeRegisterRoots):
- (JSC::Heap::markRoots):
- * interpreter/CallFrame.h:
- (JSC::ExecState::init):
- (JSC::ExecState::startOfReusableRegisterFile):
- (ExecState):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct):
- (JSC::Interpreter::prepareForRepeatCall):
- (JSC::Interpreter::privateExecute):
- * interpreter/Interpreter.h:
- (JSC::Interpreter::execute):
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::growSlowCase):
- (JSC::RegisterFile::gatherConservativeRoots):
- * interpreter/RegisterFile.h:
- (JSC::RegisterFile::commitEnd):
- (JSC::RegisterFile::addressOfEnd):
- (RegisterFile):
- (JSC::RegisterFile::RegisterFile):
- (JSC::RegisterFile::shrink):
- (JSC::RegisterFile::grow):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::jitCompileFor):
- (JSC::lazyLinkFor):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (JSC::LLInt::handleHostCall):
- * llint/LowLevelInterpreter.asm:
- * runtime/CommonSlowPaths.h:
- (JSC::CommonSlowPaths::arityCheckFor):
-
-2012-04-26 Filip Pizlo <fpizlo@apple.com>
-
- DFG ARMv7 backend should optimize Float32 arrays
- https://bugs.webkit.org/show_bug.cgi?id=85000
- <rdar://problem/10652827>
-
- Reviewed by Gavin Barraclough.
-
- * assembler/ARMv7Assembler.h:
- (ARMv7Assembler):
- (JSC::ARMv7Assembler::flds):
- (JSC::ARMv7Assembler::fsts):
- (JSC::ARMv7Assembler::vcvtds):
- (JSC::ARMv7Assembler::vcvtsd):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::loadFloat):
- (MacroAssemblerARMv7):
- (JSC::MacroAssemblerARMv7::storeFloat):
- (JSC::MacroAssemblerARMv7::convertFloatToDouble):
- (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
- * bytecode/PredictedType.h:
- (JSC::isActionableFloatMutableArrayPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateFloat32Array):
-
-2012-04-25 Benjamin Poulain <benjamin@webkit.org>
-
- Add a version of StringImpl::find() without offset
- https://bugs.webkit.org/show_bug.cgi?id=83968
-
- Reviewed by Sam Weinig.
+ (JSC::weakAdd):
+ (JSC::weakRemove):
+ (JSC::weakClear): Added these helper functions for the common idioms of
+ what clients want to do in their weak pointer finalizers.
- Add support for the new StringImpl::find() to UString.
-
- Change stringProtoFuncIndexOf() to specifically take advatage of the feature.
- This gives a 12% gains on a distribution of strings between 30 and 100 characters.
-
- * runtime/StringPrototype.cpp:
- (JSC::substituteBackreferences):
- (JSC::stringProtoFuncIndexOf):
- * runtime/UString.h:
- (UString):
- (JSC::UString::find):
-
-2012-04-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- WebCore shouldn't call collectAllGarbage directly
- https://bugs.webkit.org/show_bug.cgi?id=84897
-
- Reviewed by Geoffrey Garen.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol
- for reportAbanondedObjectGraph so WebCore can use it.
- * heap/Heap.h: Ditto.
-
-2012-04-25 Oliver Hunt <oliver@apple.com>
-
- Biolab disaster crashes on ToT
- https://bugs.webkit.org/show_bug.cgi?id=84898
-
- Reviewed by Filip Pizlo.
-
- Whoops, committed without saving reviewer requested change.
-
- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
- (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-04-25 Oliver Hunt <oliver@apple.com>
-
- Biolab disaster crashes on ToT
- https://bugs.webkit.org/show_bug.cgi?id=84898
-
- Reviewed by Filip Pizlo.
-
- I recently added an assertion to the Interpreter to catch incorrect
- updates of topCallFrame. This caused a bunch of sites (including biolab
- disaster) to crash as we were not correctly handling callee registers
- of inlined functions, leading to a mismatch.
-
- I could not actually make this trigger directly, although it does trigger
- already on some of the GTK and QT bots.
-
- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
- (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-04-25 Kenneth Russell <kbr@google.com>
-
- Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced
- https://bugs.webkit.org/show_bug.cgi?id=83655
-
- Reviewed by Oliver Hunt.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.order:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- (JSC::predictionToAbbreviatedString):
- (JSC::predictionFromClassInfo):
- * bytecode/PredictedType.h:
- (JSC):
- (JSC::isActionableIntMutableArrayPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::initialize):
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::performNodeCSE):
- * dfg/DFGFixupPhase.cpp:
- (JSC::DFG::FixupPhase::fixupNode):
- * dfg/DFGNode.h:
- * dfg/DFGNodeType.h:
- (DFG):
- * dfg/DFGOperations.cpp:
- (JSC::DFG::putByVal):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueSource::forPrediction):
- (SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::getByVal):
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- * runtime/JSByteArray.cpp: Removed.
- * runtime/JSByteArray.h: Removed.
- * runtime/JSGlobalData.cpp:
-
-2012-04-25 Filip Pizlo <fpizlo@apple.com>
-
- http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=84815
- <rdar://problem/11319514>
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-
-2012-04-25 Michael Saboff <msaboff@apple.com>
-
- Closure in try {} with catch captures all locals from the enclosing function
- https://bugs.webkit.org/show_bug.cgi?id=84804
-
- Reviewed by Oliver Hunt.
-
- Changed the capturing of local variables from capturing when eval is used,
- within a "with" or within a "catch" to be just when an eval is used.
- Renamed the function returning that we should capture from
- getCapturedVariables() to usesEval(), since that what it noew returns.
- Needed to fix the "with" code to only range check when the activation
- has actually been torn off. Added m_isTornOff to JSActivation to
- track this.
-
- * parser/Parser.h:
- (JSC::Scope::usesEval):
- (JSC::Scope::getCapturedVariables):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- (JSC::JSActivation::symbolTableGet):
- (JSC::JSActivation::symbolTablePut):
- * runtime/JSActivation.h:
- (JSActivation):
- (JSC::JSActivation::tearOff):
-
-2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com>
-
- GC Activity Callback timer should be based on how much has been allocated since the last collection
- https://bugs.webkit.org/show_bug.cgi?id=84763
-
- Reviewed by Geoffrey Garen.
-
- The desired behavior for the GC timer is to collect at some point in the future,
- regardless of how little we've allocated. A secondary goal, which is almost if not
- as important, is for the timer to collect sooner if there is the potential to
- collect a greater amount of memory. Conversely, as we allocate more memory we'd
- like to reduce the delay to the next collection. If we're allocating quickly enough,
- the timer should be preempted in favor of a normal allocation-triggered collection.
- If allocation were to slow or stop, we'd like the timer to be able to opportunistically
- run a collection without us having to allocate to the hard limit set by the Heap.
-
- This type of policy can be described in terms of the amount of CPU we are willing
- to dedicate to reclaim a single MB of memory. For example, we might be willing to
- dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of
- the last collection, e.g. if our last collection took 1ms, we would want to wait about
- 100ms before running another collection to reclaim 1 MB. These constants should be
- tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB.
-
- * API/JSBase.cpp: Use the new reportAbandonedObjectGraph.
- (JSGarbageCollect):
- * API/JSContextRef.cpp: Ditto.
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call
- this function to notify the Heap that some unknown number of JSC objects might have just
- been abandoned and are now garbage. The Heap might schedule a new collection timer based
- on this notification.
- (JSC):
- (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect.
- * heap/Heap.h:
- (Heap):
- * heap/MarkedAllocator.h:
- (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the
- current allocator's FreeList once zapping was complete.
- * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by
- Heap::reportAbandonedObjectGraph.
- (JSC):
- * runtime/GCActivityCallback.h:
- (JSC::GCActivityCallback::willCollect):
- (DefaultGCActivityCallback):
- * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the
- timer based on how much we have allocated since the last collection up to a certain amount.
- We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered
- collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB.
- (DefaultGCActivityCallbackPlatformData):
- (JSC):
- (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
- (JSC::DefaultGCActivityCallback::commonConstructor):
- (JSC::scheduleTimer):
- (JSC::cancelTimer):
- (JSC::DefaultGCActivityCallback::didAllocate):
-
-2012-04-24 Michael Saboff <msaboff@apple.com>
-
- objectProtoFuncToString creates new string every invocation
- https://bugs.webkit.org/show_bug.cgi?id=84781
-
- Reviewed by Geoffrey Garen.
-
- Cache the results of object toString() in the attached Structure.
-
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncToString):
- * runtime/Structure.cpp:
- (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue.
- * runtime/Structure.h: Added new member m_hasObjectToStringValue
- (JSC):
- (JSC::Structure::objectToStringValue):
- (Structure):
- (JSC::Structure::setObjectToStringValue):
-
-2012-04-24 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=84727.
- Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled.
-
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::or32):
- (JSC::MacroAssemblerSH4::and32):
- (JSC::MacroAssemblerSH4::lshift32):
- (JSC::MacroAssemblerSH4::xor32):
- (JSC::MacroAssemblerSH4::branchSub32):
- (JSC::MacroAssemblerSH4::urshift32):
-
-2012-04-24 Gavin Barraclough <barraclough@apple.com>
-
- Add explicit patchableBranchPtrWithPatch/patchableJump methods
- https://bugs.webkit.org/show_bug.cgi?id=84498
-
- Reviewed by Filip Pizlo.
-
- Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump):
- (PatchableJump):
- (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&):
- (AbstractMacroAssembler):
- (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
- - Added PatchableJump type, removed inUninterruptedSequence.
- * assembler/LinkBuffer.h:
- (LinkBuffer):
- (JSC::LinkBuffer::locationOf):
- - Only allow the location to be taken of patchable branches
- * assembler/MacroAssembler.h:
- (MacroAssembler):
- (JSC::MacroAssembler::patchableBranchPtrWithPatch):
- (JSC::MacroAssembler::patchableJump):
- (JSC::MacroAssembler::shouldBlind):
- - Added default implementation of patchableBranchPtrWithPatch, patchableJump.
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
- (MacroAssemblerARMv7):
- (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch):
- (JSC::MacroAssemblerARMv7::patchableJump):
- (JSC::MacroAssemblerARMv7::jump):
- (JSC::MacroAssemblerARMv7::makeBranch):
- - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump.
- * dfg/DFGCorrectableJumpPoint.h:
- (DFG):
- (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
- - Late jumps are PatchableJumps.
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkOSRExits):
- - replace use of inUninterruptedSequence
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
- (PropertyAccessRecord):
- - replace use of inUninterruptedSequence
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- - replace use of inUninterruptedSequence
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- - replace use of inUninterruptedSequence
- * jit/JIT.h:
- (PropertyStubCompilationInfo):
- - replace use of inUninterruptedSequence
- * jit/JITInlineMethods.h:
- (JSC::JIT::beginUninterruptedSequence):
- (JSC::JIT::endUninterruptedSequence):
- - replace use of inUninterruptedSequence
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::compileGetByIdHotPath):
- - replace use of inUninterruptedSequence
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::compileGetByIdHotPath):
- - replace use of inUninterruptedSequence
-
-2012-04-24 Benjamin Poulain <bpoulain@apple.com>
-
- Generalize the single character optimization of r114072
- https://bugs.webkit.org/show_bug.cgi?id=83961
-
- Reviewed by Eric Seidel.
-
- Use the regular String::find(StringImpl*) in all cases now that it has been made faster.
-
- * runtime/StringPrototype.cpp:
- (JSC::replaceUsingStringSearch):
-
-2012-04-24 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, 32-bit build fix.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-04-24 Filip Pizlo <fpizlo@apple.com>
-
- DFG performs incorrect DCE on (some?) intrinsics
- https://bugs.webkit.org/show_bug.cgi?id=84746
- <rdar://problem/11310772>
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (ByteCodeParser):
- (JSC::DFG::ByteCodeParser::setIntrinsicResult):
- (JSC::DFG::ByteCodeParser::handleMinMax):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- * dfg/DFGNodeType.h:
- (DFG):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray
- https://bugs.webkit.org/show_bug.cgi?id=84648
-
- Reviewed by Geoffrey Garen.
-
- When emit_op_new_array successfully allocates a new JSArray but fails to allocate
- the corresponding ArrayStorage for it, it falls back to the out-of-line stub call
- to constructArray, which constructs and entirely new JSArray/ArrayStorage pair.
- This leaves us with a JSArray hanging around on the stack or in a register that
- did not go through its own constructor, thus giving it uninitialized memory in the
- two fields that are checked in JSArray::visitChildren.
-
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that
- if we fail we haven't generated the poisonous JSArray that can cause a GC crash.
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emitSlow_op_new_array):
-
-2012-04-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG on ARMv7 should not OSR exit on every integer division
- https://bugs.webkit.org/show_bug.cgi?id=84661
-
- Reviewed by Oliver Hunt.
-
- On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since
- that was broken with the introduction of Int32ToDouble) nor does it have to know
- whether or not to convert its result to integer. This is now taken care of for free
- with the addition of the DoubleAsInt32 node, which represents a double-is-really-int
- speculation.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::performNodeCSE):
- * dfg/DFGFixupPhase.cpp:
- (JSC::DFG::FixupPhase::fixupNode):
- * dfg/DFGNodeType.h:
- (DFG):
- * dfg/DFGOSRExit.cpp:
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
- * dfg/DFGOSRExit.h:
- (OSRExit):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
- (DFG):
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-04-24 Geoffrey Garen <ggaren@apple.com>
-
- "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink
- https://bugs.webkit.org/show_bug.cgi?id=84740
- <rdar://problem/9917638>
-
- Reviewed by Gavin Barraclough.
-
- Shrink!
-
- * heap/Heap.cpp:
- (JSC::Heap::destroy): Be more specific about what's shrinking, since we
- can also shrink the WeakSet, but we don't do so here.
-
- (JSC::Heap::collect): If we're going to shrink the heap, shrink the
- WeakSet too. Otherwise, its footprint is permanent.
-
- * heap/Heap.h:
- (Heap): Removed shrink() as a public interface, since it's vague about
- which parts of the heap it affects, and it's really an internal detail.
-
- * heap/WeakSet.cpp:
- (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has
- already taken place, since that's the convention for shrink() in the heap.
-
- * heap/WeakSet.h:
- (WeakSet): New function!
-
-2012-04-24 Adam Klein <adamk@chromium.org>
-
- Fix includes in StrongInlines.h and ScriptValue.h
- https://bugs.webkit.org/show_bug.cgi?id=84659
-
- Reviewed by Geoffrey Garen.
-
- * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's
- definiition is required here.
-
-2012-04-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG OSR exit should ensure that all variables have been initialized
- https://bugs.webkit.org/show_bug.cgi?id=84653
- <rdar://problem/11258183>
-
- Reviewed by Gavin Barraclough.
-
- Initialize all uncaptured dead variables to undefined on OSR exit.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
-
-2012-04-23 Oliver Hunt <oliver@apple.com>
-
- Call instruction for the baseline JIT stores origin info in wrong callframe
- https://bugs.webkit.org/show_bug.cgi?id=84645
-
- Reviewed by Gavin Barraclough.
-
- The baseline JIT was updating the wrong callframe when making a call. If the
- call failed during dispatch (unable to perform codegen, calling a non-object)
- we would attempt to use this information, but it would be completely wrong.
-
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCall):
-
-2012-04-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG must keep alive values that it will perform speculations on
- https://bugs.webkit.org/show_bug.cgi?id=84638
- <rdar://problem/11258183>
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGNodeType.h:
- (DFG):
-
-2012-04-23 Oliver Hunt <oliver@apple.com>
-
- Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::executeCall):
-
-2012-04-22 Jon Lee <jonlee@apple.com>
-
- Remove notifications support on Mac Lion.
- https://bugs.webkit.org/show_bug.cgi?id=84554
- <rdar://problem/11297128>
-
- Reviewed by Sam Weinig.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-04-21 Darin Adler <darin@apple.com>
-
- Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
- https://bugs.webkit.org/show_bug.cgi?id=84523
-
- Reviewed by Oliver Hunt.
-
- Profiles showed that checks against -1 were costly, and I saw they could be eliminated.
- Streamlined this code to use standard character types and 0 rather than -1. One benefit
- of this is that there's no widening and narrowing. Another is that there are many cases
- where we already have the correct behavior for 0, so can eliminate a branch that was
- used to test for -1 before. Also eliminates typecasts in the code.
-
- * parser/Lexer.cpp:
- (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a
- character type, not an int.
- (JSC::Lexer::setCode): Use 0 rather than -1 when past the end.
- (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit.
- (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end
- of the code. This can be used places we used to cheeck for -1.
- (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment.
- (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int.
- (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that
- had a data-member-style name.
- (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart
- function already returns false for the 0 character. Updated types in a couple other places. Used
- the atEnd function where needed.
- (JSC::Lexer::parseIdentifierSlowCase): More of the same.
- (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString.
- (JSC::Lexer::parseString): Ditto.
- (JSC::Lexer::parseStringSlowCase): Ditto.
- (JSC::Lexer::parseMultilineComment): Ditto.
- (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in
- the tokenInfo instead of putting it in a local variable first, saving some memory access.
- (JSC::Lexer::scanRegExp): Ditto.
- (JSC::Lexer::skipRegExp): Ditto.
-
- * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to
- the character type. Added atEnd function.
- (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize.
- (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1.
-
-2012-04-21 Darin Adler <darin@apple.com>
-
- Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
- https://bugs.webkit.org/show_bug.cgi?id=84523
-
- Reviewed by Oliver Hunt.
-
- Separate preparation step of copyright dates, renaming, and other small tweaks.
-
- * parser/Lexer.cpp:
- (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions.
- (JSC::Lexer::peek): Removed meaningless comment.
- (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about
- what this function does.
- (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name.
- (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex.
- (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage.
-
- * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class.
- Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed
- getUnicodeCharacter to parseFourDigitUnicodeHex.
-
-2012-04-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG should optimize int8 and int16 arrays on ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=84503
-
- Reviewed by Oliver Hunt.
-
- * assembler/ARMv7Assembler.h:
- (ARMv7Assembler):
- (JSC::ARMv7Assembler::ldrsb):
- (JSC::ARMv7Assembler::ldrsh):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::load16Signed):
- (JSC::MacroAssemblerARMv7::load8Signed):
- * bytecode/PredictedType.h:
- (JSC::isActionableIntMutableArrayPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateInt8Array):
- (JSC::DFG::Node::shouldSpeculateInt16Array):
-
-2012-04-20 Oliver Hunt <oliver@apple.com>
-
- Add an ability to find the extent of a callframe
- https://bugs.webkit.org/show_bug.cgi?id=84513
-
- Reviewed by Filip Pizlo.
-
- Add a function to get the extent of a callframe and
- use that function for a new assertion to make sure the
- RegisterFile makes sense using that information.
-
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::frameExtentInternal):
- (JSC):
- * interpreter/CallFrame.h:
- (JSC::ExecState::frameExtent):
- (ExecState):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::executeCall):
-
-2012-04-20 Benjamin Poulain <bpoulain@apple.com>
-
- Inline the JSArray constructor
- https://bugs.webkit.org/show_bug.cgi?id=84416
-
- Reviewed by Geoffrey Garen.
-
- The constructor is trivial, no reason to jump for it.
-
- This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays).
-
- * runtime/JSArray.cpp:
- (JSC):
- * runtime/JSArray.h:
- (JSC::JSArray::JSArray):
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Heap should cancel GC timer at the start of the collection
- https://bugs.webkit.org/show_bug.cgi?id=84477
-
- Reviewed by Geoffrey Garen.
-
- Currently the Heap cancels the GC timer at the conclusion of a collection.
- We should change this to be at the beginning because something (e.g. a finalizer)
- could call didAbandonObjectGraph(), which will schedule the timer, but then
- we'll immediately unschedule the timer at the conclusion of the collection,
- thus potentially preventing large swaths of memory from being reclaimed in a timely manner.
-
- * API/JSBase.cpp:
- (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is
- busy or not, since we're just scheduling a timer to run a GC in the future.
- * heap/Heap.cpp:
- (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the
- top of Heap::collect.
- * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect.
- (JSC::DefaultGCActivityCallback::willCollect):
- * runtime/GCActivityCallback.h: Ditto.
- (JSC::GCActivityCallback::willCollect):
- (DefaultGCActivityCallback):
- * runtime/GCActivityCallbackCF.cpp: Ditto.
- (JSC::DefaultGCActivityCallback::willCollect):
-
-2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com>
-
- JSGarbageCollect should not call collectAllGarbage()
- https://bugs.webkit.org/show_bug.cgi?id=84476
-
- Reviewed by Geoffrey Garen.
-
- * API/JSBase.cpp:
- (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph.
-
-2012-04-19 Oliver Hunt <oliver@apple.com>
-
- Exception stack traces aren't complete when the exception starts in native code
- https://bugs.webkit.org/show_bug.cgi?id=84073
-
- Reviewed by Filip Pizlo.
-
- Refactored building the stack trace to so that we can construct
- it earlier, and don't rely on any prior work performed in the
- exception handling machinery. Also updated LLInt and the DFG to
- completely initialise the callframes of host function calls.
-
- Also fixed a few LLInt paths that failed to correctly update the
- topCallFrame.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * dfg/DFGJITCompiler.h:
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * interpreter/Interpreter.cpp:
- (JSC::eval):
- (JSC::Interpreter::getStackTrace):
- (JSC::Interpreter::addStackTraceIfNecessary):
- (JSC):
- (JSC::Interpreter::throwException):
- * interpreter/Interpreter.h:
- (Interpreter):
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- * jsc.cpp:
- (functionJSCStack):
- * llint/LLIntExceptions.cpp:
- (JSC::LLInt::interpreterThrowInCaller):
- (JSC::LLInt::returnToThrow):
- (JSC::LLInt::callToThrow):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::handleHostCall):
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
- * parser/Parser.h:
- (JSC::::parse):
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- (JSC::throwError):
- * runtime/Error.h:
- (JSC):
-
-2012-04-19 Mark Hahnenberg <mhahnenberg@apple.com>
-
- We're collecting pathologically due to small allocations
- https://bugs.webkit.org/show_bug.cgi?id=84404
-
- Reviewed by Geoffrey Garen.
-
- No change in performance on run-jsc-benchmarks.
-
- * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList.
- (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
- * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no
- longer useful.
- (JSC::CopiedSpace::CopiedSpace):
- (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than
- carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace.
- (JSC::CopiedSpace::tryAllocateOversize): Call the new didAllocate to notify the Heap of
- newly allocated stuff.
- (JSC::CopiedSpace::tryReallocateOversize):
- (JSC::CopiedSpace::doneFillingBlock):
- (JSC::CopiedSpace::doneCopying):
- (JSC::CopiedSpace::destroy):
- * heap/CopiedSpace.h:
- (CopiedSpace):
- * heap/CopiedSpaceInlineMethods.h:
- (JSC::CopiedSpace::startedCopying):
- * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and
- bytesAllocatedLimit to track how much memory has been allocated since the last collection.
- (JSC::Heap::Heap):
- (JSC::Heap::reportExtraMemoryCostSlowCase):
- (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering
- a collection to be the size of the Heap after the previous collection. Thus, we still have our
- 2x allocation amount.
- (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated
- thus far and then adds the new number of bytes to the current total.
- (JSC):
- * heap/Heap.h: Removed water mark related stuff.
- (JSC::Heap::notifyIsSafeToCollect):
- (Heap):
- (JSC::Heap::shouldCollect):
- (JSC):
- * heap/MarkedAllocator.cpp:
- (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct.
- (JSC::MarkedAllocator::allocateSlowCase):
- (JSC::MarkedAllocator::addBlock):
- * heap/MarkedAllocator.h:
- (MarkedAllocator):
- (JSC::MarkedAllocator::MarkedAllocator):
- (JSC::MarkedAllocator::allocate):
- (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell.
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::specializedSweep):
- (JSC::MarkedBlock::sweep):
- (JSC::MarkedBlock::sweepHelper):
- (JSC::MarkedBlock::zapFreeList):
- * heap/MarkedBlock.h:
- (FreeList): Added a new struct that keeps track of the current MarkedAllocator's
- free list including the number of bytes of stuff in the free list so that when the free list is
- exhausted, the correct amount can be reported to Heap.
- (MarkedBlock):
- (JSC::MarkedBlock::FreeList::FreeList):
- (JSC):
- * heap/MarkedSpace.cpp: Removing all water mark related stuff.
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::resetAllocators):
- * heap/MarkedSpace.h:
- (MarkedSpace):
- (JSC):
- * heap/WeakSet.cpp:
- (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This
- function still needs work though now that the Heap knows how many bytes have been allocated
- since the last collection.
- * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct.
- (JSC::JIT::emitAllocateBasicJSObject): Ditto.
- * llint/LowLevelInterpreter.asm: Ditto.
- * runtime/GCActivityCallback.cpp:
- (JSC::DefaultGCActivityCallback::didAllocate):
- * runtime/GCActivityCallback.h:
- (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that
- the allocation that is being reported has already taken place.
- (DefaultGCActivityCallback):
- * runtime/GCActivityCallbackCF.cpp:
- (JSC):
- (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of
- allocation since the last collection is not above a threshold (initially arbitrarily chosen to
- be 128KB).
-
-2012-04-19 Filip Pizlo <fpizlo@apple.com>
-
- MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal
- https://bugs.webkit.org/show_bug.cgi?id=84401
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
-
-2012-04-19 Don Olmstead <don.olmstead@am.sony.com>
-
- KeywordLookupGenerator.py should take an output file as an argument
- https://bugs.webkit.org/show_bug.cgi?id=84292
-
- Reviewed by Eric Seidel.
-
- Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script.
+ (JSC::JITThunks::hostFunctionStub): Use the new idioms. Otherwise, we
+ would return NULL for a "zombie" executable weak pointer that was waiting
+ for finalization (item (2)), and finalizing a dead executable weak pointer
+ would potentially destroy a new, live one (item (1)).
- * KeywordLookupGenerator.py:
-
-2012-04-19 Filip Pizlo <fpizlo@apple.com>
-
- It should be possible to perform debugCall on ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=84381
-
- Reviewed by Oliver Hunt.
-
- debugCall() was clobbering the argument to the call it was making, leading to a
- corrupt ExecState*. This change fixes that issue by using a scratch register that
- does not clobber arguments, and it also introduces more assertions that we have
- a valid call frame.
-
- * dfg/DFGAssemblyHelpers.cpp:
- (DFG):
- (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::selectScratchGPR):
- (AssemblyHelpers):
- (JSC::DFG::AssemblyHelpers::debugCall):
- (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkOSRExits):
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::selectScratchGPR):
-
-2012-04-19 Filip Pizlo <fpizlo@apple.com>
-
- LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that
- the PB/PC has been preserved
- https://bugs.webkit.org/show_bug.cgi?id=84367
-
- Reviewed by Oliver Hunt.
-
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
-
-2012-04-19 Filip Pizlo <fpizlo@apple.com>
-
- It should be possible to load from Float64 arrays on ARMv7 without crashing
- https://bugs.webkit.org/show_bug.cgi?id=84361
-
- Reviewed by Oliver Hunt.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::loadDouble):
- (JSC::MacroAssemblerARMv7::storeDouble):
-
-2012-04-19 Dominik Röttsches <dominik.rottsches@linux.intel.com>
-
- [CMake] Build fix after r114575
- https://bugs.webkit.org/show_bug.cgi?id=84322
-
- Reviewed by Simon Hausmann.
-
- Build fix, adding WTF when linking jsc shell.
-
- * shell/CMakeLists.txt:
-
-2012-04-18 Filip Pizlo <fpizlo@apple.com>
-
- JSC testing should have complete coverage over typed array types
- https://bugs.webkit.org/show_bug.cgi?id=84302
-
- Reviewed by Geoff Garen.
-
- Added Uint8ClampedArray to the set of typed arrays that are supported by jsc
- command-line.
-
- * JSCTypedArrayStubs.h:
- (JSC):
- * jsc.cpp:
- (GlobalObject::finishCreation):
-
-2012-04-18 Filip Pizlo <fpizlo@apple.com>
-
- jsc command line should support typed arrays by default
- https://bugs.webkit.org/show_bug.cgi?id=84298
-
- Rubber stamped by Gavin Barraclough.
-
- * JSCTypedArrayStubs.h:
- (JSC):
- * jsc.cpp:
- (GlobalObject::finishCreation):
-
-2012-04-18 Filip Pizlo <fpizlo@apple.com>
-
- JSVALUE32_64 should be able to perform division on ARM without crashing, and variables
- forced double should not be scrambled when performing OSR entry
- https://bugs.webkit.org/show_bug.cgi?id=84272
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGFixupPhase.cpp:
- (JSC::DFG::FixupPhase::fixupNode):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
-
-2012-04-18 Don Olmstead <don.olmstead@am.sony.com>
-
- JavaScriptCore.gypi not current
- https://bugs.webkit.org/show_bug.cgi?id=84224
-
- Reviewed by Eric Seidel.
-
- Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself.
-
- Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory.
-
- * JavaScriptCore.gypi:
-
-2012-04-18 Benjamin Poulain <bpoulain@apple.com>
-
- Remove m_subclassData from JSArray, move the attribute to subclass as needed
- https://bugs.webkit.org/show_bug.cgi?id=84249
-
- Reviewed by Geoffrey Garen.
-
- JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves
- the attribute to RuntimeArray to avoid allocating memory for the pointer in the common
- case.
-
- This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations
- of CopiedSpace.
-
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateJSArray):
- * runtime/JSArray.cpp:
- (JSC::JSArray::JSArray):
- * runtime/JSArray.h:
-
-2012-04-18 Benjamin Poulain <bpoulain@apple.com>
-
- replaceUsingStringSearch: delay the creation of the replace string until needed
- https://bugs.webkit.org/show_bug.cgi?id=83841
-
- Reviewed by Geoffrey Garen.
-
- We do not need to obtain the replaceValue until we have a match. By moving the intialization
- of replaceValue when needed, we save a few instructions when there is no match.
-
- * runtime/StringPrototype.cpp:
- (JSC::replaceUsingRegExpSearch):
- (JSC::replaceUsingStringSearch):
- (JSC::stringProtoFuncReplace):
-
-2012-04-18 Mark Hahnenberg <mhahnenberg@apple.com>
-
- GC activity timer should be tied to allocation, not collection
- https://bugs.webkit.org/show_bug.cgi?id=83919
-
- Reviewed by Geoffrey Garen.
-
- * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've
- released a global object, we're abandoning a potentially large number of objects that JSC might want
- to collect.
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate
- that we've hit a slow path and are allocating now, so schedule the timer.
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to
- throw away too much code during our benchmarks (especially vp8, which is very large and thus has large
- amounts of compiled code).
- (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we
- can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a
- collection to see if we should throw away our compiled code. Currently this is set to happen about once
- every minute.
- * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code.
- * heap/MarkedAllocator.cpp:
- (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like
- in CopiedSpace.
- * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms.
- (JSC::DefaultGCActivityCallback::willAllocate):
- (JSC):
- (JSC::DefaultGCActivityCallback::didCollect):
- (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
- * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing
- the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection
- occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for
- when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of
- objects and that JSC might want to clean them up.
- (JSC::GCActivityCallback::~GCActivityCallback):
- (JSC::GCActivityCallback::willAllocate):
- (JSC::GCActivityCallback::didCollect):
- (JSC::GCActivityCallback::didAbandonObjectGraph):
- (JSC::GCActivityCallback::synchronize):
- (DefaultGCActivityCallback):
- * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions.
- We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually
- turned out to be quite expensive (although Instruments couldn't tell us this).
- (DefaultGCActivityCallbackPlatformData):
- (JSC):
- (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
- (JSC::DefaultGCActivityCallback::commonConstructor):
- (JSC::scheduleTimer):
- (JSC::cancelTimer):
- (JSC::DefaultGCActivityCallback::willAllocate):
- (JSC::DefaultGCActivityCallback::didCollect):
- (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
-
-2012-04-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not attempt to get rare case counts for op_mod on ARM
- https://bugs.webkit.org/show_bug.cgi?id=84218
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- * dfg/DFGCommon.h:
- (JSC::DFG::isX86):
- (DFG):
-
-2012-04-17 Myles Maxfield <mmaxfield@google.com>
-
- BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE
- https://bugs.webkit.org/show_bug.cgi?id=80912
-
- Reviewed by Hajime Morita.
-
- * wtf/BumpPointerAllocator.h:
- (WTF::BumpPointerPool::create):
-
-2012-04-17 Filip Pizlo <fpizlo@apple.com>
-
- Attempt to fix Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-17 Filip Pizlo <fpizlo@apple.com>
-
- It should be possible to create an inheritorID for the global this object without crashing
- https://bugs.webkit.org/show_bug.cgi?id=84200
- <rdar://problem/11251082>
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSGlobalThis.cpp:
- (JSC::JSGlobalThis::setUnwrappedObject):
- * runtime/JSGlobalThis.h:
- (JSC::JSGlobalThis::unwrappedObject):
- (JSGlobalThis):
- * runtime/JSObject.cpp:
- (JSC::JSObject::createInheritorID):
- * runtime/JSObject.h:
- (JSObject):
- (JSC::JSObject::resetInheritorID):
-
-2012-04-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG and LLInt should not clobber the frame pointer on ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=84185
- <rdar://problem/10767252>
-
- Reviewed by Gavin Barraclough.
-
- Changed LLInt to use a different register. Changed DFG to use one fewer
- registers. We should revisit this and switch the DFG to use a different
- register instead of r7, but we can do that in a subsequent step since
- the performance effect is tiny.
-
- * dfg/DFGGPRInfo.h:
- (GPRInfo):
- (JSC::DFG::GPRInfo::toRegister):
- (JSC::DFG::GPRInfo::toIndex):
- * offlineasm/armv7.rb:
-
-2012-04-17 Filip Pizlo <fpizlo@apple.com>
-
- use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument
- https://bugs.webkit.org/show_bug.cgi?id=83942
- <rdar://problem/11247370>
-
- Reviewed by Gavin Barraclough.
-
- Don't use references to the graph after resizing the graph.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::flushArgument):
-
-2012-04-16 Gavin Barraclough <barraclough@apple.com>
-
- Array.prototype.toString should be generic
- https://bugs.webkit.org/show_bug.cgi?id=81588
-
- Reviewed by Sam Weinig.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- - check for join function, use fast case if base object is array & join is present & default.
- * runtime/CommonIdentifiers.h:
- - added 'join'.
-
-2012-04-16 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck issues.
-
- * GNUmakefile.list.am: Add missing files.
-
-2012-04-16 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r114309.
- http://trac.webkit.org/changeset/114309
- https://bugs.webkit.org/show_bug.cgi?id=84097
-
- it broke everything (Requested by olliej on #webkit).
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * bytecode/CodeBlock.h:
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::getStackTrace):
- (JSC::Interpreter::throwException):
- * interpreter/Interpreter.h:
- (Interpreter):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jsc.cpp:
- (functionJSCStack):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::handleHostCall):
- * parser/Parser.h:
- (JSC::::parse):
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- (JSC::throwError):
- * runtime/Error.h:
- (JSC):
-
-2012-04-16 Oliver Hunt <oliver@apple.com>
-
- Exception stack traces aren't complete when the exception starts in native code
- https://bugs.webkit.org/show_bug.cgi?id=84073
-
- Reviewed by Gavin Barraclough.
-
- Refactored building the stack trace to so that we can construct
- it earlier, and don't rely on any prior work performed in the
- exception handling machinery. Also updated LLInt and the DFG to
- completely initialise the callframes of host function calls.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::codeOriginIndexForReturn):
- (CodeBlock):
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::getStackTrace):
- (JSC::Interpreter::addStackTraceIfNecessary):
- (JSC):
- (JSC::Interpreter::throwException):
- * interpreter/Interpreter.h:
- (Interpreter):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jsc.cpp:
- (functionJSCStack):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::handleHostCall):
- * parser/Parser.h:
- (JSC::::parse):
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- (JSC::throwError):
- * runtime/Error.h:
- (JSC):
-
-2012-04-16 Oliver Hunt <oliver@apple.com>
-
- Fix COMMANDLINE_TYPEDARRAYS build
- https://bugs.webkit.org/show_bug.cgi?id=84051
-
- Reviewed by Gavin Barraclough.
-
- Update for new putByIndex API and wtf changes.
-
- * JSCTypedArrayStubs.h:
- (JSC):
-
-2012-04-16 Mark Hahnenberg <mhahnenberg@apple.com>
-
- GC in the middle of JSObject::allocatePropertyStorage can cause badness
- https://bugs.webkit.org/show_bug.cgi?id=83839
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ (JSC::RegExpCache::finalize): Ditto.
- Reviewed by Geoffrey Garen.
+ (JSC::RegExpCache::invalidateCode): Check for null while iterating. (See
+ item (2).)
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSObject.cpp:
- (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're
- growing our already-existing PropertyStorage.
- * runtime/JSObject.h:
- (JSObject):
- (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage
- and the new structure so that we can be sure a GC never occurs when our Structure
- info is out of sync with our PropertyStorage.
- (JSC):
- (JSC::JSObject::putDirectInternal): Moved the check to see if we should
- allocate more backing store before the actual property insertion into
- the structure.
- (JSC::JSObject::putDirectWithoutTransition): Ditto.
- (JSC::JSObject::transitionTo): Ditto.
* runtime/Structure.cpp:
- (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy
- for property backing stores contained within the Structure class.
- (JSC):
- * runtime/Structure.h:
- (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion
- into the Structure would require resizing the property backing store so that they can
- preallocate the required storage.
- (Structure):
-
-2012-04-13 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r114185.
- http://trac.webkit.org/changeset/114185
- https://bugs.webkit.org/show_bug.cgi?id=83967
-
- Broke a bunch of JavaScript related tests (Requested by
- andersca on #webkit).
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- (JSC::arrayProtoFuncToLocaleString):
- * runtime/CommonIdentifiers.h:
- * tests/mozilla/ecma/Array/15.4.4.2.js:
- (getTestCases):
-
-2012-04-13 Gavin Barraclough <barraclough@apple.com>
-
- Don't rely on fixed offsets to patch calls
- https://bugs.webkit.org/show_bug.cgi?id=83966
-
- Rubber stamped by Oliver Hunt.
-
- These aren't being used anywhere!
-
- * jit/JIT.h:
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCall):
-
-2012-04-13 Hojong Han <hojong.han@samsung.com>
-
- Array.prototype.toString and Array.prototype.toLocaleString should be generic
- https://bugs.webkit.org/show_bug.cgi?id=81588
-
- Reviewed by Gavin Barraclough.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- (JSC::arrayProtoFuncToLocaleString):
- * runtime/CommonIdentifiers.h:
- * tests/mozilla/ecma/Array/15.4.4.2.js:
- (getTestCases.array.item.new.TestCase):
- (getTestCases):
-
-2012-04-13 Gavin Barraclough <barraclough@apple.com>
-
- Don't rely on fixed offsets to patch method checks
- https://bugs.webkit.org/show_bug.cgi?id=83958
-
- Reviewed by Oliver Hunt.
-
- * bytecode/StructureStubInfo.h:
- - Add fields for the method check info.
- * jit/JIT.cpp:
- (JSC::PropertyStubCompilationInfo::copyToStubInfo):
- - Store the offsets on the stub info, instead of asserting.
- * jit/JIT.h:
- - Delete all the method check related offsets.
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::patchMethodCallProto):
- - Use the offset from the stubInfo.
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- - Pass the stubInfo to patchMethodCallProto.
-
-2012-04-13 Gavin Barraclough <barraclough@apple.com>
-
- Don't rely on fixed offsets to patch get_by_id/put_by_id
- https://bugs.webkit.org/show_bug.cgi?id=83924
-
- Reviewed by Oliver Hunt.
-
- Store offsets in the structure stub info, as we do for the DFG JIT.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::differenceBetween):
- - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!)
- * bytecode/StructureStubInfo.h:
- - added new fields for baseline JIT offsets.
- * jit/JIT.cpp:
- (JSC::PropertyStubCompilationInfo::copyToStubInfo):
- - moved out from JIT::privateCompile.
- (JSC::JIT::privateCompile):
- - moved out code to PropertyStubCompilationInfo::copyToStubInfo.
- * jit/JIT.h:
- (PropertyStubCompilationInfo):
- - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info.
- - removed many offsets.
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::compileGetByIdSlowCase):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emitSlow_op_put_by_id):
- (JSC::JIT::patchGetByIdSelf):
- (JSC::JIT::patchPutByIdReplace):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- (JSC::JIT::resetPatchGetById):
- (JSC::JIT::resetPatchPutById):
- - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
- - changed repatch functions to read offsets from the structure stub info.
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::compileGetByIdSlowCase):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emitSlow_op_put_by_id):
- (JSC::JIT::patchGetByIdSelf):
- (JSC::JIT::patchPutByIdReplace):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- (JSC::JIT::resetPatchGetById):
- (JSC::JIT::resetPatchPutById):
- - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
- - changed repatch functions to read offsets from the structure stub info.
-
-2012-04-13 Rob Buis <rbuis@rim.com>
-
- Fix some compiler warnings (miscellaneous)
- https://bugs.webkit.org/show_bug.cgi?id=80790
-
- Reviewed by Antonio Gomes.
-
- Fix signed/unsigned comparison warning.
+ (JSC::StructureTransitionTable::contains):
+ (JSC::StructureTransitionTable::add): Use get and set instead of add and
+ contains, since add and contains are not compatible with lazy finalization.
- * parser/Lexer.cpp:
- (JSC::::record16):
+ * runtime/WeakGCMap.h:
+ (WeakGCMap):
+ (JSC::WeakGCMap::clear):
+ (JSC::WeakGCMap::remove): Removed a bunch of code that was incompatible with
+ lazy finalization because I didn't feel like making it compatible, and I had
+ no way to test it.
-2012-04-12 Benjamin Poulain <bpoulain@apple.com>
+2012-05-24 Filip Pizlo <fpizlo@apple.com>
- Improve replaceUsingStringSearch() for case of a single character searchValue
- https://bugs.webkit.org/show_bug.cgi?id=83738
+ REGRESSION (r118013-r118031): Loops/Reloads under www.yahoo.com, quits after three tries with error
+ https://bugs.webkit.org/show_bug.cgi?id=87327
Reviewed by Geoffrey Garen.
-
- This patch improves replaceUsingStringSearch() with the following:
- -Add a special case for single character search, taking advantage of the faster WTF::find().
- -Inline replaceUsingStringSearch().
- -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds
- by definition.
-
- This gives less than 1% improvement for the multicharacter replace.
- The single character search show about 9% improvement.
-
- * runtime/StringPrototype.cpp:
- (JSC::replaceUsingStringSearch):
-
-2012-04-12 Michael Saboff <msaboff@apple.com>
-
- StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects
- https://bugs.webkit.org/show_bug.cgi?id=83823
-
- Reviewed by Gavin Barraclough.
-
- Put the clearing of the accessType to after the call to deref() so that
- deref() can use the accessType to delete referenced objects as needed.
-
- * bytecode/StructureStubInfo.h:
- (JSC::StructureStubInfo::reset):
-
-2012-04-12 Balazs Kelemen <kbalazs@webkit.org>
-
- [Qt] Fix WebKit1 build with V8
- https://bugs.webkit.org/show_bug.cgi?id=83322
-
- Reviewed by Adam Barth.
-
- * yarr/yarr.pri:
-
-2012-04-12 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=83821
- Move dfg repatching properties of structure stub info into a union
-
- Reviewed by Oliver Hunt.
-
- We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this.
-
- * bytecode/StructureStubInfo.h:
- (StructureStubInfo):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchByIdSelfAccess):
- (JSC::DFG::linkRestoreScratch):
- (JSC::DFG::generateProtoChainAccessStub):
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryBuildGetByIDList):
- (JSC::DFG::tryBuildGetByIDProtoList):
- (JSC::DFG::emitPutReplaceStub):
- (JSC::DFG::emitPutTransitionStub):
- (JSC::DFG::tryCachePutByID):
- (JSC::DFG::tryBuildPutByIdList):
- (JSC::DFG::dfgResetGetByID):
- (JSC::DFG::dfgResetPutByID):
-
-2012-04-12 Gavin Barraclough <barraclough@apple.com>
-
- Delete a bunch of unused, copy & pasted values in JIT.h
- https://bugs.webkit.org/show_bug.cgi?id=83822
-
- Reviewed by Oliver Hunt.
-
- The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense.
-
- * jit/JIT.h:
- (JIT):
-
-2012-04-12 Csaba Osztrogonác <ossy@webkit.org>
-
- [Qt][ARM] Buildfix after r113934.
-
- Reviewed by Zoltan Herczeg.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::compare8):
- (MacroAssemblerARM):
-
-2012-04-11 Filip Pizlo <fpizlo@apple.com>
-
- It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail
- https://bugs.webkit.org/show_bug.cgi?id=83744
- <rdar://problem/11206946>
-
- Reviewed by Andy Estes.
-
- This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node
- that is statically known to return boolean results.
-
- * dfg/DFGFixupPhase.cpp:
- (JSC::DFG::FixupPhase::fixupNode):
-
-2012-04-11 Michael Saboff <msaboff@apple.com>
-
- Invalid Union Reference in StructureStubInfo.{cpp.h}
- https://bugs.webkit.org/show_bug.cgi?id=83735
-
- Reviewed by Filip Pizlo.
-
- Changed the references to u.getByIdProtoList and u.getByIdSelfList
- to be consistent.
-
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::visitWeakReferences):
- * bytecode/StructureStubInfo.h:
- (JSC::StructureStubInfo::initGetByIdSelfList):
-
-2012-04-11 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed attempting to make Qt's eccentric hardware work.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::compare8):
- (MacroAssemblerARM):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::compare8):
- (MacroAssemblerMIPS):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::compare8):
- (MacroAssemblerSH4):
-
-2012-04-11 Filip Pizlo <fpizlo@apple.com>
-
- op_is_foo should be optimized
- https://bugs.webkit.org/show_bug.cgi?id=83666
-
- Reviewed by Gavin Barraclough.
-
- This implements inlining of op_is_undefined, op_is_string, op_is_number,
- and op_is_boolean in LLInt and the baseline JIT. op_is_object and
- op_is_function are not inlined because they are quite a bit more complex.
-
- This also implements all of the op_is_foo opcodes in the DFG, but it does
- not do any type profiling based optimizations, yet.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::compare8):
- (MacroAssemblerARMv7):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::compare8):
- (MacroAssemblerX86Common):
- * assembler/MacroAssemblerX86_64.h:
- (MacroAssemblerX86_64):
- (JSC::MacroAssemblerX86_64::testPtr):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCCallHelpers.h:
- (JSC::DFG::CCallHelpers::setupArguments):
- (CCallHelpers):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::performNodeCSE):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGNodeType.h:
- (DFG):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callOperation):
- (JSC::DFG::SpeculativeJIT::appendCallSetResult):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- (JIT):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_is_undefined):
- (JSC):
- (JSC::JIT::emit_op_is_boolean):
- (JSC::JIT::emit_op_is_number):
- (JSC::JIT::emit_op_is_string):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_is_undefined):
- (JSC):
- (JSC::JIT::emit_op_is_boolean):
- (JSC::JIT::emit_op_is_number):
- (JSC::JIT::emit_op_is_string):
- * jit/JITStubs.cpp:
- (JSC):
- * llint/LLIntSlowPaths.cpp:
- (LLInt):
- * llint/LLIntSlowPaths.h:
- (LLInt):
- * llint/LowLevelInterpreter.asm:
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
- * offlineasm/armv7.rb:
- * offlineasm/instructions.rb:
- * offlineasm/x86.rb:
-
-2012-04-11 Filip Pizlo <fpizlo@apple.com>
-
- If you use an IntegerOperand and want to return it with integerResult, you need to
- zero extend to get rid of the box
- https://bugs.webkit.org/show_bug.cgi?id=83734
- <rdar://problem/11232296>
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillInteger):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-
-2012-04-11 Filip Pizlo <fpizlo@apple.com>
-
- SpeculativeJIT::fillStorage() should work with all the states that a cell may be in
- https://bugs.webkit.org/show_bug.cgi?id=83722
-
- Reviewed by Gavin Barraclough.
-
- It's now possible to do StorageOperand on a cell, in the case that the storage is
- inline. But this means that fillStorage() must be able to handle all of the states
- that a cell might be in. Previously it didn't.
-
- With this change, it now does handle all of the states, and moreover, it does so
- by preserving the DataFormat of cells and performing all of the cell speculations
- that should be performed if you're using a cell as storage. But if you use this on
- something that is known to be storage already then it behaves as it did before.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillStorage):
-
-2012-04-11 Filip Pizlo <fpizlo@apple.com>
-
- Global variable predictions should not be coalesced unnecessarily
- https://bugs.webkit.org/show_bug.cgi?id=83678
-
- Reviewed by Geoff Garen.
-
- Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar
- to have a heapPrediction like a civilized DFG opcode ought to.
-
- No performance effect.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.h:
- * bytecode/PredictionTracker.h: Removed.
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGenerationInfo.h:
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (Graph):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasHeapPrediction):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-04-11 Benjamin Poulain <bpoulain@apple.com>
-
- Optimize String.split() for 1 character separator
- https://bugs.webkit.org/show_bug.cgi?id=83546
-
- Reviewed by Gavin Barraclough.
-
- This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case
- where the separator is a single character.
-
- The two main gains are:
- -Use of the find() function with a single character instead of doing a full string matching.
- -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline
- function.
-
- The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits.
-
- This makes String.split() faster by about 13% in that particular case.
-
- * runtime/StringPrototype.cpp:
- (JSC):
- (JSC::splitStringByOneCharacterImpl):
- (JSC::stringProtoFuncSplit):
-
-2012-04-10 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck issues.
-
- * GNUmakefile.list.am: Ad missing files.
-
-2012-04-10 Mark Rowe <mrowe@apple.com>
-
- Attempt to fix the Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-10 Patrick Gansterer <paroga@webkit.org>
-
- Cleanup wtf/Platform.h and config.h files
- https://bugs.webkit.org/show_bug.cgi?id=83431
-
- Reviewed by Eric Seidel.
-
- The ENABLE() and USE() macros take care about the case when the flag
- isn't defined. So there is no need to define anything with 0.
-
- Also move duplicated code from the config.h files to Platform.h and
- merge a few preprocessor commands to make the file more readable.
-
- * config.h:
-
-2012-04-10 Filip Pizlo <fpizlo@apple.com>
-
- DFG should flush SetLocals to arguments
- https://bugs.webkit.org/show_bug.cgi?id=83554
-
- Reviewed by Gavin Barraclough.
-
- This is necessary to match baseline JIT argument capture behavior.
-
- But to make this work right we need to have a story for arguments into
- which we store values of different formats. This patch introduces the
- notion of an ArgumentPosition - i.e. an argument in a particular inline
- call frame - and forces unification of all data pertinent to selecting
- the argument's data format.
- Also fixed an amusing bug in the handling of OSR on SetLocals if there
- was any insertion/deletion of nodes in the basic block. This is benign
- for now but won't be eventually since the DFG is getting smarter. So
- better fix it now.
+ If you use AbstractValue::filter(StructureSet) to test subset relationships between TOP and a
+ set containing >=2 elements, you're going to have a bad time.
- Also fixed an amusing bug in the handling of OSR on SetLocals if they
- are immediately followed by a Flush. I think this bug might have always
- been there but now it'll happen more commonly, and it's covered by the
- run-javascriptcore-tests.
+ That's because AbstractValue considers a set with >=2 elements to be equivalent to TOP, in order
+ to save space and speed up convergence. So filtering has no effect in this case, which made
+ the code think that the abstract value was proving that the structure check was unnecessary.
+ The correct thing to do is to use isSubsetOf() on the StructureAbstractValue, which does the
+ right thingies for TOP and >=2 elements.
- * JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
- * dfg/DFGArgumentPosition.h: Added.
- (DFG):
- (ArgumentPosition):
- (JSC::DFG::ArgumentPosition::ArgumentPosition):
- (JSC::DFG::ArgumentPosition::addVariable):
- (JSC::DFG::ArgumentPosition::mergeArgumentAwareness):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::setLocal):
- (JSC::DFG::ByteCodeParser::setArgument):
- (InlineStackEntry):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- * dfg/DFGDoubleFormatState.h: Added.
- (DFG):
- (JSC::DFG::mergeDoubleFormatStates):
- (JSC::DFG::mergeDoubleFormatState):
- (JSC::DFG::doubleFormatStateToString):
- * dfg/DFGGraph.h:
- (Graph):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGVariableAccessData.h:
- (JSC::DFG::VariableAccessData::VariableAccessData):
- (JSC::DFG::VariableAccessData::predict):
- (JSC::DFG::VariableAccessData::argumentAwarePrediction):
- (VariableAccessData):
- (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction):
- (JSC::DFG::VariableAccessData::doubleFormatState):
- (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
- (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
- (JSC::DFG::VariableAccessData::mergeDoubleFormatState):
- (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
-
-2012-04-10 Adam Klein <adamk@chromium.org>
-
- Remove unused NonNullPassRefPtr from WTF
- https://bugs.webkit.org/show_bug.cgi?id=82389
-
- Reviewed by Kentaro Hara.
- * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr.
+2012-05-24 Filip Pizlo <fpizlo@apple.com>
-2012-04-10 Darin Adler <darin@apple.com>
-
- Remove unused data member from Lexer class
- https://bugs.webkit.org/show_bug.cgi?id=83429
-
- Reviewed by Kentaro Hara.
-
- I noticed that m_delimited was "write-only", so I deleted it.
-
- * parser/Lexer.cpp:
- (JSC::Lexer::setCode): Removed code to set m_delimited.
- (JSC::Lexer::parseIdentifier): Ditto.
- (JSC::Lexer::parseIdentifierSlowCase): Ditto.
- (JSC::Lexer::lex): Ditto.
- * parser/Lexer.h: Deleted m_delimited.
-
-2012-04-10 Patrick Gansterer <paroga@webkit.org>
-
- [CMake] Enable USE_FOLDERS property
- https://bugs.webkit.org/show_bug.cgi?id=83571
-
- Reviewed by Daniel Bates.
-
- Setting the FOLDER property on targets gives more structure
- to the generated Visual Studio solutions.
- This does not affect other CMake generators.
-
- * CMakeLists.txt:
- * shell/CMakeLists.txt:
-
-2012-04-10 Filip Pizlo <fpizlo@apple.com>
-
- It should be possible to see why a code block was not compiled by the DFG
- https://bugs.webkit.org/show_bug.cgi?id=83553
-
- Reviewed by Geoff Garen.
-
- If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the
- opcode that caused the rejection.
-
- * dfg/DFGCapabilities.cpp:
- (JSC::DFG::debugFail):
- (DFG):
- (JSC::DFG::canHandleOpcodes):
-
-2012-04-09 Gavin Barraclough <barraclough@apple.com>
-
- If a callback constructor returns a C++ null, throw a type error.
- https://bugs.webkit.org/show_bug.cgi?id=83537
-
- Rubber Stamped by Geoff Garen.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::constructJSCallback):
- - If a callback constructor returns a C++ null, throw a type error.
- * API/tests/testapi.c:
- (Base_returnHardNull):
- * API/tests/testapi.js:
- - Add a test case for callback constructors that return a C++ null.
-
-2012-04-09 Gavin Barraclough <barraclough@apple.com>
-
- If a callback function returns a C++ null, convert to undefined.
- https://bugs.webkit.org/show_bug.cgi?id=83534
-
- Reviewed by Geoff Garen.
-
- * API/JSCallbackFunction.cpp:
- - If a callback function returns a C++ null, convert to undefined.
- (JSC::JSCallbackFunction::call):
- * API/tests/testapi.c:
- (Base_returnHardNull):
- * API/tests/testapi.js:
- - Add a test case for callback functions that return a C++ null.
-
-2012-04-09 Filip Pizlo <fpizlo@apple.com>
-
- Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that
- are currently being generated
- https://bugs.webkit.org/show_bug.cgi?id=83531
- <rdar://problem/11215200>
-
- Reviewed by Gavin Barraclough.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::stronglyVisitStrongReferences):
-
-2012-04-09 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks.
-
- * dfg/DFGOperations.cpp:
- (JSC):
- * offlineasm/armv7.rb:
-
-2012-04-09 Patrick Gansterer <paroga@webkit.org>
-
- Remove HAVE_STDINT_H
- https://bugs.webkit.org/show_bug.cgi?id=83434
-
- Reviewed by Kentaro Hara.
-
- HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already.
-
- * config.h:
-
-2012-04-08 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not load the property storage if it is inline.
- https://bugs.webkit.org/show_bug.cgi?id=83455
+ new test fast/js/dfg-arguments-mixed-alias.html fails on JSVALUE32_64
+ https://bugs.webkit.org/show_bug.cgi?id=87378
Reviewed by Gavin Barraclough.
- We had previously decided to have all property storage accesses go through
- the property storage pointer even if they don't "really" have to, because
- we were thinking this would help GC barriers somehow. Well, we never ended
- up doing anything with that. Hence, doing these wasted loads of the
- property storage pointer when the storage is inline is just a waste of CPU
- cycles.
+ - Captured variable tracking forgot did not consistently handle arguments, leading to OSR
+ badness.
- This change makes the DFG's inline property accesses (GetByOffset and
- PutByOffset) go directly to the inline property storage if the structure(s)
- tell us that it's OK.
-
- This looks like an across-the-board 1% win.
+ - Nodes capable of exiting were tracked in a non-monotonic way, leading to compiler errors.
- * bytecode/StructureSet.h:
- (JSC):
- (JSC::StructureSet::allAreUsingInlinePropertyStorage):
- (StructureSet):
* dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillStorage):
-
-2012-04-08 Filip Pizlo <fpizlo@apple.com>
-
- Command-line jsc's exception handling should be rationalized
- https://bugs.webkit.org/show_bug.cgi?id=83437
-
- Reviewed by Dan Bernstein.
-
- - If an exception is thrown during run() execution, it is now propagated,
- so that it will terminate program execution unless it is caught.
-
- - If program execution terminates with an exception, the exception is now
- always printed.
-
- - When printing the exception, the backtrace is now also printed if one is
- available. It will only not be available if you use something akin to my
- favorite line of code, 'throw "error"', since primitives don't have
- properties and hence we cannot attach a "stack" property to them.
-
- * jsc.cpp:
- (functionRun):
- (runWithScripts):
-
-2012-04-04 Filip Pizlo <fpizlo@apple.com>
-
- Forced OSR exits should lead to recompilation based on count, not rate
- https://bugs.webkit.org/show_bug.cgi?id=83247
- <rdar://problem/10720925>
-
- Reviewed by Geoff Garen.
-
- Track which OSR exits happen because of inadequate coverage. Count them
- separately. If the count reaches a threshold, immediately trigger
- reoptimization.
-
- This is in contrast to the recompilation trigger for all other OSR exits.
- Normally recomp is triggered when the exit rate exceeds a certain ratio.
-
- Looks like a slight V8 speedup (sub 1%).
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::forcedOSRExitCounter):
- (JSC::CodeBlock::addressOfForcedOSRExitCounter):
- (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
- (JSC::CodeBlock::shouldReoptimizeNow):
- (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
- (CodeBlock):
- * bytecode/DFGExitProfile.h:
- (JSC::DFG::exitKindToString):
- * dfg/DFGOSRExitCompiler.cpp:
- (JSC::DFG::OSRExitCompiler::handleExitCounts):
- (DFG):
- * dfg/DFGOSRExitCompiler.h:
- (OSRExitCompiler):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/Options.cpp:
- (Options):
- (JSC::Options::initializeOptions):
- * runtime/Options.h:
- (Options):
-
-2012-04-06 Benjamin Poulain <bpoulain@apple.com>
-
- Do not abuse ArrayStorage's m_length for testing array consistency
- https://bugs.webkit.org/show_bug.cgi?id=83403
-
- Reviewed by Geoffrey Garen.
-
- Array creation from a list of values is a 3 steps process:
- -JSArray::tryCreateUninitialized()
- -JSArray::initializeIndex() for each values
- -JSArray::completeInitialization()
-
- Previously, the attribute m_length was not set to the final size
- JSArray::tryCreateUninitialized() because it was used to test the array
- consistency JSArray::initializeIndex().
-
- This caused the initialization loop using JSArray::initializeIndex() maintain
- two counters:
- -index of the loop
- -storage->m_length++
-
- This patch fixes this by using the index of the initialization loop for the indinces of
- JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex
- is introduced if CHECK_ARRAY_CONSISTENCY is defined.
-
- The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined.
-
- This improves the performance of JSArray creation from literals by 8%.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::tryFinishCreationUninitialized):
- (JSC::JSArray::checkConsistency):
- * runtime/JSArray.h:
- (ArrayStorage):
- (JSC::JSArray::initializeIndex):
- (JSC::JSArray::completeInitialization):
-
-2012-04-06 Jon Lee <jonlee@apple.com>
-
- Build fix for Windows bots.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol.
-
-2012-04-06 Geoffrey Garen <ggaren@apple.com>
-
- Renamed
-
- WeakHeap => WeakSet
- HandleHeap => HandleSet
-
- Reviewed by Sam Weinig.
-
- These sets do have internal allocators, but it's confusing to call them
- heaps because they're sub-objects of an object called "heap".
-
- * heap/HandleHeap.cpp: Removed.
- * heap/HandleHeap.h: Removed.
- * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp.
- * heap/WeakHeap.cpp: Removed.
- * heap/WeakHeap.h: Removed.
- * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp.
- * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h.
-
- Plus global rename using grep.
-
-2012-04-06 Dan Bernstein <mitz@apple.com>
-
- <rdar://problem/10912476> HiDPI: Have canvas use a hidpi backing store, but downsample upon access
-
- Reviewed by Sam Weinig.
-
- * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS.
-
-2012-04-06 Rob Buis <rbuis@rim.com>
-
- Fix cast-align warnings in JSC
- https://bugs.webkit.org/show_bug.cgi?id=80790
-
- Reviewed by George Staikos.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::computeJumpType):
- (JSC::ARMv7Assembler::link):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::linkCode):
- * heap/MarkStack.cpp:
- (JSC::SlotVisitor::copyAndAppend):
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildren):
- * wtf/RefCountedArray.h:
- (WTF::RefCountedArray::Header::payload):
-
-2012-04-06 Darin Adler <darin@apple.com>
-
- Streamline strtod and fix some related problems
- https://bugs.webkit.org/show_bug.cgi?id=82857
-
- Reviewed by Geoffrey Garen.
-
- * parser/Lexer.cpp:
- (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number
- and we know it has only correct characters, leading spaces, trailing junk, and
- trailing spaces are not a possibility. No need to add a trailing null character.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need
- to allow trailing junk since the code above already allows only numeric digits
- in the string. This code path is used only in unusual cases, so it's not
- optimized for 8-bit strings, but easily could be.
- (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this
- function template because all the callers are OK with trailing junk. Use the
- parseDouble function. No need to copy the data into a byte buffer, because
- parseDouble handles that.
- (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the
- jsStrDecimalLiteral function template. That's OK because this function
- already checks for trailing junk and handles it appropriately. The old code
- path was doing it twice.
- (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the
- jsStrDecimalLiteral function template; the template allows junk unconditionally.
-
- * runtime/LiteralParser.cpp:
- (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number
- and we know it has only correct characters, leading spaces, trailing junk, and
- trailing spaces are not a possibility. No need to add a trailing null character.
- No need to copy the data into a byte buffer, because parseDouble handles that.
- We could optimize the UChar case even more because we know all the characters
- are ASCII, but not doing that at this time.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated.
-
-2012-04-06 Patrick Gansterer <paroga@webkit.org>
-
- Remove JSC dependency from GregorianDateTime
- https://bugs.webkit.org/show_bug.cgi?id=83290
-
- Reviewed by Geoffrey Garen.
-
- This allows us to move it to WTF later.
-
- * runtime/DateConstructor.cpp:
- (JSC::callDate):
- * runtime/JSDateMath.h:
-
-2012-04-05 Michael Saboff <msaboff@apple.com>
-
- Call Heap::discardAllCompiledCode() in low memory situations
- https://bugs.webkit.org/show_bug.cgi?id=83335
-
- Reviewed by Geoffrey Garen.
-
- Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?"
- check inline so that it can be called directly without this check.
-
- * heap/Heap.cpp:
- (JSC::Heap::discardAllCompiledCode):
- (JSC::Heap::collectAllGarbage):
- * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be
- called from WebCore.
- (Heap):
- * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration.
- (JSGlobalData):
-
-2012-04-05 Benjamin Poulain <bpoulain@apple.com>
-
- Speed up the conversion from JSValue to String for bulk operations
- https://bugs.webkit.org/show_bug.cgi?id=83243
-
- Reviewed by Geoffrey Garen.
-
- When making operations on primitive types, we loose some time converting
- values to JSString in order to extract the string.
-
- This patch speeds up some basic Array operations by avoiding the creation
- of intermediary JSString when possible.
-
- For the cases where we need to convert a lot of JSValue in a tight loop,
- an inline conversion is used.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- (JSC::arrayProtoFuncToLocaleString):
- (JSC::arrayProtoFuncJoin):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncSort):
- * runtime/CommonIdentifiers.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::sort):
- * runtime/JSString.h:
- (JSC::JSValue::toUString):
- (JSC):
- (JSC::inlineJSValueNotStringtoUString):
- (JSC::JSValue::toUStringInline):
- * runtime/JSValue.cpp:
- (JSC::JSValue::toUStringSlowCase):
- (JSC):
- * runtime/JSValue.h:
- (JSValue):
-
-2012-04-05 Benjamin Poulain <bpoulain@apple.com>
-
- Use QuickSort when sorting primitive values by string representation
- https://bugs.webkit.org/show_bug.cgi?id=83312
-
- Reviewed by Gavin Barraclough.
-
- When the value we are sorting are all primitive values, we do not need to
- ensure a stable sort as two values with equal string representation are
- indistinguishable from JavaScript.
-
- This gives about 16% performance increase when sorting primitive values.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::sort):
-
-2012-04-05 Oliver Hunt <oliver@apple.com>
-
- SIGILL in JavaScriptCore on a Geode processor
- https://bugs.webkit.org/show_bug.cgi?id=82496
-
- Reviewed by Gavin Barraclough.
-
- Don't attempt to use the DFG when SSE2 is not available.
-
- * dfg/DFGCapabilities.cpp:
- (JSC::DFG::canCompileOpcodes):
-
-2012-04-05 Oliver Hunt <oliver@apple.com>
-
- Fix 32-bit build.
-
- * API/APICast.h:
- (toJS):
-
-2012-04-05 Oliver Hunt <oliver@apple.com>
-
- Replace static_cast with jsCast when casting JSCell subclasses in JSC
- https://bugs.webkit.org/show_bug.cgi?id=83307
-
- Reviewed by Gavin Barraclough.
-
- Replace all usage of static_cast<JSCell subtype*> with jsCast<> in JavaScriptCore.
- This results in assertions when unsafe casts are performed, but simply leaves
- a static_cast<> in release builds.
-
- * API/APICast.h:
- (toJS):
- * API/JSCallbackConstructor.cpp:
- (JSC::constructJSCallback):
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::call):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::asCallbackObject):
- (JSC::::finishCreation):
- (JSC::::construct):
- (JSC::::call):
- * API/JSObjectRef.cpp:
- (JSObjectGetPrivate):
- (JSObjectSetPrivate):
- (JSObjectGetPrivateProperty):
- (JSObjectSetPrivateProperty):
- (JSObjectDeletePrivateProperty):
- * API/JSValueRef.cpp:
- (JSValueIsObjectOfClass):
- * API/JSWeakObjectMapRefPrivate.cpp:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::resolve):
- (JSC::BytecodeGenerator::resolveConstDecl):
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::finishCreation):
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Executable.h:
- (JSC::isHostFunction):
- * runtime/JSActivation.h:
- (JSC::asActivation):
- * runtime/JSArray.cpp:
- (JSC::JSArray::defineOwnProperty):
- * runtime/JSArray.h:
- (JSC::asArray):
- * runtime/JSBoundFunction.cpp:
- (JSC::boundFunctionCall):
- (JSC::boundFunctionConstruct):
- * runtime/JSByteArray.h:
- (JSC::asByteArray):
- * runtime/JSCell.cpp:
- (JSC::JSCell::toObject):
- * runtime/JSCell.h:
- (JSC::jsCast):
- * runtime/JSGlobalObject.h:
- (JSC::asGlobalObject):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncEval):
- * runtime/JSObject.cpp:
- (JSC::JSObject::setPrototypeWithCycleCheck):
- (JSC::JSObject::allowsAccessFrom):
- (JSC::JSObject::toThisObject):
- (JSC::JSObject::unwrappedObject):
- * runtime/JSObject.h:
- (JSC::asObject):
- * runtime/JSPropertyNameIterator.h:
- (JSC::Register::propertyNameIterator):
- * runtime/JSString.h:
- (JSC::asString):
- (JSC::JSValue::toString):
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncSubstr):
-
-2012-04-05 Benjamin Poulain <bpoulain@apple.com>
-
- Make something faster than JSStringBuilder for joining an array of JSValue
- https://bugs.webkit.org/show_bug.cgi?id=83180
-
- Reviewed by Geoffrey Garen.
-
- This patch add the class JSStringJoiner optimized for join() operations.
-
- This class makes stricter constraints than JSStringBuilder in order avoid
- memory allocations.
-
- In the best case, the class allocate memory only twice:
- -Allocate an array to keep a list of UString to join.
- -Allocate the final string.
-
- We also avoid the conversion from 8bits strings to 16bits strings since
- they are costly and unlikly to help for subsequent calls.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToLocaleString):
- (JSC::arrayProtoFuncJoin):
- * runtime/JSStringJoiner.cpp: Added.
- (JSC):
- (JSC::appendStringToData):
- (JSC::joinStrings):
- (JSC::JSStringJoiner::build):
- * runtime/JSStringJoiner.h: Added.
- (JSC):
- (JSStringJoiner):
- (JSC::JSStringJoiner::JSStringJoiner):
- (JSC::JSStringJoiner::append):
-
-2012-04-05 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=77293
- [Un]Reserve 'let'
-
- Rubber stamped by Oliver Hunt.
-
- Revert r106198.
- This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html
- If we're going to reserve let, we're going to have to do so in a more
- circumspect fashion.
-
- * parser/Keywords.table:
-
-2012-04-05 Michael Saboff <msaboff@apple.com>
-
- Rolling out http://trac.webkit.org/changeset/113262.
- Original code was fine.
-
- Rubber-stamped by Oliver Hunt.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::additionBlindedConstant):
-
-2012-04-05 Patrick Gansterer <paroga@webkit.org>
-
- [WinCE] Remove unnecessary function decleration
- https://bugs.webkit.org/show_bug.cgi?id=83155
-
- Reviewed by Kentaro Hara.
-
- * runtime/JSDateMath.cpp:
-
-2012-04-04 Patrick Gansterer <paroga@webkit.org>
-
- Add WTF::getCurrentLocalTime()
- https://bugs.webkit.org/show_bug.cgi?id=83164
-
- Reviewed by Alexey Proskuryakov.
-
- Replace the calls to WTF::getLocalTime() with time(0) with the new function.
- This allows us to use Win32 API on windows to get the same result in a next step.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/DateConstructor.cpp:
- (JSC::callDate):
-
-2012-04-04 Oliver Hunt <oliver@apple.com>
-
- Parser fails to revert some state after parsing expression and object literals.
- https://bugs.webkit.org/show_bug.cgi?id=83236
-
- Reviewed by Gavin Barraclough.
-
- Reset left hand side counter after parsing the literals.
-
- * parser/Parser.cpp:
- (JSC::::parseObjectLiteral):
- (JSC::::parseStrictObjectLiteral):
- (JSC::::parseArrayLiteral):
-
-2012-04-04 Filip Pizlo <fpizlo@apple.com>
-
- DFG InstanceOf should not uselessly speculate cell
- https://bugs.webkit.org/show_bug.cgi?id=83234
-
- Reviewed by Oliver Hunt.
-
- If InstanceOf is the only user of its child then don't speculate cell, since
- the not-cell case is super easy to handle.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-
-2012-04-04 Michael Saboff <msaboff@apple.com>
-
- Fixed minor error: "& 3" should be "& 2".
-
- Rubber-stamped by Oliver Hunt.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::additionBlindedConstant):
-
-2012-04-04 Michael Saboff <msaboff@apple.com>
-
- Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP
- https://bugs.webkit.org/show_bug.cgi?id=83191
-
- Reviewed by Oliver Hunt.
-
- Make are that blinded constant pairs are similarly aligned to the
- original immediate values so that instructions that expect that
- alignment work correctly. One example is ARMv7 add/sub imm to SP.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned.
- (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned.
- (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned.
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::additionBlindedConstant):
-
-2012-04-04 Filip Pizlo <fpizlo@apple.com>
-
- DFG should short-circuit Branch(LogicalNot(...))
- https://bugs.webkit.org/show_bug.cgi?id=83181
-
- Reviewed by Geoff Garen.
-
- Slight (sub 1%) speed-up on V8.
-
- * dfg/DFGFixupPhase.cpp:
- (JSC::DFG::FixupPhase::fixupNode):
-
-2012-04-04 Geoffrey Garen <ggaren@apple.com>
-
- [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode
- https://bugs.webkit.org/show_bug.cgi?id=83139
-
- Reviewed by Sam Weinig.
-
- * heap/PassWeak.h:
- (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error,
- so work around that here. (Long-term, we should make 32-bit and 64-bit
- agree on the right behavior.)
-
-2012-04-03 Geoffrey Garen <ggaren@apple.com>
-
- Updated JSC expected test results to reflect recent bug fixes <disapproving look>.
-
- Reviewed by Sam Weinig.
-
- * tests/mozilla/expected.html:
-
-2012-03-29 Geoffrey Garen <ggaren@apple.com>
-
- First step toward incremental Weak<T> finalization
- https://bugs.webkit.org/show_bug.cgi?id=82670
-
- Reviewed by Filip Pizlo.
-
- This patch implements a Weak<T> heap that is compatible with incremental
- finalization, while making as few behavior changes as possible. The behavior
- changes it makes are:
-
- (*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
- instead, a separate flag indicates that the JSValue is no longer valid.
- (This is required so that the JSValue can be preserved for later finalization.)
- Objects dealing with WeakImpls directly must change to check the flag.
-
- (*) Weak<T> is no longer a subclass of Handle<T>.
-
- (*) DOM GC performance is different -- 9% faster in the geometric mean,
- but 15% slower in one specific case:
- gc-dom1.html: 6% faster
- gc-dom2.html: 23% faster
- gc-dom3.html: 17% faster
- gc-dom4.html: 15% *slower*
-
- The key features of this new heap are:
-
- (*) Each block knows its own state, independent of any other blocks.
-
- (*) Each block caches its own sweep result.
-
- (*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
- mark them yet, since that would be a behavior change.)
-
- * API/JSCallbackObject.cpp:
- (JSC::JSCallbackObjectData::finalize):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::init): Updated to use the new WeakHeap API.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri: Paid the build system tax since I added some new files.
-
- * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,
- so we can keep passing a Handle<T> to finalizers, to avoid more surface
- area change in this patch. A follow-up patch should change the type we
- pass to finalizers.
-
- * heap/HandleHeap.cpp:
- (JSC):
- (JSC::HandleHeap::writeBarrier):
- (JSC::HandleHeap::isLiveNode):
- * heap/HandleHeap.h:
- (JSC):
- (HandleHeap):
- (Node):
- (JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
- we have a separate WeakHeap now.
-
- * heap/Heap.cpp:
- (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
- for through our watermark now. Removed m_waterMark because it was unused.
-
- (JSC::Heap::destroy): Updated for addition of WeakHeap.
-
- (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
- variable to participating in the watermark strategy. I wanted to standardize
- WeakHeap and all other Heap clients on this strategy, to make sure it's
- accurate.
-
- (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
- dead visit pass, as explained above.
-
- (JSC::Heap::collect):
- (JSC::Heap::resetAllocators): Updated for addition of WeakHeap.
-
- (JSC::Heap::addFinalizer):
- (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.
-
- * heap/Heap.h:
- (JSC::Heap::weakHeap):
- (Heap):
- (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
- strategy, since this is the best way for WeakHeap to report its memory
- cost. (I plan to update this in a follow-up patch to make it more accurate,
- but for now it is not less accurate than it used to be.)
-
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::resetAllocators):
- * heap/MarkedSpace.h:
- (MarkedSpace):
- (JSC::MarkedSpace::addToWaterMark):
- (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
- it was unused, and I didn't want to update WeakHeap to keep an usused
- variable working. Added API for above.
-
- * heap/PassWeak.h:
- (JSC):
- (WeakImplAccessor):
- (PassWeak):
- (JSC::::operator):
- (JSC::::get):
- (JSC::::was):
- (JSC::::PassWeak):
- (JSC::::~PassWeak):
- (JSC::UnspecifiedBoolType):
- (JSC::::leakImpl):
- (JSC::adoptWeak):
- * heap/Strong.h:
- (JSC::Strong::operator!):
- (Strong):
- (JSC::Strong::operator UnspecifiedBoolType*):
- (JSC::Strong::get):
- * heap/Weak.h:
- (Weak):
- (JSC::::Weak):
- (JSC):
- (JSC::::isHashTableDeletedValue):
- (JSC::::~Weak):
- (JSC::::swap):
- (JSC::=):
- (JSC::::operator):
- (JSC::UnspecifiedBoolType):
- (JSC::::release):
- (JSC::::clear):
- (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
- down to two things:
-
- (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.
-
- (*) Explicitly check WeakImpl::state() for non-liveness before returning
- a value (explained above).
-
- These files implement the new Weak<T> heap behavior described above:
-
- * heap/WeakBlock.cpp: Added.
- * heap/WeakBlock.h: Added.
- * heap/WeakHandleOwner.cpp: Added.
- * heap/WeakHandleOwner.h: Added.
- * heap/WeakHeap.cpp: Added.
- * heap/WeakHeap.h: Added.
- * heap/WeakImpl.h: Added.
-
- One interesting difference from the old heap is that we don't allow
- clients to overwrite a WeakImpl after allocating it, and we don't recycle
- WeakImpls prior to garbage collection. This is required for lazy finalization,
- but it will also help us esablish a useful invariant in the future: allocating
- a WeakImpl will be a binding contract to run a finalizer at some point in the
- future, even if the WeakImpl is later deallocated.
-
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
- its JSValue, since that's our API contract now, and the JSValue might
- be stale.
-
- * runtime/JSCell.h:
- (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.
-
- * runtime/Structure.cpp:
- (JSC::StructureTransitionTable::add): I can't remember why I did this.
-
- * runtime/StructureTransitionTable.h:
- * runtime/WeakGCMap.h: I had to update these classes because they allocate
- and deallocate weak pointers manually. They should probably stop doing that.
-
-2012-04-03 Keishi Hattori <keishi@webkit.org>
-
- Disable ENABLE_DATALIST for now
- https://bugs.webkit.org/show_bug.cgi?id=82871
-
- Reviewed by Kent Tamura.
-
- * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST.
-
-2012-04-02 Filip Pizlo <fpizlo@apple.com>
-
- jsr/sret should be removed
- https://bugs.webkit.org/show_bug.cgi?id=82986
- <rdar://problem/11017015>
-
- Reviewed by Sam Weinig and Geoff Garen.
-
- Replaces jsr/sret with finally block inlining.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/Opcode.h:
- (JSC):
- (JSC::padOpcodeName):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::pushFinallyContext):
- (JSC::BytecodeGenerator::emitComplexJumpScopes):
- (JSC):
- * bytecompiler/BytecodeGenerator.h:
- (FinallyContext):
- (BytecodeGenerator):
- * bytecompiler/NodesCodegen.cpp:
- (JSC::TryNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JIT):
- * jit/JITOpcodes.cpp:
- (JSC):
- * jit/JITOpcodes32_64.cpp:
- (JSC):
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
-
-2012-04-03 Mark Rowe <mrowe@apple.com>
-
- Make it possible to install the JavaScriptCore test tools.
-
- Part of <rdar://problem/11158607>.
-
- Reviewed by Filip Pizlo.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named
- Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on
- those targets individually to depending on the new aggregate target.
-
-2012-04-03 Filip Pizlo <fpizlo@apple.com>
-
- Offlineasm ARM backend has a very convoluted way of saying it wants to emit a
- three-operand multiply instruction
- https://bugs.webkit.org/show_bug.cgi?id=83100
-
- Reviewed by Darin Adler.
-
- Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was
- already smart enough to do the Right Thing for multiply.
-
- * offlineasm/armv7.rb:
-
-2012-04-03 Filip Pizlo <fpizlo@apple.com>
-
- Offlineasm ARM backend uses the wrong mnemonic for multiply
- https://bugs.webkit.org/show_bug.cgi?id=83098
- <rdar://problem/11168744>
-
- Reviewed by Gavin Barraclough.
-
- Use "mul" instead of "muls" since we're passing three operands, not two.
-
- * offlineasm/armv7.rb:
-
-2012-04-03 Gavin Barraclough <barraclough@apple.com>
-
- Linux crashes during boot
- https://bugs.webkit.org/show_bug.cgi?id=83096
-
- Reviewed by Filip Pizlo.
-
- The bug here is that we add empty JSValues to the sparse map, and then set them
- - but a GC may occur before doing so (due to a call to reportExtraMemory cost).
- We may want to consider making it safe to mark empty JSValues, but the simple &
- contained fix to this specific bug is to just initialize these values to
- something other than JSValue().
-
- * runtime/JSArray.cpp:
- (JSC::SparseArrayValueMap::add):
- - Initialize sparse map entries.
-
-2012-04-02 Oliver Hunt <oliver@apple.com>
-
- Incorrect liveness information when inlining
- https://bugs.webkit.org/show_bug.cgi?id=82985
-
- Reviewed by Filip Pizlo.
-
- Don't remap register numbers that have already been remapped.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleInlining):
-
-2012-04-02 Filip Pizlo <fpizlo@apple.com>
-
- Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we
- try to create an arguments object from the activation
- https://bugs.webkit.org/show_bug.cgi?id=82947
- <rdar://problem/11058598>
-
- Reviewed by Gavin Barraclough.
-
- We now copy the entire call frame header just to be sure. This is mostly perf-netural,
- except for a 3.7% slow-down in V8/earley.
-
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- * runtime/JSActivation.h:
- (JSC::JSActivation::tearOff):
-
-2012-04-02 Daniel Bates <dbates@webkit.org>
-
- Remove Source/JavaScriptCore/wtf and its empty subdirectories
-
- Rubber-stamped by Eric Seidel.
-
- Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF
- (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory
- Source/JavaScriptCore/wtf and its empty subdirectories.
-
- * wtf: Removed.
- * wtf/android: Removed.
- * wtf/blackberry: Removed.
- * wtf/chromium: Removed.
- * wtf/dtoa: Removed.
- * wtf/efl: Removed.
- * wtf/gobject: Removed.
- * wtf/gtk: Removed.
- * wtf/mac: Removed.
- * wtf/qt: Removed.
- * wtf/qt/compat: Removed.
- * wtf/tests: Removed.
- * wtf/text: Removed.
- * wtf/threads: Removed.
- * wtf/threads/win: Removed.
- * wtf/unicode: Removed.
- * wtf/unicode/glib: Removed.
- * wtf/unicode/icu: Removed.
- * wtf/unicode/qt4: Removed.
- * wtf/unicode/wince: Removed.
- * wtf/url: Removed.
- * wtf/url/api: Removed.
- * wtf/url/src: Removed.
- * wtf/win: Removed.
- * wtf/wince: Removed.
- * wtf/wx: Removed.
-
-2012-04-02 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck issues.
-
- * GNUmakefile.list.am: Add missing file.
-
-2012-04-01 Darin Adler <darin@apple.com>
-
- Fix incorrect path for libWTF.a in Mac project file.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that
- would cause other configurations to try to link with the "Release" version of
- libWTF.a instead of the correct version.
-
-2012-03-29 Filip Pizlo <fpizlo@apple.com>
-
- DFG should optimize a==b for a being an object and b being either an object or
- null/undefined, and vice versa
- https://bugs.webkit.org/show_bug.cgi?id=82656
-
- Reviewed by Oliver Hunt.
-
- Implements additional object equality optimizations for the case that one
- operand is predicted to be an easily speculated object (like FinalObject or
- Array) and the other is either an easily speculated object or Other, i.e.
- Null or Undefined.
-
- 2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8.
-
- I also took the opportunity to clean up the control flow for the speculation
- decisions in the various Compare opcodes. And to fix a build bug in SamplingTool.
- And to remove debug cruft I stupidly committed in my last patch.
-
- * bytecode/SamplingTool.h:
- (SamplingRegion):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::compare):
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
- (DFG):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
- (DFG):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-
-2012-03-30 David Barr <davidbarr@chromium.org>
-
- Split up top-level .gitignore and .gitattributes
- https://bugs.webkit.org/show_bug.cgi?id=82687
-
- Reviewed by Tor Arne Vestbø.
-
- * JavaScriptCore.gyp/.gitignore: Added.
-
-2012-03-30 Steve Falkenburg <sfalken@apple.com>
-
- Windows (make based) build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them.
-
-2012-03-30 Keishi Hattori <keishi@webkit.org>
-
- Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium
- https://bugs.webkit.org/show_bug.cgi?id=80972
-
- Reviewed by Kent Tamura.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-03-29 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Refactor recompileAllJSFunctions() to be less expensive
- https://bugs.webkit.org/show_bug.cgi?id=80330
-
- Reviewed by Filip Pizlo.
-
- This change is performance neutral on the JS benchmarks we track. It's mostly to improve page
- load performance, which currently does at least a couple full GCs per navigation.
-
- * heap/Heap.cpp:
- (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode
- because the function doesn't actually recompile anything (and never did); it simply throws code
- away for it to be recompiled later if we determine we should do so.
- (JSC):
- (JSC::Heap::collectAllGarbage):
- (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
- (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
- * heap/Heap.h:
- (JSC):
- (Heap):
- * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can
- be used in DoublyLinkedLists.
- (JSC::FunctionExecutable::FunctionExecutable):
- (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
- * runtime/Executable.h:
- (FunctionExecutable):
- (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
- * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage
- the list of FunctionExecutables.
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- * runtime/JSGlobalObject.cpp:
- (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
-
-2012-03-29 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for non-x86 platforms.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileSoftModulo):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callOperation):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emitSlow_op_mod):
-
-2012-03-29 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix p2.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-29 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix p1.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-29 Gavin Barraclough <barraclough@apple.com>
-
- Template the Yarr::Interpreter on the character type
- https://bugs.webkit.org/show_bug.cgi?id=82637
-
- Reviewed by Sam Weinig.
-
- We should be able to call to the interpreter after having already checked the character type,
- without having to re-package the character pointer back up into a string!
-
- * runtime/RegExp.cpp:
- (JSC::RegExp::match):
- (JSC::RegExp::matchCompareWithInterpreter):
- - Don't pass length.
- * yarr/Yarr.h:
- - moved function declarations to YarrInterpreter.h.
- * yarr/YarrInterpreter.cpp:
- (Yarr):
- (Interpreter):
- (JSC::Yarr::Interpreter::InputStream::InputStream):
- (InputStream):
- (JSC::Yarr::Interpreter::Interpreter):
- (JSC::Yarr::interpret):
- - templated Interpreter class on CharType.
- * yarr/YarrInterpreter.h:
- (Yarr):
- - added function declarations.
-
-2012-03-29 David Kilzer <ddkilzer@apple.com>
-
- Don't use a flattened framework path when building on OS X
-
- Reviewed by Mark Rowe.
-
- * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME
- to select different INSTALL_PATH values.
-
-2012-03-29 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed build fix, add Win-specific sources
- the wx port needs after WTF move.
-
- * wscript:
-
-2012-03-29 Andy Estes <aestes@apple.com>
-
- Remove an unused variable that breaks the build with newer versions of clang.
-
- Rubber stamped by Gavin Barraclough.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
-
-2012-03-29 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
-
- HashMap<>::add should return a more descriptive object
- https://bugs.webkit.org/show_bug.cgi?id=71063
-
- Reviewed by Ryosuke Niwa.
-
- Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps
- the iterator type, there's a need for its own AddResult type -- instantiated from
- HashTableAddResult template class.
-
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
- * API/JSClassRef.cpp:
- (OpaqueJSClass::contextData):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addVar):
- (JSC::BytecodeGenerator::addGlobalVar):
- (JSC::BytecodeGenerator::addConstant):
- (JSC::BytecodeGenerator::addConstantValue):
- (JSC::BytecodeGenerator::emitLoad):
- (JSC::BytecodeGenerator::addStringConstant):
- (JSC::BytecodeGenerator::emitLazyNewFunction):
- * bytecompiler/NodesCodegen.cpp:
- (JSC::PropertyListNode::emitBytecode):
- * debugger/Debugger.cpp:
- * dfg/DFGAssemblyHelpers.cpp:
- (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::ctiStub):
- (JSC::JITThunks::hostFunctionStub):
- * parser/Parser.cpp:
- (JSC::::parseStrictObjectLiteral):
- * parser/Parser.h:
- (JSC::Scope::declareParameter):
- * runtime/Identifier.cpp:
- (JSC::Identifier::add):
- (JSC::Identifier::add8):
- (JSC::Identifier::addSlowCase):
- * runtime/Identifier.h:
- (JSC::Identifier::add):
- (JSC::IdentifierTable::add):
- * runtime/JSArray.cpp:
- (JSC::SparseArrayValueMap::add):
- (JSC::SparseArrayValueMap::put):
- (JSC::SparseArrayValueMap::putDirect):
- (JSC::JSArray::enterDictionaryMode):
- (JSC::JSArray::defineOwnNumericProperty):
- * runtime/JSArray.h:
- (SparseArrayValueMap):
- * runtime/PropertyNameArray.cpp:
- (JSC::PropertyNameArray::add):
- * runtime/StringRecursionChecker.h:
- (JSC::StringRecursionChecker::performCheck):
- * runtime/Structure.cpp:
- (JSC::StructureTransitionTable::add):
- * runtime/WeakGCMap.h:
- (WeakGCMap):
- (JSC::WeakGCMap::add):
- (JSC::WeakGCMap::set):
- * tools/ProfileTreeNode.h:
- (JSC::ProfileTreeNode::sampleChild):
-
-2012-03-29 Patrick Gansterer <paroga@webkit.org>
-
- Build fix for !ENABLE(YARR_JIT) after r112454.
-
- * runtime/RegExp.cpp:
- (JSC::RegExp::invalidateCode):
-
-2012-03-28 Filip Pizlo <fpizlo@apple.com>
-
- DFG object equality speculations should be simplified
- https://bugs.webkit.org/show_bug.cgi?id=82557
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateFinalObject):
- (JSC::DFG::Node::shouldSpeculateArray):
-
-2012-03-28 David Kilzer <ddkilzer@apple.com>
-
- minidom configurations should be based on ToolExecutable.xcconfig
- <http://webkit.org/b/82513>
-
- Reviewed by Mark Rowe.
-
- Note that this patch changes minidom from being installed in
- /usr/local/bin to JavaScriptCore.framework/Resources.
-
- * Configurations/ToolExecutable.xcconfig: Add semi-colon.
- * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
- configurations on ToolExecutable.xcconfig. Remove redundant
- PRODUCT_NAME and SKIP_INSTALL variables.
-
-2012-03-28 Gavin Barraclough <barraclough@apple.com>
-
- Build fix - some compiles generating NORETURN related warnings.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::setSubpatternStart):
- (JSC::Yarr::YarrGenerator::setSubpatternEnd):
- (JSC::Yarr::YarrGenerator::clearSubpatternStart):
-
-2012-03-28 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed. Build fix, move WTF back into JSCore target
- until issues with JSCore not linking in all WTF symbols are resolved.
-
- * wscript:
-
-2012-03-28 Gavin Barraclough <barraclough@apple.com>
-
- Yarr: if we're not using the output array, don't populate it!
- https://bugs.webkit.org/show_bug.cgi?id=82519
-
- Reviewed by Sam Weinig.
-
- * runtime/RegExp.cpp:
- (JSC):
- - Missed review comment! - didn't fully remove RegExpRepresentation.
-
-2012-03-28 Gavin Barraclough <barraclough@apple.com>
-
- Yarr: if we're not using the output array, don't populate it!
- https://bugs.webkit.org/show_bug.cgi?id=82519
-
- Reviewed by Sam Weinig.
-
- Add a new variant of the match method to RegExp that returns a MatchResult,
- and modify YarrJIT to be able to compile code that doesn't use an output vector.
-
- This is a 3% progression on v8-regexp.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Moved MatchResult into its own header.
- * assembler/AbstractMacroAssembler.h:
- - Added missing include.
- * runtime/MatchResult.h: Added.
- (MatchResult::MatchResult):
- (MatchResult):
- (MatchResult::failed):
- (MatchResult::operator bool):
- (MatchResult::empty):
- - Moved MatchResult into its own header.
- * runtime/RegExp.cpp:
- (JSC::RegExp::compile):
- (JSC::RegExp::compileIfNecessary):
- (JSC::RegExp::match):
- - Changed due to execute & representation changes.
- (JSC::RegExp::compileMatchOnly):
- (JSC::RegExp::compileIfNecessaryMatchOnly):
- - Added helper to compile MatchOnly code.
- (JSC::RegExp::invalidateCode):
- (JSC::RegExp::matchCompareWithInterpreter):
- (JSC::RegExp::printTraceData):
- - Changed due representation changes.
- * runtime/RegExp.h:
- (RegExp):
- (JSC::RegExp::hasCode):
- - Made YarrCodeBlock a member.
- * runtime/RegExpConstructor.h:
- (RegExpConstructor):
- (JSC::RegExpConstructor::performMatch):
- - Added no-ovector form.
- * runtime/RegExpMatchesArray.cpp:
- (JSC::RegExpMatchesArray::reifyAllProperties):
- - Match now takes a reference to ovector, not a pointer.
- * runtime/RegExpObject.h:
- (JSC):
- - Moved MatchResult into its own header.
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncSplit):
- - Match now takes a reference to ovector, not a pointer.
- * testRegExp.cpp:
- (testOneRegExp):
- - Match now takes a reference to ovector, not a pointer.
- * yarr/YarrJIT.cpp:
- (Yarr):
- (YarrGenerator):
- (JSC::Yarr::YarrGenerator::initCallFrame):
- (JSC::Yarr::YarrGenerator::removeCallFrame):
- (JSC::Yarr::YarrGenerator::setSubpatternStart):
- (JSC::Yarr::YarrGenerator::setSubpatternEnd):
- (JSC::Yarr::YarrGenerator::clearSubpatternStart):
- (JSC::Yarr::YarrGenerator::setMatchStart):
- (JSC::Yarr::YarrGenerator::getMatchStart):
- - Added helper functions to intermediate access to output.
- (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
- (JSC::Yarr::YarrGenerator::generate):
- (JSC::Yarr::YarrGenerator::backtrack):
- (JSC::Yarr::YarrGenerator::generateEnter):
- (JSC::Yarr::YarrGenerator::compile):
- - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
- (JSC::Yarr::jitCompile):
- - Needs to template of MatchOnly or IncludeSubpatterns.
- * yarr/YarrJIT.h:
- (YarrCodeBlock):
- (JSC::Yarr::YarrCodeBlock::set8BitCode):
- (JSC::Yarr::YarrCodeBlock::set16BitCode):
- (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
- (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
- (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
- (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
- (JSC::Yarr::YarrCodeBlock::execute):
- (JSC::Yarr::YarrCodeBlock::clear):
- - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
-
-2012-03-27 Filip Pizlo <fpizlo@apple.com>
-
- DFG OSR exit should not generate an exit for variables of inlinees if the
- inlinees are not in scope
- https://bugs.webkit.org/show_bug.cgi?id=82312
-
- Reviewed by Oliver Hunt.
-
- * bytecode/CodeBlock.h:
- (JSC::baselineCodeBlockForInlineCallFrame):
- (JSC):
- (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
- * dfg/DFGOSRExit.cpp:
- (JSC::DFG::computeNumVariablesForCodeOrigin):
- (DFG):
- (JSC::DFG::OSRExit::OSRExit):
-
-2012-03-27 Matt Lilek <mrl@apple.com>
-
- Stop compiling Interpreter.cpp with -fno-var-tracking
- https://bugs.webkit.org/show_bug.cgi?id=82299
-
- Reviewed by Anders Carlsson.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-27 Pratik Solanki <psolanki@apple.com>
-
- Compiler warning when JIT is not enabled
- https://bugs.webkit.org/show_bug.cgi?id=82352
-
- Reviewed by Filip Pizlo.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::create):
-
-2012-03-26 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Unaligned userspace access for SH4 platforms
- https://bugs.webkit.org/show_bug.cgi?id=79104
-
- Reviewed by Gavin Barraclough.
-
- * assembler/AbstractMacroAssembler.h:
- (Jump):
- (JSC::AbstractMacroAssembler::Jump::Jump):
- (JSC::AbstractMacroAssembler::Jump::link):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::load16Unaligned):
- (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
- (JSC::MacroAssemblerSH4::branchDouble):
- (JSC::MacroAssemblerSH4::branchTrue):
- (JSC::MacroAssemblerSH4::branchFalse):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::extraInstrForBranch):
- (SH4Assembler):
- (JSC::SH4Assembler::bra):
- (JSC::SH4Assembler::linkJump):
- * jit/JIT.h:
- (JIT):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2012-03-26 Ryosuke Niwa <rniwa@webkit.org>
-
- cssText should use shorthand notations
- https://bugs.webkit.org/show_bug.cgi?id=81737
-
- Reviewed by Enrica Casucci.
-
- Export symbols of BitVector on Windows.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-26 Filip Pizlo <fpizlo@apple.com>
-
- DFG should assert that argument value recoveries can only be
- AlreadyInRegisterFile or Constant
- https://bugs.webkit.org/show_bug.cgi?id=82249
-
- Reviewed by Michael Saboff.
-
- Made the assertions that the DFG makes for argument value recoveries match
- what Arguments expects.
-
- * bytecode/ValueRecovery.h:
- (JSC::ValueRecovery::isConstant):
- (ValueRecovery):
- (JSC::ValueRecovery::isAlreadyInRegisterFile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-26 Dan Bernstein <mitz@apple.com>
-
- Tried to fix the Windows build.
-
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::CharacterClassConstructor::putRange):
-
-2012-03-26 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed - speculative Windows build fix.
-
- * yarr/YarrCanonicalizeUCS2.h:
- (JSC::Yarr::getCanonicalPair):
-
-2012-03-26 Dan Bernstein <mitz@apple.com>
-
- Fixed builds with assertions disabled.
-
- * yarr/YarrCanonicalizeUCS2.h:
- (JSC::Yarr::areCanonicallyEquivalent):
-
-2012-03-26 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed - errk! - accidentally the whole pbxproj.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-25 Gavin Barraclough <barraclough@apple.com>
-
- Greek sigma is handled wrong in case independent regexp.
- https://bugs.webkit.org/show_bug.cgi?id=82063
-
- Reviewed by Oliver Hunt.
-
- The bug here is that we assume that any given codepoint has at most one additional value it
- should match under a case insensitive match, and that the pair of codepoints that match (if
- a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
- given codepoint). Life is not that simple.
-
- Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
- it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
- we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
- simple binary search to find an entry in typically eight compares.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * yarr/yarr.pri:
- - Added new files to build systems.
- * yarr/YarrCanonicalizeUCS2.cpp: Added.
- - New - autogenerated, UCS2 canonicalized comparison tables.
- * yarr/YarrCanonicalizeUCS2.h: Added.
- (JSC::Yarr::rangeInfoFor):
- - Look up the canonicalization info for a UCS2 character.
- (JSC::Yarr::getCanonicalPair):
- - For a UCS2 character with a single equivalent value, look it up.
- (JSC::Yarr::isCanonicallyUnique):
- - Returns true if no other UCS2 code points are canonically equal.
- (JSC::Yarr::areCanonicallyEquivalent):
- - Compare two values, under canonicalization rules.
- * yarr/YarrCanonicalizeUCS2.js: Added.
- - script used to generate YarrCanonicalizeUCS2.cpp.
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::tryConsumeBackReference):
- - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
- - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::CharacterClassConstructor::putChar):
- - Updated to determine canonical equivalents correctly.
- (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
- - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
- (JSC::Yarr::CharacterClassConstructor::putRange):
- - Updated to determine canonical equivalents correctly.
- (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
- - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
-
-2012-03-26 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
- so we make sure it finds the API headers on all platforms.
-
- * wscript:
-
-2012-03-26 Patrick Gansterer <paroga@webkit.org>
-
- Build fix for WinCE after r112039.
-
- * interpreter/Register.h:
- (Register): Removed inline keyword from decleration since
- there is an ALWAYS_INLINE at the definition anyway.
-
-2012-03-26 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Add missing files.
-
-2012-03-25 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed build fix. Move WTF to its own static lib build.
-
- * wscript:
-
-2012-03-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG int-to-double conversion should be revealed to CSE
- https://bugs.webkit.org/show_bug.cgi?id=82135
-
- Reviewed by Oliver Hunt.
-
- This introduces the notion of an Int32ToDouble node, which is injected
- into the graph anytime we know that we have a double use of a node that
- was predicted integer. The Int32ToDouble simplifies double speculation
- on integers by skipping the path that would unbox doubles, if we know
- that the value is already proven to be an integer. It allows integer to
- double conversions to be subjected to common subexpression elimination
- (CSE) by allowing the CSE phase to see where these conversions are
- occurring. Finally, it allows us to see when a constant is being used
- as both a double and an integer. This is a bit odd, since it means that
- sometimes a double use of a constant will not refer directly to the
- constant. This should not cause problems, for now, but it may require
- some canonizalization in the future if we want to support strength
- reductions of double operations based on constants.
-
- To allow injection of nodes into the graph, this change introduces the
- DFG::InsertionSet, which is a way of lazily inserting elements into a
- list. This allows the FixupPhase to remain O(N) despite performing
- multiple injections in a single basic block. Without the InsertionSet,
- each injection would require performing an insertion into a vector,
- which is O(N), leading to O(N^2) performance overall. With the
- InsertionSet, each injection simply records what insertion would have
- been performed, and all insertions are performed at once (via
- InsertionSet::execute) after processing of a basic block is completed.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/PredictedType.h:
- (JSC::isActionableIntMutableArrayPrediction):
- (JSC):
- (JSC::isActionableFloatMutableArrayPrediction):
- (JSC::isActionableTypedMutableArrayPrediction):
- (JSC::isActionableMutableArrayPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
* dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::performNodeCSE):
- * dfg/DFGCommon.h:
- (JSC::DFG::useKindToString):
- (DFG):
- * dfg/DFGFixupPhase.cpp:
- (JSC::DFG::FixupPhase::run):
- (JSC::DFG::FixupPhase::fixupBlock):
- (FixupPhase):
- (JSC::DFG::FixupPhase::fixupNode):
- (JSC::DFG::FixupPhase::fixDoubleEdge):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGInsertionSet.h: Added.
- (DFG):
- (Insertion):
- (JSC::DFG::Insertion::Insertion):
- (JSC::DFG::Insertion::index):
- (JSC::DFG::Insertion::element):
- (InsertionSet):
- (JSC::DFG::InsertionSet::InsertionSet):
- (JSC::DFG::InsertionSet::append):
- (JSC::DFG::InsertionSet::execute):
- * dfg/DFGNodeType.h:
- (DFG):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- (JSC::DFG::SpeculativeJIT::compileValueToInt32):
- (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
- (DFG):
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- (JSC::DFG::IntegerOperand::IntegerOperand):
- (JSC::DFG::DoubleOperand::DoubleOperand):
- (JSC::DFG::JSValueOperand::JSValueOperand):
- (JSC::DFG::StorageOperand::StorageOperand):
- (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
- (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
- (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
- (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
- (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-25 Filip Pizlo <fpizlo@apple.com>
-
- DFGOperands should be moved out of the DFG and into bytecode
- https://bugs.webkit.org/show_bug.cgi?id=82151
-
- Reviewed by Dan Bernstein.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
- * dfg/DFGBasicBlock.h:
- * dfg/DFGNode.h:
- * dfg/DFGOSREntry.h:
- * dfg/DFGOSRExit.h:
- * dfg/DFGOperands.h: Removed.
- * dfg/DFGVariableAccessData.h:
-
-2012-03-24 Filip Pizlo <fpizlo@apple.com>
-
- DFG 64-bit Branch implementation should not be creating a JSValueOperand that
- it isn't going to use
- https://bugs.webkit.org/show_bug.cgi?id=82136
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2012-03-24 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed. Fix the build after WTF move.
-
- * wscript:
-
-2012-03-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG double voting may be overzealous in the case of variables that end up
- being used as integers
- https://bugs.webkit.org/show_bug.cgi?id=82008
-
- Reviewed by Oliver Hunt.
-
- Cleaned up propagation, making the intent more explicit in most places.
- Back-propagate NodeUsedAsInt for cases where a node was used in a context
- that is known to strongly prefer integers.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dumpCodeOrigin):
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (Graph):
- * dfg/DFGNodeFlags.cpp:
- (JSC::DFG::nodeFlagsAsString):
- * dfg/DFGNodeFlags.h:
+ (JSC::DFG::CSEPhase::CSEPhase):
+ (CSEPhase):
+ (JSC::DFG::performCSE):
+ * dfg/DFGCSEPhase.h:
(DFG):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::run):
- (JSC::DFG::PredictionPropagationPhase::propagate):
- (PredictionPropagationPhase):
- (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
- (JSC::DFG::PredictionPropagationPhase::vote):
- (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
- (JSC::DFG::PredictionPropagationPhase::fixupNode):
- * dfg/DFGVariableAccessData.h:
- (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
-
-2012-03-24 Filip Pizlo <fpizlo@apple.com>
-
- DFG::Node::shouldNotSpeculateInteger() should be eliminated
- https://bugs.webkit.org/show_bug.cgi?id=82123
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (Node):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-
-2012-03-24 Yong Li <yoli@rim.com>
-
- Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
- https://bugs.webkit.org/show_bug.cgi?id=81521
-
- Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
- for CPU(ARM_TRADITIONAL) to fit actual need.
-
- Reviewed by Oliver Hunt.
-
- * jit/JIT.h:
- (JIT):
-
-2012-03-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG Fixup should be able to short-circuit trivial ValueToInt32's
- https://bugs.webkit.org/show_bug.cgi?id=82030
-
- Reviewed by Michael Saboff.
-
- Takes the fixup() method of the prediction propagation phase and makes it
- into its own phase. Adds the ability to short-circuit trivial ValueToInt32
- nodes, and mark pure ValueToInt32's as such.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCommon.h:
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- * dfg/DFGFixupPhase.cpp: Added.
- (DFG):
- (FixupPhase):
- (JSC::DFG::FixupPhase::FixupPhase):
- (JSC::DFG::FixupPhase::run):
- (JSC::DFG::FixupPhase::fixupNode):
- (JSC::DFG::FixupPhase::fixIntEdge):
- (JSC::DFG::performFixup):
- * dfg/DFGFixupPhase.h: Added.
- (DFG):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::run):
- (PredictionPropagationPhase):
-
-2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- tryReallocate could break the zero-ed memory invariant of CopiedBlocks
- https://bugs.webkit.org/show_bug.cgi?id=82087
-
- Reviewed by Filip Pizlo.
-
- Removing this optimization turned out to be ~1% regression on kraken, so I simply
- undid the modification to the current block if we fail.
-
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail
- to reallocate from the current block.
-
-2012-03-23 Alexey Proskuryakov <ap@apple.com>
-
- [Mac] No need for platform-specific ENABLE_BLOB values
- https://bugs.webkit.org/show_bug.cgi?id=82102
-
- Reviewed by David Kilzer.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-03-23 Michael Saboff <msaboff@apple.com>
-
- DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
- https://bugs.webkit.org/show_bug.cgi?id=81805
-
- Reviewed by Filip Pizlo.
-
- Added SpeculativeJIT::checkGeneratedType() to determine the current format
- of an operand. Used that information in SpeculativeJIT::compileValueToInt32
- to generate code that will use integer and JSValue types in integer
- format directly without a conversion to double.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkGeneratedType):
- (DFG):
- (JSC::DFG::SpeculativeJIT::compileValueToInt32):
- * dfg/DFGSpeculativeJIT.h:
- (DFG):
- (SpeculativeJIT):
-
-2012-03-23 Steve Falkenburg <sfalken@apple.com>
-
- Update Apple Windows build files for WTF move
- https://bugs.webkit.org/show_bug.cgi?id=82069
-
- Reviewed by Jessie Berlin.
-
- * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
-
-2012-03-23 Dean Jackson <dino@apple.com>
-
- Disable CSS_SHADERS in Apple builds
- https://bugs.webkit.org/show_bug.cgi?id=81996
-
- Reviewed by Simon Fraser.
-
- Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-03-23 Gavin Barraclough <barraclough@apple.com>
-
- RexExp constructor last match properties should not rely on previous ovector
- https://bugs.webkit.org/show_bug.cgi?id=82077
-
- Reviewed by Oliver Hunt.
-
- This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
-
- This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
- Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
- a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
- location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
- a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
- reified state. This means that next time a match is performed, the store of the result will
- automatically blow away the reified value.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Added new files.
- * runtime/RegExp.cpp:
- (JSC::RegExpFunctionalTestCollector::outputOneTest):
- - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
- * runtime/RegExpCachedResult.cpp: Added.
- (JSC::RegExpCachedResult::visitChildren):
- (JSC::RegExpCachedResult::lastResult):
- (JSC::RegExpCachedResult::setInput):
- - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
- * runtime/RegExpCachedResult.h: Added.
- (RegExpCachedResult):
- - Added new class.
- (JSC::RegExpCachedResult::RegExpCachedResult):
- (JSC::RegExpCachedResult::record):
- (JSC::RegExpCachedResult::input):
- - Initialize the object, record the result of a RegExp match, access the stored input property.
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::RegExpConstructor):
- - Initialize m_result/m_multiline properties.
- (JSC::RegExpConstructor::visitChildren):
- - Make sure the cached results (or lazy source for them) are marked.
- (JSC::RegExpConstructor::getBackref):
- (JSC::RegExpConstructor::getLastParen):
- (JSC::RegExpConstructor::getLeftContext):
- (JSC::RegExpConstructor::getRightContext):
- - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
- (JSC::regExpConstructorInput):
- (JSC::setRegExpConstructorInput):
- - Changed to use RegExpCachedResult.
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::create):
- (RegExpConstructor):
- (JSC::RegExpConstructor::setMultiline):
- (JSC::RegExpConstructor::multiline):
- - Move multiline property onto the constructor object; it is not affected by the last match.
- (JSC::RegExpConstructor::setInput):
- (JSC::RegExpConstructor::input):
- - These defer to RegExpCachedResult.
- (JSC::RegExpConstructor::performMatch):
- * runtime/RegExpMatchesArray.cpp: Added.
- (JSC::RegExpMatchesArray::visitChildren):
- - Eeeep! added missing visitChildren!
- (JSC::RegExpMatchesArray::finishCreation):
- (JSC::RegExpMatchesArray::reifyAllProperties):
- (JSC::RegExpMatchesArray::reifyMatchProperty):
- - Moved from RegExpConstructor.cpp.
- (JSC::RegExpMatchesArray::leftContext):
- (JSC::RegExpMatchesArray::rightContext):
- - Since the match start/
- * runtime/RegExpMatchesArray.h:
- (RegExpMatchesArray):
- - Declare new methods & structure flags.
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::match):
- - performMatch now requires the JSString input, to cache.
- * runtime/StringPrototype.cpp:
- (JSC::removeUsingRegExpSearch):
- (JSC::replaceUsingRegExpSearch):
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- - performMatch now requires the JSString input, to cache.
-
-2012-03-23 Tony Chang <tony@chromium.org>
-
- [chromium] rename newwtf target back to wtf
- https://bugs.webkit.org/show_bug.cgi?id=82064
-
- Reviewed by Adam Barth.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Simplify memory usage tracking in CopiedSpace
- https://bugs.webkit.org/show_bug.cgi?id=80705
-
- Reviewed by Filip Pizlo.
-
- * heap/CopiedAllocator.h:
- (CopiedAllocator): Rename currentUtilization to currentSize.
- (JSC::CopiedAllocator::currentCapacity):
- * heap/CopiedBlock.h:
- (CopiedBlock):
- (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
- declaration.
- (JSC):
- (JSC::CopiedBlock::size): Add new function to calculate the block's size.
- (JSC::CopiedBlock::capacity): Ditto for capacity.
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
- field for the water mark.
- (JSC::CopiedSpace::init):
- (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current
- block, we need to update our current water mark with the size of the block.
- (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we
- need to update our current water mark with the size of the used portion of the block.
- (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when
- reallocating because it will either get accounted for when we fill up the block later
- in the case of being able to reallocate in the current block or it will get picked up
- immediately because we'll have to get a new block.
- (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when
- realloc-ing an oversize block because we deallocate the old block and allocate a brand
- new one.
- (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to
- the CopiedSpace by the SlotVisitors.
- (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
- (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or
- not we should collect now instead of doing the calculation ourself.
- (JSC::CopiedSpace::destroy):
- (JSC):
- (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how
- MarkedSpace does.
- (JSC::CopiedSpace::capacity): Ditto for capacity.
- * heap/CopiedSpace.h:
- (JSC::CopiedSpace::waterMark):
- (CopiedSpace):
- * heap/CopiedSpaceInlineMethods.h:
- (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a
- collection.
- (JSC::CopiedSpace::allocateNewBlock):
- (JSC::CopiedSpace::fitsInBlock):
- (JSC::CopiedSpace::allocateFromBlock):
- * heap/Heap.cpp:
- (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
- (JSC::Heap::capacity): Ditto for capacity.
- (JSC::Heap::collect):
- * heap/Heap.h:
- (Heap):
- (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to
- determine whether they should initiate a collection or continue to allocate new blocks.
- (JSC):
- (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
- Heap (MarkedSpace and CopiedSpace).
- * heap/MarkedAllocator.cpp:
- (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
-
-2012-03-23 Ryosuke Niwa <rniwa@webkit.org>
-
- BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
- https://bugs.webkit.org/show_bug.cgi?id=82012
-
- Reviewed by Filip Pizlo.
-
- Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
-
- * wtf/BitVector.cpp:
- (WTF::BitVector::resizeOutOfLine):
- * wtf/BitVector.h:
- (BitVector):
- (OutOfLineBits):
-
-2012-03-22 Michael Saboff <msaboff@apple.com>
-
- ExecutableAllocator::memoryPressureMultiplier() might can return NaN
- https://bugs.webkit.org/show_bug.cgi?id=82002
-
- Reviewed by Filip Pizlo.
-
- Guard against divide by zero and then make sure the return
- value is >= 1.0.
-
- * jit/ExecutableAllocator.cpp:
- (JSC::ExecutableAllocator::memoryPressureMultiplier):
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::ExecutableAllocator::memoryPressureMultiplier):
-
-2012-03-22 Jessie Berlin <jberlin@apple.com>
-
- Windows build fix after r111778.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- Don't include and try to build files owned by WTF.
- Also, let VS have its way with the vcproj in terms of file ordering.
-
-2012-03-22 Raphael Kubo da Costa <rakuco@FreeBSD.org>
-
- [CMake] Unreviewed build fix after r111778.
-
- * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
- the include paths so that the right config.h is used.
-
-2012-03-22 Tony Chang <tony@chromium.org>
-
- Unreviewed, fix chromium build after wtf move.
-
- Remove old wtf_config and wtf targets.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-03-22 Martin Robinson <mrobinson@igalia.com>
-
- Fixed the GTK+ WTF/JavaScriptCore build after r111778.
-
- * GNUmakefile.list.am: Removed an extra trailing backslash.
-
-2012-03-22 Mark Rowe <mrowe@apple.com>
-
- Fix the build.
-
- * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
- rather than only those that contain symbols that JavaScriptCore itself uses.
- * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
-
-2012-03-22 Filip Pizlo <fpizlo@apple.com>
-
- DFG NodeFlags has some duplicate code and naming issues
- https://bugs.webkit.org/show_bug.cgi?id=81975
-
- Reviewed by Gavin Barraclough.
-
- Removed most references to "ArithNodeFlags" since those are now just part
- of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
- NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
- because the former was never called and the latter did the same things as
- mergeFlags().
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::arithNodeFlags):
- (Node):
- * dfg/DFGNodeFlags.cpp:
- (JSC::DFG::nodeFlagsAsString):
- * dfg/DFGNodeFlags.h:
+ (JSC::DFG::Graph::resetExitStates):
(DFG):
- (JSC::DFG::nodeUsedAsNumber):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
-
-2012-03-22 Eric Seidel <eric@webkit.org>
-
- Actually move WTF files to their new home
- https://bugs.webkit.org/show_bug.cgi?id=81844
-
- Unreviewed. The details of the port-specific changes
- have been seen by contributors from those ports, but
- the whole 5MB change isn't very reviewable as-is.
-
- * GNUmakefile.am:
- * GNUmakefile.list.am:
- * JSCTypedArrayStubs.h:
- * JavaScriptCore.gypi:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * jsc.cpp:
-
-2012-03-22 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed. Adding Source/WTF to the build.
-
- * wscript:
-
-2012-03-22 Gavin Barraclough <barraclough@apple.com>
-
- Add JSValue::isFunction
- https://bugs.webkit.org/show_bug.cgi?id=81935
-
- Reviewed by Geoff Garen.
-
- This would be useful in the WebCore bindings code.
- Also, remove asFunction, replace with jsCast<JSFunction*>.
-
- * API/JSContextRef.cpp:
- * debugger/Debugger.cpp:
- * debugger/DebuggerCallFrame.cpp:
- (JSC::DebuggerCallFrame::functionName):
* dfg/DFGGraph.h:
- (JSC::DFG::Graph::valueOfFunctionConstant):
- * dfg/DFGOperations.cpp:
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::isInlineCallFrameSlow):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::jitCompileFor):
- (JSC::lazyLinkFor):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::traceFunctionPrologue):
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (JSC::LLInt::setUpCall):
- * runtime/Arguments.h:
- (JSC::Arguments::finishCreation):
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- * runtime/CommonSlowPaths.h:
- (JSC::CommonSlowPaths::arityCheckFor):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::compileFor):
- (JSC::FunctionExecutable::compileOptimizedFor):
- * runtime/FunctionPrototype.cpp:
- (JSC::functionProtoFuncToString):
- * runtime/JSArray.cpp:
- (JSC::JSArray::sort):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::argumentsGetter):
- (JSC::JSFunction::callerGetter):
- (JSC::JSFunction::lengthGetter):
- * runtime/JSFunction.h:
- (JSC):
- (JSC::asJSFunction):
- (JSC::JSValue::isFunction):
- * runtime/JSGlobalData.cpp:
- (WTF::Recompiler::operator()):
- (JSC::JSGlobalData::releaseExecutableMemory):
- * runtime/JSValue.h:
- * runtime/StringPrototype.cpp:
- (JSC::replaceUsingRegExpSearch):
-
-2012-03-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculation on booleans should be rationalized
- https://bugs.webkit.org/show_bug.cgi?id=81840
-
- Reviewed by Gavin Barraclough.
-
- This removes isKnownBoolean() and replaces it with AbstractState-based
- optimization, and cleans up the control flow in code gen methods for
- Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
- and removes isKnownNotBoolean() since that method appeared to be a
- helper used solely by 32_64's speculateBooleanOperation().
-
- This is performance-neutral.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateNumber):
- * dfg/DFGSpeculativeJIT.cpp:
- (DFG):
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-21 Mark Rowe <mrowe@apple.com>
-
- Fix the build.
-
- * wtf/MetaAllocator.h:
- (MetaAllocator): Export the destructor.
-
-2012-03-21 Eric Seidel <eric@webkit.org>
-
- Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=81834
-
- Reviewed by Adam Barth.
-
- * jsc.cpp:
- * os-win32/WinMain.cpp:
- * runtime/JSDateMath.cpp:
- * runtime/TimeoutChecker.cpp:
- * testRegExp.cpp:
- * tools/CodeProfiling.cpp:
-
-2012-03-21 Eric Seidel <eric@webkit.org>
-
- WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
- https://bugs.webkit.org/show_bug.cgi?id=81838
-
- Reviewed by Geoffrey Garen.
-
- My understanding is that weak vtables happen when the compiler/linker cannot
- determine which compilation unit should constain the vtable. In this case
- because there were only pure virtual functions as well as an "inline"
- virtual destructor (thus the virtual destructor was defined in many compilation
- units). Since you can't actually "inline" a virtual function (it still has to
- bounce through the vtable), the "inline" on this virutal destructor doesn't
- actually help performance, and is only serving to confuse the compiler here.
- I've moved the destructor implementation to the .cpp file, thus making
- it clear to the compiler where the vtable should be stored, and solving the error.
-
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocator::~MetaAllocator):
- (WTF):
- * wtf/MetaAllocator.h:
-
-2012-03-20 Gavin Barraclough <barraclough@apple.com>
-
- RegExpMatchesArray should not copy the ovector
- https://bugs.webkit.org/show_bug.cgi?id=81742
-
- Reviewed by Michael Saboff.
-
- Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
- This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
- main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
- and the results never accessed).
- If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
-
- * dfg/DFGOperations.cpp:
- - RegExpObject match renamed back to test (test returns a bool).
- * runtime/RegExpConstructor.cpp:
- (JSC):
- - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
- (JSC::RegExpMatchesArray::finishCreation):
- - Removed RegExpConstructorPrivate parameter.
- (JSC::RegExpMatchesArray::reifyAllProperties):
- - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
- If there are sub-pattern properties, the RegExp is re-run to generate their values.
- (JSC::RegExpMatchesArray::reifyMatchProperty):
- - Reify just the match (index 0) property of the RegExpMatchesArray.
- * runtime/RegExpConstructor.h:
- (RegExpConstructor):
- (JSC::RegExpConstructor::performMatch):
- - performMatch now returns a MatchResult, rather than using out-parameters.
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::RegExpMatchesArray):
- - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
- (RegExpMatchesArray):
- (JSC::RegExpMatchesArray::create):
- - Now passed the input string matched against, the RegExp, and the MatchResult.
- (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
- (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
- - Helpers to conditionally reify properties.
- (JSC::RegExpMatchesArray::getOwnPropertySlot):
- (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
- (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
- (JSC::RegExpMatchesArray::put):
- (JSC::RegExpMatchesArray::putByIndex):
- (JSC::RegExpMatchesArray::deleteProperty):
- (JSC::RegExpMatchesArray::deletePropertyByIndex):
- (JSC::RegExpMatchesArray::getOwnPropertyNames):
- (JSC::RegExpMatchesArray::defineOwnProperty):
- - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
- (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::exec):
- (JSC::RegExpObject::match):
- - match now returns a MatchResult.
- * runtime/RegExpObject.h:
- (JSC::MatchResult::MatchResult):
- - Added the result of a match is a start & end tuple.
- (JSC::MatchResult::failed):
- - A failure is indicated by (notFound, 0).
- (JSC::MatchResult::operator bool):
- - Evaluates to false if the match failed.
- (JSC::MatchResult::empty):
- - Evaluates to true if the match succeeded with length 0.
- (JSC::RegExpObject::test):
- - Now returns a bool.
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncTest):
- - RegExpObject match renamed back to test (test returns a bool).
- * runtime/StringPrototype.cpp:
- (JSC::removeUsingRegExpSearch):
- (JSC::replaceUsingRegExpSearch):
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- - performMatch now returns a MatchResult, rather than using out-parameters.
-
-2012-03-21 Hojong Han <hojong.han@samsung.com>
-
- Fix out of memory by allowing overcommit
- https://bugs.webkit.org/show_bug.cgi?id=81743
-
- Reviewed by Geoffrey Garen.
-
- Garbage collection is not triggered and new blocks are added
- because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
-
-2012-03-21 Jessie Berlin <jberlin@apple.com>
-
- More Windows build fixing.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
- Fix the order of the include directories to look in include/private first before looking
- in include/private/JavaScriptCore.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
- Look in the Production output directory (where the wtf headers will be). This is the same
- thing that is done for jsc and testRegExp in ReleasePGO.
-
-2012-03-21 Jessie Berlin <jberlin@apple.com>
-
- WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
- $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
- https://bugs.webkit.org/show_bug.cgi?id=81739
-
- Reviewed by Dan Bernstein.
-
- * JavaScriptCore.vcproj/jsc/jsc.vcproj:
- Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
- subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
- * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
- Ditto.
-
- * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
- Get the headers for those 4 files from the wtf subdirectory of the build output, not the
- JavaScriptCore/wtf subdirectory.
- * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
- Ditto.
-
-2012-03-20 Eric Seidel <eric@webkit.org>
-
- Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
- https://bugs.webkit.org/show_bug.cgi?id=80911
-
- Reviewed by Adam Barth.
-
- Update the various build systems to depend on Source/WTF headers
- as well as remove references to Platform.h (since it's now moved).
-
- * CMakeLists.txt:
- * JavaScriptCore.pri:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
-
-2012-03-20 Filip Pizlo <fpizlo@apple.com>
-
- op_mod fails on many interesting corner cases
- https://bugs.webkit.org/show_bug.cgi?id=81648
-
- Reviewed by Oliver Hunt.
-
- Removed most strength reduction for op_mod, and fixed the integer handling
- to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
- which this patch also fixes.
-
- This patch is performance neutral on all of the major benchmarks we track.
-
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (DFG):
- (JSC::DFG::SpeculativeJIT::compileSoftModulo):
- (JSC::DFG::SpeculativeJIT::compileArithMod):
- * jit/JIT.h:
- (JIT):
- * jit/JITArithmetic.cpp:
- (JSC):
- (JSC::JIT::emit_op_mod):
- (JSC::JIT::emitSlow_op_mod):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_mod):
- (JSC::JIT::emitSlow_op_mod):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC):
- * jit/JITStubs.h:
- (TrampolineStructure):
- (JSC::JITThunks::ctiNativeConstruct):
- * llint/LowLevelInterpreter64.asm:
- * wtf/Platform.h:
- * wtf/SimpleStats.h:
- (WTF::SimpleStats::variance):
-
-2012-03-20 Steve Falkenburg <sfalken@apple.com>
-
- Windows (make based) build fix.
- <rdar://problem/11069015>
-
- * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
-
-2012-03-20 Steve Falkenburg <sfalken@apple.com>
-
- Move WTF-related Windows project files out of JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=80680
-
- This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
- It does not move any source code. This is in preparation for the WTF source move out of
- JavaScriptCore.
-
- Reviewed by Jessie Berlin.
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln:
- * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
- * JavaScriptCore.vcproj/WTF: Removed.
- * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
- * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
- * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
- * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
- * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
- * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
-
-2012-03-20 Benjamin Poulain <bpoulain@apple.com>
-
- Cache the type string of JavaScript object
- https://bugs.webkit.org/show_bug.cgi?id=81446
-
- Reviewed by Geoffrey Garen.
-
- Instead of creating the JSString every time, we create
- lazily the strings in JSGlobalData.
-
- This avoid the construction of the StringImpl and of the JSString,
- which gives some performance improvements.
-
- * runtime/CommonIdentifiers.h:
- * runtime/JSValue.cpp:
- (JSC::JSValue::toStringSlowCase):
- * runtime/Operations.cpp:
- (JSC::jsTypeStringForValue):
- * runtime/SmallStrings.cpp:
- (JSC::SmallStrings::SmallStrings):
- (JSC::SmallStrings::finalizeSmallStrings):
- (JSC::SmallStrings::initialize):
- (JSC):
- * runtime/SmallStrings.h:
- (SmallStrings):
-
-2012-03-20 Oliver Hunt <oliver@apple.com>
-
- Allow LLINT to work even when executable allocation fails.
- https://bugs.webkit.org/show_bug.cgi?id=81693
-
- Reviewed by Gavin Barraclough.
-
- Don't crash if executable allocation fails if we can fall back on LLINT
-
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
-
-2012-03-20 Csaba Osztrogonác <ossy@webkit.org>
-
- Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
- https://bugs.webkit.org/show_bug.cgi?id=81428
-
- 32 bit buildfix after r111355.
-
- 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
- The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h).
-
- Reviewed by Zoltan Herczeg.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
-
-2012-03-19 Jochen Eisinger <jochen@chromium.org>
-
- Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
- https://bugs.webkit.org/show_bug.cgi?id=80983
-
- Reviewed by Darin Adler.
-
- This allows printing a backtrace acquired by an earlier WTFGetBacktrace
- call which is useful for local debugging.
-
- * wtf/Assertions.cpp:
- * wtf/Assertions.h:
-
-2012-03-19 Benjamin Poulain <benjamin@webkit.org>
-
- Do not copy the script source in the SourceProvider, just reference the existing string
- https://bugs.webkit.org/show_bug.cgi?id=81466
-
- Reviewed by Geoffrey Garen.
-
- * parser/SourceCode.h: Remove the unused, and incorrect, function data().
- * parser/SourceProvider.h: Add OVERRIDE for clarity.
-
-2012-03-19 Filip Pizlo <fpizlo@apple.com>
-
- Division optimizations fail to infer cases of truncated division and
- mishandle -2147483648/-1
- https://bugs.webkit.org/show_bug.cgi?id=81428
- <rdar://problem/11067382>
-
- Reviewed by Oliver Hunt.
-
- If you're a division over integers and you're only used as an integer, then you're
- an integer division and remainder checks become unnecessary. If you're dividing
- -2147483648 by -1, don't crash.
-
- * assembler/MacroAssemblerX86Common.h:
- (MacroAssemblerX86Common):
- (JSC::MacroAssemblerX86Common::add32):
- * dfg/DFGSpeculativeJIT.cpp:
- (DFG):
- (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * llint/LowLevelInterpreter64.asm:
-
-2012-03-19 Benjamin Poulain <bpoulain@apple.com>
-
- Simplify SmallStrings
- https://bugs.webkit.org/show_bug.cgi?id=81445
-
- Reviewed by Gavin Barraclough.
-
- SmallStrings had two methods that should not be public: count() and clear().
-
- The method clear() is effectively replaced by finalizeSmallStrings(). The body
- of the method was moved to the constructor since the code is obvious.
-
- The method count() is unused.
-
- * runtime/SmallStrings.cpp:
- (JSC::SmallStrings::SmallStrings):
- * runtime/SmallStrings.h:
- (SmallStrings):
-
-2012-03-19 Filip Pizlo <fpizlo@apple.com>
-
- DFG can no longer compile V8-v4/regexp in debug mode
- https://bugs.webkit.org/show_bug.cgi?id=81592
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-19 Filip Pizlo <fpizlo@apple.com>
-
- Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
- change throughout the fixpoint
- https://bugs.webkit.org/show_bug.cgi?id=81583
-
- Reviewed by Michael Saboff.
-
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-03-19 Filip Pizlo <fpizlo@apple.com>
-
- GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
- the process of being generated
- https://bugs.webkit.org/show_bug.cgi?id=81565
-
- Reviewed by Oliver Hunt.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::finalizeUnconditionally):
-
-2012-03-19 Eric Seidel <eric@webkit.org>
-
- Fix WTF header include discipline in Chromium WebKit
- https://bugs.webkit.org/show_bug.cgi?id=81281
-
- Reviewed by James Robinson.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * wtf/unicode/icu/CollatorICU.cpp:
-
-2012-03-19 Filip Pizlo <fpizlo@apple.com>
-
- DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
- https://bugs.webkit.org/show_bug.cgi?id=81556
-
- Rubber stamped by Gavin Barraclough.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGAbstractState.h:
- (JSC::DFG::AbstractState::forNode):
- * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
- (JSC::DFG::AdjacencyList::AdjacencyList):
- (JSC::DFG::AdjacencyList::child):
- (JSC::DFG::AdjacencyList::setChild):
- (JSC::DFG::AdjacencyList::child1):
- (JSC::DFG::AdjacencyList::child2):
- (JSC::DFG::AdjacencyList::child3):
- (JSC::DFG::AdjacencyList::setChild1):
- (JSC::DFG::AdjacencyList::setChild2):
- (JSC::DFG::AdjacencyList::setChild3):
- (JSC::DFG::AdjacencyList::child1Unchecked):
- (JSC::DFG::AdjacencyList::initialize):
- (AdjacencyList):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addVarArgChild):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::canonicalize):
- (JSC::DFG::CSEPhase::performSubstitution):
- * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
- (DFG):
- (JSC::DFG::Edge::Edge):
- (JSC::DFG::Edge::operator==):
- (JSC::DFG::Edge::operator!=):
- (Edge):
- (JSC::DFG::operator==):
- (JSC::DFG::operator!=):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::operator[]):
- (JSC::DFG::Graph::at):
- (JSC::DFG::Graph::ref):
- (JSC::DFG::Graph::deref):
- (JSC::DFG::Graph::clearAndDerefChild1):
- (JSC::DFG::Graph::clearAndDerefChild2):
- (JSC::DFG::Graph::clearAndDerefChild3):
(Graph):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::getPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::child1):
- (JSC::DFG::Node::child1Unchecked):
- (JSC::DFG::Node::child2):
- (JSC::DFG::Node::child3):
- (Node):
- * dfg/DFGNodeFlags.cpp:
- (JSC::DFG::arithNodeFlagsAsString):
- * dfg/DFGNodeFlags.h:
- (DFG):
- (JSC::DFG::nodeUsedAsNumber):
- * dfg/DFGNodeReferenceBlob.h: Removed.
- * dfg/DFGNodeUse.h: Removed.
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
- (JSC::DFG::PredictionPropagationPhase::vote):
- (JSC::DFG::PredictionPropagationPhase::fixupNode):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::use):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::useChildren):
- (JSC::DFG::SpeculativeJIT::writeBarrier):
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::at):
- (JSC::DFG::SpeculativeJIT::canReuse):
- (JSC::DFG::SpeculativeJIT::use):
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
- (JSC::DFG::IntegerOperand::IntegerOperand):
- (JSC::DFG::DoubleOperand::DoubleOperand):
- (JSC::DFG::JSValueOperand::JSValueOperand):
- (JSC::DFG::StorageOperand::StorageOperand):
- (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
- (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
- (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
- (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
- (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2012-03-19 Gavin Barraclough <barraclough@apple.com>
-
- Object.freeze broken on latest Nightly
- https://bugs.webkit.org/show_bug.cgi?id=80577
-
- Reviewed by Oliver Hunt.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::defineOwnProperty):
- - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
- been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::defineOwnProperty):
- - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
- the object must be extensible; this is incorrect since these properties should already exist
- on the object. In addition, it was asserting that the arguments/caller values must match the
- corresponding magic data properties, but for strict mode function this is incorrect. Instead,
- just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
-
-2012-03-19 Filip Pizlo <fpizlo@apple.com>
-
- LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
- https://bugs.webkit.org/show_bug.cgi?id=81559
-
- Reviewed by Michael Saboff.
-
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2012-03-19 Yong Li <yoli@rim.com>
-
- [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
- https://bugs.webkit.org/show_bug.cgi?id=77013
-
- We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
- implement memory decommitting for QNX.
-
- Reviewed by Rob Buis.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveUncommitted):
- (WTF::OSAllocator::commit):
- (WTF::OSAllocator::decommit):
-
-2012-03-19 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed - revent a couple of files accidentally committed.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::defineOwnProperty):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::defineOwnProperty):
-
-2012-03-19 Jessie Berlin <jberlin@apple.com>
-
- Another Windows build fix after r111129.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-19 Raphael Kubo da Costa <rakuco@FreeBSD.org>
-
- Cross-platform processor core counter: fix build on FreeBSD.
- https://bugs.webkit.org/show_bug.cgi?id=81482
-
- Reviewed by Zoltan Herczeg.
-
- The documentation of sysctl(3) shows that <sys/types.h> should be
- included before <sys/sysctl.h> (sys/types.h tends to be the first
- included header in general).
-
- This should fix the build on FreeBSD and other systems where
- sysctl.h really depends on types defined in types.h.
-
- * wtf/NumberOfCores.cpp:
-
-2012-03-19 Jessie Berlin <jberlin@apple.com>
-
- Windows build fix after r111129.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-19 Gavin Barraclough <barraclough@apple.com>
-
- JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
- https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
-
- Reviewed by Oliver Hunt.
-
- The API specifies that convertToType may opt not to handle a conversion:
- "@result The objects's converted value, or NULL if the object was not converted."
- In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
- conversion functions, and failing that call the JSObject::defaultValue function.
-
- Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
- the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
- bug#73368, these will return the result from the first convertToType they find, regardless
- of whether this result is null, and if no convertToType method is found in the api class
- hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
- chain), they will also return a null pointer. This is unsafe.
-
- It would be easy to make the approach based around toStringCallback/valueOfCallback continue
- to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
- (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
- Making the fallback work with toString/valueOf methods attached to api objects is probably
- not the right thing to do – instead, we should just implement the defaultValue trap for api
- objects.
-
- In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
- null to be returned from C to JavaScript - this is not okay. Handle with an exception.
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::call):
- - Should be null checking the return value.
- (JSC):
- - Remove toStringCallback/valueOfCallback.
- * API/JSCallbackFunction.h:
- (JSCallbackFunction):
- - Remove toStringCallback/valueOfCallback.
- * API/JSCallbackObject.h:
- (JSCallbackObject):
- - Add defaultValue mthods to JSCallbackObject.
- * API/JSCallbackObjectFunctions.h:
- (JSC::::defaultValue):
- - Add defaultValue mthods to JSCallbackObject.
- * API/JSClassRef.cpp:
- (OpaqueJSClass::prototype):
- - Remove toStringCallback/valueOfCallback.
- * API/tests/testapi.js:
- - Revert this test, now we no longer artificially introduce a toString method onto the api object.
-
-2012-03-18 Raphael Kubo da Costa <rakuco@FreeBSD.org>
-
- [EFL] Include ICU_INCLUDE_DIRS when building.
- https://bugs.webkit.org/show_bug.cgi?id=81483
-
- Reviewed by Daniel Bates.
-
- So far, only the ICU libraries were being included when building
- JavaScriptCore, however the include path is also needed, otherwise the
- build will fail when ICU is installed into a non-standard location.
-
- * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
-
-2012-03-17 Gavin Barraclough <barraclough@apple.com>
-
- Strength reduction, RegExp.exec -> RegExp.test
- https://bugs.webkit.org/show_bug.cgi?id=81459
-
- Reviewed by Sam Weinig.
-
- RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
- expression for a match against a string - however exec is more expensive, since
- it allocates a matches array object. In cases where the result is consumed in a
- boolean context the allocation of the matches array can be trivially elided.
-
- For example:
- function f()
- {
- for (i =0; i < 10000000; ++i)
- if(!/a/.exec("a"))
- err = true;
- }
-
- This is a 2.5x speedup on this example microbenchmark loop.
-
- In a more advanced form of this optimization, we may be able to avoid allocating
- the array where access to the array can be observed.
-
- * create_hash_table:
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasHeapPrediction):
- * dfg/DFGNodeType.h:
+ * dfg/DFGPhase.h:
(DFG):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileRegExpExec):
- (DFG):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callOperation):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jsc.cpp:
- (GlobalObject::addConstructableFunction):
- * runtime/Intrinsic.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::create):
- (JSC):
- * runtime/JSFunction.h:
- (JSFunction):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::exec):
- (JSC::RegExpObject::match):
- * runtime/RegExpObject.h:
- (RegExpObject):
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncTest):
- (JSC::regExpProtoFuncExec):
-
-2012-03-16 Michael Saboff <msaboff@apple.com>
-
- Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
- https://bugs.webkit.org/show_bug.cgi?id=81244
-
- Rubber stamped by Filip Pizlo.
-
- Changed type and name of JSGlobalData::m_isInitializingObject to
- ClassInfo* and m_initializingObjectClass.
- Changed JSGlobalData::setInitializingObject to
- JSGlobalData::setInitializingObjectClass. This pointer can be used within
- the debugger to determine what type of object is being initialized.
-
- * runtime/JSCell.h:
- (JSC::JSCell::finishCreation):
- (JSC::allocateCell):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- (JSC::JSGlobalData::isInitializingObject):
- (JSC::JSGlobalData::setInitializingObjectClass):
- * runtime/Structure.h:
- (JSC::JSCell::finishCreation):
-
-2012-03-16 Mark Rowe <mrowe@apple.com>
-
- Build fix. Do not preserve owner and group information when installing the WTF headers.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-15 David Dorwin <ddorwin@chromium.org>
-
- Make the array pointer parameters in the Typed Array create() methods const.
- https://bugs.webkit.org/show_bug.cgi?id=81147
-
- Reviewed by Kenneth Russell.
-
- This allows const arrays to be passed to these methods.
- They use PassRefPtr<Subclass> create(), which already has a const parameter.
-
- * wtf/Int16Array.h:
- (Int16Array):
- (WTF::Int16Array::create):
- * wtf/Int32Array.h:
- (Int32Array):
- (WTF::Int32Array::create):
- * wtf/Int8Array.h:
- (Int8Array):
- (WTF::Int8Array::create):
- * wtf/Uint16Array.h:
- (Uint16Array):
- (WTF::Uint16Array::create):
- * wtf/Uint32Array.h:
- (Uint32Array):
- (WTF::Uint32Array::create):
- * wtf/Uint8Array.h:
- (Uint8Array):
- (WTF::Uint8Array::create):
- * wtf/Uint8ClampedArray.h:
- (Uint8ClampedArray):
- (WTF::Uint8ClampedArray::create):
-
-2012-03-15 Myles Maxfield <mmaxfield@google.com>
-
- CopiedSpace::tryAllocateOversize assumes system page size
- https://bugs.webkit.org/show_bug.cgi?id=80615
-
- Reviewed by Geoffrey Garen.
-
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::tryAllocateOversize):
- * heap/CopiedSpace.h:
- (CopiedSpace):
- * heap/CopiedSpaceInlineMethods.h:
- (JSC::CopiedSpace::oversizeBlockFor):
- * wtf/BumpPointerAllocator.h:
- (WTF::BumpPointerPool::create):
- * wtf/StdLibExtras.h:
- (WTF::roundUpToMultipleOf):
-
-2012-03-15 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fixing Windows build breakage
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-15 Patrick Gansterer <paroga@webkit.org>
-
- [EFL] Make zlib a general build requirement
- https://bugs.webkit.org/show_bug.cgi?id=80153
-
- Reviewed by Hajime Morita.
-
- After r109538 WebSocket module needs zlib to support deflate-frame extension.
-
- * wtf/Platform.h:
-
-2012-03-15 Benjamin Poulain <bpoulain@apple.com>
-
- NumericStrings should be inlined
- https://bugs.webkit.org/show_bug.cgi?id=81183
-
- Reviewed by Gavin Barraclough.
-
- NumericStrings is not always inlined. When it is not, the class is not faster
- than using UString::number() directly.
-
- * runtime/NumericStrings.h:
- (JSC::NumericStrings::add):
- (JSC::NumericStrings::lookupSmallString):
-
-2012-03-15 Andras Becsi <andras.becsi@nokia.com>
-
- Fix ARM build after r110792.
-
- Unreviewed build fix.
-
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::cacheFlush):
- Remove superfluous curly brackets.
+ (JSC::DFG::runPhase):
-2012-03-15 Gavin Barraclough <barraclough@apple.com>
+2012-05-24 Geoffrey Garen <ggaren@apple.com>
- ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
- https://bugs.webkit.org/show_bug.cgi?id=81256
+ Made WeakSet per-block instead of per-heap
+ https://bugs.webkit.org/show_bug.cgi?id=87401
Reviewed by Oliver Hunt.
- This is a 0.5% sunspider progression.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
- - switch which form of vmov we use.
-
-2012-03-15 YoungTaeck Song <youngtaeck.song@samsung.com>
-
- [EFL] Add OwnPtr specialization for Ecore_Timer.
- https://bugs.webkit.org/show_bug.cgi?id=80119
-
- Reviewed by Hajime Morita.
-
- Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
-
- * wtf/OwnPtrCommon.h:
- (WTF):
- * wtf/efl/OwnPtrEfl.cpp:
- (WTF::deleteOwnedPtr):
- (WTF):
-
-2012-03-15 Hojong Han <hojong.han@samsung.com>
-
- Linux has madvise enough to support OSAllocator::commit/decommit
- https://bugs.webkit.org/show_bug.cgi?id=80505
-
- Reviewed by Geoffrey Garen.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveUncommitted):
- (WTF::OSAllocator::commit):
- (WTF::OSAllocator::decommit):
-
-2012-03-15 Steve Falkenburg <sfalken@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
- * JavaScriptCore.vcproj/WTF/copy-files.cmd:
- * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
-
-2012-03-15 Steve Falkenburg <sfalken@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-
-2012-03-15 Kevin Ollivier <kevino@theolliviers.com>
-
- Move wx port to using export macros
- https://bugs.webkit.org/show_bug.cgi?id=77279
-
- Reviewed by Hajime Morita.
-
- * wscript:
- * wtf/Platform.h:
-
-2012-03-14 Benjamin Poulain <bpoulain@apple.com>
-
- Avoid StringImpl::getData16SlowCase() when sorting array
- https://bugs.webkit.org/show_bug.cgi?id=81070
-
- Reviewed by Geoffrey Garen.
-
- The function codePointCompare() is used intensively when sorting strings.
- This patch improves its performance by:
- -Avoiding character conversion.
- -Inlining the function.
-
- This makes Peacekeeper's arrayCombined test 30% faster.
-
- * wtf/text/StringImpl.cpp:
- * wtf/text/StringImpl.h:
- (WTF):
- (WTF::codePointCompare):
- (WTF::codePointCompare8):
- (WTF::codePointCompare16):
- (WTF::codePointCompare8To16):
-
-2012-03-14 Hojong Han <hojong.han@samsung.com>
-
- Fix memory allocation failed by fastmalloc
- https://bugs.webkit.org/show_bug.cgi?id=79614
-
- Reviewed by Geoffrey Garen.
-
- Memory allocation failed even if the heap grows successfully.
- It is wrong to get the span only from the large list after the heap grows,
- because new span could be added in the normal list.
-
- * wtf/FastMalloc.cpp:
- (WTF::TCMalloc_PageHeap::New):
-
-2012-03-14 Hojong Han <hojong.han@samsung.com>
-
- Run cacheFlush page by page to assure of flushing all the requested ranges
- https://bugs.webkit.org/show_bug.cgi?id=77712
-
- Reviewed by Geoffrey Garen.
-
- Current MetaAllocator concept, always coalesces adjacent free spaces,
- doesn't meet memory management of Linux kernel.
- In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
- Therefore cacheFlush page by page guarantees a flush-requested range.
-
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::cacheFlush):
-
-2012-03-14 Oliver Hunt <oliver@apple.com>
-
- Make ARMv7 work again
- https://bugs.webkit.org/show_bug.cgi?id=81157
-
- Reviewed by Geoffrey Garen.
+ This allows us fast access to the set of all weak pointers for a block,
+ which is a step toward lazy finalization.
- We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
- where we the ARMv7MacroAssembler would also try to use dataRegister for its own
- nefarious purposes.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::store32):
- * assembler/MacroAssemblerARMv7.h:
- (MacroAssemblerARMv7):
-
-2012-03-14 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Heap::destroy leaks CopiedSpace
- https://bugs.webkit.org/show_bug.cgi?id=81055
-
- Reviewed by Geoffrey Garen.
-
- Added a destroy() function to CopiedSpace that moves all normal size
- CopiedBlocks from the CopiedSpace to the Heap's list of free blocks
- as well as deallocates all of the oversize blocks in the CopiedSpace.
- This function is now called in Heap::destroy().
+ No performance change.
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::destroy):
- (JSC):
- * heap/CopiedSpace.h:
- (CopiedSpace):
* heap/Heap.cpp:
- (JSC::Heap::destroy):
-
-2012-03-14 Andrew Lo <anlo@rim.com>
-
- [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
- https://bugs.webkit.org/show_bug.cgi?id=81000
-
- Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
-
- Reviewed by Antonio Gomes.
-
- * wtf/Platform.h:
-
-2012-03-13 Filip Pizlo <fpizlo@apple.com>
-
- ValueToInt32 speculation will cause OSR exits even when it does not have to
- https://bugs.webkit.org/show_bug.cgi?id=81068
- <rdar://problem/11043926>
-
- Reviewed by Anders Carlsson.
-
- Two related changes:
- 1) ValueToInt32 will now always just defer to the non-speculative path, instead
- of exiting, if it doesn't know what speculations to perform.
- 2) ValueToInt32 will speculate boolean if it sees this to be profitable.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateBoolean):
- (Node):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-
-2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
-
- More Windows build fixing
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Windows build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Type conversion of exponential part failed
- https://bugs.webkit.org/show_bug.cgi?id=80673
-
- Reviewed by Geoffrey Garen.
-
- * parser/Lexer.cpp:
- (JSC::::lex):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::parseInt):
- (JSC):
- (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
- we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template
- parameter for strtod to allow trailing spaces.
- (JSC::toDouble):
- (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
- * runtime/LiteralParser.cpp:
- (JSC::::Lexer::lexNumber):
- * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that
- we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
- * wtf/dtoa.cpp:
- (WTF):
- (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were
- broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
- * wtf/dtoa.h:
- * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the
- Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
- A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those
- here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
- * wtf/text/WTFString.cpp:
- (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
-
-2012-03-13 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
- Removing the assert for now.
-
- * dfg/DFGOperations.h:
- * llint/LLIntSlowPaths.h:
-
-2012-03-13 Filip Pizlo <fpizlo@apple.com>
-
- Functions with C linkage should return POD types
- https://bugs.webkit.org/show_bug.cgi?id=81061
-
- Reviewed by Mark Rowe.
-
- * dfg/DFGOperations.h:
- * llint/LLIntSlowPaths.h:
- (LLInt):
- (SlowPathReturnType):
- (JSC::LLInt::encodeResult):
-
-2012-03-13 Filip Pizlo <fpizlo@apple.com>
-
- Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
- https://bugs.webkit.org/show_bug.cgi?id=80979
- <rdar://problem/11036848>
-
- Reviewed by Oliver Hunt.
-
- Also improved DFG IR dumping to include type information in a somewhat more
- intuitive way.
-
- * bytecode/PredictedType.cpp:
- (JSC::predictionToAbbreviatedString):
- (JSC):
- * bytecode/PredictedType.h:
- (JSC):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-
-2012-03-13 George Staikos <staikos@webkit.org>
-
- The callback is only used if SA_RESTART is defined. Compile it out
- otherwise to avoid a warning.
- https://bugs.webkit.org/show_bug.cgi?id=80926
-
- Reviewed by Alexey Proskuryakov.
-
- * heap/MachineStackMarker.cpp:
- (JSC):
-
-2012-03-13 Hojong Han <hojong.han@samsung.com>
-
- Dump the generated code for ARM_TRADITIONAL
- https://bugs.webkit.org/show_bug.cgi?id=80975
-
- Reviewed by Gavin Barraclough.
-
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::dumpCode):
-
-2012-03-13 Adam Barth <abarth@webkit.org> && Benjamin Poulain <bpoulain@apple.com>
-
- Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
- https://bugs.webkit.org/show_bug.cgi?id=78853
-
- Reviewed by Adam Barth.
-
- * Configurations/FeatureDefines.xcconfig:
- * wtf/Platform.h:
-
-2012-03-13 Kwonjin Jeong <gram@company100.net>
-
- Remove SlotVisitor::copy() method.
- https://bugs.webkit.org/show_bug.cgi?id=80973
-
- Reviewed by Geoffrey Garen.
-
- SlotVisitor::copy() method isn't called anywhere.
-
- * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
- * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
-
-2012-03-12 Hojong Han <hojong.han@samsung.com>
-
- Fix test cases for RegExp multiline
- https://bugs.webkit.org/show_bug.cgi?id=80822
-
- Reviewed by Gavin Barraclough.
-
- * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
- * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
- * tests/mozilla/js1_2/regexp/beginLine.js:
- * tests/mozilla/js1_2/regexp/endLine.js:
-
-2012-03-12 Filip Pizlo <fpizlo@apple.com>
-
- Arithmetic use inference should be procedure-global and should run in tandem
- with type propagation
- https://bugs.webkit.org/show_bug.cgi?id=80819
- <rdar://problem/11034006>
-
- Reviewed by Gavin Barraclough.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
- * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
- (PredictionPropagationPhase):
- (JSC::DFG::PredictionPropagationPhase::isNotZero):
- (JSC::DFG::PredictionPropagationPhase::propagate):
- (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
- * dfg/DFGVariableAccessData.h:
- (JSC::DFG::VariableAccessData::VariableAccessData):
- (JSC::DFG::VariableAccessData::flags):
- (VariableAccessData):
- (JSC::DFG::VariableAccessData::mergeFlags):
-
-2012-03-12 Filip Pizlo <fpizlo@apple.com>
-
- Node::op and Node::flags should be private
- https://bugs.webkit.org/show_bug.cgi?id=80824
- <rdar://problem/11033435>
-
- Reviewed by Gavin Barraclough.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::initialize):
- (JSC::DFG::AbstractState::execute):
- (JSC::DFG::AbstractState::mergeStateAtTail):
- (JSC::DFG::AbstractState::mergeToSuccessors):
- * dfg/DFGArithNodeFlagsInferencePhase.cpp:
- (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::flushArgument):
- (JSC::DFG::ByteCodeParser::toInt32):
- (JSC::DFG::ByteCodeParser::isJSConstant):
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::linkBlock):
- * dfg/DFGCFAPhase.cpp:
- (JSC::DFG::CFAPhase::performBlockCFA):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::canonicalize):
- (JSC::DFG::CSEPhase::endIndexForPureCSE):
- (JSC::DFG::CSEPhase::pureCSE):
- (JSC::DFG::CSEPhase::byValIsPure):
- (JSC::DFG::CSEPhase::clobbersWorld):
- (JSC::DFG::CSEPhase::impureCSE):
- (JSC::DFG::CSEPhase::globalVarLoadElimination):
- (JSC::DFG::CSEPhase::getByValLoadElimination):
- (JSC::DFG::CSEPhase::checkFunctionElimination):
- (JSC::DFG::CSEPhase::checkStructureLoadElimination):
- (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
- (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
- (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
- (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
- (JSC::DFG::CSEPhase::performNodeCSE):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (DFG):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::addShouldSpeculateInteger):
- (JSC::DFG::Graph::negateShouldSpeculateInteger):
- (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
- * dfg/DFGNode.cpp: Removed.
- * dfg/DFGNode.h:
- (DFG):
- (JSC::DFG::Node::Node):
- (Node):
- (JSC::DFG::Node::op):
- (JSC::DFG::Node::flags):
- (JSC::DFG::Node::setOp):
- (JSC::DFG::Node::setFlags):
- (JSC::DFG::Node::mergeFlags):
- (JSC::DFG::Node::filterFlags):
- (JSC::DFG::Node::clearFlags):
- (JSC::DFG::Node::setOpAndDefaultFlags):
- (JSC::DFG::Node::mustGenerate):
- (JSC::DFG::Node::isConstant):
- (JSC::DFG::Node::isWeakConstant):
- (JSC::DFG::Node::valueOfJSConstant):
- (JSC::DFG::Node::hasVariableAccessData):
- (JSC::DFG::Node::hasIdentifier):
- (JSC::DFG::Node::resolveGlobalDataIndex):
- (JSC::DFG::Node::hasArithNodeFlags):
- (JSC::DFG::Node::arithNodeFlags):
- (JSC::DFG::Node::setArithNodeFlag):
- (JSC::DFG::Node::mergeArithNodeFlags):
- (JSC::DFG::Node::hasConstantBuffer):
- (JSC::DFG::Node::hasRegexpIndex):
- (JSC::DFG::Node::hasVarNumber):
- (JSC::DFG::Node::hasScopeChainDepth):
- (JSC::DFG::Node::hasResult):
- (JSC::DFG::Node::hasInt32Result):
- (JSC::DFG::Node::hasNumberResult):
- (JSC::DFG::Node::hasJSResult):
- (JSC::DFG::Node::hasBooleanResult):
- (JSC::DFG::Node::isJump):
- (JSC::DFG::Node::isBranch):
- (JSC::DFG::Node::isTerminal):
- (JSC::DFG::Node::hasHeapPrediction):
- (JSC::DFG::Node::hasFunctionCheckData):
- (JSC::DFG::Node::hasStructureTransitionData):
- (JSC::DFG::Node::hasStructureSet):
- (JSC::DFG::Node::hasStorageAccessData):
- (JSC::DFG::Node::hasFunctionDeclIndex):
- (JSC::DFG::Node::hasFunctionExprIndex):
- (JSC::DFG::Node::child1):
- (JSC::DFG::Node::child2):
- (JSC::DFG::Node::child3):
- (JSC::DFG::Node::firstChild):
- (JSC::DFG::Node::numChildren):
- * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
- * dfg/DFGNodeFlags.h: Added.
- (DFG):
- (JSC::DFG::nodeUsedAsNumber):
- (JSC::DFG::nodeCanTruncateInteger):
- (JSC::DFG::nodeCanIgnoreNegativeZero):
- (JSC::DFG::nodeMayOverflow):
- (JSC::DFG::nodeCanSpeculateInteger):
- * dfg/DFGNodeType.h: Added.
- (DFG):
- (JSC::DFG::defaultFlags):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- (JSC::DFG::PredictionPropagationPhase::vote):
- (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
- (JSC::DFG::PredictionPropagationPhase::fixupNode):
- * dfg/DFGRedundantPhiEliminationPhase.cpp:
- (JSC::DFG::RedundantPhiEliminationPhase::run):
- (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
- (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::useChildren):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::compileMovHint):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
- (JSC::DFG::SpeculativeJIT::compileAdd):
- (JSC::DFG::SpeculativeJIT::compare):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
- (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-03-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
-
- Minor DataLog fixes
- https://bugs.webkit.org/show_bug.cgi?id=80826
-
- Reviewed by Andreas Kling.
-
- * bytecode/ExecutionCounter.cpp:
- Do not include DataLog.h, it is not used.
-
- * jit/ExecutableAllocator.cpp:
- Ditto.
-
- * wtf/DataLog.cpp:
- (WTF::initializeLogFileOnce):
- Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
-
- * wtf/HashTable.cpp:
- Include DataLog as it is used.
-
-2012-03-12 SangGyu Lee <sg5.lee@samsung.com>
-
- Integer overflow check code in arithmetic operation in classic interpreter
- https://bugs.webkit.org/show_bug.cgi?id=80465
-
- Reviewed by Gavin Barraclough.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
-
-2012-03-12 Zeno Albisser <zeno@webkit.org>
-
- [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
- https://bugs.webkit.org/show_bug.cgi?id=80827
-
- Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
-
- Reviewed by Simon Hausmann.
-
- * wtf/Platform.h:
-
-2012-03-12 Simon Hausmann <simon.hausmann@nokia.com>
-
- Unreviewed prospective Qt/Mac build fix
-
- * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
- whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
- constructor.
-
-2012-03-12 Filip Pizlo <fpizlo@apple.com>
-
- All DFG nodes should have a mutable set of flags
- https://bugs.webkit.org/show_bug.cgi?id=80779
- <rdar://problem/11026218>
-
- Reviewed by Gavin Barraclough.
-
- Got rid of NodeId, and placed all of the flags that distinguished NodeId
- from NodeType into a separate Node::flags field. Combined what was previously
- ArithNodeFlags into Node::flags.
-
- In the process of debugging, I found that the debug support in the virtual
- register allocator was lacking, so I improved it. I also realized that the
- virtual register allocator was assuming that the nodes in a basic block were
- contiguous, which is no longer the case. So I fixed that. The fix also made
- it natural to have more extreme assertions, so I added them. I suspect this
- will make it easier to catch virtual register allocation bugs in the future.
-
- This is mostly performance neutral; if anything it looks like a slight
- speed-up.
-
- This patch does leave some work for future refactorings; for example, Node::op
- is unencapsulated. This was already the case, though now it feels even more
- like it should be. I avoided doing that because this patch has already grown
- way bigger than I wanted.
-
- Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
- move some unnecessarily inline stuff out of DFGNode.h.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGArithNodeFlagsInferencePhase.cpp:
- (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addToGraph):
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::handleMinMax):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCFAPhase.cpp:
- (JSC::DFG::CFAPhase::performBlockCFA):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::endIndexForPureCSE):
- (JSC::DFG::CSEPhase::pureCSE):
- (JSC::DFG::CSEPhase::clobbersWorld):
- (JSC::DFG::CSEPhase::impureCSE):
- (JSC::DFG::CSEPhase::setReplacement):
- (JSC::DFG::CSEPhase::eliminate):
- (JSC::DFG::CSEPhase::performNodeCSE):
- (JSC::DFG::CSEPhase::performBlockCSE):
- (CSEPhase):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::opName):
- (JSC::DFG::Graph::dump):
- (DFG):
- * dfg/DFGNode.cpp: Added.
- (DFG):
- (JSC::DFG::arithNodeFlagsAsString):
- * dfg/DFGNode.h:
- (DFG):
- (JSC::DFG::nodeUsedAsNumber):
- (JSC::DFG::nodeCanTruncateInteger):
- (JSC::DFG::nodeCanIgnoreNegativeZero):
- (JSC::DFG::nodeMayOverflow):
- (JSC::DFG::nodeCanSpeculateInteger):
- (JSC::DFG::defaultFlags):
- (JSC::DFG::Node::Node):
- (Node):
- (JSC::DFG::Node::setOpAndDefaultFlags):
- (JSC::DFG::Node::mustGenerate):
- (JSC::DFG::Node::arithNodeFlags):
- (JSC::DFG::Node::setArithNodeFlag):
- (JSC::DFG::Node::mergeArithNodeFlags):
- (JSC::DFG::Node::hasResult):
- (JSC::DFG::Node::hasInt32Result):
- (JSC::DFG::Node::hasNumberResult):
- (JSC::DFG::Node::hasJSResult):
- (JSC::DFG::Node::hasBooleanResult):
- (JSC::DFG::Node::isJump):
- (JSC::DFG::Node::isBranch):
- (JSC::DFG::Node::isTerminal):
- (JSC::DFG::Node::child1):
- (JSC::DFG::Node::child2):
- (JSC::DFG::Node::child3):
- (JSC::DFG::Node::firstChild):
- (JSC::DFG::Node::numChildren):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- (JSC::DFG::PredictionPropagationPhase::vote):
- (JSC::DFG::PredictionPropagationPhase::fixupNode):
- * dfg/DFGScoreBoard.h:
- (ScoreBoard):
- (JSC::DFG::ScoreBoard::~ScoreBoard):
- (JSC::DFG::ScoreBoard::assertClear):
- (JSC::DFG::ScoreBoard::use):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::useChildren):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
- (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-03-10 Filip Pizlo <fpizlo@apple.com>
-
- LLInt should support JSVALUE64
- https://bugs.webkit.org/show_bug.cgi?id=79609
- <rdar://problem/10063437>
-
- Reviewed by Gavin Barraclough and Oliver Hunt.
-
- Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
- patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
- file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
- specialized for value representation.
-
- Also made some minor changes to offlineasm and the slow-paths.
-
- * llint/LLIntData.cpp:
- (JSC::LLInt::Data::performAssertions):
- * llint/LLIntEntrypoints.cpp:
- * llint/LLIntSlowPaths.cpp:
- (LLInt):
- (JSC::LLInt::llint_trace_value):
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (JSC::LLInt::jitCompileAndSetHeuristics):
- * llint/LLIntSlowPaths.h:
- (LLInt):
- (SlowPathReturnType):
- (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
- (JSC::LLInt::encodeResult):
- * llint/LLIntThunks.cpp:
- * llint/LowLevelInterpreter.asm:
- * llint/LowLevelInterpreter32_64.asm:
- * llint/LowLevelInterpreter64.asm:
- * offlineasm/armv7.rb:
- * offlineasm/asm.rb:
- * offlineasm/ast.rb:
- * offlineasm/backends.rb:
- * offlineasm/instructions.rb:
- * offlineasm/parser.rb:
- * offlineasm/registers.rb:
- * offlineasm/transform.rb:
- * offlineasm/x86.rb:
- * wtf/Platform.h:
-
-2012-03-10 Yong Li <yoli@rim.com>
-
- Web Worker crashes with WX_EXCLUSIVE
- https://bugs.webkit.org/show_bug.cgi?id=80532
-
- Let each JS global object own a meta allocator
- for WX_EXCLUSIVE to avoid conflicts from Web Worker.
- Also fix a mutex leak in MetaAllocator's dtor.
-
- Reviewed by Filip Pizlo.
-
- * jit/ExecutableAllocator.cpp:
- (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
- (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
- (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
- (DemandExecutableAllocator):
- (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
- (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
- (JSC::DemandExecutableAllocator::allocateNewSpace):
- (JSC::DemandExecutableAllocator::allocators):
- (JSC::DemandExecutableAllocator::allocatorsMutex):
- (JSC):
- (JSC::ExecutableAllocator::initializeAllocator):
- (JSC::ExecutableAllocator::ExecutableAllocator):
- (JSC::ExecutableAllocator::underMemoryPressure):
- (JSC::ExecutableAllocator::memoryPressureMultiplier):
- (JSC::ExecutableAllocator::allocate):
- (JSC::ExecutableAllocator::committedByteCount):
- (JSC::ExecutableAllocator::dumpProfile):
- * jit/ExecutableAllocator.h:
- (JSC):
- (ExecutableAllocator):
- (JSC::ExecutableAllocator::allocator):
- * wtf/MetaAllocator.h:
- (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
- * wtf/TCSpinLock.h:
- (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
-
-2012-03-09 Gavin Barraclough <barraclough@apple.com>
-
- Object.freeze broken on latest Nightly
- https://bugs.webkit.org/show_bug.cgi?id=80577
-
- Reviewed by Oliver Hunt.
-
- The problem here is that deleteProperty rejects deletion of prototype.
- This is correct in most cases, however defineOwnPropery is presently
- implemented internally to ensure the attributes change by deleting the
- old property, and creating a new one.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::deleteProperty):
- - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
-
-2012-03-09 Gavin Barraclough <barraclough@apple.com>
-
- Array.prototype.toLocaleString visits elements in wrong order under certain conditions
- https://bugs.webkit.org/show_bug.cgi?id=80663
-
- Reviewed by Michael Saboff.
-
- The bug here is actually that we're continuing to process the array after an exception
- has been thrown, and that the second value throw is overriding the first.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToLocaleString):
-
-2012-03-09 Ryosuke Niwa <rniwa@webkit.org>
-
- WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
- https://bugs.webkit.org/show_bug.cgi?id=80080
-
- Reviewed by Filip Pizlo.
-
- * bytecode/SamplingTool.cpp:
- (JSC::SamplingRegion::Locker::Locker):
- (JSC::SamplingRegion::Locker::~Locker):
- * bytecode/SamplingTool.h:
- (JSC::SamplingRegion::exchangeCurrent):
- * wtf/Atomics.h:
- (WTF):
- (WTF::weakCompareAndSwap):
- (WTF::weakCompareAndSwapUIntPtr):
-
-2012-03-09 Gavin Barraclough <barraclough@apple.com>
-
- REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
- https://bugs.webkit.org/show_bug.cgi?id=49989
-
- Reviewed by Oliver Hunt.
-
- Patch originally by chris reiss <christopher.reiss@nokia.com>,
- allow the year to appear before the timezone in date strings.
-
- * wtf/DateMath.cpp:
- (WTF::parseDateFromNullTerminatedCharacters):
-
-2012-03-09 Mark Rowe <mrowe@apple.com>
-
- Ensure that the WTF headers are copied at installhdrs time.
-
- Reviewed by Dan Bernstein and Jessie Berlin.
-
- * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
- so that our script phases are invoked at installhdrs time. The only one that
- does any useful work at that time is the one that installs WTF headers.
-
-2012-03-09 Jon Lee <jonlee@apple.com>
-
- Add support for ENABLE(LEGACY_NOTIFICATIONS)
- https://bugs.webkit.org/show_bug.cgi?id=80497
-
- Reviewed by Adam Barth.
-
- Prep for b80472: Update API for Web Notifications
- * Configurations/FeatureDefines.xcconfig:
-
-2012-03-09 Ashod Nakashian <ashodnakashian@yahoo.com>
-
- Bash scripts should support LF endings only
- https://bugs.webkit.org/show_bug.cgi?id=79509
-
- Reviewed by David Kilzer.
-
- * gyp/generate-derived-sources.sh: Added property svn:eol-style.
- * gyp/run-if-exists.sh: Added property svn:eol-style.
- * gyp/update-info-plist.sh: Added property svn:eol-style.
-
-2012-03-09 Jessie Berlin <jberlin@apple.com>
-
- Windows debug build fix.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::shouldBlind):
- Fix unreachable code warnings (which we treat as errors).
-
-2012-03-09 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Zoltan Herczeg.
-
- [Qt] Fix the SH4 build after r109834
- https://bugs.webkit.org/show_bug.cgi?id=80492
-
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::branchAdd32):
- (JSC::MacroAssemblerSH4::branchSub32):
-
-2012-03-09 Andy Wingo <wingo@igalia.com>
-
- Refactor code feature analysis in the parser
- https://bugs.webkit.org/show_bug.cgi?id=79112
-
- Reviewed by Geoffrey Garen.
-
- This commit refactors the parser to more uniformly propagate flag
- bits down and up the parse process, as the parser descends and
- returns into nested blocks. Some flags get passed town to
- subscopes, some apply to specific scopes only, and some get
- unioned up after parsing subscopes.
-
- The goal is to eventually be very precise with scoping
- information, once we have block scopes: one block scope might use
- `eval', which would require the emission of a symbol table within
- that block and containing blocks, whereas another block in the
- same function might not, allowing us to not emit a symbol table.
-
- * parser/Nodes.h:
- (JSC::ScopeFlags): Rename from CodeFeatures.
- (JSC::ScopeNode::addScopeFlags):
- (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
- (JSC::ScopeNode::isStrictMode):
- (JSC::ScopeNode::usesEval):
- (JSC::ScopeNode::usesArguments):
- (JSC::ScopeNode::setUsesArguments):
- (JSC::ScopeNode::usesThis):
- (JSC::ScopeNode::needsActivationForMoreThanVariables):
- (JSC::ScopeNode::needsActivation): Refactor these accessors to
- operate on the m_scopeFlags member.
- (JSC::ScopeNode::source):
- (JSC::ScopeNode::sourceURL):
- (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
- semantic change.
- (JSC::ScopeNode::ScopeNode)
- (JSC::ProgramNode::ProgramNode)
- (JSC::EvalNode::EvalNode)
- (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
- take a ScopeFlags as an argument, instead of a bool inStrictContext.
-
- * parser/Nodes.cpp:
- (JSC::ScopeNode::ScopeNode):
- (JSC::ProgramNode::ProgramNode):
- (JSC::ProgramNode::create):
- (JSC::EvalNode::EvalNode):
- (JSC::EvalNode::create):
- (JSC::FunctionBodyNode::FunctionBodyNode):
- (JSC::FunctionBodyNode::create): Adapt constructors to change.
-
- * parser/ASTBuilder.h:
- (JSC::ASTBuilder::ASTBuilder):
- (JSC::ASTBuilder::thisExpr):
- (JSC::ASTBuilder::createResolve):
- (JSC::ASTBuilder::createFunctionBody):
- (JSC::ASTBuilder::createFuncDeclStatement):
- (JSC::ASTBuilder::createTryStatement):
- (JSC::ASTBuilder::createWithStatement):
- (JSC::ASTBuilder::addVar):
- (JSC::ASTBuilder::Scope::Scope):
- (Scope):
- (ASTBuilder):
- (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
- features here. Instead rely on the base Parser mechanism to track
- features.
-
- * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
-
- * parser/Parser.h:
- (JSC::Scope::Scope): Manage scope through flags, not
- bit-booleans. This lets us uniformly propagate them up and down.
- (JSC::Scope::declareWrite):
- (JSC::Scope::declareParameter):
- (JSC::Scope::useVariable):
- (JSC::Scope::collectFreeVariables):
- (JSC::Scope::getCapturedVariables):
- (JSC::Scope::saveFunctionInfo):
- (JSC::Scope::restoreFunctionInfo):
- (JSC::Parser::pushScope): Adapt to use scope flags and their
- accessors instead of bit-booleans.
- * parser/Parser.cpp:
- (JSC::::Parser):
- (JSC::::parseInner):
- (JSC::::didFinishParsing):
- (JSC::::parseSourceElements):
- (JSC::::parseVarDeclarationList):
- (JSC::::parseConstDeclarationList):
- (JSC::::parseWithStatement):
- (JSC::::parseTryStatement):
- (JSC::::parseFunctionBody):
- (JSC::::parseFunctionInfo):
- (JSC::::parseFunctionDeclaration):
- (JSC::::parsePrimaryExpression): Hoist some of the flag handling
- out of the "context" (ASTBuilder or SyntaxChecker) and to here.
- Does not seem to have a performance impact.
-
- * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
- Cache the scopeflags.
- * parser/SyntaxChecker.h: Remove evalCount() decl.
-
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::produceCodeBlockFor):
- * runtime/Executable.h:
- (JSC::ScriptExecutable::ScriptExecutable):
- (JSC::ScriptExecutable::usesEval):
- (JSC::ScriptExecutable::usesArguments):
- (JSC::ScriptExecutable::needsActivation):
- (JSC::ScriptExecutable::isStrictMode):
- (JSC::ScriptExecutable::recordParse):
- (ScriptExecutable): ScopeFlags, not features.
-
-2012-03-08 Benjamin Poulain <bpoulain@apple.com>
-
- Build fix for MSVC after r110266
-
- Unreviewed. A #ifdef for MSVC was left over in r110266.
-
- * runtime/RegExpObject.h:
- (RegExpObject):
-
-2012-03-08 Benjamin Poulain <bpoulain@apple.com>
-
- Allocate the RegExpObject's data with the Cell
- https://bugs.webkit.org/show_bug.cgi?id=80654
-
- Reviewed by Gavin Barraclough.
-
- This patch removes the creation of RegExpObject's data to avoid the overhead
- create by the allocation and destruction.
-
- We RegExp are created repeatedly, this provides some performance improvment.
- The PeaceKeeper test stringDetectBrowser improves by 10%.
-
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- (JSC::RegExpObject::visitChildren):
- (JSC::RegExpObject::getOwnPropertyDescriptor):
- (JSC::RegExpObject::defineOwnProperty):
- (JSC::RegExpObject::match):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::setRegExp):
- (JSC::RegExpObject::regExp):
- (JSC::RegExpObject::setLastIndex):
- (JSC::RegExpObject::getLastIndex):
- (RegExpObject):
-
-2012-03-08 Steve Falkenburg <sfalken@apple.com>
-
- Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
- https://bugs.webkit.org/show_bug.cgi?id=80657
-
- Preparation for WTF separation from JavaScriptCore.
- The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
- dependencies for generated files.
-
- This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
- versions of the WTF code independent of the JavaScriptCore code.
-
- Reviewed by Jessie Berlin.
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
- * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
- * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
- * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
- * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
- * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
- * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
- * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
- * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
- * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
-
-2012-03-08 Benjamin Poulain <benjamin@webkit.org>
-
- Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
- https://bugs.webkit.org/show_bug.cgi?id=80652
-
- Reviewed by Eric Seidel.
-
- Fix the header, URLSegments.h is not part of the API.
-
- * wtf/url/api/ParsedURL.h:
-
-2012-03-08 Ryosuke Niwa <rniwa@webkit.org>
-
- Mac build fix for micro data API.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-03-08 Gavin Barraclough <barraclough@apple.com>
-
- String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
- https://bugs.webkit.org/show_bug.cgi?id=26890
-
- Reviewed by Oliver Hunt.
-
- Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
-
- * runtime/StringPrototype.cpp:
- (JSC::replaceUsingRegExpSearch):
- (JSC::stringProtoFuncMatch):
- - added calls to setLastIndex.
-
-2012-03-08 Matt Lilek <mrl@apple.com>
-
- Don't enable VIDEO_TRACK on all OS X platforms
- https://bugs.webkit.org/show_bug.cgi?id=80635
-
- Reviewed by Eric Carlson.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-03-08 Oliver Hunt <oliver@apple.com>
-
- Build fix. That day is not today.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::shouldBlind):
- * assembler/MacroAssemblerX86Common.h:
- (MacroAssemblerX86Common):
- (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
-
-2012-03-08 Oliver Hunt <oliver@apple.com>
-
- Build fix. One of these days I'll manage to commit something that works everywhere.
-
- * assembler/AbstractMacroAssembler.h:
- (AbstractMacroAssembler):
- * assembler/MacroAssemblerARMv7.h:
- (MacroAssemblerARMv7):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
- (MacroAssemblerX86Common):
-
-2012-03-08 Chao-ying Fu <fu@mips.com>
-
- Update MIPS patchOffsetGetByIdSlowCaseCall
- https://bugs.webkit.org/show_bug.cgi?id=80302
-
- Reviewed by Oliver Hunt.
-
- * jit/JIT.h:
- (JIT):
-
-2012-03-08 Oliver Hunt <oliver@apple.com>
-
- Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
- https://bugs.webkit.org/show_bug.cgi?id=80633
-
- Reviewed by Gavin Barraclough.
-
- Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
- if there isn't a machine specific implementation (otherwise the 64bit value
- got truncated and 32bit checks were used -- leaving 32bits untested).
- Also add a bit of logic to ensure that we don't try to blind a few common
- constants that go through the ImmPtr paths -- encoded numeric JSValues and
- unencoded doubles with common "safe" values.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::shouldBlindDouble):
- (MacroAssembler):
- (JSC::MacroAssembler::shouldBlind):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
-
-2012-03-08 Mark Rowe <mrowe@apple.com>
-
- <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
-
- Reviewed by Dan Bernstein.
-
- * Configurations/Base.xcconfig:
-
-2012-03-08 Steve Falkenburg <sfalken@apple.com>
-
- Fix line endings for copy-files.cmd.
-
- If a cmd file doesn't have Windows line endings, it doesn't work properly.
- In this case, the label :clean wasn't found, breaking the clean build.
-
- Reviewed by Jessie Berlin.
-
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-
-2012-03-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG CFA incorrectly handles ValueToInt32
- https://bugs.webkit.org/show_bug.cgi?id=80568
-
- Reviewed by Gavin Barraclough.
-
- Changed it match exactly the decision pattern used in
- DFG::SpeculativeJIT::compileValueToInt32
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
-
-2012-03-08 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
-
- [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
- https://bugs.webkit.org/show_bug.cgi?id=80524
-
- Reviewed by Simon Hausmann.
-
- Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking
- of WTF library.
-
- * runtime/Identifier.cpp:
- * wtf/WTFThreadData.cpp:
- (JSC):
- (JSC::IdentifierTable::~IdentifierTable):
- (JSC::IdentifierTable::add):
-
-2012-03-08 Filip Pizlo <fpizlo@apple.com>
-
- DFG instruction count threshold should be lifted to 10000
- https://bugs.webkit.org/show_bug.cgi?id=80579
-
- Reviewed by Gavin Barraclough.
-
- * runtime/Options.cpp:
- (JSC::Options::initializeOptions):
-
-2012-03-07 Filip Pizlo <fpizlo@apple.com>
-
- Incorrect tracking of abstract values of variables forced double
- https://bugs.webkit.org/show_bug.cgi?id=80566
- <rdar://problem/11001442>
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::mergeStateAtTail):
-
-2012-03-07 Chao-yng Fu <fu@mips.com>
-
- [Qt] Fix the MIPS/SH4 build after r109834
- https://bugs.webkit.org/show_bug.cgi?id=80492
-
- Reviewed by Oliver Hunt.
-
- Implement three-argument branch(Add,Sub)32.
-
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::add32):
- (MacroAssemblerMIPS):
- (JSC::MacroAssemblerMIPS::sub32):
- (JSC::MacroAssemblerMIPS::branchAdd32):
- (JSC::MacroAssemblerMIPS::branchSub32):
+ (JSC::Heap::Heap):
+ (JSC::Heap::lastChanceToFinalize): Removed the per-heap weak set, since
+ it's per-block now.
-2012-03-07 Sheriff Bot <webkit.review.bot@gmail.com>
+ (JSC::Heap::markRoots): Delegate weak set visiting to the marked space,
+ since it knows how to iterate all blocks.
- Unreviewed, rolling out r110127.
- http://trac.webkit.org/changeset/110127
- https://bugs.webkit.org/show_bug.cgi?id=80562
+ (JSC::Heap::collect): Moved the reaping outside of markRoots, since it
+ doesn't mark anything.
- compile failed on AppleWin (Requested by ukai on #webkit).
+ Make sure to reset allocators after shrinking, since shrinking may
+ deallocate the current allocator.
- * heap/Heap.cpp:
- (JSC::Heap::collectAllGarbage):
* heap/Heap.h:
- (JSC):
- (Heap):
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::FunctionExecutable):
- (JSC::FunctionExecutable::finalize):
- * runtime/Executable.h:
- (FunctionExecutable):
- (JSC::FunctionExecutable::create):
- * runtime/JSGlobalData.cpp:
- (WTF):
- (Recompiler):
- (WTF::Recompiler::operator()):
- (JSC::JSGlobalData::recompileAllJSFunctions):
- (JSC):
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- * runtime/JSGlobalObject.cpp:
- (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-
-2012-03-07 Hojong Han <hojong.han@samsung.com>
-
- The end atom of the marked block considered to filter invalid cells
- https://bugs.webkit.org/show_bug.cgi?id=79191
-
- Reviewed by Geoffrey Garen.
-
- Register file could have stale pointers beyond the end atom of marked block.
- Those pointers can weasel out of filtering in-middle-of-cell pointer.
+ (Heap): No more per-heap weak set, since it's per-block now.
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
* heap/MarkedBlock.h:
- (JSC::MarkedBlock::isLiveCell):
-
-2012-03-07 Jessie Berlin <jberlin@apple.com>
-
- Clean Windows build fails after r110033
- https://bugs.webkit.org/show_bug.cgi?id=80553
-
- Rubber-stamped by Jon Honeycutt and Eric Seidel.
-
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- Place the implementation files next to their header files in the wtf/text subdirectory.
- Use echo -F to tell xcopy that these are files (since there is apparently no flag).
- * JavaScriptCore.vcproj/jsc/jsc.vcproj:
- Update the path to those implementation files.
- * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
- Ditto.
-
-2012-03-07 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Eliminate redundant Phis in DFG
- https://bugs.webkit.org/show_bug.cgi?id=80415
-
- Reviewed by Filip Pizlo.
-
- Although this may not have any advantage at current stage, this is towards
- minimal SSA to make more high level optimizations (like bug 76770) easier.
- We have the choices either to build minimal SSA from scratch or to
- keep current simple Phi insertion mechanism and remove the redundancy
- in another phase. Currently we choose the latter because the change
- could be smaller.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
- (DFG):
- (RedundantPhiEliminationPhase):
- (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
- (JSC::DFG::RedundantPhiEliminationPhase::run):
- (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
- (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
- (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
- (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
- (JSC::DFG::performRedundantPhiElimination):
- * dfg/DFGRedundantPhiEliminationPhase.h: Added.
- (DFG):
-
-2012-03-07 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Refactor recompileAllJSFunctions() to be less expensive
- https://bugs.webkit.org/show_bug.cgi?id=80330
-
- Reviewed by Geoffrey Garen.
-
- This change is performance neutral on the JS benchmarks we track. It's mostly to improve page
- load performance, which currently does at least a couple full GCs per navigation.
-
- * heap/Heap.cpp:
- (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode
- because the function doesn't actually recompile anything (and never did); it simply throws code
- away for it to be recompiled later if we determine we should do so.
- (JSC):
- (JSC::Heap::collectAllGarbage):
- (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
- (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
- * heap/Heap.h:
- (JSC):
- (Heap):
- * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can
- be used in DoublyLinkedLists.
- (JSC::FunctionExecutable::FunctionExecutable):
- (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
- * runtime/Executable.h:
- (FunctionExecutable):
- (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
- * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage
- the list of FunctionExecutables.
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- * runtime/JSGlobalObject.cpp:
- (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
-
-2012-03-06 Oliver Hunt <oliver@apple.com>
-
- Further harden 64-bit JIT
- https://bugs.webkit.org/show_bug.cgi?id=80457
-
- Reviewed by Filip Pizlo.
-
- This patch implements blinding for ImmPtr. Rather than xor based blinding
- we perform randomised pointer rotations in order to avoid the significant
- cost in executable memory that would otherwise be necessary (and to avoid
- the need for an additional scratch register in some cases).
-
- As with the prior blinding patch there's a moderate amount of noise as we
- correct the use of ImmPtr vs. TrustedImmPtr.
-
- * assembler/AbstractMacroAssembler.h:
- (ImmPtr):
- (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
- * assembler/MacroAssembler.h:
- (MacroAssembler):
- (JSC::MacroAssembler::storePtr):
- (JSC::MacroAssembler::branchPtr):
- (JSC::MacroAssembler::shouldBlind):
- (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
- (RotatedImmPtr):
- (JSC::MacroAssembler::rotationBlindConstant):
- (JSC::MacroAssembler::loadRotationBlindedConstant):
- (JSC::MacroAssembler::convertInt32ToDouble):
- (JSC::MacroAssembler::move):
- (JSC::MacroAssembler::poke):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::storeDouble):
- (JSC::MacroAssemblerARMv7::branchAdd32):
- * assembler/MacroAssemblerX86_64.h:
- (MacroAssemblerX86_64):
- (JSC::MacroAssemblerX86_64::rotateRightPtr):
- (JSC::MacroAssemblerX86_64::xorPtr):
- * assembler/X86Assembler.h:
- (X86Assembler):
- (JSC::X86Assembler::xorq_rm):
- (JSC::X86Assembler::rorq_i8r):
- * dfg/DFGCCallHelpers.h:
- (CCallHelpers):
- (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::createOSREntries):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::silentFillGPR):
- (JSC::DFG::SpeculativeJIT::callOperation):
- (JSC::DFG::SpeculativeJIT::emitEdgeCode):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillInteger):
- (JSC::DFG::SpeculativeJIT::fillDouble):
- (JSC::DFG::SpeculativeJIT::fillJSValue):
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emitSlow_op_post_inc):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
- (JSC::JIT::emitGetVirtualRegister):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_mov):
- (JSC::JIT::emit_op_new_object):
- (JSC::JIT::emit_op_strcat):
- (JSC::JIT::emit_op_ensure_property_exists):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_resolve_with_this):
- (JSC::JIT::emit_op_jmp_scopes):
- (JSC::JIT::emit_op_switch_imm):
- (JSC::JIT::emit_op_switch_char):
- (JSC::JIT::emit_op_switch_string):
- (JSC::JIT::emit_op_throw_reference_error):
- (JSC::JIT::emit_op_debug):
- (JSC::JIT::emitSlow_op_resolve_global_dynamic):
- (JSC::JIT::emit_op_new_array):
- (JSC::JIT::emitSlow_op_new_array):
- (JSC::JIT::emit_op_new_array_buffer):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_new_object):
- (JSC::JIT::emit_op_strcat):
- (JSC::JIT::emit_op_ensure_property_exists):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_resolve_with_this):
- (JSC::JIT::emit_op_jmp_scopes):
- (JSC::JIT::emit_op_switch_imm):
- (JSC::JIT::emit_op_switch_char):
- (JSC::JIT::emit_op_switch_string):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_put_by_index):
- * jit/JITStubCall.h:
- (JITStubCall):
- (JSC::JITStubCall::addArgument):
-
-2012-03-07 Simon Hausmann <simon.hausmann@nokia.com>
-
- ARM build fix.
-
- Reviewed by Zoltan Herczeg.
-
- Implement three-argument branch(Add,Sub)32.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::add32):
- (MacroAssemblerARM):
- (JSC::MacroAssemblerARM::sub32):
- (JSC::MacroAssemblerARM::branchAdd32):
- (JSC::MacroAssemblerARM::branchSub32):
-
-2012-03-07 Andy Wingo <wingo@igalia.com>
-
- Parser: Inline ScopeNodeData into ScopeNode
- https://bugs.webkit.org/show_bug.cgi?id=79776
-
- Reviewed by Geoffrey Garen.
-
- It used to be that some ScopeNode members were kept in a separate
- structure because sometimes they wouldn't be needed, and
- allocating a ParserArena was expensive. This patch makes
- ParserArena lazily allocate its IdentifierArena, allowing the
- members to be included directly, which is simpler and easier to
- reason about.
-
- * parser/ParserArena.cpp:
- (JSC::ParserArena::ParserArena):
- (JSC::ParserArena::reset):
- (JSC::ParserArena::isEmpty):
- * parser/ParserArena.h:
- (JSC::ParserArena::identifierArena): Lazily allocate the
- IdentifierArena.
-
- * parser/Nodes.cpp:
- (JSC::ScopeNode::ScopeNode):
- (JSC::ScopeNode::singleStatement):
- (JSC::ProgramNode::create):
- (JSC::EvalNode::create):
- (JSC::FunctionBodyNode::create):
- * parser/Nodes.h:
- (JSC::ScopeNode::destroyData):
- (JSC::ScopeNode::needsActivationForMoreThanVariables):
- (JSC::ScopeNode::needsActivation):
- (JSC::ScopeNode::hasCapturedVariables):
- (JSC::ScopeNode::capturedVariableCount):
- (JSC::ScopeNode::captures):
- (JSC::ScopeNode::varStack):
- (JSC::ScopeNode::functionStack):
- (JSC::ScopeNode::neededConstants):
- (ScopeNode):
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
- into ScopeNode. Adapt accessors.
-
-2012-03-06 Eric Seidel <eric@webkit.org>
-
- Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
- https://bugs.webkit.org/show_bug.cgi?id=80363
-
- Reviewed by Mark Rowe.
-
- Historically WTF has been part of JavaScriptCore, and on Mac and Windows
- its headers have appeared as part of the "private" headers exported by
- JavaScriptCore. All of the WTF headers there are "flattened" into a single
- private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
- to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
-
- However, very soon, we are moving the WTF source code out of JavaScriptCore into its
- own directory and project. As part of such, the WTF headers will no longer be part of
- the JavaScriptCore private interfaces.
- In preparation for that, this change makes both the Mac and Win builds export
- WTF headers in a non-flattened manner. On Mac, that means into usr/local/include/wtf
- (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
-
- There are 5 parts to this change.
- 1. Updates the JavaScriptCore XCode and VCProj files to actually install these headers
- (and header directories) into the appropriate places in the build directory.
- 2. Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
- (WebCore, WebKit, etc. had already been taught to look in previous patches).
- 3. Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
- using fully qualified paths.
- 4. Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
- 5. Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
-
- Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
- It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
- headers, those will have to be updated to use <wtf/Foo.h> after this change.
- I've discussed this proposed change at length with Mark Rowe, and my understanding is they
- are ready for (and interested in) this change happening.
-
- * API/tests/JSNode.c:
- * API/tests/JSNodeList.c:
- * Configurations/Base.xcconfig:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/MacroAssemblerCodeRef.h:
- * bytecompiler/BytecodeGenerator.h:
- * dfg/DFGOperations.cpp:
- * heap/GCAssertions.h:
- * heap/HandleHeap.h:
- * heap/HandleStack.h:
- * heap/MarkedSpace.h:
- * heap/PassWeak.h:
- * heap/Strong.h:
- * heap/Weak.h:
- * jit/HostCallReturnValue.cpp:
- * jit/JIT.cpp:
- * jit/JITStubs.cpp:
- * jit/ThunkGenerators.cpp:
- * parser/Lexer.cpp:
- * runtime/Completion.cpp:
- * runtime/Executable.cpp:
- * runtime/Identifier.h:
- * runtime/InitializeThreading.cpp:
- * runtime/JSDateMath.cpp:
- * runtime/JSGlobalObjectFunctions.cpp:
- * runtime/JSStringBuilder.h:
- * runtime/JSVariableObject.h:
- * runtime/NumberPrototype.cpp:
- * runtime/WriteBarrier.h:
- * tools/CodeProfile.cpp:
- * tools/TieredMMapArray.h:
- * wtf/AVLTree.h:
- * wtf/Alignment.h:
- * wtf/AlwaysInline.h:
- * wtf/ArrayBufferView.h:
- * wtf/Assertions.h:
- * wtf/Atomics.h:
- * wtf/Bitmap.h:
- * wtf/BoundsCheckedPointer.h:
- * wtf/CheckedArithmetic.h:
- * wtf/Deque.h:
- * wtf/ExportMacros.h:
- * wtf/FastAllocBase.h:
- * wtf/FastMalloc.h:
- * wtf/Float32Array.h:
- * wtf/Float64Array.h:
- * wtf/Functional.h:
- * wtf/HashCountedSet.h:
- * wtf/HashFunctions.h:
- * wtf/HashMap.h:
- * wtf/HashSet.h:
- * wtf/HashTable.h:
- * wtf/HashTraits.h:
- * wtf/Int16Array.h:
- * wtf/Int32Array.h:
- * wtf/Int8Array.h:
- * wtf/IntegralTypedArrayBase.h:
- * wtf/ListHashSet.h:
- * wtf/MainThread.h:
- * wtf/MetaAllocator.h:
- * wtf/Noncopyable.h:
- * wtf/OwnArrayPtr.h:
- * wtf/OwnPtr.h:
- * wtf/PackedIntVector.h:
- * wtf/ParallelJobs.h:
- * wtf/PassOwnArrayPtr.h:
- * wtf/PassOwnPtr.h:
- * wtf/PassRefPtr.h:
- * wtf/PassTraits.h:
- * wtf/Platform.h:
- * wtf/PossiblyNull.h:
- * wtf/RefCounted.h:
- * wtf/RefCountedLeakCounter.h:
- * wtf/RefPtr.h:
- * wtf/RetainPtr.h:
- * wtf/SimpleStats.h:
- * wtf/Spectrum.h:
- * wtf/StdLibExtras.h:
- * wtf/TCPageMap.h:
- * wtf/TemporaryChange.h:
- * wtf/ThreadSafeRefCounted.h:
- * wtf/Threading.h:
- * wtf/ThreadingPrimitives.h:
- * wtf/TypeTraits.h:
- * wtf/TypedArrayBase.h:
- * wtf/Uint16Array.h:
- * wtf/Uint32Array.h:
- * wtf/Uint8Array.h:
- * wtf/Uint8ClampedArray.h:
- * wtf/UnusedParam.h:
- * wtf/Vector.h:
- * wtf/VectorTraits.h:
- * wtf/dtoa/double-conversion.h:
- * wtf/dtoa/utils.h:
- * wtf/gobject/GRefPtr.h:
- * wtf/gobject/GlibUtilities.h:
- * wtf/text/AtomicString.h:
- * wtf/text/AtomicStringImpl.h:
- * wtf/text/CString.h:
- * wtf/text/StringConcatenate.h:
- * wtf/text/StringHash.h:
- * wtf/text/WTFString.h:
- * wtf/unicode/CharacterNames.h:
- * wtf/unicode/UTF8.h:
- * wtf/unicode/glib/UnicodeGLib.h:
- * wtf/unicode/qt4/UnicodeQt4.h:
- * wtf/unicode/wince/UnicodeWinCE.h:
- * wtf/url/api/ParsedURL.h:
- * wtf/url/api/URLString.h:
- * wtf/wince/FastMallocWinCE.h:
- * yarr/YarrJIT.cpp:
-
-2012-03-06 Gavin Barraclough <barraclough@apple.com>
-
- Array.prototype functions should throw if delete fails
- https://bugs.webkit.org/show_bug.cgi?id=80467
-
- Reviewed by Oliver Hunt.
-
- All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
- In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
- in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
- one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
- routines, for handling arrays with holes. These three copies should be unified.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::shift):
- (JSC::unshift):
- - Added - shared copies of the shift/unshift functionality.
- (JSC::arrayProtoFuncPop):
- - should throw if the delete fails.
- (JSC::arrayProtoFuncReverse):
- - should throw if the delete fails.
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- - use shift/unshift.
- * runtime/JSArray.cpp:
- (JSC::JSArray::shiftCount):
- (JSC::JSArray::unshiftCount):
- - Don't try to handle arrays with holes; return a value indicating
- the generic routine should be used instead.
- * runtime/JSArray.h:
- - declaration for shiftCount/unshiftCount changed.
- * tests/mozilla/js1_6/Array/regress-304828.js:
- - this was asserting incorrect behaviour.
-
-2012-03-06 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
- https://bugs.webkit.org/show_bug.cgi?id=80469
-
- Reviewed by Antonio Gomes.
-
- * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
- property on the library being created.
-
-2012-03-06 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG BasicBlock should group the Phi nodes together and separate them
- from the other nodes
- https://bugs.webkit.org/show_bug.cgi?id=80361
-
- Reviewed by Filip Pizlo.
-
- This would make it more efficient to remove the redundant Phi nodes or
- insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
- This is performance neutral on SunSpider, V8 and Kraken.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::clobberStructures):
- (JSC::DFG::AbstractState::dump):
- * dfg/DFGBasicBlock.h:
- (JSC::DFG::BasicBlock::BasicBlock):
- (BasicBlock):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addToGraph):
- (JSC::DFG::ByteCodeParser::insertPhiNode):
- * dfg/DFGCFAPhase.cpp:
- (JSC::DFG::CFAPhase::performBlockCFA):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::pureCSE):
- (JSC::DFG::CSEPhase::impureCSE):
- (JSC::DFG::CSEPhase::globalVarLoadElimination):
- (JSC::DFG::CSEPhase::getByValLoadElimination):
- (JSC::DFG::CSEPhase::checkFunctionElimination):
- (JSC::DFG::CSEPhase::checkStructureLoadElimination):
- (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
- (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
- (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
- (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
- (JSC::DFG::CSEPhase::performBlockCSE):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-06 Mark Hahnenberg <mhahnenberg@apple.com>
-
- GCActivityCallback timer should vary with the length of the previous GC
- https://bugs.webkit.org/show_bug.cgi?id=80344
-
- Reviewed by Geoffrey Garen.
-
- * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last
- GC length so that the GC Activity Callback can use it.
- (JSC::Heap::Heap):
- (JSC::Heap::collect):
- * heap/Heap.h:
- (JSC::Heap::lastGCLength):
- (Heap):
- * runtime/GCActivityCallbackCF.cpp:
- (JSC):
- (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last
- GC to determine the length of our timer trigger (currently set at 100x the duration
- of the last GC).
-
-2012-03-06 Rob Buis <rbuis@rim.com>
-
- BlackBerry] Fix cast-align gcc warnings when compiling JSC
- https://bugs.webkit.org/show_bug.cgi?id=80420
-
- Reviewed by Gavin Barraclough.
-
- Fix warnings given in Blackberry build.
-
- * heap/CopiedBlock.h:
- (JSC::CopiedBlock::CopiedBlock):
- * wtf/RefCountedArray.h:
- (WTF::RefCountedArray::Header::fromPayload):
-
-2012-03-06 Gavin Barraclough <barraclough@apple.com>
-
- writable/configurable not respected for some properties of Function/String/Arguments
- https://bugs.webkit.org/show_bug.cgi?id=80436
-
- Reviewed by Oliver Hunt.
-
- Special properties should behave like regular properties.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::defineOwnProperty):
- - Mis-nested logic for making read-only properties non-live.
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::put):
- - arguments/length/caller are non-writable, non-configurable - reject appropriately.
- (JSC::JSFunction::deleteProperty):
- - Attempting to delete prototype/caller should fail.
- (JSC::JSFunction::defineOwnProperty):
- - Ensure prototype is reified on attempt to reify it.
- - arguments/length/caller are non-writable, non-configurable - reject appropriately.
- * runtime/JSFunction.h:
- - added declaration for defineOwnProperty.
- (JSFunction):
- * runtime/StringObject.cpp:
- (JSC::StringObject::put):
- - length is non-writable, non-configurable - reject appropriately.
-
-2012-03-06 Ulan Degenbaev <ulan@chromium.org>
-
- TypedArray subarray call for subarray does not clamp the end index parameter properly
- https://bugs.webkit.org/show_bug.cgi?id=80285
-
- Reviewed by Kenneth Russell.
-
- * wtf/ArrayBufferView.h:
- (WTF::ArrayBufferView::calculateOffsetAndLength):
-
-2012-03-06 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r109837.
- http://trac.webkit.org/changeset/109837
- https://bugs.webkit.org/show_bug.cgi?id=80399
-
- breaks Mac Productions builds, too late to try and fix it
- tonight (Requested by eseidel on #webkit).
-
- * API/tests/JSNode.c:
- * API/tests/JSNodeList.c:
- * Configurations/Base.xcconfig:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/MacroAssemblerCodeRef.h:
- * bytecompiler/BytecodeGenerator.h:
- * dfg/DFGOperations.cpp:
- * heap/GCAssertions.h:
- * heap/HandleHeap.h:
- * heap/HandleStack.h:
- * heap/MarkedSpace.h:
- * heap/PassWeak.h:
- * heap/Strong.h:
- * heap/Weak.h:
- * jit/HostCallReturnValue.cpp:
- * jit/JIT.cpp:
- * jit/JITStubs.cpp:
- * jit/ThunkGenerators.cpp:
- * parser/Lexer.cpp:
- * runtime/Completion.cpp:
- * runtime/Executable.cpp:
- * runtime/Identifier.h:
- * runtime/InitializeThreading.cpp:
- * runtime/JSDateMath.cpp:
- * runtime/JSGlobalObjectFunctions.cpp:
- * runtime/JSStringBuilder.h:
- * runtime/JSVariableObject.h:
- * runtime/NumberPrototype.cpp:
- * runtime/WriteBarrier.h:
- * tools/CodeProfile.cpp:
- * tools/TieredMMapArray.h:
- * yarr/YarrJIT.cpp:
-
-2012-03-06 Zoltan Herczeg <zherczeg@webkit.org>
-
- [Qt][ARM] Speculative buildfix after r109834.
-
- Reviewed by Csaba Osztrogonác.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::and32):
- (MacroAssemblerARM):
-
-2012-03-05 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed windows build fix pt 2.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-05 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed windows build fix pt 1.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-05 Gavin Barraclough <barraclough@apple.com>
-
- putByIndex should throw in strict mode
- https://bugs.webkit.org/show_bug.cgi?id=80335
-
- Reviewed by Filip Pizlo.
-
- Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
-
- This is a largely mechanical change, simply adding an extra parameter to a number
- of functions. Some call sites need perform additional exception checks, and
- operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
-
- This patch doesn't fix a missing throw from some cases of shift/unshift (this is
- an existing bug), I'll follow up with a third patch to handle that.
-
- * API/JSObjectRef.cpp:
- (JSObjectSetPropertyAtIndex):
- * JSCTypedArrayStubs.h:
- (JSC):
- * dfg/DFGOperations.cpp:
- (JSC::DFG::putByVal):
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- * runtime/Arguments.cpp:
- (JSC::Arguments::putByIndex):
- * runtime/Arguments.h:
- (Arguments):
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- * runtime/ClassInfo.h:
- (MethodTable):
- * runtime/JSArray.cpp:
- (JSC::SparseArrayValueMap::put):
- (JSC::JSArray::put):
- (JSC::JSArray::putByIndex):
- (JSC::JSArray::putByIndexBeyondVectorLength):
- (JSC::JSArray::push):
- (JSC::JSArray::shiftCount):
- (JSC::JSArray::unshiftCount):
- * runtime/JSArray.h:
- (SparseArrayValueMap):
- (JSArray):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::putByIndex):
- * runtime/JSByteArray.h:
- (JSByteArray):
- * runtime/JSCell.cpp:
- (JSC::JSCell::putByIndex):
- * runtime/JSCell.h:
- (JSCell):
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::putByIndex):
- * runtime/JSNotAnObject.h:
- (JSNotAnObject):
- * runtime/JSONObject.cpp:
- (JSC::Walker::walk):
- * runtime/JSObject.cpp:
- (JSC::JSObject::putByIndex):
- * runtime/JSObject.h:
- (JSC::JSValue::putByIndex):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpMatchesArray::fillArrayInstance):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::putByIndex):
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncSplit):
-
-2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com>
-
- PredictNone is incorrectly treated as isDoublePrediction
- https://bugs.webkit.org/show_bug.cgi?id=80365
-
- Reviewed by Filip Pizlo.
-
- Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
-
- * bytecode/PredictedType.h:
- (JSC::isFixedIndexedStorageObjectPrediction):
- (JSC::isDoublePrediction):
-
-2012-03-05 Filip Pizlo <fpizlo@apple.com>
-
- The LLInt should work even when the JIT is disabled
- https://bugs.webkit.org/show_bug.cgi?id=80340
- <rdar://problem/10922235>
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
- (MacroAssemblerCodeRef):
- (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::initialize):
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct):
- * jit/JIT.h:
- (JSC::JIT::compileCTINativeCall):
- * jit/JITStubs.h:
- (JSC::JITThunks::ctiNativeCall):
- (JSC::JITThunks::ctiNativeConstruct):
- * llint/LLIntEntrypoints.cpp:
- (JSC::LLInt::getFunctionEntrypoint):
- (JSC::LLInt::getEvalEntrypoint):
- (JSC::LLInt::getProgramEntrypoint):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (LLInt):
- * llint/LLIntSlowPaths.h:
- (LLInt):
- * llint/LowLevelInterpreter.h:
- * llint/LowLevelInterpreter32_64.asm:
- * runtime/Executable.h:
- (NativeExecutable):
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::finishCreation):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- * runtime/Options.cpp:
- (Options):
- (JSC::Options::parse):
- (JSC::Options::initializeOptions):
- * runtime/Options.h:
- (Options):
- * wtf/Platform.h:
-
-2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Checks for dead variables are not sufficient when fixing the expected
- values in DFG OSR entry
- https://bugs.webkit.org/show_bug.cgi?id=80371
-
- Reviewed by Filip Pizlo.
-
- A dead variable should be identified when there's no node referencing it.
- But we currently failed to catch the case where there are some nodes
- referencing a variable but those nodes are actually not referenced by
- others so will be ignored in code generation. In such case we should
- also consider that variable to be a dead variable in the block and fix
- the expected values.
- This is performance neutral on SunSpider, V8 and Kraken.
-
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
-
-2012-03-05 Oliver Hunt <oliver@apple.com>
-
- Fix Qt build.
-
- * assembler/AbstractMacroAssembler.h:
- * assembler/MacroAssembler.h:
- (MacroAssembler):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileArithSub):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emitSub32Constant):
-
-2012-03-05 Eric Seidel <eric@webkit.org>
-
- Update JavaScriptCore files to use fully-qualified WTF include paths
- https://bugs.webkit.org/show_bug.cgi?id=79960
-
- Reviewed by Adam Barth.
-
- This change does 5 small/related things:
- 1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
- (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
- was not installing headers there.)
- 2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
- header search path, as that's where the WTF headers will be installed.
- 3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
- in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
- 4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
- since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
- 5. Makes build-webkit build the WTF XCode project by default.
+ (MarkedBlock):
+ (JSC::MarkedBlock::lastChanceToFinalize): Migrated finalization logic
+ here from the heap, so the heap doesn't need to know about our internal
+ data structures like our weak set.
- * API/tests/JSNode.c:
- * API/tests/JSNodeList.c:
- * Configurations/Base.xcconfig:
- * assembler/MacroAssemblerCodeRef.h:
- * bytecompiler/BytecodeGenerator.h:
- * dfg/DFGOperations.cpp:
- * heap/GCAssertions.h:
- * heap/HandleHeap.h:
- * heap/HandleStack.h:
+ (JSC::MarkedBlock::heap):
+ (JSC::MarkedBlock::weakSet):
+ (JSC::MarkedBlock::shrink):
+ (JSC::MarkedBlock::resetAllocator):
+ (JSC::MarkedBlock::visitWeakSet):
+ (JSC::MarkedBlock::reapWeakSet):
+ (JSC::MarkedBlock::sweepWeakSet):
+ * heap/MarkedSpace.cpp:
+ (JSC::VisitWeakSet::VisitWeakSet):
+ (JSC::VisitWeakSet::operator()):
+ (VisitWeakSet):
+ (JSC):
+ (JSC::ReapWeakSet::operator()):
+ (JSC::SweepWeakSet::operator()):
+ (JSC::LastChanceToFinalize::operator()):
+ (JSC::MarkedSpace::lastChanceToFinalize):
+ (JSC::ResetAllocator::operator()):
+ (JSC::MarkedSpace::resetAllocators):
+ (JSC::MarkedSpace::visitWeakSets):
+ (JSC::MarkedSpace::reapWeakSets):
+ (JSC::MarkedSpace::sweepWeakSets):
+ (JSC::Shrink::operator()):
+ (JSC::MarkedSpace::shrink):
* heap/MarkedSpace.h:
- * heap/PassWeak.h:
- * heap/Strong.h:
- * heap/Weak.h:
- * jit/HostCallReturnValue.cpp:
- * jit/JIT.cpp:
- * jit/JITStubs.cpp:
- * jit/ThunkGenerators.cpp:
- * parser/Lexer.cpp:
- * runtime/Completion.cpp:
- * runtime/Executable.cpp:
- * runtime/Identifier.h:
- * runtime/InitializeThreading.cpp:
- * runtime/JSDateMath.cpp:
- * runtime/JSGlobalObjectFunctions.cpp:
- * runtime/JSStringBuilder.h:
- * runtime/JSVariableObject.h:
- * runtime/NumberPrototype.cpp:
- * runtime/WriteBarrier.h:
- * tools/CodeProfile.cpp:
- * tools/TieredMMapArray.h:
- * yarr/YarrJIT.cpp:
-
-2012-03-05 Oliver Hunt <oliver@apple.com>
-
- Add basic support for constant blinding to the JIT
- https://bugs.webkit.org/show_bug.cgi?id=80354
-
- Reviewed by Filip Pizlo.
-
- This patch adds basic constant blinding support to the JIT, at the
- MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG)
- get constant blinding. Woo!
-
- This patch only introduces blinding for Imm32, a later patch will do similar
- for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially
- impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
- accessor that's needed to access the actual value. This also means you cannot
- accidentally pass an untrusted value to a function that does not perform
- blinding.
-
- To make everything work sensibly, this patch also corrects some code that was using
- Imm32 when TrustedImm32 could be used, and refactors a few callers that use
- untrusted immediates, so that they call slightly different varaints of the functions
- that they used previously. This is largely necessary to deal with x86-32 not having
- sufficient registers to handle the additional work required when we choose to blind
- a constant.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
- (Imm32):
- (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
- (JSC::AbstractMacroAssembler::endUninterruptedSequence):
- (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
- (AbstractMacroAssembler):
- (JSC::AbstractMacroAssembler::inUninterruptedSequence):
- (JSC::AbstractMacroAssembler::random):
- (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
- (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::addressForPoke):
- (MacroAssembler):
- (JSC::MacroAssembler::poke):
- (JSC::MacroAssembler::branchPtr):
- (JSC::MacroAssembler::branch32):
- (JSC::MacroAssembler::convertInt32ToDouble):
- (JSC::MacroAssembler::shouldBlind):
- (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
- (BlindedImm32):
- (JSC::MacroAssembler::keyForConstant):
- (JSC::MacroAssembler::xorBlindConstant):
- (JSC::MacroAssembler::additionBlindedConstant):
- (JSC::MacroAssembler::andBlindedConstant):
- (JSC::MacroAssembler::orBlindedConstant):
- (JSC::MacroAssembler::loadXorBlindedConstant):
- (JSC::MacroAssembler::add32):
- (JSC::MacroAssembler::addPtr):
- (JSC::MacroAssembler::and32):
- (JSC::MacroAssembler::andPtr):
- (JSC::MacroAssembler::move):
- (JSC::MacroAssembler::or32):
- (JSC::MacroAssembler::store32):
- (JSC::MacroAssembler::sub32):
- (JSC::MacroAssembler::subPtr):
- (JSC::MacroAssembler::xor32):
- (JSC::MacroAssembler::branchAdd32):
- (JSC::MacroAssembler::branchMul32):
- (JSC::MacroAssembler::branchSub32):
- (JSC::MacroAssembler::trustedImm32ForShift):
- (JSC::MacroAssembler::lshift32):
- (JSC::MacroAssembler::rshift32):
- (JSC::MacroAssembler::urshift32):
- * assembler/MacroAssemblerARMv7.h:
- (MacroAssemblerARMv7):
- (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
- (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::branchSubPtr):
- (MacroAssemblerX86_64):
- (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkOSRExits):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::compileArithSub):
- (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callOperation):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JITArithmetic.cpp:
- (JSC::JIT::compileBinaryArithOp):
- (JSC::JIT::emit_op_add):
- (JSC::JIT::emit_op_mul):
- (JSC::JIT::emit_op_div):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emitAdd32Constant):
- (JSC::JIT::emitSub32Constant):
- (JSC::JIT::emitBinaryDoubleOp):
- (JSC::JIT::emitSlow_op_mul):
- (JSC::JIT::emit_op_div):
- * jit/JITCall.cpp:
- (JSC::JIT::compileLoadVarargs):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileLoadVarargs):
- * jit/JITInlineMethods.h:
- (JSC::JIT::updateTopCallFrame):
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emitSlow_op_jfalse):
- (JSC::JIT::emitSlow_op_jtrue):
- * jit/JITStubCall.h:
- (JITStubCall):
- (JSC::JITStubCall::addArgument):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::backtrack):
-
-2012-03-05 Gavin Barraclough <barraclough@apple.com>
-
- putByIndex should throw in strict mode
- https://bugs.webkit.org/show_bug.cgi?id=80335
-
- Reviewed by Filip Pizlo.
-
- We'll need to pass an additional parameter.
-
- Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
- to match the method in the MethodTable, make this take a parameter indicating
- whether the put should throw. This fixes the cases where the base of the put
- is a primitive.
-
- * dfg/DFGOperations.cpp:
- (DFG):
- (JSC::DFG::putByVal):
- (JSC::DFG::operationPutByValInternal):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- * runtime/JSObject.h:
- (JSC::JSValue::putByIndex):
- * runtime/JSValue.cpp:
- (JSC):
- * runtime/JSValue.h:
- (JSValue):
-
-2012-03-05 Sam Weinig <sam@webkit.org>
-
- Add support for hosting layers in the window server in WebKit2
- <rdar://problem/10400246>
- https://bugs.webkit.org/show_bug.cgi?id=80310
-
- Reviewed by Anders Carlsson.
-
- * wtf/Platform.h:
- Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
-
-2012-03-05 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
-
- * bytecode/ExecutionCounter.cpp:
- (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
- * bytecode/ExecutionCounter.h:
-
-2012-03-05 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for !ENABLE(JIT) after r109705.
-
- * bytecode/ExecutionCounter.cpp:
- * bytecode/ExecutionCounter.h:
-
-2012-03-05 Andy Wingo <wingo@igalia.com>
+ (MarkedSpace): Make sure to account for our weak sets when sweeping,
+ shrinking, etc.
- Lexer: Specialize character predicates for LChar, UChar
- https://bugs.webkit.org/show_bug.cgi?id=79677
-
- Reviewed by Oliver Hunt.
-
- This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
- and isLineTerminator to perform a more limited number of checks if
- the lexer is being instantiated to work on LChar sequences. This
- is about a 1.5% win on the --parse-only suite, here.
-
- * parser/Lexer.cpp:
- (JSC::isLatin1): New static helper, specialized for LChar and
- UChar.
- (JSC::typesOfLatin1Characters): Rename from
- typesOfASCIICharacters, and expand to the range of the LChar
- type. All uses of isASCII are changed to use isLatin1. Generated
- using libunistring.
- (JSC::isNonLatin1IdentStart):
- (JSC::isIdentStart):
- (JSC::isNonLatin1IdentPart):
- (JSC::isIdentPart):
- (JSC::Lexer::shiftLineTerminator):
- (JSC::Lexer::parseIdentifier):
- (JSC::Lexer::parseIdentifierSlowCase):
- (JSC::Lexer::parseStringSlowCase):
- (JSC::Lexer::parseMultilineComment):
- (JSC::Lexer::lex):
- (JSC::Lexer::scanRegExp):
- (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
- * parser/Lexer.h:
- (JSC::Lexer::isWhiteSpace):
- (JSC::Lexer::isLineTerminator):
- * KeywordLookupGenerator.py:
- (Trie.printAsC): Declare specialized isIdentPart static functions.
-
-2012-03-05 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Add missing header file.
-
-2012-03-05 Andy Wingo <wingo@igalia.com>
-
- WTF: Micro-optimize cleanup of empty vectors and hash tables
- https://bugs.webkit.org/show_bug.cgi?id=79903
-
- Reviewed by Michael Saboff and Geoffrey Garen.
-
- This patch speeds up cleanup of vectors and hash tables whose
- backing store was never allocated. This is the case by default
- for most vectors / hash tables that never had any entries added.
-
- The result for me is that calling checkSyntax 1000 times on
- concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
- 2.4% speedup.
-
- * wtf/HashTable.h:
- (WTF::HashTable::~HashTable):
- (WTF::::clear): Don't deallocate the storage or frob member
- variables if there is no backing storage.
- * wtf/Vector.h:
- (WTF::VectorBufferBase::deallocateBuffer): Likewise.
-
-2012-03-04 Filip Pizlo <fpizlo@apple.com>
-
- JIT heuristics should be hyperbolic
- https://bugs.webkit.org/show_bug.cgi?id=80055
- <rdar://problem/10922260>
-
- Reviewed by Oliver Hunt.
-
- Added tracking of the amount of executable memory typically used for a bytecode
- instruction. Modified the execution counter scheme to use this, and the amount
- of free memory, to determine how long to wait before invoking the JIT.
-
- The result is that even if we bomb the VM with more code than can fit in our
- executable memory pool, we still keep running and almost never run out of
- executable memory - which ensures that if we have to JIT something critical, then
- we'll likely have enough memory to do so. This also does not regress performance
- on the three main benchmarks.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::predictedMachineCodeSize):
- (JSC):
- (JSC::CodeBlock::usesOpcode):
- * bytecode/CodeBlock.h:
- (CodeBlock):
- (JSC::CodeBlock::checkIfJITThresholdReached):
- (JSC::CodeBlock::dontJITAnytimeSoon):
- (JSC::CodeBlock::jitAfterWarmUp):
- (JSC::CodeBlock::jitSoon):
- (JSC::CodeBlock::llintExecuteCounter):
- (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
- (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
- (JSC::CodeBlock::addressOfJITExecuteCounter):
- (JSC::CodeBlock::offsetOfJITExecuteCounter):
- (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
- (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
- (JSC::CodeBlock::jitExecuteCounter):
- (JSC::CodeBlock::checkIfOptimizationThresholdReached):
- (JSC::CodeBlock::optimizeNextInvocation):
- (JSC::CodeBlock::dontOptimizeAnytimeSoon):
- (JSC::CodeBlock::optimizeAfterWarmUp):
- (JSC::CodeBlock::optimizeAfterLongWarmUp):
- (JSC::CodeBlock::optimizeSoon):
- * bytecode/ExecutionCounter.cpp: Added.
- (JSC):
- (JSC::ExecutionCounter::ExecutionCounter):
- (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
- (JSC::ExecutionCounter::setNewThreshold):
- (JSC::ExecutionCounter::deferIndefinitely):
- (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
- (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
- (JSC::ExecutionCounter::hasCrossedThreshold):
- (JSC::ExecutionCounter::setThreshold):
- (JSC::ExecutionCounter::reset):
- * bytecode/ExecutionCounter.h: Added.
- (JSC):
- (ExecutionCounter):
- (JSC::ExecutionCounter::formattedTotalCount):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * jit/ExecutableAllocator.cpp:
- (JSC::DemandExecutableAllocator::allocateNewSpace):
- (JSC::ExecutableAllocator::underMemoryPressure):
- (JSC):
- (JSC::ExecutableAllocator::memoryPressureMultiplier):
- * jit/ExecutableAllocator.h:
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::ExecutableAllocator::memoryPressureMultiplier):
+ * heap/WeakSet.cpp:
(JSC):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * llint/LLIntSlowPaths.cpp:
- (JSC::LLInt::jitCompileAndSetHeuristics):
- * llint/LowLevelInterpreter32_64.asm:
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- * runtime/Options.cpp:
- (Options):
- (JSC::Options::initializeOptions):
- * runtime/Options.h:
- (Options):
- * wtf/SimpleStats.h: Added.
- (WTF):
- (SimpleStats):
- (WTF::SimpleStats::SimpleStats):
- (WTF::SimpleStats::add):
- (WTF::SimpleStats::operator!):
- (WTF::SimpleStats::count):
- (WTF::SimpleStats::sum):
- (WTF::SimpleStats::sumOfSquares):
- (WTF::SimpleStats::mean):
- (WTF::SimpleStats::variance):
- (WTF::SimpleStats::standardDeviation):
-
-2012-03-04 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
- https://bugs.webkit.org/show_bug.cgi?id=71507
-
- Reviewed by Antonio Gomes.
-
- * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
-
-2012-03-04 David Kilzer <ddkilzer@apple.com>
-
- Fix build when the classic interpreter is enabled
-
- Reviewed by Gavin Barraclough.
-
- Fixes the following build error when running the "Generate
- Derived Sources" build phase script:
-
- offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
- ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
- from JavaScriptCore/offlineasm/asm.rb:131
- Command /bin/sh failed with exit code 1
-
- Gavin's fix in r109674 avoided the #error statement in
- JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
- caused the "Generate Derived Sources" build phase script to fail
- when JavaScriptCore/offlineasm/asm.rb was run. The solution is
- to detect when the classic interpreter is being built and simply
- exit early from asm.rb in that case.
-
- * llint/LLIntOffsetsExtractor.cpp:
- (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
- JIT is disabled. Note that offsets.rb doesn't care about the
- return value here, but instead it cares about finding the magic
- values in the binary. The magic values are no longer present
- when the JIT is disabled.
- * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
- early with a status message.
- * offlineasm/offsets.rb:
- (MissingMagicValuesException): Add new exception class.
- (offsetsAndConfigurationIndex): Throw
- MissingMagicValuesException when no magic values are found.
-
-2012-03-04 Jurij Smakov <jurij@wooyd.org>
-
- SPARC also needs aligned accesses.
-
- Rubber-stamped by Gustavo Noronha Silva.
-
- * wtf/Platform.h:
-
-2012-03-04 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed build fix.
-
- * jit/JITStubs.h:
- - Move ENABLE(JIT) to head of file.
-
-2012-03-03 Gavin Barraclough <barraclough@apple.com>
-
- Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
- https://bugs.webkit.org/show_bug.cgi?id=80217
-
- Reviewed by Filip Pizlo.
-
- putByIndex() provides similar behavior to put(), but for indexed property names.
- Many places in ArrayPrototype call putByIndex() where they really mean to call
- [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
- calling numeric accessors (& respecting numeric read only properties) on the
- prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
- putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncConcat):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- * runtime/JSArray.cpp:
+ * heap/WeakSet.h:
+ (WeakSet):
+ (JSC::WeakSet::heap):
(JSC):
- (JSC::reject):
- (JSC::SparseArrayValueMap::putDirect):
- (JSC::JSArray::defineOwnNumericProperty):
- (JSC::JSArray::putByIndexBeyondVectorLength):
- (JSC::JSArray::putDirectIndexBeyondVectorLength):
- * runtime/JSArray.h:
- (SparseArrayValueMap):
- (JSArray):
- (JSC::JSArray::putDirectIndex):
-
-2012-03-03 Benjamin Poulain <benjamin@webkit.org>
-
- Implement the basis of KURLWTFURL
- https://bugs.webkit.org/show_bug.cgi?id=79600
-
- Reviewed by Adam Barth.
-
- Add an API to know if a ParsedURL is valid.
-
- * wtf/url/api/ParsedURL.cpp:
- (WTF::ParsedURL::ParsedURL):
- (WTF):
- (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
- and by KURL's detach() on write.
- (WTF::ParsedURL::baseAsString):
- (WTF::ParsedURL::segment):
- Add a stronger constraint on accessors: the client of this API should never ask for the segments
- on an invalid URL.
- * wtf/url/api/ParsedURL.h:
- (WTF):
- (WTF::ParsedURL::ParsedURL):
- (ParsedURL):
- (WTF::ParsedURL::isValid):
-
-2012-03-03 Hans Wennborg <hans@chromium.org>
-
- Implement Speech JavaScript API
- https://bugs.webkit.org/show_bug.cgi?id=80019
-
- Reviewed by Adam Barth.
-
- Add ENABLE_SCRIPTED_SPEECH.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-03-02 Filip Pizlo <fpizlo@apple.com>
-
- When getting the line number of a call into a call frame with no code block, it's
- incorrect to rely on the returnPC
- https://bugs.webkit.org/show_bug.cgi?id=80195
-
- Reviewed by Oliver Hunt.
-
- * interpreter/Interpreter.cpp:
- (JSC::getCallerInfo):
- * jit/JITCall.cpp:
- (JSC::JIT::compileLoadVarargs):
-
-2012-03-02 Han Hojong <hojong.han@samsung.com>
-
- Expected results updated for checking type conversion
- https://bugs.webkit.org/show_bug.cgi?id=80138
-
- Reviewed by Gavin Barraclough.
-
- * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
-
-2012-03-02 Kenichi Ishibashi <bashi@chromium.org>
-
- Adding WebSocket per-frame DEFLATE extension
- https://bugs.webkit.org/show_bug.cgi?id=77522
-
- Added USE(ZLIB) flag.
-
- Reviewed by Kent Tamura.
-
- * wtf/Platform.h:
-
-2012-03-02 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
-
-2012-03-01 Filip Pizlo <fpizlo@apple.com>
-
- DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
- virtue of being in the transitive closure
- https://bugs.webkit.org/show_bug.cgi?id=80098
-
- Reviewed by Anders Carlsson.
-
- If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
- then you might have the visitAggregate() method called concurrently by multiple threads.
- This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
- racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
- due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
-
- It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
- not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
- any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
- Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
- don't lead to two threads racing over each other as they clobber state. This patch
- achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
- trivially linearizable) will get to trace the CodeBlock; all other threads give up and
- go home.
-
- Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
- times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
- even when it's gotten sufficient counts. But that takes a while - sometimes up to a
- minute to get a crash. I have no other reliable repro case.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeBlock.h:
- (DFGData):
- * heap/DFGCodeBlocks.cpp:
- (JSC::DFGCodeBlocks::clearMarks):
-
-2012-03-01 Filip Pizlo <fpizlo@apple.com>
-
- The JIT should not crash the entire process just because there is not enough executable
- memory, if the LLInt is enabled
- https://bugs.webkit.org/show_bug.cgi?id=79962
-
- Reviewed by Csaba Osztrogonác.
-
- Fix for ARM, SH4.
-
- * assembler/AssemblerBufferWithConstantPool.h:
- (JSC::AssemblerBufferWithConstantPool::executableCopy):
-
-2012-03-01 Ryosuke Niwa <rniwa@webkit.org>
-
- Revert my change. Broke builds.
- Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
- Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
+ (JSC::WeakSet::lastChanceToFinalize):
+ (JSC::WeakSet::visit):
+ (JSC::WeakSet::reap):
+ (JSC::WeakSet::shrink):
+ (JSC::WeakSet::resetAllocator): Inlined some things since they're called
+ once per block now instead of once per heap.
- * wtf/Atomics.h:
- (WTF):
- (WTF::weakCompareAndSwap):
+ * heap/WeakSetInlines.h:
+ (JSC::WeakSet::allocate): Use the per-block weak set since there is no
+ per-heap weak set anymore.
-2012-03-01 Ryosuke Niwa <rniwa@webkit.org>
+2012-05-24 Gavin Barraclough <barraclough@apple.com>
- Gcc build fix.
+ Fix arm build
- Rubber-stamped by Filip Pizlo.
+ Rubber stamped by Geoff Garen
- * wtf/Atomics.h:
- (WTF):
- (WTF::weakCompareAndSwap):
+ * dfg/DFGGPRInfo.h:
+ (GPRInfo):
-2012-03-01 Gavin Barraclough <barraclough@apple.com>
+2012-05-24 Gavin Barraclough <barraclough@apple.com>
- ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
- https://bugs.webkit.org/show_bug.cgi?id=80011
+ Move cacheFlush from ExecutableAllocator to Assembler classes
+ https://bugs.webkit.org/show_bug.cgi?id=87420
Reviewed by Oliver Hunt.
- Also, fix getting the caller from within a bound function, for within a getter,
- or setter (make our implementation match other browsers).
-
- * interpreter/Interpreter.cpp:
- (JSC::getCallerInfo):
- - Allow this to get the caller of host functions.
- (JSC::Interpreter::retrieveCallerFromVMCode):
- - This should use getCallerInfo, and should skip over function bindings.
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::callerGetter):
- - This should never return a strict-mode function.
-
-2012-03-01 Yuqiang Xian <yuqiang.xian@intel.com>
+ Makes more sense there, & remove a pile of #ifdefs.
- DFG local CSE for a node can be terminated earlier
- https://bugs.webkit.org/show_bug.cgi?id=80014
-
- Reviewed by Filip Pizlo.
-
- When one of the node's childredn is met in the process of back traversing
- the nodes, we don't need to traverse the remaining nodes.
- This is performance neutral on SunSpider, V8 and Kraken.
-
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::pureCSE):
- (JSC::DFG::CSEPhase::impureCSE):
- (JSC::DFG::CSEPhase::getByValLoadElimination):
- (JSC::DFG::CSEPhase::checkFunctionElimination):
- (JSC::DFG::CSEPhase::checkStructureLoadElimination):
- (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
- (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
- (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-
-2012-02-29 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG BasicBlocks should not require that their nodes have continuous indices in the graph
- https://bugs.webkit.org/show_bug.cgi?id=79899
-
- Reviewed by Filip Pizlo.
-
- This will make it more convenient to insert nodes into the DFG.
- With this capability we now place the Phi nodes in the corresponding
- blocks.
- Local CSE is modified to not to rely on the assumption of continuous
- node indices in a block.
- This is performance neutral on SunSpider, V8 and Kraken.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::AbstractState):
- (JSC::DFG::AbstractState::beginBasicBlock):
- (JSC::DFG::AbstractState::execute):
- (JSC::DFG::AbstractState::clobberStructures):
- (JSC::DFG::AbstractState::mergeToSuccessors):
- (JSC::DFG::AbstractState::dump):
- * dfg/DFGAbstractState.h:
- (JSC::DFG::AbstractState::forNode):
- (AbstractState):
- * dfg/DFGArithNodeFlagsInferencePhase.cpp:
- (ArithNodeFlagsInferencePhase):
- * dfg/DFGBasicBlock.h:
- (JSC::DFG::BasicBlock::BasicBlock):
- (BasicBlock):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addToGraph):
- (ByteCodeParser):
- (JSC::DFG::ByteCodeParser::insertPhiNode):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::linkBlock):
- (JSC::DFG::ByteCodeParser::determineReachability):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
- * dfg/DFGCFAPhase.cpp:
- (JSC::DFG::CFAPhase::performBlockCFA):
- (CFAPhase):
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::CSEPhase):
- (JSC::DFG::CSEPhase::endIndexForPureCSE):
- (JSC::DFG::CSEPhase::pureCSE):
- (JSC::DFG::CSEPhase::impureCSE):
- (JSC::DFG::CSEPhase::globalVarLoadElimination):
- (JSC::DFG::CSEPhase::getByValLoadElimination):
- (JSC::DFG::CSEPhase::checkFunctionElimination):
- (JSC::DFG::CSEPhase::checkStructureLoadElimination):
- (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
- (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
- (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
- (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
- (JSC::DFG::CSEPhase::performNodeCSE):
- (JSC::DFG::CSEPhase::performBlockCSE):
- (CSEPhase):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGPhase.cpp:
- (JSC::DFG::Phase::beginPhase):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
- (JSC::DFG::SpeculativeJIT::compileStrictEq):
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
- (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-02-29 Filip Pizlo <fpizlo@apple.com>
-
- The JIT should not crash the entire process just because there is not
- enough executable memory, if the LLInt is enabled
- https://bugs.webkit.org/show_bug.cgi?id=79962
- <rdar://problem/10922215>
-
- Unreviewed, adding forgotten file.
-
- * jit/JITCompilationEffort.h: Added.
- (JSC):
-
-2012-02-29 Filip Pizlo <fpizlo@apple.com>
-
- The JIT should not crash the entire process just because there is not
- enough executable memory, if the LLInt is enabled
- https://bugs.webkit.org/show_bug.cgi?id=79962
- <rdar://problem/10922215>
-
- Reviewed by Gavin Barraclough.
-
- Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
- a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
- JITCompilationMustSucceed. This preserves the old behavior of LLInt is
- disabled or if we're compiling something that can't be interpreted (like
- an OSR exit stub).
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::executableCopy):
+ (JSC):
+ (JSC::ARMAssembler::cacheFlush):
* assembler/ARMAssembler.h:
(ARMAssembler):
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::executableCopy):
+ (JSC::ARMAssembler::cacheFlush):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::relinkJump):
+ (JSC::ARMv7Assembler::cacheFlush):
+ (ARMv7Assembler):
+ (JSC::ARMv7Assembler::setInt32):
+ (JSC::ARMv7Assembler::setUInt7ForLoad):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::cacheFlush):
* assembler/LinkBuffer.h:
- (JSC::LinkBuffer::LinkBuffer):
- (JSC::LinkBuffer::~LinkBuffer):
- (LinkBuffer):
- (JSC::LinkBuffer::didFailToAllocate):
- (JSC::LinkBuffer::isValid):
- (JSC::LinkBuffer::linkCode):
(JSC::LinkBuffer::performFinalization):
* assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::executableCopy):
+ (JSC::MIPSAssembler::relinkJump):
+ (JSC::MIPSAssembler::relinkCall):
+ (JSC::MIPSAssembler::repatchInt32):
+ (JSC::MIPSAssembler::cacheFlush):
+ (MIPSAssembler):
* assembler/SH4Assembler.h:
- (JSC::SH4Assembler::executableCopy):
+ (JSC::SH4Assembler::repatchCompact):
+ (JSC::SH4Assembler::cacheFlush):
+ (SH4Assembler):
* assembler/X86Assembler.h:
- (JSC::X86Assembler::executableCopy):
- (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
- * bytecode/CodeBlock.cpp:
- (JSC::ProgramCodeBlock::jitCompileImpl):
- (JSC::EvalCodeBlock::jitCompileImpl):
- (JSC::FunctionCodeBlock::jitCompileImpl):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::jitCompile):
- (CodeBlock):
- (ProgramCodeBlock):
- (EvalCodeBlock):
- (FunctionCodeBlock):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (JITCompiler):
+ (X86Assembler):
+ (JSC::X86Assembler::cacheFlush):
* jit/ExecutableAllocator.cpp:
- (JSC::DemandExecutableAllocator::allocateNewSpace):
- (JSC::ExecutableAllocator::allocate):
+ (JSC):
* jit/ExecutableAllocator.h:
(ExecutableAllocator):
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::ExecutableAllocator::allocate):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JSC::JIT::compile):
- (JIT):
- * jit/JITCompilationEffort.h: Added.
- (JSC):
- * jit/JITDriver.h:
- (JSC::jitCompileIfAppropriate):
- (JSC::jitCompileFunctionIfAppropriate):
- * llint/LLIntSlowPaths.cpp:
- (LLInt):
- (JSC::LLInt::jitCompileAndSetHeuristics):
- (JSC::LLInt::entryOSR):
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::jitCompile):
- (JSC::ProgramExecutable::jitCompile):
- (JSC::FunctionExecutable::jitCompileForCall):
- (JSC::FunctionExecutable::jitCompileForConstruct):
- * runtime/Executable.h:
- (EvalExecutable):
- (ProgramExecutable):
- (FunctionExecutable):
- (JSC::FunctionExecutable::jitCompileFor):
- * runtime/ExecutionHarness.h:
- (JSC::prepareForExecution):
- (JSC::prepareFunctionForExecution):
-
-2012-02-29 No'am Rosenthal <noam.rosenthal@nokia.com>
-
- [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
- https://bugs.webkit.org/show_bug.cgi?id=79501
-
- Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
-
- Reviewed by Kenneth Rohde Christiansen.
-
- * wtf/Platform.h:
-
-2012-02-29 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Oliver Hunt.
-
- * tests/mozilla/ecma_2/RegExp/constructor-001.js:
- * tests/mozilla/ecma_2/RegExp/function-001.js:
- * tests/mozilla/ecma_2/RegExp/properties-001.js:
- - Check in new test cases results.
-
-2012-02-29 Mark Rowe <mrowe@apple.com>
-
- Stop installing JSCLLIntOffsetsExtractor.
-
- Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
- that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
- This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
-
- While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
- for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
- to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
- allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
- Reviewed by Filip Pizlo.
-
- * Configurations/TestRegExp.xcconfig: Removed.
- * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-02-28 Filip Pizlo <fpizlo@apple.com>
-
- RefCounted::deprecatedTurnOffVerifier() should not be deprecated
- https://bugs.webkit.org/show_bug.cgi?id=79864
-
- Reviewed by Oliver Hunt.
-
- Removed the word "deprecated" from the name of this method, since this method
- should not be deprecated. It works just fine as it is, and there is simply no
- alternative to calling this method for many interesting JSC classes.
-
- * parser/SourceProvider.h:
- (JSC::SourceProvider::SourceProvider):
- * runtime/SymbolTable.h:
- (JSC::SharedSymbolTable::SharedSymbolTable):
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
- (WTF::MetaAllocator::allocate):
- * wtf/RefCounted.h:
- (RefCountedBase):
- (WTF::RefCountedBase::turnOffVerifier):
-
-2012-02-29 Gavin Barraclough <barraclough@apple.com>
-
- 'source' property of RegExp instance cannot be ""
- https://bugs.webkit.org/show_bug.cgi?id=79938
-
- Reviewed by Oliver Hunt.
-
- 15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
- and also states that the result must be a valid RegularExpressionLiteral. '//' is
- not a valid RegularExpressionLiteral (since it is a single line comment), and hence
- source cannot ever validly be "". If the source is empty, return a different Pattern
- that would match the same thing.
-
- * runtime/RegExpObject.cpp:
- (JSC::regExpObjectSource):
- - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncToString):
- - No need to special case the empty string - this should be being done by 'source'.
-
-2012-02-29 Gavin Barraclough <barraclough@apple.com>
-
- Writable attribute not set correctly when redefining an accessor to a data descriptor
- https://bugs.webkit.org/show_bug.cgi?id=79931
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineOwnProperty):
- - use attributesOverridingCurrent instead of attributesWithOverride.
- * runtime/PropertyDescriptor.cpp:
- * runtime/PropertyDescriptor.h:
- - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
-
-2012-02-29 Kevin Ollivier <kevino@theolliviers.com>
+2012-05-24 John Mellor <johnme@chromium.org>
- Add JSCore symbol exports needed by wx port
- https://bugs.webkit.org/show_bug.cgi?id=77280
-
- Reviewed by Hajime Morita.
-
- * wtf/ArrayBufferView.h:
- * wtf/ExportMacros.h:
-
-2012-02-28 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [CMake] Always build wtf as a static library.
- https://bugs.webkit.org/show_bug.cgi?id=79857
-
- Reviewed by Eric Seidel.
-
- To help the efforts in bug 75673 to move WTF out of
- JavaScriptCore, act more like the other ports and remove the
- possibility of building WTF as a shared library.
-
- It does not make much sense to, for example, ship WTF as a
- separate .so with webkit-efl packages, and it should be small
- enough not to cause problems during linking.
-
- * wtf/CMakeLists.txt:
-
-2012-02-28 Dmitry Lomov <dslomov@google.com>
-
- [JSC] Implement ArrayBuffer transfer
- https://bugs.webkit.org/show_bug.cgi?id=73493.
- Implement ArrayBuffer transfer, per Khronos spec: http://www.khronos.org/registry/typedarray/specs/latest/#9.
- This brings parity with V8 implementation of transferable typed arrays.
-
- Reviewed by Oliver Hunt.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
- * wtf/ArrayBuffer.h:
- (ArrayBuffer): Added extra export.
-
-2012-02-28 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed. Build fix after recent LLInt additions.
-
- * wscript:
-
-2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Refactor SpeculativeJIT::emitAllocateJSFinalObject
- https://bugs.webkit.org/show_bug.cgi?id=79801
-
- Reviewed by Filip Pizlo.
+ Font Boosting: Add compile flag and runtime setting
+ https://bugs.webkit.org/show_bug.cgi?id=87394
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
- function, which is more generic in that it can allocate a variety of classes.
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
-
-2012-02-28 Gavin Barraclough <barraclough@apple.com>
-
- [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
- https://bugs.webkit.org/show_bug.cgi?id=79588
-
- Reviewed by Oliver Hunt.
-
- In the case of [[Get]], this is a pretty trivial bug - just don't wrap
- primitives at the point you call a getter.
-
- For setters, this is a little more involved, since we have already wrapped
- the value up in a synthesized object. Stop doing so. There is also a further
- subtely, that in strict mode all attempts to create a new data property on
- the object should throw.
-
- * runtime/JSCell.cpp:
- (JSC::JSCell::put):
- - [[Put]] to a string primitive should use JSValue::putToPrimitive.
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- - Remove static function called in one place.
- * runtime/JSObject.h:
- (JSC::JSValue::put):
- - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
- * runtime/JSValue.cpp:
- (JSC::JSValue::synthesizePrototype):
- - Add support for synthesizing the prototype of strings.
- (JSC::JSValue::putToPrimitive):
- - Added, implements [[Put]] for primitive bases, per 8.7.2.
- * runtime/JSValue.h:
- (JSValue):
- - Add declaration for JSValue::putToPrimitive.
- * runtime/PropertySlot.cpp:
- (JSC::PropertySlot::functionGetter):
- - Don't call ToObject on primitive this values.
-
-2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Re-enable parallel GC on Mac
- https://bugs.webkit.org/show_bug.cgi?id=79837
-
- Rubber stamped by Filip Pizlo.
-
- * runtime/Options.cpp:
- (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
- so we removed it and things should go back to normal.
-
-2012-02-28 Filip Pizlo <fpizlo@apple.com>
-
- Some run-javascriptcore-tests broken for 32-bit debug
- https://bugs.webkit.org/show_bug.cgi?id=79844
-
- Rubber stamped by Oliver Hunt.
-
- These assertions are just plain wrong for 32-bit. We could either have a massive
- assertion that depends on value representation, that has to be changed every
- time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
- could get rid of the assertions. I pick the latter.
-
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
-
-2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Get rid of padding cruft in CopiedBlock
- https://bugs.webkit.org/show_bug.cgi?id=79686
-
- Reviewed by Filip Pizlo.
-
- * heap/CopiedBlock.h:
- (CopiedBlock): Removed the extra padding that was used for alignment purposes until
- the calculation of the payload offset into CopiedBlocks was redone recently.
-
-2012-02-28 Anders Carlsson <andersca@apple.com>
-
- Fix build with newer versions of clang.
-
- Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
- but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
- takes a string literal.
-
- * wtf/Assertions.cpp:
-
-2012-02-28 Mario Sanchez Prada <msanchez@igalia.com>
-
- [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
- https://bugs.webkit.org/show_bug.cgi?id=79496
-
- Reviewed by Martin Robinson.
-
- Handle GMainLoop and GMainContext in GRefPtr, by calling
- g_main_loop_(un)ref and g_main_context_(un)ref in the
- implementation of the refGPtr and derefGPtr template functions.
-
- * wtf/gobject/GRefPtr.cpp:
- (WTF::refGPtr):
- (WTF):
- (WTF::derefGPtr):
- * wtf/gobject/GRefPtr.h:
- (WTF):
- * wtf/gobject/GTypedefs.h:
-
-2012-02-28 Yong Li <yoli@rim.com>
-
- JSString::resolveRope() should report extra memory cost to the heap.
- https://bugs.webkit.org/show_bug.cgi?id=79555
-
- Reviewed by Michael Saboff.
-
- At the time a JSString is constructed with fibers, it doesn't report
- extra memory cost, which is reasonable because it hasn't allocate
- new memory. However when the rope is resolved, it should report meory
- cost for the new buffer.
-
- * runtime/JSString.cpp:
- (JSC::JSString::resolveRope):
-
-2012-02-27 Oliver Hunt <oliver@apple.com>
-
- sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
- https://bugs.webkit.org/show_bug.cgi?id=79728
+ Reviewed by Adam Barth.
- Reviewed by Gavin Barraclough.
+ Add ENABLE_FONT_BOOSTING.
- When initialising a chained get instruction we may end up in a state where
- the instruction stream says we have a scopechain, but it has not yet been set
- (eg. if allocating the StructureChain itself is what leads to the GC). We could
- re-order the allocation, but it occurs in a couple of places, so it seems less
- fragile simply to null check the scopechain slot before we actually visit the slot.
+ * Configurations/FeatureDefines.xcconfig:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitStructures):
+2012-05-24 Allan Sandfeld Jensen <allan.jensen@nokia.com>
-2012-02-27 Filip Pizlo <fpizlo@apple.com>
+ cti_vm_throw gets kicked out by gcc 4.6 -flto
+ https://bugs.webkit.org/show_bug.cgi?id=56088
- Old JIT's style of JSVALUE64 strict equality is subtly wrong
- https://bugs.webkit.org/show_bug.cgi?id=79700
+ Reviewed by Darin Adler.
- Reviewed by Oliver Hunt.
+ Add REFERENCED_FROM_ASM to functions only referenced from assembler.
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::comparePtr):
- (MacroAssemblerX86_64):
* dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::compileOpStrictEq):
- (JSC::JIT::emitSlow_op_stricteq):
- (JSC::JIT::emitSlow_op_nstricteq):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
-
-2012-02-27 Gavin Barraclough <barraclough@apple.com>
-
- Implement support for op_negate and op_bitnot in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=79617
-
- Reviewed by Filip Pizlo.
-
- Add an ArithNegate op to the DFG JIT, to implement op_negate.
-
- This patch also adds support for op_negate to the JSVALUE64 baseline JIT
- (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
-
- This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::sub_S):
- - Added sub_S from immediate.
- (ARMv7Assembler):
- (JSC::ARMv7Assembler::vneg):
- - Added double negate.
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::negateDouble):
- - Added double negate.
- (MacroAssemblerARMv7):
- (JSC::MacroAssemblerARMv7::branchNeg32):
- - Added.
- * assembler/MacroAssemblerX86.h:
- (MacroAssemblerX86):
- - moved loadDouble, absDouble to common.
- * assembler/MacroAssemblerX86Common.h:
- (MacroAssemblerX86Common):
- (JSC::MacroAssemblerX86Common::absDouble):
- - implementation can be shared.
- (JSC::MacroAssemblerX86Common::negateDouble):
- - Added.
- (JSC::MacroAssemblerX86Common::loadDouble):
- - allow absDouble to have a common implementation.
- * assembler/MacroAssemblerX86_64.h:
- (MacroAssemblerX86_64):
- - moved loadDouble, absDouble to common.
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- - support ArithNegate.
- * dfg/DFGArithNodeFlagsInferencePhase.cpp:
- (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
- - support ArithNegate.
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- - support ArithNegate.
- (JSC::DFG::ByteCodeParser::parseBlock):
- - support op_negate.
- * dfg/DFGCSEPhase.cpp:
- (JSC::DFG::CSEPhase::performNodeCSE):
- - support ArithNegate.
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- - support op_negate.
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::negateShouldSpeculateInteger):
- - support ArithNegate.
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasArithNodeFlags):
- - support ArithNegate.
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- - support ArithNegate.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileArithNegate):
- - support ArithNegate.
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- - support ArithNegate.
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - support ArithNegate.
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - support ArithNegate.
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- - Add support for op_negate in JSVALUE64.
- * jit/JITArithmetic.cpp:
- (JSC::JIT::emit_op_negate):
- (JSC::JIT::emitSlow_op_negate):
- - Add support for op_negate in JSVALUE64.
-
-2012-02-27 Mahesh Kulkarni <mahesh.kulkarni@nokia.com>
-
- Unreviewed. Build fix for linux-bot (qt) after r109021.
-
- * runtime/Error.cpp:
-
-2012-02-27 Oliver Hunt <oliver@apple.com>
-
- REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
- https://bugs.webkit.org/show_bug.cgi?id=79693
-
- Reviewed by Filip Pizlo.
-
- Alas we can't provide the stack trace as an array, as despite everyone wanting
- an array, everyone arbitrarily creates the array by calling split on the stack
- trace. To create the array we would have provided them in the first place.
-
- This changes the exception's stack property to a \n separated string. To get the
- old array just do <exception>.stack.split("\n").
-
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
-
-2012-02-27 Gavin Barraclough <barraclough@apple.com>
-
- RegExp lastIndex should behave as a regular property
- https://bugs.webkit.org/show_bug.cgi?id=79446
-
- Reviewed by Sam Weinig.
-
- lastIndex should be a regular data descriptor, with the attributes configurable:false,
- enumerable:false, writable:true. As such, it should be possible to reconfigure writable
- as false. If the lastIndex property is reconfigured to be read-only, we should respect
- this correctly.
-
- * runtime/CommonIdentifiers.h:
- - Removed some unused identifiers, added lastIndex.
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::getOwnPropertySlot):
- - lastIndex is no longer a static value, provided specific handling.
- (JSC::RegExpObject::getOwnPropertyDescriptor):
- - lastIndex is no longer a static value, provided specific handling.
- (JSC::RegExpObject::deleteProperty):
- - lastIndex is no longer a static value, provided specific handling.
- (JSC::RegExpObject::getOwnPropertyNames):
- - lastIndex is no longer a static value, provided specific handling.
- (JSC::RegExpObject::getPropertyNames):
- - lastIndex is no longer a static value, provided specific handling.
- (JSC::reject):
- - helper function for defineOwnProperty.
- (JSC::RegExpObject::defineOwnProperty):
- - lastIndex is no longer a static value, provided specific handling.
- (JSC::RegExpObject::put):
- - lastIndex is no longer a static value, provided specific handling.
- (JSC::RegExpObject::match):
- - Pass setLastIndex an ExecState, so it can throw if read-only.
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::setLastIndex):
- - Pass setLastIndex an ExecState, so it can throw if read-only.
- (RegExpObjectData):
- - Added lastIndexIsWritable.
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncCompile):
- - Pass setLastIndex an ExecState, so it can throw if read-only.
-
-2012-02-27 Gavin Barraclough <barraclough@apple.com>
-
- Implement support for op_negate and op_bitnot in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=79617
-
- Reviewed by Sam Weinig.
-
- Remove op_bitnop - this is redundant, ~x === x^-1.
- This is a fractional (<1%) progression.
-
- Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
- Remove CanReuse from the result type - this was unused.
- Remove op_bitnot.
-
- * assembler/MacroAssemblerARM.h:
- (MacroAssemblerARM):
- (JSC::MacroAssemblerARM::xor32):
- * assembler/MacroAssemblerARMv7.h:
- (MacroAssemblerARMv7):
- (JSC::MacroAssemblerARMv7::xor32):
- * assembler/MacroAssemblerMIPS.h:
- (MacroAssemblerMIPS):
- (JSC::MacroAssemblerMIPS::xor32):
- * assembler/MacroAssemblerSH4.h:
- (MacroAssemblerSH4):
- (JSC::MacroAssemblerSH4::xor32):
- * assembler/MacroAssemblerX86Common.h:
- (MacroAssemblerX86Common):
- (JSC::MacroAssemblerX86Common::xor32):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/Opcode.h:
- (JSC):
- (JSC::padOpcodeName):
- * bytecompiler/NodesCodegen.cpp:
- (JSC):
- (JSC::BitwiseNotNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- * jit/JIT.h:
- (JIT):
- * jit/JITArithmetic32_64.cpp:
- (JSC):
- * jit/JITOpcodes.cpp:
- (JSC):
- * jit/JITStubs.cpp:
- (JSC):
+ * jit/HostCallReturnValue.h:
* jit/JITStubs.h:
- * llint/LLIntSlowPaths.cpp:
- (LLInt):
- * llint/LLIntSlowPaths.h:
- (LLInt):
- * llint/LowLevelInterpreter32_64.asm:
- * parser/NodeConstructors.h:
- (JSC::NegateNode::NegateNode):
- (JSC::BitwiseNotNode::BitwiseNotNode):
- (JSC::MultNode::MultNode):
- (JSC::DivNode::DivNode):
- (JSC::ModNode::ModNode):
- (JSC::SubNode::SubNode):
- (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
- * parser/Nodes.h:
- (BitwiseNotNode):
- (JSC::BitwiseNotNode::expr):
- (JSC):
- * parser/ResultType.h:
- (ResultType):
- (JSC::ResultType::numberTypeIsInt32):
- (JSC::ResultType::stringOrNumberType):
- (JSC::ResultType::forAdd):
- (JSC::ResultType::forBitOp):
-
-2012-02-27 Michael Saboff <msaboff@apple.com>
-
- Error check regexp min quantifier
- https://bugs.webkit.org/show_bug.cgi?id=70648
-
- Reviewed by Gavin Barraclough.
-
- Added checking for min or only quantifier being UINT_MAX.
- When encountered this becomes a SyntaxError during parsing.
-
- * yarr/YarrParser.h:
- (JSC::Yarr::Parser::parseQuantifier):
- (JSC::Yarr::Parser::parse):
- (Parser):
-
-2012-02-27 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Add missing files.
-
-2012-02-26 Hajime Morrita <morrita@chromium.org>
-
- Move ChromeClient::showContextMenu() to ContextMenuClient
- https://bugs.webkit.org/show_bug.cgi?id=79427
-
- Reviewed by Adam Barth.
-
- Added ACCESSIBILITY_CONTEXT_MENUS.
-
- * wtf/Platform.h:
+ * jit/ThunkGenerators.cpp:
-2012-02-26 Filip Pizlo <fpizlo@apple.com>
+2012-05-24 Filip Pizlo <fpizlo@apple.com>
- LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
- https://bugs.webkit.org/show_bug.cgi?id=79616
+ Incorrect merge of r117542 from dfg opt branch in r118323 is leading to fast/js/dfg-arguments-osr-exit.html failing
+ https://bugs.webkit.org/show_bug.cgi?id=87350
- Reviewed by Oliver Hunt.
+ Reviewed by Maciej Stachowiak.
- Guard against the fact that in JSVALUE64, JSValue().isCell() == true.
-
- * dfg/DFGAbstractValue.h:
- (JSC::DFG::AbstractValue::validate):
-
-2012-02-26 Filip Pizlo <fpizlo@apple.com>
-
- DFG should support activations and nested functions
- https://bugs.webkit.org/show_bug.cgi?id=79554
-
- Reviewed by Sam Weinig.
+ The dfgopt branch introduced the notion of a local variable being killed because it was aliased
+ to the Arguments object as in cases like:
- Fix 32-bit. The 32-bit function+activation code had some really weird
- register reuse bugs.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-26 Filip Pizlo <fpizlo@apple.com>
-
- Getting the instruction stream for a code block should not require two loads
- https://bugs.webkit.org/show_bug.cgi?id=79608
-
- Reviewed by Sam Weinig.
+ var a = arguments;
+ return a.length;
- Introduced the RefCountedArray class, which contains a single inline pointer
- to a ref-counted non-resizeable vector backing store. This satisfies the
- requirements of CodeBlock, which desires the ability to share instruction
- streams with other CodeBlocks. It also reduces the number of loads required
- for getting the instruction stream by one.
+ This required changes to OSR exit handling - if the variable is dead but aliased to arguments, then
+ OSR exit should reify the arguments. But meanwhile, in tip of tree we introduced special handling for
+ dead variables on OSR exit. When the two were merged in r118323, the structure of the if/else branches
+ ended up being such that we would treat dead arguments variables as totally dead as opposed to treating
+ them as variables that need arguments reification.
- This patch also gets rid of the bytecode discarding logic, since we don't
- use it anymore and it's unlikely to ever work right with DFG or LLInt. And
- I didn't feel like porting dead code to use RefCountedArray.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::instructionOffsetForNth):
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::finalizeUnconditionally):
- (JSC::CodeBlock::handlerForBytecodeOffset):
- (JSC::CodeBlock::lineNumberForBytecodeOffset):
- (JSC::CodeBlock::expressionRangeForBytecodeOffset):
- (JSC::CodeBlock::shrinkToFit):
- * bytecode/CodeBlock.h:
- (CodeBlock):
- (JSC::CodeBlock::numberOfInstructions):
- (JSC::CodeBlock::instructions):
- (JSC::CodeBlock::instructionCount):
- (JSC::CodeBlock::valueProfileForBytecodeOffset):
- (JSC):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::Label::setLocation):
- (JSC):
- (JSC::BytecodeGenerator::generate):
- (JSC::BytecodeGenerator::newLabel):
- * bytecompiler/BytecodeGenerator.h:
- (JSC):
- (BytecodeGenerator):
- (JSC::BytecodeGenerator::instructions):
- * bytecompiler/Label.h:
- (JSC::Label::Label):
- (Label):
- * dfg/DFGByteCodeCache.h:
- (JSC::DFG::ByteCodeCache::~ByteCodeCache):
- (JSC::DFG::ByteCodeCache::get):
- * jit/JITExceptions.cpp:
- (JSC::genericThrow):
- * llint/LowLevelInterpreter32_64.asm:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
- (JSC::FunctionExecutable::produceCodeBlockFor):
- * wtf/RefCountedArray.h: Added.
- (WTF):
- (RefCountedArray):
- (WTF::RefCountedArray::RefCountedArray):
- (WTF::RefCountedArray::operator=):
- (WTF::RefCountedArray::~RefCountedArray):
- (WTF::RefCountedArray::size):
- (WTF::RefCountedArray::data):
- (WTF::RefCountedArray::begin):
- (WTF::RefCountedArray::end):
- (WTF::RefCountedArray::at):
- (WTF::RefCountedArray::operator[]):
- (Header):
- (WTF::RefCountedArray::Header::size):
- (WTF::RefCountedArray::Header::payload):
- (WTF::RefCountedArray::Header::fromPayload):
- * wtf/Platform.h:
-
-2012-02-26 Yusuke Suzuki <utatane.tea@gmail.com>
-
- StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
- https://bugs.webkit.org/show_bug.cgi?id=79571
+ This fixes the structure of the relevant if/else block so that variables that are dead-but-arguments
+ end up being treated as reified arguments objects, while variables that are dead but not aliased to
+ arguments are treated as tip of tree would have treated them (initialize to Undefined).
- Reviewed by Gavin Barraclough.
-
- * parser/ASTBuilder.h:
- (JSC::ASTBuilder::createGetterOrSetterProperty):
- * parser/Parser.cpp:
- (JSC::::parseProperty):
- * parser/SyntaxChecker.h:
- (JSC::SyntaxChecker::createGetterOrSetterProperty):
-
-2012-02-26 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Implement fast path for op_new_array in the baseline JIT
- https://bugs.webkit.org/show_bug.cgi?id=78612
-
- Reviewed by Filip Pizlo.
-
- heap/CopiedAllocator.h:
- (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
- * heap/CopiedSpace.h:
- (CopiedSpace): Friended the JIT to allow access to isOversize.
- (JSC::CopiedSpace::allocator):
- * heap/Heap.h:
- (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
- can use it for simple allocation i.e. when we can just bump the offset without having to
- do anything else.
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
- we have to bail out because the fast allocation path fails for whatever reason.
- * jit/JIT.h:
- (JIT):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
- allocate generic backing stores. This function is used by emitAllocateJSArray.
- (JSC):
- (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
- more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
- it will also be used for emit_op_new_array_buffer.
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
- a stub call for oversize arrays.
- (JSC):
- (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we
- fail in any way on the fast path.
- * runtime/JSArray.cpp:
- (JSC):
- * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
- initialize in the JIT.
- (ArrayStorage):
- (JSC::ArrayStorage::lengthOffset):
- (JSC::ArrayStorage::numValuesInVectorOffset):
- (JSC::ArrayStorage::allocBaseOffset):
- (JSC::ArrayStorage::vectorOffset):
- (JSArray):
- (JSC::JSArray::sparseValueMapOffset):
- (JSC::JSArray::subclassDataOffset):
- (JSC::JSArray::indexBiasOffset):
- (JSC):
- (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
- to being a static function in the JSArray class. This move allows the JIT to call it to
- see what size it should allocate.
-
-2012-02-26 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.
-
- * interpreter/Interpreter.cpp:
- (JSC::getLineNumberForCallFrame):
- (JSC::Interpreter::getStackTrace):
-
-2012-02-26 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for !ENABLE(JIT) after r108681.
-
- * interpreter/Interpreter.cpp:
- (JSC::getLineNumberForCallFrame):
-
-2012-02-25 Filip Pizlo <fpizlo@apple.com>
-
- LLInt assembly file should be split into 32-bit and 64-bit parts
- https://bugs.webkit.org/show_bug.cgi?id=79584
-
- Reviewed by Sam Weinig.
-
- Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
- the ability to include files, and correctly track dependencies: it restricts
- the include mechanism to using the same directory as the source file, and uses
- the SHA1 hash of all .asm files in that directory as an input hash.
-
- * llint/LLIntOfflineAsmConfig.h:
- * llint/LowLevelInterpreter.asm:
- * llint/LowLevelInterpreter32_64.asm: Added.
- - This is just the entire contents of what was previously LowLevelInterpreter.asm
- * llint/LowLevelInterpreter64.asm: Added.
- * offlineasm/asm.rb:
- * offlineasm/ast.rb:
- * offlineasm/generate_offset_extractor.rb:
- * offlineasm/parser.rb:
- * offlineasm/self_hash.rb:
-
-2012-02-25 Filip Pizlo <fpizlo@apple.com>
-
- Offlineasm should support X86_64
- https://bugs.webkit.org/show_bug.cgi?id=79581
-
- Reviewed by Oliver Hunt.
-
- * llint/LLIntOfflineAsmConfig.h:
- * offlineasm/backends.rb:
- * offlineasm/instructions.rb:
- * offlineasm/settings.rb:
- * offlineasm/x86.rb:
-
-2012-02-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG should support activations and nested functions
- https://bugs.webkit.org/show_bug.cgi?id=79554
-
- Reviewed by Oliver Hunt.
-
- Wrote the simplest possible implementation of activations. Big speed-up on
- code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
- Kraken) because they do not appear to have sufficient coverage over code
- that uses activations.
-
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- (JSC::predictionFromValue):
- * bytecode/PredictedType.h:
- (JSC):
- (JSC::isEmptyPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (ByteCodeParser):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- (JSC::DFG::canInlineOpcode):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::needsActivation):
- * dfg/DFGNode.h:
- (DFG):
- (JSC::DFG::Node::storageAccessDataIndex):
- (Node):
- (JSC::DFG::Node::hasFunctionDeclIndex):
- (JSC::DFG::Node::functionDeclIndex):
- (JSC::DFG::Node::hasFunctionExprIndex):
- (JSC::DFG::Node::functionExprIndex):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
- (DFG):
- (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callOperation):
- * dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-25 Benjamin Poulain <benjamin@webkit.org>
-
- Add an empty skeleton of KURL for WTFURL
- https://bugs.webkit.org/show_bug.cgi?id=78990
-
- Reviewed by Adam Barth.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
- so that can use them in WebCore.
-
-2012-02-25 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, fix build for DFG disabled and LLInt enabled.
-
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * llint/LLIntSlowPaths.cpp:
- (LLInt):
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2012-02-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fix the CopiedBlock offset alignment in a cross platform fashion
- https://bugs.webkit.org/show_bug.cgi?id=79556
-
- Reviewed by Filip Pizlo.
-
- Replaced m_payload with a payload() method that calculates the offset
- of the payload with the proper alignment. This change allows us to
- avoid alignment-related issues in a cross-platform manner.
-
- * heap/CopiedAllocator.h:
- (JSC::CopiedAllocator::currentUtilization):
- * heap/CopiedBlock.h:
- (JSC::CopiedBlock::CopiedBlock):
- (JSC::CopiedBlock::payload):
- (CopiedBlock):
- * heap/CopiedSpace.cpp:
- (JSC::CopiedSpace::doneFillingBlock):
- * heap/CopiedSpaceInlineMethods.h:
- (JSC::CopiedSpace::borrowBlock):
- (JSC::CopiedSpace::allocateFromBlock):
-2012-02-24 Michael Saboff <msaboff@apple.com>
+2012-05-24 Csaba Osztrogonác <ossy@webkit.org>
- Unreviewed, Windows build fix. Changed signature in export to match
- change made in r108858.
+ Unreviewed 32 bit buildfix after r118325.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): Use ASSERT_UNUSED instead ASSERT.
-2012-02-24 Filip Pizlo <fpizlo@apple.com>
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- DFG support for op_new_regexp should be enabled
- https://bugs.webkit.org/show_bug.cgi?id=79538
+ DFG operationTearOffActivation should return after handling the null activation case
+ https://bugs.webkit.org/show_bug.cgi?id=87348
+ <rdar://problem/11522295>
Reviewed by Oliver Hunt.
-
- No performance change.
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGCommon.h:
-
-2012-02-24 Michael Saboff <msaboff@apple.com>
-
- ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
- https://bugs.webkit.org/show_bug.cgi?id=73728
-
- Reviewed by Gavin Barraclough.
-
- Fixed the mixing of signed and unsigned character indeces in YARR
- interpreter.
-
- * runtime/RegExp.cpp:
- (JSC::RegExp::match): Added code to check for match longer than 2^31 and
- return no match after resetting the offsets.
- * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
- handling except when matching back references.
- (JSC::Yarr::Interpreter::InputStream::readChecked):
- (JSC::Yarr::Interpreter::InputStream::checkInput):
- (JSC::Yarr::Interpreter::InputStream::uncheckInput):
- (JSC::Yarr::Interpreter::InputStream::atStart):
- (JSC::Yarr::Interpreter::InputStream::atEnd):
- (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
- (JSC::Yarr::Interpreter::checkCharacter):
- (JSC::Yarr::Interpreter::checkCasedCharacter):
- (JSC::Yarr::Interpreter::checkCharacterClass):
- (JSC::Yarr::Interpreter::tryConsumeBackReference):
- (JSC::Yarr::Interpreter::matchAssertionBOL):
- (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
- (JSC::Yarr::Interpreter::backtrackPatternCharacter):
- (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
- (JSC::Yarr::Interpreter::matchCharacterClass):
- (JSC::Yarr::Interpreter::backtrackCharacterClass):
- (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
- (JSC::Yarr::Interpreter::matchDisjunction):
- (JSC::Yarr::Interpreter::interpret):
- (JSC::Yarr::ByteCompiler::assertionBOL):
- (JSC::Yarr::ByteCompiler::assertionEOL):
- (JSC::Yarr::ByteCompiler::assertionWordBoundary):
- (JSC::Yarr::ByteCompiler::atomPatternCharacter):
- (JSC::Yarr::ByteCompiler::atomCharacterClass):
- (JSC::Yarr::ByteCompiler::atomBackReference):
- (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
- (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
- (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
- (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
- (JSC::Yarr::ByteCompiler::emitDisjunction):
- * yarr/YarrInterpreter.h:
+ * dfg/DFGOperations.cpp:
-2012-02-24 Filip Pizlo <fpizlo@apple.com>
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
- enabled.
+ Unreviewed, merge the arguments fix in r118138 to get bots green.
- * llint/LLIntOfflineAsmConfig.h:
- * llint/LowLevelInterpreter.asm:
+ * dfg/DFGArgumentsSimplificationPhase.cpp:
+ (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-2012-02-24 Filip Pizlo <fpizlo@apple.com>
+2012-05-20 Filip Pizlo <fpizlo@apple.com>
- DFG should be able to handle variables getting captured
- https://bugs.webkit.org/show_bug.cgi?id=79469
+ DFG CFA should record if a node can OSR exit
+ https://bugs.webkit.org/show_bug.cgi?id=86905
Reviewed by Oliver Hunt.
- Made captured variables work by placing a Flush on the SetLocal and
- forcing the emission of the GetLocal even if copy propagation tells us
- who has the value.
+ Merged r117931 from dfgopt.
- Changed the CFA and various prediction codes to understand that we can't
- really prove anything about captured variables. Well, we could in the
- future by just looking at what side effects are happening, but in this
- first cut we just assume that we can't reason about captured variables.
+ Adds a NodeFlag that denotes nodes that are known to not have OSR exits.
+ This ought to aid any backwards analyses that need to know when a
+ backward flow merge might happen due to a side exit.
- Also added a mode where the DFG pretends that all variables and arguments
- got captured. Used this mode to harden the code.
+ Also added assertions into speculationCheck() that ensure that we did not
+ mark a node as non-exiting and then promptly compile in an exit. This
+ helped catch some minor bugs where we were doing unnecessary speculation
+ checks.
- This is performance neutral. Capturing all variables is a slow down, but
- not too big of one. This seems to predict that when we add activation
- support, the amount of speed benefit we'll get from increased coverage
- will far outweigh the pessimism that we'll have to endure for captured
- variables.
+ This is a perf-neutral change. The speculation checks that this removes
+ were not on hot paths of major benchmarks.
- * bytecode/CodeType.h:
- (JSC::codeTypeToString):
+ * bytecode/PredictedType.h:
+ (JSC):
+ (JSC::isAnyPrediction):
* dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::initialize):
- (JSC::DFG::AbstractState::endBasicBlock):
(JSC::DFG::AbstractState::execute):
- (JSC::DFG::AbstractState::merge):
* dfg/DFGAbstractState.h:
+ (JSC::DFG::AbstractState::speculateInt32Unary):
(AbstractState):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::setLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::setArgument):
- (JSC::DFG::ByteCodeParser::flushArgument):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::mightInlineFunctionForCall):
- (JSC::DFG::mightInlineFunctionForConstruct):
- * dfg/DFGCommon.h:
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::needsActivation):
- (Graph):
- (JSC::DFG::Graph::argumentIsCaptured):
- (JSC::DFG::Graph::localIsCaptured):
- (JSC::DFG::Graph::isCaptured):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldGenerate):
- * dfg/DFGPredictionPropagationPhase.cpp:
- (JSC::DFG::PredictionPropagationPhase::propagate):
- (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
- * dfg/DFGSpeculativeJIT.cpp:
- (DFG):
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (ValueSource):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
- (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-02-24 Gavin Barraclough <barraclough@apple.com>
-
- Should not allow malformed \x escapes
- https://bugs.webkit.org/show_bug.cgi?id=79462
-
- Reviewed by Oliver Hunt.
-
- * parser/Lexer.cpp:
- (JSC::::parseString):
- (JSC::::parseStringSlowCase):
- - Prohibit malformed '\x' escapes
- * tests/mozilla/ecma/Array/15.4.5.1-1.js:
- * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
- * tests/mozilla/ecma_2/RegExp/hex-001.js:
- * tests/mozilla/js1_2/regexp/hexadecimal.js:
- - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
-
-2012-02-24 Daniel Bates <dbates@webkit.org>
-
- Fix change log entry for changeset r108819; add bug URL
- https://bugs.webkit.org/show_bug.cgi?id=79504
-
- Changeset r108819 is associated with bug #79504.
-
- * ChangeLog
-
-2012-02-24 Daniel Bates <dbates@webkit.org>
-
- Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
- https://bugs.webkit.org/show_bug.cgi?id=79504
-
- Reviewed by Oliver Hunt.
-
- There are a few places in Interpreter.cpp that need to be updated to use
- ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
- ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
- (https://bugs.webkit.org/show_bug.cgi?id=78791).
-
- * interpreter/Interpreter.cpp:
- (JSC::getLineNumberForCallFrame):
- (JSC::getCallerInfo):
- (JSC::getSourceURLFromCallFrame):
-
-2012-02-24 Adam Roben <aroben@apple.com>
-
- Undo the BUILDING_WTF part of r108808
-
- This broke the build, which is obviously worse than the linker warning it was trying to
- solve.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-
-2012-02-24 Adam Roben <aroben@apple.com>
-
- Fix linker warnings on Windows
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
- exported via JS_EXPORTDATA.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
- aren't actually building WTF, but we are statically linking it, so we need to define this
- symbol so that we export WTF's exports.
-
-2012-02-24 Philippe Normand <pnormand@igalia.com>
-
- Fix GTK WebAudio build for WebKitGTK 1.7.90.
-
- Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
- Rubber-stamped by Philippe Normand.
-
- * GNUmakefile.list.am: Add Complex.h to the list of files so it
- gets disted in the tarballs.
-
-2012-02-24 Zoltan Herczeg <zherczeg@webkit.org>
-
- [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
- https://bugs.webkit.org/show_bug.cgi?id=79199
-
- Ruber stamped by Csaba Osztrogonác.
-
- Temporary fix since the new member wastes a little space on
- 64 bit systems. Although it is harmless, it is only needed
- for 32 bit systems.
-
- * heap/CopiedBlock.h:
- (CopiedBlock):
-
-2012-02-24 Han Hojong <hojong.han@samsung.com>
-
- Remove useless jump instructions for short circuit
- https://bugs.webkit.org/show_bug.cgi?id=75602
-
- Reviewed by Michael Saboff.
-
- Jump instruction is inserted to make short circuit,
- however it does nothing but moving to the next instruction.
- Therefore useless jump instructions are removed,
- and jump list is moved into the case not for a short circuit,
- so that only necessary instructions are added to JIT code
- unless it has a 16 bit pattern character and an 8 bit string.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
-
-2012-02-24 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r108731.
- http://trac.webkit.org/changeset/108731
- https://bugs.webkit.org/show_bug.cgi?id=79464
-
- Broke Chromium Win tests (Requested by bashi on #webkit).
-
- * wtf/Platform.h:
-
-2012-02-24 Andrew Lo <anlo@rim.com>
-
- [BlackBerry] Enable requestAnimationFrame
- https://bugs.webkit.org/show_bug.cgi?id=79408
-
- Use timer implementation of requestAnimationFrame on BlackBerry.
-
- Reviewed by Rob Buis.
-
- * wtf/Platform.h:
-
-2012-02-24 Mathias Bynens <mathias@qiwi.be>
-
- `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
- https://bugs.webkit.org/show_bug.cgi?id=78908
-
- Add additional checks for zero-width non-joiner (0x200C) and
- zero-width joiner (0x200D) characters.
-
- Reviewed by Michael Saboff.
-
- * parser/Lexer.cpp:
- (JSC::isNonASCIIIdentPart)
- * runtime/LiteralParser.cpp:
- (JSC::::Lexer::lexIdentifier)
-
-2012-02-23 Kenichi Ishibashi <bashi@chromium.org>
-
- Adding WebSocket per-frame DEFLATE extension
- https://bugs.webkit.org/show_bug.cgi?id=77522
-
- Added USE(ZLIB) flag.
-
- Reviewed by Kent Tamura.
-
- * wtf/Platform.h:
-
-2012-02-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Zero out CopiedBlocks on initialization
- https://bugs.webkit.org/show_bug.cgi?id=79199
-
- Reviewed by Filip Pizlo.
-
- Made CopyBlocks zero their payloads during construction. This allows
- JSArray to avoid having to manually clear its backing store upon allocation
- and also alleviates any future pain with regard to the garbage collector trying
- to mark what it thinks are values in what is actually uninitialized memory.
-
- * heap/CopiedBlock.h:
- (JSC::CopiedBlock::CopiedBlock):
- * runtime/JSArray.cpp:
- (JSC::JSArray::finishCreation):
- (JSC::JSArray::tryFinishCreationUninitialized):
- (JSC::JSArray::increaseVectorLength):
- (JSC::JSArray::unshiftCountSlowCase):
-
-2012-02-23 Oliver Hunt <oliver@apple.com>
-
- Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
- https://bugs.webkit.org/show_bug.cgi?id=79407
-
- Reviewed by Gavin Barraclough.
-
- Outside of exception handling, we don't know what our source line number is. This
- change allows us to pass -1 is as the initial line number, and get the correct line
- number in the resultant stack trace. We can't completely elide the initial line
- number (yet) due to some idiosyncrasies of the exception handling machinery.
-
- * interpreter/Interpreter.cpp:
- (JSC::getLineNumberForCallFrame):
- (JSC):
- (JSC::Interpreter::getStackTrace):
-
-2012-02-22 Filip Pizlo <fpizlo@apple.com>
-
- DFG OSR exit value profiling should have graceful handling of local variables and arguments
- https://bugs.webkit.org/show_bug.cgi?id=79310
-
- Reviewed by Gavin Barraclough.
-
- Previously, if we OSR exited because a prediction in a local was wrong, we'd
- only realize what the true type of the local was if the regular value profiling
- kicked in and told us. Unless the local was block-locally copy propagated, in
- which case we'd know from an OSR exit profile.
-
- This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
- exit because of a mispredicted local or argument type, we'll know what the type of
- the local or argument should be immediately upon exiting.
-
- The way that local variable OSR exit profiling works is that we now have a lazily
- added set of OSR-exit-only value profiles for exit sites that are BadType and that
- cited a GetLocal as their value source. The value profiles are only added if the
- OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
- operand. The look-up is performed by querying the
- CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
- the bytecode index and the operand. Because the value profiles are added at random
- times, they are not sorted; instead they are just stored in an arbitrarily-ordered
- SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
- creates a LazyOperandValueProfileParser, which turns the
- CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
- of DFG parsing.
-
- Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
- into which values observed during OSR exit would be placed. Now it uses a lazy
- thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
- either contain a ValueProfile inside it (which works for previous uses of OSR exit
- profiling) or it may just have knowledge of how to go about creating the
- LazyOperandValueProfile in the case that the OSR exit is actually taken. This
- ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
- value profiling buckets unless we actually did OSR exit on every single operand,
- in every single instruction, in each code block (that's probably unlikely).
-
- This appears to be neutral on the major benchmarks, but is a double-digit speed-up
- on code deliberately written to have data flow that spans basic blocks and where
- the code exhibits post-optimization polymorphism in a local variable.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::stronglyVisitStrongReferences):
- * bytecode/CodeBlock.h:
- (CodeBlock):
- (JSC::CodeBlock::lazyOperandValueProfiles):
- * bytecode/LazyOperandValueProfile.cpp: Added.
- (JSC):
- (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
- (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
- (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
- (JSC::CompressedLazyOperandValueProfileHolder::add):
- (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
- (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
- (JSC::LazyOperandValueProfileParser::getIfPresent):
- (JSC::LazyOperandValueProfileParser::prediction):
- * bytecode/LazyOperandValueProfile.h: Added.
- (JSC):
- (LazyOperandValueProfileKey):
- (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
- (JSC::LazyOperandValueProfileKey::operator!):
- (JSC::LazyOperandValueProfileKey::operator==):
- (JSC::LazyOperandValueProfileKey::hash):
- (JSC::LazyOperandValueProfileKey::bytecodeOffset):
- (JSC::LazyOperandValueProfileKey::operand):
- (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
- (JSC::LazyOperandValueProfileKeyHash::hash):
- (JSC::LazyOperandValueProfileKeyHash::equal):
- (LazyOperandValueProfileKeyHash):
- (WTF):
- (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
- (LazyOperandValueProfile):
- (JSC::LazyOperandValueProfile::key):
- (CompressedLazyOperandValueProfileHolder):
- (LazyOperandValueProfileParser):
- * bytecode/MethodOfGettingAValueProfile.cpp: Added.
- (JSC):
- (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
- (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
- * bytecode/MethodOfGettingAValueProfile.h: Added.
- (JSC):
- (MethodOfGettingAValueProfile):
- (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
- (JSC::MethodOfGettingAValueProfile::operator!):
- * bytecode/ValueProfile.cpp: Removed.
- * bytecode/ValueProfile.h:
- (JSC):
- (ValueProfileBase):
- (JSC::ValueProfileBase::ValueProfileBase):
- (JSC::ValueProfileBase::dump):
- (JSC::ValueProfileBase::computeUpdatedPrediction):
- (JSC::MinimalValueProfile::MinimalValueProfile):
- (ValueProfileWithLogNumberOfBuckets):
- (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
- (JSC::ValueProfile::ValueProfile):
- (JSC::getValueProfileBytecodeOffset):
- (JSC::getRareCaseProfileBytecodeOffset):
- * dfg/DFGByteCodeParser.cpp:
- (ByteCodeParser):
- (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (InlineStackEntry):
- (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
- (DFG):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::valueProfileFor):
- (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
- (Graph):
+ (JSC::DFG::AbstractState::speculateNumberUnary):
+ (JSC::DFG::AbstractState::speculateBooleanUnary):
+ (JSC::DFG::AbstractState::speculateInt32Binary):
+ (JSC::DFG::AbstractState::speculateNumberBinary):
* dfg/DFGNode.h:
+ (JSC::DFG::Node::mergeFlags):
+ (JSC::DFG::Node::filterFlags):
(Node):
- * dfg/DFGOSRExit.cpp:
- (JSC::DFG::OSRExit::OSRExit):
- * dfg/DFGOSRExit.h:
- (OSRExit):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGPhase.cpp:
- (JSC::DFG::Phase::beginPhase):
- (JSC::DFG::Phase::endPhase):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- * dfg/DFGVariableAccessData.h:
- (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
- (VariableAccessData):
-
-2012-02-23 Filip Pizlo <fpizlo@apple.com>
-
- Build fix.
-
- * llint/LLIntOffsetsExtractor.cpp:
-
-2012-02-23 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.
-
- * llint/LLIntOffsetsExtractor.cpp:
- * wtf/Platform.h:
-
-2012-02-23 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Build fix for non-Mac wx builds.
-
- * runtime/DatePrototype.cpp:
-
-2012-02-22 Filip Pizlo <fpizlo@apple.com>
-
- DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
- https://bugs.webkit.org/show_bug.cgi?id=79334
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::flush):
-
-2012-02-23 Gavin Barraclough <barraclough@apple.com>
-
- Object.isSealed / Object.isFrozen don't work for native objects
- https://bugs.webkit.org/show_bug.cgi?id=79331
-
- Reviewed by Sam Weinig.
-
- Need to inspect all properties, including static ones.
- This exposes a couple of bugs in Array & Arguments:
- - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
- - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::defineOwnProperty):
- - Add handling for callee/caller/length.
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertyDescriptor):
- - report length's writability correctly.
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorSeal):
- (JSC::objectConstructorFreeze):
- (JSC::objectConstructorIsSealed):
- (JSC::objectConstructorIsFrozen):
- - Add spec-based implementation for non-final objects.
-
-2012-02-23 Gavin Barraclough <barraclough@apple.com>
-
- pop of array hole should get from the prototype chain
- https://bugs.webkit.org/show_bug.cgi?id=79338
-
- Reviewed by Sam Weinig.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::pop):
- - If the fast fast vector case fails, more closely follow the spec.
-
-2012-02-23 Yong Li <yoli@rim.com>
-
- JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
- https://bugs.webkit.org/show_bug.cgi?id=79268
-
- Reviewed by Michael Saboff.
-
- resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
- after it fails to allocate a buffer for m_value. So outOfMemory() should assert
- isRope() rather than !isRope().
-
- * runtime/JSString.cpp:
- (JSC::JSString::outOfMemory):
-
-2012-02-23 Patrick Gansterer <paroga@webkit.org>
-
- [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
- https://bugs.webkit.org/show_bug.cgi?id=79371
-
- Reviewed by Daniel Bates.
-
- * CMakeLists.txt:
- * shell/CMakeLists.txt:
- * wtf/CMakeLists.txt:
-
-2012-02-23 Aron Rosenberg <arosenberg@logitech.com>
-
- Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
- https://bugs.webkit.org/show_bug.cgi?id=76210
-
- Add compile time check for Visual Studio 2005 or newer.
-
- Reviewed by Simon Hausmann.
-
- * os-win32/inttypes.h:
-
-2012-02-22 Gavin Barraclough <barraclough@apple.com>
-
- Implement [[DefineOwnProperty]] for the arguments object
- https://bugs.webkit.org/show_bug.cgi?id=79309
-
- Reviewed by Sam Weinig.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::deletePropertyByIndex):
- (JSC::Arguments::deleteProperty):
- - Deleting an argument should also delete the copy on the object, if any.
- (JSC::Arguments::defineOwnProperty):
- - Defining a property may override the live mapping.
- * runtime/Arguments.h:
- (Arguments):
-
-2012-02-22 Gavin Barraclough <barraclough@apple.com>
-
- Fix Object.freeze for non-final objects.
- https://bugs.webkit.org/show_bug.cgi?id=79286
-
- Reviewed by Oliver Hunt.
-
- For vanilla objects we implement this with a single transition, for objects
- with special properties we should just follow the spec defined algorithm.
-
- * runtime/JSArray.cpp:
- (JSC::SparseArrayValueMap::put):
- - this does need to handle inextensible objects.
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorSeal):
- (JSC::objectConstructorFreeze):
- - Implement spec defined algorithm for non-final objects.
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::freezeTransition):
- - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
- * runtime/Structure.h:
- (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
- (JSC::Structure::setHasGetterSetterProperties):
- (JSC::Structure::setContainsReadOnlyProperties):
- (Structure):
- - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
-
-2012-02-22 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Allocations from CopiedBlocks should always be 8-byte aligned
- https://bugs.webkit.org/show_bug.cgi?id=79271
-
- Reviewed by Geoffrey Garen.
-
- * heap/CopiedAllocator.h:
- (JSC::CopiedAllocator::allocate):
- * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always
- guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
- (CopiedBlock):
- * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
- (JSC::CopiedSpace::tryAllocateOversize):
- (JSC::CopiedSpace::getFreshBlock):
- * heap/CopiedSpaceInlineMethods.h:
- (JSC::CopiedSpace::allocateFromBlock):
- * runtime/JSArray.h:
- (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte
- aligned on both 64- and 32-bit platforms.
- * wtf/StdLibExtras.h:
- (WTF::is8ByteAligned): Added new utility function that functions similarly to the
- way isPointerAligned does, but it just always checks for 8 byte alignment.
- (WTF):
-
-2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r108456.
- http://trac.webkit.org/changeset/108456
- https://bugs.webkit.org/show_bug.cgi?id=79223
-
- Broke fast/regex/pcre-test-4.html and cannot find anyone on
- IRC (Requested by zherczeg on #webkit).
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
-
-2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r108468.
- http://trac.webkit.org/changeset/108468
- https://bugs.webkit.org/show_bug.cgi?id=79219
-
- Broke Chromium Win release build (Requested by bashi on
- #webkit).
-
- * wtf/Platform.h:
-
-2012-02-22 Kenichi Ishibashi <bashi@chromium.org>
-
- Adding WebSocket per-frame DEFLATE extension
- https://bugs.webkit.org/show_bug.cgi?id=77522
-
- Added USE(ZLIB) flag.
-
- Reviewed by Kent Tamura.
-
- * wtf/Platform.h:
-
-2012-02-22 Hojong Han <hojong.han@samsung.com>
-
- Short circuit fixed for a 16 bt pattern character and an 8 bit string.
- https://bugs.webkit.org/show_bug.cgi?id=75602
-
- Reviewed by Gavin Barraclough.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
-
-2012-02-21 Filip Pizlo <fpizlo@apple.com>
-
- Build fix for systems with case sensitive disks.
-
- * llint/LLIntOfflineAsmConfig.h:
-
-2012-02-21 Filip Pizlo <fpizlo@apple.com>
-
- JSC should be a triple-tier VM
- https://bugs.webkit.org/show_bug.cgi?id=75812
- <rdar://problem/10079694>
-
- Reviewed by Gavin Barraclough.
-
- Implemented an interpreter that uses the JIT's calling convention. This
- interpreter is called LLInt, or the Low Level Interpreter. JSC will now
- will start by executing code in LLInt and will only tier up to the old
- JIT after the code is proven hot.
-
- LLInt is written in a modified form of our macro assembly. This new macro
- assembly is compiled by an offline assembler (see offlineasm), which
- implements many modern conveniences such as a Turing-complete CPS-based
- macro language and direct access to relevant C++ type information
- (basically offsets of fields and sizes of structs/classes).
-
- Code executing in LLInt appears to the rest of the JSC world "as if" it
- were executing in the old JIT. Hence, things like exception handling and
- cross-execution-engine calls just work and require pretty much no
- additional overhead.
-
- This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
- V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
- V8, and Kraken, but appear to get a double-digit improvement on real-world
- websites due to a huge reduction in the amount of JIT'ing.
-
- * CMakeLists.txt:
- * GNUmakefile.am:
- * GNUmakefile.list.am:
- * JavaScriptCore.pri:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * assembler/LinkBuffer.h:
- * assembler/MacroAssemblerCodeRef.h:
- (MacroAssemblerCodePtr):
- (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
- * bytecode/BytecodeConventions.h: Added.
- * bytecode/CallLinkStatus.cpp:
- (JSC::CallLinkStatus::computeFromLLInt):
- (JSC):
- (JSC::CallLinkStatus::computeFor):
- * bytecode/CallLinkStatus.h:
- (JSC::CallLinkStatus::isSet):
- (JSC::CallLinkStatus::operator!):
- (CallLinkStatus):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::~CodeBlock):
- (JSC::CodeBlock::finalizeUnconditionally):
- (JSC::CodeBlock::stronglyVisitStrongReferences):
- (JSC):
- (JSC::CodeBlock::unlinkCalls):
- (JSC::CodeBlock::unlinkIncomingCalls):
- (JSC::CodeBlock::bytecodeOffset):
- (JSC::ProgramCodeBlock::jettison):
- (JSC::EvalCodeBlock::jettison):
- (JSC::FunctionCodeBlock::jettison):
- (JSC::ProgramCodeBlock::jitCompileImpl):
- (JSC::EvalCodeBlock::jitCompileImpl):
- (JSC::FunctionCodeBlock::jitCompileImpl):
- * bytecode/CodeBlock.h:
- (JSC):
- (CodeBlock):
- (JSC::CodeBlock::baselineVersion):
- (JSC::CodeBlock::linkIncomingCall):
- (JSC::CodeBlock::bytecodeOffset):
- (JSC::CodeBlock::jitCompile):
- (JSC::CodeBlock::hasOptimizedReplacement):
- (JSC::CodeBlock::addPropertyAccessInstruction):
- (JSC::CodeBlock::addGlobalResolveInstruction):
- (JSC::CodeBlock::addLLIntCallLinkInfo):
- (JSC::CodeBlock::addGlobalResolveInfo):
- (JSC::CodeBlock::numberOfMethodCallLinkInfos):
- (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
- (JSC::CodeBlock::likelyToTakeSlowCase):
- (JSC::CodeBlock::couldTakeSlowCase):
- (JSC::CodeBlock::likelyToTakeSpecialFastCase):
- (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
- (JSC::CodeBlock::likelyToTakeAnySlowCase):
- (JSC::CodeBlock::addFrequentExitSite):
- (JSC::CodeBlock::dontJITAnytimeSoon):
- (JSC::CodeBlock::jitAfterWarmUp):
- (JSC::CodeBlock::jitSoon):
- (JSC::CodeBlock::llintExecuteCounter):
- (ProgramCodeBlock):
- (EvalCodeBlock):
- (FunctionCodeBlock):
- * bytecode/GetByIdStatus.cpp:
- (JSC::GetByIdStatus::computeFromLLInt):
- (JSC):
- (JSC::GetByIdStatus::computeFor):
- * bytecode/GetByIdStatus.h:
- (JSC::GetByIdStatus::GetByIdStatus):
- (JSC::GetByIdStatus::wasSeenInJIT):
- (GetByIdStatus):
- * bytecode/Instruction.h:
- (JSC):
- (JSC::Instruction::Instruction):
- (Instruction):
- * bytecode/LLIntCallLinkInfo.h: Added.
- (JSC):
- (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
- (LLIntCallLinkInfo):
- (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
- (JSC::LLIntCallLinkInfo::isLinked):
- (JSC::LLIntCallLinkInfo::unlink):
- * bytecode/MethodCallLinkStatus.cpp:
- (JSC::MethodCallLinkStatus::computeFor):
- * bytecode/Opcode.cpp:
- (JSC):
- * bytecode/Opcode.h:
- (JSC):
- (JSC::padOpcodeName):
- * bytecode/PutByIdStatus.cpp:
- (JSC::PutByIdStatus::computeFromLLInt):
- (JSC):
- (JSC::PutByIdStatus::computeFor):
- * bytecode/PutByIdStatus.h:
- (PutByIdStatus):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitPutById):
- (JSC::BytecodeGenerator::emitDirectPutById):
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitConstruct):
- (JSC::BytecodeGenerator::emitCatch):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGOperations.cpp:
- * heap/Heap.h:
- (JSC):
- (JSC::Heap::firstAllocatorWithoutDestructors):
- (Heap):
- * heap/MarkStack.cpp:
- (JSC::visitChildren):
- * heap/MarkedAllocator.h:
- (JSC):
- (MarkedAllocator):
- * heap/MarkedSpace.h:
- (JSC):
- (MarkedSpace):
- (JSC::MarkedSpace::firstAllocator):
- * interpreter/CallFrame.cpp:
- (JSC):
- (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
- (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
- (JSC::CallFrame::currentVPC):
- (JSC::CallFrame::setCurrentVPC):
- (JSC::CallFrame::trueCallerFrame):
- * interpreter/CallFrame.h:
- (JSC::ExecState::hasReturnPC):
- (JSC::ExecState::clearReturnPC):
- (ExecState):
- (JSC::ExecState::bytecodeOffsetForNonDFGCode):
- (JSC::ExecState::currentVPC):
- (JSC::ExecState::setCurrentVPC):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::Interpreter):
- (JSC::Interpreter::~Interpreter):
- (JSC):
- (JSC::Interpreter::initialize):
- (JSC::Interpreter::isOpcode):
- (JSC::Interpreter::unwindCallFrame):
- (JSC::getCallerInfo):
- (JSC::Interpreter::privateExecute):
- (JSC::Interpreter::retrieveLastCaller):
- * interpreter/Interpreter.h:
- (JSC):
- (Interpreter):
- (JSC::Interpreter::getOpcode):
- (JSC::Interpreter::getOpcodeID):
- (JSC::Interpreter::classicEnabled):
- * interpreter/RegisterFile.h:
- (JSC):
- (RegisterFile):
- * jit/ExecutableAllocator.h:
- (JSC):
- * jit/HostCallReturnValue.cpp: Added.
- (JSC):
- (JSC::getHostCallReturnValueWithExecState):
- * jit/HostCallReturnValue.h: Added.
- (JSC):
- (JSC::initializeHostCallReturnValue):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JITCode.h:
- (JSC::JITCode::isOptimizingJIT):
- (JITCode):
- (JSC::JITCode::isBaselineCode):
- (JSC::JITCode::JITCode):
- * jit/JITDriver.h:
- (JSC::jitCompileIfAppropriate):
- (JSC::jitCompileFunctionIfAppropriate):
- * jit/JITExceptions.cpp:
- (JSC::jitThrow):
- * jit/JITInlineMethods.h:
- (JSC::JIT::updateTopCallFrame):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC):
- * jit/JITStubs.h:
- (JSC):
- * jit/JSInterfaceJIT.h:
- * llint: Added.
- * llint/LLIntCommon.h: Added.
- * llint/LLIntData.cpp: Added.
- (LLInt):
- (JSC::LLInt::Data::Data):
- (JSC::LLInt::Data::performAssertions):
- (JSC::LLInt::Data::~Data):
- * llint/LLIntData.h: Added.
- (JSC):
- (LLInt):
- (Data):
- (JSC::LLInt::Data::exceptionInstructions):
- (JSC::LLInt::Data::opcodeMap):
- (JSC::LLInt::Data::performAssertions):
- * llint/LLIntEntrypoints.cpp: Added.
- (LLInt):
- (JSC::LLInt::getFunctionEntrypoint):
- (JSC::LLInt::getEvalEntrypoint):
- (JSC::LLInt::getProgramEntrypoint):
- * llint/LLIntEntrypoints.h: Added.
- (JSC):
- (LLInt):
- (JSC::LLInt::getEntrypoint):
- * llint/LLIntExceptions.cpp: Added.
- (LLInt):
- (JSC::LLInt::interpreterThrowInCaller):
- (JSC::LLInt::returnToThrowForThrownException):
- (JSC::LLInt::returnToThrow):
- (JSC::LLInt::callToThrow):
- * llint/LLIntExceptions.h: Added.
- (JSC):
- (LLInt):
- * llint/LLIntOfflineAsmConfig.h: Added.
- * llint/LLIntOffsetsExtractor.cpp: Added.
- (JSC):
- (LLIntOffsetsExtractor):
- (JSC::LLIntOffsetsExtractor::dummy):
- (main):
- * llint/LLIntSlowPaths.cpp: Added.
- (LLInt):
- (JSC::LLInt::llint_trace_operand):
- (JSC::LLInt::llint_trace_value):
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (JSC::LLInt::traceFunctionPrologue):
- (JSC::LLInt::shouldJIT):
- (JSC::LLInt::entryOSR):
- (JSC::LLInt::resolveGlobal):
- (JSC::LLInt::getByVal):
- (JSC::LLInt::handleHostCall):
- (JSC::LLInt::setUpCall):
- (JSC::LLInt::genericCall):
- * llint/LLIntSlowPaths.h: Added.
- (JSC):
- (LLInt):
- * llint/LLIntThunks.cpp: Added.
- (LLInt):
- (JSC::LLInt::generateThunkWithJumpTo):
- (JSC::LLInt::functionForCallEntryThunkGenerator):
- (JSC::LLInt::functionForConstructEntryThunkGenerator):
- (JSC::LLInt::functionForCallArityCheckThunkGenerator):
- (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
- (JSC::LLInt::evalEntryThunkGenerator):
- (JSC::LLInt::programEntryThunkGenerator):
- * llint/LLIntThunks.h: Added.
- (JSC):
- (LLInt):
- * llint/LowLevelInterpreter.asm: Added.
- * llint/LowLevelInterpreter.cpp: Added.
- * llint/LowLevelInterpreter.h: Added.
- * offlineasm: Added.
- * offlineasm/armv7.rb: Added.
- * offlineasm/asm.rb: Added.
- * offlineasm/ast.rb: Added.
- * offlineasm/backends.rb: Added.
- * offlineasm/generate_offset_extractor.rb: Added.
- * offlineasm/instructions.rb: Added.
- * offlineasm/offset_extractor_constants.rb: Added.
- * offlineasm/offsets.rb: Added.
- * offlineasm/opt.rb: Added.
- * offlineasm/parser.rb: Added.
- * offlineasm/registers.rb: Added.
- * offlineasm/self_hash.rb: Added.
- * offlineasm/settings.rb: Added.
- * offlineasm/transform.rb: Added.
- * offlineasm/x86.rb: Added.
- * runtime/CodeSpecializationKind.h: Added.
- (JSC):
- * runtime/CommonSlowPaths.h:
- (JSC::CommonSlowPaths::arityCheckFor):
- (CommonSlowPaths):
- * runtime/Executable.cpp:
- (JSC::jettisonCodeBlock):
- (JSC):
- (JSC::EvalExecutable::jitCompile):
- (JSC::samplingDescription):
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::jitCompile):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::baselineCodeBlockFor):
- (JSC::FunctionExecutable::jitCompileForCall):
- (JSC::FunctionExecutable::jitCompileForConstruct):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC):
- (EvalExecutable):
- (ProgramExecutable):
- (FunctionExecutable):
- (JSC::FunctionExecutable::jitCompileFor):
- * runtime/ExecutionHarness.h: Added.
- (JSC):
- (JSC::prepareForExecution):
- (JSC::prepareFunctionForExecution):
- * runtime/JSArray.h:
- (JSC):
- (JSArray):
- * runtime/JSCell.h:
- (JSC):
- (JSCell):
- * runtime/JSFunction.h:
- (JSC):
- (JSFunction):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC):
- (JSGlobalData):
- * runtime/JSGlobalObject.h:
- (JSC):
- (JSGlobalObject):
- * runtime/JSObject.h:
- (JSC):
- (JSObject):
- (JSFinalObject):
- * runtime/JSPropertyNameIterator.h:
- (JSC):
- (JSPropertyNameIterator):
- * runtime/JSString.h:
- (JSC):
- (JSString):
- * runtime/JSTypeInfo.h:
- (JSC):
- (TypeInfo):
- * runtime/JSValue.cpp:
- (JSC::JSValue::description):
- * runtime/JSValue.h:
- (LLInt):
- (JSValue):
- * runtime/JSVariableObject.h:
- (JSC):
- (JSVariableObject):
- * runtime/Options.cpp:
- (Options):
- (JSC::Options::initializeOptions):
- * runtime/Options.h:
- (Options):
- * runtime/ScopeChain.h:
- (JSC):
- (ScopeChainNode):
- * runtime/Structure.cpp:
- (JSC::Structure::addPropertyTransition):
- * runtime/Structure.h:
- (JSC):
- (Structure):
- * runtime/StructureChain.h:
- (JSC):
- (StructureChain):
- * wtf/InlineASM.h:
- * wtf/Platform.h:
- * wtf/SentinelLinkedList.h:
- (SentinelLinkedList):
- (WTF::SentinelLinkedList::isEmpty):
- * wtf/text/StringImpl.h:
- (JSC):
- (StringImpl):
-
-2012-02-21 Oliver Hunt <oliver@apple.com>
-
- Unbreak double-typed arrays on ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=79177
-
- Reviewed by Gavin Barraclough.
-
- The existing code had completely broken address arithmetic.
-
- * JSCTypedArrayStubs.h:
- (JSC):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::storeDouble):
- (JSC::MacroAssemblerARMv7::storeFloat):
-
-2012-02-21 Gavin Barraclough <barraclough@apple.com>
-
- Should be able to reconfigure a non-configurable property as read-only
- https://bugs.webkit.org/show_bug.cgi?id=79170
-
- Reviewed by Sam Weinig.
-
- See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable,
- but does not inhibit making a writable property read-only.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::setInDefineOwnProperty):
- (JSGlobalData):
- (JSC::JSGlobalData::isInDefineOwnProperty):
- - Added flag, tracking whether we are in JSObject::defineOwnProperty.
- * runtime/JSObject.cpp:
- (JSC::JSObject::deleteProperty):
- (DefineOwnPropertyScope):
- - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing!
- (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
- (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
- - Added RAII helper.
- (JSC::JSObject::defineOwnProperty):
- - Track on the globalData when we are in this method.
-
-2012-02-21 Oliver Hunt <oliver@apple.com>
-
- Make TypedArrays be available in commandline jsc
- https://bugs.webkit.org/show_bug.cgi?id=79163
-
- Reviewed by Gavin Barraclough.
-
- Adds a compile time option to have jsc support a basic implementation
- of the TypedArrays available in WebCore. This lets us test the typed
- array logic in the JIT witout having to build webcore.
-
- * JSCTypedArrayStubs.h: Added.
- (JSC):
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (GlobalObject):
- (GlobalObject::addConstructableFunction):
- * runtime/JSGlobalData.h:
- (JSGlobalData):
-
-2012-02-21 Tom Sepez <tsepez@chromium.org>
-
- equalIgnoringNullity() only comparing half the bytes for equality
- https://bugs.webkit.org/show_bug.cgi?id=79135
-
- Reviewed by Adam Barth.
-
- * wtf/text/StringImpl.h:
- (WTF::equalIgnoringNullity):
-
-2012-02-21 Roland Takacs <takacs.roland@stud.u-szeged.hu>
-
- Unnecessary preprocessor macros in MainThread.h/cpp
- https://bugs.webkit.org/show_bug.cgi?id=79083
-
- Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro.
-
- * wtf/MainThread.cpp:
- (WTF):
- * wtf/MainThread.h:
- (WTF):
-
-2012-02-21 Sam Weinig <sam@webkit.org>
-
- Attempt to fix the Snow Leopard build.
-
- * Configurations/Base.xcconfig:
-
-2012-02-21 Sam Weinig <sam@webkit.org>
-
- Use libc++ when building with Clang on Mac
- https://bugs.webkit.org/show_bug.cgi?id=78981
-
- Reviewed by Dan Bernstein.
-
- * Configurations/Base.xcconfig:
-
-2012-02-21 Adam Roben <aroben@apple.com>
-
- Roll out r108309, r108323, and r108326
-
- They broke the 32-bit Lion build.
-
- Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
-
- * CMakeLists.txt:
- * GNUmakefile.am:
- * GNUmakefile.list.am:
- * JavaScriptCore.pri:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * assembler/LinkBuffer.h:
- * assembler/MacroAssemblerCodeRef.h:
- * bytecode/BytecodeConventions.h: Removed.
- * bytecode/CallLinkStatus.cpp:
- * bytecode/CallLinkStatus.h:
- * bytecode/CodeBlock.cpp:
- * bytecode/CodeBlock.h:
- * bytecode/GetByIdStatus.cpp:
- * bytecode/GetByIdStatus.h:
- * bytecode/Instruction.h:
- * bytecode/LLIntCallLinkInfo.h: Removed.
- * bytecode/MethodCallLinkStatus.cpp:
- * bytecode/Opcode.cpp:
- * bytecode/Opcode.h:
- * bytecode/PutByIdStatus.cpp:
- * bytecode/PutByIdStatus.h:
- * bytecompiler/BytecodeGenerator.cpp:
- * dfg/DFGByteCodeParser.cpp:
- * dfg/DFGCapabilities.h:
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGOperations.cpp:
- * heap/Heap.h:
- * heap/MarkStack.cpp:
- * heap/MarkedAllocator.h:
- * heap/MarkedSpace.h:
- * interpreter/CallFrame.cpp:
- * interpreter/CallFrame.h:
- * interpreter/Interpreter.cpp:
- * interpreter/Interpreter.h:
- * interpreter/RegisterFile.h:
- * jit/ExecutableAllocator.h:
- * jit/HostCallReturnValue.cpp: Removed.
- * jit/HostCallReturnValue.h: Removed.
- * jit/JIT.cpp:
- * jit/JITCode.h:
- * jit/JITDriver.h:
- * jit/JITExceptions.cpp:
- * jit/JITInlineMethods.h:
- * jit/JITStubs.cpp:
- * jit/JITStubs.h:
- * jit/JSInterfaceJIT.h:
- * llint/LLIntCommon.h: Removed.
- * llint/LLIntData.cpp: Removed.
- * llint/LLIntData.h: Removed.
- * llint/LLIntEntrypoints.cpp: Removed.
- * llint/LLIntEntrypoints.h: Removed.
- * llint/LLIntExceptions.cpp: Removed.
- * llint/LLIntExceptions.h: Removed.
- * llint/LLIntOfflineAsmConfig.h: Removed.
- * llint/LLIntOffsetsExtractor.cpp: Removed.
- * llint/LLIntSlowPaths.cpp: Removed.
- * llint/LLIntSlowPaths.h: Removed.
- * llint/LLIntThunks.cpp: Removed.
- * llint/LLIntThunks.h: Removed.
- * llint/LowLevelInterpreter.asm: Removed.
- * llint/LowLevelInterpreter.cpp: Removed.
- * llint/LowLevelInterpreter.h: Removed.
- * offlineasm/armv7.rb: Removed.
- * offlineasm/asm.rb: Removed.
- * offlineasm/ast.rb: Removed.
- * offlineasm/backends.rb: Removed.
- * offlineasm/generate_offset_extractor.rb: Removed.
- * offlineasm/instructions.rb: Removed.
- * offlineasm/offset_extractor_constants.rb: Removed.
- * offlineasm/offsets.rb: Removed.
- * offlineasm/opt.rb: Removed.
- * offlineasm/parser.rb: Removed.
- * offlineasm/registers.rb: Removed.
- * offlineasm/self_hash.rb: Removed.
- * offlineasm/settings.rb: Removed.
- * offlineasm/transform.rb: Removed.
- * offlineasm/x86.rb: Removed.
- * runtime/CodeSpecializationKind.h: Removed.
- * runtime/CommonSlowPaths.h:
- * runtime/Executable.cpp:
- * runtime/Executable.h:
- * runtime/ExecutionHarness.h: Removed.
- * runtime/JSArray.h:
- * runtime/JSCell.h:
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp:
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.h:
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSString.h:
- * runtime/JSTypeInfo.h:
- * runtime/JSValue.cpp:
- * runtime/JSValue.h:
- * runtime/JSVariableObject.h:
- * runtime/Options.cpp:
- * runtime/Options.h:
- * runtime/ScopeChain.h:
- * runtime/Structure.cpp:
- * runtime/Structure.h:
- * runtime/StructureChain.h:
- * wtf/InlineASM.h:
- * wtf/Platform.h:
- * wtf/SentinelLinkedList.h:
- * wtf/text/StringImpl.h:
-
-2012-02-21 Gustavo Noronha Silva <kov@debian.org> and Bob Tracy <rct@frus.com>
-
- Does not build on IA64, SPARC and Alpha
- https://bugs.webkit.org/show_bug.cgi?id=79047
-
- Rubber-stamped by Kent Tamura.
-
- * wtf/dtoa/utils.h: these architectures also have correct double
- operations, so add them to the appropriate side of the check.
-
-2012-02-21 Filip Pizlo <fpizlo@apple.com>
-
- Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build.
- https://bugs.webkit.org/show_bug.cgi?id=75812
-
- Reviewed by Csaba Osztrogonác.
-
- * dfg/DFGOperations.cpp:
- (JSC):
- * jit/HostCallReturnValue.h:
- (JSC::initializeHostCallReturnValue):
-
-2012-02-21 Filip Pizlo <fpizlo@apple.com>
-
- Attempted build fix for ELF platforms.
-
- * dfg/DFGOperations.cpp:
- (JSC):
- (JSC::getHostCallReturnValueWithExecState):
- * jit/HostCallReturnValue.cpp:
- (JSC):
- * jit/HostCallReturnValue.h:
- (JSC::initializeHostCallReturnValue):
-
-2012-02-20 Filip Pizlo <fpizlo@apple.com>
-
- JSC should be a triple-tier VM
- https://bugs.webkit.org/show_bug.cgi?id=75812
- <rdar://problem/10079694>
-
- Reviewed by Gavin Barraclough.
-
- Implemented an interpreter that uses the JIT's calling convention. This
- interpreter is called LLInt, or the Low Level Interpreter. JSC will now
- will start by executing code in LLInt and will only tier up to the old
- JIT after the code is proven hot.
-
- LLInt is written in a modified form of our macro assembly. This new macro
- assembly is compiled by an offline assembler (see offlineasm), which
- implements many modern conveniences such as a Turing-complete CPS-based
- macro language and direct access to relevant C++ type information
- (basically offsets of fields and sizes of structs/classes).
-
- Code executing in LLInt appears to the rest of the JSC world "as if" it
- were executing in the old JIT. Hence, things like exception handling and
- cross-execution-engine calls just work and require pretty much no
- additional overhead.
-
- This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
- V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
- V8, and Kraken, but appear to get a double-digit improvement on real-world
- websites due to a huge reduction in the amount of JIT'ing.
-
- * CMakeLists.txt:
- * GNUmakefile.am:
- * GNUmakefile.list.am:
- * JavaScriptCore.pri:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * assembler/LinkBuffer.h:
- * assembler/MacroAssemblerCodeRef.h:
- (MacroAssemblerCodePtr):
- (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
- * bytecode/BytecodeConventions.h: Added.
- * bytecode/CallLinkStatus.cpp:
- (JSC::CallLinkStatus::computeFromLLInt):
- (JSC):
- (JSC::CallLinkStatus::computeFor):
- * bytecode/CallLinkStatus.h:
- (JSC::CallLinkStatus::isSet):
- (JSC::CallLinkStatus::operator!):
- (CallLinkStatus):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::~CodeBlock):
- (JSC::CodeBlock::finalizeUnconditionally):
- (JSC::CodeBlock::stronglyVisitStrongReferences):
- (JSC):
- (JSC::CodeBlock::unlinkCalls):
- (JSC::CodeBlock::unlinkIncomingCalls):
- (JSC::CodeBlock::bytecodeOffset):
- (JSC::ProgramCodeBlock::jettison):
- (JSC::EvalCodeBlock::jettison):
- (JSC::FunctionCodeBlock::jettison):
- (JSC::ProgramCodeBlock::jitCompileImpl):
- (JSC::EvalCodeBlock::jitCompileImpl):
- (JSC::FunctionCodeBlock::jitCompileImpl):
- * bytecode/CodeBlock.h:
- (JSC):
- (CodeBlock):
- (JSC::CodeBlock::baselineVersion):
- (JSC::CodeBlock::linkIncomingCall):
- (JSC::CodeBlock::bytecodeOffset):
- (JSC::CodeBlock::jitCompile):
- (JSC::CodeBlock::hasOptimizedReplacement):
- (JSC::CodeBlock::addPropertyAccessInstruction):
- (JSC::CodeBlock::addGlobalResolveInstruction):
- (JSC::CodeBlock::addLLIntCallLinkInfo):
- (JSC::CodeBlock::addGlobalResolveInfo):
- (JSC::CodeBlock::numberOfMethodCallLinkInfos):
- (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
- (JSC::CodeBlock::likelyToTakeSlowCase):
- (JSC::CodeBlock::couldTakeSlowCase):
- (JSC::CodeBlock::likelyToTakeSpecialFastCase):
- (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
- (JSC::CodeBlock::likelyToTakeAnySlowCase):
- (JSC::CodeBlock::addFrequentExitSite):
- (JSC::CodeBlock::dontJITAnytimeSoon):
- (JSC::CodeBlock::jitAfterWarmUp):
- (JSC::CodeBlock::jitSoon):
- (JSC::CodeBlock::llintExecuteCounter):
- (ProgramCodeBlock):
- (EvalCodeBlock):
- (FunctionCodeBlock):
- * bytecode/GetByIdStatus.cpp:
- (JSC::GetByIdStatus::computeFromLLInt):
- (JSC):
- (JSC::GetByIdStatus::computeFor):
- * bytecode/GetByIdStatus.h:
- (JSC::GetByIdStatus::GetByIdStatus):
- (JSC::GetByIdStatus::wasSeenInJIT):
- (GetByIdStatus):
- * bytecode/Instruction.h:
- (JSC):
- (JSC::Instruction::Instruction):
- (Instruction):
- * bytecode/LLIntCallLinkInfo.h: Added.
- (JSC):
- (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
- (LLIntCallLinkInfo):
- (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
- (JSC::LLIntCallLinkInfo::isLinked):
- (JSC::LLIntCallLinkInfo::unlink):
- * bytecode/MethodCallLinkStatus.cpp:
- (JSC::MethodCallLinkStatus::computeFor):
- * bytecode/Opcode.cpp:
- (JSC):
- * bytecode/Opcode.h:
- (JSC):
- (JSC::padOpcodeName):
- * bytecode/PutByIdStatus.cpp:
- (JSC::PutByIdStatus::computeFromLLInt):
- (JSC):
- (JSC::PutByIdStatus::computeFor):
- * bytecode/PutByIdStatus.h:
- (PutByIdStatus):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitPutById):
- (JSC::BytecodeGenerator::emitDirectPutById):
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitConstruct):
- (JSC::BytecodeGenerator::emitCatch):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGOperations.cpp:
- * heap/Heap.h:
- (JSC):
- (JSC::Heap::firstAllocatorWithoutDestructors):
- (Heap):
- * heap/MarkStack.cpp:
- (JSC::visitChildren):
- * heap/MarkedAllocator.h:
- (JSC):
- (MarkedAllocator):
- * heap/MarkedSpace.h:
- (JSC):
- (MarkedSpace):
- (JSC::MarkedSpace::firstAllocator):
- * interpreter/CallFrame.cpp:
- (JSC):
- (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
- (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
- (JSC::CallFrame::currentVPC):
- (JSC::CallFrame::setCurrentVPC):
- (JSC::CallFrame::trueCallerFrame):
- * interpreter/CallFrame.h:
- (JSC::ExecState::hasReturnPC):
- (JSC::ExecState::clearReturnPC):
- (ExecState):
- (JSC::ExecState::bytecodeOffsetForNonDFGCode):
- (JSC::ExecState::currentVPC):
- (JSC::ExecState::setCurrentVPC):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::Interpreter):
- (JSC::Interpreter::~Interpreter):
- (JSC):
- (JSC::Interpreter::initialize):
- (JSC::Interpreter::isOpcode):
- (JSC::Interpreter::unwindCallFrame):
- (JSC::getCallerInfo):
- (JSC::Interpreter::privateExecute):
- (JSC::Interpreter::retrieveLastCaller):
- * interpreter/Interpreter.h:
- (JSC):
- (Interpreter):
- (JSC::Interpreter::getOpcode):
- (JSC::Interpreter::getOpcodeID):
- (JSC::Interpreter::classicEnabled):
- * interpreter/RegisterFile.h:
- (JSC):
- (RegisterFile):
- * jit/ExecutableAllocator.h:
- (JSC):
- * jit/HostCallReturnValue.cpp: Added.
- (JSC):
- (JSC::getHostCallReturnValueWithExecState):
- * jit/HostCallReturnValue.h: Added.
- (JSC):
- (JSC::initializeHostCallReturnValue):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JITCode.h:
- (JSC::JITCode::isOptimizingJIT):
- (JITCode):
- (JSC::JITCode::isBaselineCode):
- (JSC::JITCode::JITCode):
- * jit/JITDriver.h:
- (JSC::jitCompileIfAppropriate):
- (JSC::jitCompileFunctionIfAppropriate):
- * jit/JITExceptions.cpp:
- (JSC::jitThrow):
- * jit/JITInlineMethods.h:
- (JSC::JIT::updateTopCallFrame):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC):
- * jit/JITStubs.h:
- (JSC):
- * jit/JSInterfaceJIT.h:
- * llint: Added.
- * llint/LLIntCommon.h: Added.
- * llint/LLIntData.cpp: Added.
- (LLInt):
- (JSC::LLInt::Data::Data):
- (JSC::LLInt::Data::performAssertions):
- (JSC::LLInt::Data::~Data):
- * llint/LLIntData.h: Added.
- (JSC):
- (LLInt):
- (Data):
- (JSC::LLInt::Data::exceptionInstructions):
- (JSC::LLInt::Data::opcodeMap):
- (JSC::LLInt::Data::performAssertions):
- * llint/LLIntEntrypoints.cpp: Added.
- (LLInt):
- (JSC::LLInt::getFunctionEntrypoint):
- (JSC::LLInt::getEvalEntrypoint):
- (JSC::LLInt::getProgramEntrypoint):
- * llint/LLIntEntrypoints.h: Added.
- (JSC):
- (LLInt):
- (JSC::LLInt::getEntrypoint):
- * llint/LLIntExceptions.cpp: Added.
- (LLInt):
- (JSC::LLInt::interpreterThrowInCaller):
- (JSC::LLInt::returnToThrowForThrownException):
- (JSC::LLInt::returnToThrow):
- (JSC::LLInt::callToThrow):
- * llint/LLIntExceptions.h: Added.
- (JSC):
- (LLInt):
- * llint/LLIntOfflineAsmConfig.h: Added.
- * llint/LLIntOffsetsExtractor.cpp: Added.
- (JSC):
- (LLIntOffsetsExtractor):
- (JSC::LLIntOffsetsExtractor::dummy):
- (main):
- * llint/LLIntSlowPaths.cpp: Added.
- (LLInt):
- (JSC::LLInt::llint_trace_operand):
- (JSC::LLInt::llint_trace_value):
- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- (JSC::LLInt::traceFunctionPrologue):
- (JSC::LLInt::shouldJIT):
- (JSC::LLInt::entryOSR):
- (JSC::LLInt::resolveGlobal):
- (JSC::LLInt::getByVal):
- (JSC::LLInt::handleHostCall):
- (JSC::LLInt::setUpCall):
- (JSC::LLInt::genericCall):
- * llint/LLIntSlowPaths.h: Added.
- (JSC):
- (LLInt):
- * llint/LLIntThunks.cpp: Added.
- (LLInt):
- (JSC::LLInt::generateThunkWithJumpTo):
- (JSC::LLInt::functionForCallEntryThunkGenerator):
- (JSC::LLInt::functionForConstructEntryThunkGenerator):
- (JSC::LLInt::functionForCallArityCheckThunkGenerator):
- (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
- (JSC::LLInt::evalEntryThunkGenerator):
- (JSC::LLInt::programEntryThunkGenerator):
- * llint/LLIntThunks.h: Added.
- (JSC):
- (LLInt):
- * llint/LowLevelInterpreter.asm: Added.
- * llint/LowLevelInterpreter.cpp: Added.
- * llint/LowLevelInterpreter.h: Added.
- * offlineasm: Added.
- * offlineasm/armv7.rb: Added.
- * offlineasm/asm.rb: Added.
- * offlineasm/ast.rb: Added.
- * offlineasm/backends.rb: Added.
- * offlineasm/generate_offset_extractor.rb: Added.
- * offlineasm/instructions.rb: Added.
- * offlineasm/offset_extractor_constants.rb: Added.
- * offlineasm/offsets.rb: Added.
- * offlineasm/opt.rb: Added.
- * offlineasm/parser.rb: Added.
- * offlineasm/registers.rb: Added.
- * offlineasm/self_hash.rb: Added.
- * offlineasm/settings.rb: Added.
- * offlineasm/transform.rb: Added.
- * offlineasm/x86.rb: Added.
- * runtime/CodeSpecializationKind.h: Added.
- (JSC):
- * runtime/CommonSlowPaths.h:
- (JSC::CommonSlowPaths::arityCheckFor):
- (CommonSlowPaths):
- * runtime/Executable.cpp:
- (JSC::jettisonCodeBlock):
- (JSC):
- (JSC::EvalExecutable::jitCompile):
- (JSC::samplingDescription):
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::jitCompile):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::baselineCodeBlockFor):
- (JSC::FunctionExecutable::jitCompileForCall):
- (JSC::FunctionExecutable::jitCompileForConstruct):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC):
- (EvalExecutable):
- (ProgramExecutable):
- (FunctionExecutable):
- (JSC::FunctionExecutable::jitCompileFor):
- * runtime/ExecutionHarness.h: Added.
- (JSC):
- (JSC::prepareForExecution):
- (JSC::prepareFunctionForExecution):
- * runtime/JSArray.h:
- (JSC):
- (JSArray):
- * runtime/JSCell.h:
- (JSC):
- (JSCell):
- * runtime/JSFunction.h:
- (JSC):
- (JSFunction):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC):
- (JSGlobalData):
- * runtime/JSGlobalObject.h:
- (JSC):
- (JSGlobalObject):
- * runtime/JSObject.h:
- (JSC):
- (JSObject):
- (JSFinalObject):
- * runtime/JSPropertyNameIterator.h:
- (JSC):
- (JSPropertyNameIterator):
- * runtime/JSString.h:
- (JSC):
- (JSString):
- * runtime/JSTypeInfo.h:
- (JSC):
- (TypeInfo):
- * runtime/JSValue.cpp:
- (JSC::JSValue::description):
- * runtime/JSValue.h:
- (LLInt):
- (JSValue):
- * runtime/JSVariableObject.h:
- (JSC):
- (JSVariableObject):
- * runtime/Options.cpp:
- (Options):
- (JSC::Options::initializeOptions):
- * runtime/Options.h:
- (Options):
- * runtime/ScopeChain.h:
- (JSC):
- (ScopeChainNode):
- * runtime/Structure.cpp:
- (JSC::Structure::addPropertyTransition):
- * runtime/Structure.h:
- (JSC):
- (Structure):
- * runtime/StructureChain.h:
- (JSC):
- (StructureChain):
- * wtf/InlineASM.h:
- * wtf/Platform.h:
- * wtf/SentinelLinkedList.h:
- (SentinelLinkedList):
- (WTF::SentinelLinkedList::isEmpty):
- * wtf/text/StringImpl.h:
- (JSC):
- (StringImpl):
-
-2012-02-20 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, rolling out http://trac.webkit.org/changeset/108291
- It completely broke the 32-bit JIT.
-
- * heap/CopiedAllocator.h:
- * heap/CopiedSpace.h:
- (CopiedSpace):
- * heap/Heap.h:
- (JSC::Heap::allocatorForObjectWithDestructor):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- * jit/JIT.h:
- (JIT):
- * jit/JITInlineMethods.h:
- (JSC):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_array):
- * runtime/JSArray.cpp:
- (JSC::storageSize):
- (JSC):
- * runtime/JSArray.h:
- (ArrayStorage):
- (JSArray):
-
-2012-02-20 Gavin Barraclough <barraclough@apple.com>
-
- [[Put]] should throw if prototype chain contains a readonly property.
- https://bugs.webkit.org/show_bug.cgi?id=79069
-
- Reviewed by Oliver Hunt.
-
- Currently we only check the base of the put, not the prototype chain.
- Fold this check in with the test for accessors.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- - Updated to test all objects in the propotype chain for readonly properties.
- (JSC::JSObject::putDirectAccessor):
- (JSC::putDescriptor):
- - Record the presence of readonly properties on the structure.
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
- * runtime/Structure.h:
- (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
- (JSC::Structure::setHasGetterSetterProperties):
- - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
- (JSC::Structure::setContainsReadOnlyProperties):
- - Added.
-
-2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Implement fast path for op_new_array in the baseline JIT
- https://bugs.webkit.org/show_bug.cgi?id=78612
-
- Reviewed by Filip Pizlo.
-
- * heap/CopiedAllocator.h:
- (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
- * heap/CopiedSpace.h:
- (CopiedSpace): Friended the JIT to allow access to
- (JSC::CopiedSpace::allocator):
- * heap/Heap.h:
- (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
- can use it for simple allocation i.e. when we can just bump the offset without having to
- do anything else.
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
- we have to bail out because the fast allocation path fails for whatever reason.
- * jit/JIT.h:
- (JIT):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
- allocate generic backing stores. This function is used by emitAllocateJSArray.
- (JSC):
- (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
- more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
- it will also be used for emit_op_new_array_buffer.
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
- a stub call for oversize arrays.
- (JSC):
- (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on
- the fast path.
- * runtime/JSArray.cpp:
- (JSC):
- * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
- initialize in the JIT.
- (ArrayStorage):
- (JSC::ArrayStorage::lengthOffset):
- (JSC::ArrayStorage::numValuesInVectorOffset):
- (JSC::ArrayStorage::allocBaseOffset):
- (JSC::ArrayStorage::vectorOffset):
- (JSArray):
- (JSC::JSArray::sparseValueMapOffset):
- (JSC::JSArray::subclassDataOffset):
- (JSC::JSArray::indexBiasOffset):
- (JSC):
- (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
- to being a static function in the JSArray class. This move allows the JIT to call it to
- see what size it should allocate.
-
-2012-02-20 Gavin Barraclough <barraclough@apple.com>
-
- DefineOwnProperty fails with numeric properties & Object.prototype
- https://bugs.webkit.org/show_bug.cgi?id=79059
-
- Reviewed by Oliver Hunt.
-
- ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names),
- calls to defineOwnProperty need to update this cache.
-
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::put):
- (JSC::ObjectPrototype::defineOwnProperty):
- (JSC):
- (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
- * runtime/ObjectPrototype.h:
- (ObjectPrototype):
-
-2012-02-20 Pino Toscano <pino@debian.org>
-
- Does not build on GNU Hurd
- https://bugs.webkit.org/show_bug.cgi?id=79045
-
- Reviewed by Gustavo Noronha Silva.
-
- * wtf/Platform.h: define WTF_OS_HURD.
- * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix
- for the lack of PTHREAD_KEYS_MAX definition, with a value which
- should not cause issues.
-
-2012-02-20 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Undoing accidental changes
-
- * heap/Heap.cpp:
- (JSC::Heap::collectAllGarbage):
-
-2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Factor out allocation in CopySpace into a separate CopyAllocator
- https://bugs.webkit.org/show_bug.cgi?id=78610
-
- Reviewed by Oliver Hunt.
-
- Added a new CopyAllocator class, which allows us to do allocations without
- having to load the current offset and store the current offset in the current
- block. This change will allow us to easily do inline assembly in the JIT for
- array allocations.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/CopiedAllocator.h: Added.
- (JSC):
- (CopiedAllocator):
- (JSC::CopiedAllocator::currentBlock):
- (JSC::CopiedAllocator::CopiedAllocator):
- (JSC::CopiedAllocator::allocate):
- (JSC::CopiedAllocator::fitsInCurrentBlock):
- (JSC::CopiedAllocator::wasLastAllocation):
- (JSC::CopiedAllocator::startedCopying):
- (JSC::CopiedAllocator::resetCurrentBlock):
- (JSC::CopiedAllocator::currentUtilization):
- (JSC::CopiedAllocator::resetLastAllocation):
- * heap/CopiedBlock.h:
- (CopiedBlock):
- * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we
- weren't really getting any benefits from having such big functions in a header file.
- (JSC::CopiedSpace::CopiedSpace):
- (JSC):
- (JSC::CopiedSpace::init):
- (JSC::CopiedSpace::tryAllocateSlowCase):
- (JSC::CopiedSpace::tryAllocateOversize):
- (JSC::CopiedSpace::tryReallocate):
- (JSC::CopiedSpace::tryReallocateOversize):
- (JSC::CopiedSpace::doneFillingBlock):
- (JSC::CopiedSpace::doneCopying):
- (JSC::CopiedSpace::getFreshBlock):
- * heap/CopiedSpace.h:
- (CopiedSpace):
- * heap/CopiedSpaceInlineMethods.h:
- (JSC):
- (JSC::CopiedSpace::startedCopying):
- (JSC::CopiedSpace::addNewBlock):
- (JSC::CopiedSpace::allocateNewBlock):
- (JSC::CopiedSpace::fitsInBlock):
- (JSC::CopiedSpace::tryAllocate):
- (JSC::CopiedSpace::allocateFromBlock):
- * heap/Heap.cpp:
- (JSC::Heap::collectAllGarbage):
- * heap/HeapBlock.h:
- (HeapBlock):
-
-2012-02-20 Patrick Gansterer <paroga@webkit.org>
-
- Fix Visual Studio 2010 build.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::PropertyListNode::emitBytecode):
-
-2012-02-16 Gavin Barraclough <barraclough@apple.com>
-
- Move special __proto__ property to Object.prototype
- https://bugs.webkit.org/show_bug.cgi?id=78409
-
- Reviewed by Oliver Hunt.
-
- Re-implement this as a regular accessor property. This has three key benefits:
- 1) It makes it possible for objects to be given properties named __proto__.
- 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
- 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
-
- * parser/Parser.cpp:
- (JSC::::parseFunctionInfo):
- - No need to prohibit functions named __proto__.
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- - Add __proto__ accessor to Object.prototype.
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncProtoGetter):
- (JSC::globalFuncProtoSetter):
- - Definition of the __proto__ accessor functions.
- * runtime/JSGlobalObjectFunctions.h:
- - Declaration of the __proto__ accessor functions.
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
- (JSC::JSObject::putDirectAccessor):
- - Track on the structure whether an object contains accessors other than one for __proto__.
- (JSC::JSObject::defineOwnProperty):
- - No need to prohibit definition of own properties named __proto__.
- * runtime/JSObject.h:
- (JSC::JSObject::inlineGetOwnPropertySlot):
- - Remove the special handling for __proto__.
- (JSC::JSValue::get):
- - Remove the special handling for __proto__.
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlot):
- - Remove the special handling for __proto__.
- * runtime/JSValue.h:
- (JSValue):
- - Made synthesizePrototype public (this may be needed by the __proto__ getter).
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorGetPrototypeOf):
- - Perform the security check & call prototype() directly.
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
- * runtime/Structure.h:
- (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
- (JSC::Structure::setHasGetterSetterProperties):
- (Structure):
- - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
-
-2012-02-20 Michael Saboff <msaboff@apple.com>
-
- Update toLower and toUpper tests for Unicode 6.1 changes
- https://bugs.webkit.org/show_bug.cgi?id=78923
-
- Reviewed by Oliver Hunt.
-
- * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test
- to handle a third set of results for updated Unicode 6.1
- changes.
- (getTestCases):
- (TestCaseMultiExpected):
- (writeTestCaseResultMultiExpected):
- (getTestCaseResultMultiExpected):
- (test):
- (GetUnicodeValues):
- (DecimalToHexString):
-
-2012-02-20 Andy Wingo <wingo@igalia.com>
-
- Remove unused features from CodeFeatures
- https://bugs.webkit.org/show_bug.cgi?id=78804
-
- Reviewed by Gavin Barraclough.
-
- * parser/Nodes.h:
- * parser/ASTBuilder.h:
- (JSC::ClosureFeature):
- (JSC::ASTBuilder::createFunctionBody):
- (JSC::ASTBuilder::usesClosures):
- Remove "ClosureFeature". Since we track captured variables more
- precisely, this bit doesn't do us any good.
-
- (JSC::AssignFeature):
- (JSC::ASTBuilder::makeAssignNode):
- (JSC::ASTBuilder::makePrefixNode):
- (JSC::ASTBuilder::makePostfixNode):
- (JSC::ASTBuilder::usesAssignment):
- Similarly, remove AssignFeature. It is unused.
-
-2012-02-19 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck issues.
-
- * GNUmakefile.list.am: Add missing files.
-
-2012-02-18 Sam Weinig <sam@webkit.org>
-
- Fix style issues in DFG Phase classes
- https://bugs.webkit.org/show_bug.cgi?id=78983
-
- Reviewed by Ryosuke Niwa.
-
- * dfg/DFGArithNodeFlagsInferencePhase.cpp:
- * dfg/DFGCFAPhase.cpp:
- * dfg/DFGCSEPhase.cpp:
- * dfg/DFGPredictionPropagationPhase.cpp:
- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
- Add a space before the colon in class declarations.
-
-2012-02-18 Filip Pizlo <fpizlo@apple.com>
-
- Attempt to fix Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-18 Sam Weinig <sam@webkit.org>
-
- Fix the libc++ build.
-
- Reviewed by Anders Carlsson.
-
- * heap/Weak.h:
- Libc++'s nullptr emulation does not allow default construction
- of the nullptr_t type. Work around this with the arguably clearer
- just returning nullptr.
-
-2012-02-18 Filip Pizlo <fpizlo@apple.com>
-
- DFGPropagator.cpp has too many things
- https://bugs.webkit.org/show_bug.cgi?id=78956
-
- Reviewed by Oliver Hunt.
-
- Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
- various things and put them into separate files. These new phases follow
- the naming convention "DFG<name>Phase" where <name> is a noun. They are
- called via functions of the form "perform<name>".
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
- (DFG):
- (JSC::DFG::performArithNodeFlagsInference):
- * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
- (DFG):
- * dfg/DFGCFAPhase.cpp: Added.
- (DFG):
- (JSC::DFG::performCFA):
- * dfg/DFGCFAPhase.h: Added.
- (DFG):
- * dfg/DFGCSEPhase.cpp: Added.
- (DFG):
- (JSC::DFG::performCSE):
- * dfg/DFGCSEPhase.h: Added.
- (DFG):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGPhase.cpp: Added.
- (DFG):
- (JSC::DFG::Phase::beginPhase):
- (JSC::DFG::Phase::endPhase):
- * dfg/DFGPhase.h: Added.
- (DFG):
- (Phase):
- (JSC::DFG::Phase::Phase):
- (JSC::DFG::Phase::~Phase):
- (JSC::DFG::Phase::globalData):
- (JSC::DFG::Phase::codeBlock):
- (JSC::DFG::Phase::profiledBlock):
- (JSC::DFG::Phase::beginPhase):
- (JSC::DFG::Phase::endPhase):
- (JSC::DFG::runPhase):
- * dfg/DFGPredictionPropagationPhase.cpp: Added.
- (DFG):
- (JSC::DFG::performPredictionPropagation):
- * dfg/DFGPredictionPropagationPhase.h: Added.
- (DFG):
- * dfg/DFGPropagator.cpp: Removed.
- * dfg/DFGPropagator.h: Removed.
- * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
- (DFG):
- (JSC::DFG::performVirtualRegisterAllocation):
- * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
- (DFG):
-
-2012-02-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and
- the CodeBlock that was used for profiling
- https://bugs.webkit.org/show_bug.cgi?id=78954
-
- Reviewed by Gavin Barraclough.
-
- * bytecode/CodeBlock.h:
- (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
- (JSC):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::AbstractState):
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGAbstractState.h:
- * dfg/DFGAssemblyHelpers.h:
- (AssemblyHelpers):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::parse):
- * dfg/DFGByteCodeParser.h:
- (DFG):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::Graph):
- (Graph):
- (JSC::DFG::Graph::getJSConstantPrediction):
- (JSC::DFG::Graph::addShouldSpeculateInteger):
- (JSC::DFG::Graph::isInt32Constant):
- (JSC::DFG::Graph::isDoubleConstant):
- (JSC::DFG::Graph::isNumberConstant):
- (JSC::DFG::Graph::isBooleanConstant):
- (JSC::DFG::Graph::isFunctionConstant):
- (JSC::DFG::Graph::valueOfJSConstant):
- (JSC::DFG::Graph::valueOfInt32Constant):
- (JSC::DFG::Graph::valueOfNumberConstant):
- (JSC::DFG::Graph::valueOfBooleanConstant):
- (JSC::DFG::Graph::valueOfFunctionConstant):
- (JSC::DFG::Graph::baselineCodeBlockFor):
- (JSC::DFG::Graph::valueProfileFor):
- (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::JITCompiler):
- (JITCompiler):
- * dfg/DFGOSRExit.cpp:
- (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::Propagator):
- (JSC::DFG::Propagator::isNotNegZero):
- (JSC::DFG::Propagator::isNotZero):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::doRoundOfDoubleVoting):
- (JSC::DFG::Propagator::globalCFA):
- (JSC::DFG::propagate):
- * dfg/DFGPropagator.h:
+ (JSC::DFG::Node::setCanExit):
+ (JSC::DFG::Node::canExit):
+ * dfg/DFGNodeFlags.cpp:
+ (JSC::DFG::nodeFlagsAsString):
+ * dfg/DFGNodeFlags.h:
(DFG):
* dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- (JSC::DFG::SpeculativeJIT::compileAdd):
- (JSC::DFG::SpeculativeJIT::compileArithSub):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isConstant):
- (JSC::DFG::SpeculativeJIT::isJSConstant):
- (JSC::DFG::SpeculativeJIT::isInt32Constant):
- (JSC::DFG::SpeculativeJIT::isDoubleConstant):
- (JSC::DFG::SpeculativeJIT::isNumberConstant):
- (JSC::DFG::SpeculativeJIT::isBooleanConstant):
- (JSC::DFG::SpeculativeJIT::isFunctionConstant):
- (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
- (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
- (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
- (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
- (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
- (JSC::DFG::SpeculativeJIT::speculationCheck):
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-
-2012-02-17 Ahmad Sharif <asharif.tools@gmail.com>
-
- There is a warning in memset in glibc that gets triggered through a
- warndecl when the fill-value of memset is a non-zero constant and the
- size is zero. This warning is enabled when building with
- -D_FORTIFY_SOURCE=2. This patch fixes the warning.
-
- https://bugs.webkit.org/show_bug.cgi?id=78513
-
- Reviewed by Alexey Proskuryakov
-
- * wtf/Vector.h:
-
-2012-02-17 Kalev Lember <kalevlember@gmail.com>
-
- Remove unused parameters from WTF threading API
- https://bugs.webkit.org/show_bug.cgi?id=78389
-
- Reviewed by Adam Roben.
-
- waitForThreadCompletion() had an out param 'void **result' to get the
- 'void *' returned by ThreadFunction. However, the implementation in
- ThreadingWin.cpp ignored the out param, not filling it in. This had
- led to a situation where none of the client code made use of the param
- and just ignored it.
-
- To clean this up, the patch changes the signature of ThreadFunction to
- return void instead of void* and drops the the unused 'void **result'
- parameter from waitForThreadCompletion. Also, all client code is
- updated for the API change.
-
- As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even
- though the change only affects internal API, Safari is using it
- directly and we'll need to keep the old versions around for ABI
- compatibility. For this, the patch adds compatibility wrappers with
- the old ABI.
-
- * JavaScriptCore.order:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * bytecode/SamplingTool.cpp:
- (JSC::SamplingThread::threadStartFunc):
- (JSC::SamplingThread::stop):
- * bytecode/SamplingTool.h:
- (SamplingThread):
- * heap/Heap.cpp:
- (JSC::Heap::~Heap):
- (JSC::Heap::blockFreeingThreadStartFunc):
- * heap/Heap.h:
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
- (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
- * heap/MarkStack.h:
- (MarkStackThreadSharedData):
- * wtf/ParallelJobsGeneric.cpp:
- (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
- * wtf/ParallelJobsGeneric.h:
- (ThreadPrivate):
- * wtf/ThreadFunctionInvocation.h: Update the signature of
- ThreadFunction.
- (WTF):
- * wtf/Threading.cpp:
- (WTF::threadEntryPoint): Update for ThreadFunction signature change.
- (WTF):
- (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation):
- ABI compatibility function for Safari.
- (ThreadFunctionWithReturnValueInvocation): Ditto.
- (WTF::compatEntryPoint): Ditto.
- (WTF::createThread): Ditto.
- (WTF::waitForThreadCompletion): Ditto.
- * wtf/Threading.h: Update the signature of ThreadFunction and
- waitForThreadCompletion.
- (WTF):
- * wtf/ThreadingPthreads.cpp: Implement the new API.
- (WTF::wtfThreadEntryPoint):
- (WTF):
- (WTF::createThreadInternal):
- (WTF::waitForThreadCompletion):
- * wtf/ThreadingWin.cpp: Implement the new API.
- (WTF::wtfThreadEntryPoint):
- (WTF::waitForThreadCompletion):
-
-2012-02-16 Oliver Hunt <oliver@apple.com>
-
- Implement Error.stack
- https://bugs.webkit.org/show_bug.cgi?id=66994
-
- Reviewed by Gavin Barraclough.
-
- Implement support for stack traces on exception objects. This is a rewrite
- of the core portion of the last stack walking logic, but the mechanical work
- of adding the information to an exception comes from the original work by
- Juan Carlos Montemayor Elosua.
-
- * interpreter/Interpreter.cpp:
- (JSC::getCallerInfo):
- (JSC):
- (JSC::getSourceURLFromCallFrame):
- (JSC::getStackFrameCodeType):
- (JSC::Interpreter::getStackTrace):
- (JSC::Interpreter::throwException):
- (JSC::Interpreter::privateExecute):
- * interpreter/Interpreter.h:
- (JSC):
- (StackFrame):
- (JSC::StackFrame::toString):
- (Interpreter):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (functionJSCStack):
- * parser/Nodes.h:
- (JSC::FunctionBodyNode::setInferredName):
- * parser/Parser.h:
- (JSC::::parse):
- * runtime/CommonIdentifiers.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/Error.h:
- (JSC):
-
-2012-02-17 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename Bump* to Copy*
- https://bugs.webkit.org/show_bug.cgi?id=78573
-
- Reviewed by Geoffrey Garen.
-
- Renamed anything with "Bump" in the name to have "Copied" instead.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * heap/BumpBlock.h: Removed.
- * heap/BumpSpace.cpp: Removed.
- * heap/BumpSpace.h: Removed.
- * heap/BumpSpaceInlineMethods.h: Removed.
- * heap/ConservativeRoots.cpp:
- (JSC::ConservativeRoots::ConservativeRoots):
- (JSC::ConservativeRoots::genericAddPointer):
- * heap/ConservativeRoots.h:
- (ConservativeRoots):
- * heap/CopiedBlock.h: Added.
- (JSC):
- (CopiedBlock):
- (JSC::CopiedBlock::CopiedBlock):
- * heap/CopiedSpace.cpp: Added.
- (JSC):
- (JSC::CopiedSpace::tryAllocateSlowCase):
- * heap/CopiedSpace.h: Added.
- (JSC):
- (CopiedSpace):
- (JSC::CopiedSpace::isInCopyPhase):
- (JSC::CopiedSpace::totalMemoryAllocated):
- (JSC::CopiedSpace::totalMemoryUtilized):
- * heap/CopiedSpaceInlineMethods.h: Added.
- (JSC):
- (JSC::CopiedSpace::CopiedSpace):
- (JSC::CopiedSpace::init):
- (JSC::CopiedSpace::contains):
- (JSC::CopiedSpace::pin):
- (JSC::CopiedSpace::startedCopying):
- (JSC::CopiedSpace::doneCopying):
- (JSC::CopiedSpace::doneFillingBlock):
- (JSC::CopiedSpace::recycleBlock):
- (JSC::CopiedSpace::getFreshBlock):
- (JSC::CopiedSpace::borrowBlock):
- (JSC::CopiedSpace::addNewBlock):
- (JSC::CopiedSpace::allocateNewBlock):
- (JSC::CopiedSpace::fitsInBlock):
- (JSC::CopiedSpace::fitsInCurrentBlock):
- (JSC::CopiedSpace::tryAllocate):
- (JSC::CopiedSpace::tryAllocateOversize):
- (JSC::CopiedSpace::allocateFromBlock):
- (JSC::CopiedSpace::tryReallocate):
- (JSC::CopiedSpace::tryReallocateOversize):
- (JSC::CopiedSpace::isOversize):
- (JSC::CopiedSpace::isPinned):
- (JSC::CopiedSpace::oversizeBlockFor):
- (JSC::CopiedSpace::blockFor):
- * heap/Heap.cpp:
- * heap/Heap.h:
- (JSC):
- (Heap):
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
- (JSC::SlotVisitor::drainFromShared):
- (JSC::SlotVisitor::startCopying):
- (JSC::SlotVisitor::allocateNewSpace):
- (JSC::SlotVisitor::doneCopying):
- * heap/MarkStack.h:
- (MarkStackThreadSharedData):
- * heap/SlotVisitor.h:
- (SlotVisitor):
- * runtime/JSArray.cpp:
- * runtime/JSObject.cpp:
-
-2012-02-16 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Add JSC code profiling support on Linux x86
- https://bugs.webkit.org/show_bug.cgi?id=78871
-
- Reviewed by Gavin Barraclough.
-
- We don't unwind the stack for now as we cannot guarantee all the
- libraries are compiled without -fomit-frame-pointer.
-
- * tools/CodeProfile.cpp:
- (JSC::CodeProfile::sample):
- * tools/CodeProfiling.cpp:
- (JSC):
- (JSC::profilingTimer):
- (JSC::CodeProfiling::begin):
- (JSC::CodeProfiling::end):
-
-2012-02-16 Csaba Osztrogonác <ossy@webkit.org>
-
- Unreviewed. Rolling out r107980, because it broke 32 bit platforms.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
- (JSC::Interpreter::privateExecute):
- * interpreter/Interpreter.h:
- (JSC):
- (Interpreter):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- * parser/Nodes.h:
- (JSC::FunctionBodyNode::setInferredName):
- * parser/Parser.h:
- (JSC::::parse):
- * runtime/CommonIdentifiers.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/Error.h:
- (JSC):
-
-2012-02-16 Filip Pizlo <fpizlo@apple.com>
-
- ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER
- https://bugs.webkit.org/show_bug.cgi?id=78791
-
- Rubber stamped by Oliver Hunt.
-
- Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
- COMPUTED_GOTO_CLASSIC_INTERPRETER.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::stronglyVisitStrongReferences):
- (JSC):
- (JSC::CodeBlock::shrinkToFit):
- * bytecode/CodeBlock.h:
- (CodeBlock):
- * bytecode/Instruction.h:
- (JSC::Instruction::Instruction):
- * bytecode/Opcode.h:
- (JSC::padOpcodeName):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitPutById):
- (JSC::BytecodeGenerator::emitDirectPutById):
- * interpreter/AbstractPC.cpp:
- (JSC::AbstractPC::AbstractPC):
- * interpreter/AbstractPC.h:
- (AbstractPC):
- * interpreter/CallFrame.h:
- (ExecState):
- * interpreter/Interpreter.cpp:
- (JSC):
- (JSC::Interpreter::initialize):
- (JSC::Interpreter::isOpcode):
- (JSC::Interpreter::unwindCallFrame):
- (JSC::Interpreter::execute):
- (JSC::Interpreter::privateExecute):
- (JSC::Interpreter::retrieveLastCaller):
- * interpreter/Interpreter.h:
- (JSC::Interpreter::getOpcode):
- (JSC::Interpreter::getOpcodeID):
- (Interpreter):
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (NativeExecutable):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::getHostFunction):
- * runtime/JSGlobalData.h:
- (JSGlobalData):
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
- * wtf/Platform.h:
-
-2012-02-15 Geoffrey Garen <ggaren@apple.com>
-
- Made Weak<T> single-owner, adding PassWeak<T>
- https://bugs.webkit.org/show_bug.cgi?id=78740
-
- Reviewed by Sam Weinig.
-
- This works basically the same way as OwnPtr<T> and PassOwnPtr<T>.
-
- This clarifies the semantics of finalizers: It's ambiguous and probably
- a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
- twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a
- Weak<T>, we now use PassWeak<T>.
-
- This also makes Weak<T> HashMaps more efficient.
-
- * API/JSClassRef.cpp:
- (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since
- set() is gone now.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Export!
-
- * heap/PassWeak.h: Added.
- (JSC):
- (PassWeak):
- (JSC::PassWeak::PassWeak):
- (JSC::PassWeak::~PassWeak):
- (JSC::PassWeak::get):
- (JSC::::leakHandle):
- (JSC::adoptWeak):
- (JSC::operator==):
- (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>.
-
- * heap/Weak.h:
- (Weak):
- (JSC::Weak::Weak):
- (JSC::Weak::release):
- (JSC::Weak::hashTableDeletedValue):
- (JSC::=):
- (JSC): Changed to be non-copyable, removing a lot of copying-related
- APIs. Added hash traits so hash maps still work.
-
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
- * runtime/RegExpCache.cpp:
- (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by
- our new hash map API.
-
-2012-02-16 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fix the broken viewport tests
- https://bugs.webkit.org/show_bug.cgi?id=78774
-
- Reviewed by Kenneth Rohde Christiansen.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/text/WTFString.cpp:
- (WTF):
- (WTF::toDoubleType): Template-ized to allow other functions to specify whether they
- want to allow trailing junk or not when calling strtod.
- (WTF::charactersToDouble):
- (WTF::charactersToFloat):
- (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows
- trailing junk.
- * wtf/text/WTFString.h:
- (WTF):
-
-2012-02-16 Oliver Hunt <oliver@apple.com>
-
- Implement Error.stack
- https://bugs.webkit.org/show_bug.cgi?id=66994
-
- Reviewed by Gavin Barraclough.
-
- Implement support for stack traces on exception objects. This is a rewrite
- of the core portion of the last stack walking logic, but the mechanical work
- of adding the information to an exception comes from the original work by
- Juan Carlos Montemayor Elosua.
-
- * interpreter/Interpreter.cpp:
- (JSC::getCallerInfo):
- (JSC):
- (JSC::getSourceURLFromCallFrame):
- (JSC::getStackFrameCodeType):
- (JSC::Interpreter::getStackTrace):
- (JSC::Interpreter::throwException):
- (JSC::Interpreter::privateExecute):
- * interpreter/Interpreter.h:
- (JSC):
- (StackFrame):
- (JSC::StackFrame::toString):
- (Interpreter):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (functionJSCStack):
- * parser/Nodes.h:
- (JSC::FunctionBodyNode::setInferredName):
- * parser/Parser.h:
- (JSC::::parse):
- * runtime/CommonIdentifiers.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/Error.h:
- (JSC):
-
-2012-02-15 Gavin Barraclough <barraclough@apple.com>
-
- Numerous trivial bugs in Object.defineProperty
- https://bugs.webkit.org/show_bug.cgi?id=78777
-
- Reviewed by Sam Weinig.
-
- There are a handful of really trivial bugs, related to Object.defineProperty:
- * Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
- * Calling an undefined setter should only throw in strict mode.
- * When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
- * Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
- * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
- * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
- * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
- * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
- * Should be able to define an non-configurable accessor.
- These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute.
-
- * runtime/JSArray.cpp:
- (JSC::SparseArrayValueMap::put):
- - Added ASSERT.
- - Calling an undefined setter should only throw in strict mode.
- (JSC::JSArray::putDescriptor):
- - Should be able to define an non-configurable accessor.
- (JSC::JSArray::defineOwnNumericProperty):
- - Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
- (JSC::JSArray::putByIndexBeyondVectorLength):
- - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
- * runtime/JSArray.h:
- (JSArray):
- - made enterDictionaryMode public, called from JSObject.
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- - Calling an undefined setter should only throw in strict mode.
- (JSC::JSObject::preventExtensions):
- - Put array objects into dictionary mode to handle this!
- (JSC::JSObject::defineOwnProperty):
- - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
- - Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorDefineProperties):
- - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
- * runtime/PropertyDescriptor.cpp:
- (JSC::PropertyDescriptor::attributesWithOverride):
- - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
- (JSC::PropertyDescriptor::attributesOverridingCurrent):
- - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
- * runtime/Structure.cpp:
- (JSC::Structure::freezeTransition):
- - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
- (JSC::Structure::isFrozen):
- - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
-
-2012-02-13 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not check the types of arguments that are dead
- https://bugs.webkit.org/show_bug.cgi?id=78518
-
- Reviewed by Geoff Garen.
-
- The argument checks are now elided if the corresponding SetArgument is dead,
- and the abstract value of the argument is set to bottom (None, []). This is
- performance neutral on the benchmarks we currently track.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::initialize):
- * dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-
-2012-02-15 Oliver Hunt <oliver@apple.com>
-
- Ensure that the DFG JIT always plants a CodeOrigin when making calls
- https://bugs.webkit.org/show_bug.cgi?id=78763
-
- Reviewed by Gavin Barraclough.
-
- Make all calls plant a CodeOrigin prior to the actual
- call. Also clobbers the Interpreter with logic to ensure
- that the interpreter always plants a bytecode offset.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (CallBeginToken):
- (JSC::DFG::JITCompiler::beginJSCall):
- (JSC::DFG::JITCompiler::beginCall):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryBuildGetByIDList):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * interpreter/AbstractPC.cpp:
- (JSC::AbstractPC::AbstractPC):
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::trueCallFrame):
- * interpreter/CallFrame.h:
- (JSC::ExecState::bytecodeOffsetForNonDFGCode):
- (ExecState):
- (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
- (JSC::ExecState::codeOriginIndexForDFG):
-
-2012-02-14 Oliver Hunt <oliver@apple.com>
-
- Fix Interpreter.
-
- * runtime/Executable.cpp:
- (JSC):
- * runtime/Executable.h:
- (ExecutableBase):
-
-2012-02-14 Matt Lilek <mrl@apple.com>
-
- Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms
- https://bugs.webkit.org/show_bug.cgi?id=78629
-
- Reviewed by David Kilzer.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-02-14 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, build fix for non-DFG platforms.
-
- * assembler/MacroAssembler.h:
- (MacroAssembler):
-
-2012-02-14 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, fix build and configuration goof.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::invert):
- * dfg/DFGCommon.h:
-
-2012-02-13 Filip Pizlo <fpizlo@apple.com>
-
- DFG should be able to emit code on control flow edges
- https://bugs.webkit.org/show_bug.cgi?id=78515
-
- Reviewed by Gavin Barraclough.
-
- This gets us a few steps closer to being able to perform global register allocation,
- by allowing us to have landing pads on control flow edges. This will let us reshuffle
- registers if it happens to be necessary due to different reg alloc decisions in
- differen blocks.
-
- This also introduces the notion of a landing pad for OSR entry, which will allow us
- to emit code that places data into registers when we're entering into the DFG from
- the old JIT.
-
- Finally, this patch introduces a verification mode that checks that the landing pads
- are actually emitted and do actually work as advertised. When verification is disabled,
- this has no effect on behavior.
-
- * assembler/MacroAssembler.h:
- (MacroAssembler):
- (JSC::MacroAssembler::invert):
- (JSC::MacroAssembler::isInvertible):
- * dfg/DFGCommon.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::createOSREntries):
- (DFG):
- (JSC::DFG::SpeculativeJIT::linkOSREntries):
- (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
- * dfg/DFGSpeculativeJIT.h:
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::branchDouble):
- (JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
- (JSC::DFG::SpeculativeJIT::branch32):
- (JSC::DFG::SpeculativeJIT::branchTest32):
- (JSC::DFG::SpeculativeJIT::branchPtr):
- (JSC::DFG::SpeculativeJIT::branchTestPtr):
- (JSC::DFG::SpeculativeJIT::branchTest8):
- (JSC::DFG::SpeculativeJIT::jump):
- (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit):
- (JSC::DFG::SpeculativeJIT::emitEdgeCode):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-14 Filip Pizlo <fpizlo@apple.com>
-
- Assertion failure under JSC::DFG::AbstractState::execute loading economist.com
- https://bugs.webkit.org/show_bug.cgi?id=78153
- <rdar://problem/10861712> <rdar://problem/10861947>
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileAdd):
-
-2012-02-14 Eric Seidel <eric@webkit.org>
-
- Upstream Android's additions to Platform.h
- https://bugs.webkit.org/show_bug.cgi?id=78536
-
- Reviewed by Adam Barth.
-
- * wtf/Platform.h:
-
-2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Replace old strtod with new strtod
- https://bugs.webkit.org/show_bug.cgi?id=68044
-
- Reviewed by Geoffrey Garen.
-
- * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
- (JSC::::lex):
- * runtime/JSGlobalObjectFunctions.cpp: Ditto.
- (JSC::parseInt):
- (JSC::jsStrDecimalLiteral):
- * runtime/LiteralParser.cpp: Ditto.
- (JSC::::Lexer::lexNumber):
- * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
- It takes a template argument to allow clients to determine statically whether it should allow
- junk after the numbers or not.
- (WTF):
- (WTF::strtod):
- * wtf/dtoa.h:
- (WTF):
- * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
- (WTF::toDoubleType):
-
-2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com>
-
- More windows build fixing
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-13 Oliver Hunt <oliver@apple.com>
-
- Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
- https://bugs.webkit.org/show_bug.cgi?id=76315
-
- Reviewed by Gavin Barraclough.
-
- Perform a 3 byte compare using two comparisons, rather than trying to perform the
- operation with a four byte load.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Windows build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Replace old strtod with new strtod
- https://bugs.webkit.org/show_bug.cgi?id=68044
-
- Reviewed by Geoffrey Garen.
-
- * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
- (JSC::::lex):
- * runtime/JSGlobalObjectFunctions.cpp: Ditto.
- (JSC::parseInt):
- (JSC::jsStrDecimalLiteral):
- * runtime/LiteralParser.cpp: Ditto.
- (JSC::::Lexer::lexNumber):
- * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
- It takes a template argument to allow clients to determine statically whether it should allow
- junk after the numbers or not.
- (WTF):
- (WTF::strtod):
- * wtf/dtoa.h:
- (WTF):
- * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
- (WTF::toDoubleType):
-
-2012-02-13 Sam Weinig <sam@webkit.org>
-
- Move JSC related assertions out of Assertions.h and into their own header
- https://bugs.webkit.org/show_bug.cgi?id=78508
-
- Reviewed by Gavin Barraclough.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- Add GCAssertions.h
-
- * heap/GCAssertions.h: Added.
- Move assertions here.
-
- * runtime/WriteBarrier.h:
- Add #include of GCAssertions.h
-
- * wtf/Assertions.h:
- Remove JSC related assertions.
-
- * wtf/Compiler.h:
- Add compiler check for __has_trivial_destructor.
-
-2012-02-13 Chao-ying Fu <fu@mips.com>
-
- Update MIPS patchOffsetGetByIdSlowCaseCall
- https://bugs.webkit.org/show_bug.cgi?id=78392
-
- Reviewed by Gavin Barraclough.
-
- * jit/JIT.h:
- (JIT):
-
-2012-02-13 Patrick Gansterer <paroga@webkit.org>
-
- Remove obsolete #if from ThreadSpecific.h
- https://bugs.webkit.org/show_bug.cgi?id=78485
-
- Reviewed by Adam Roben.
-
- Since alle platform use either pthread or Win32 for threading,
- we can remove all PLATFORM() preprocessor statements.
-
- * wtf/ThreadSpecific.h:
- (ThreadSpecific):
-
-2012-02-13 Jessie Berlin <jberlin@apple.com>
-
- Fix the Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-13 Sam Weinig <sam@webkit.org>
-
- Use C11's _Static_assert for COMPILE_ASSERT if it is available
- https://bugs.webkit.org/show_bug.cgi?id=78506
-
- Rubber-stamped by Antti Koivisto.
-
- Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly
- better error messages.
-
- * wtf/Assertions.h:
- Use _Static_assert if it is available.
-
- * wtf/Compiler.h:
- Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler.
-
-2012-02-13 Mario Sanchez Prada <msanchez@igalia.com>
-
- [GTK] Add GSList to the list of GObject types in GOwnPtr
- https://bugs.webkit.org/show_bug.cgi?id=78487
-
- Reviewed by Philippe Normand.
-
- Handle the GSList type in GOwnPtr, by calling g_slist_free in the
- implementation of the freeOwnedGPtr template function.
-
- * wtf/gobject/GOwnPtr.cpp:
- (WTF::GSList):
- (WTF):
- * wtf/gobject/GOwnPtr.h:
- (WTF):
- * wtf/gobject/GTypedefs.h:
-
-2012-02-06 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [EFL] Drop support for the Curl network backend.
- https://bugs.webkit.org/show_bug.cgi?id=77874
-
- Reviewed by Eric Seidel.
-
- Nobody seems to be maintaining the Curl backend in WebCore, the
- EFL port developers all seem to be using the Soup backend and the
- port itself has many features which are only implemented for the
- latter.
-
- * wtf/PlatformEfl.cmake: Always build the gobject-dependent source
- files.
-
-2012-02-13 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for !ENABLE(JIT) after r107485.
-
- * bytecode/PolymorphicPutByIdList.cpp:
-
-2012-02-13 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=78434
- Unreviewed - temporarily reverting r107498 will I fix a couple of testcases.
-
- * parser/Parser.cpp:
- (JSC::::parseFunctionInfo):
- * runtime/ClassInfo.h:
- (MethodTable):
- (JSC):
- * runtime/JSCell.cpp:
- (JSC):
- * runtime/JSCell.h:
- (JSCell):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC):
- * runtime/JSGlobalObjectFunctions.h:
- (JSC):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC):
- (JSC::JSObject::putDirectAccessor):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- (JSC::JSObject::inlineGetOwnPropertySlot):
- (JSC::JSValue::get):
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlot):
- * runtime/JSValue.h:
- (JSValue):
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorGetPrototypeOf):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- * runtime/Structure.h:
- (JSC::Structure::setHasGetterSetterProperties):
- (Structure):
-
-2012-02-12 Ashod Nakashian <ashodnakashian@yahoo.com>
-
- KeywordLookupGenerator.py script fails in some cases
- https://bugs.webkit.org/show_bug.cgi?id=77886
-
- Reviewed by Benjamin Poulain.
-
- * parser/Keywords.table: Converted to LF-only.
-
-2012-02-12 Shinya Kawanaka <shinyak@google.com>
-
- Introduce ShadowRootList.
- https://bugs.webkit.org/show_bug.cgi?id=78069
-
- Reviewed by Hajime Morita.
-
- DoublyLinkedList should have tail() method to take the last element.
-
- * wtf/DoublyLinkedList.h:
- (DoublyLinkedList):
- (WTF::::tail):
- (WTF):
-
-2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [CMake] Move source files in WTF_HEADERS to WTF_SOURCES.
- https://bugs.webkit.org/show_bug.cgi?id=78436
-
- Reviewed by Daniel Bates.
-
- * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES,
- and correctly sort the files which start with 'M'.
-
-2012-02-12 Sam Weinig <sam@webkit.org>
-
- Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj.
-
- Rubber-stamped by Anders Carlsson.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [CMake] Remove unused or empty variable definitions.
- https://bugs.webkit.org/show_bug.cgi?id=78437
-
- Reviewed by Daniel Bates.
-
- * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition.
- * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition.
- * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will
- be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES).
-
-2012-02-12 Filip Pizlo <fpizlo@apple.com>
-
- DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution()
- https://bugs.webkit.org/show_bug.cgi?id=78431
-
- Reviewed by Gavin Barraclough.
-
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
* dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2012-02-11 Benjamin Poulain <benjamin@webkit.org>
-
- Add back WTFURL to WebKit
- https://bugs.webkit.org/show_bug.cgi?id=77291
-
- Reviewed by Adam Barth.
-
- WTFURL was removed from WebKit in r86787.
-
- This patch adds the code back to WTF with the following changes:
- -Guard the feature with USE(WTFURL).
- -Change the typename CHAR to CharacterType to follow recent WebKit conventions.
- -Fix some coding style to make check-webkit-style happy.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/Platform.h:
- * wtf/url/api/ParsedURL.cpp: Added.
- (WTF):
- (WTF::ParsedURL::ParsedURL):
- (WTF::ParsedURL::scheme):
- (WTF::ParsedURL::username):
- (WTF::ParsedURL::password):
- (WTF::ParsedURL::host):
- (WTF::ParsedURL::port):
- (WTF::ParsedURL::path):
- (WTF::ParsedURL::query):
- (WTF::ParsedURL::fragment):
- (WTF::ParsedURL::segment):
- * wtf/url/api/ParsedURL.h: Added.
- (WTF):
- (ParsedURL):
- (WTF::ParsedURL::spec):
- * wtf/url/api/URLString.h: Added.
- (WTF):
- (URLString):
- (WTF::URLString::URLString):
- (WTF::URLString::string):
- * wtf/url/src/RawURLBuffer.h: Added.
- (WTF):
- (RawURLBuffer):
- (WTF::RawURLBuffer::RawURLBuffer):
- (WTF::RawURLBuffer::~RawURLBuffer):
- (WTF::RawURLBuffer::resize):
- * wtf/url/src/URLBuffer.h: Added.
- (WTF):
- (URLBuffer):
- (WTF::URLBuffer::URLBuffer):
- (WTF::URLBuffer::~URLBuffer):
- (WTF::URLBuffer::at):
- (WTF::URLBuffer::set):
- (WTF::URLBuffer::capacity):
- (WTF::URLBuffer::length):
- (WTF::URLBuffer::data):
- (WTF::URLBuffer::setLength):
- (WTF::URLBuffer::append):
- (WTF::URLBuffer::grow):
- * wtf/url/src/URLCharacterTypes.cpp: Added.
- (WTF):
- ():
- * wtf/url/src/URLCharacterTypes.h: Added.
- (WTF):
- (URLCharacterTypes):
- (WTF::URLCharacterTypes::isQueryChar):
- (WTF::URLCharacterTypes::isIPv4Char):
- (WTF::URLCharacterTypes::isHexChar):
- ():
- (WTF::URLCharacterTypes::isCharOfType):
- * wtf/url/src/URLComponent.h: Added.
- (WTF):
- (URLComponent):
- (WTF::URLComponent::URLComponent):
- (WTF::URLComponent::fromRange):
- (WTF::URLComponent::isValid):
- (WTF::URLComponent::isNonEmpty):
- (WTF::URLComponent::isEmptyOrInvalid):
- (WTF::URLComponent::reset):
- (WTF::URLComponent::operator==):
- (WTF::URLComponent::begin):
- (WTF::URLComponent::setBegin):
- (WTF::URLComponent::length):
- (WTF::URLComponent::setLength):
- (WTF::URLComponent::end):
- * wtf/url/src/URLEscape.cpp: Added.
- (WTF):
- ():
- * wtf/url/src/URLEscape.h: Added.
- (WTF):
- (WTF::appendURLEscapedCharacter):
- * wtf/url/src/URLParser.h: Added.
- (WTF):
- (URLParser):
- ():
- (WTF::URLParser::isPossibleAuthorityTerminator):
- (WTF::URLParser::parseAuthority):
- (WTF::URLParser::extractScheme):
- (WTF::URLParser::parseAfterScheme):
- (WTF::URLParser::parseStandardURL):
- (WTF::URLParser::parsePath):
- (WTF::URLParser::parsePathURL):
- (WTF::URLParser::parseMailtoURL):
- (WTF::URLParser::parsePort):
- (WTF::URLParser::extractFileName):
- (WTF::URLParser::extractQueryKeyValue):
- (WTF::URLParser::isURLSlash):
- (WTF::URLParser::shouldTrimFromURL):
- (WTF::URLParser::trimURL):
- (WTF::URLParser::consecutiveSlashes):
- (WTF::URLParser::isPortDigit):
- (WTF::URLParser::nextAuthorityTerminator):
- (WTF::URLParser::parseUserInfo):
- (WTF::URLParser::parseServerInfo):
- * wtf/url/src/URLQueryCanonicalizer.h: Added.
- (WTF):
- (URLQueryCanonicalizer):
- (WTF::URLQueryCanonicalizer::canonicalize):
- (WTF::URLQueryCanonicalizer::isAllASCII):
- (WTF::URLQueryCanonicalizer::isRaw8Bit):
- (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
- (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
- * wtf/url/src/URLSegments.cpp: Added.
- (WTF):
- (WTF::URLSegments::length):
- (WTF::URLSegments::charactersBefore):
- * wtf/url/src/URLSegments.h: Added.
- (WTF):
- (URLSegments):
- ():
- (WTF::URLSegments::URLSegments):
-
-2012-02-11 Filip Pizlo <fpizlo@apple.com>
-
- Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path
- https://bugs.webkit.org/show_bug.cgi?id=78430
- <rdar://problem/10849469> <rdar://problem/10849684>
-
- Reviewed by Gavin Barraclough.
-
- The old JIT's put_by_id transition caching involves repatching the slow call to
- a generated stub. That means that the call is counted as "slow case". So, this
- patch inserts code to decrement the slow case count if the stub succeeds.
-
- Looks like a ~1% speed-up on V8.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
-
-2012-02-11 Filip Pizlo <fpizlo@apple.com>
-
- Build fix for Qt.
-
- * wtf/DataLog.h:
-
-2012-02-11 Filip Pizlo <fpizlo@apple.com>
-
- It should be possible to send all JSC debug logging to a file
- https://bugs.webkit.org/show_bug.cgi?id=78418
-
- Reviewed by Sam Weinig.
-
- Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
- and WTF::dataLogV. Changed all debugging- and profiling-related printfs
- to use WTF::dataLog() or one of its friends. By default, debug logging
- goes to stderr, unless you change the setting in wtf/DataLog.cpp.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::dumpLinkStatistics):
- (JSC::LinkBuffer::dumpCode):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::vprintfStdoutInstr):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::printUnaryOp):
- (JSC::CodeBlock::printBinaryOp):
- (JSC::CodeBlock::printConditionalJump):
- (JSC::CodeBlock::printGetByIdOp):
- (JSC::CodeBlock::printCallOp):
- (JSC::CodeBlock::printPutByIdOp):
- (JSC::printGlobalResolveInfo):
- (JSC::printStructureStubInfo):
- (JSC::CodeBlock::printStructure):
- (JSC::CodeBlock::printStructures):
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::dumpStatistics):
- (JSC::CodeBlock::finalizeUnconditionally):
- (JSC::CodeBlock::shouldOptimizeNow):
- (JSC::CodeBlock::tallyFrequentExitSites):
- (JSC::CodeBlock::dumpValueProfiles):
- * bytecode/Opcode.cpp:
- (JSC::OpcodeStats::~OpcodeStats):
- * bytecode/SamplingTool.cpp:
- (JSC::SamplingFlags::stop):
- (JSC::SamplingRegion::dumpInternal):
- (JSC::SamplingTool::dump):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::endBasicBlock):
- (JSC::DFG::AbstractState::mergeStateAtTail):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::linkBlock):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGCommon.h:
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::printWhiteSpace):
- (JSC::DFG::Graph::dumpCodeOrigin):
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOperations.cpp:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
- (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::propagatePredictionsForward):
- (JSC::DFG::Propagator::propagatePredictionsBackward):
- (JSC::DFG::Propagator::doRoundOfDoubleVoting):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::fixup):
- (JSC::DFG::Propagator::startIndexForChildren):
- (JSC::DFG::Propagator::endIndexForPureCSE):
- (JSC::DFG::Propagator::setReplacement):
- (JSC::DFG::Propagator::eliminate):
- (JSC::DFG::Propagator::performNodeCSE):
- (JSC::DFG::Propagator::localCSE):
- (JSC::DFG::Propagator::allocateVirtualRegisters):
- (JSC::DFG::Propagator::performBlockCFA):
- (JSC::DFG::Propagator::performForwardCFA):
- * dfg/DFGRegisterBank.h:
- (JSC::DFG::RegisterBank::dump):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::dump):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::dump):
- (JSC::DFG::SpeculativeJIT::checkConsistency):
- (JSC::DFG::SpeculativeJIT::compile):
+ (SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- * heap/Heap.cpp:
- (JSC::Heap::destroy):
- * heap/MarkedBlock.h:
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::dumpCaller):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::dumpRegisters):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * profiler/Profile.cpp:
- (JSC::Profile::debugPrintData):
- (JSC::Profile::debugPrintDataSampleStyle):
- * profiler/ProfileNode.cpp:
- (JSC::ProfileNode::debugPrintData):
- (JSC::ProfileNode::debugPrintDataSampleStyle):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::dumpRegExpTrace):
- * runtime/RegExp.cpp:
- (JSC::RegExp::matchCompareWithInterpreter):
- * runtime/SamplingCounter.cpp:
- (JSC::AbstractSamplingCounter::dump):
- * runtime/SamplingCounter.h:
- (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::print):
- * runtime/Structure.cpp:
- (JSC::Structure::dumpStatistics):
- (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
- * tools/CodeProfile.cpp:
- (JSC::CodeProfile::report):
- * tools/ProfileTreeNode.h:
- (JSC::ProfileTreeNode::dumpInternal):
- * wtf/CMakeLists.txt:
- * wtf/DataLog.cpp: Added.
- (WTF):
- (WTF::initializeLogFileOnce):
- (WTF::initializeLogFile):
- (WTF::dataFile):
- (WTF::dataLogV):
- (WTF::dataLog):
- * wtf/DataLog.h: Added.
- (WTF):
- * wtf/HashTable.cpp:
- (WTF::HashTableStats::~HashTableStats):
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocator::dumpProfile):
- * wtf/text/WTFString.cpp:
- (String::show):
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::ByteCompiler::dumpDisjunction):
-
-2012-02-11 Gavin Barraclough <barraclough@apple.com>
-
- Move special __proto__ property to Object.prototype
- https://bugs.webkit.org/show_bug.cgi?id=78409
-
- Reviewed by Oliver Hunt.
-
- Re-implement this as a regular accessor property. This has three key benefits:
- 1) It makes it possible for objects to be given properties named __proto__.
- 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
- 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
-
- * parser/Parser.cpp:
- (JSC::::parseFunctionInfo):
- - No need to prohibit functions named __proto__.
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- - Add __proto__ accessor to Object.prototype.
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncProtoGetter):
- (JSC::globalFuncProtoSetter):
- - Definition of the __proto__ accessor functions.
- * runtime/JSGlobalObjectFunctions.h:
- - Declaration of the __proto__ accessor functions.
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
- (JSC::JSObject::putDirectAccessor):
- - Track on the structure whether an object contains accessors other than one for __proto__.
- (JSC::JSObject::defineOwnProperty):
- - No need to prohibit definition of own properties named __proto__.
- * runtime/JSObject.h:
- (JSC::JSObject::inlineGetOwnPropertySlot):
- - Remove the special handling for __proto__.
- (JSC::JSValue::get):
- - Remove the special handling for __proto__.
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlot):
- - Remove the special handling for __proto__.
- * runtime/JSValue.h:
- (JSValue):
- - Made synthesizePrototype public (this may be needed by the __proto__ getter).
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorGetPrototypeOf):
- - Perform the security check & call prototype() directly.
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
- * runtime/Structure.h:
- (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
- (JSC::Structure::setHasGetterSetterProperties):
- (Structure):
- - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
-
-2012-02-11 Filip Pizlo <fpizlo@apple.com>
-
- DFG CFA assumes that a WeakJSConstant's structure is known
- https://bugs.webkit.org/show_bug.cgi?id=78428
- <rdar://problem/10849492> <rdar://problem/10849621>
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
-
-2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Qt debug build fix
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate
- JSFinalObjects in the destuctor subspace, so we should remove this assert so it
- doesn't cause crashes.
-
-2012-02-11 Filip Pizlo <fpizlo@apple.com>
-
- Old 32_64 JIT should assert that its use of map() is consistent with the DFG
- OSR exit's expectations
- https://bugs.webkit.org/show_bug.cgi?id=78419
- <rdar://problem/10817121>
-
- Reviewed by Oliver Hunt.
-
- * jit/JITInlineMethods.h:
- (JSC::JIT::map):
-
-2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Reduce the reentrancy limit of the interpreter for the iOS simulator
- https://bugs.webkit.org/show_bug.cgi?id=78400
-
- Reviewed by Gavin Barraclough.
-
- * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks.
- (JSC):
-
-2012-02-11 Filip Pizlo <fpizlo@apple.com>
-
- [DFG] Misuse of WeakJSConstants in silentFillGPR code.
- https://bugs.webkit.org/show_bug.cgi?id=78423
- <rdar://problem/10849353> <rdar://problem/10804043>
-
- Reviewed by Sam Weinig.
-
- The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
- This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
- hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::silentFillGPR):
-
-2012-02-11 Sam Weinig <sam@webkit.org>
-
- Prepare JavaScriptCore to build with libc++
- <rdar://problem/10426673>
- https://bugs.webkit.org/show_bug.cgi?id=78424
-
- Reviewed by Anders Carlsson.
-
- * wtf/NullPtr.cpp:
- * wtf/NullPtr.h:
- libc++ provides std::nullptr emulation, so we don't have to.
+ (JSC::DFG::SpeculativeJIT::compile):
-2012-02-07 Filip Pizlo <fpizlo@apple.com>
+2012-05-20 Filip Pizlo <fpizlo@apple.com>
- DFG should have polymorphic put_by_id caching
- https://bugs.webkit.org/show_bug.cgi?id=78062
- <rdar://problem/10326439> <rdar://problem/10824839>
+ DFG should not do unnecessary indirections when storing to objects
+ https://bugs.webkit.org/show_bug.cgi?id=86959
Reviewed by Oliver Hunt.
- Implemented polymorphic put_by_id caching in the DFG, and added much of the
- machinery that would be needed to implement it in the old JIT as well.
-
- I decided against using the old PolymorphicAccessStructureList mechanism as
- this didn't quite fit with put_by_id. In particular, I wanted the ability to
- have one list that captured all relevant cases (including proto put_by_id
- if we ever decided to do it). And I wanted the code to have better
- encapsulation. And I didn't want to get confused by the fact that the
- original (non-list) put_by_id cache may itself consist of a stub routine.
-
- This code is still sub-optimal (for example adding a replace to a list whose
- previous elements are all transitions should just repatch the original code,
- but here it will generate a stub) but it already generates a >20% speed-up
- on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/PolymorphicPutByIdList.cpp: Added.
- (JSC):
- (JSC::PutByIdAccess::fromStructureStubInfo):
- (JSC::PutByIdAccess::visitWeak):
- (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
- (JSC::PolymorphicPutByIdList::from):
- (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList):
- (JSC::PolymorphicPutByIdList::isFull):
- (JSC::PolymorphicPutByIdList::isAlmostFull):
- (JSC::PolymorphicPutByIdList::addAccess):
- (JSC::PolymorphicPutByIdList::visitWeak):
- * bytecode/PolymorphicPutByIdList.h: Added.
- (JSC):
- (PutByIdAccess):
- (JSC::PutByIdAccess::PutByIdAccess):
- (JSC::PutByIdAccess::transition):
- (JSC::PutByIdAccess::replace):
- (JSC::PutByIdAccess::isSet):
- (JSC::PutByIdAccess::operator!):
- (JSC::PutByIdAccess::type):
- (JSC::PutByIdAccess::isTransition):
- (JSC::PutByIdAccess::isReplace):
- (JSC::PutByIdAccess::oldStructure):
- (JSC::PutByIdAccess::structure):
- (JSC::PutByIdAccess::newStructure):
- (JSC::PutByIdAccess::chain):
- (JSC::PutByIdAccess::stubRoutine):
- (PolymorphicPutByIdList):
- (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
- (JSC::PolymorphicPutByIdList::isEmpty):
- (JSC::PolymorphicPutByIdList::size):
- (JSC::PolymorphicPutByIdList::at):
- (JSC::PolymorphicPutByIdList::operator[]):
- (JSC::PolymorphicPutByIdList::kind):
- * bytecode/PutKind.h: Added.
- (JSC):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
- (JSC::StructureStubInfo::visitWeakReferences):
- * bytecode/StructureStubInfo.h:
- (JSC):
- (JSC::isPutByIdAccess):
- (JSC::StructureStubInfo::initPutByIdList):
- (StructureStubInfo):
- (JSC::StructureStubInfo::reset):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- (DFG):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::appropriateGenericPutByIdFunction):
- (JSC::DFG::appropriateListBuildingPutByIdFunction):
- (DFG):
- (JSC::DFG::emitPutReplaceStub):
- (JSC::DFG::emitPutTransitionStub):
- (JSC::DFG::tryCachePutByID):
- (JSC::DFG::dfgRepatchPutByID):
- (JSC::DFG::tryBuildPutByIdList):
- (JSC::DFG::dfgBuildPutByIdList):
- (JSC::DFG::dfgResetPutByID):
- * dfg/DFGRepatch.h:
- (DFG):
- * runtime/WriteBarrier.h:
- (WriteBarrierBase):
- (JSC::WriteBarrierBase::copyFrom):
-
-2012-02-10 Vineet Chaudhary <rgf748@motorola.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=72756
- DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it
-
- Reviewed by Timothy Hatcher.
-
- * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and
- AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions.
-
-2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fixing windows build
-
- Unreviewed build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-10 Adam Klein <adamk@chromium.org>
-
- Enable MUTATION_OBSERVERS by default on all platforms
- https://bugs.webkit.org/show_bug.cgi?id=78196
-
- Reviewed by Ojan Vafai.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-02-10 Yong Li <yoli@rim.com>
-
- ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
- https://bugs.webkit.org/show_bug.cgi?id=76724
-
- Reviewed by Rob Buis.
-
- This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on.
- The size used to call makeExecutable can be smaller than the one that was used for makeWritable.
- So it can leave pages behind that are not set back to default flags. When an assembly on one of those
- pages is executed or JIT returns to those pages in the case it was already executing from there, the
- software will crash.
-
- * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization().
- (JSC::LinkBuffer::LinkBuffer):
- (JSC::LinkBuffer::linkCode):
- (JSC::LinkBuffer::performFinalization):
- (LinkBuffer):
-
-2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Split MarkedSpace into destructor and destructor-free subspaces
- https://bugs.webkit.org/show_bug.cgi?id=77761
-
- Reviewed by Geoffrey Garen.
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
- * heap/Heap.h:
- (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to
- pick which subspace they want to allocate out of.
- (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
- (Heap):
- (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
- (JSC):
- (JSC::Heap::allocateWithoutDestructor): Ditto.
- * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate
- their MarkedBlocks correctly.
- (JSC::MarkedAllocator::allocateBlock):
- * heap/MarkedAllocator.h:
- (JSC::MarkedAllocator::cellsNeedDestruction):
- (MarkedAllocator):
- (JSC::MarkedAllocator::MarkedAllocator):
- (JSC):
- (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
- an init function that does all of that stuff in fewer lines.
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::create):
- (JSC::MarkedBlock::recycle):
- (JSC::MarkedBlock::MarkedBlock):
- (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make
- checking the m_cellsNeedDestructor flag faster and cleaner looking.
- (JSC):
- (JSC::MarkedBlock::specializedSweep):
- (JSC::MarkedBlock::sweep):
- (JSC::MarkedBlock::sweepHelper):
- * heap/MarkedBlock.h:
- (MarkedBlock):
- (JSC::MarkedBlock::cellsNeedDestruction):
- (JSC):
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::resetAllocators):
- (JSC::MarkedSpace::canonicalizeCellLivenessData):
- (JSC::TakeIfUnmarked::operator()):
- * heap/MarkedSpace.h:
- (MarkedSpace):
- (Subspace):
- (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of
- allocators.
- (JSC):
- (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
- (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
- (JSC::MarkedSpace::allocateWithDestructor): Ditto.
- (JSC::MarkedSpace::forEachBlock):
- * jit/JIT.h:
- * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
- (JSC::JIT::emitAllocateBasicJSObject):
- (JSC::JIT::emitAllocateJSFinalObject):
- (JSC::JIT::emitAllocateJSFunction):
- * runtime/JSArray.cpp:
- (JSC):
- * runtime/JSArray.h:
- (JSArray):
- (JSC::JSArray::create):
- (JSC):
- (JSC::JSArray::tryCreateUninitialized):
- * runtime/JSCell.h:
- (JSCell):
- (JSC):
- (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires
- destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this
- constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
- (JSC::allocateCell):
- * runtime/JSFunction.cpp:
- (JSC):
- * runtime/JSFunction.h:
- (JSFunction):
- * runtime/JSObject.cpp:
- (JSC):
- * runtime/JSObject.h:
- (JSNonFinalObject):
- (JSC):
- (JSFinalObject):
- (JSC::JSFinalObject::create):
-
-2012-02-10 Adrienne Walker <enne@google.com>
-
- Remove implicit copy constructor usage in HashMaps with OwnPtr
- https://bugs.webkit.org/show_bug.cgi?id=78071
-
- Reviewed by Darin Adler.
-
- Change the return type of emptyValue() in PairHashTraits to be the
- actual type returned rather than the trait type to avoid an implicit
- generation of the OwnPtr copy constructor. This happens for hash
- traits involving OwnPtr where the empty value is not zero and each
- hash bucket needs to be initialized with emptyValue().
-
- Also, update StructureTransitionTable to use default hash traits
- rather than rolling its own, in order to update it to handle
- EmptyValueType.
-
- Test: patch from bug 74154 compiles on Clang with this patch
-
- * runtime/StructureTransitionTable.h:
- (StructureTransitionTable):
- * wtf/HashTraits.h:
- (GenericHashTraits):
- (PairHashTraits):
- (WTF::PairHashTraits::emptyValue):
-
-2012-02-10 Aron Rosenberg <arosenberg@logitech.com>
-
- [Qt] Fix compiler warning in Visual Studio 2010 about TR1
- https://bugs.webkit.org/show_bug.cgi?id=63642
-
- Reviewed by Simon Hausmann.
-
- * JavaScriptCore.pri:
-
-2012-02-10 Michael Saboff <msaboff@apple.com>
-
- Yarr assert with regexp where alternative in *-quantified group matches empty
- https://bugs.webkit.org/show_bug.cgi?id=67752
-
- Reviewed by Gavin Barraclough.
-
- Added backtracking for the prior alternative if it matched
- but didn't consume any input characters.
-
- * yarr/YarrJIT.cpp:
- (YarrOp): New jump.
- (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
- when an alternative matches and no input was consumed. Moved the
- zero length match check for a set of alternatives to the alternative
- code from the parentheses cases to the alternative end cases.
- Converted the existing zero length checks in the parentheses cases
- to runtime assertion checks.
- (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
- to prior term.
-
-2012-02-10 Roland Takacs <takacs.roland@stud.u-szeged.hu>
-
- [Qt] GC should be parallel on Qt platform
- https://bugs.webkit.org/show_bug.cgi?id=73309
-
- Reviewed by Zoltan Herczeg.
-
- These changes made the parallel gc feature available for Qt port.
- The implementation of "registerGCThread" and "isMainThreadOrGCThread",
- and a local static function [initializeGCThreads] is moved from
- MainThreadMac.mm to the common MainThread.cpp to make them available
- for other platforms.
-
- Measurement results:
- V8 speed-up: 1.025x as fast [From: 663.4ms To: 647.0ms ]
- V8 Splay speed-up: 1.185x as fast [From: 138.4ms To: 116.8ms ]
-
- Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
-
- * JavaScriptCore.order:
- * wtf/MainThread.cpp:
- (WTF::initializeMainThread):
- (WTF):
- (WTF::initializeGCThreads):
- (WTF::registerGCThread):
- (WTF::isMainThreadOrGCThread):
- * wtf/MainThread.h:
- (WTF):
- * wtf/Platform.h:
- * wtf/mac/MainThreadMac.mm:
- (WTF):
-
-2012-02-09 Andy Wingo <wingo@igalia.com>
-
- Eliminate dead code in BytecodeGenerator::resolve()
- https://bugs.webkit.org/show_bug.cgi?id=78242
-
- Reviewed by Gavin Barraclough.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::resolve):
- BytecodeGenerator::shouldOptimizeLocals() is only true for
- FunctionCode, and thus cannot be true for GlobalCode.
-
-2012-02-09 Andy Wingo <wingo@igalia.com>
-
- Remove BytecodeGenerator::isLocal
- https://bugs.webkit.org/show_bug.cgi?id=78241
-
- Minor refactor to BytecodeGenerator.
-
- Reviewed by Gavin Barraclough.
-
- * bytecompiler/BytecodeGenerator.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::isLocal):
- (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused
- methods.
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ResolveNode::isPure): Use the ResolveResult mechanism
- instead of isLocal. This will recognize more resolve nodes as
- being pure.
- (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the
- location instead of isLocalConstant.
-
-2012-02-09 Oliver Hunt <oliver@apple.com>
-
- The JS Parser scope object needs a VectorTrait specialization
- https://bugs.webkit.org/show_bug.cgi?id=78308
-
- Reviewed by Gavin Barraclough.
-
- This showed up as a periodic crash in various bits of generated code
- originally, but I've added an assertion in the bytecode generator
- that makes the effected code much more crash-happy should it go
- wrong again.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- (JSC::BytecodeGenerator::resolve):
- * parser/Parser.cpp:
- * parser/Parser.h:
- (JSC):
- * runtime/JSActivation.h:
- (JSC::JSActivation::isValidScopedLookup):
- (JSActivation):
-
-2012-02-08 Oliver Hunt <oliver@apple.com>
-
- Whoops, fix the build.
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::FunctionExecutable):
-
-2012-02-08 Oliver Hunt <oliver@apple.com>
-
- Fix issue encountered while debugging stacktraces
- https://bugs.webkit.org/show_bug.cgi?id=78147
-
- Reviewed by Gavin Barraclough.
-
- Debugging is easier if we always ensure that we have a non-null
- inferred name.
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::FunctionExecutable):
-
-2012-02-08 Oliver Hunt <oliver@apple.com>
-
- updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs
- https://bugs.webkit.org/show_bug.cgi?id=78145
-
- Reviewed by Gavin Barraclough.
-
- Fix the updateTopCallFrame helper to store additional information
- that becomes necessary when we are trying to provide more stack
- frame information.
-
- * interpreter/CallFrame.h:
- (JSC::ExecState::bytecodeOffsetForBaselineJIT):
- (ExecState):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JSC::JIT::compileGetByIdProto):
- (JSC::JIT::compileGetByIdSelfList):
- (JSC::JIT::compileGetByIdProtoList):
- (JSC::JIT::compileGetByIdChainList):
- (JSC::JIT::compileGetByIdChain):
- (JSC::JIT::compilePutByIdTransition):
- (JIT):
- * jit/JITInlineMethods.h:
- (JSC::JIT::updateTopCallFrame):
-
-2012-02-07 Robert Kroeger <rjkroege@chromium.org>
-
- [chromium] Remove the enable marcro for the no longer necessary Chromium
- gesture recognizer.
- https://bugs.webkit.org/show_bug.cgi?id=77492
-
- Reviewed by Adam Barth.
-
- * wtf/Platform.h:
-
-2012-02-07 Tony Chang <tony@chromium.org>
-
- merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in
- https://bugs.webkit.org/show_bug.cgi?id=78036
-
- Reviewed by Darin Adler.
-
- * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES.
-
-2012-02-07 Gyuyoung Kim <gyuyoung.kim@samsung.com>
-
- [CMAKE] Use *bin* and *lib* directories for executable and libraries.
- https://bugs.webkit.org/show_bug.cgi?id=77928
-
- Reviewed by Daniel Bates.
-
- CMake has used *Programs* directory for executable. In addition, shared libraries are being
- built in source directory. It is better to set common places in order to maintain executable
- and libraries. *bin* is for executable and *lib* is for library.
-
- * shell/CMakeLists.txt: Change *Programs* with *bin*.
-
-2012-02-07 Gavin Barraclough <barraclough@apple.com>
-
- Crash on http://www.rickshawbags.com/
- https://bugs.webkit.org/show_bug.cgi?id=78045
-
- Reviewed by Darin Adler.
-
- Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
-
- This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
- isVariableObject() checks were excluding StaticScopeObjects, this patch
- inadvertently changed them to be included.
-
- * runtime/JSType.h:
- - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
- and thus is excluded from isVariableObject() checks.
-
-2012-02-06 Jer Noble <jer.noble@apple.com>
-
- Use CMClock as a timing source for PlatformClock where available.
- https://bugs.webkit.org/show_bug.cgi?id=77885
+ Merged r117819 from dfgopt.
- Reviewed by Eric Carlson.
-
- * wtf/Platform.h: Added WTF_USE_COREMEDIA.
-
-2012-02-06 Filip Pizlo <fpizlo@apple.com>
-
- ValueToNumber and ValueToDouble nodes don't do anything and should be removed
- https://bugs.webkit.org/show_bug.cgi?id=77855
- <rdar://problem/10811325>
-
- Reviewed by Gavin Barraclough.
-
- Removed ValueToNumber and ValueToDouble, because the only thing they were doing
- was wasting registers.
-
- This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken,
- mostly due to a >10% win on gaussian-blur. No win anywhere else.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getToInt32):
- (ByteCodeParser):
- (JSC::DFG::ByteCodeParser::handleMinMax):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- (DFG):
- (JSC::DFG::Node::hasArithNodeFlags):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::vote):
- (JSC::DFG::Propagator::doRoundOfDoubleVoting):
- (Propagator):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::canonicalize):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
-2012-02-06 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed WinCE build fix after r106197.
-
- * tools/CodeProfiling.cpp:
- (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it.
-
-2012-02-05 Gavin Barraclough <barraclough@apple.com>
-
- Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
- https://bugs.webkit.org/show_bug.cgi?id=77451
-
- Reviewed by Sam Weinig.
-
- These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
- Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
-
- * JavaScriptCore.exp:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::defineOwnProperty):
- * debugger/DebuggerActivation.h:
- (DebuggerActivation):
- * runtime/ClassInfo.h:
- (MethodTable):
- (JSC):
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::finishCreation):
- * runtime/JSCell.cpp:
- (JSC):
- * runtime/JSCell.h:
- (JSCell):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertySlot):
- (JSC::JSFunction::getOwnPropertyDescriptor):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::defineOwnProperty):
- (JSC):
- * runtime/JSGlobalObject.h:
- (JSGlobalObject):
- * runtime/JSObject.cpp:
- (JSC):
- * runtime/JSObject.h:
- (JSObject):
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncDefineGetter):
- (JSC::objectProtoFuncDefineSetter):
- (JSC::objectProtoFuncLookupGetter):
- (JSC::objectProtoFuncLookupSetter):
-
-2012-02-06 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Add missing files.
-
-2012-02-05 Filip Pizlo <fpizlo@apple.com>
+2012-05-17 Filip Pizlo <fpizlo@apple.com>
- DFG's child references from one node to another should have room for type information
- https://bugs.webkit.org/show_bug.cgi?id=77797
+ DFG should optimize aliased uses of the Arguments object of the current call frame
+ https://bugs.webkit.org/show_bug.cgi?id=86552
- Reviewed by Oliver Hunt.
+ Reviewed by Geoff Garen.
- The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned)
- and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated
- together as a DFG::NodeUse, which can in most cases still be used as an index (for
- example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places
- where they really want a NodeIndex).
+ Merged r117542 and r117543 from dfgopt.
- The NodeUse stores both the index and the UseKind without bloating the memory usage of
- DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is
- roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile
- something - likely a sensible assumption! - then we will only be able to have room for
- about 24 million nodes, which means we only need about 24.5 bits for the node index).
- Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index,
- but stores the index as a signed number to make NoNode work naturally. Hence we really
- just have 27 bits for the index.
+ Performs must-alias and escape analysis on uses of CreateArguments, and if
+ a variable is must-aliased to CreateArguments and does not escape, then we
+ turn all uses of that variable into direct arguments accesses.
- This is performance-neutral on all benchmarks we track.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGAbstractState.h:
- (JSC::DFG::AbstractState::forNode):
- (AbstractState):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::toInt32):
- (JSC::DFG::ByteCodeParser::addVarArgChild):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- * dfg/DFGCommon.h:
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (DFG):
- * dfg/DFGGraph.h:
- (Graph):
- (JSC::DFG::Graph::operator[]):
- (JSC::DFG::Graph::at):
- (JSC::DFG::Graph::ref):
- (JSC::DFG::Graph::deref):
- (JSC::DFG::Graph::clearAndDerefChild1):
- (JSC::DFG::Graph::clearAndDerefChild2):
- (JSC::DFG::Graph::clearAndDerefChild3):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::getPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::child1):
- (JSC::DFG::Node::child1Unchecked):
- (JSC::DFG::Node::child2):
- (JSC::DFG::Node::child3):
- (JSC::DFG::Node::firstChild):
- (JSC::DFG::Node::numChildren):
- (JSC::DFG::Node::dumpChildren):
- (Node):
- * dfg/DFGNodeReferenceBlob.h: Added.
- (DFG):
- (NodeReferenceBlob):
- (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob):
- (JSC::DFG::NodeReferenceBlob::child):
- (JSC::DFG::NodeReferenceBlob::child1):
- (JSC::DFG::NodeReferenceBlob::child2):
- (JSC::DFG::NodeReferenceBlob::child3):
- (JSC::DFG::NodeReferenceBlob::child1Unchecked):
- (JSC::DFG::NodeReferenceBlob::initialize):
- (JSC::DFG::NodeReferenceBlob::firstChild):
- (JSC::DFG::NodeReferenceBlob::setFirstChild):
- (JSC::DFG::NodeReferenceBlob::numChildren):
- (JSC::DFG::NodeReferenceBlob::setNumChildren):
- * dfg/DFGNodeUse.h: Added.
- (DFG):
- (NodeUse):
- (JSC::DFG::NodeUse::NodeUse):
- (JSC::DFG::NodeUse::indexUnchecked):
- (JSC::DFG::NodeUse::index):
- (JSC::DFG::NodeUse::setIndex):
- (JSC::DFG::NodeUse::useKind):
- (JSC::DFG::NodeUse::setUseKind):
- (JSC::DFG::NodeUse::isSet):
- (JSC::DFG::NodeUse::operator!):
- (JSC::DFG::NodeUse::operator==):
- (JSC::DFG::NodeUse::operator!=):
- (JSC::DFG::NodeUse::shift):
- (JSC::DFG::NodeUse::makeWord):
- (JSC::DFG::operator==):
- (JSC::DFG::operator!=):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::vote):
- (JSC::DFG::Propagator::toDouble):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::canonicalize):
- (JSC::DFG::Propagator::startIndex):
- (JSC::DFG::Propagator::globalVarLoadElimination):
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::performSubstitution):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::use):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::useChildren):
- (JSC::DFG::SpeculativeJIT::writeBarrier):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::compileMovHint):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- (JSC::DFG::SpeculativeJIT::compileSoftModulo):
- (JSC::DFG::SpeculativeJIT::compileAdd):
- (JSC::DFG::SpeculativeJIT::compileArithSub):
- (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
- (JSC::DFG::SpeculativeJIT::compileStrictEq):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::at):
- (JSC::DFG::SpeculativeJIT::canReuse):
- (JSC::DFG::SpeculativeJIT::use):
- (SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
- (JSC::DFG::IntegerOperand::IntegerOperand):
- (JSC::DFG::DoubleOperand::DoubleOperand):
- (JSC::DFG::JSValueOperand::JSValueOperand):
- (JSC::DFG::StorageOperand::StorageOperand):
- (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
- (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
- (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
- (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
- (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compileValueAdd):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::emitCall):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileValueAdd):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-05 Gyuyoung Kim <gyuyoung.kim@samsung.com>
-
- [CMAKE] Support javascriptcore test for EFL port.
- https://bugs.webkit.org/show_bug.cgi?id=77425
-
- Reviewed by Daniel Bates.
-
- Efl and WinCE as well as Blackberry port are now using Cmake as its build system
- and they are share the make file to create jsc excutable. In order to run
- "run-javascriptcore-tests", EFL port needs to change jsc installation configuration
- with executable output directory(e.g. Programs). So, this patch change jsc installation
- configuration only for EFL port.
-
- * shell/CMakeLists.txt:
-
-2012-02-04 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Sam Weinig.
-
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
- - Fix comment.
-
-2012-02-04 Kalev Lember <kalevlember@gmail.com>
-
- [GTK] CurrentTime: Reorder headers for win32
- https://bugs.webkit.org/show_bug.cgi?id=77808
-
- Reviewed by Martin Robinson.
-
- In GTK+ win32 port, monotonicallyIncreasingTime() implementation is
- based on g_get_monotonic_time(). Reorder headers to make sure glib.h
- gets included even when the platform is win32.
-
- CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()':
- CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope
- CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type]
-
- * wtf/CurrentTime.cpp:
-
-2012-02-03 Anders Carlsson <andersca@apple.com>
-
- Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores
- https://bugs.webkit.org/show_bug.cgi?id=77788
-
- Reviewed by Andreas Kling.
-
- The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to
- code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening.
-
- * wtf/FastAllocBase.h:
-
-2012-02-03 Rob Buis <rbuis@rim.com>
-
- Fix alignment warnings in ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=55368
-
- Reviewed by Filip Pizlo.
-
- Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code.
-
- * heap/HandleTypes.h:
- (JSC::HandleTypes::getFromSlot):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::specializedSweep):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::forEachCell):
- * runtime/WriteBarrier.h:
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::unvalidatedGet):
-
-2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Build fix
-
- Unreviewed build fix
-
- Forgot to add a couple files.
-
- * heap/MarkedAllocator.cpp: Added.
- (JSC):
- (JSC::MarkedAllocator::tryAllocateHelper):
- (JSC::MarkedAllocator::tryAllocate):
- (JSC::MarkedAllocator::allocateSlowCase):
- (JSC::MarkedAllocator::allocateBlock):
- (JSC::MarkedAllocator::addBlock):
- (JSC::MarkedAllocator::removeBlock):
- * heap/MarkedAllocator.h: Added.
- (JSC):
- (DFG):
- (MarkedAllocator):
- (JSC::MarkedAllocator::cellSize):
- (JSC::MarkedAllocator::heap):
- (JSC::MarkedAllocator::setHeap):
- (JSC::MarkedAllocator::setCellSize):
- (JSC::MarkedAllocator::setMarkedSpace):
- (JSC::MarkedAllocator::MarkedAllocator):
- (JSC::MarkedAllocator::allocate):
- (JSC::MarkedAllocator::reset):
- (JSC::MarkedAllocator::zapFreeList):
- (JSC::MarkedAllocator::forEachBlock):
-
-2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Refactor MarkedBlock::SizeClass into a separate class
- https://bugs.webkit.org/show_bug.cgi?id=77600
-
- Reviewed by Geoffrey Garen.
-
- We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
- the responsibility of allocating objects from the collection of MarkedBlocks
- that it manages. Also limited the amount of coupling to internal data fields
- from other places, although it's mostly unavoidable in the JIT code.
-
- Eventually MarkedAllocator will implement various policies to do with object
- management, e.g. whether or not to run destructors on objects that it manages.
- MarkedSpace will manage a collection of MarkedAllocators with varying policies,
- as it does now but to a larger extent.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
- * heap/Heap.cpp:
- (JSC::Heap::collect):
- (JSC::Heap::resetAllocators):
- * heap/Heap.h:
- (JSC::Heap::allocatorForObject):
- (Heap):
- * heap/MarkedAllocator.cpp: Added.
- (JSC):
- (JSC::MarkedAllocator::tryAllocateHelper):
- (JSC::MarkedAllocator::tryAllocate):
- (JSC::MarkedAllocator::allocateSlowCase):
- (JSC::MarkedAllocator::allocateBlock):
- (JSC::MarkedAllocator::addBlock):
- (JSC::MarkedAllocator::removeBlock):
- * heap/MarkedAllocator.h: Added.
- (JSC):
- (DFG):
- (MarkedAllocator):
- (JSC::MarkedAllocator::cellSize):
- (JSC::MarkedAllocator::heap):
- (JSC::MarkedAllocator::setHeap):
- (JSC::MarkedAllocator::setCellSize):
- (JSC::MarkedAllocator::setMarkedSpace):
- (JSC::MarkedAllocator::MarkedAllocator):
- (JSC::MarkedAllocator::allocate):
- (JSC::MarkedAllocator::reset):
- (JSC::MarkedAllocator::zapFreeList):
- (JSC::MarkedAllocator::forEachBlock):
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::resetAllocators):
- (JSC::MarkedSpace::canonicalizeCellLivenessData):
- (JSC::TakeIfUnmarked::operator()):
- * heap/MarkedSpace.h:
- (MarkedSpace):
- (JSC::MarkedSpace::allocatorFor):
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::forEachBlock):
- (JSC::MarkedSpace::didAddBlock):
- (JSC::MarkedSpace::didConsumeFreeList):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicJSObject):
-
-2012-02-03 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] Replace GNU linker script for exports with export macros in WTF/JSC
- https://bugs.webkit.org/show_bug.cgi?id=77723
-
- Reviewed by Tor Arne Vestbø.
-
- * wtf/Platform.h: Enable use of export macros.
-
-2012-02-02 Hajime Morrita <morrita@chromium.org>
-
- Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation.
-
- * interpreter/Interpreter.h:
- (Interpreter):
-
-2012-01-31 Hajime Morrita <morrita@chromium.org>
-
- [Mac] eliminate JavaScriptCore.exp
- https://bugs.webkit.org/show_bug.cgi?id=72854
-
- Reviewed by Darin Adler.
-
- - Removed exp files and corresponding makefile entries.
- - Changed the build configuration no to use exp file.
-
- * Configurations/JavaScriptCore.xcconfig:
- * DerivedSources.make:
- * JavaScriptCore.JSVALUE32_64only.exp: Removed.
- * JavaScriptCore.JSVALUE64only.exp: Removed.
- * JavaScriptCore.exp: Removed.
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/Platform.h:
-
-2012-02-02 Benjamin Poulain <bpoulain@apple.com>
-
- Running a Web Worker on about:blank crashes the interpreter
- https://bugs.webkit.org/show_bug.cgi?id=77593
-
- Reviewed by Michael Saboff.
-
- The method Interpreter::execute() was crashing on empty programs because
- the assumption is made the source is not null.
-
- This patch shortcut the execution when the String is null to avoid invalid
- memory access.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
-
-2012-02-02 Kalev Lember <kalevlember@gmail.com>
-
- [GTK] Use win32 native threading
- https://bugs.webkit.org/show_bug.cgi?id=77676
-
- Reviewed by Martin Robinson.
-
- r97269 switched from glib threading to pthreads, breaking win32 GTK+.
- This is a follow up, removing some leftovers in ThreadSpecific.h and
- switching win32 to use the native threading in ThreadingWin.cpp.
-
- * GNUmakefile.list.am: Compile in win32 native threading support
- * wtf/ThreadSpecific.h: Remove GTK+-specific definitions
- (ThreadSpecific):
- (WTF::::destroy):
-
-2012-02-02 Filip Pizlo <fpizlo@apple.com>
-
- retrieveCallerFromVMCode should call trueCallerFrame
- https://bugs.webkit.org/show_bug.cgi?id=77684
-
- Reviewed by Oliver Hunt.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::retrieveCallerFromVMCode):
-
-2012-02-02 Kalev Lember <kalevlember@gmail.com>
-
- [GTK] Implement current executable path finding for win32
- https://bugs.webkit.org/show_bug.cgi?id=77677
-
- Reviewed by Martin Robinson.
-
- The WTF helper for getting the binary path that was added in r101710
- left out the win32 implementation. Fix this.
-
- * wtf/gobject/GlibUtilities.cpp:
- (getCurrentExecutablePath):
-
-2012-02-02 Filip Pizlo <fpizlo@apple.com>
-
- Throwing away bytecode and then reparsing during DFG optimization is just
- plain wrong and makes things crash
- https://bugs.webkit.org/show_bug.cgi?id=77680
- <rdar://problem/10798490>
-
- Reviewed by Oliver Hunt.
-
- This is the minimal surgical fix: it removes the code that triggered bytecode
- throw-away. Once we're confident that this is a good idea, we can kill all of
- the code that implements the feature.
+ 36% speed-up on V8/earley leading to a 2.3% speed-up overall in V8.
* bytecode/CodeBlock.h:
- (JSC::CodeBlock::discardBytecodeLater):
- (JSC::CodeBlock::addValueProfile):
- * jit/JITDriver.h:
- (JSC::jitCompileIfAppropriate):
- (JSC::jitCompileFunctionIfAppropriate):
-
-2012-02-02 Filip Pizlo <fpizlo@apple.com>
-
- Release build debugging should be easier
- https://bugs.webkit.org/show_bug.cgi?id=77669
-
- Reviewed by Gavin Barraclough.
-
- * assembler/ARMAssembler.h:
- (ARMAssembler):
- (JSC::ARMAssembler::debugOffset):
- * assembler/ARMv7Assembler.h:
- (ARMv7Assembler):
- (JSC::ARMv7Assembler::debugOffset):
- (ARMInstructionFormatter):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
- * assembler/AbstractMacroAssembler.h:
- (AbstractMacroAssembler):
- (JSC::AbstractMacroAssembler::debugOffset):
- * assembler/AssemblerBuffer.h:
- (AssemblerBuffer):
- (JSC::AssemblerBuffer::debugOffset):
- * assembler/LinkBuffer.h:
- (LinkBuffer):
- (JSC::LinkBuffer::debugSize):
- * assembler/MIPSAssembler.h:
- (MIPSAssembler):
- (JSC::MIPSAssembler::debugOffset):
- * assembler/X86Assembler.h:
- (X86Assembler):
- (JSC::X86Assembler::debugOffset):
- (X86InstructionFormatter):
- (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
- * bytecode/CodeBlock.cpp:
- (JSC):
- * bytecode/CodeBlock.h:
- (CodeBlock):
- * bytecode/CodeOrigin.h:
- (CodeOrigin):
- (JSC):
- (JSC::CodeOrigin::inlineStack):
- * bytecode/DFGExitProfile.h:
- (JSC::DFG::exitKindToString):
- * bytecode/DataFormat.h:
- (JSC::dataFormatToString):
- * bytecode/PredictedType.cpp:
- (JSC):
- (JSC::predictionToString):
- * bytecode/PredictedType.h:
- (JSC):
+ (JSC::CodeBlock::uncheckedArgumentsRegister):
* bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::argumentsThatWereNotCreated):
(ValueRecovery):
(JSC::ValueRecovery::dump):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC):
- (JSC::BytecodeGenerator::setDumpsGeneratedCode):
- (JSC::BytecodeGenerator::dumpsGeneratedCode):
- (JSC::BytecodeGenerator::generate):
- * dfg/DFGAbstractValue.h:
- (StructureAbstractValue):
- (JSC::DFG::StructureAbstractValue::dump):
- (AbstractValue):
- (JSC::DFG::AbstractValue::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGAdjacencyList.h:
+ (AdjacencyList):
+ (JSC::DFG::AdjacencyList::removeEdgeFromBag):
+ * dfg/DFGArgumentsSimplificationPhase.cpp:
+ (JSC::DFG::ArgumentsSimplificationPhase::run):
+ (ArgumentsSimplificationPhase):
+ (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
+ (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
+ (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
+ (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
+ (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
* dfg/DFGAssemblyHelpers.h:
- (DFG):
+ (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
(AssemblyHelpers):
- (JSC::DFG::AssemblyHelpers::debugCall):
- * dfg/DFGFPRInfo.h:
- (FPRInfo):
- (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCFGSimplificationPhase.cpp:
+ (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
* dfg/DFGGPRInfo.h:
(GPRInfo):
- (JSC::DFG::GPRInfo::debugName):
* dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::collectGarbage):
(DFG):
* dfg/DFGGraph.h:
(Graph):
+ (JSC::DFG::Graph::executableFor):
+ (JSC::DFG::Graph::argumentsRegisterFor):
+ (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
+ (JSC::DFG::Graph::clobbersWorld):
* dfg/DFGNode.h:
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGNodeType.h:
(DFG):
- (JSC::DFG::arithNodeFlagsAsString):
- (Node):
- (JSC::DFG::Node::hasIdentifier):
- (JSC::DFG::Node::dumpChildren):
- * dfg/DFGOSRExit.cpp:
- (DFG):
- (JSC::DFG::OSRExit::dump):
- * dfg/DFGOSRExit.h:
- (OSRExit):
- * runtime/JSValue.cpp:
- (JSC):
- (JSC::JSValue::description):
- * runtime/JSValue.h:
- (JSValue):
- * wtf/BitVector.cpp:
- (WTF):
- (WTF::BitVector::dump):
- * wtf/BitVector.h:
- (BitVector):
-
-2012-02-02 Oliver Hunt <oliver@apple.com>
-
- Getters and setters cause line numbers in errors/console.log to be offset for the whole file
- https://bugs.webkit.org/show_bug.cgi?id=77675
-
- Reviewed by Timothy Hatcher.
-
- Our default literal parsing logic doesn't handle the extra work required for
- getters and setters. When it encounters one, it rolls back the lexer and
- then switches to a more complete parsing function. Unfortunately it was only
- winding back the character position, and was ignoring the line number and
- other lexer data. This led to every getter and setter causing the line number
- to be incorrectly incremented leading to increasingly incorrect numbers for
- the rest of the file.
-
- * parser/Parser.cpp:
- (JSC::::parseObjectLiteral):
-
-2012-02-02 Andy Wingo <wingo@igalia.com>
-
- Fix type punning warning in HashTable.h debug builds
- https://bugs.webkit.org/show_bug.cgi?id=77422
-
- Reviewed by Gavin Barraclough.
-
- * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning
- warning appearing in debug builds with gcc-4.6.2 on GNU/Linux.
-
-2012-02-01 Michael Saboff <msaboff@apple.com>
-
- Yarr crash with regexp replace
- https://bugs.webkit.org/show_bug.cgi?id=67454
-
- Reviewed by Gavin Barraclough.
-
- Properly handle the case of a back reference to an unmatched
- subpattern by always matching without consuming any characters.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::matchBackReference):
- (JSC::Yarr::Interpreter::backtrackBackReference):
-
-2012-02-01 Gavin Barraclough <barraclough@apple.com>
-
- calling function on catch block scope containing an eval result in wrong this value being passed
- https://bugs.webkit.org/show_bug.cgi?id=77581
-
- Reviewed by Oliver Hunt.
-
- javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::TryNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- * parser/ASTBuilder.h:
- (JSC::ASTBuilder::createTryStatement):
- * parser/NodeConstructors.h:
- (JSC::TryNode::TryNode):
- * parser/Nodes.h:
- (TryNode):
- * parser/Parser.cpp:
- (JSC::::parseTryStatement):
- * parser/SyntaxChecker.h:
- (JSC::SyntaxChecker::createTryStatement):
- * runtime/JSObject.h:
- (JSObject):
- (JSC::JSObject::isStaticScopeObject):
- (JSC):
-
-2012-02-01 Oliver Hunt <oliver@apple.com>
-
- Add support for inferred function names
- https://bugs.webkit.org/show_bug.cgi?id=77579
-
- Reviewed by Gavin Barraclough.
-
- Add new "inferred" names to function expressions, getters, and setters.
- This property is not exposed to JS, so is only visible in the debugger
- and profiler.
-
- * JavaScriptCore.exp:
- * bytecompiler/BytecodeGenerator.h:
- (JSC::BytecodeGenerator::makeFunction):
- * debugger/DebuggerCallFrame.cpp:
- (JSC::DebuggerCallFrame::calculatedFunctionName):
- * parser/ASTBuilder.h:
- (JSC::ASTBuilder::createAssignResolve):
- (JSC::ASTBuilder::createGetterOrSetterProperty):
- (JSC::ASTBuilder::createProperty):
- (JSC::ASTBuilder::makeAssignNode):
- * parser/Nodes.h:
- (JSC::FunctionBodyNode::setInferredName):
- (JSC::FunctionBodyNode::inferredName):
- (FunctionBodyNode):
- * profiler/Profiler.cpp:
- (JSC):
- (JSC::Profiler::createCallIdentifier):
- (JSC::createCallIdentifierFromFunctionImp):
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::FunctionExecutable):
- (JSC::FunctionExecutable::fromGlobalCode):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::create):
- (JSC::FunctionExecutable::inferredName):
- (FunctionExecutable):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::calculatedDisplayName):
- (JSC):
- (JSC::getCalculatedDisplayName):
- * runtime/JSFunction.h:
- (JSC):
-
-2012-02-01 Filip Pizlo <fpizlo@apple.com>
-
- DFG should fold double-to-int conversions
- https://bugs.webkit.org/show_bug.cgi?id=77532
-
- Reviewed by Oliver Hunt.
-
- Performance neutral on major benchmarks. But it makes calling V8's
- Math.random() 4x faster.
-
- * bytecode/CodeBlock.cpp:
- (JSC):
- (JSC::CodeBlock::addOrFindConstant):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addConstant):
- (CodeBlock):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::toInt32):
- (ByteCodeParser):
- (JSC::DFG::ByteCodeParser::getJSConstantForValue):
- (JSC::DFG::ByteCodeParser::isInt32Constant):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::addShouldSpeculateInteger):
- (Graph):
- (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::doRoundOfDoubleVoting):
- (JSC::DFG::Propagator::fixupNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileAdd):
- (DFG):
- (JSC::DFG::SpeculativeJIT::compileArithSub):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
- (SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSValueInlineMethods.h:
- (JSC::JSValue::asDouble):
-
-2012-02-01 Filip Pizlo <fpizlo@apple.com>
-
- DFG graph dump for GetScopedVar should show the correct prediction
- https://bugs.webkit.org/show_bug.cgi?id=77530
-
- Reviewed by Geoff Garen.
-
- GetScopedVar has a heap prediction, not a variable prediction. But it does
- have a variable. Hence we need to check for heap predictions before checking
- for variable predictions.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
-
-2012-02-01 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Replace JSArray destructor with finalizer
- https://bugs.webkit.org/show_bug.cgi?id=77488
-
- Reviewed by Geoffrey Garen.
-
- * JavaScriptCore.exp:
- * runtime/JSArray.cpp:
- (JSC::JSArray::finalize): Added finalizer.
- (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
- (JSC):
- (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
- (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode
- because the old name was confusing because we could have a sparse array that never
- called enterSparseMode.
- (JSC::JSArray::defineOwnNumericProperty):
- (JSC::JSArray::setLengthWritable):
- (JSC::JSArray::putByIndexBeyondVectorLength):
- (JSC::JSArray::setLength):
- (JSC::JSArray::pop):
- (JSC::JSArray::sort):
- (JSC::JSArray::compactForSorting):
- * runtime/JSArray.h:
- (JSArray):
-
-2012-02-01 Andy Wingo <wingo@igalia.com>
-
- Refactor identifier resolution in BytecodeGenerator
- https://bugs.webkit.org/show_bug.cgi?id=76285
-
- Reviewed by Geoffrey Garen.
-
- * bytecompiler/BytecodeGenerator.h:
- (JSC::ResolveResult): New class, to describe the storage
- location corresponding to an identifier in a program.
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::resolve): New function, replacing
- findScopedProperty.
- (JSC::BytecodeGenerator::resolveConstDecl): New function,
- encapsulating what ConstDeclNode::emitBytecode used to do.
- (JSC::BytecodeGenerator::emitGetStaticVar):
- (JSC::BytecodeGenerator::emitPutStaticVar): New functions,
- corresponding to the old emitGetScopedVar and emitPutScopedVar.
- (JSC::BytecodeGenerator::registerFor): Remove version that took an
- Identifier&; replaced by ResolveResult::local().
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveBase):
- (JSC::BytecodeGenerator::emitResolveBaseForPut):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a
- "resolveResult" argument. This is more clear, and reduces the
- amount of double analysis happening at compile-time.
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ResolveNode::emitBytecode):
- (JSC::EvalFunctionCallNode::emitBytecode):
- (JSC::FunctionCallResolveNode::emitBytecode):
- (JSC::PostfixResolveNode::emitBytecode):
- (JSC::DeleteResolveNode::emitBytecode):
- (JSC::TypeOfResolveNode::emitBytecode):
- (JSC::PrefixResolveNode::emitBytecode):
- (JSC::ReadModifyResolveNode::emitBytecode):
- (JSC::AssignResolveNode::emitBytecode):
- (JSC::ConstDeclNode::emitCodeSingle):
- (JSC::ForInNode::emitBytecode): Refactor to use the new
- ResolveResult structure.
-
-2012-02-01 Csaba Osztrogonác <ossy@webkit.org>
-
- Implement Error.stack
- https://bugs.webkit.org/show_bug.cgi?id=66994
-
- Unreviewed, rolling out r106407.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/AbstractPC.cpp:
- (JSC::AbstractPC::AbstractPC):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
- * interpreter/Interpreter.h:
- (JSC):
- (Interpreter):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- * parser/Parser.h:
- (JSC::::parse):
- * runtime/CommonIdentifiers.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/Error.h:
- (JSC):
-
-2012-01-31 Hajime Morrita <morrita@chromium.org>
-
- Add missing JS_PRIVATE_EXPORTs
- https://bugs.webkit.org/show_bug.cgi?id=77507
-
- Reviewed by Kevin Ollivier.
-
- * heap/MarkedSpace.h:
- (MarkedSpace):
- * interpreter/Interpreter.h:
- (Interpreter):
- * runtime/JSValue.h:
- (JSValue):
- * wtf/text/AtomicString.h:
- (WTF::AtomicString::add):
- * wtf/text/WTFString.h:
- (WTF):
-
-2012-01-31 Geoffrey Garen <ggaren@apple.com>
-
- Stop using -fomit-frame-pointer
- https://bugs.webkit.org/show_bug.cgi?id=77403
-
- Reviewed by Filip Pizlo.
-
- JavaScriptCore is too fast. I'm just the man to fix it.
-
- * Configurations/JavaScriptCore.xcconfig:
-
-2012-01-31 Michael Saboff <msaboff@apple.com>
-
- StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
- https://bugs.webkit.org/show_bug.cgi?id=76647
-
- Reviewed by Darin Adler.
-
- Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
- to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special
- cases. One case is s-sharp (0xdf) which converts to "SS". The other case is
- for characters which become 16 bit values when converted to upper case. For
- those, we up convert the the source string and use the 16 bit path.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncToUpperCase):
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::upper):
- * wtf/unicode/CharacterNames.h:
- (smallLetterSharpS): New constant
-
-2012-01-31 Oliver Hunt <oliver@apple.com>
-
- Remove unneeded sourceId property
- https://bugs.webkit.org/show_bug.cgi?id=77495
-
- Reviewed by Filip Pizlo.
-
- sourceId isn't used anymore, so we'll just remove it.
-
- * runtime/Error.cpp:
- (JSC):
- (JSC::addErrorInfo):
- (JSC::hasErrorInfo):
-
-2012-01-31 Oliver Hunt <oliver@apple.com>
-
- Implement Error.stack
- https://bugs.webkit.org/show_bug.cgi?id=66994
-
- Reviewed by Gavin Barraclough.
-
- Original patch by Juan Carlos Montemayor Elosua:
- This patch utilizes topCallFrame to create a stack trace when
- an error is thrown. Users will also be able to use the stack()
- command in jsc to get arrays with stack trace information.
-
- Modified to be correct on ToT, with a variety of correctness,
- performance, and security improvements.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::getCallerLine):
- (JSC::getSourceURLFromCallFrame):
- (JSC::getStackFrameCodeType):
- (JSC::Interpreter::getStackTrace):
- (JSC::Interpreter::throwException):
- * interpreter/Interpreter.h:
- (JSC::StackFrame::toString):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (functionJSCStack):
- * parser/Parser.h:
- (JSC::Parser::parse):
- * runtime/CommonIdentifiers.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/Error.h:
-
-2012-01-31 Scott Graham <scottmg@chromium.org>
-
- [Chromium] Remove references to gyp cygwin build target
- https://bugs.webkit.org/show_bug.cgi?id=77253
-
- Reviewed by Julien Chaffraix.
-
- Target dependency is no longer required, it's done earlier in the
- build process.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-01-31 Michael Saboff <msaboff@apple.com>
-
- ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
- https://bugs.webkit.org/show_bug.cgi?id=77443
-
- Reviewed by Gavin Barraclough.
-
- Removed failing ASSERT() and thus destructor. The ASSERT isn't needed.
- We are hitting it in the YARR JIT case where we bail out and go to the
- interpreter with a partially JIT'ed function. Since we haven't linked
- the JIT'ed code, there is likely to be some unresolved jumps in the vector
- when the ARMv7Assembler destructor is called. For the case where we
- complete the JIT process, we clear the vector at the end of
- LinkBuffer::linkCode (LinkBuffer.h:292).
-
- * assembler/ARMv7Assembler.h:
- (ARMv7Assembler):
-
-2012-01-31 Anders Carlsson <andersca@apple.com>
-
- Vector<T>::operator== shouldn't require T to have operator!=
- https://bugs.webkit.org/show_bug.cgi?id=77448
-
- Reviewed by Andreas Kling.
-
- Change VectorComparer::compare to use !(a == b) instead of a != b since
- it makes more sense for Vector::operator== to use the element's operator==.
-
- * wtf/Vector.h:
-
-2012-01-30 Oliver Hunt <oliver@apple.com>
-
- get_by_val_arguments is broken in the interpreter
- https://bugs.webkit.org/show_bug.cgi?id=77389
-
- Reviewed by Gavin Barraclough.
-
- When get_by_val had wad a value profile added, the same slot was not added to
- get_by_val_arguments. This broke the interpreter as the interpreter falls
- back on its regular get_by_val implementation.
-
- No tests are added as the interpreter is fairly broken in its
- current state (multiple tests fail due to this bug).
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/Opcode.h:
- (JSC):
- ():
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitGetArgumentByVal):
-
-2012-01-30 Oliver Hunt <oliver@apple.com>
-
- Unexpected syntax error
- https://bugs.webkit.org/show_bug.cgi?id=77340
-
- Reviewed by Gavin Barraclough.
-
- Function calls and new expressions have the same semantics for
- assignment, so should simply share their lhs handling.
-
- * parser/Parser.cpp:
- (JSC::::parseMemberExpression):
-
-2012-01-30 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed ARMv7 build fix.
-
- * tools/CodeProfiling.cpp:
- (JSC):
- (JSC::setProfileTimer):
- (JSC::CodeProfiling::begin):
- (JSC::CodeProfiling::end):
-
-2012-01-30 David Levin <levin@chromium.org>
-
- Using OS(WIN) or OS(MAC) should cause a build error.
- https://bugs.webkit.org/show_bug.cgi?id=77162
-
- Reviewed by Darin Adler.
-
- * wtf/Platform.h: Expand them into something that will
- cause a compile error.
-
-2012-01-30 Yong Li <yoli@rim.com>
-
- [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM
- https://bugs.webkit.org/show_bug.cgi?id=77360
-
- Reviewed by Rob Buis.
-
- Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM)
- for OS(QNX).
-
- * wtf/Platform.h:
-
-2012-01-30 Gavin Barraclough <barraclough@apple.com>
-
- Speculative Windows build fix.
-
- * assembler/MacroAssemblerCodeRef.h:
- (FunctionPtr):
-
-2012-01-30 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=77163
- MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
-
- Rubber stamped by Geoff Garen
-
- * assembler/MacroAssemblerCodeRef.h:
-
-2012-01-30 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed build fix for interpreter builds.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
- * bytecode/CodeBlock.h:
- (CodeBlock):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * tools/CodeProfile.cpp:
- (JSC::CodeProfile::sample):
-
-2012-01-30 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed build fix following bug#76855
-
- * JavaScriptCore.exp:
-
-2012-01-30 Michael Saboff <msaboff@apple.com>
-
- CaseFoldingHash::hash() doesn't handle 8 bit strings directly
- https://bugs.webkit.org/show_bug.cgi?id=76652
-
- Reviewed by Andreas Kling.
-
- * wtf/text/StringHash.h:
- (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
-
-2012-01-30 Michael Saboff <msaboff@apple.com>
-
- stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
- https://bugs.webkit.org/show_bug.cgi?id=76651
-
- Reviewed by Geoffrey Garen.
-
- Made local function substituteBackreferencesSlow a template function
- based on character width. Cleaned up getCharacters() in both UString
- and StringImpl. Changed getCharacters<UChar> to up convert an 8 bit
- string to 16 bits if necessary.
-
- * runtime/StringPrototype.cpp:
- (JSC::substituteBackreferencesSlow):
- (JSC::substituteBackreferences):
- * runtime/UString.h:
- (JSC::LChar):
- (JSC::UChar):
- * wtf/text/StringImpl.h:
- (WTF::UChar):
-
-2012-01-30 Gavin Barraclough <barraclough@apple.com>
-
- Clean up putDirect
- https://bugs.webkit.org/show_bug.cgi?id=76232
-
- Reviewed by Sam Weinig.
-
- Part 3 - merge op_put_getter & op_put_setter.
-
- Putting these separately is inefficient (and makes future optimiation,
- e.g. making GetterSetter immutable) harder. Change to emit a single
- op_put_getter_setter bytecode op. Ultimately we should probably be
- able to merge this with put direct, to create a common op to initialize
- object literal properties.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/Opcode.h:
- (JSC):
- ():
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitPutGetterSetter):
- * bytecompiler/BytecodeGenerator.h:
- (BytecodeGenerator):
- * bytecompiler/NodesCodegen.cpp:
- (JSC::PropertyListNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- (JIT):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_put_getter_setter):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_put_getter_setter):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
- ():
- * runtime/JSObject.cpp:
- (JSC::JSObject::putDirectVirtual):
- (JSC::JSObject::putDirectAccessor):
- (JSC):
- (JSC::putDescriptor):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- ():
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putDirect):
- (JSC::JSObject::putDirectWithoutTransition):
-
-2012-01-30 Michael Saboff <msaboff@apple.com>
-
- Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
- https://bugs.webkit.org/show_bug.cgi?id=76649
-
- Reviewed by Geoffrey Garen.
-
- * JavaScriptCore.exp: Added export for charactersToDouble.
-
-2012-01-30 Michael Saboff <msaboff@apple.com>
-
- WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
- https://bugs.webkit.org/show_bug.cgi?id=76648
-
- Reviewed by Geoffrey Garen.
-
- Added a new overloaded append member that takes a String& argument, an offest
- and a length to do direct sub string appending to a StringBuilder.
-
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::append):
-
-2012-01-29 Zoltan Herczeg <zherczeg@webkit.org>
-
- Custom written CSS lexer
- https://bugs.webkit.org/show_bug.cgi?id=70107
-
- Reviewed by Antti Koivisto and Oliver Hunt.
-
- Add new helper functions for the custom written CSS lexer.
-
- * wtf/ASCIICType.h:
- (WTF::toASCIILowerUnchecked):
- (WTF):
- (WTF::isASCIIAlphaCaselessEqual):
-
-2012-01-29 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const
- https://bugs.webkit.org/show_bug.cgi?id=77146
- <rdar://problem/10770586>
-
- Reviewed by Oliver Hunt.
-
- The old JIT expects that the result of the last operation is in the lastResultRegister. The DFG JIT is
- designed to correctly track the lastResultRegister by looking at SetLocal nodes. However, when the DFG
- JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the
- lastResultRegister. Hence if we OSR exit on the first node following the end of an inlined code block
- that had a return value, and that first node uses the return value, the old JIT will get massively
- confused. This patch takes a surgical approach: instead of making the DFG smarter, it makes the old
- JIT slightly dumber.
-
- * jit/JITCall.cpp:
- (JSC::JIT::emit_op_call_put_result):
-
-2012-01-29 Filip Pizlo <fpizlo@apple.com>
-
- Build fix for Mac non-x64 platforms.
-
- * tools/CodeProfiling.cpp:
- (JSC):
-
-2012-01-28 Gavin Barraclough <barraclough@apple.com>
-
- Reserve 'let'
- https://bugs.webkit.org/show_bug.cgi?id=77293
-
- Rubber stamped by Oliver Hunt.
-
- 'let' may become a keyword in ES6. We're going to try experimentally reserving it,
- to see if this breaks the web.
-
- * parser/Keywords.table:
-
-2012-01-27 Gavin Barraclough <barraclough@apple.com>
-
- Implement a JIT-code aware sampling profiler for JSC
- https://bugs.webkit.org/show_bug.cgi?id=76855
-
- Reviewed by Oliver Hunt.
-
- To enable the profiler, set the JSC_CODE_PROFILING environment variable to
- 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
- trace all samples).
-
- The profiler requires -fomit-frame-pointer to be removed from the build flags.
-
- * JavaScriptCore.exp:
- - Removed an export.
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Added new files
- * bytecode/CodeBlock.cpp:
- - For baseline codeblocks, cache the result of canCompileWithDFG.
- * bytecode/CodeBlock.h:
- - For baseline codeblocks, cache the result of canCompileWithDFG.
- * jit/ExecutableAllocator.cpp:
- (JSC::ExecutableAllocator::initializeAllocator):
- - Notify the profiler when the allocator is created.
- (JSC::ExecutableAllocator::allocate):
- - Inform the allocated of the ownerUID.
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::ExecutableAllocator::initializeAllocator):
- - Notify the profiler when the allocator is created.
- (JSC::ExecutableAllocator::allocate):
- - Inform the allocated of the ownerUID.
- * jit/JITStubs.cpp:
- - If profiling, don't mask the return address in JIT code.
- (We do so to provide nicer backtraces in debug builds).
- * runtime/Completion.cpp:
- (JSC::evaluate):
- - Notify the profiler of script evaluations.
- * tools: Added.
- * tools/CodeProfile.cpp: Added.
- (JSC::symbolName):
- - Helper function to get the name of a symbol in the framework.
- (JSC::truncateTrace):
- - Helper to truncate traces into methods know to have uninformatively deep stacks.
- (JSC::CodeProfile::sample):
- - Record a stack trace classifying samples.
- (JSC::CodeProfile::report):
- - {Print profiler output.
- * tools/CodeProfile.h: Added.
- - new class, captures a set of samples associated with an evaluated script,
- and nested to record samples from subscripts.
- * tools/CodeProfiling.cpp: Added.
- (JSC::CodeProfiling::profilingTimer):
- - callback fired then a timer event occurs.
- (JSC::CodeProfiling::notifyAllocator):
- - called when the executable allocator is constructed.
- (JSC::CodeProfiling::getOwnerUIDForPC):
- - helper to lookup the codeblock from an address in JIT code
- (JSC::CodeProfiling::begin):
- - enter a profiling scope.
- (JSC::CodeProfiling::end):
- - exit a profiling scope.
- * tools/CodeProfiling.h: Added.
- - new class, instantialed from Completion to define a profiling scope.
- * tools/ProfileTreeNode.h: Added.
- - new class, used to construct a tree of samples.
- * tools/TieredMMapArray.h: Added.
- - new class, a malloc-free vector (can be used while the main thread is suspended,
- possibly holding the malloc heap lock).
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
- (WTF::MetaAllocator::allocate):
- - Allow allocation handles to track information about their owner.
- * wtf/MetaAllocator.h:
- (MetaAllocator):
- - Allow allocation handles to track information about their owner.
- * wtf/MetaAllocatorHandle.h:
- (MetaAllocatorHandle):
- (WTF::MetaAllocatorHandle::ownerUID):
- - Allow allocation handles to track information about their owner.
- * wtf/OSAllocator.h:
- (WTF::OSAllocator::reallocateCommitted):
- - reallocate an existing, committed memory allocation.
-
-2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r106187.
- http://trac.webkit.org/changeset/106187
- https://bugs.webkit.org/show_bug.cgi?id=77276
-
- The last rollout was a false charge. (Requested by morrita on
- #webkit).
-
- * runtime/ExceptionHelpers.h:
- (InterruptedExecutionError):
- * runtime/JSBoundFunction.h:
- (JSBoundFunction):
- * runtime/RegExp.h:
- (RegExp):
- * runtime/RegExpMatchesArray.h:
- (RegExpMatchesArray):
-
-2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r106151.
- http://trac.webkit.org/changeset/106151
- https://bugs.webkit.org/show_bug.cgi?id=77275
-
- may break windows build (Requested by morrita on #webkit).
-
- * runtime/ExceptionHelpers.h:
- (InterruptedExecutionError):
- * runtime/JSBoundFunction.h:
- (JSBoundFunction):
- * runtime/RegExp.h:
- (RegExp):
- * runtime/RegExpMatchesArray.h:
- (RegExpMatchesArray):
-
-2012-01-28 Filip Pizlo <fpizlo@apple.com>
-
- GC invoked while doing an old JIT property storage reallocation may lead
- to an object that refers to a dead structure
- https://bugs.webkit.org/show_bug.cgi?id=77273
- <rdar://problem/10770565>
-
- Reviewed by Gavin Barraclough.
-
- The put_by_id transition was already saving the old structure by virtue of
- having the object on the stack, so that wasn't going to get deleted. But the
- new structure was unprotected in the transition. I've now changed the
- transition code to save the new structure, ensuring that the GC will know it
- to be marked if invoked from within put_by_id_transition_realloc.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
- (JSC):
- ():
-
-2012-01-27 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r106167.
- http://trac.webkit.org/changeset/106167
- https://bugs.webkit.org/show_bug.cgi?id=77264
-
- broke LayoutTests/fast/js/string-capitalization.html
- (Requested by msaboff on #webkit).
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncToLowerCase):
- (JSC::stringProtoFuncToUpperCase):
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::upper):
-
-2012-01-27 Filip Pizlo <fpizlo@apple.com>
-
- Build fix for interpreter platforms.
-
- * interpreter/AbstractPC.cpp:
- (JSC::AbstractPC::AbstractPC):
-
-2012-01-27 Michael Saboff <msaboff@apple.com>
-
- StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
- https://bugs.webkit.org/show_bug.cgi?id=76647
-
- Reviewed by Geoffrey Garen.
-
- Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar
- to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle the two
- 8 bit characters that when converted to upper case become 16 bit characters.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace.
- (JSC::stringProtoFuncToUpperCase):
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::upper):
-
-2012-01-27 Hajime Morita <morrita@google.com>
-
- [JSC] ThunkGenerators.cpp should hide its asm-defined symbols
- https://bugs.webkit.org/show_bug.cgi?id=77244
-
- Reviewed by Filip Pizlo.
-
- * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS()
- * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp
-
-2012-01-27 Simon Hausmann <simon.hausmann@nokia.com>
-
- [JSC] Asm-originated symbols should be marked as hidden
- https://bugs.webkit.org/show_bug.cgi?id=77150
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches,
- but they were missing in the CPU(X86) and the CPU(X86_64) cases.
-
-2012-01-27 MORITA Hajime <morrita@google.com>
-
- [JSC] Some JS_EXPORTDATA may not be necessary.
- https://bugs.webkit.org/show_bug.cgi?id=77145
-
- Reviewed by Darin Adler.
-
- Removed JS_EXPORTDATA attributes whose attributing symbols are
- not exported on Mac port.
-
- * runtime/ExceptionHelpers.h:
- (InterruptedExecutionError):
- * runtime/JSBoundFunction.h:
- (JSBoundFunction):
- * runtime/RegExp.h:
- (RegExp):
- * runtime/RegExpMatchesArray.h:
- (RegExpMatchesArray):
-
-2012-01-27 MORITA Hajime <morrita@google.com>
-
- [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs
- https://bugs.webkit.org/show_bug.cgi?id=77113
-
- Reviewed by Darin Adler.
-
- * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export.
-
-2012-01-27 Zeno Albisser <zeno@webkit.org>
-
- [Qt][Mac] Build fails after adding ICU support (r105997).
- https://bugs.webkit.org/show_bug.cgi?id=77118
-
- Use Apple code path for unicode date formats on mac.
-
- Reviewed by Tor Arne Vestbø.
-
- * runtime/DatePrototype.cpp:
- ():
-
-2012-01-27 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Add a GKeyFile especialization to GOwnPtr
- https://bugs.webkit.org/show_bug.cgi?id=77191
-
- Reviewed by Martin Robinson.
-
- * wtf/gobject/GOwnPtr.cpp:
- (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
- * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
- * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.
-
-2012-01-25 Yury Semikhatsky <yurys@chromium.org>
-
- Web Inspector: should be possible to open function declaration from script popover
- https://bugs.webkit.org/show_bug.cgi?id=76913
-
- Added display function name and source location to the popover in scripts panel.
- Now when a function is hovered user can navigate to its definition.
-
- Reviewed by Pavel Feldman.
-
- * JavaScriptCore/JavaScriptCore.exp
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSFunction.h:
- (JSFunction):
-
-2012-01-26 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
-
- * runtime/DatePrototype.cpp:
- ():
-
-2012-01-26 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Merge AllocationSpace into MarkedSpace
- https://bugs.webkit.org/show_bug.cgi?id=77116
-
- Reviewed by Geoffrey Garen.
-
- Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to
- MarkedSpace allocation.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * heap/AllocationSpace.cpp: Removed.
- * heap/AllocationSpace.h: Removed.
- * heap/BumpSpace.h:
- (BumpSpace):
- * heap/Heap.h:
- (JSC::Heap::objectSpace):
- (Heap):
- ():
- * heap/HeapBlock.h:
- ():
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::tryAllocateHelper):
- (JSC):
- (JSC::MarkedSpace::tryAllocate):
- (JSC::MarkedSpace::allocateSlowCase):
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::freeBlocks):
- (TakeIfUnmarked):
- (JSC::TakeIfUnmarked::TakeIfUnmarked):
- (JSC::TakeIfUnmarked::operator()):
- (JSC::TakeIfUnmarked::returnValue):
- (JSC::MarkedSpace::shrink):
- (GatherDirtyCells):
- (JSC::GatherDirtyCells::returnValue):
- (JSC::GatherDirtyCells::GatherDirtyCells):
- (JSC::GatherDirtyCells::operator()):
- (JSC::MarkedSpace::gatherDirtyCells):
- * heap/MarkedSpace.h:
- (MarkedSpace):
- (JSC::MarkedSpace::blocks):
- (JSC::MarkedSpace::forEachCell):
- (JSC):
- (JSC::MarkedSpace::allocate):
-
-2012-01-26 Oliver Hunt <oliver@apple.com>
-
- MSVC bug fix.
- <rdar://problem/10703671> MSVC generates bad code for enum compare.
-
- RS=Geoff
-
- Make bitfield large enough to work around MSVC's desire to make enums
- signed types.
-
- * bytecode/CallLinkInfo.h:
- (CallLinkInfo):
-
-2012-01-26 Filip Pizlo <fpizlo@apple.com>
-
- All DFG helpers that may call out to arbitrary JS code must know where they
- were called from due to inlining and call stack walking
- https://bugs.webkit.org/show_bug.cgi?id=77070
- <rdar://problem/10750834>
-
- Reviewed by Geoff Garen.
-
- Changed the DFG to always record a code origin index in the tag of the argument
- count (which we previously left blank for the benefit of LLInt, but is still
- otherwise unused by the DFG), so that if we ever need to walk the stack accurately
- we know where to start. In particular, if the current ExecState* points several
- semantic call frames away from the true semantic call frame because we had
- performed inlining, having the code origin index recorded means that we can reify
- those call frames as necessary to give runtime/library code an accurate view of
- the current JS state.
-
- This required several large but mechanical changes:
-
- - Calling a function from the DFG now plants a store32 instruction to store the
- code origin index. But the indices of code origins were previously picked by
- the DFG::JITCompiler after code generation completed. I changed this somewhat;
- even though the code origins are put into the CodeBlock after code gen, the
- code gen now knows a priori what their indices will be. Extensive assertions
- are in place to ensure that the two don't get out of sync, in the form of the
- DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
- those don't need the code origin index set in the call frame because we can get
- it by doing a binary search on the return PC.
-
- - Stack walking now always calls trueCallFrame() first before beginning the walk,
- since even the top call frame may be wrong. It still calls trueCallerFrame() as
- before to get to the next frame, though trueCallerFrame() is now mostly a
- wrapper around callerFrame()->trueCallFrame().
-
- - Because the mechanism for getting the code origin of a call frame is bimodal
- (either the call frame knows its code origin because the code origin index was
- set, or it's necessary to use the callee frame's return PC), I put in extra
- mechanisms to determine whether your caller, or your callee, corresponds to
- a call out of C++ code. Previously we just had the host call flag, but this is
- insufficient as it does not cover the case of someone calling JSC::call(). But
- luckily we can determine this just by looking at the return PC: if the return
- PC is in range of the ctiTrampiline, then two things are true: this call
- frame's PC will tell you nothing about where you came from in your caller, and
- the caller already knows where it's at because it must have set the code origin
- index (unless it's not DFG code, in which case we don't care because there is
- no inlining to worry about).
-
- - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
- inlining code, so I fixed it.
-
- - Finally because I was tired of doing random #if's for checking if I should be
- passing around an Instruction* or a ReturnAddressPtr, I created a class called
- AbstractPC that holds whatever notion of a PC is appropriate for the current
- execution environment. It's designed to work gracefully even if both the
- interpreter and the JIT are compiled in, and should integrate nicely with the
- LLInt.
-
- This is neutral on all benchmarks and fixes some nasty corner-case regressions of
- evil code that uses combinations of getters/setters and function.arguments.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::codeOrigin):
- (CodeBlock):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleInlining):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (CallBeginToken):
- (JSC::DFG::CallBeginToken::CallBeginToken):
- (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
- (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
- (DFG):
- (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
- (CallExceptionRecord):
- (JSC::DFG::JITCompiler::JITCompiler):
- (JITCompiler):
- (JSC::DFG::JITCompiler::nextCallBeginToken):
- (JSC::DFG::JITCompiler::beginCall):
- (JSC::DFG::JITCompiler::notifyCall):
- (JSC::DFG::JITCompiler::addExceptionCheck):
- (JSC::DFG::JITCompiler::addFastExceptionCheck):
- * dfg/DFGOperations.cpp:
- ():
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryBuildGetByIDList):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * interpreter/AbstractPC.cpp: Added.
- (JSC):
- (JSC::AbstractPC::AbstractPC):
- * interpreter/AbstractPC.h: Added.
- (JSC):
- (AbstractPC):
- (JSC::AbstractPC::AbstractPC):
- (JSC::AbstractPC::hasJITReturnAddress):
- (JSC::AbstractPC::jitReturnAddress):
- (JSC::AbstractPC::hasInterpreterReturnAddress):
- (JSC::AbstractPC::interpreterReturnAddress):
- (JSC::AbstractPC::isSet):
- (JSC::AbstractPC::operator!):
- ():
- * interpreter/CallFrame.cpp:
- (JSC):
- (JSC::CallFrame::trueCallFrame):
- (JSC::CallFrame::trueCallerFrame):
- * interpreter/CallFrame.h:
- (JSC::ExecState::abstractReturnPC):
- (JSC::ExecState::codeOriginIndexForDFGWithInlining):
- (ExecState):
- (JSC::ExecState::trueCallFrame):
- (JSC::ExecState::trueCallFrameFromVMCode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::retrieveArgumentsFromVMCode):
- (JSC::Interpreter::retrieveCallerFromVMCode):
- (JSC::Interpreter::findFunctionCallFrameFromVMCode):
- * interpreter/Interpreter.h:
- (Interpreter):
- ():
- * jit/JITStubs.cpp:
- (JSC):
- ():
- * jit/JITStubs.h:
- (JSC):
- (JSC::returnAddressIsInCtiTrampoline):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::argumentsGetter):
- (JSC::JSFunction::callerGetter):
- (JSC::JSFunction::getOwnPropertyDescriptor):
-
-2012-01-26 Peter Varga <pvarga@webkit.org>
-
- Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
- https://bugs.webkit.org/show_bug.cgi?id=77104
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGOperations.cpp:
- ():
-
-2012-01-26 Michael Saboff <msaboff@apple.com>
-
- String::latin1() should take advantage of 8 bit strings
- https://bugs.webkit.org/show_bug.cgi?id=76646
-
- Reviewed by Geoffrey Garen.
-
- * wtf/text/WTFString.cpp:
- (WTF::String::latin1): For 8 bit strings, use existing buffer
- without conversion.
-
-2012-01-26 Michael Saboff <msaboff@apple.com>
-
- Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
- https://bugs.webkit.org/show_bug.cgi?id=76645
-
- Reviewed by Geoffrey Garen.
-
- * wtf/text/StringImpl.cpp:
- (WTF::equalIgnoringCase): New LChar version.
- (WTF::findInner): New helper function.
- (WTF::StringImpl::find): Added 8 bit path.
- (WTF::reverseFindInner): New helper funciton.
- (WTF::StringImpl::reverseFind): Added 8 bit path.
- (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
- * wtf/text/StringImpl.h:
- (WTF):
-
-2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
-
- [Qt][Win] One more speculative buildfix after r105970.
-
- * JavaScriptCore.pri:
-
-2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
-
- [Qt][Win] Speculative buildfix after r105970.
-
- * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().
-
-2012-01-26 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r105982.
- http://trac.webkit.org/changeset/105982
- https://bugs.webkit.org/show_bug.cgi?id=77090
-
- breaks the world (Requested by WildFox on #webkit).
-
- * wtf/MainThread.cpp:
- (WTF):
- * wtf/Platform.h:
- * wtf/mac/MainThreadMac.mm:
- (WTF):
- (WTF::registerGCThread):
- (WTF::isMainThreadOrGCThread):
-
-2012-01-26 Roland Takacs <takacs.roland@stud.u-szeged.hu>
-
- [Qt] GC should be parallel on Qt platform
- https://bugs.webkit.org/show_bug.cgi?id=73309
-
- Reviewed by Zoltan Herczeg.
-
- These changes made the parallel gc feature available for Qt port.
- The implementation of "registerGCThread" and "isMainThreadOrGCThread"
- is moved from MainThreadMac.mm to the common MainThread.cpp to make
- them available for other platforms.
-
- Measurement results:
- V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ]
- WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms]
- V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ]
-
- Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
-
- * wtf/MainThread.cpp:
- (WTF):
- (WTF::registerGCThread):
- (WTF::isMainThreadOrGCThread):
- * wtf/Platform.h:
- * wtf/mac/MainThreadMac.mm:
-
-2012-01-26 Andy Estes <aestes@apple.com>
-
- REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
- https://bugs.webkit.org/show_bug.cgi?id=77073
-
- Reviewed by Ryosuke Niwa.
-
- r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
- This should have been changed to OS(WINDOWS). This causes the
- preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
- causing allocations made by Win32 to be deleted by fastmalloc.
-
- * wtf/OwnPtrCommon.h:
- (WTF): Use OS(WINDOWS) instead of OS(WIN).
-
-2012-01-25 Mark Rowe <mrowe@apple.com>
-
- Attempted Mac build fix after r105939.
-
- * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
- It isn't used on these platforms and isn't available in the ICU headers
- for Mac.
-
-2012-01-25 Mark Rowe <mrowe@apple.com>
-
- Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
-
- <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH
-
- Reviewed by David Kilzer.
-
- * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
- the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
- to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
- * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
- the normal framework location. This prevents an incorrect install name from being used when
- installing in to the staged frameworks directory.
-
-2012-01-25 Eli Fidler <efidler@rim.com>
-
- Implement Date.toLocaleString() using ICU
- https://bugs.webkit.org/show_bug.cgi?id=76714
-
- Reviewed by Darin Adler.
-
- * runtime/DatePrototype.cpp:
- (JSC::formatLocaleDate):
-
-2012-01-25 Hajime Morita <morrita@google.com>
-
- ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
- https://bugs.webkit.org/show_bug.cgi?id=76863
-
- Reviewed by Dimitri Glazkov.
-
- Added a feature flag.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2012-01-25 Yong Li <yoli@rim.com>
-
- [BlackBerry] Implement OSAllocator::commit/decommit.
- BlackBerry port should support virtual memory decommiting.
- https://bugs.webkit.org/show_bug.cgi?id=77013
-
- Reviewed by Rob Buis.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveUncommitted):
- (WTF::OSAllocator::commit):
- (WTF::OSAllocator::decommit):
- * wtf/Platform.h:
-
-2012-01-24 Oliver Hunt <oliver@apple.com>
-
- Make DFG update topCallFrame
- https://bugs.webkit.org/show_bug.cgi?id=76969
-
- Reviewed by Filip Pizlo.
-
- Add NativeCallFrameTracer to manage topCallFrame assignment
- in the DFG operations, and make use of it.
-
- * dfg/DFGOperations.cpp:
- (JSC::DFG::operationPutByValInternal):
- ():
- * interpreter/Interpreter.h:
- (JSC):
- (NativeCallFrameTracer):
- (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
-
-2012-01-24 Filip Pizlo <fpizlo@apple.com>
-
- Inlining breaks call frame walking when the walking is done from outside the inlinee,
- but inside a code block that had inlining
- https://bugs.webkit.org/show_bug.cgi?id=76978
- <rdar://problem/10720904>
-
- Reviewed by Oliver Hunt.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::codeOriginForReturn):
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::trueCallerFrame):
-
-2012-01-24 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=76855
- Implement a JIT-code aware sampling profiler for JSC
-
- Reviewed by Oliver Hunt.
-
- Add support to MetaAllocator.cpp to track all live handles in a map,
- allowing lookup based on any address within the allocation.
-
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocatorTracker::notify):
- (WTF::MetaAllocatorTracker::release):
- - Track live handle objects in a map.
- (WTF::MetaAllocator::release):
- - Removed support for handles with null m_allocator (no longer used).
- - Notify the tracker of handles being released.
- (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
- - Moved functionality out into MetaAllocator::release.
- (WTF::MetaAllocatorHandle::shrink):
- - Removed support for handles with null m_allocator (no longer used).
- (WTF::MetaAllocator::MetaAllocator):
- - Initialize m_tracker.
- (WTF::MetaAllocator::allocate):
- - Notify the tracker of new allocations.
- * wtf/MetaAllocator.h:
- (WTF::MetaAllocatorTracker::find):
- - Lookup a MetaAllocatorHandle based on an address inside the allocation.
- (WTF::MetaAllocator::trackAllocations):
- - Register a callback object to track allocation state.
- * wtf/MetaAllocatorHandle.h:
- - Remove unused createSelfManagedHandle/constructor.
- (WTF::MetaAllocatorHandle::key):
- - Added, for use in RedBlackTree.
-
-2012-01-24 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Use copying collector for out-of-line JSObject property storage
- https://bugs.webkit.org/show_bug.cgi?id=76665
-
- Reviewed by Geoffrey Garen.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
- Also added a temporary variable to avoid warnings from GCC.
- (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
- operator new. Also added a temporary variable to avoid warnings from GCC.
- * runtime/JSObject.h:
-
-2012-01-24 Geoffrey Garen <ggaren@apple.com>
-
- JSValue::toString() should return a JSString* instead of a UString
- https://bugs.webkit.org/show_bug.cgi?id=76861
-
- Fixed two failing layout tests after my last patch.
-
- Reviewed by Gavin Barraclough.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
- in all other cases.
-
- I missed this case because the JSString* type has a valid operator<,
- so the compiler didn't complain.
-
-2012-01-24 Kenichi Ishibashi <bashi@chromium.org>
-
- [V8] Add Uint8ClampedArray support
- https://bugs.webkit.org/show_bug.cgi?id=76803
-
- Reviewed by Kenneth Russell.
-
- * wtf/ArrayBufferView.h:
- (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added.
- * wtf/Uint8ClampedArray.h:
- (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true.
-
-2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Add WebKitDownload to WebKit2 GTK+ API
- https://bugs.webkit.org/show_bug.cgi?id=72949
-
- Reviewed by Martin Robinson.
-
- * wtf/gobject/GOwnPtr.cpp:
- (WTF::GTimer): Use g_timer_destroy() to free a GTimer.
- * wtf/gobject/GOwnPtr.h: Add GTimer template.
- * wtf/gobject/GTypedefs.h: Add GTimer forward declaration.
-
-2012-01-24 Ilya Tikhonovsky <loislo@chromium.org>
-
- Unreviewed build fix for Qt LinuxSH4 build after r105698.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
-
-2012-01-23 Geoffrey Garen <ggaren@apple.com>
-
- JSValue::toString() should return a JSString* instead of a UString
- https://bugs.webkit.org/show_bug.cgi?id=76861
-
- Reviewed by Gavin Barraclough.
-
- This makes the common case -- toString() on a string -- faster and
- inline-able. (Not a measureable speedup, but we can now remove a bunch
- of duplicate hand-rolled code for this optimization.)
-
- This also clarifies the boundary between "C++ strings" and "JS strings".
-
- In all cases other than true, false, null, undefined, and multi-digit
- numbers, the JS runtime was just retrieving a UString from a JSString,
- so returning a JSString* is strictly better. In the other cases, we can
- optimize to avoid creating a new JSString if we care to, but it doesn't
- seem to be a big deal.
-
- * JavaScriptCore.exp: Export!
-
- * jsc.cpp:
- (functionPrint):
- (functionDebug):
- (functionRun):
- (functionLoad):
- (functionCheckSyntax):
- (runWithScripts):
- (runInteractive):
- * API/JSValueRef.cpp:
- (JSValueToStringCopy):
- * bytecode/CodeBlock.cpp:
- (JSC::valueToSourceString): Call value() after calling toString(), to
- convert from "JS string" (JSString*) to "C++ string" (UString), since
- toString() no longer returns a "C++ string".
-
- * dfg/DFGOperations.cpp:
- (JSC::DFG::operationValueAddNotNumber):
- * jit/JITStubs.cpp:
- (op_add): Updated for removal of toPrimitiveString():
- all '+' operands can use toString(), except for object operands, which
- need to take a slow path to call toPrimitive().
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- (JSC::arrayProtoFuncToLocaleString):
- (JSC::arrayProtoFuncJoin):
- (JSC::arrayProtoFuncPush):
- * runtime/CommonSlowPaths.h:
- (JSC::CommonSlowPaths::opIn):
- * runtime/DateConstructor.cpp:
- (JSC::dateParse):
- * runtime/DatePrototype.cpp:
- (JSC::formatLocaleDate): Call value() after calling toString(), as above.
-
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::create): Simplified down to one canonical create()
- function, to make string handling easier.
-
- * runtime/ErrorPrototype.cpp:
- (JSC::errorProtoFuncToString):
- * runtime/ExceptionHelpers.cpp:
- (JSC::createInvalidParamError):
- (JSC::createNotAConstructorError):
- (JSC::createNotAFunctionError):
- (JSC::createNotAnObjectError):
- * runtime/FunctionConstructor.cpp:
- (JSC::constructFunctionSkippingEvalEnabledCheck):
- * runtime/FunctionPrototype.cpp:
- (JSC::functionProtoFuncBind):
- * runtime/JSArray.cpp:
- (JSC::JSArray::sort): Call value() after calling toString(), as above.
-
- * runtime/JSCell.cpp:
- * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
- job now. Doing it in JSCell is slower (requires extra type checking), and
- creates the misimpression that language-defined toString() behavior is
- an implementation detail of JSCell.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::encode):
- (JSC::decode):
- (JSC::globalFuncEval):
- (JSC::globalFuncParseInt):
- (JSC::globalFuncParseFloat):
- (JSC::globalFuncEscape):
- (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
-
- * runtime/JSONObject.cpp:
- (JSC::unwrapBoxedPrimitive):
- (JSC::Stringifier::Stringifier):
- (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
- takes care of.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::toString):
- * runtime/JSObject.h: Updated to return JSString*.
-
- * runtime/JSString.cpp:
- * runtime/JSString.h:
- (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
-
- * runtime/JSValue.cpp:
- (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
- spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
- basically did what we want all the time. (Note that the toPrimitive()
- preference changes from NoPreference to PreferString, because that's
- how ToString is defined in the language. op_add does not want this behavior.)
-
- * runtime/NumberPrototype.cpp:
- (JSC::numberProtoFuncToString):
- (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
- returns a JSString*.
-
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorGetOwnPropertyDescriptor):
- (JSC::objectConstructorDefineProperty):
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncHasOwnProperty):
- (JSC::objectProtoFuncDefineGetter):
- (JSC::objectProtoFuncDefineSetter):
- (JSC::objectProtoFuncLookupGetter):
- (JSC::objectProtoFuncLookupSetter):
- (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
-
- * runtime/Operations.cpp:
- (JSC::jsAddSlowCase): Need to check for object before taking the toString()
- fast path becuase adding an object to a string requires calling toPrimitive()
- on the object, not toString(). (They differ in their preferred conversion
- type.)
-
- * runtime/Operations.h:
- (JSC::jsString):
- (JSC::jsStringFromArguments): This code gets simpler, now that toString()
- does the right thing.
-
- (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
-
- * runtime/RegExpConstructor.cpp:
- (JSC::setRegExpConstructorInput):
- (JSC::constructRegExp):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::match):
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncCompile):
- (JSC::regExpProtoFuncToString): More calls to value(), as above.
-
- * runtime/StringConstructor.cpp:
- (JSC::constructWithStringConstructor):
- (JSC::callStringConstructor): This code gets simpler, now that toString()
- does the right thing.
-
- * runtime/StringPrototype.cpp:
- (JSC::replaceUsingRegExpSearch):
- (JSC::replaceUsingStringSearch):
- (JSC::stringProtoFuncReplace):
- (JSC::stringProtoFuncCharAt):
- (JSC::stringProtoFuncCharCodeAt):
- (JSC::stringProtoFuncConcat):
- (JSC::stringProtoFuncIndexOf):
- (JSC::stringProtoFuncLastIndexOf):
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- (JSC::stringProtoFuncSlice):
- (JSC::stringProtoFuncSplit):
- (JSC::stringProtoFuncSubstr):
- (JSC::stringProtoFuncSubstring):
- (JSC::stringProtoFuncToLowerCase):
- (JSC::stringProtoFuncToUpperCase):
- (JSC::stringProtoFuncLocaleCompare):
- (JSC::stringProtoFuncBig):
- (JSC::stringProtoFuncSmall):
- (JSC::stringProtoFuncBlink):
- (JSC::stringProtoFuncBold):
- (JSC::stringProtoFuncFixed):
- (JSC::stringProtoFuncItalics):
- (JSC::stringProtoFuncStrike):
- (JSC::stringProtoFuncSub):
- (JSC::stringProtoFuncSup):
- (JSC::stringProtoFuncFontcolor):
- (JSC::stringProtoFuncFontsize):
- (JSC::stringProtoFuncAnchor):
- (JSC::stringProtoFuncLink):
- (JSC::trimString): Some of this code gets simpler, now that toString()
- does the right thing. More calls to value(), as above.
-
-2012-01-23 Luke Macpherson <macpherson@chromium.org>
-
- Unreviewed, rolling out r105676.
- http://trac.webkit.org/changeset/105676
- https://bugs.webkit.org/show_bug.cgi?id=76665
-
- Breaks build on max due to compile warnings.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::finalize):
- (JSC::JSObject::visitChildren):
- (JSC::JSObject::allocatePropertyStorage):
- * runtime/JSObject.h:
-
-2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Use copying collector for out-of-line JSObject property storage
- https://bugs.webkit.org/show_bug.cgi?id=76665
-
- Reviewed by Geoffrey Garen.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
- (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
- operator new.
- * runtime/JSObject.h:
-
-2012-01-23 Brian Weinstein <bweinstein@apple.com>
-
- More build fixing after r105646.
-
- * JavaScriptCore.exp:
-
-2012-01-23 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=76855
- Implement a JIT-code aware sampling profiler for JSC
-
- Reviewed by Geoff Garen.
-
- Step 2: generalize RedBlackTree. The profiler is going to want tio use
- a RedBlackTree, allow this class to work with subclasses of
- RedBlackTree::Node, Node should not need to know the names of the m_key
- and m_value fields (the subclass can provide a key() accessor), and
- RedBlackTree does not need to know anything about ValueType.
-
- * JavaScriptCore.exp:
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocator::findAndRemoveFreeSpace):
- (WTF::MetaAllocator::debugFreeSpaceSize):
- (WTF::MetaAllocator::addFreeSpace):
- * wtf/MetaAllocator.h:
- (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
- (WTF::MetaAllocator::FreeSpaceNode::key):
- * wtf/MetaAllocatorHandle.h:
- (WTF::MetaAllocatorHandle::key):
- * wtf/RedBlackTree.h:
- (WTF::RedBlackTree::Node::successor):
- (WTF::RedBlackTree::Node::predecessor):
- (WTF::RedBlackTree::Node::parent):
- (WTF::RedBlackTree::Node::setParent):
- (WTF::RedBlackTree::Node::left):
- (WTF::RedBlackTree::Node::setLeft):
- (WTF::RedBlackTree::Node::right):
- (WTF::RedBlackTree::Node::setRight):
- (WTF::RedBlackTree::insert):
- (WTF::RedBlackTree::remove):
- (WTF::RedBlackTree::findExact):
- (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
- (WTF::RedBlackTree::findGreatestLessThanOrEqual):
- (WTF::RedBlackTree::first):
- (WTF::RedBlackTree::last):
- (WTF::RedBlackTree::size):
- (WTF::RedBlackTree::treeMinimum):
- (WTF::RedBlackTree::treeMaximum):
- (WTF::RedBlackTree::treeInsert):
- (WTF::RedBlackTree::leftRotate):
- (WTF::RedBlackTree::rightRotate):
- (WTF::RedBlackTree::removeFixup):
-
-2012-01-23 Andy Estes <aestes@apple.com>
-
- Fix the build after r105635.
-
- * JavaScriptCore.exp:
-
-2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove StackBounds from JSGlobalData
- https://bugs.webkit.org/show_bug.cgi?id=76310
-
- Reviewed by Sam Weinig.
-
- Removed StackBounds and the stack() function from JSGlobalData since it no
- longer accessed any members of JSGlobalData.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * heap/MachineStackMarker.cpp:
- (JSC::MachineThreads::addCurrentThread):
- (JSC::MachineThreads::gatherFromCurrentThread):
- * parser/Parser.cpp:
- (JSC::::Parser):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
-
-2012-01-23 Gavin Barraclough <barraclough@apple.com>
-
- Implement a JIT-code aware sampling profiler for JSC
- https://bugs.webkit.org/show_bug.cgi?id=76855
-
- Rubber stanmped by Geoff Garen.
-
- Mechanical change - pass CodeBlock through to the executable allocator,
- such that we will be able to map ranges of JIT code back to their owner.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::executableCopy):
- * assembler/ARMAssembler.h:
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::executableCopy):
- * assembler/AssemblerBufferWithConstantPool.h:
- (JSC::AssemblerBufferWithConstantPool::executableCopy):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::LinkBuffer):
- (JSC::LinkBuffer::linkCode):
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::executableCopy):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::executableCopy):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::executableCopy):
- (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::generateProtoChainAccessStub):
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryBuildGetByIDList):
- (JSC::DFG::tryCachePutByID):
- * dfg/DFGThunks.cpp:
- (JSC::DFG::osrExitGenerationThunkGenerator):
- * jit/ExecutableAllocator.cpp:
- (JSC::ExecutableAllocator::allocate):
- * jit/ExecutableAllocator.h:
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::ExecutableAllocator::allocate):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITStubs.cpp:
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::finalize):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::compile):
-
-2012-01-23 Xianzhu Wang <wangxianzhu@chromium.org>
-
- Basic enhancements to StringBuilder
- https://bugs.webkit.org/show_bug.cgi?id=67081
-
- This change contains the following enhancements to StringBuilder,
- for convenience, performance, testability, etc.:
- - Change toStringPreserveCapacity() to const
- - new public methods: capacity(), swap(), toAtomicString(), canShrink()
- and append(const StringBuilder&)
- - == and != opearators to compare StringBuilders and a StringBuilder/String
-
- Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp
-
- Reviewed by Darin Adler.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/text/AtomicString.cpp:
- (WTF::SubstringTranslator::hash):
- (WTF::SubstringTranslator::equal):
- (WTF::SubstringTranslator::translate):
- (WTF::AtomicString::add):
- (WTF::AtomicString::addSlowCase):
- * wtf/text/AtomicString.h:
- (WTF::AtomicString::AtomicString):
- (WTF::AtomicString::add):
- * wtf/text/StringBuilder.cpp:
- (WTF::StringBuilder::reifyString):
- (WTF::StringBuilder::resize):
- (WTF::StringBuilder::canShrink):
- (WTF::StringBuilder::shrinkToFit):
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::append):
- (WTF::StringBuilder::toString):
- (WTF::StringBuilder::toStringPreserveCapacity):
- (WTF::StringBuilder::toAtomicString):
- (WTF::StringBuilder::isEmpty):
- (WTF::StringBuilder::capacity):
- (WTF::StringBuilder::is8Bit):
- (WTF::StringBuilder::swap):
- (WTF::equal):
- (WTF::operator==):
- (WTF::operator!=):
- * wtf/text/StringImpl.h:
-
-2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Add missing files, remove deleted files and
- fix indentation.
-
-2012-01-22 Filip Pizlo <fpizlo@apple.com>
-
- Build fix for non-DFG platforms that error out on warn-unused-parameter.
-
- * bytecode/CallLinkStatus.cpp:
- (JSC::CallLinkStatus::computeFor):
- * bytecode/GetByIdStatus.cpp:
- (JSC::GetByIdStatus::computeFor):
- * bytecode/MethodCallLinkStatus.cpp:
- (JSC::MethodCallLinkStatus::computeFor):
- * bytecode/PutByIdStatus.cpp:
- (JSC::PutByIdStatus::computeFor):
-
-2012-01-22 Filip Pizlo <fpizlo@apple.com>
-
- Build fix for non-DFG platforms.
-
- * bytecode/CallLinkStatus.cpp:
- (JSC::CallLinkStatus::computeFor):
- * bytecode/GetByIdStatus.cpp:
- (JSC::GetByIdStatus::computeFor):
- * bytecode/MethodCallLinkStatus.cpp:
- (JSC::MethodCallLinkStatus::computeFor):
- * bytecode/PutByIdStatus.cpp:
- (JSC::PutByIdStatus::computeFor):
-
-2012-01-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not have code that directly decodes the states of old JIT inline
- cache data structures
- https://bugs.webkit.org/show_bug.cgi?id=76768
-
- Reviewed by Sam Weinig.
-
- Introduced new classes (like GetByIdStatus) that encapsulate the set of things
- that the DFG would like to know about property accesses and calls. Whereas it
- previously got this information by directly decoding the data structures used
- by the old JIT for inline caching, it now uses these classes, which do the work
- for it. This should make it somewhat more straight forward to introduce new
- ways of profiling the same information.
-
- Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by
- code in bytecode/.
-
- Making this work right involved carefully ensuring that the heuristics for
- choosing how to handle property accesses was at least as good as what we had
- before, since I completely restructured that code. Currently the performance
- looks neutral. Since I rewrote the code I did change some things that I never
- liked before, like previously if a put_bu_id had executed exactly once then
- we'd compile it as if it had taken slow-path. Executing once is special because
- then the inline cache is not baked in, so there is no information about how the
- DFG should optimize the code. Now this is rationalized: if the put_by_id does
- not offer enough information to be optimized (i.e. had executed 0 or 1 times)
- then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id
- still has the old behavior; I left it that way because I didn't want to make
- too many changes at once.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/CallLinkStatus.cpp: Added.
- (JSC::CallLinkStatus::computeFor):
- * bytecode/CallLinkStatus.h: Added.
- (JSC::CallLinkStatus::CallLinkStatus):
- (JSC::CallLinkStatus::isSet):
- (JSC::CallLinkStatus::operator!):
- (JSC::CallLinkStatus::couldTakeSlowPath):
- (JSC::CallLinkStatus::callTarget):
- * bytecode/GetByIdStatus.cpp: Added.
- (JSC::GetByIdStatus::computeFor):
- * bytecode/GetByIdStatus.h: Added.
- (JSC::GetByIdStatus::GetByIdStatus):
- (JSC::GetByIdStatus::state):
- (JSC::GetByIdStatus::isSet):
- (JSC::GetByIdStatus::operator!):
- (JSC::GetByIdStatus::isSimpleDirect):
- (JSC::GetByIdStatus::takesSlowPath):
- (JSC::GetByIdStatus::makesCalls):
- (JSC::GetByIdStatus::structureSet):
- (JSC::GetByIdStatus::offset):
- * bytecode/MethodCallLinkStatus.cpp: Added.
- (JSC::MethodCallLinkStatus::computeFor):
- * bytecode/MethodCallLinkStatus.h: Added.
- (JSC::MethodCallLinkStatus::MethodCallLinkStatus):
- (JSC::MethodCallLinkStatus::isSet):
- (JSC::MethodCallLinkStatus::operator!):
- (JSC::MethodCallLinkStatus::needsPrototypeCheck):
- (JSC::MethodCallLinkStatus::structure):
- (JSC::MethodCallLinkStatus::prototypeStructure):
- (JSC::MethodCallLinkStatus::function):
- (JSC::MethodCallLinkStatus::prototype):
- * bytecode/PutByIdStatus.cpp: Added.
- (JSC::PutByIdStatus::computeFor):
- * bytecode/PutByIdStatus.h: Added.
- (JSC::PutByIdStatus::PutByIdStatus):
- (JSC::PutByIdStatus::state):
- (JSC::PutByIdStatus::isSet):
- (JSC::PutByIdStatus::operator!):
- (JSC::PutByIdStatus::isSimpleReplace):
- (JSC::PutByIdStatus::isSimpleTransition):
- (JSC::PutByIdStatus::takesSlowPath):
- (JSC::PutByIdStatus::oldStructure):
- (JSC::PutByIdStatus::newStructure):
- (JSC::PutByIdStatus::structureChain):
- (JSC::PutByIdStatus::offset):
- * bytecode/StructureSet.h: Added.
- (JSC::StructureSet::StructureSet):
- (JSC::StructureSet::clear):
- (JSC::StructureSet::add):
- (JSC::StructureSet::addAll):
- (JSC::StructureSet::remove):
- (JSC::StructureSet::contains):
- (JSC::StructureSet::isSubsetOf):
- (JSC::StructureSet::isSupersetOf):
- (JSC::StructureSet::size):
- (JSC::StructureSet::at):
- (JSC::StructureSet::operator[]):
- (JSC::StructureSet::last):
- (JSC::StructureSet::predictionFromStructures):
- (JSC::StructureSet::operator==):
- (JSC::StructureSet::dump):
- * dfg/DFGAbstractValue.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGStructureSet.h: Removed.
-
-2012-01-20 Filip Pizlo <fpizlo@apple.com>
-
- JIT compilation should not require ExecState
- https://bugs.webkit.org/show_bug.cgi?id=76729
- <rdar://problem/10731545>
-
- Reviewed by Gavin Barraclough.
-
- Changed the relevant JIT driver functions to take JSGlobalData& instead of
- ExecState*, since really they just needed the global data.
-
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- (JSC::DFG::tryCompile):
- (JSC::DFG::tryCompileFunction):
- * dfg/DFGDriver.h:
- (JSC::DFG::tryCompile):
- (JSC::DFG::tryCompileFunction):
- * jit/JITDriver.h:
- (JSC::jitCompileIfAppropriate):
- (JSC::jitCompileFunctionIfAppropriate):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
-
-2012-01-20 David Levin <levin@chromium.org>
-
- Make OwnPtr<HDC> work for the Chromium Windows port.
- https://bugs.webkit.org/show_bug.cgi?id=76738
-
- Reviewed by Jian Li.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the
- Chromium Windows build.
- * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for
- OwnPtr<HDC> and similar constructs.
-
-2012-01-19 Geoffrey Garen <ggaren@apple.com>
-
- Removed some regexp entry boilerplate code
- https://bugs.webkit.org/show_bug.cgi?id=76687
-
- Reviewed by Darin Adler.
-
- 1% - 2% speedup on regexp tests, no change overall.
-
- * runtime/RegExp.cpp:
- (JSC::RegExp::match):
- - ASSERT that our startIndex is non-negative, because anything less
- would be uncivilized.
-
- - ASSERT that our input is not the null string for the same reason.
-
- - No need to test for startOffset being past the end of the string,
- since the regular expression engine will do this test for us.
-
- - No need to initialize the output vector, since the regular expression
- engine will fill it in for us.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::interpret):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::compile):
-
- RegExp used to do these jobs for us, but now we do them for ourselves
- because it's a better separation of concerns, and the JIT can do them
- more efficiently than C++ code:
-
- - Test for "past the end" before doing any matching -- otherwise
- a* will match with zero length past the end of the string, which is wrong.
-
- - Initialize the output vector before doing any matching.
-
-2012-01-20 Filip Pizlo <fpizlo@apple.com>
-
- Build fix for no-DFG configuration.
- Needed for <rdar://problem/10727689>.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitProfiledOpcode):
- * jit/JIT.h:
- (JSC::JIT::emitValueProfilingSite):
-
-2012-01-19 Filip Pizlo <fpizlo@apple.com>
-
- Bytecode instructions that may have value profiling should have a direct inline
- link to the ValueProfile instance
- https://bugs.webkit.org/show_bug.cgi?id=76682
- <rdar://problem/10727689>
-
- Reviewed by Sam Weinig.
-
- Each opcode that gets value profiled now has a link to its ValueProfile. This
- required rationalizing the emission of value profiles for opcode combos, like
- op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
- sense for one of them to have a value profile link, and it makes most sense
- for it to be the one that actually sets the result. The previous behavior was
- to have op_method_check profile for op_get_by_id when they were used together,
- but otherwise for op_get_by_id to have its own profiles. op_call already did
- the right thing; all profiling was done by op_call_put_result.
-
- But rationalizing this code required breaking some of the natural boundaries
- that the code had; for instance the code in DFG that emits a GetById in place
- of both op_method_check and op_get_by_id must now know that it's the latter of
- those that has the value profile, while the first of those constitutes the OSR
- target. Hence each CodeOrigin must now have two bytecode indices - one for
- OSR exit and one for profiling.
-
- Finally this change required some refiddling of our optimization heuristics,
- because now all code blocks have "more instructions" due to the value profile
- slots.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::printGetByIdOp):
- (JSC::CodeBlock::dump):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::valueProfileForBytecodeOffset):
- * bytecode/CodeOrigin.h:
- (JSC::CodeOrigin::CodeOrigin):
- (JSC::CodeOrigin::bytecodeIndexForValueProfile):
- * bytecode/Instruction.h:
- (JSC::Instruction::Instruction):
- * bytecode/Opcode.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitProfiledOpcode):
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitGetScopedVar):
- (JSC::BytecodeGenerator::emitResolveBase):
- (JSC::BytecodeGenerator::emitResolveBaseForPut):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitResolveWithThis):
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitGetByVal):
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitCallVarargs):
- (JSC::BytecodeGenerator::emitConstruct):
- * bytecompiler/BytecodeGenerator.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::currentCodeOrigin):
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
- (JSC::DFG::ByteCodeParser::getPrediction):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::valueProfileFor):
- * jit/JIT.h:
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITCall.cpp:
- (JSC::JIT::emit_op_call_put_result):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::emit_op_call_put_result):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_resolve):
- (JSC::JIT::emit_op_resolve_base):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emit_op_resolve_global):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_resolve_with_this):
- (JSC::JIT::emitSlow_op_resolve_global_dynamic):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_resolve):
- (JSC::JIT::emit_op_resolve_base):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emit_op_resolve_global):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_resolve_with_this):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::emitSlow_op_method_check):
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emitSlow_op_get_by_id):
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_get_global_var):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::emitSlow_op_method_check):
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emitSlow_op_get_by_id):
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_get_global_var):
- * jit/JITStubCall.h:
- (JSC::JITStubCall::callWithValueProfiling):
- * runtime/Options.cpp:
- (JSC::Options::initializeOptions):
-
-2012-01-20 ChangSeok Oh <shivamidow@gmail.com>
-
- undefined reference to symbol eina_module_free
- https://bugs.webkit.org/show_bug.cgi?id=76681
-
- Reviewed by Martin Robinson.
-
- eina_module_free has been used without including eina libraries after r104936.
-
- * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES.
-
-2012-01-19 Tony Chang <tony@chromium.org>
-
- [chromium] Remove an obsolete comment about features.gypi
- https://bugs.webkit.org/show_bug.cgi?id=76643
-
- There can be only one features.gypi.
-
- Reviewed by James Robinson.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-01-19 Geoffrey Garen <ggaren@apple.com>
-
- Implicit creation of a regular expression should eagerly check for syntax errors
- https://bugs.webkit.org/show_bug.cgi?id=76642
-
- Reviewed by Oliver Hunt.
-
- This is a correctness fix and a slight optimization.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
- correct behavior.
-
- * runtime/RegExp.cpp:
- (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
- of code change, many lines of indentation change.)
-
- Since we have no clients that try to match a RegExp that is a syntax error,
- let's optimize out the check.
-
-2012-01-19 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Implement a new allocator for backing stores
- https://bugs.webkit.org/show_bug.cgi?id=75181
-
- Reviewed by Filip Pizlo.
-
- We want to move away from using fastMalloc for the backing stores for
- some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing
- stores have a nice property in that they only have a single owner (i.e. a
- single pointer to them at any one time). One way that we can take advantage
- of this property is to implement a simple bump allocator/copying collector,
- which will run alongside our normal mark/sweep collector, that only needs to
- update the single owner pointer rather than having to redirect an arbitrary
- number of pointers in from-space to to-space.
-
- This plan can give us a number of benefits. We can beat fastMalloc in terms
- of both performance and memory usage, we can track how much memory we're using
- far more accurately than our rough estimation now through the use of
- reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed
- to being limited to size classes like we have been historically). This is also
- another step toward moving away from lazy destruction, which will improve our memory footprint.
-
- We start by creating said allocator and moving the ArrayStorage for JSArray
- to use it rather than fastMalloc.
-
- The design of the collector is as follows:
- Allocation:
- -The collector allocates 64KB chunks from the OS to use for object allocation.
- -Each chunk contains an offset, a flag indicating if the block has been pinned,
- and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
- -Any allocation greater than 64KB gets its own separate oversize block, which
- is managed separately from the rest.
- -If the allocator receives a request for more than the remaining amount in the
- current block, it grabs a fresh block.
- -Grabbing a fresh block means grabbing one off of the global free list (which is now
- shared between the mark/sweep allocator and the bump allocator) if there is one.
- If there isn't a new one we do one of two things: allocate a new block from the OS
- if we're not ready for a GC yet, or run a GC and then try again. If we still don't
- have enough space after the GC, we allocate a new block from the OS.
-
- Garbage collection:
- -At the start of garbage collection during conservative stack scanning, if we encounter
- what appears to be a pointer to a bump-allocated block of memory, we pin that block so
- that it will not be copied for this round of collection.
- -We also pin any oversize blocks that we encounter, which effectively doubles as a
- "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying
- are given back to the OS.
- -Marking threads are now also responsible for copying bump-allocated objects to newSpace
- -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
- -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
- -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
- -At the conclusion of copying (which is done by the end of the marking phase), we un-pin
- any pinned blocks and give any blocks left in from-space to the global free list.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * heap/AllocationSpace.cpp:
- (JSC::AllocationSpace::allocateSlowCase):
- (JSC::AllocationSpace::allocateBlock):
- (JSC::AllocationSpace::freeBlocks):
- * heap/AllocationSpace.h:
- (JSC::AllocationSpace::waterMark):
- * heap/BumpBlock.h: Added.
- (JSC::BumpBlock::BumpBlock):
- * heap/BumpSpace.cpp: Added.
- (JSC::BumpSpace::tryAllocateSlowCase):
- * heap/BumpSpace.h: Added.
- (JSC::BumpSpace::isInCopyPhase):
- (JSC::BumpSpace::totalMemoryAllocated):
- (JSC::BumpSpace::totalMemoryUtilized):
- * heap/BumpSpaceInlineMethods.h: Added.
- (JSC::BumpSpace::BumpSpace):
- (JSC::BumpSpace::init):
- (JSC::BumpSpace::contains):
- (JSC::BumpSpace::pin):
- (JSC::BumpSpace::startedCopying):
- (JSC::BumpSpace::doneCopying):
- (JSC::BumpSpace::doneFillingBlock):
- (JSC::BumpSpace::recycleBlock):
- (JSC::BumpSpace::getFreshBlock):
- (JSC::BumpSpace::borrowBlock):
- (JSC::BumpSpace::addNewBlock):
- (JSC::BumpSpace::allocateNewBlock):
- (JSC::BumpSpace::fitsInBlock):
- (JSC::BumpSpace::fitsInCurrentBlock):
- (JSC::BumpSpace::tryAllocate):
- (JSC::BumpSpace::tryAllocateOversize):
- (JSC::BumpSpace::allocateFromBlock):
- (JSC::BumpSpace::tryReallocate):
- (JSC::BumpSpace::tryReallocateOversize):
- (JSC::BumpSpace::isOversize):
- (JSC::BumpSpace::isPinned):
- (JSC::BumpSpace::oversizeBlockFor):
- (JSC::BumpSpace::blockFor):
- * heap/ConservativeRoots.cpp:
- (JSC::ConservativeRoots::ConservativeRoots):
- (JSC::ConservativeRoots::genericAddPointer):
- (JSC::ConservativeRoots::add):
- * heap/ConservativeRoots.h:
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::blockFreeingThreadMain):
- (JSC::Heap::reportExtraMemoryCostSlowCase):
- (JSC::Heap::getConservativeRegisterRoots):
- (JSC::Heap::markRoots):
- (JSC::Heap::collect):
- (JSC::Heap::releaseFreeBlocks):
- * heap/Heap.h:
- (JSC::Heap::waterMark):
- (JSC::Heap::highWaterMark):
- (JSC::Heap::setHighWaterMark):
- (JSC::Heap::tryAllocateStorage):
- (JSC::Heap::tryReallocateStorage):
- * heap/HeapBlock.h: Added.
- (JSC::HeapBlock::HeapBlock):
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
- (JSC::SlotVisitor::drain):
- (JSC::SlotVisitor::drainFromShared):
- (JSC::SlotVisitor::startCopying):
- (JSC::SlotVisitor::allocateNewSpace):
- (JSC::SlotVisitor::copy):
- (JSC::SlotVisitor::copyAndAppend):
- (JSC::SlotVisitor::doneCopying):
- * heap/MarkStack.h:
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::recycle):
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedBlock.h:
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::forEachBlock):
- (JSC::MarkedSpace::SizeClass::resetAllocator):
- * heap/SlotVisitor.h:
- (JSC::SlotVisitor::SlotVisitor):
- * heap/TinyBloomFilter.h:
- (JSC::TinyBloomFilter::reset):
- * runtime/JSArray.cpp:
- (JSC::JSArray::JSArray):
- (JSC::JSArray::finishCreation):
- (JSC::JSArray::tryFinishCreationUninitialized):
- (JSC::JSArray::~JSArray):
- (JSC::JSArray::enterSparseMode):
- (JSC::JSArray::defineOwnNumericProperty):
- (JSC::JSArray::setLengthWritable):
- (JSC::JSArray::getOwnPropertySlotByIndex):
- (JSC::JSArray::getOwnPropertyDescriptor):
- (JSC::JSArray::putByIndexBeyondVectorLength):
- (JSC::JSArray::deletePropertyByIndex):
- (JSC::JSArray::getOwnPropertyNames):
- (JSC::JSArray::increaseVectorLength):
- (JSC::JSArray::unshiftCountSlowCase):
- (JSC::JSArray::setLength):
- (JSC::JSArray::pop):
- (JSC::JSArray::unshiftCount):
- (JSC::JSArray::visitChildren):
- (JSC::JSArray::sortNumeric):
- (JSC::JSArray::sort):
- (JSC::JSArray::compactForSorting):
- (JSC::JSArray::subclassData):
- (JSC::JSArray::setSubclassData):
- (JSC::JSArray::checkConsistency):
- * runtime/JSArray.h:
- (JSC::JSArray::inSparseMode):
- (JSC::JSArray::isLengthWritable):
- * wtf/CheckedBoolean.h: Added.
- (CheckedBoolean::CheckedBoolean):
- (CheckedBoolean::~CheckedBoolean):
- (CheckedBoolean::operator bool):
- * wtf/DoublyLinkedList.h:
- (WTF::::push):
- * wtf/StdLibExtras.h:
- (WTF::isPointerAligned):
-
-2012-01-19 Joi Sigurdsson <joi@chromium.org>
-
- Enable use of precompiled headers in Chromium port on Windows.
-
- Bug 76381 - Use precompiled headers in Chromium port on Windows
- https://bugs.webkit.org/show_bug.cgi?id=76381
-
- Reviewed by Tony Chang.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi.
-
-2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
-
- Cross-platform processor core counter fix
- https://bugs.webkit.org/show_bug.cgi?id=76540
-
- Reviewed by Zoltan Herczeg.
-
- I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)"
- and I removed the OS checking macros from ParallelJobsGeneric.cpp because
- the NumberOfCores.cpp contains them for counting CPU cores.
- The processor core counter patch located at
- https://bugs.webkit.org/show_bug.cgi?id=76530
-
- * wtf/NumberOfCores.cpp:
- * wtf/ParallelJobsGeneric.cpp:
-
-2012-01-18 Csaba Osztrogonác <ossy@webkit.org>
-
- Cross-platform processor core counter
- https://bugs.webkit.org/show_bug.cgi?id=76530
-
- Unreviewed cross-MinGW buildfix after r105270.
-
- * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h.
-
-2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
-
- Cross-platform processor core counter
- https://bugs.webkit.org/show_bug.cgi?id=76530
-
- Reviewed by Zoltan Herczeg.
-
- Two files have been created that include the processor core counter function.
- It used to be in ParallelJobsGeneric.h/cpp before.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/Options.cpp:
- (JSC::Options::initializeOptions):
- * wtf/CMakeLists.txt:
- * wtf/NumberOfCores.cpp: Added.
- (WTF::numberOfProcessorCores):
- * wtf/NumberOfCores.h: Added.
- * wtf/ParallelJobsGeneric.cpp:
- (WTF::ParallelEnvironment::ParallelEnvironment):
- * wtf/ParallelJobsGeneric.h:
-
-2012-01-18 Balazs Kelemen <kbalazs@webkit.org>
-
- [Qt] Consolidate layout test crash logging
- https://bugs.webkit.org/show_bug.cgi?id=75088
-
- Reviewed by Simon Hausmann.
-
- Move backtrace generating logic into WTFReportBacktrace
- and add a way to deinstall signal handlers if we know
- that we have already printed the backtrace.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/Assertions.cpp:
- (WTFLogLocker::WTFReportBacktrace):
- (WTFLogLocker::WTFSetCrashHook):
- (WTFLogLocker::WTFInvokeCrashHook):
- * wtf/Assertions.h:
-
-2012-01-17 Geoffrey Garen <ggaren@apple.com>
-
- Factored out some code into a helper function.
-
- I think this might help getting rid of omit-frame-pointer.
-
- Reviewed by Sam Weinig.
-
- No benchmark change.
-
- * runtime/StringPrototype.cpp:
- (JSC::removeUsingRegExpSearch): Moved to here...
- (JSC::replaceUsingRegExpSearch): ...from here.
-
-2012-01-17 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
-
- Uint8ClampedArray support
- https://bugs.webkit.org/show_bug.cgi?id=74455
-
- Reviewed by Filip Pizlo.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- (JSC::predictionFromClassInfo):
- * bytecode/PredictedType.h:
- (JSC::isUint8ClampedArrayPrediction):
- (JSC::isActionableMutableArrayPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::initialize):
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::clampDoubleToByte):
- (JSC::DFG::compileClampIntegerToByte):
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSCell.h:
- * runtime/JSGlobalData.h:
- * wtf/Forward.h:
- * wtf/Uint8Array.h:
- * wtf/Uint8ClampedArray.h: Added.
- (WTF::Uint8ClampedArray::set):
- (WTF::Uint8ClampedArray::create):
- (WTF::Uint8ClampedArray::Uint8ClampedArray):
- (WTF::Uint8ClampedArray::subarray):
-
-2012-01-17 Sam Weinig <sam@webkit.org>
-
- Add helper macro for forward declaring objective-c classes
- https://bugs.webkit.org/show_bug.cgi?id=76485
-
- Reviewed by Anders Carlsson.
-
- * wtf/Compiler.h:
- Add OBJC_CLASS macro which helps reduce code when forward declaring an
- objective-c class in a header which can be included from both Objective-C
- and non-Objective-C files.
-
-2012-01-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG should be able to do JS and custom getter caching
- https://bugs.webkit.org/show_bug.cgi?id=76361
-
- Reviewed by Csaba Osztrogonác.
-
- Fix for 32-bit.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryBuildGetByIDList):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-01-15 Filip Pizlo <fpizlo@apple.com>
-
- DFG should be able to do JS and custom getter caching
- https://bugs.webkit.org/show_bug.cgi?id=76361
- <rdar://problem/10698060>
-
- Reviewed by Geoff Garen.
-
- Added the ability to cache JS getter calls and custom getter calls in the DFG.
- Most of this is pretty mundane, since the old JIT supported this functionality
- as well. But a couple interesting things had to happen:
-
- - There are now two variants of GetById: GetById, which works as before, and
- GetByIdFlush, which flushes registers prior to doing the GetById. Only
- GetByIdFlush can be used for caching getters. We detect which GetById style
- to use by looking at the inline caches of the old JIT.
-
- - Exception handling for getter calls planted in stubs uses a separate lookup
- handler routine, which uses the CodeOrigin stored in the StructureStubInfo.
-
- This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of
- the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and
- Kraken.
-
- * bytecode/StructureStubInfo.h:
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::willNeedFlush):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCCallHelpers.h:
- (JSC::DFG::CCallHelpers::setupResults):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
- (JSC::DFG::JITCompiler::addExceptionCheck):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasIdentifier):
- (JSC::DFG::Node::hasHeapPrediction):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryBuildGetByIDList):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2012-01-16 Jon Lee <jonlee@apple.com>
-
- Build fix for r105086.
-
- * Configurations/FeatureDefines.xcconfig:
- * wtf/Platform.h:
-
-2012-01-16 Jon Lee <jonlee@apple.com>
-
- Remove HTML notifications support on Mac
- https://bugs.webkit.org/show_bug.cgi?id=76401
- <rdar://problem/10589881>
-
- Reviewed by Sam Weinig.
-
- * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro.
-
-2012-01-16 Zeno Albisser <zeno@webkit.org>
-
- [Qt] Fix QT_VERSION related warnings when building on Mac OS X
- https://bugs.webkit.org/show_bug.cgi?id=76340
-
- This bug was caused by r104826.
- As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239
- we should not use "using namespace WebCore" in header files,
- because it might cause ambiguous references.
- This patch reverts the changes from r104826 and r104981
- and removes the "using namespace WebCore" statement from
- two header files.
-
- Reviewed by Tor Arne Vestbø.
-
- * wtf/Platform.h:
-
-2012-01-16 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck.
-
- * GNUmakefile.list.am: Fix typo.
-
-2012-01-16 Pavel Heimlich <tropikhajma@gmail.com>
-
- Solaris Studio supports alignment macros too
- https://bugs.webkit.org/show_bug.cgi?id=75453
-
- Reviewed by Hajime Morita.
-
- * wtf/Alignment.h:
-
-2012-01-16 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Build fix on 32bit if verbose debug is enabled in DFG
- https://bugs.webkit.org/show_bug.cgi?id=76351
-
- Reviewed by Hajime Morita.
-
- Mostly change "%lu" to "%zu" to print a "size_t" variable.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::endBasicBlock):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
-
-2012-01-15 Filip Pizlo <fpizlo@apple.com>
-
- The C calling convention logic in DFG::SpeculativeJIT should be available even
- when not generating code for the DFG speculative path
- https://bugs.webkit.org/show_bug.cgi?id=76355
-
- Reviewed by Dan Bernstein.
-
- Moved all of the logic for placing C call arguments into the right place (stack
- or registers) into a new class, DFG::CCallHelpers. This class inherits from
- AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved
- this code into AssemblyHelpers, but decided against it, because I wanted to
- limit the number of methods each class in the JIT has. Hence now we have a
- slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction
- emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers
- (understands calls to C functions) <= JITCompiler (can compile a graph to machine
- code). Each of these except for JITCompiler can be reused for stub compilation.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGCCallHelpers.h: Added.
- (JSC::DFG::CCallHelpers::CCallHelpers):
- (JSC::DFG::CCallHelpers::resetCallArguments):
- (JSC::DFG::CCallHelpers::addCallArgument):
- (JSC::DFG::CCallHelpers::setupArguments):
- (JSC::DFG::CCallHelpers::setupArgumentsExecState):
- (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
- (JSC::DFG::CCallHelpers::setupTwoStubArgs):
- (JSC::DFG::CCallHelpers::setupStubArguments):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::JITCompiler):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callOperation):
-
-2012-01-15 Pablo Flouret <pablof@motorola.com>
-
- Fix compilation errors on build-webkit --debug --no-video on mac.
- https://bugs.webkit.org/show_bug.cgi?id=75867
-
- Reviewed by Philippe Normand.
-
- Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature
- doesn't build without video.
-
- * wtf/Platform.h:
-
-2012-01-14 David Levin <levin@chromium.org>
-
- HWndDC should be in platform/win instead of wtf.
- https://bugs.webkit.org/show_bug.cgi?id=76314
-
- Reviewed by Sam Weinig.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
-
-2012-01-13 David Levin <levin@chromium.org>
-
- check-webkit-style: should encourage the use of Own* classes for Windows DC.
- https://bugs.webkit.org/show_bug.cgi?id=76227
-
- Reviewed by Dirk Pranke.
-
- * wtf/win/HWndDCWin.h:
- (WTF::HwndDC::HwndDC): Add a way to do GetDCEx.
- There are no users, but I want to catch this in check-webkit-style
- and tell any users to use HwndDC to avoid leaks.
-
-2012-01-13 David Levin <levin@chromium.org>
-
- Header file is missing header guard.
-
- Reviewed by Dirk Pranke.
-
- * wtf/win/HWndDCWin.h: Added the guards.
-
-2012-01-13 Andy Wingo <wingo@igalia.com>
-
- Eval in strict mode does not need dynamic checks
- https://bugs.webkit.org/show_bug.cgi?id=76286
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation):
- Eval in strict mode cannot introduce variables, so it not impose
- the need for dynamic checks.
-
-2012-01-13 David Levin <levin@chromium.org>
-
- HWndDC is a better name than HwndDC.
- https://bugs.webkit.org/show_bug.cgi?id=76281
-
- Reviewed by Darin Adler.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
- * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h.
- (WTF::HWndDC::HWndDC):
- (WTF::HWndDC::~HWndDC):
- (WTF::HWndDC::operator HDC):
-
-2012-01-13 YoungTaeck Song <youngtaeck.song@samsung.com>
-
- [EFL] Add OwnPtr specialization for Eina_Module.
- https://bugs.webkit.org/show_bug.cgi?id=76255
-
- Reviewed by Andreas Kling.
-
- Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port.
-
- * wtf/OwnPtrCommon.h:
- * wtf/efl/OwnPtrEfl.cpp:
- (WTF::deleteOwnedPtr):
-
-2012-01-13 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined
-
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
-
-2012-01-12 Hajime Morrita <morrita@chromium.org>
-
- JavaScriptCore: Mark all exported symbols in the header file automatically.
- https://bugs.webkit.org/show_bug.cgi?id=72855
-
- Reviewed by Darin Adler.
-
- Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files.
- The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables)
-
- * API/OpaqueJSString.h:
- * bytecode/CodeBlock.h:
- * bytecode/SamplingTool.h:
- * debugger/Debugger.h:
- * debugger/DebuggerActivation.h:
- * debugger/DebuggerCallFrame.h:
- * heap/AllocationSpace.h:
- * heap/HandleHeap.h:
- * heap/Heap.h:
- * heap/MachineStackMarker.h:
- * heap/MarkStack.h:
- * heap/VTableSpectrum.h:
- * heap/WriteBarrierSupport.h:
- * parser/Nodes.h:
- * parser/ParserArena.h:
- * profiler/Profile.h:
- * runtime/ArgList.h:
- * runtime/CallData.h:
- * runtime/Completion.h:
- * runtime/ConstructData.h:
- * runtime/DateInstance.h:
- * runtime/Error.h:
- * runtime/ExceptionHelpers.h:
- * runtime/FunctionConstructor.h:
- * runtime/Identifier.h:
- * runtime/InitializeThreading.h:
- * runtime/InternalFunction.h:
- * runtime/JSArray.h:
- * runtime/JSByteArray.h:
- * runtime/JSCell.h:
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp:
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.h:
- * runtime/JSGlobalThis.h:
- * runtime/JSLock.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
- * runtime/JSValue.h:
- * runtime/JSVariableObject.h:
- * runtime/Lookup.h:
- * runtime/MemoryStatistics.h:
- * runtime/ObjectPrototype.h:
- * runtime/Options.h:
- * runtime/PropertyDescriptor.h:
- * runtime/PropertyNameArray.h:
- * runtime/PropertySlot.h:
- * runtime/RegExp.h:
- * runtime/RegExpObject.h:
- * runtime/SamplingCounter.h:
- * runtime/SmallStrings.h:
- * runtime/StringObject.h:
- * runtime/Structure.h:
- * runtime/TimeoutChecker.h:
- * runtime/UString.h:
- * runtime/WriteBarrier.h:
- * wtf/ArrayBufferView.h:
- * wtf/ByteArray.h:
- * wtf/CryptographicallyRandomNumber.h:
- * wtf/CurrentTime.h:
- * wtf/DateMath.h:
- * wtf/DecimalNumber.h:
- * wtf/FastMalloc.cpp:
- * wtf/FastMalloc.h:
- * wtf/MD5.h:
- * wtf/MainThread.h:
- * wtf/MetaAllocator.h:
- * wtf/MetaAllocatorHandle.h:
- * wtf/OSAllocator.h:
- * wtf/PageBlock.h:
- * wtf/RandomNumber.h:
- * wtf/RefCountedLeakCounter.h:
- * wtf/SHA1.h:
- * wtf/Threading.cpp:
- * wtf/Threading.h:
- * wtf/ThreadingPrimitives.h:
- * wtf/WTFThreadData.h:
- * wtf/dtoa.h:
- * wtf/text/AtomicString.h:
- * wtf/text/CString.h:
- * wtf/text/StringBuilder.h:
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.h:
- * wtf/unicode/Collator.h:
- * wtf/unicode/UTF8.h:
- * yarr/Yarr.h:
- * yarr/YarrPattern.h:
-
-2012-01-12 MORITA Hajime <morrita@google.com>
-
- [Chromium] JSExportMacros.h should be visible.
- https://bugs.webkit.org/show_bug.cgi?id=76147
-
- Reviewed by Tony Chang.
-
- * config.h:
-
-2012-01-12 David Levin <levin@chromium.org>
-
- HwndDC is a better name than OwnGetDC.
- https://bugs.webkit.org/show_bug.cgi?id=76235
-
- Reviewed by Dmitry Titov.
-
- This is a better name for two reasons:
- 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC).
- 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr)
- classes always take something to hold on to. In this case, the object (the DC)
- is created by the class once it is given a Window to ensure that the HDC
- was actually created using GetDC.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
- * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h.
- (WTF::HwndDC::HwndDC):
- (WTF::HwndDC::~HwndDC):
- (WTF::HwndDC::operator HDC):
-
-2012-01-12 Gavin Barraclough <barraclough@apple.com>
-
- Clean up putDirect (part 2)
- https://bugs.webkit.org/show_bug.cgi?id=76232
-
- Reviewed by Sam Weinig.
-
- Rename putWithAttributes to putDirectVirtual, to identify that this
- has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
- to be templated on an enum indicating which behaviour it is supposed to be
- implementing, and change clients that are defining properties to call
- putDirectInternal correctly.
-
- * API/JSObjectRef.cpp:
- (JSObjectSetProperty):
- * JavaScriptCore.exp:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::putDirectVirtual):
- * debugger/DebuggerActivation.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- * runtime/ClassInfo.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::putDirectVirtual):
- * runtime/JSActivation.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::putDirectVirtual):
- * runtime/JSCell.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::putDirectVirtual):
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC::JSObject::putDirectVirtual):
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::initializeGetterSetterProperty):
- (JSC::JSObject::defineSetter):
- (JSC::putDescriptor):
- * runtime/JSObject.h:
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putOwnDataProperty):
- (JSC::JSObject::putDirect):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::putDirectVirtual):
- * runtime/JSStaticScopeObject.h:
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::putDirectVirtual):
- * runtime/JSVariableObject.h:
-
-2012-01-12 Gavin Barraclough <barraclough@apple.com>
-
- Clean up putDirect (part 1)
- https://bugs.webkit.org/show_bug.cgi?id=76232
-
- Reviewed by Sam Weinig.
-
- putDirect has ambiguous semantics, clean these up a bit.
-
- putDirect generally behaves a bit like a fast defineOwnProperty, but one that
- always creates the property, with no checking to validate the put it permitted.
-
- It also encompasses two slightly different behaviors.
- (1) a fast form of put for JSActivation, which doesn't have to handle searching
- the prototype chain, getter/setter properties, or the magic __proto__ value.
- Break this out as a new method, 'putOwnDataProperty'.
- (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
- values, in strict mode. This is, however, not so smart on a few level, since
- it is only called from op_put_by_id with direct set, which is only used with
- an object as the base, and is only used to put new properties onto objects.
-
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::put):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertySlot):
- * runtime/JSObject.h:
- (JSC::JSObject::putOwnDataProperty):
- * runtime/JSValue.h:
-
-2012-01-12 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=76141
- defineSetter/defineGetter may fail to update Accessor attribute
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::initializeGetterSetterProperty):
- (JSC::JSObject::defineSetter):
- * runtime/Structure.cpp:
- (JSC::Structure::attributeChangeTransition):
- * runtime/Structure.h:
-
-2012-01-12 David Levin <levin@chromium.org>
-
- [chromium] Fix DC leak in WebScreenInfoFactory.
- https://bugs.webkit.org/show_bug.cgi?id=76203
-
- Reviewed by Dmitry Titov.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h
- * JavaScriptCore.gypi: Added OwnGetDCWin.h
- * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC.
-
-2012-01-11 Gavin Barraclough <barraclough@apple.com>
-
- Allow accessor get/set property to be set to undefined
- https://bugs.webkit.org/show_bug.cgi?id=76148
-
- Reviewed by Oliver Hunt.
-
- AccessorDescriptor properties may have their get & set properties defined to reference a function
- (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
- (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
- three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).
-
- On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
- any JSObject* (with a constraint that this must be callable).
-
- Logically the get/set property of an accessor descriptor on an object might be in any of the three
- states above, but in practice there is no way to distinguish between the first two states. As such
- we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
- undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.
-
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::setGetter):
- (JSC::GetterSetter::setSetter):
- - Allow the getter/setter to be cleared.
- * runtime/JSArray.cpp:
- (JSC::JSArray::putDescriptor):
- - Changed to call getterObject/setterObject.
- (JSC::JSArray::defineOwnNumericProperty):
- - Added ASSERT.
- * runtime/JSObject.cpp:
- (JSC::putDescriptor):
- (JSC::JSObject::defineOwnProperty):
- - Changed to call getterObject/setterObject.
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorGetOwnPropertyDescriptor):
- - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
- (JSC::toPropertyDescriptor):
- - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
- * runtime/PropertyDescriptor.cpp:
- (JSC::PropertyDescriptor::getterObject):
- (JSC::PropertyDescriptor::setterObject):
- - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
- (JSC::PropertyDescriptor::setDescriptor):
- (JSC::PropertyDescriptor::setAccessorDescriptor):
- - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
- * runtime/PropertyDescriptor.h:
- - Declare getterObject/setterObject.
-
-2012-01-12 Zeno Albisser <zeno@webkit.org>
-
- [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560.
- https://bugs.webkit.org/show_bug.cgi?id=76175
-
- Defining ENABLE_CSS_FILTERS leads to ambiguous references
- due to MacTypes.h being included.
- Defining CF_OPEN_SOURCE works around this problem.
-
- Reviewed by Simon Hausmann.
-
- * wtf/Platform.h:
-
-2012-01-12 Simon Hausmann <simon.hausmann@nokia.com>
-
- Make the new WTF module build on Qt
- https://bugs.webkit.org/show_bug.cgi?id=76163
-
- Reviewed by Tor Arne Vestbø.
-
- * JavaScriptCore.pro: Removed wtf from the subdirs to build.
-
-2012-01-11 Filip Pizlo <fpizlo@apple.com>
-
- CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter
- https://bugs.webkit.org/show_bug.cgi?id=76144
- <rdar://problem/10681711>
-
- Rubber stamped by Gavin Barraclough.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addressOfJITExecuteCounter):
- (JSC::CodeBlock::offsetOfJITExecuteCounter):
- (JSC::CodeBlock::jitExecuteCounter):
- (JSC::CodeBlock::optimizeNextInvocation):
- (JSC::CodeBlock::dontOptimizeAnytimeSoon):
- (JSC::CodeBlock::optimizeAfterWarmUp):
- (JSC::CodeBlock::optimizeAfterLongWarmUp):
- (JSC::CodeBlock::optimizeSoon):
+ * dfg/DFGOSRExitCompiler.h:
+ (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
+ (OSRExitCompiler):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
-
-2012-01-11 Gavin Barraclough <barraclough@apple.com>
-
- Merge 'Getter'/'Setter' attributes into 'Accessor'
- https://bugs.webkit.org/show_bug.cgi?id=76141
-
- Reviewed by Filip Pizlo.
-
- These are currently ambiguous (and used inconsistently). It would logically appear
- that either being bit set implies that the corresponding type of accessor is present
- but (a) we don't correctly enforce this, and (b) this means the attributes would not
- be able to distinguish between a data descriptor and an accessor descriptor with
- neither a getter nor setter defined (which is a descriptor permissible under the spec).
- This ambiguity would lead to unsafe property caching behavior (though this does not
- represent an actual current bug, since we are currently unable to create descriptors
- that have neither a getter nor setter, it just prevents us from doing so).
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::createStrictModeCallerIfNecessary):
- (JSC::Arguments::createStrictModeCalleeIfNecessary):
- * runtime/JSArray.cpp:
- (JSC::SparseArrayValueMap::put):
- (JSC::JSArray::putDescriptor):
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::finishCreation):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertySlot):
- (JSC::JSFunction::getOwnPropertyDescriptor):
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::initializeGetterSetterProperty):
- (JSC::JSObject::defineSetter):
- (JSC::putDescriptor):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorDefineProperty):
- * runtime/PropertyDescriptor.cpp:
- (JSC::PropertyDescriptor::setDescriptor):
- (JSC::PropertyDescriptor::setAccessorDescriptor):
- (JSC::PropertyDescriptor::setSetter):
- (JSC::PropertyDescriptor::setGetter):
- (JSC::PropertyDescriptor::attributesOverridingCurrent):
-
-2012-01-11 Gavin Barraclough <barraclough@apple.com>
-
- Object.defineProperty([], 'length', {}) should not make length read-only
- https://bugs.webkit.org/show_bug.cgi?id=76097
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::defineOwnProperty):
- - We should be checking writablePresent().
-
-2012-01-11 Filip Pizlo <fpizlo@apple.com>
-
- Code duplication for invoking the JIT and DFG should be reduced
- https://bugs.webkit.org/show_bug.cgi?id=76117
- <rdar://problem/10680189>
-
- Rubber stamped by Geoff Garen.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * jit/JITDriver.h: Added.
- (JSC::jitCompileIfAppropriate):
- (JSC::jitCompileFunctionIfAppropriate):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
-
-2012-01-11 Geoffrey Garen <ggaren@apple.com>
-
- Bytecode dumping is broken for call opcodes (due to two new operands)
- https://bugs.webkit.org/show_bug.cgi?id=75886
-
- Reviewed by Oliver Hunt.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
- to fix this more than once. The helper function skips the extra two operands
- at the end of the opcode, used for optimization.
-
- (JSC::CodeBlock::dump): Used the helper function.
-
- * bytecode/CodeBlock.h: Declared the helper function.
-
-2012-01-09 Geoffrey Garen <ggaren@apple.com>
-
- REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
- https://bugs.webkit.org/show_bug.cgi?id=75911
-
- * bytecompiler/BytecodeGenerator.h:
- (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
- explicitly cast to our return type in C++.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::FunctionCallResolveNode::emitBytecode):
- (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
- into a temporary register before evaluating our arguments, since argument
- evaluation might include function calls or assignments that overwrite our callee by name.
-
-2012-01-11 Michael Saboff <msaboff@apple.com>
-
- v8-regexp spends 35% of its time allocating and copying internal regexp results data
- https://bugs.webkit.org/show_bug.cgi?id=76079
-
- Reviewed by Geoffrey Garen.
-
- Added a new RegExpResults struct that has the input string, the number of
- subexpressions and the output vector. Changed RegExpConstructor to
- include a RegExpConstructorPrivate instead of having a reference to one.
- Changed RegExpMatchesArray to include a RegExpResults instead of a
- reference to a RegExpConstructorPrivate. Created an overloaded assignment
- operator to assign a RegExpConstructorPrivate to a RegExpResults.
- Collectively this change is worth 24% performance improvement to v8-regexp.
-
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpResult::operator=):
- (JSC::RegExpConstructor::RegExpConstructor):
- (JSC::RegExpMatchesArray::RegExpMatchesArray):
- (JSC::RegExpMatchesArray::finishCreation):
- (JSC::RegExpMatchesArray::~RegExpMatchesArray):
- (JSC::RegExpMatchesArray::fillArrayInstance):
- (JSC::RegExpConstructor::arrayOfMatches):
- (JSC::RegExpConstructor::getBackref):
- (JSC::RegExpConstructor::getLastParen):
- (JSC::RegExpConstructor::getLeftContext):
- (JSC::RegExpConstructor::getRightContext):
- (JSC::RegExpConstructor::setInput):
- (JSC::RegExpConstructor::input):
- (JSC::RegExpConstructor::setMultiline):
- (JSC::RegExpConstructor::multiline):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpResult::RegExpResult):
- (JSC::RegExpConstructor::performMatch):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::create):
- (JSC::RegExpMatchesArray::getOwnPropertySlot):
- (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
- (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
- (JSC::RegExpMatchesArray::put):
- (JSC::RegExpMatchesArray::putByIndex):
- (JSC::RegExpMatchesArray::deleteProperty):
- (JSC::RegExpMatchesArray::deletePropertyByIndex):
- (JSC::RegExpMatchesArray::getOwnPropertyNames):
-
-2012-01-11 Eugene Girard <girard@google.com>
-
- Typo in error message: Unexpected token 'defualt'
- https://bugs.webkit.org/show_bug.cgi?id=75105
-
- Reviewed by Simon Fraser.
-
- * parser/Parser.h:
- (JSC::Parser::getTokenName):
-
-2012-01-11 Anders Carlsson <andersca@apple.com>
-
- Assertion failure in JSC::allocateCell trying to allocate a JSString
- https://bugs.webkit.org/show_bug.cgi?id=76101
-
- Reviewed by Adam Roben.
-
- Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and
- export them explicitly using the JS_EXPORTDATA macro.
-
- member variables explicitly using
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/Executable.h:
- * runtime/JSString.h:
-
-2012-01-10 Mark Rowe <mrowe@apple.com>
-
- <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder
-
- This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT
- as JavaScriptCore.framework or in to a different one.
-
- Rubber-stamped by Dan Bernstein.
-
- * Configurations/JSC.xcconfig: Update INSTALL_PATH.
-
-2012-01-10 Filip Pizlo <fpizlo@apple.com>
-
- DFG inlining block linking compares BlockIndex against bytecode index
- https://bugs.webkit.org/show_bug.cgi?id=76018
- <rdar://problem/10671979>
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
-
-2012-01-10 Filip Pizlo <fpizlo@apple.com>
-
- CodeBlock.h declares too many things
- https://bugs.webkit.org/show_bug.cgi?id=76001
-
- Rubber stamped by Gavin Barraclough.
-
- Removed all non-CodeBlock type declarations from CodeBlock.h, and put them
- into separate header files. Also removed all non-CodeBlock method implementations
- from CodeBlock.cpp and put them into corresponding cpp files.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * assembler/RepatchBuffer.h:
- * bytecode/CallLinkInfo.cpp: Added.
- (JSC::CallLinkInfo::unlink):
- * bytecode/CallLinkInfo.h: Added.
- (JSC::CallLinkInfo::callTypeFor):
- (JSC::CallLinkInfo::CallLinkInfo):
- (JSC::CallLinkInfo::~CallLinkInfo):
- (JSC::CallLinkInfo::isLinked):
- (JSC::CallLinkInfo::seenOnce):
- (JSC::CallLinkInfo::setSeen):
- (JSC::getCallLinkInfoReturnLocation):
- (JSC::getCallLinkInfoBytecodeIndex):
- * bytecode/CallReturnOffsetToBytecodeOffset.h: Added.
- (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset):
- (JSC::getCallReturnOffset):
- * bytecode/CodeBlock.cpp:
- * bytecode/CodeBlock.h:
- * bytecode/CodeType.h: Added.
- * bytecode/ExpressionRangeInfo.h: Added.
- * bytecode/GlobalResolveInfo.h: Added.
- (JSC::GlobalResolveInfo::GlobalResolveInfo):
- * bytecode/HandlerInfo.h: Added.
- * bytecode/LineInfo.h: Added.
- * bytecode/MethodCallLinkInfo.cpp: Added.
- (JSC::MethodCallLinkInfo::reset):
- * bytecode/MethodCallLinkInfo.h: Added.
- (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
- (JSC::MethodCallLinkInfo::seenOnce):
- (JSC::MethodCallLinkInfo::setSeen):
- (JSC::getMethodCallLinkInfoReturnLocation):
- (JSC::getMethodCallLinkInfoBytecodeIndex):
- * bytecode/StructureStubInfo.h:
- (JSC::getStructureStubInfoReturnLocation):
- (JSC::getStructureStubInfoBytecodeIndex):
-
-2012-01-10 Anders Carlsson <andersca@apple.com>
-
- Hang opening movie that requires authentication
- https://bugs.webkit.org/show_bug.cgi?id=75989
- <rdar://problem/9601915>
-
- Reviewed by Sam Weinig.
-
- * wtf/Functional.h:
- Add function wrapper for a function that takes three parameters.
-
-2012-01-10 Filip Pizlo <fpizlo@apple.com>
-
- CodeBlock::m_numParameters should be encapsulated
- https://bugs.webkit.org/show_bug.cgi?id=75985
- <rdar://problem/10671020>
-
- Reviewed by Oliver Hunt.
-
- Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
- into it. This appears to be performance neutral.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::setNumParameters):
- (JSC::CodeBlock::addParameter):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::numParameters):
- (JSC::CodeBlock::addressOfNumParameters):
- (JSC::CodeBlock::offsetOfNumParameters):
- (JSC::CodeBlock::numberOfArgumentValueProfiles):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- (JSC::BytecodeGenerator::addParameter):
- (JSC::BytecodeGenerator::emitReturn):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::AbstractState):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGOperations.cpp:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::slideRegisterWindowForCall):
- (JSC::Interpreter::dumpRegisters):
- (JSC::Interpreter::execute):
- (JSC::Interpreter::prepareForRepeatCall):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JITStubs.cpp:
- (JSC::arityCheckFor):
- (JSC::lazyLinkFor):
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
-
-2012-01-10 Gavin Barraclough <barraclough@apple.com>
-
- Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935
-
- Fix 32-bit builds.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertyNames):
- (JSC::JSArray::setLength):
-
-2012-01-10 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-10 Gavin Barraclough <barraclough@apple.com>
-
- Do not allow Array length to be set if it is non-configurable
- https://bugs.webkit.org/show_bug.cgi?id=75935
-
- Reviewed by Sam Weinig.
-
- Do not allow Array length to be set if it is non-configurable, and if the new
- length is less than the old length then intervening properties should removed
- in reverse order. Removal of properties should cease if an intervening indexed
- property being removed is non-configurable.
-
- * JavaScriptCore.exp:
- - Removed export for setLength.
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncConcat):
- - JSArray::setLength now takes an ExecState*
- (JSC::arrayProtoFuncSlice):
- - JSArray::setLength now takes an ExecState*
- * runtime/JSArray.cpp:
- (JSC::JSArray::defineOwnProperty):
- - JSArray::setLength now takes an ExecState*
- (JSC::JSArray::put):
- - JSArray::setLength now takes an ExecState*
- (JSC::compareKeysForQSort):
- - Keys extracted from the map can be stored as unsigneds.
- (JSC::JSArray::getOwnPropertyNames):
- - Keys extracted from the map can be stored as unsigneds.
- (JSC::JSArray::setLength):
- - Check lengthIsReadOnly(), rather than copying the entire map to iterate
- over to determine which keys to remove, instead just copy the keys from
- the map to a Vector. When inSparseMode sort the keys in the Vector so
- that we can remove properties in reverse order.
- * runtime/JSArray.h:
- - JSArray::setLength now takes an ExecState*
-
-2012-01-10 Gavin Barraclough <barraclough@apple.com>
-
- Use SameValue to compare property descriptor values
- https://bugs.webkit.org/show_bug.cgi?id=75975
-
- Reviewed by Sam Weinig.
-
- Rather than strictEqual.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::defineOwnNumericProperty):
- - Missing configurablePresent() check.
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineOwnProperty):
- - call sameValue.
- * runtime/PropertyDescriptor.cpp:
- (JSC::sameValue):
- - Moved from JSArray.cpp, fix NaN comparison.
- (JSC::PropertyDescriptor::equalTo):
- - call sameValue.
- * runtime/PropertyDescriptor.h:
- - Added declaration for sameValue.
-2012-01-09 Gavin Barraclough <barraclough@apple.com>
-
- Error handling : in ISO8601 timezone
- https://bugs.webkit.org/show_bug.cgi?id=75919
-
- Reviewed by Sam Weinig.
-
- * wtf/DateMath.cpp:
- (WTF::parseDateFromNullTerminatedCharacters):
- - need to increment the string position.
-
-2012-01-09 Mark Rowe <mrowe@apple.com>
-
- JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target
- <http://webkit.org/b/75907> / <rdar://problem/10659862>
-
- We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit
- dependencies prevent this.
-
- Reviewed by Dan Bernstein.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-01-09 Adam Treat <atreat@rim.com>
-
- Log is a little to verbose for blackberry port
- https://bugs.webkit.org/show_bug.cgi?id=75728
-
- The BlackBerry::Platform::Log* functions take care of the call to vfprintf
- which is resulting in unintentional noise in our logs. Add a conditional
- directive to fix.
-
- Change to using BlackBerry::Platform::logStreamV which does not insert
- threading info and newlines unlike BlackBerry::Platform::log.
-
- Finally, add log locking and unlocking which the BlackBerry platform
- uses to ensure that N threads do not trample on each other's logs.
-
- Reviewed by Rob Buis.
-
- * wtf/Assertions.cpp:
- (WTFLogLocker::WTFReportAssertionFailure):
- (WTFLogLocker::WTFReportAssertionFailureWithMessage):
- (WTFLogLocker::WTFReportArgumentAssertionFailure):
- (WTFLogLocker::WTFReportFatalError):
- (WTFLogLocker::WTFReportError):
- (WTFLogLocker::WTFLog):
- (WTFLogLocker::WTFLogVerbose):
-
-2012-01-09 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75789
- defineOwnProperty not implemented for Array objects
-
- Reviewed by Sam Weinig.
-
- Implements support for getter/setter & non-default attribute properties on arrays,
- by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
- test failures.
-
- * JavaScriptCore.exp:
- - Updated exports.
- * dfg/DFGOperations.cpp:
- - JSArray::pop now requires an exec state.
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncPop):
- - JSArray::pop now requires an exec state.
- * runtime/JSArray.cpp:
- (JSC::SparseArrayValueMap::add):
- - Add a potentially empty entry into the map.
- (JSC::SparseArrayValueMap::put):
- - Changed to call setter.
- (JSC::SparseArrayEntry::get):
- - calls getters.
- (JSC::SparseArrayEntry::getNonSparseMode):
- - does not call getters.
- (JSC::JSArray::enterSparseMode):
- - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
- (JSC::JSArray::putDescriptor):
- - Create a numeric property based on a descriptor.
- (JSC::sameValue):
- - See ES5.1 9.12.
- (JSC::reject):
- - Helper for the [[DefineOwnProperty]] algorithm.
- (JSC::JSArray::defineOwnNumericProperty):
- - Define an indexed property on an array object.
- (JSC::JSArray::setLengthWritable):
- - Marks the length read-only, enters SparseMode as necessary.
- (JSC::JSArray::defineOwnProperty):
- - Defines either an indexed property or 'length' on an array object.
- (JSC::JSArray::getOwnPropertySlotByIndex):
- - Updated to correctly handle accessor descriptors & attributes.
- (JSC::JSArray::getOwnPropertyDescriptor):
- - Updated to correctly handle accessor descriptors & attributes.
- (JSC::JSArray::put):
- - Pass strict mode flag to setLength.
- (JSC::JSArray::putByIndex):
- - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
- (JSC::JSArray::putByIndexBeyondVectorLength):
- - Pass exec to SparseArrayValueMap::put.
- (JSC::JSArray::deletePropertyByIndex):
- - Do not allow deletion of non-configurable properties.
- (JSC::compareKeysForQSort):
- - used in implementation of getOwnPropertyNames.
- (JSC::JSArray::getOwnPropertyNames):
- - Properties in the sparse map should be iterated in order.
- (JSC::JSArray::setLength):
- - Updated to take a 'shouldThrow' flag, return a result indicating error.
- (JSC::JSArray::pop):
- - pop should throw an error if length is not writable, even if the array is empty.
- (JSC::JSArray::push):
- - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
- (JSC::JSArray::sort):
- - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
- (JSC::JSArray::compactForSorting):
- - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
- * runtime/JSArray.h:
- (JSC::SparseArrayValueMap::lengthIsReadOnly):
- - Check if the length is read only.
- (JSC::SparseArrayValueMap::setLengthIsReadOnly):
- - Mark the length as read only.
- (JSC::SparseArrayValueMap::find):
- - Moved into header.
- (JSC::JSArray::isLengthWritable):
- - Wraps SparseArrayValueMap::lengthIsReadOnly.
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineOwnProperty):
- - Should be returning the result of putDescriptor.
- * runtime/PropertyDescriptor.cpp:
- (JSC::PropertyDescriptor::attributesOverridingCurrent):
- - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
- * runtime/PropertyDescriptor.h:
- - Added attributesOverridingCurrent.
-
-2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
-
- There is no support for fastcall in Solaris Studio.
- Fixes build on Solaris.
- https://bugs.webkit.org/show_bug.cgi?id=75736
-
- Reviewed by Gavin Barraclough.
-
- * jit/JITStubs.h:
-
-2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
-
- Fix build failure on Solaris
- https://bugs.webkit.org/show_bug.cgi?id=75733
-
- Reviewed by Gavin Barraclough.
-
- * wtf/ByteArray.h:
-
-2012-01-01 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [CMake] Clean up some cruft from WTF's CMakeLists.txt
- https://bugs.webkit.org/show_bug.cgi?id=75420
-
- Reviewed by Daniel Bates.
-
- * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add
- all needed paths to WTF_INCLUDE_DIRECTORIES in a single place.
-
-2012-01-08 Xianzhu Wang <wangxianzhu@chromium.org>
-
- Fix compilation error about ListHashSetReverseIterator
- https://bugs.webkit.org/show_bug.cgi?id=75372
-
- Reviewed by Darin Adler.
-
- There is a typo in class ListHashSetReverseIterator:
- typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
- Should be
- typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
-
- * wtf/ListHashSet.h:
-
-2012-01-08 Ryosuke Niwa <rniwa@webkit.org>
-
- WinCE build fix after r104415.
-
- * jit/JITExceptions.cpp:
- * jit/JITExceptions.h:
-
-2012-01-08 Filip Pizlo <fpizlo@apple.com>
-
- The JIT's protocol for exception handling should be available to other parts of the system
- https://bugs.webkit.org/show_bug.cgi?id=75808
- <rdar://problem/10661025>
-
- Reviewed by Oliver Hunt.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * jit/JITExceptions.cpp: Added.
- (JSC::genericThrow):
- (JSC::jitThrow):
- * jit/JITExceptions.h: Added.
- * jit/JITStubs.cpp:
- * runtime/JSGlobalData.h:
-
-2012-01-06 Hajime Morrita <morrita@chromium.org>
-
- https://bugs.webkit.org/show_bug.cgi?id=75296
- JSString should not have JS_EXPORTCLASS annotation
-
- Reviewed by Kevin Ollivier.
-
- * runtime/JSString.h: Removed JS_EXPORTCLASS annotation.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- Added missing symbols which were hidden by JS_EXPORTCLASS.
-
-2012-01-06 Michael Saboff <msaboff@apple.com>
-
- JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound()
- https://bugs.webkit.org/show_bug.cgi?id=75757
-
- Reviewed by Gavin Barraclough.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::pop): Changed map->end() to map->notFound().
-
-2012-01-06 Filip Pizlo <fpizlo@apple.com>
-
- JIT stub slow paths that would be identical to that of an interpreter should be factored out
- https://bugs.webkit.org/show_bug.cgi?id=75743
- <rdar://problem/10657024>
-
- Reviewed by Geoff Garen.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/CommonSlowPaths.h: Added.
- (JSC::CommonSlowPaths::opInstanceOfSlow):
- (JSC::CommonSlowPaths::opIn):
- (JSC::CommonSlowPaths::opResolve):
- (JSC::CommonSlowPaths::opResolveSkip):
- (JSC::CommonSlowPaths::opResolveWithBase):
- (JSC::CommonSlowPaths::opResolveWithThis):
-
-2012-01-06 Sam Weinig <sam@webkit.org>
-
- Fix windows build.
-
- * wtf/TypeTraits.cpp:
-
-2012-01-05 Michael Saboff <msaboff@apple.com>
-
- Default HashTraits for Opcode don't work for Opcode = 0
- https://bugs.webkit.org/show_bug.cgi?id=75595
-
- Reviewed by Oliver Hunt.
-
- Removed the populating of the m_opcodeIDTable table in the
- case where the OpcodeID and Opcode are the same (m_enabled is false).
- Instead we just cast the one type to the other.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::initialize):
- (JSC::Interpreter::isOpcode):
- * interpreter/Interpreter.h:
- (JSC::Interpreter::getOpcodeID):
-
-2012-01-06 Sam Weinig <sam@webkit.org>
-
- Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr
- https://bugs.webkit.org/show_bug.cgi?id=75737
-
- Reviewed by Anders Carlsson.
-
- * wtf/TypeTraits.cpp:
- * wtf/TypeTraits.h:
- Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray
- is composed of some helpers which are also exposed, Conditional<>, which
- can provide one type or another based on a boolean predicate, IsArray<>
- which can deduce array types, and RemoveExtent<>, which removes the extent
- from an array type.
-
-2012-01-06 Oliver Hunt <oliver@apple.com>
-
- GetByteArrayLength is incorrect
- https://bugs.webkit.org/show_bug.cgi?id=75735
-
- Reviewed by Filip Pizlo.
-
- Load the byte array length from the correct location.
- This stops an existing test from hanging.
-
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
-
-2012-01-06 Filip Pizlo <fpizlo@apple.com>
-
- Fix build.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-01-06 Oliver Hunt <oliver@apple.com>
-
- DFG no longer optimises CanvasPixelArray
- https://bugs.webkit.org/show_bug.cgi?id=75729
-
- Reviewed by Gavin Barraclough.
-
- Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match
- the future name when we switch over to the new typed-array based
- ImageData specification.
-
- * runtime/JSByteArray.cpp:
-
-2012-01-06 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
-
- Use HashMap<OwnPtr> for SourceProviderCache items
- https://bugs.webkit.org/show_bug.cgi?id=75346
-
- Reviewed by Daniel Bates.
-
- * parser/Parser.cpp:
- * parser/SourceProviderCache.cpp:
- (JSC::SourceProviderCache::clear):
- (JSC::SourceProviderCache::add):
- * parser/SourceProviderCache.h:
-
-2012-01-06 Sam Weinig <sam@webkit.org>
-
- Remove unused OwnFastMallocPtr class.
- https://bugs.webkit.org/show_bug.cgi?id=75722
-
- Reviewed by Geoffrey Garen.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- * wtf/OwnFastMallocPtr.h: Removed.
- * wtf/text/StringImpl.h:
- * wtf/wtf.pro:
-
-2012-01-06 Benjamin Poulain <bpoulain@webkit.org>
-
- [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates
- https://bugs.webkit.org/show_bug.cgi?id=75631
-
- Reviewed by Andreas Kling.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-01-06 Eric Seidel <eric@webkit.org> and Gustavo Noronha Silva <gustavo.noronha@collabora.com>
-
- Make the new WTF module build on Gtk
- https://bugs.webkit.org/show_bug.cgi?id=75669
-
- * GNUmakefile.am:
-
-2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- [Qt] Remove un-needed VPATHs from project includes
-
- Reviewed by Simon Hausmann.
-
- * JavaScriptCore.pri:
- * wtf/wtf.pri:
-
-2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- [Qt] Move listing of include paths and libs to pri files in sources
-
- Includepaths are sometimes modified by non-Qt contributors so keeping
- them in files inside Sources makes it more likely that they are updated
- along with project files for the other ports.
-
- Using pri files instead of prf files for this also has the benefit that
- the include() from the main target file can be parsed and followed by
- Qt Creator -- something that does not work with load().
-
- Dependency from a target to a library through the WEBKIT variable are
- handled through forwarding-files in Tools/qmake/mkspecs/modules, which
- set the source root of the module and include the right pri file.
-
- Ideally we'd use the variant of include() that takes an optional
- namespace to read the variables into, or the fromfile() function,
- but both of these add an overhead of about 40% on the total qmake
- runtime, due to making a deep copy of all the variables in the
- project or re-reading all the prf files from scratch.
-
- Reviewed by Simon Hausmann.
- Reviewed by Ossy.
-
- * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf.
- * Target.pri:
- * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf.
- * wtf/wtf.pro:
-
-2012-01-06 Hajime Morrita <morrita@chromium.org>
-
- WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE
- https://bugs.webkit.org/show_bug.cgi?id=75612
-
- Reviewed by Kevin Ollivier.
-
- * wtf/text/WTFString.h:
- (WTF::String::findIgnoringCase):
- (WTF::String::append):
- (WTF::String::fromUTF8):
- (WTF::String::fromUTF8WithLatin1Fallback):
- (WTF::String::isHashTableDeletedValue):
-
-2012-01-05 Dan Bernstein <mitz@apple.com>
-
- <rdar://problem/10633760> Update copyright strings
-
- Reviewed by Mark Rowe.
-
- * Info.plist:
-
-2012-01-05 Gavin Barraclough <barraclough@apple.com>
-
- Date constructor handles infinite values incorrectly.
- https://bugs.webkit.org/show_bug.cgi?id=70998
-
- Reviewed by Filip Pizlo.
-
- * runtime/DateConstructor.cpp:
- (JSC::constructDate):
- - should be checking !finite rather then isnan.
-
-2012-01-05 Gavin Barraclough <barraclough@apple.com>
-
- date.toISOString produces incorrect results for dates with ms prior to 1970
- https://bugs.webkit.org/show_bug.cgi?id=75684
-
- Reviewed by Sam Weinig.
-
- * runtime/DatePrototype.cpp:
- (JSC::dateProtoFuncToISOString):
-
-2012-01-05 Gavin Barraclough <barraclough@apple.com>
-
- Array.prototype.lastIndexOf ignores undefined fromIndex.
- https://bugs.webkit.org/show_bug.cgi?id=75678
-
- Reviewed by Sam Weinig.
-
- array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x)
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncLastIndexOf):
- - should check argumnet count, rather than checking agument value for undefined.
-
-2012-01-05 Gavin Barraclough <barraclough@apple.com>
-
- Date parsing is too restrictive.
- https://bugs.webkit.org/show_bug.cgi?id=75671
-
- Reviewed by Oliver Hunt.
-
- ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15).
- The spec allow a date to be date only, or date + time.
-
- The date portion on the should match: (pseudocode!:)
- [(+|-)YY]YYYY[-MM[-DD]]
- though we are slightly more liberal (permitted by the spec), allowing:
- [+|-]Y+[-MM[-DD]]
- The time portion should match:
- THH:mm[:ss[.sss]][Z|(+|-)HH:mm]
- again we're slightly more liberal, allowing:
- THH:mm[:ss[.s+]][Z|(+|-)HH:mm]
-
- * wtf/DateMath.cpp:
- (WTF::parseES5DatePortion):
- - Month/day fields are optional, default to 01.
- (WTF::parseES5TimePortion):
- - Hours/Minutes are requires, seconds/timezone are optional.
- (WTF::parseES5DateFromNullTerminatedCharacters):
- - Dates may be date only, or date + time.
-
-2012-01-05 Bruno Dilly <bdilly@profusion.mobi>
-
- [EFL] Undefined references to ICU_I18N symbols on WTF
- https://bugs.webkit.org/show_bug.cgi?id=75642
-
- Unreviewed build fix.
-
- Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake.
- Some undefined references were ucol_setAttribute_44, ucol_close_44,
- ucol_getAttribute_44...
-
- * wtf/PlatformEfl.cmake:
-
-2012-01-05 Geoffrey Garen <ggaren@apple.com>
-
- Refined the fast path for StringImpl::hash()
- https://bugs.webkit.org/show_bug.cgi?id=75178
-
- Reviewed by Darin Adler.
-
- Moved the hash calculation code into an out-of-line function to clean up
- the hot path.
-
- No measurable benchmark change, but this knocks some samples off in
- Instruments, and I think this is a step toward removing -fomit-frame-pointer.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::hashSlowCase):
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::hash): The patch.
-
- * wtf/text/StringStatics.cpp:
- (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build
- scheme, which requires all out-of-line StringImpl functions used by
- WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.)
-
-2012-01-05 Gavin Barraclough <barraclough@apple.com>
-
- Literal tab in JSONString fails
- https://bugs.webkit.org/show_bug.cgi?id=71772
-
- Reviewed by Oliver Hunt.
-
- rfc4627 does not allow literal tab characters in JSON source.
-
- * runtime/LiteralParser.cpp:
- (JSC::isSafeStringCharacter):
- - do not allow literal tab in StrictJSON mode.
-
-2012-01-05 Gavin Barraclough <barraclough@apple.com>
-
- push/shift fifo may consume excessive memory
- https://bugs.webkit.org/show_bug.cgi?id=75610
-
- Reviewed by Sam Weinig.
-
- Array object commonly store data in a vector, consisting of a portion that is
- in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
- m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
- the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
- never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
- amount of memory, whilst having a relatively small active length.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::increaseVectorLength):
- - If m_indexBias is non-zero, decay it over time.
-
-2012-01-05 Csaba Osztrogonác <ossy@webkit.org>
-
- unshift/pop fifo may consume excessive memory
- https://bugs.webkit.org/show_bug.cgi?id=75588
-
- Reviewed by Zoltan Herczeg.
-
- Buildfix after r104120.
-
- * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true
- (JSC::JSArray::unshiftCount):
-
-2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
-
- Unreviewed gardening after r104134.
-
- * wtf/Assertions.cpp:
-
-2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
-
- Unreviewed gardening after r75605.
-
- Rubber stamped by NOBODY Csaba Osztrogonác.
-
- * wtf/Assertions.cpp:
-
-2012-01-05 Benjamin Poulain <benjamin@webkit.org>
-
- Improve charactersAreAllASCII() to compare multiple characters at a time
- https://bugs.webkit.org/show_bug.cgi?id=74063
-
- Reviewed by Darin Adler.
-
- A new header ASCIIFastPath.h contains the functions related to
- the detection of ASCII by using machine words. Part of it comes from
- WebCore's TextCodecASCIIFastPath.h.
-
- The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h
- and is implemented with computer word comparison.
- The gain over the previous implementation of charactersAreAllASCII() is of
- the order of how many comparison are avoided (4x, 8x, 16x depending on the
- format and the CPU type).
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/text/ASCIIFastPath.h: Added.
- (WTF::isAlignedToMachineWord):
- (WTF::alignToMachineWord):
- (WTF::isAllASCII):
- (WTF::charactersAreAllASCII):
- * wtf/text/WTFString.h:
- * wtf/wtf.pro:
-
-2012-01-05 Mark Rowe <mrowe@apple.com>
-
- <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
-
- We should always log to both ASL and stderr on platforms where this won't result in launchd
- duplicating the messages.
-
- Reviewed by Dan Bernstein.
-
- * wtf/Assertions.cpp:
- (vprintf_stderr_common):
-
-2012-01-05 Mark Rowe <mrowe@apple.com>
-
- <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line
-
- Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a
- single line of text. This results in strangely formatted output if vprintf_stderr_common is
- retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented
- like stderr.
-
- Reviewed by Dan Bernstein.
-
- * wtf/Assertions.cpp:
- (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format
- string before handing it off to vprintf_stderr_common. This requires disabling warnings about
- calling a printf-like function with a non-literal format string for this piece of code. It's
- safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix.
- (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the
- given format string if one does not already exist. It requires the same treatment with regards
- to the non-literal format string warning.
- (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix.
- (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common.
- (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix.
- (WTFReportError): Ditto.
- (WTFLog): Switch to using vprintf_stderr_with_trailing_newline.
- (WTFLogVerbose): Ditto.
-
-2012-01-04 Gavin Barraclough <barraclough@apple.com>
-
- unshift/pop fifo may consume excessive memory
- https://bugs.webkit.org/show_bug.cgi?id=75588
-
- Reviewed by Sam Weinig.
-
- The Array object commonly store data in a vector, consisting of a portion that
- is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
- m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
- current algorithm for increasePrefixVectorLength (used by unshift) will never
- stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
- of memory, whilst having a relatively small active length.
-
- * runtime/JSArray.cpp:
- (JSC::storageSize):
- - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
- (JSC::SparseArrayValueMap::put):
- - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
- (JSC::JSArray::increaseVectorLength):
- - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
- (JSC::JSArray::unshiftCountSlowCase):
- - renamed from increaseVectorPrefixLength (this was a bad name, since it
- also moved the ArrayStorage header), rewritten.
- (JSC::JSArray::shiftCount):
- - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
- (JSC::JSArray::unshiftCount):
- - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
- increaseVectorPrefixLength renamed to unshiftCountSlowCase
- (JSC::JSArray::sortNumeric):
- * runtime/JSArray.h:
- - Updated function declarations, m_indexBias should be unsigned.
-
-2012-01-04 Mark Rowe <mrowe@apple.com>
-
- <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments
-
- Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
- to ensure that the correct destructor is invoked. This is necessary because
- JSCell subclasses all intentionally have non-virtual destructors.
-
- Reviewed by Filip Pizlo.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::destroy):
- * runtime/Arguments.h:
-
-2012-01-04 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, accidentally turned off the JIT in previous commit. Turning
- it back on.
-
- * wtf/Platform.h:
-
-2012-01-04 Filip Pizlo <fpizlo@apple.com>
-
- Changed "return" to "break" in some macrology I introduced in
- http://trac.webkit.org/changeset/104086. This is a benign change, as
- "return" was technically correct for all uses of the macro.
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGGraph.cpp:
- * wtf/Platform.h:
-
-2012-01-04 Michael Saboff <msaboff@apple.com>
-
- StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset
- https://bugs.webkit.org/show_bug.cgi?id=75583
-
- Reviewed by Filip Pizlo.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding
- StructureStubInfo and reset the appropriate JIT and
- the StructureStubInfo itself when reseting a MethodCallLinkInfo.
-
-2012-01-04 Michael Saboff <msaboff@apple.com>
-
- Invalid ASSERT() in DFGRepatch.cpp near line 385
- https://bugs.webkit.org/show_bug.cgi?id=75584
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==.
-
-2012-01-04 Filip Pizlo <fpizlo@apple.com>
-
- Incorrect use of DFG node reference counts when mutating the graph
- https://bugs.webkit.org/show_bug.cgi?id=75580
- <rdar://problem/10644607>
-
- Reviewed by Oliver Hunt.
-
- Made deref(node) follow the pattern of ref(node), which it should have
- to begin with.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::refChildren):
- (JSC::DFG::Graph::derefChildren):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::deref):
- (JSC::DFG::Graph::clearAndDerefChild1):
- (JSC::DFG::Graph::clearAndDerefChild2):
- (JSC::DFG::Graph::clearAndDerefChild3):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::deref):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixupNode):
-
-2012-01-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies
-
- The custom qmake variable 'WEBKIT' is used for signaling that a
- target depends in some way on other subproject of the WebKit
- project. For now this is limited to the set of intermediate
- libraries: wtf, javascriptcore, webcore, and webkit2.
-
- This replaces the previous convension of using load(foo) for
- just include paths, and CONFIG += foo to also link against foo.
-
- Adding a dependency results in additional include paths being
- available, and potentially linking to the library. This is
- decided by the build system based on conditions such as what
- kind of target is being built and the general build config.
-
- An advantage to his approach is that it simplifies the individual
- foo.prf files, for example by allowing us to use INCLUDEPATH +=
- and LIBS += as normal instead of prepending.
-
- Reviewed by Simon Hausmann.
-
- * Target.pri:
- * jsc.pro:
- * wtf/wtf.pro:
-
-2012-01-03 Filip Pizlo <fpizlo@apple.com>
-
- DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong
- https://bugs.webkit.org/show_bug.cgi?id=75516
- <rdar://problem/10640266>
-
- Reviewed by Gavin Barraclough.
-
- Removed the offending assertion, since it was wrong. Also hardened the code to make
- this case less likely by first having the propagator fixpoint converge, and then doing
- double voting combined with a second fixpoint. This is neutral on benchmarks and
- fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double
- until we've converged to the conclusion that it really is double).
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagatePredictions):
* dfg/DFGVariableAccessData.h:
- (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
-
-2012-01-03 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds
- https://bugs.webkit.org/show_bug.cgi?id=75303
- <rdar://problem/10633533>
-
- Reviewed by Gavin Barraclough.
-
- The this argument was not being kept alive in some cases during inlining and intrinsic
- optimizations.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::emitFunctionCheck):
- (JSC::DFG::ByteCodeParser::handleInlining):
-
-2012-01-03 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-03 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-03 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75140
-
- Reviewed by Sam Weinig.
-
- Rewrite JSArray::putSlowCase to be much cleaner & simpler.
-
- This rewrite only significantly changes behaviour for sparse array, specifically
- in how sparse arrays are reified back to vector form. This does not affect arrays
- with less than 10000 entries (since these always use a vector). The more common
- cases of sparse array behavior (though large sparse arrays are rare) - arrays that
- always remain sparse, and arrays that are filled in reverse sequential order -
- should be just as fast or faster (since reification is simpler & no longer
- requires map lookups) after these changes.
-
- Simplifying this code allows all cases of putByIndex that need to grow the vector
- to do so via increaseVectorLength, which means that this method can encapsulate
- the policy of determining how the vector should be grown.
-
- No performance impact.
-
- * runtime/JSArray.cpp:
- (JSC::isDenseEnoughForVector):
- - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
- (JSC::JSArray::putByIndex):
- - simplify & comment.
- (JSC::JSArray::putByIndexBeyondVectorLength):
- - Re-written to be much clearer & simpler.
- (JSC::JSArray::increaseVectorLength):
- (JSC::JSArray::increaseVectorPrefixLength):
- - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
- (JSC::JSArray::push):
- - simplify & comment.
- * runtime/JSArray.h:
- - removed SparseArrayValueMap::take.
-
-2012-01-03 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-03 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75140
-
- Reviewed by Sam Weinig.
-
- Simplify JSArray creation - remove ArgsList/JSValue* create methods
- (this functionality can be implemented in terms of tryCreateUninitialized).
-
- * JavaScriptCore.exp:
- * runtime/ArrayConstructor.cpp:
- - use constructArray/constructEmptyArray instead of calling JSArray::create directly
- (JSC::constructArrayWithSizeQuirk):
- * runtime/JSArray.cpp:
- * runtime/JSArray.h:
- - removed ArgsList/JSValue* create methods
- * runtime/JSGlobalObject.h:
- (JSC::constructEmptyArray):
- (JSC::constructArray):
- - changed to be implemented in terms of JSArray::tryCreateUninitialized
-
-2012-01-03 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75429
- ThrowTypeError should be a singleton object
-
- Reviewed by Sam Weinig.
-
- Per section 13.2.3 of the spec.
- We could change setAccessorDescriptor to be able to share the global
- GetterSetter object, rather than storing the accessor functions and
- creating a new GetterSetter in defineProperty - but this won't be a
- small change to PropertyDescriptors (and would probably mean making
- GetterSetter objects immutable?) - so I'll leave that for another
- patch.
-
- * JavaScriptCore.exp:
- - don't export setAccessorDescriptor
- * runtime/Arguments.cpp:
- (JSC::Arguments::createStrictModeCallerIfNecessary):
- (JSC::Arguments::createStrictModeCalleeIfNecessary):
- - call throwTypeErrorGetterSetter instead of createTypeErrorFunction
- * runtime/Error.cpp:
- * runtime/Error.h:
- - remove createTypeErrorFunction
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
- - remove unused createDescriptorForThrowingProperty
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::visitChildren):
- - removed m_strictModeTypeErrorFunctionStructure.
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::internalFunctionStructure):
- - removed m_strictModeTypeErrorFunctionStructure.
- * runtime/PropertyDescriptor.cpp:
- (JSC::PropertyDescriptor::setAccessorDescriptor):
- - changed to take a GetterSetter
- * runtime/PropertyDescriptor.h:
- - changed to take a GetterSetter
-
-2012-01-02 Gavin Barraclough <barraclough@apple.com>
-
- Check in fixes for jsc tests following bug #75455.
-
- * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
- * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js:
-
-2012-01-02 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75452
- If argument to Error is undefined, message is not set
-
- Reviewed by Sam Weinig.
-
- Per section 15.11.1.1 of the spec.
-
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::create):
- (JSC::ErrorInstance::finishCreation):
-
-2012-01-02 Gavin Barraclough <barraclough@apple.com>
-
- ES5 prohibits parseInt from supporting octal
- https://bugs.webkit.org/show_bug.cgi?id=75455
-
- Reviewed by Sam Weinig.
-
- See sections 15.1.2.2 and annex E.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::parseInt):
-
-2012-01-02 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=55343
- Global JSON should be configurable but isn't
-
- Reviewed by Sam Weinig.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- - make JSON configurable
-
-2012-01-01 Filip Pizlo <fpizlo@apple.com>
-
- Call instructions should leave room for linking information
- https://bugs.webkit.org/show_bug.cgi?id=75422
- <rdar://problem/10633985>
-
- Reviewed by Oliver Hunt.
-
- * bytecode/Opcode.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitConstruct):
-
-2011-12-31 Dan Bernstein <mitz@apple.com>
-
- Continue trying to fix the Windows build after r103823.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-12-31 Dan Bernstein <mitz@apple.com>
-
- Start trying to fix the Windows build after r103823.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-12-30 Anders Carlsson <andersca@apple.com>
-
- Add a ParamStorageTraits specialization for RetainPtr
- https://bugs.webkit.org/show_bug.cgi?id=75392
-
- Reviewed by Daniel Bates.
-
- * wtf/Functional.h:
- Add a partial specialization of ParamStorageTraits for RetainPtr<T>.
-
- * wtf/RetainPtr.h:
- Bring in the retainPtr function template from WTF.
-
-2011-12-29 Sam Weinig <sam@webkit.org>
-
- It should be easier to iterate a Vector backwards
- https://bugs.webkit.org/show_bug.cgi?id=75359
-
- Reviewed by Anders Carlsson.
-
- Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(),
- a new proxy driven way to access a vector backwards. One can use
- reversed() in a range-based for loop like so:
-
- for (auto val: myVector.reversed())
- doSomething(val)
-
- * wtf/Vector.h:
- (WTF::Vector::~Vector):
- Fix style.
-
- (WTF::Vector::rbegin):
- (WTF::Vector::rend):
- Added using standard adaptor std::reverse_iterator.
-
- (WTF::Vector::reversed):
- (WTF::Vector::VectorReverseProxy::begin):
- (WTF::Vector::VectorReverseProxy::end):
- Add proxy similar to one used in HashMap for keys() and values()
- which allows access to a Vector backwards for use in range-based
- for loops.
-
-2011-12-29 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75140
-
- Reviewed by Oliver Hunt.
-
- Start cleaning up JSArray construction. JSArray has a set of create methods,
- one of which (currently) takes a 'creation mode' enum parameter. Based on that
- parameter, the constructor does one of two completely different things. If the
- parameter is 'CreateInitialized' it creates an array, setting the length, but
- does not eagerly allocate a storage vector of the specified length. A small
- (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
- access to the vector will read the hole value (return undefined). The alternate
- usage of this method ('CreateCompact') does something very different. It tries
- to create an array of the requested length, and also allocates a storage vector
- large enough to hold all properties. It does not clear the storage vector,
- leaving the memory uninitialized and requiring the user to call a method
- 'uncheckedSetIndex' to initialize values in the vector.
-
- This patch factors out these two behaviours, moving the 'CreateCompact' mode
- into its own method, 'tryCreateUninitialized' (matching the naming for this
- functionality in the string classes). 'tryCreateUninitialized' may return 0 if
- memory allocation fails during construction of the object. The construction
- pattern changes such that values added during initialization will be marked if
- a GC is triggered during array allocation. 'CreateInitialized' no longer need
- be passed to create a normal, fully constructed array with a length, and this
- method is merged with the version of 'create' that does not take an initial
- length (length parameter defaults to 0).
-
- * JavaScriptCore.exp:
- * runtime/ArrayConstructor.cpp:
- (JSC::constructArrayWithSizeQuirk):
- - removed 'CreateInitialized' argument
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncSplice):
- - changed to call 'tryCreateUninitialized'
- * runtime/FunctionPrototype.cpp:
- (JSC::functionProtoFuncBind):
- - changed to call 'tryCreateUninitialized'
- * runtime/JSArray.cpp:
- (JSC::JSArray::JSArray):
- - initialize m_storage to null; if construction fails, make destruction safe
- (JSC::JSArray::finishCreation):
- - merge versions of this method, takes an initialLength parameter defaulting to zero
- (JSC::JSArray::tryFinishCreationUninitialized):
- - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
- (JSC::JSArray::~JSArray):
- - check for null m_storage, in case array construction failed.
- (JSC::JSArray::increaseVectorPrefixLength):
- * runtime/JSArray.h:
- (JSC::JSArray::create):
- - merge versions of this method, takes an initialLength parameter defaulting to zero
- (JSC::JSArray::tryCreateUninitialized):
- - version of 'create' that tries to eagerly allocate storage; may fail & return 0
- (JSC::JSArray::initializeIndex):
- (JSC::JSArray::completeInitialization):
- - used in conjunction with 'tryCreateUninitialized' to initialize the array
- * runtime/JSGlobalObject.h:
- (JSC::constructEmptyArray):
- - removed 'CreateInitialized' argument
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpMatchesArray::finishCreation):
- - removed 'CreateInitialized' argument
-
-2011-12-29 Anders Carlsson <andersca@apple.com>
-
- Add a retainPtr function template
- https://bugs.webkit.org/show_bug.cgi?id=75365
-
- Reviewed by Dan Bernstein.
-
- This makes it easier to make a RetainPtr using template argument deduction, which
- is useful when passing RetainPtr objects as function arguments.
-
- * wtf/RetainPtr.h:
- (WTF::retainPtr):
-
-2011-12-28 Yuqiang Xian <yuqiang.xian@intel.com>
-
- spill unboxed values in DFG 32_64
- https://bugs.webkit.org/show_bug.cgi?id=75291
-
- Reviewed by Filip Pizlo.
-
- Currently all the values are spilled as boxed in DFG 32_64, which is
- not necessary and introduces additional stores/loads. Instead we
- can spill them as unboxed if feasible. It can be applied to the
- Integers, Cells and Booleans in DFG 32_64. Doubles are left as is
- because they don't need to be boxed at all. The modifications to the
- spill/fill and the OSR exit are required, as well as a bug fix to the
- "isUnknownJS" logic.
-
- * bytecode/ValueRecovery.h:
- (JSC::ValueRecovery::displacedInRegisterFile):
- (JSC::ValueRecovery::virtualRegister):
- (JSC::ValueRecovery::dump):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::isUnknownJS):
- (JSC::DFG::GenerationInfo::spill):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::isKnownNotBoolean):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::silentFillGPR):
- (JSC::DFG::SpeculativeJIT::spill):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillInteger):
- (JSC::DFG::SpeculativeJIT::fillDouble):
- (JSC::DFG::SpeculativeJIT::fillJSValue):
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-28 Anders Carlsson <andersca@apple.com>
-
- Add an implicit block conversion operator to WTF::Function
- https://bugs.webkit.org/show_bug.cgi?id=75325
-
- Reviewed by Dan Bernstein.
-
- * wtf/Compiler.h:
- Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation
- is buggy, especially when it comes to C++.
-
- * wtf/Functional.h:
- Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed.
-
-2011-12-27 Anders Carlsson <andersca@apple.com>
-
- Add a new WTF::bind overload that takes 6 parameters
- https://bugs.webkit.org/show_bug.cgi?id=75287
-
- Reviewed by Sam Weinig.
-
- * wtf/Functional.h:
-
-2011-12-27 Sam Weinig <sam@webkit.org>
-
- Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro
- https://bugs.webkit.org/show_bug.cgi?id=75268
-
- Reviewed by Anders Carlsson.
-
- * wtf/Compiler.h:
- Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
-
- * wtf/Noncopyable.h:
- Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
-
- * wtf/NullPtr.cpp:
- * wtf/NullPtr.h:
- Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR).
-
- * wtf/RefPtr.h:
- * wtf/RetainPtr.h:
- Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR).
-
-2011-12-27 Anders Carlsson <andersca@apple.com>
-
- Misc fixes and cleanups in Functional.h
- https://bugs.webkit.org/show_bug.cgi?id=75281
-
- Reviewed by Andreas Kling.
-
- - Reformat template declarations so that the class begins on a new line.
- - Change the parameter template parameters to start at P1 instead of P0.
- - Add function wrappers and bind overloads for 4 and 5 parameter functions.
- - Change the Function call operator to be const so const functions can be called.
-
- * wtf/Functional.h:
-
-2011-12-27 Tony Chang <tony@chromium.org>
-
- [chromium] Minor cleanup of gyp files.
- https://bugs.webkit.org/show_bug.cgi?id=75269
-
- Reviewed by Adam Barth.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed
- and vim/emacs specific hooks should be added by the user.
-
-2011-12-27 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75260
- Null name for host function can result in dereference of uninitialize memory
-
- Reviewed by Filip Pizlo.
-
- This is a recent regression in ToT, if the name passed to finishCreation of a host function is null,
- we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the
- aspect of the change that introduced the issue. It might be better if functions that don't have a
- name don't have this property at all, but that's change should be separate from fixing the bug.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::finishCreation):
- - Always initialize the name property.
-
-2011-12-27 Anders Carlsson <andersca@apple.com>
-
- Function should handle wrapping/unwrapping RefPtr and PassRefPtr
- https://bugs.webkit.org/show_bug.cgi?id=75266
-
- Reviewed by Sam Weinig.
-
- Add ParamStorageTraits that can be used for deciding how bound parameters should be stored
- and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn.
- For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking.
-
- * wtf/Functional.h:
- (WTF::ParamStorageTraits::wrap):
- (WTF::ParamStorageTraits::unwrap):
-
-2011-12-27 Tony Chang <tony@chromium.org>
-
- [chromium] really enable wpo for WebCore libs and for WTF
- https://bugs.webkit.org/show_bug.cgi?id=75264
-
- Reviewed by Adam Barth.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr.
-
-2011-12-26 Gavin Barraclough <barraclough@apple.com>
-
- Errk! OS X build fix.
-
- * JavaScriptCore.exp:
-
-2011-12-26 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSObject.h:
-
-2011-12-26 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75231
- Fail to throw in strict mode on assign to read only static properties
-
- Reviewed by Filip Pizlo.
-
- There are three bugs here:
- * symbolTablePut should throw for strict mode accesses.
- * lookupPut should throw for strict mode accesses.
- * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties.
-
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::symbolTablePut):
- (JSC::JSActivation::put):
- * runtime/JSActivation.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::put):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::put):
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::symbolTablePut):
- * runtime/Lookup.h:
- (JSC::lookupPut):
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::put):
- * runtime/NumberConstructor.h:
-
-2011-12-26 Gavin Barraclough <barraclough@apple.com>
-
- Fix miss-commit of utf8 change.
-
- Reviewed by Filip Pizlo
-
- Eeep, patch as landed a while ago had no effect! - acidentally landed
- modified version of patch used for performance testing.
-
- (This isn't covered by layout tests because layour tests don't use jsc,
- and the tests/mozilla tests use latin1, which was already supported!)
-
- Landing changes as intended (and as originally reviewed).
-
- * jsc.cpp:
- (jscSource):
-
-2011-12-26 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for ARMv7.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::load16Signed):
- (JSC::MacroAssemblerARMv7::load8Signed):
+ (JSC::DFG::VariableAccessData::VariableAccessData):
+ (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias):
+ (VariableAccessData):
+ (JSC::DFG::VariableAccessData::isArgumentsAlias):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emitSlow_op_get_argument_by_val):
-2011-12-26 Hajime Morrita <morrita@google.com>
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE
- https://bugs.webkit.org/show_bug.cgi?id=74990
+ DFGCapabilities should not try to get an arguments register from code blocks that don't have one
+ https://bugs.webkit.org/show_bug.cgi?id=87332
- Reviewed by Kevin Ollivier.
+ Reviewed by Andy Estes.
- * runtime/JSExportMacros.h: Removed JS_INLINE
- * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canInlineOpcode):
-2011-12-24 Filip Pizlo <fpizlo@apple.com>
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- The ArgumentCount field in the CallFrame should have its tag left blank for other uses
- https://bugs.webkit.org/show_bug.cgi?id=75199
- <rdar://problem/10625105>
- <rdar://problem/10625106>
+ DFG should have sparse conditional constant propagation
+ https://bugs.webkit.org/show_bug.cgi?id=86580
Reviewed by Oliver Hunt.
-
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
- * interpreter/CallFrame.h:
- (JSC::ExecState::argumentCountIncludingThis):
- (JSC::ExecState::setArgumentCountIncludingThis):
- * interpreter/Register.h:
- (JSC::Register::unboxedInt32):
- (JSC::Register::unboxedBoolean):
- (JSC::Register::unboxedCell):
- (JSC::Register::payload):
- (JSC::Register::tag):
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileLoadVarargs):
- (JSC::JIT::compileOpCall):
-
-2011-12-25 Andreas Kling <awesomekling@apple.com>
-
- Yarr: Avoid copying vectors in CharacterClassConstructor.
- <http://webkit.org/b/75206>
-
- Reviewed by Darin Adler.
-
- Yarr::CharacterClassConstructor::charClass() was hot when loading twitter
- feeds (1.2%), replace the usage of Vector::append() by swap() since we're
- always clearing the source vector afterwards anyway.
-
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::CharacterClassConstructor::charClass):
-
-2011-12-24 Darin Adler <darin@apple.com>
-
- Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn
- https://bugs.webkit.org/show_bug.cgi?id=72476
-
- Reviewed by Sam Weinig.
-
- * wtf/HashTraits.h: Defined PassInType and store function in HashTraits<RefPtr>.
-
-2011-12-23 Geoffrey Garen <ggaren@apple.com>
-
- Inlined Yarr::execute
- https://bugs.webkit.org/show_bug.cgi?id=75180
-
- Reviewed reluctantly by Beth Dakin.
- Tiny speedup on SunSpider string tests. Removes some samples from
- Instruments. A step toward removing -fomit-frame-pointer.
-
- * yarr/YarrJIT.cpp:
- * yarr/YarrJIT.h:
- (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?!
-
-2011-12-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG loads from signed 8-bit and 16-bit typed arrays are broken
- https://bugs.webkit.org/show_bug.cgi?id=75163
-
- Reviewed by Geoffrey Garen.
+ Merged r117370 from dfgopt.
- Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm
- currently disabling Int8Array and Int16Array optimizations on ARM.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::load8Signed):
- (JSC::MacroAssemblerX86Common::load16Signed):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movswl_mr):
- (JSC::X86Assembler::movsbl_mr):
- * bytecode/PredictedType.h:
- (JSC::isActionableMutableArrayPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateInt8Array):
- (JSC::DFG::Node::shouldSpeculateInt16Array):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-
-2011-12-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG does double-to-int conversion incorrectly when storing into int typed arrays
- https://bugs.webkit.org/show_bug.cgi?id=75164
- <rdar://problem/10557547>
-
- Reviewed by Geoffrey Garen.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32):
- (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-
-2011-12-23 Geoffrey Garen <ggaren@apple.com>
-
- Refactored String.prototype.replace
- https://bugs.webkit.org/show_bug.cgi?id=75114
+ This enhances CFA so that if it suspects at any point during the fixpoint that a
+ branch will only go one way, then it only propagates in that one way.
- Reviewed by Darin Adler.
-
- No performance difference.
+ This vastly increases the opportunities for CFG simplification. For example, it
+ enables us to evaporate this loop:
- I think this is a step toward removing -fomit-frame-pointer.
-
- * runtime/JSString.cpp:
- * runtime/JSString.h: Removed the test and special case for a single-character
- search string because the standard path does this test and special case
- for us. (As an aside, if we do come up with a unique single-character
- replace optimization in future, it probably belongs in the replace function,
- and not in JSString.)
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncReplace): Split this mega-sized function into:
- (JSC::replaceUsingStringSearch): - This reasonably sized function, and
- (JSC::replaceUsingRegExpSearch): - This still mega-sized function.
-
-2011-12-23 Pierre Rossi <pierre.rossi@gmail.com>
-
- [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html
- https://bugs.webkit.org/show_bug.cgi?id=75087
-
- monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds.
-
- Reviewed by Darin Adler.
-
- * wtf/CurrentTime.cpp:
- (WTF::monotonicallyIncreasingTime):
-
-2011-12-22 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not speculate array even when predictions say that the base is not an array
- https://bugs.webkit.org/show_bug.cgi?id=75160
- <rdar://problem/10622646>
- <rdar://problem/10622649>
-
- Reviewed by Oliver Hunt.
+ for (var i = 0; i < 1; ++i) doThings(i);
- Added the ability to call slow path when the base is known to not be an array.
- Also rationalized the logic for deciding when the index is not an int, and
- cleaned up the logic for deciding when to speculate typed array.
+ As a result, it uncovered loads of bugs in the CFG simplifier. In particular:
- Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can
- likely be mitigated by having the notion of a polymorphic array access, where we
- try, but don't speculate, to access the array one way before either trying some
- other ways or calling slow path.
-
- * bytecode/PredictedType.h:
- (JSC::isActionableMutableArrayPrediction):
- (JSC::isActionableArrayPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateInt8Array):
- (JSC::DFG::Node::shouldSpeculateInt16Array):
- (JSC::DFG::Node::shouldSpeculateInt32Array):
- (JSC::DFG::Node::shouldSpeculateUint8Array):
- (JSC::DFG::Node::shouldSpeculateUint16Array):
- (JSC::DFG::Node::shouldSpeculateUint32Array):
- (JSC::DFG::Node::shouldSpeculateFloat32Array):
- (JSC::DFG::Node::shouldSpeculateFloat64Array):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::byValIsPure):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-22 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed - fix stylebot issues from last patch.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::putSlowCase):
-
-2011-12-22 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=75151
- Add attributes field to JSArray's SparseMap
-
- Reviewed by Sam Weinig.
-
- This will be necessary to be able to support non- writable/configurable/enumerable
- properties, and helpful for getters/setters.
-
- Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncSort):
- - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
- (must fall back to generic sort alogrithm).
- * runtime/JSArray.cpp:
- (JSC::JSArray::finishCreation):
- - moved reportedMapCapacity into the SparseArrayValueMap object.
- (JSC::SparseArrayValueMap::find):
- (JSC::SparseArrayValueMap::put):
- (JSC::SparseArrayValueMap::visitChildren):
- - Added.
- (JSC::JSArray::getOwnPropertySlotByIndex):
- (JSC::JSArray::getOwnPropertyDescriptor):
- (JSC::JSArray::putSlowCase):
- (JSC::JSArray::deletePropertyByIndex):
- (JSC::JSArray::getOwnPropertyNames):
- (JSC::JSArray::setLength):
- (JSC::JSArray::pop):
- (JSC::JSArray::visitChildren):
- - Updated for changes in SparseArrayValueMap.
- (JSC::JSArray::sortNumeric):
- (JSC::JSArray::sort):
- (JSC::JSArray::compactForSorting):
- - Disallow on 'SparseMode' arrays.
- * runtime/JSArray.h:
- (JSC::SparseArrayEntry::SparseArrayEntry):
- - An entry in the sparse array - value (WriteBarrier) + attributes.
- (JSC::SparseArrayValueMap::SparseArrayValueMap):
- (JSC::SparseArrayValueMap::sparseMode):
- (JSC::SparseArrayValueMap::setSparseMode):
- - Flags to track whether an Array is forced into SparseMode.
- (JSC::SparseArrayValueMap::remove):
- (JSC::SparseArrayValueMap::notFound):
- (JSC::SparseArrayValueMap::isEmpty):
- (JSC::SparseArrayValueMap::contains):
- (JSC::SparseArrayValueMap::size):
- (JSC::SparseArrayValueMap::begin):
- (JSC::SparseArrayValueMap::end):
- - accessors to the map
- (JSC::SparseArrayValueMap::take):
- - only for use on non-SpareMode arrays.
- (JSC::JSArray::inSparseMode):
- - Added.
-
-2011-12-22 Filip Pizlo <fpizlo@apple.com>
-
- DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array
- https://bugs.webkit.org/show_bug.cgi?id=75150
- <rdar://problem/10621900>
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
-
-2011-12-22 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does exactly the wrong thing when doing strict equality on two known cells
- https://bugs.webkit.org/show_bug.cgi?id=75138
- <rdar://problem/10621526>
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-
-2011-12-22 Balazs Kelemen <kbalazs@webkit.org>
-
- Fix debug build with assertions disabled
- https://bugs.webkit.org/show_bug.cgi?id=75075
-
- Reviewed by Darin Adler.
-
- Check whether assertions are disabled instead of NDEBUG
- where appropriate to avoid "defined but not used" warnings.
-
- * wtf/DateMath.cpp:
- (WTF::initializeDates):
-
-2011-12-22 Mariusz Grzegorczyk <mariusz.g@samsung.com>
-
- [EFL] Missing plugins support for efl port
- https://bugs.webkit.org/show_bug.cgi?id=44505
-
- Reviewed by Anders Carlsson.
-
- Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port.
-
- * wtf/Platform.h:
-
-2011-12-22 Wei Charles <charles.wei@torchmobile.com.cn>
-
- Remove un-used data member of LiteralParser::Lex::m_string
- https://bugs.webkit.org/show_bug.cgi?id=68216
-
- Reviewed by George Staikos.
-
- * runtime/LiteralParser.h:
-
-2011-12-21 Dan Bernstein <mitz@apple.com>
-
- OS X build fix after r103488.
-
- * JavaScriptCore.exp:
-
-2011-12-21 Konrad Piascik <kpiascik@rim.com>
-
- Implement the JavaScriptCore bindings for eventListenerHandlerLocation
- https://bugs.webkit.org/show_bug.cgi?id=74313
-
- Reviewed by Eric Seidel.
-
- Updated project files to get Windows and Mac builds working.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-12-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object
- https://bugs.webkit.org/show_bug.cgi?id=75058
- <rdar://problem/10616612>
- <rdar://problem/10617500>
-
- Reviewed by Oliver Hunt.
-
- Added a call to toThisObject() in the DFG when planting a direct reference to the global this object.
- Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed
- a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState*
- is optional.
-
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::globalThisObjectFor):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSObject.h:
-
-2011-12-21 Pierre Rossi <pierre.rossi@gmail.com>
-
- Implement montonicallyIncreasingClock() on Qt
- https://bugs.webkit.org/show_bug.cgi?id=62159
-
- Reviewed by Darin Adler.
-
- * wtf/CurrentTime.cpp:
- (WTF::monotonicallyIncreasingTime):
-
-2011-12-20 Filip Pizlo <fpizlo@apple.com>
-
- 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails
- https://bugs.webkit.org/show_bug.cgi?id=74997
- <rdar://problem/10612389>
-
- Reviewed by Gavin Barraclough.
-
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_div):
-
-2011-12-20 Filip Pizlo <fpizlo@apple.com>
-
- JavaScriptCore should be consistent about how it reads and writes ArgumentCount
- https://bugs.webkit.org/show_bug.cgi?id=74989
- <rdar://problem/10612006>
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileLoadVarargs):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_get_arguments_length):
- (JSC::JIT::emit_op_get_argument_by_val):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-
-2011-12-20 Filip Pizlo <fpizlo@apple.com>
-
- Value Profiles for arguments should be more easily accessible to the interpreter
- https://bugs.webkit.org/show_bug.cgi?id=74984
- <rdar://problem/10611364>
-
- Reviewed by Gavin Barraclough.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::stronglyVisitStrongReferences):
- (JSC::CodeBlock::shouldOptimizeNow):
- (JSC::CodeBlock::dumpValueProfiles):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::setArgumentValueProfileSize):
- (JSC::CodeBlock::numberOfArgumentValueProfiles):
- (JSC::CodeBlock::valueProfileForArgument):
- (JSC::CodeBlock::addValueProfile):
- (JSC::CodeBlock::valueProfile):
- (JSC::CodeBlock::valueProfileForBytecodeOffset):
- (JSC::CodeBlock::totalNumberOfValueProfiles):
- (JSC::CodeBlock::getFromAllValueProfiles):
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::ValueProfile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
-
-2011-12-20 Gavin Barraclough <barraclough@apple.com>
-
- JSC shell should accept utf8 input.
-
- Reviewed by Filip Pizlo.
-
- * jsc.cpp:
- (jscSource):
- (functionRun):
- (functionLoad):
- (functionCheckSyntax):
- (runWithScripts):
- (runInteractive):
-
-2011-12-20 Gavin Barraclough <barraclough@apple.com>
-
- Rubber Stamped by Sam Weinig
-
- * runtime/JSGlobalData.cpp:
- - removed some dead code.
-
-2011-12-19 Geoffrey Garen <ggaren@apple.com>
-
- Tightened up Vector<T>::append
- https://bugs.webkit.org/show_bug.cgi?id=74906
-
- Reviewed by Sam Weinig.
-
- Not a measurable speedup, but code inspection shows better code generated,
- and I believe this is a step toward turning off -fomit-frame-pointer.
-
- * wtf/Vector.h:
- (WTF::::append):
- (WTF::::appendSlowCase): Split out the slow case into a separate function
- to keep unnecessary instructions off the hot path. This means the hot
- path can now be inlined more often.
-
- Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a
- compiler work-around from 2007.
-
-2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Temporary GPR should not be lazily allocated in DFG JIT on X86
- https://bugs.webkit.org/show_bug.cgi?id=74908
-
- Reviewed by Filip Pizlo.
-
- On X86, we used to allocate a temporary GPR lazily when it's really
- used rather than defined. This may cause potential issues of
- allocating registers inside control flow and result in problems in
- subsequent code generation, for example the DFG JIT may think an
- operand already being spilled (to satisfy the allocation request) and
- generate code to read the data from memory, but the allocation and
- spilling are in a branch which is not taken at runtime, so the
- generated code is incorrect.
-
- Although current DFG JIT code doesn't have this problematic pattern,
- it's better to cut-off the root to avoid any potential issues in the
- future.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::GPRTemporary::GPRTemporary):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::GPRTemporary::gpr):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Remove unused code for non-speculative Arith operations from DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=74905
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- * dfg/DFGSpeculativeJIT64.cpp:
-
-2011-12-19 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=74903
- Exceptions not thrown correctly from DFG JIT on 32bit
-
- Reviewed by Oliver Hunt.
-
- Arguments for lookupExceptionHandler are not setup correctly.
- In the case of ARMv7 we rely on lr being preserved over a call,
- this in invalid. On x86 we don't should be poking the arguments onto the stack!
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
- * dfg/DFGGPRInfo.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileBody):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addExceptionCheck):
- (JSC::DFG::JITCompiler::addFastExceptionCheck):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
-
-2011-12-19 Filip Pizlo <fpizlo@apple.com>
-
- If we detect that we can use the JIT, don't use computed opcode lookups
- https://bugs.webkit.org/show_bug.cgi?id=74899
- <rdar://problem/10604551>
-
- Reviewed by Gavin Barraclough.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::Interpreter):
- (JSC::Interpreter::initialize):
- (JSC::Interpreter::privateExecute):
- * interpreter/Interpreter.h:
- (JSC::Interpreter::getOpcode):
- (JSC::Interpreter::getOpcodeID):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
-
-2011-12-19 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the Qt build.
-
- Unreviewed.
-
- * wtf/ThreadSpecific.h: #include!
-
-2011-12-18 Filip Pizlo <fpizlo@apple.com>
-
- It should be possible to change the value of an Options variable without recompiling the world
- https://bugs.webkit.org/show_bug.cgi?id=74807
-
- Reviewed by Gavin Barraclough.
-
- * runtime/Options.cpp:
- (JSC::Options::initializeOptions):
- * runtime/Options.h:
-
-2011-12-19 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r103250.
- http://trac.webkit.org/changeset/103250
- https://bugs.webkit.org/show_bug.cgi?id=74877
-
- it still breaks codegen (Requested by olliej on #webkit).
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::byValIsPure):
- (JSC::DFG::Propagator::clobbersWorld):
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-16 Oliver Hunt <oliver@apple.com>
-
- Rolling r103120 back in with merge errors corrected.
-
- PutByVal[Alias] unnecessarily reloads the storage buffer
- https://bugs.webkit.org/show_bug.cgi?id=74747
-
- Reviewed by Gavin Barraclough.
-
- Make PutByVal use GetIndexedStorage to load the storage buffer.
- This required switching PutByVal to a vararg node (which is
- responsible for most of the noise in this patch). This fixes the
- remaining portion of the kraken regression caused by the GetByVal
- storage load elimination, and a 1-5% win on some of the sub tests of
- the typed array benchmark at:
- http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::byValIndexIsPure):
- (JSC::DFG::Propagator::clobbersWorld):
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-15 Geoffrey Garen <ggaren@apple.com>
-
- Placement new does an unnecessary NULL check
- https://bugs.webkit.org/show_bug.cgi?id=74676
-
- Reviewed by Sam Weinig.
-
- We can define our own version, which skips the NULL check.
-
- Not a measurable speedup, but code inspection shows better code generated,
- and I believe this is a step toward turning off -fomit-frame-pointer.
-
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::create):
- * API/JSCallbackFunction.h:
- (JSC::JSCallbackFunction::create): Use the NotNull version of placement
- new to skip the NULL check.
-
- * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
-
- (JSC::JSCallbackObject::create):
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::create):
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::grow):
- * heap/HandleHeap.h:
- (JSC::HandleHeap::allocate):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::create):
- (JSC::MarkedBlock::recycle):
- * jit/JITCode.h:
- (JSC::JITCode::clear):
- * jsc.cpp:
- (GlobalObject::create):
- * profiler/CallIdentifier.h:
- * runtime/Arguments.h:
- (JSC::Arguments::create):
- * runtime/ArrayConstructor.h:
- (JSC::ArrayConstructor::create):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::create):
- * runtime/BooleanConstructor.h:
- (JSC::BooleanConstructor::create):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::create):
- * runtime/BooleanPrototype.h:
- (JSC::BooleanPrototype::create):
- * runtime/DateConstructor.h:
- (JSC::DateConstructor::create):
- * runtime/DateInstance.h:
- (JSC::DateInstance::create):
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::create):
- * runtime/Error.h:
- (JSC::StrictModeTypeErrorFunction::create):
- * runtime/ErrorConstructor.h:
- (JSC::ErrorConstructor::create):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::create):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::create):
- * runtime/ExceptionHelpers.h:
- (JSC::InterruptedExecutionError::create):
- (JSC::TerminatedExecutionError::create):
- * runtime/Executable.h:
- (JSC::NativeExecutable::create):
- (JSC::EvalExecutable::create):
- (JSC::ProgramExecutable::create):
- (JSC::FunctionExecutable::create):
- * runtime/FunctionConstructor.h:
- (JSC::FunctionConstructor::create):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::create):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::create):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::create):
- * runtime/JSActivation.h:
- (JSC::JSActivation::create):
- * runtime/JSArray.h:
- (JSC::JSArray::create):
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::create):
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::create): Use the NotNull version of placement
- new to skip the NULL check.
-
- * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::create):
- * runtime/JSFunction.h:
- (JSC::JSFunction::create):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::create):
- * runtime/JSGlobalThis.h:
- (JSC::JSGlobalThis::create):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::create):
- * runtime/JSONObject.h:
- (JSC::JSONObject::create):
- * runtime/JSObject.h:
- (JSC::JSFinalObject::create):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::create):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::create):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::create):
- * runtime/JSString.cpp:
- (JSC::StringObject::create):
- * runtime/JSString.h:
- (JSC::RopeBuilder::createNull):
- (JSC::RopeBuilder::create):
- (JSC::RopeBuilder::createHasOtherOwner):
- * runtime/MathObject.h:
- (JSC::MathObject::create):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::create):
- * runtime/NativeErrorPrototype.h:
- (JSC::NativeErrorPrototype::create):
- * runtime/NumberConstructor.h:
- (JSC::NumberConstructor::create):
- * runtime/NumberObject.h:
- (JSC::NumberObject::create):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::create):
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::create):
- * runtime/ObjectPrototype.h:
- (JSC::ObjectPrototype::create):
- * runtime/RegExp.cpp:
- (JSC::RegExp::createWithoutCaching):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::create):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::create):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::create):
- * runtime/RegExpPrototype.h:
- (JSC::RegExpPrototype::create):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::create):
- * runtime/StrictEvalActivation.h:
- (JSC::StrictEvalActivation::create):
- * runtime/StringConstructor.h:
- (JSC::StringConstructor::create):
- * runtime/StringObject.h:
- (JSC::StringObject::create):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::create):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::Structure::createStructure):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
- * testRegExp.cpp:
- (GlobalObject::create):
- * wtf/BitVector.cpp:
- (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
- new to skip the NULL check.
-
- * wtf/BumpPointerAllocator.h:
- (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
-
- * wtf/ByteArray.cpp:
- (WTF::ByteArray::create):
- * wtf/Deque.h:
- (WTF::::append):
- (WTF::::prepend): Use NotNull, as above.
-
- * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
- hide the name of the global placement new.
-
- (WTF::fastNew): Standardized spacing. Most of these functions don't need
- NotNull, since they check for NULL, and the optimizer can see that.
-
- * wtf/HashTable.h:
- * wtf/HashTraits.h:
- (WTF::SimpleClassHashTraits::constructDeletedValue):
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
-
- * wtf/StdLibExtras.h:
- (throw): This is our NotNull placement new. Declaring that we throw is
- the C++ way to say that operator new will not return NULL.
-
- * wtf/ThreadSpecific.h:
- (WTF::T):
- * wtf/Vector.h:
- (WTF::::append):
- (WTF::::tryAppend):
- (WTF::::uncheckedAppend):
- (WTF::::insert):
- * wtf/text/AtomicStringHash.h:
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::createUninitialized):
- (WTF::StringImpl::reallocate):
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::tryCreateUninitialized):
- * wtf/text/StringStatics.cpp:
- (WTF::AtomicString::init): Use NotNull, as above.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::allocDisjunctionContext):
- (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
- (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
- spacing for easy grep.
-
-2011-12-19 Eric Carlson <eric.carlson@apple.com>
-
- Enable <track> for Mac build
- https://bugs.webkit.org/show_bug.cgi?id=74838
-
- Reviewed by Darin Adler.
-
- * wtf/Platform.h:
-
-2011-12-18 Filip Pizlo <fpizlo@apple.com>
-
- DFG is too sloppy with register allocation
- https://bugs.webkit.org/show_bug.cgi?id=74835
-
- Reviewed by Gavin Barraclough.
-
- Added assertions that at the end of a successfully generated basic block,
- all use counts should be zero. This revealed a number of bugs:
-
- - Array length optimizations were turning a must-generate node into one
- that is not must-generate, but failing to change the ref count
- accordingly.
+ - Phi fixup was assuming that all Phis worth fixing up are shouldGenerate().
+ That's not true; we also fixup Phis that are dead.
- - Indexed property storage optimizations were failing to deref their
- children, or to deref the indexed property storage node itself. Also,
- they used the Phantom node as a replacement. But the Phantom node is
- must-generate, which was causing bizarre issues. So this introduces a
- Nop node, which should be used in cases where you want a node that is
- skipped and has no children.
+ - GetLocal fixup was assuming that it's only necessary to rewire links to a
+ GetLocal, and that the GetLocal's own links don't need to be rewired. Untrue,
+ because the GetLocal may not be rewirable (first block has no GetLocal for r42
+ but second block does have a GetLocal), in which case it will refer to a Phi
+ in the second block. We need it to refer to a Phi from the first block to
+ ensure that subsequent transformations work.
- This does not have any significant performance effect, but it should
- relieve some register pressure. The main thing this patch adds, though,
- are the assertions, which should make it easier to do register allocation
- related changes in the future.
+ - Tail operand fixup was ignoring the fact that Phis in successors may contain
+ references to the children of our tail variables. Hence, successor Phi child
+ substitution needs to use the original second block variable table as its
+ prior, rather than trying to reconstruct the prior later (since by that point
+ the children of the second block's tail variables will have been fixed up, so
+ we will not know what the prior would have been).
* dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::beginBasicBlock):
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::reset):
(JSC::DFG::AbstractState::execute):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::initConstant):
- (JSC::DFG::GenerationInfo::initInteger):
- (JSC::DFG::GenerationInfo::initJSValue):
- (JSC::DFG::GenerationInfo::initCell):
- (JSC::DFG::GenerationInfo::initBoolean):
- (JSC::DFG::GenerationInfo::initDouble):
- (JSC::DFG::GenerationInfo::initStorage):
- (JSC::DFG::GenerationInfo::use):
+ (JSC::DFG::AbstractState::mergeToSuccessors):
+ * dfg/DFGAbstractState.h:
+ (JSC::DFG::AbstractState::branchDirectionToString):
+ (AbstractState):
+ * dfg/DFGCFGSimplificationPhase.cpp:
+ (JSC::DFG::CFGSimplificationPhase::run):
+ (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
+ (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
+ (OperandSubstitution):
+ (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
+ (JSC::DFG::CFGSimplificationPhase::recordPossibleIncomingReference):
+ (CFGSimplificationPhase):
+ (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
+ (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
* dfg/DFGGraph.h:
- (JSC::DFG::Graph::clearAndDerefChild1):
- (JSC::DFG::Graph::clearAndDerefChild2):
- (JSC::DFG::Graph::clearAndDerefChild3):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::deref):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-18 Benjamin Poulain <bpoulain@apple.com>
-
- Remove the duplicated code from ASCIICType.h
- https://bugs.webkit.org/show_bug.cgi?id=74771
-
- Reviewed by Andreas Kling.
-
- Use isASCIIDigit() and isASCIIAlpha() instead of copying the code.
-
- * wtf/ASCIICType.h:
- (WTF::isASCIIDigit):
- (WTF::isASCIIAlphanumeric):
- (WTF::isASCIIHexDigit):
-
-2011-12-18 Anders Carlsson <andersca@apple.com>
-
- Set the main frame view scroll position asynchronously
- https://bugs.webkit.org/show_bug.cgi?id=74823
-
- Reviewed by Sam Weinig.
-
- * JavaScriptCore.exp:
-
-2011-12-10 Andreas Kling <kling@webkit.org>
-
- OpaqueJSClass: Remove RVCT2 workarounds.
- <http://webkit.org/b/74250>
-
- Reviewed by Benjamin Poulain.
-
- We no longer need workarounds for the RVCT2 compiler since it was
- only used for the Symbian port of WebKit which is now defunct.
-
- * API/JSClassRef.cpp:
- (OpaqueJSClass::OpaqueJSClass):
- (OpaqueJSClassContextData::OpaqueJSClassContextData):
-
-2011-12-16 Benjamin Poulain <bpoulain@apple.com>
-
- Remove the duplicated code from ASCIICType.h
- https://bugs.webkit.org/show_bug.cgi?id=74771
-
- Reviewed by Andreas Kling.
-
- The functions were sharing similar code and were defined for the various input types.
- Use templates instead to avoid code duplication.
-
- * wtf/ASCIICType.h:
- (WTF::isASCII):
- (WTF::isASCIIAlpha):
- (WTF::isASCIIAlphanumeric):
- (WTF::isASCIIDigit):
- (WTF::isASCIIHexDigit):
- (WTF::isASCIILower):
- (WTF::isASCIIOctalDigit):
- (WTF::isASCIIPrintable):
- (WTF::isASCIISpace):
- (WTF::isASCIIUpper):
- (WTF::toASCIILower):
- (WTF::toASCIIUpper):
- (WTF::toASCIIHexValue):
- (WTF::lowerNibbleToASCIIHexDigit):
- (WTF::upperNibbleToASCIIHexDigit):
-
-2011-12-16 Filip Pizlo <fpizlo@apple.com>
-
- DFG OSR exit may get confused about where in the scratch buffer it stored a value
- https://bugs.webkit.org/show_bug.cgi?id=74695
-
- Reviewed by Oliver Hunt.
-
- The code that reads from the scratch buffer now explicitly knows which locations to
- read from. No new tests, since this patch covers a case so uncommon that I don't know
- how to make a test for it.
-
- * dfg/DFGOSRExitCompiler.h:
- (JSC::DFG::OSRExitCompiler::badIndex):
- (JSC::DFG::OSRExitCompiler::initializePoisoned):
- (JSC::DFG::OSRExitCompiler::poisonIndex):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
-
-2011-12-16 Oliver Hunt <oliver@apple.com>
-
- PutByVal[Alias] unnecessarily reloads the storage buffer
- https://bugs.webkit.org/show_bug.cgi?id=74747
-
- Reviewed by Gavin Barraclough.
-
- Make PutByVal use GetIndexedStorage to load the storage buffer.
- This required switching PutByVal to a vararg node (which is
- responsible for most of the noise in this patch). This fixes the
- remaining portion of the kraken regression caused by the GetByVal
- storage load elimination, and a 1-5% win on some of the sub tests of
- the typed array benchmark at:
- http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::byValIndexIsPure):
- (JSC::DFG::Propagator::clobbersWorld):
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-16 Daniel Bates <dbates@rim.com>
-
- Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h
-
- Rubber-stamped by Antonio Gomes.
-
- BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't
- declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h
- instead of BlackBerryPlatformMisc.h.
-
- * wtf/Assertions.cpp:
-
-2011-12-16 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize destructors
- https://bugs.webkit.org/show_bug.cgi?id=74331
-
- Reviewed by Geoffrey Garen.
-
- This is a megapatch which frees us from the chains of virtual destructors.
-
- In order to remove the virtual destructors, which are the last of the virtual
- functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to
- the cell rather than to the structure because in order to be able to lazily call
- the static destroy() functions that will replace the virtual destructors, we
- need to be able to access the ClassInfo without the danger of the object's
- Structure being collected before the object itself.
-
- After adding the ClassInfo to the cell, we can then begin to remove our use
- of vptrs for optimizations within the JIT and the GC. When we have removed
- all of the stored vptrs from JSGlobalData, we can then also remove all of
- the related VPtrStealingHack code.
-
- The replacement for virtual destructors will be to add a static destroy function
- pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has
- a non-trivial destructor will require its own static destroy function to static
- call its corresponding destructor, which will now be non-virtual. In future
- patches we will slowly move away from destructors altogether as we make more and
- more objects backed by GC memory rather than malloc-ed memory. The GC will now
- call the static destroy method rather than the virtual destructor.
-
- As we go through the hierarchy and add static destroy functions to classes,
- we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes
- to which it applies. The future goal is to eventually have every class have that assert.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call
- ~JSCallbackConstructor because it has some extra destruction logic.
- * API/JSCallbackConstructor.h:
- * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction.
- * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject
- because it has a member OwnPtr that needs destruction.
- (JSC::::destroy):
- * API/JSCallbackObject.h:
- * JavaScriptCore.exp: Add/remove necessary symbols for JSC.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols.
- * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't
- have its own ClassInfo despite the fact that it overrides a number of MethodTable
- methods. Added the ClassInfo, along with an assertion that its destructor is trivial.
- * debugger/DebuggerActivation.h:
- * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray,
- isJSString, as it is no longer necessary.
- (JSC::DFG::putByVal):
- * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the
- JSArray ClassInfo pointer.
- (JSC::DFG::tryCacheGetByID):
- * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo
- comparisons since we don't have vptrs anymore.
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileStrictEq):
- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
- * dfg/DFGSpeculativeJIT.h: Ditto.
- (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
- * dfg/DFGSpeculativeJIT32_64.cpp: Ditto.
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp: Ditto.
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with
- ClassInfo comparisons.
- (JSC::Heap::Heap):
- * heap/MarkStack.cpp: Ditto.
- (JSC::MarkStackThreadSharedData::markingThreadMain):
- (JSC::visitChildren):
- (JSC::SlotVisitor::drain):
- * heap/MarkStack.h: Ditto.
- (JSC::MarkStack::MarkStack):
- * heap/MarkedBlock.cpp: Ditto.
- (JSC::MarkedBlock::callDestructor):
- (JSC::MarkedBlock::specializedSweep):
- * heap/MarkedBlock.h: Ditto.
- * heap/SlotVisitor.h: Ditto.
- (JSC::SlotVisitor::SlotVisitor):
- * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them.
- We'll have to rename this class and make it use ClassInfo ptrs in a future patch.
- (JSC::VTableSpectrum::count):
- * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray,
- etc. functions.
- (JSC::loadVarargs):
- (JSC::Interpreter::tryCacheGetByID):
- (JSC::Interpreter::privateExecute):
- * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject
- * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting,
- remove all vtable related code.
- (JSC::JIT::emitLoadCharacterString):
- (JSC::JIT::emitAllocateBasicJSObject):
- (JSC::JIT::emitAllocateJSFinalObject):
- (JSC::JIT::emitAllocateJSFunction):
- * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo.
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::emit_op_to_primitive):
- (JSC::JIT::emit_op_convert_this):
- * jit/JITOpcodes32_64.cpp: Ditto.
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::emit_op_to_primitive):
- (JSC::JIT::emitSlow_op_eq):
- (JSC::JIT::emitSlow_op_neq):
- (JSC::JIT::compileOpStrictEq):
- (JSC::JIT::emit_op_convert_this):
- * jit/JITPropertyAccess.cpp: Ditto.
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- * jit/JITPropertyAccess32_64.cpp: Ditto.
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- * jit/JITStubs.cpp: Remove global data argument from isJSString, etc.
- (JSC::JITThunks::tryCacheGetByID):
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff.
- (JSC::SpecializedThunkJIT::loadJSStringArgument):
- * runtime/ArrayConstructor.cpp: Add trivial destructor assert.
- * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray.
- (JSC::arrayProtoFuncToString):
- (JSC::arrayProtoFuncJoin):
- (JSC::arrayProtoFuncPop):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- * runtime/BooleanConstructor.cpp: Add trivial destructor assert.
- * runtime/BooleanObject.cpp: Ditto.
- * runtime/BooleanPrototype.cpp: Ditto.
- * runtime/ClassInfo.h: Add destroy function pointer to MethodTable.
- * runtime/DateConstructor.cpp: Add trivial destructor assert.
- * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr
- that needs destruction.
- (JSC::DateInstance::destroy):
- * runtime/DateInstance.h:
- * runtime/Error.cpp: Ditto (because of UString member).
- (JSC::StrictModeTypeErrorFunction::destroy):
- * runtime/Error.h:
- * runtime/ErrorConstructor.cpp: Add trivial destructor assert.
- * runtime/ErrorInstance.cpp: Ditto.
- * runtime/ExceptionHelpers.cpp: Ditto.
- * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses.
- (JSC::ExecutableBase::destroy):
- (JSC::NativeExecutable::destroy):
- (JSC::ScriptExecutable::destroy):
- (JSC::EvalExecutable::destroy):
- (JSC::ProgramExecutable::destroy):
- (JSC::FunctionExecutable::destroy):
- * runtime/Executable.h:
- * runtime/FunctionConstructor.cpp: Add trivial destructor assert.
- * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray.
- (JSC::functionProtoFuncApply):
- * runtime/GetterSetter.cpp: Ditto.
- * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no
- longer exists.
- (JSC::initializeThreadingOnce):
- * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert,
- remove first arg from isJSString.
- (JSC::InternalFunction::displayName):
- * runtime/InternalFunction.h: Remove VPtrStealingHack.
- * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert.
- * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in
- destructor with ClassInfo checks.
- (JSC::JSArray::~JSArray):
- (JSC::JSArray::destroy):
- * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray
- and change them to check the ClassInfo rather than the vptrs.
- (JSC::isJSArray):
- * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray.
- (JSC::boundFunctionCall):
- (JSC::boundFunctionConstruct):
- * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks.
- (JSC::JSByteArray::~JSByteArray):
- (JSC::JSByteArray::destroy):
- * runtime/JSByteArray.h: Remove VPtrStealingHack code.
- (JSC::isJSByteArray):
- * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function.
- (JSC::JSCell::destroy):
- * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset
- of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to
- the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions,
- as they are no longer used. Add a validatedClassInfo function to JSCell for any clients
- that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the
- same one as that contained in the Structure. This isn't used too often, because most of
- the places where we compare the ClassInfo to things can be called during destruction.
- Since the Structure is unreliable during the phase when destructors are being called,
- we can't call validatedClassInfo.
- (JSC::JSCell::classInfoOffset):
- (JSC::JSCell::structure):
- (JSC::JSCell::classInfo):
- * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor,
- remove first arg from call to isJSString.
- (JSC::JSFunction::destroy):
- (JSC::JSFunction::displayName):
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs,
- as these vptrs are no longer needed in the codebase.
- * runtime/JSGlobalData.h:
- (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use
- ClassInfo rather than the vptr.
- * runtime/JSGlobalObject.cpp: Add static destroy function.
- (JSC::JSGlobalObject::destroy):
- * runtime/JSGlobalObject.h:
- * runtime/JSGlobalThis.cpp: Add trivial destructor assert.
- * runtime/JSNotAnObject.cpp: Ditto.
- * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls.
- (JSC::Stringifier::Holder::appendNextProperty):
- (JSC::Walker::walk):
- * runtime/JSObject.cpp:
- (JSC::JSFinalObject::destroy):
- (JSC::JSNonFinalObject::destroy):
- (JSC::JSObject::destroy):
- * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor
- from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and
- JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code.
- (JSC::JSObject::finishCreation):
- (JSC::JSNonFinalObject::finishCreation):
- (JSC::JSFinalObject::finishCreation):
- (JSC::isJSFinalObject):
- * runtime/JSPropertyNameIterator.cpp: Add static destroy.
- (JSC::JSPropertyNameIterator::destroy):
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.cpp: Ditto.
- (JSC::JSStaticScopeObject::destroy):
- * runtime/JSStaticScopeObject.h: Ditto.
- * runtime/JSString.cpp:
- (JSC::JSString::destroy):
- * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code,
- since we no longer need to fixup vptrs.
- (JSC::jsSingleCharacterString):
- (JSC::jsSingleCharacterSubstring):
- (JSC::jsNontrivialString):
- (JSC::jsString):
- (JSC::jsSubstring8):
- (JSC::jsSubstring):
- (JSC::jsOwnedString):
- (JSC::jsStringBuilder):
- (JSC::isJSString):
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::destroy):
- * runtime/JSVariableObject.h: Ditto.
- * runtime/JSWrapperObject.cpp:
- * runtime/JSWrapperObject.h: Add trivial destructor assert.
- * runtime/MathObject.cpp: Ditto.
- * runtime/NativeErrorConstructor.cpp: Ditto.
- * runtime/NumberConstructor.cpp: Ditto.
- * runtime/NumberObject.cpp: Ditto.
- * runtime/NumberPrototype.cpp: Ditto.
- * runtime/ObjectConstructor.cpp: Ditto.
- * runtime/ObjectPrototype.cpp: Ditto.
- * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString.
- (JSC::jsString):
- (JSC::jsLess):
- (JSC::jsLessEq):
- * runtime/RegExp.cpp: Add static destroy.
- (JSC::RegExp::destroy):
- * runtime/RegExp.h:
- * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray.
- (JSC::RegExpConstructor::destroy):
- (JSC::RegExpMatchesArray::destroy):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- * runtime/RegExpObject.cpp: Add static destroy.
- (JSC::RegExpObject::destroy):
- * runtime/RegExpObject.h:
- * runtime/ScopeChain.cpp: Add trivial destructor assert.
- * runtime/ScopeChain.h:
- * runtime/StrictEvalActivation.cpp: Ditto.
- * runtime/StringConstructor.cpp:
- * runtime/StringObject.cpp: Ditto. Remove vtableAnchor.
- * runtime/StringObject.h:
- * runtime/StringPrototype.cpp: Ditto.
- * runtime/Structure.cpp: Add static destroy.
- (JSC::Structure::destroy):
- * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h
- because they need to have the full Structure type to access the ClassInfo to store in the JSCell.
- (JSC::JSCell::setStructure):
- (JSC::JSCell::validatedClassInfo):
- (JSC::JSCell::JSCell):
- (JSC::JSCell::finishCreation):
- * runtime/StructureChain.cpp: Add static destroy.
- (JSC::StructureChain::destroy):
- * runtime/StructureChain.h:
- * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs
- ability to tell us when a class has a trivial destructor. We will use this assert
- more in future patches as we move toward having all JSC objects backed by GC memory,
- which means moving away from using destructors/finalizers.
-
-2011-12-15 Martin Robinson <mrobinson@igalia.com>
-
- Fix 'make dist' in preparation for the GTK+ release.
-
- * GNUmakefile.list.am: Add missing header.
-
-2011-12-15 Sam Weinig <sam@webkit.org>
-
- <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly
-
- Reviewed by Gavin Barraclough.
-
- Original patch by Jim Grosbach.
-
- * jit/JITStubs.cpp:
- (JSC::ctiTrampoline):
- (JSC::ctiVMThrowTrampoline):
- Replace uses of the 'cpy' mnemonic with 'mov'.
-
-2011-12-15 Filip Pizlo <fpizlo@apple.com>
-
- Value profiling should distinguished between NaN and non-NaN doubles
- https://bugs.webkit.org/show_bug.cgi?id=74682
-
- Reviewed by Gavin Barraclough.
-
- Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
- of the two.
-
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- (JSC::predictionFromValue):
- * bytecode/PredictedType.h:
- (JSC::isDoubleRealPrediction):
- (JSC::isDoublePrediction):
-
-2011-12-15 Anders Carlsson <andersca@apple.com>
+ (JSC::DFG::Graph::changeEdge):
- Regression (r102866): Navigating away from or closing a page with a plugin crashes
- https://bugs.webkit.org/show_bug.cgi?id=74655
- <rdar://problem/10590024>
+2012-05-23 Ojan Vafai <ojan@chromium.org>
- Reviewed by Sam Weinig.
+ add back the ability to disable flexbox
+ https://bugs.webkit.org/show_bug.cgi?id=87147
- Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes,
- using a modified version of the technique described here:
- http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699
-
- * wtf/Functional.h:
-
-2011-12-15 Andy Wingo <wingo@igalia.com>
-
- Warnings fixes in Interpreter.cpp and PrivateExecute.cpp
- https://bugs.webkit.org/show_bug.cgi?id=74624
-
- Reviewed by Darin Adler.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute): Fix variables unused in
- release mode.
- * wtf/ParallelJobsGeneric.cpp:
- (WTF::ParallelEnvironment::ParallelEnvironment): Fix
- signed/unsigned comparison warning, with a cast.
-
-2011-12-15 Andy Wingo <wingo@igalia.com>
-
- Use more macrology in JSC::Options
- https://bugs.webkit.org/show_bug.cgi?id=72938
-
- Reviewed by Filip Pizlo.
-
- * runtime/Options.cpp:
- (JSC::Options::initializeOptions):
- * runtime/Options.h: Use macros to ensure that all heuristics are
- declared and have initializers.
-
-2011-12-15 Anders Carlsson <andersca@apple.com>
-
- Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define
- https://bugs.webkit.org/show_bug.cgi?id=74639
-
- Reviewed by Andreas Kling.
-
- Add ENABLE_THREADED_SCROLLING #define.
-
- * wtf/Platform.h:
-
-2011-12-15 Anders Carlsson <andersca@apple.com>
-
- EventDispatcher should handle wheel events on the connection queue
- https://bugs.webkit.org/show_bug.cgi?id=74627
-
- Reviewed by Andreas Kling.
-
- Add a BoundFunctionImpl specialization that takes three parameters.
-
- * wtf/Functional.h:
- (WTF::C::):
- (WTF::R):
- (WTF::bind):
-
-2011-12-14 Anders Carlsson <andersca@apple.com>
-
- Add WTF::Function to wtf/Forward.h
- https://bugs.webkit.org/show_bug.cgi?id=74576
-
- Reviewed by Adam Roben.
-
- * jsc.cpp:
- Work around a name conflict in the readline library.
-
- * wtf/Forward.h:
- Add Function.
-
-2011-12-15 Igor Oliveira <igor.oliveira@openbossa.org>
-
- [Qt] Support requestAnimationFrame API
- https://bugs.webkit.org/show_bug.cgi?id=74528
-
- Let Qt port use REQUEST_ANIMATION_FRAME_TIMER.
-
- Reviewed by Kenneth Rohde Christiansen.
-
- * wtf/Platform.h:
-
-2011-12-15 Andy Wingo <wingo@igalia.com>
-
- Minor refactor to Parser::parseTryStatement
- https://bugs.webkit.org/show_bug.cgi?id=74507
-
- Reviewed by Geoffrey Garen.
-
- * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the
- Parser's declareVariable instead of going directly to the scope.
- This will facilitate future checks related to harmony block
- scoping.
-
-2011-12-15 Andy Wingo <wingo@igalia.com>
+ Reviewed by Tony Chang.
- Rename JSC::Heuristics to JSC::Options
- https://bugs.webkit.org/show_bug.cgi?id=72889
+ * Configurations/FeatureDefines.xcconfig:
- Reviewed by Filip Pizlo.
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp.
- * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h.
+ Unreviewed, fix Windows build.
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::shouldOptimizeNow):
* bytecode/CodeBlock.h:
- (JSC::CodeBlock::likelyToTakeSlowCase):
- (JSC::CodeBlock::couldTakeSlowCase):
- (JSC::CodeBlock::likelyToTakeSpecialFastCase):
- (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
- (JSC::CodeBlock::likelyToTakeAnySlowCase):
- (JSC::CodeBlock::reoptimizationRetryCounter):
- (JSC::CodeBlock::countReoptimization):
- (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
- (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
- (JSC::CodeBlock::optimizeNextInvocation):
- (JSC::CodeBlock::dontOptimizeAnytimeSoon):
- (JSC::CodeBlock::optimizeSoon):
- (JSC::CodeBlock::largeFailCountThreshold):
- (JSC::CodeBlock::largeFailCountThresholdForLoop):
- (JSC::CodeBlock::shouldReoptimizeNow):
- (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleInlining):
* dfg/DFGCapabilities.h:
- (JSC::DFG::mightCompileEval):
- (JSC::DFG::mightCompileProgram):
- (JSC::DFG::mightCompileFunctionForCall):
- (JSC::DFG::mightCompileFunctionForConstruct):
- (JSC::DFG::mightInlineFunctionForCall):
- (JSC::DFG::mightInlineFunctionForConstruct):
- * dfg/DFGOSRExit.cpp:
- (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGVariableAccessData.h:
- (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
- * heap/MarkStack.cpp:
- (JSC::MarkStackSegmentAllocator::allocate):
- (JSC::MarkStackSegmentAllocator::shrinkReserve):
- (JSC::MarkStackArray::MarkStackArray):
- (JSC::MarkStackArray::donateSomeCellsTo):
- (JSC::MarkStackArray::stealSomeCellsFrom):
- (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
- (JSC::SlotVisitor::donateSlow):
- (JSC::SlotVisitor::drain):
- (JSC::SlotVisitor::drainFromShared):
- * heap/MarkStack.h:
- (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
- (JSC::MarkStack::addOpaqueRoot):
- (JSC::MarkStackArray::canDonateSomeCells):
- * heap/SlotVisitor.h:
- (JSC::SlotVisitor::donate):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce): Adapt callers and build systems.
-
- * testRegExp.cpp:
- (CommandLine::CommandLine):
- * jsc.cpp:
- (CommandLine::CommandLine):
- Rename from Options, to avoid name conflict.
-
-2011-12-14 Sam Weinig <sam@webkit.org>
-
- Revert unintentional change to JavaScriptCore.def
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-12-14 Sam Weinig <weinig@apple.com>
-
- Remove whitespace from InheritedPropertySheets attributes in
- vsprops files to appease the Visual Studio project migrator.
-
- Reviewed by Adam Roben.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
- * JavaScriptCore.vcproj/jsc/jscDebug.vsprops:
- * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops:
- * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
- * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
- * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
- * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops:
- * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops:
- * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops:
- * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops:
- * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
-
-2011-12-14 Anders Carlsson <andersca@apple.com>
-
- binding a member function should ref/deref the object pointer if needed
- https://bugs.webkit.org/show_bug.cgi?id=74552
-
- Reviewed by Sam Weinig.
-
- Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref
- member functions which the right type. Use this to determine if we should ref/deref the first parameter.
-
- * wtf/Functional.h:
- (WTF::R):
- (WTF::C::):
- (WTF::RefAndDeref::ref):
- (WTF::RefAndDeref::deref):
-
-2011-12-14 Hajime Morrita <morrita@chromium.org>
-
- JS_INLINE and WTF_INLINE should be visible from WebCore
- https://bugs.webkit.org/show_bug.cgi?id=73191
-
- - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
- - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
- - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
-
- Reviewed by Kevin Ollivier.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * config.h:
- * runtime/JSExportMacros.h: Added.
- * wtf/ExportMacros.h:
- * wtf/Platform.h:
- * wtf/WTFThreadData.h:
- * wtf/text/AtomicString.h:
- * wtf/text/StringStatics.cpp:
-
-2011-12-14 Anders Carlsson <andersca@apple.com>
-
- Work around a bug in the MSVC2005 compiler
- https://bugs.webkit.org/show_bug.cgi?id=74550
-
- Reviewed by Sam Weinig.
-
- Add template parameters for the return types of the partial specializations of BoundFunctionImpl.
-
- * wtf/Functional.h:
- (WTF::R):
-
-2011-12-13 Jon Lee <jonlee@apple.com>
-
- Enable notifications on Mac.
-
- Reviewed by Sam Weinig.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-12-14 David Kilzer <ddkilzer@apple.com>
-
- Remove definition of old ENABLE(YARR) macro
- <http://webkit.org/b/74532>
-
- Reviewed by Darin Adler.
-
- * wtf/Platform.h: Removed ENABLE_YARR macros.
-
-2011-12-14 Anders Carlsson <andersca@apple.com>
-
- bind should handle member functions
- https://bugs.webkit.org/show_bug.cgi?id=74529
-
- Reviewed by Sam Weinig.
-
- Add FunctionWrapper partial specializations for member function pointers.
-
- * wtf/Functional.h:
- (WTF::C::):
-
-2011-12-14 Gavin Barraclough <barraclough@apple.com>
-
- DFG relies on returning a struct in registers
- https://bugs.webkit.org/show_bug.cgi?id=74527
-
- Reviewed by Geoff Garen.
-
- This will not work on all platforms. Returning a uint64_t will more reliably achieve
- what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
-
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- (JSC::DFG::DFGHandler::dfgHandlerEncoded):
-
-2011-12-14 Anders Carlsson <andersca@apple.com>
-
- Add unary and binary bind overloads
- https://bugs.webkit.org/show_bug.cgi?id=74524
-
- Reviewed by Sam Weinig.
-
- * wtf/Functional.h:
- (WTF::R):
- (WTF::FunctionWrapper::ResultType):
- (WTF::bind):
-
-2011-12-14 Anders Carlsson <andersca@apple.com>
-
- Add back the callOnMainThread overload that takes a WTF::Function
- https://bugs.webkit.org/show_bug.cgi?id=74512
-
- Reviewed by Darin Adler.
-
- Add back the overload; the changes to WebCore should hopefully keep Windows building.
-
- * wtf/MainThread.cpp:
- (WTF::callFunctionObject):
- (WTF::callOnMainThread):
- * wtf/MainThread.h:
-
-2011-12-13 Filip Pizlo <fpizlo@apple.com>
-
- DFG should infer when local variables are doubles
- https://bugs.webkit.org/show_bug.cgi?id=74480
-
- Reviewed by Oliver Hunt.
-
- Introduced the notion that a local variable (though not an argument, yet!) can
- be stored as a double, and will be guaranteed to always contain a double. This
- requires more magic in the OSR (conversion in both entry and exit). The inference
- is quite unorthodox: all uses of a variable vote on whether they think it should
- be a double or a JSValue, based on how they use it. If they use it in an integer
- or boxed value context, they vote JSValue. If they use it in a double context,
- they vote double. This voting is interleaved in the propagator's fixpoint, so
- that variables voted double then have a double prediction propagated from them.
- This interleaving is needed because a variable that actually always contains an
- integer that always gets used in arithmetic that involves doubles may end up
- being voted double, which then means that all uses of the variable will see a
- double rather than an integer.
-
- This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7%
- to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to
- Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial.
- It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar
- results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall
- win on SunSpider.
-
- * bytecode/ValueRecovery.h:
- (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble):
- (JSC::ValueRecovery::dump):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::boxDouble):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGOSREntry.h:
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::vote):
- (JSC::DFG::Propagator::doRoundOfDoubleVoting):
- (JSC::DFG::Propagator::propagatePredictions):
- (JSC::DFG::Propagator::fixupNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGVariableAccessData.h:
- (JSC::DFG::VariableAccessData::VariableAccessData):
- (JSC::DFG::VariableAccessData::clearVotes):
- (JSC::DFG::VariableAccessData::vote):
- (JSC::DFG::VariableAccessData::doubleVoteRatio):
- (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
- (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
- (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
- * runtime/Arguments.cpp:
- (JSC::Arguments::tearOff):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
-
-2011-12-13 Anders Carlsson <andersca@apple.com>
-
- Try to fix the Windows build.
-
- Remove the callOnMainThread overload that takes a WTF::Function since it's not being used.
-
- * wtf/MainThread.cpp:
- * wtf/MainThread.h:
-
-2011-12-13 Anders Carlsson <andersca@apple.com>
-
- Add a very bare-bones implementation of bind and Function to WTF
- https://bugs.webkit.org/show_bug.cgi?id=74462
-
- Reviewed by Sam Weinig.
-
- In order to make it easier to package up function calls and send them across
- threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new
- wtf/Functional.h header.
-
- Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied,
- but I'll add more as the need arises.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/Functional.h: Added.
- (WTF::R):
- (WTF::FunctionImplBase::~FunctionImplBase):
- (WTF::FunctionWrapper::ResultType):
- (WTF::FunctionBase::isNull):
- (WTF::FunctionBase::FunctionBase):
- (WTF::FunctionBase::impl):
- (WTF::bind):
- * wtf/MainThread.cpp:
- (WTF::callFunctionObject):
- (WTF::callOnMainThread):
- * wtf/MainThread.h:
- * wtf/wtf.pro:
-
-2011-12-13 Geoffrey Garen <ggaren@apple.com>
-
- <rdar://problem/10577239> GC Crash introduced in r102545
-
- Reviewed by Gavin Barraclough.
-
- MarkedArgumentBuffer was still marking items in forwards order, even though
- the argument order has been reversed.
-
- I fixed this bug, and replaced address calculation code with some helper
- functions -- mallocBase() and slotFor() -- so it stays fixed everywhere.
-
- * runtime/ArgList.cpp:
- (JSC::MarkedArgumentBuffer::markLists):
- (JSC::MarkedArgumentBuffer::slowAppend):
- * runtime/ArgList.h:
- (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
- (JSC::MarkedArgumentBuffer::at):
- (JSC::MarkedArgumentBuffer::append):
- (JSC::MarkedArgumentBuffer::last):
- (JSC::MarkedArgumentBuffer::slotFor):
- (JSC::MarkedArgumentBuffer::mallocBase):
+ (JSC::DFG::canCompileOpcode):
+ (JSC::DFG::canCompileOpcodes):
+ * dfg/DFGCommon.h:
+ (DFG):
-2011-12-13 Filip Pizlo <fpizlo@apple.com>
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- DFG OSR exit for UInt32ToNumber should roll forward, not roll backward
- https://bugs.webkit.org/show_bug.cgi?id=74463
+ DFG should optimize inlined uses of arguments.length and arguments[i]
+ https://bugs.webkit.org/show_bug.cgi?id=86327
Reviewed by Gavin Barraclough.
- Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
- how to execute the slow path of UInt32ToNumber.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::lastOSRExit):
- * bytecode/CodeOrigin.h:
- (JSC::CodeOrigin::operator!=):
- * bytecode/ValueRecovery.h:
- (JSC::ValueRecovery::uint32InGPR):
- (JSC::ValueRecovery::gpr):
- (JSC::ValueRecovery::dump):
- * dfg/DFGAssemblyHelpers.cpp:
- * dfg/DFGAssemblyHelpers.h:
- * dfg/DFGOSRExit.h:
- (JSC::DFG::OSRExit::valueRecoveryForOperand):
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-13 Oliver Hunt <oliver@apple.com>
-
- Arguments object doesn't handle mutation of length property correctly
- https://bugs.webkit.org/show_bug.cgi?id=74454
-
- Reviewed by Gavin Barraclough.
-
- Correct handling of arguments objects with overridden length property
-
- * interpreter/Interpreter.cpp:
- (JSC::loadVarargs):
- * runtime/Arguments.cpp:
- (JSC::Arguments::copyToArguments):
- (JSC::Arguments::fillArgList):
-
-2011-12-13 Filip Pizlo <fpizlo@apple.com>
-
- DFG GetByVal CSE rule should match PutByValAlias
- https://bugs.webkit.org/show_bug.cgi?id=74390
-
- Reviewed by Geoff Garen.
+ Merged r117017 from dfgopt.
- Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::getByValLoadElimination):
-
-2011-12-13 Andy Wingo <wingo@igalia.com>
-
- Fix interpreter debug build.
- https://bugs.webkit.org/show_bug.cgi?id=74439
-
- Reviewed by Geoffrey Garen.
-
- * bytecode/ValueRecovery.h: Include stdio.h on debug builds.
-
-2011-12-13 Filip Pizlo <fpizlo@apple.com>
-
- DFG should know exactly why recompilation was triggered
- https://bugs.webkit.org/show_bug.cgi?id=74362
-
- Reviewed by Oliver Hunt.
+ Turns inlined uses of arguments.length into a constant.
- Each OSR exit is now individually counted, as well as counting the total number
- of OSR exits that occurred in a code block. If recompilation is triggered, we
- check to see if there are OSR exit sites that make up a sufficiently large
- portion of the total OSR exits that occurred. For any such OSR exit sites, we
- add a description of the site (bytecode index, kind) to a data structure in the
- corresponding baseline CodeBlock. Then, when we recompile the code, we immediately
- know which speculations would be unwise based on the fact that previous such
- speculations proved to be fruitless.
+ Turns inlined uses of arguments[constant] into a direct reference to the
+ argument.
- This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue,
- and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less
- than 0.5%.
+ Big win on micro-benchmarks. Not yet a win on V8 because the hot uses of
+ arguments.length and arguments[i] are aliased. I'll leave the aliasing
+ optimizations to a later patch.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::tallyFrequentExitSites):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addFrequentExitSite):
- (JSC::CodeBlock::exitProfile):
- (JSC::CodeBlock::reoptimize):
- (JSC::CodeBlock::tallyFrequentExitSites):
- * bytecode/DFGExitProfile.cpp: Added.
- (JSC::DFG::ExitProfile::ExitProfile):
- (JSC::DFG::ExitProfile::~ExitProfile):
- (JSC::DFG::ExitProfile::add):
- (JSC::DFG::QueryableExitProfile::QueryableExitProfile):
- (JSC::DFG::QueryableExitProfile::~QueryableExitProfile):
- * bytecode/DFGExitProfile.h: Added.
- (JSC::DFG::exitKindToString):
- (JSC::DFG::exitKindIsCountable):
+ * bytecode/DFGExitProfile.h:
+ (FrequentExitSite):
(JSC::DFG::FrequentExitSite::FrequentExitSite):
- (JSC::DFG::FrequentExitSite::operator!):
- (JSC::DFG::FrequentExitSite::operator==):
- (JSC::DFG::FrequentExitSite::hash):
- (JSC::DFG::FrequentExitSite::bytecodeOffset):
- (JSC::DFG::FrequentExitSite::kind):
- (JSC::DFG::FrequentExitSite::isHashTableDeletedValue):
- (JSC::DFG::FrequentExitSiteHash::hash):
- (JSC::DFG::FrequentExitSiteHash::equal):
(JSC::DFG::QueryableExitProfile::hasExitSite):
+ (QueryableExitProfile):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGArgumentsSimplificationPhase.cpp: Added.
+ (DFG):
+ (ArgumentsSimplificationPhase):
+ (JSC::DFG::ArgumentsSimplificationPhase::ArgumentsSimplificationPhase):
+ (JSC::DFG::ArgumentsSimplificationPhase::run):
+ (JSC::DFG::performArgumentsSimplification):
+ * dfg/DFGArgumentsSimplificationPhase.h: Added.
+ (DFG):
+ * dfg/DFGAssemblyHelpers.cpp:
+ (JSC::DFG::AssemblyHelpers::executableFor):
+ (DFG):
* dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock):
- (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
+ (AssemblyHelpers):
* dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::getLocalLoadElimination):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::Graph):
+ (JSC::DFG::Graph::executableFor):
+ (Graph):
+ (JSC::DFG::Graph::clobbersWorld):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::convertToConstant):
+ (JSC::DFG::Node::convertToGetLocalUnlinked):
+ (Node):
+ (JSC::DFG::Node::unlinkedLocal):
+ * dfg/DFGNodeType.h:
+ (DFG):
* dfg/DFGOSRExit.cpp:
- (JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
- * dfg/DFGOSRExit.h:
- (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
- (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
- (JSC::DFG::SpeculativeJIT::compileSoftModulo):
- (JSC::DFG::SpeculativeJIT::compileArithMul):
- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
-
-2011-12-13 Michael Saboff <msaboff@apple.com>
-
- Cleanup of StringImpl::equal in r102631 post commit
- https://bugs.webkit.org/show_bug.cgi?id=74421
-
- Reviewed by Darin Adler.
-
- * wtf/text/AtomicString.h:
- (WTF::operator==): Removed cast no longer needed.
- * wtf/text/StringImpl.h:
- (WTF::equal): Changed template to several overloaded methods.
-
-2011-12-12 Michael Saboff <msaboff@apple.com>
-
- Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h
- https://bugs.webkit.org/show_bug.cgi?id=73622
-
- Reviewed by Oliver Hunt.
-
- Moved equal(charType1 *, charType2, unsigned) template methods
- from static StringImpl.cpp to StringImpl.h and then replaced the
- processor specific character comparison code in StringHash::equal
- with calls to these methods.
-
- This change is worth 3% on SunSpider string-unpack-code as reported
- by the SunSpider command line harness. No other tests appear to
- have measurable performance changes.
-
- * wtf/text/AtomicString.h:
- (WTF::operator==):
- * wtf/text/StringHash.h:
- (WTF::StringHash::equal):
- * wtf/text/StringImpl.cpp:
- * wtf/text/StringImpl.h:
- (WTF::LChar):
- (WTF::UChar):
- (WTF::equal):
-
-2011-12-12 Filip Pizlo <fpizlo@apple.com>
-
- ARMv7 version of DFG soft modulo does register allocation inside of control flow
- https://bugs.webkit.org/show_bug.cgi?id=74354
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-
-2011-12-12 Andy Wingo <wingo@igalia.com>
- Simplify autotools configure.ac
- https://bugs.webkit.org/show_bug.cgi?id=74312
-
- Reviewed by Martin Robinson.
-
- * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags.
-
-2011-12-12 Filip Pizlo <fpizlo@apple.com>
+2012-05-13 Filip Pizlo <fpizlo@apple.com>
- DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber
- https://bugs.webkit.org/show_bug.cgi?id=74329
+ DFG should be able to optimize foo.apply(bar, arguments)
+ https://bugs.webkit.org/show_bug.cgi?id=86306
Reviewed by Gavin Barraclough.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::getByValLoadElimination):
-
-2011-12-09 Alexander Pavlov <apavlov@chromium.org>
-
- WebKit does not enumerate over CSS properties in HTMLElement.style
- https://bugs.webkit.org/show_bug.cgi?id=23946
-
- Reviewed by Darin Adler.
-
- Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
- introduce an std::sort() comparator function.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/text/WTFString.h:
- (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
-
-2011-12-12 Alexander Pavlov <apavlov@chromium.org>
-
- Unreviewed, build fix.
-
- Revert r102570 which broke SnowLeopard builders.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/text/WTFString.h:
-
-2011-12-09 Alexander Pavlov <apavlov@chromium.org>
-
- WebKit does not enumerate over CSS properties in HTMLElement.style
- https://bugs.webkit.org/show_bug.cgi?id=23946
-
- Reviewed by Darin Adler.
-
- Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
- introduce an std::sort() comparator function.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/text/WTFString.h:
- (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
-
-2011-12-12 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck issues.
-
- * GNUmakefile.list.am:
-
-2011-12-11 Sam Weinig <sam@webkit.org>
-
- Fix another signed vs. unsigned warning
-
- * runtime/ArgList.h:
- (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
-
-2011-12-11 Sam Weinig <sam@webkit.org>
-
- Fix a signed vs. unsigned warning.
-
- * runtime/ArgList.cpp:
- (JSC::MarkedArgumentBuffer::slowAppend):
- Cast inlineCapacity to an int to appease the warning. This is known OK
- since inlineCapacity is defined to be 8.
-
-2011-12-11 Geoffrey Garen <ggaren@apple.com>
-
- Rolled out *another* debugging change I committed accidentally.
-
- Unreviewed.
-
- * Configurations/Base.xcconfig:
-
-2011-12-11 Geoffrey Garen <ggaren@apple.com>
-
- Rolled out a debug counter I committed accidentally.
-
- Unreviewed.
-
- * jit/JITStubs.cpp:
- (JSC::arityCheckFor):
-
-2011-12-10 Geoffrey Garen <ggaren@apple.com>
-
- v8 benchmark takes 12-13 million function call slow paths due to extra arguments
- https://bugs.webkit.org/show_bug.cgi?id=74244
-
- Reviewed by Filip Pizlo.
-
- .arguments function of order the Reversed
-
- 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
- and SunSpider.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
- to this function is an argument number.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitConstruct):
- (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
- helper functions for computing offsets for arguments, rather than doing
- the math by hand.
-
- Switched to iterating argument offsets backwards (--) instead of forwards (++).
-
- * bytecompiler/BytecodeGenerator.h:
- (JSC::CallArguments::thisRegister):
- (JSC::CallArguments::argumentRegister):
- (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
-
- * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::setArgument):
- (JSC::DFG::ByteCodeParser::flush):
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::handleMinMax):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
- that just-in-time convert to bytecode operands (i.e., indexes in the register
- file) through helper functions. This means only one piece of code needs
- to know how arguments are laid out in the register file.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump): Ditto.
-
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::valueProfileFor): Ditto.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
- Treat too many arguments as an arity match.
-
- * dfg/DFGOSRExit.h:
- (JSC::DFG::OSRExit::variableForIndex):
- (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
-
- * dfg/DFGOperands.h:
- (JSC::DFG::operandToArgument):
- (JSC::DFG::argumentToOperand): These are now the only two lines of code in
- the DFG compiler that know how arguments are laid out in memory.
-
- (JSC::DFG::Operands::operand):
- (JSC::DFG::Operands::setOperand): Use helper functions, as above.
-
- * dfg/DFGOperations.cpp: The whole point of this patch:
- Treat too many arguments as an arity match.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
-
- Also, don't tag the caller frame slot as a cell, because it's not a cell.
-
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
-
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
- argument virtual register instead of recomputing by hand.
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::callFrameSlot):
- (JSC::DFG::SpeculativeJIT::argumentSlot):
- (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
- (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
- (JSC::DFG::SpeculativeJIT::argumentTagSlot):
- (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
- functions for dealing with callee arguments specifically. These still
- build on top of our other helper functions, and have no direct knowledge
- of how arguments are laid out in the register file.
-
- (JSC::DFG::SpeculativeJIT::resetCallArguments):
- (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
- argumentOffset to match CallFrame naming.
-
- (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
- functions, as above.
-
- * interpreter/CallFrame.h:
- (JSC::ExecState::argumentOffset):
- (JSC::ExecState::argumentOffsetIncludingThis):
- (JSC::ExecState::argument):
- (JSC::ExecState::setArgument):
- (JSC::ExecState::thisArgumentOffset):
- (JSC::ExecState::thisValue):
- (JSC::ExecState::setThisValue):
- (JSC::ExecState::offsetFor):
- (JSC::ExecState::hostThisRegister):
- (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
- computing where an argument is in the register file. Anything in the
- runtime that needs to access arguments should use these helpers.
-
- * interpreter/CallFrameClosure.h:
- (JSC::CallFrameClosure::setThis):
- (JSC::CallFrameClosure::setArgument):
- (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
- that too many arguments counts as an arity match and doesn't require
- preserving two copies of our arguments.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
- special if the caller provided too few arguments.
-
- Key simplification: We never need to maintain two copies of our arguments
- anymore.
-
- (JSC::eval):
- (JSC::loadVarargs): Use helper functions.
-
- (JSC::Interpreter::unwindCallFrame): Updated for new interface.
-
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct):
- (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
- functions.
-
- (JSC::Interpreter::privateExecute): No need to check for stack overflow
- when calling host functions because they have zero callee registers.
-
- (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
- object, since there's no special constructor for this anymore.
-
- * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
- workers tests were hitting stack overflow in some of my testing. We should
- make this test more exact in future.
-
- * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
- location that does not belong to the CallFrame class!
-
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
-
- Also, the whole point of this patch: Treat too many arguments as an arity match.
-
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileLoadVarargs):
- * jit/JITCall.cpp:
- (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
- helper functions, for backwards-correctness. Removed the condition
- pertaining to declared argument count because, now that arguments are
- always in just one place, this optimization is valid for all functions.
- Standardized the if predicate for each line of the optimization. This might
- fix a bug, but I couldn't get the bug to crash in practice.
-
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_create_arguments):
- (JSC::JIT::emit_op_get_argument_by_val):
- (JSC::JIT::emitSlow_op_get_argument_by_val):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_create_arguments):
- (JSC::JIT::emit_op_get_argument_by_val):
- (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
- optimization because it's no longer an optimization, now that arguments
- are always contiguous in a known location.
- Updated argument access opcode math for backwards-correctness.
-
- * jit/JITStubs.cpp:
- (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
- function is slightly different because it copies the call frame in
- addition to the arguments. (In the Interpreter, the call frame is not
- set up by this point.)
-
- (JSC::lazyLinkFor): The whole point of this patch: Treat too many
- arguments as an arity match.
-
- (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
-
- * jit/JITStubs.h:
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::loadDoubleArgument):
- (JSC::SpecializedThunkJIT::loadCellArgument):
- (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
- build strong bones and teeth!
-
- * runtime/ArgList.cpp:
- (JSC::ArgList::getSlice):
- (JSC::MarkedArgumentBuffer::slowAppend):
- * runtime/ArgList.h:
- (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
- (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
- (JSC::MarkedArgumentBuffer::at):
- (JSC::MarkedArgumentBuffer::clear):
- (JSC::MarkedArgumentBuffer::append):
- (JSC::MarkedArgumentBuffer::removeLast):
- (JSC::MarkedArgumentBuffer::last):
- (JSC::ArgList::ArgList):
- (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
- play nice with backwards-ness, so I changed to using manual allocation.
+ Merge r116912 from dfgopt.
- Fixed a FIXME about not all values being marked in the case of out-of-line
- arguments. I had to rewrite the loop anyway, and I didn't feel like
- maintaining fidelity to its old bugs.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildren):
- (JSC::Arguments::copyToArguments):
- (JSC::Arguments::fillArgList):
- (JSC::Arguments::getOwnPropertySlotByIndex):
- (JSC::Arguments::getOwnPropertySlot):
- (JSC::Arguments::getOwnPropertyDescriptor):
- (JSC::Arguments::putByIndex):
- (JSC::Arguments::put):
- (JSC::Arguments::tearOff):
- * runtime/Arguments.h:
- (JSC::Arguments::create):
- (JSC::Arguments::Arguments):
- (JSC::Arguments::argument):
- (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
- lots of tricky code designed to maintain two different copies of function
- arguments. Now that arguments are always contiguous in one place in memory,
- this complexity can go away.
+ Enables compilation of op_jneq_ptr and some forms of op_call_varargs.
- Reduced down to one create function for the Arguments class, from three.
-
- Moved tearOff() into an out-of-line function because it's huge.
-
- Moved logic about whether to tear off eagerly into the Arguments class,
- so we didn't have to duplicate it elsewhere.
-
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
- m_numCapturedArgs because if the value really were m_numParametersMinusThis
- we would be marking too much. (We shouldn't mark 'this' because it can't
- be captured.) Also, use helper functions.
-
- * runtime/JSActivation.h:
- (JSC::JSActivation::tearOff): Use helper functions.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::copyToArguments):
- * runtime/JSArray.h: Use helper functions, as above.
-
-2011-12-10 Mark Hahnenberg <mhahnenberg@apple.com>
-
- JSC testapi is crashing on Windows
- https://bugs.webkit.org/show_bug.cgi?id=74233
-
- Reviewed by Sam Weinig.
-
- Same error we've encountered before where we are calling the wrong version of
- visitChildren and objects that are still reachable aren't getting marked.
- This problem will go away soon with the removal of vptrs for these sorts of
- optimizations in favor of using the ClassInfo, but for now we can simply give
- JSFinalObject a bogus virtual method that Visual Studio can't optimize away to
- ensure that JSFinalObject will always have a unique vptr. We don't have to worry
- about JSString or JSArray right now, which are the other two special cases for
- visitChildren, since they already have their own virtual functions.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSObject.cpp:
- (JSC::JSFinalObject::vtableAnchor):
- * runtime/JSObject.h:
-
-2011-12-10 Alexis Menard <alexis.menard@openbossa.org>
-
- Unused variable in YarrJIT.cpp.
- https://bugs.webkit.org/show_bug.cgi?id=74237
-
- Reviewed by Andreas Kling.
-
- Variable is set but not used so we can remove it.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2011-12-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG ArithMul power-of-two case does not check for overflow
- https://bugs.webkit.org/show_bug.cgi?id=74230
-
- Reviewed by Gavin Barraclough.
-
- Disabled power-of-2 peephole optimization for multiplication, because it was wrong,
- and any attempt to fix it would likely introduce code bloat and register pressure.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileArithMul):
-
-2011-12-09 David Levin <levin@chromium.org>
-
- REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock
- https://bugs.webkit.org/show_bug.cgi?id=73886
-
- Reviewed by Darin Adler.
-
- * runtime/SymbolTable.h:
- (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for
- another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads.
- Bug 58091 is about changing these deprecated calls to something else but that something
- else will still need to be in all of these places.
-
-2011-12-09 Konrad Piascik <kpiascik@rim.com>
-
- Remove unnecessary file DissasemblerARM.cpp from build system
- https://bugs.webkit.org/show_bug.cgi?id=74184
-
- Reviewed by Daniel Bates.
-
- * PlatformBlackBerry.cmake:
-
-2011-12-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG's interpretation of rare case profiles should be frequency-based not count-based
- https://bugs.webkit.org/show_bug.cgi?id=74170
-
- Reviewed by Geoff Garen.
+ Also includes a bunch of bug fixes that were made necessary by the increased
+ pressure on the CFG simplifier.
- DFG optimizes for rare cases only when the rare case counter is above some threshold
- and it also constitutes a large enough fraction of total function executions. Also
- added some minor debug logic.
+ This is a 1-2% win on V8.
* bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::CodeBlock):
+ (JSC::ProgramCodeBlock::canCompileWithDFGInternal):
+ (JSC::EvalCodeBlock::canCompileWithDFGInternal):
+ (JSC::FunctionCodeBlock::canCompileWithDFGInternal):
* bytecode/CodeBlock.h:
- (JSC::CodeBlock::likelyToTakeSlowCase):
- (JSC::CodeBlock::couldTakeSlowCase):
- (JSC::CodeBlock::likelyToTakeSpecialFastCase):
- (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
- (JSC::CodeBlock::likelyToTakeAnySlowCase):
- (JSC::CodeBlock::executionEntryCount):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
-
-2011-12-09 Oliver Hunt <oliver@apple.com>
-
- PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage
- https://bugs.webkit.org/show_bug.cgi?id=74223
-
- Reviewed by Geoffrey Garen.
-
- Don't clobber GetIndexedPropertyStorage when we see PutByValAlias
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
-
-2011-12-09 David Levin <levin@chromium.org>
-
- Hash* iterators should allow comparison between const and const versions.
- https://bugs.webkit.org/show_bug.cgi?id=73370
-
- Reviewed by Darin Adler.
-
- * wtf/HashTable.h: Add the operators needed to do this.
- (WTF::HashTableConstIterator::operator==):
- (WTF::HashTableConstIterator::operator!=):
- (WTF::HashTableIterator::operator==):
- (WTF::HashTableIterator::operator!=):
- (WTF::operator==):
- (WTF::operator!=):
-
-2011-12-09 Michael Saboff <msaboff@apple.com>
-
- YARR: Multi-character read optimization for 8bit strings
- https://bugs.webkit.org/show_bug.cgi?id=74191
-
- Reviewed by Oliver Hunt.
-
- Changed generatePatternCharacterOnce to generate
- code for 1 to 4 characters in the 8 bit case.
- This is worth 29% improvement on SunSpider regexp-dna test.
- It provides no benefit to v8-regexp.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
- (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment.
-
-2011-12-09 David Levin <levin@chromium.org>
-
- Regression(r53595): Sync xhr requests in workers aren't terminated on worker close.
- https://bugs.webkit.org/show_bug.cgi?id=71695
-
- Reviewed by Zoltan Herczeg.
-
- * wtf/MessageQueue.h:
- (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages
- even after the queue has been killed. This is useful when one wants to
- kill a queue but then go through it to run clean up tasks from it.
-
-2011-12-09 Adrienne Walker <enne@google.com>
-
- Fix HashMap<..., OwnPtr<...> >::add compilation errors
- https://bugs.webkit.org/show_bug.cgi?id=74159
-
- Reviewed by Darin Adler.
-
- Add a constructor to OwnPtr that takes the empty value (nullptr_t)
- from HashTraits so that this function can compile.
-
- * wtf/OwnPtr.h:
- (WTF::OwnPtr::OwnPtr):
-
-2011-12-09 Oliver Hunt <oliver@apple.com>
-
- Avoid reloading storage pointer for indexed properties unnecessarily
- https://bugs.webkit.org/show_bug.cgi?id=74136
-
- Reviewed by Filip Pizlo.
-
- Add a node to represent loading property storage for indexed properties.
- This allows us to reduce code generated for sequential access of arrays,
- strings, etc. This results in up to 5% improvement in code that is
- very heavy on indexed reads, such as matrix operations in typed arrays
- and 20% faster on microbenchmarks.
-
- Currently this is only supported by GetByVal and other similar indexed reads.
-
- * bytecode/PredictedType.h:
- (JSC::isFixedIndexedStorageObjectPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-08 Fady Samuel <fsamuel@chromium.org>
-
- [Chromium] Enable viewport metatag
- https://bugs.webkit.org/show_bug.cgi?id=73495
-
- Reviewed by Darin Fisher.
-
- * wtf/Platform.h: Added ENABLE(VIEWPORT) tag.
-
-2011-12-08 Adam Klein <adamk@chromium.org>
-
- Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
- https://bugs.webkit.org/show_bug.cgi?id=73964
-
- Reviewed by Darin Adler.
-
- * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs.
-
-2011-12-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=74005
- fix unaligned access memory in generatePatternCharacterOnce function
- for SH4 platforms.
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::load16Unaligned):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::load16Unaligned):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::load16Unaligned):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::lshift32):
- (JSC::MacroAssemblerSH4::load8):
- (JSC::MacroAssemblerSH4::load16):
- (JSC::MacroAssemblerSH4::load16Unaligned):
- (JSC::MacroAssemblerSH4::branch8):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::load16Unaligned):
- * jit/JIT.h:
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2011-12-08 Michael Saboff <msaboff@apple.com>
-
- Add 8 bit paths for StringTypeAdapter classes
- https://bugs.webkit.org/show_bug.cgi?id=73882
-
- Reviewed by Darin Adler.
-
- Added is8Bit() method and writeTo(LChar*) methods
- to StringTypeAdapter<> classes. The writeTo(LChar*)
- method can be used if is8Bit() returns true. The
- non-native 8 bit classes contain ASSERT(is8Bit())
- in their writeTo(LChar*).
-
- Updated all of the various versions of tryMakeString() to
- use 8 bit processing in the updated StringTypeAdapter<>
- classes.
-
- This has slight if any performance improvement on kraken.
-
- * runtime/UStringConcatenate.h:
- * wtf/text/StringConcatenate.h:
- (WTF::tryMakeString):
- * wtf/text/StringOperators.h:
- (WTF::StringAppend::is8Bit):
- (WTF::StringAppend::writeTo):
-
-2011-12-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG CSE should know that CheckFunction is pure
- https://bugs.webkit.org/show_bug.cgi?id=74044
-
- Reviewed by Oliver Hunt.
-
- Possible slight win on V8, no regressions.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::checkFunctionElimination):
-
-2011-12-07 Michael Saboff <msaboff@apple.com>
-
- StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing.
- https://bugs.webkit.org/show_bug.cgi?id=73995
-
- Reviewed by Geoffrey Garen.
-
- Problem was that a call to characters on an StringImpl associated
- with a StringBuilder that is being appended to gets stale.
- Added a new m_valid16BitShadowlen that keeps the length of
- the 16 bit shadow that has been upconverted or will be up converted
- with the first getCharacters(). When StringBuilder::characters or
- ::reifyString is called, further characters are upconverted if
- we have a shadow16bit copy and the m_valid16BitShadowlen is updated.
-
- * JavaScriptCore.exp:
- * wtf/text/StringBuilder.cpp:
- (WTF::StringBuilder::reifyString):
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::StringBuilder):
- (WTF::StringBuilder::characters):
- (WTF::StringBuilder::clear): Cleaned up as part of the change.
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::getData16SlowCase):
- (WTF::StringImpl::upconvertCharacters):
- * wtf/text/StringImpl.h:
-
-2011-12-07 Filip Pizlo <fpizlo@apple.com>
-
- Compare and Swap should be enabled on ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=74023
-
- Reviewed by Geoff Garen.
-
- Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC.
- It gives the expected speed-up on multi-core ARMv7 devices.
-
- * wtf/Atomics.h:
- (WTF::weakCompareAndSwap):
- * wtf/Platform.h:
-
-2011-12-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG CSE is overzealous with GetByVal
- https://bugs.webkit.org/show_bug.cgi?id=74042
-
- Reviewed by Oliver Hunt.
-
- Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal
- is tested in all places that matter.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::byValIsPure):
- (JSC::DFG::Propagator::clobbersWorld):
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
-
-2011-12-07 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r102267.
- http://trac.webkit.org/changeset/102267
- https://bugs.webkit.org/show_bug.cgi?id=74032
-
- Breaks build on Chromium Mac Debug (Requested by aklein on
- #webkit).
-
- * wtf/HashTraits.h:
-
-2011-12-07 Adam Klein <adamk@chromium.org>
-
- Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
- https://bugs.webkit.org/show_bug.cgi?id=73964
-
- Reviewed by Ryosuke Niwa.
-
- * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null.
-
-2011-12-07 Filip Pizlo <fpizlo@apple.com>
-
- Non-Mac devices should benefit from a larger heap
- https://bugs.webkit.org/show_bug.cgi?id=74015
-
- Reviewed by Geoff Garen.
-
- Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in
- Heap.cpp, and got in the way of having more granular, per-platform control over
- what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB).
-
- * heap/Heap.cpp:
- (JSC::GCTimer::heapSizeForHint):
- * wtf/Platform.h:
-
-2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] V8 build fixes.
-
- Reviewed by Tor Arne Vestbø.
-
- * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in
- VPATH. Prefix SOURCES correctly and make sure that runtime/ is
- in the include search path when building with v8.
-
-2011-12-06 Filip Pizlo <fpizlo@apple.com>
-
- Zapping a block that is Marked leads to dead objects being mistaken for live ones
- https://bugs.webkit.org/show_bug.cgi?id=73982
-
- Reviewed by Geoff Garen.
-
- Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
- the code asserts that:
-
- - If we zap a Marked or Zapped block then the free list is empty, because this
- can only happen if the block was never free-listed.
-
- - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
- blocks are those that cannot be referred to by SizeClass::currentBlock (since
- SizeClass::currentBlock only refers to blocks that are candidates for allocation,
- and Allocated blocks are those who have been exhausted by allocation and will not
- be allocated from again), and New blocks cannot be referred to by anything except
- during a brief window inside the allocation slow-path.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::zapFreeList):
-
-2011-12-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG 32_64 call linking does not handle non-cell callees correctly
- https://bugs.webkit.org/show_bug.cgi?id=73965
-
- Reviewed by Sam Weinig.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitCall):
-
-2011-12-06 Sam Weinig <sam@webkit.org>
-
- Remove unintentional type name shadowing in the Interpreter
- https://bugs.webkit.org/show_bug.cgi?id=73963
-
- Reviewed by Oliver Hunt.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable,
- which shadows the FunctionExecutable type name, with functionExecutable.
-
-2011-12-06 Michael Saboff <msaboff@apple.com>
-
- r102146 from 73875 broke fast/js/encode-URI-test.html
- https://bugs.webkit.org/show_bug.cgi?id=73950
-
- Reviewed by Gavin Barraclough.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncUnescape): Restructured to handle
- the %uHHHH case to output the resulting character
- and continue so that a failure in finding 4 hex
- digits will fall through and output the '%'.
- Due to style check, changed the temporary
- character variable to a more descriptive name.
-
-2011-12-06 Filip Pizlo <fpizlo@apple.com>
-
- GC zapping logic could benefit from some more assertions
- https://bugs.webkit.org/show_bug.cgi?id=73947
-
- Reviewed by Gavin Barraclough.
-
- - If you're in a zapped block and you're zapped, then your mark bit should
- never be set.
-
- - If you're being marked, then you should never be zapped.
-
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::isLive):
- * runtime/Structure.h:
- (JSC::MarkStack::internalAppend):
-
-2011-12-06 Oliver Hunt <oliver@apple.com>
-
- Don't allocate register in typedarray control flow
- https://bugs.webkit.org/show_bug.cgi?id=73944
-
- Reviewed by Gavin Barraclough.
-
- Move a temporary allocation outside of control flow.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-
-2011-12-06 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=68328
- The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant
-
- Reviewed by Geoff Garen.
-
- Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions
- that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the
- hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select
- a thunk genertaor to use based on the Intrinsic.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * create_hash_table:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- * dfg/DFGCapabilities.h:
- * dfg/DFGIntrinsic.h: Removed.
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
- * jit/JITStubs.h:
- * runtime/Executable.cpp:
- (JSC::ExecutableBase::intrinsic):
- (JSC::NativeExecutable::intrinsic):
- * runtime/Executable.h:
- (JSC::ExecutableBase::intrinsicFor):
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::finishCreation):
- * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h.
- * runtime/JSGlobalData.cpp:
- (JSC::thunkGeneratorForIntrinsic):
- (JSC::JSGlobalData::getHostFunction):
- * runtime/JSGlobalData.h:
- * runtime/Lookup.cpp:
- (JSC::HashTable::createTable):
- (JSC::setUpStaticFunctionSlot):
- * runtime/Lookup.h:
- (JSC::HashEntry::initialize):
- (JSC::HashEntry::intrinsic):
-
-2011-12-06 Michael Saboff <msaboff@apple.com>
-
- Add 8 bit paths to global object functions
- https://bugs.webkit.org/show_bug.cgi?id=73875
-
- Added 8 bit paths for converions methods.
-
- This is worth 1.5% on kraken audio-oscillator,
- 1.6% on stanford-crypto-ccm and 2.5% on
- stanford-crypto-sha256-iterative. See bug for
- a full report.
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::decode): Split into a templated helper.
- (JSC::parseInt): Split into a templated helper.
- (JSC::parseFloat): Added an 8 bit path
- (JSC::globalFuncEscape): Added 8 bit path
- (JSC::globalFuncUnescape): Added 8 bit path
- * runtime/JSStringBuilder.h:
- (JSC::JSStringBuilder::append): New append for LChar
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::append): New append for LChar
-
-2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
-
- Enable ParallelJobs by default
- https://bugs.webkit.org/show_bug.cgi?id=70032
-
- Reviewed by Zoltan Herczeg.
-
- According to measurements on Mac and Linux it is a
- considerable speedup for SVG on multicore.
-
- Remove the ENABLE(PARALLEL_JOBS) guard.
- Fix build on Windows and Chromium.
-
- * JavaScriptCore.gypi: Add the files to the build. It was
- missing for the gyp build system.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- Export symbols.
- * wtf/ParallelJobs.h:
- * wtf/ParallelJobsGeneric.cpp:
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::execute):
- Deinline these to avoid exporting a lot of symbols.
- These are non-trivial and called only once on a given object
- so it doesn't seems to be worthwile to inline them.
- Additionally fix a signed-unsigned comparison in the constructor.
- * wtf/ParallelJobsGeneric.h:
- * wtf/Platform.h:
-
-2011-12-06 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] build-jsc script doesn't work
- https://bugs.webkit.org/show_bug.cgi?id=73910
-
- Reviewed by Tor Arne Vestbø.
-
- * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC
- (moved from top-level WebKit.pro). Also add v8 scopes to only build
- WTF during v8 builds.
-
-2011-12-05 Anders Carlsson <andersca@apple.com>
-
- Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11.
-
- Reviewed by Darin Adler.
-
- * wtf/HashMap.h:
-
-2011-12-05 Michael Saboff <msaboff@apple.com>
-
- Create StringImpl::empty() as an 8 bit string
- https://bugs.webkit.org/show_bug.cgi?id=73871
-
- Reviewed by Oliver Hunt.
-
- * wtf/text/StringStatics.cpp:
- (WTF::StringImpl::empty): Changed to be an 8 bit string.
-
-2011-12-05 Darin Adler <darin@apple.com>
-
- Convert JSClassRef to use HashMap<OwnPtr>
- https://bugs.webkit.org/show_bug.cgi?id=73780
-
- Reviewed by Andreas Kling.
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map
- entries because the hash map now has an OwnPtr instead of a raw pointer.
-
- * API/JSClassRef.cpp:
- (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and
- m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating.
- Removed the code that gets and deletes existing entries, and just use set,
- which now handles deletion automatically due to it being OwnPtr.
- (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion
- with assertion-only NDEBUG-only code.
- (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when
- allocating. Use OwnPtr when adding. Removed unneeded code to set
- staticValues and staticFunctions to 0. Removed unneeded destructor.
- (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local.
- (OpaqueJSClass::staticFunctions): Ditto.
- (OpaqueJSClass::prototype): Added use of adoptPtr.
-
- * API/JSClassRef.h: Made the static values and static functions tables
- use OwnPtr for the entries. Also used OwnPtr for the pointers to the
- tables themselves. Also removed ~OpaqueJSClassContextData(), letting
- the compiler generate it.
-
-2011-12-05 Oliver Hunt <oliver@apple.com>
-
- Land uncommitted bit of float array support
- https://bugs.webkit.org/show_bug.cgi?id=73873
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-
-2011-12-05 Benjamin Poulain <benjamin@webkit.org>
-
- Update String::containsOnlyASCII() to handle 8 bits strings
- https://bugs.webkit.org/show_bug.cgi?id=73799
-
- Reviewed by Darin Adler.
-
- Implement String::containsOnlyASCII() so that it does not
- call String::characters().
-
- * wtf/text/WTFString.h:
- (WTF::String::containsOnlyASCII):
-
-2011-12-05 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for non-DFG platforms.
-
- * dfg/DFGRepatch.h:
-
-2011-12-05 Filip Pizlo <fpizlo@apple.com>
-
- Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they
- were compact offsets
- https://bugs.webkit.org/show_bug.cgi?id=73861
-
- Reviewed by Gavin Barraclough.
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::resetPatchPutById):
-
-2011-12-05 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, build fixes for ARM.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::unreachableForPlatform):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::loadDouble):
- (JSC::MacroAssemblerARMv7::loadFloat):
- (JSC::MacroAssemblerARMv7::storeFloat):
- (JSC::MacroAssemblerARMv7::convertFloatToDouble):
- (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
-
-2011-12-05 Benjamin Poulain <benjamin@webkit.org>
-
- Update String::containsOnlyLatin1() to avoid converting to 16 bits
- https://bugs.webkit.org/show_bug.cgi?id=73797
-
- Reviewed by Andreas Kling.
-
- When the String use 8bits StringImpl, there is no need to iterate
- over the string.
-
- The function charactersAreAllLatin1() is removed because it is not
- used anywhere.
-
- * wtf/text/WTFString.h:
- (WTF::String::containsOnlyLatin1):
-
-2011-12-05 Michael Saboff <msaboff@apple.com>
-
- 8 bit string work slows down Kraken json-stringify-tinderbox
- https://bugs.webkit.org/show_bug.cgi?id=73457
-
- Added 8 bit path to StringBuilder. StringBuilder starts
- assuming 8 bit contents and gets converted to 16 bit upon
- seeing the first 16 bit character or string. Split
- appendUninitialiezed into an inlined fast and function call
- slow case.
-
- Factored out the processing of the UString argument from
- Stringifier::appendQuotedString() to a static templated function
- based on character size.
-
- This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox.
- This change introduces a 4.8% slowdown to json-parse-financial.
- This slowdown will be addressed in a subsequent patch to StringImpl::equal.
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSONObject.cpp:
- (JSC::appendStringToUStringBuilder):
- (JSC::Stringifier::appendQuotedString):
- * wtf/text/StringBuilder.cpp:
- (WTF::StringBuilder::resize):
- (WTF::StringBuilder::allocateBuffer):
- (WTF::StringBuilder::allocateBufferUpConvert):
- (WTF::LChar):
- (WTF::UChar):
- (WTF::StringBuilder::reserveCapacity):
- (WTF::StringBuilder::appendUninitialized):
- (WTF::StringBuilder::appendUninitializedSlow):
- (WTF::StringBuilder::append):
- (WTF::StringBuilder::shrinkToFit):
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::StringBuilder):
- (WTF::StringBuilder::append):
- (WTF::StringBuilder::operator[]):
- (WTF::StringBuilder::characters8):
- (WTF::StringBuilder::characters16):
- (WTF::StringBuilder::charactersBlah):
- (WTF::LChar):
- (WTF::UChar):
-
-2011-12-01 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=73624
- JIT + INTERPRETER builds are broken
-
- Reviewed by Geoff Garen, Sam Weinig.
-
- These don't fallback to the interpreter correctly.
- Thunk creation assumes that is the JIT is compiled in, then it is enabled.
-
- * jit/JITStubs.cpp:
- (JSC::JITThunks::JITThunks):
- * runtime/Executable.h:
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::finishCreation):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::getHostFunction):
-
-2011-12-05 Zoltan Herczeg <zherczeg@webkit.org>
-
- MacroAssemblerSH4 does not implement readCallTarget
- https://bugs.webkit.org/show_bug.cgi?id=73434
-
- Reviewed by Csaba Osztrogonác.
-
- * assembler/MacroAssemblerSH4.h: Support for SH4.
- (JSC::MacroAssemblerSH4::readCallTarget):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::readCallTarget):
-
-2011-12-04 Filip Pizlo <fpizlo@apple.com>
-
- DFG should optimize strict equality
- https://bugs.webkit.org/show_bug.cgi?id=73764
-
- Reviewed by Oliver Hunt.
-
- 1% speed-up on V8.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
- (JSC::DFG::SpeculativeJIT::compileStrictEq):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
- (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
- (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-03 Darin Adler <darin@apple.com>
-
- Use HashMap<OwnPtr> for ScriptSampleRecordMap
- https://bugs.webkit.org/show_bug.cgi?id=73758
-
- Reviewed by Andreas Kling.
-
- * bytecode/SamplingTool.cpp:
- (JSC::SamplingTool::notifyOfScope): Added adoptPtr.
- (JSC::SamplingTool::dump): Added get.
- * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr.
-
-2011-12-03 Darin Adler <darin@apple.com>
-
- Use HashMap<OwnPtr> for the opaqueJSClassData map
- https://bugs.webkit.org/show_bug.cgi?id=73759
-
- Reviewed by Andreas Kling.
-
- * API/JSClassRef.cpp:
- (OpaqueJSClass::contextData): Update types.
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the
- timing the same. If we didn't care about the order of operations, we could remove this, too.
- * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the
- opaqueJSClassData map.
-
-2011-12-03 Darin Adler <darin@apple.com>
-
- Change HashMap implementation to use the pass type and peek type from traits for the mapped value
- https://bugs.webkit.org/show_bug.cgi?id=72474
-
- Reviewed by Anders Carlsson.
-
- * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType,
- and PeekType from the traits of the mapped value instead of hard-coding them here.
- Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself,
- to accomodate a PassInType that can't be copied. Use the store, peek, and passOut
- functions from the traits as well.
-
- * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include
- PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had
- an earlier version that was just PassType, PeekType, pass, and peek. Also commented
- the HashTraits for RefPtr to foreshadow some work we can do there.
-
- * wtf/RefPtrHashMap.h: Same changes as HashMap.h.
-
-2011-12-02 David Levin <levin@chromium.org>
-
- Rename WTF class from TemporarilyChange to TemporaryChange.
- https://bugs.webkit.org/show_bug.cgi?id=73479
-
- Reviewed by Eric Seidel.
-
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h.
- (WTF::TemporaryChange::TemporaryChange):
- (WTF::TemporaryChange::~TemporaryChange):
-
-2011-12-02 Mark Hahnenberg <mhahnenberg@apple.com>
-
- REGRESSION (r99754): All layout tests crash on Windows
- https://bugs.webkit.org/show_bug.cgi?id=72305
-
- Reviewed by Geoffrey Garen.
-
- Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in
- JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of
- a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an
- incorrect version of visitChildren on the object, which left its children unmarked, causing them to be
- collected when they were still reachable.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away.
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization
- purposes are distinct from one another.
-
-2011-12-02 Oliver Hunt <oliver@apple.com>
-
- Improve float array support in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=73722
-
- Reviewed by Gavin Barraclough.
-
- Add basic support for float typed arrays in JSC. This is currently
- less optimal than it could be in the following ways:
- * float32Array1[0] = float32Array2[0] (eg. an element by element copy)
- promotes float to double and then back to float.
- * float64Array[0] will always perform NaN tests in order to prevent
- signalling NaNs from entering the engine.
-
- We also don't support Float32Array on ARMv7
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::loadDouble):
- (JSC::MacroAssemblerARMv7::loadFloat):
- (JSC::MacroAssemblerARMv7::storeDouble):
- (JSC::MacroAssemblerARMv7::storeFloat):
- (JSC::MacroAssemblerARMv7::convertFloatToDouble):
- (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::loadDouble):
- (JSC::MacroAssemblerX86Common::loadFloat):
- (JSC::MacroAssemblerX86Common::storeDouble):
- (JSC::MacroAssemblerX86Common::storeFloat):
- (JSC::MacroAssemblerX86Common::convertDoubleToFloat):
- (JSC::MacroAssemblerX86Common::convertFloatToDouble):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::cvtsd2ss_rr):
- (JSC::X86Assembler::cvtss2sd_rr):
- (JSC::X86Assembler::movsd_rm):
- (JSC::X86Assembler::movss_rm):
- (JSC::X86Assembler::movsd_mr):
- (JSC::X86Assembler::movss_mr):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateFloat32Array):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-02 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r101801.
- http://trac.webkit.org/changeset/101801
- https://bugs.webkit.org/show_bug.cgi?id=73667
-
- Build is still broken (Requested by Ossy on #webkit).
-
- * assembler/SH4Assembler.h:
-
-2011-12-01 Darin Adler <darin@apple.com>
-
- Prepare to deploy pass and peek types in the HashMap class
- https://bugs.webkit.org/show_bug.cgi?id=73477
-
- Reviewed by Adam Roben.
-
- This patch adds private typedefs inside the HashMap class,
- and uses them as appropriate. A future patch will actually
- tie those typedefs to hash traits, which will allow us to
- make HashMap work with OwnPtr mapped values and to optimize
- how HashMap works with RefPtr mapped values.
-
- Also changed the hash translator and adapter struct templates
- to use template functions to simplify them and make them more
- flexible.
-
- Also removed some unused template arguments.
-
- This goes out of its way to not change behavior. Future patches
- will change the peek type to be a reference type, which will
- reduce reference count churn a bit for hash tables with RefPtr
- mapped values, and then do further optimizations for RefPtr
- and OwnPtr by getting types from the hash traits.
-
- * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType,
- and MappedPeekType typedefs, and used them for the arguments
- and return types of the get, set, add, take, and inlineAdd
- functions.
- (WTF::HashMapTranslator): Changed this struct template to take
- fewer arguments, and changed its member functions to be
- function templates instead. This allows the compiler to
- determine types more flexibly and also simplifies use of it.
- (WTF::HashMapTranslatorAdapter): Ditto.
- (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter.
- Also reduced the arguments passed to the HashTable function template.
- (WTF::HashMap::contains): Ditto.
- (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
- (WTF::HashMap::set): Ditto.
- (WTF::HashMap::add): Ditto.
- (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
- (WTF::HashMap::get): Ditto.
- (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
- that type in the implementation.
- (WTF::deleteAllValues): Removed unneeded template arguments from
- call to deleteAllPairSeconds.
- (WTF::deleteAllKeys): Removed unneeded template arguments from
- call to deleteAllPairFirsts.
-
- * wtf/HashSet.h:
- (WTF::IdentityExtractor): Changed this to be a struct rather than
- a struct template, and replaced the extract function with a function
- template. This allows the compiler to deduce the type.
- (WTF::HashSetTranslatorAdapter): Changed this struct template to take
- fewer arguments, and changed its member functions to be
- function templates instead. This allows the compiler to
- determine types more flexibly and also simplifies use of it.
- (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter.
- Also reduced the arguments passed to the HashTable function template.
- (WTF::HashSet::contains): Ditto.
- (WTF::HashSet::add): Ditto.
-
- * wtf/HashTable.h:
- (WTF::IdentityHashTranslator): Changed this struct template to take
- fewer arguments, and changed its member functions to be
- function templates instead. This allows the compiler to
- determine types more flexibly and also simplifies use of it.
- (WTF::HashTable::add): Reduced arguments passed to the function template.
- (WTF::HashTable::find): Ditto, also reversed the template arguments so the
- translator comes first so the compiler can deduce the other type.
- (WTF::HashTable::contains): Ditto.
- (WTF::HashTable::lookup): Ditto.
- (WTF::HashTable::lookupForWriting): Ditto.
- (WTF::HashTable::checkKey): Ditto.
- (WTF::HashTable::fullLookupForWriting): Ditto.
- (WTF::HashTable::add): Ditto.
- (WTF::HashTable::addPassingHashCode): Ditto.
- (WTF::HashTable::find): Ditto.
- (WTF::HashTable::contains): Ditto.
-
- * wtf/ListHashSet.h:
- (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take
- fewer arguments, and changed its member functions to be function templates
- instead. This allows the compiler to determine types more flexibly and
- also simplifies use of it.
- (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable
- functon template.
- (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the
- same way we changed ListHashSetNodeHashFunctions above.
- (WTF::ListHashSetTranslatorAdapter::equal):
- (WTF::::contains):
- (WTF::::add):
- (WTF::::insertBefore):
-
- * wtf/RefPtrHashMap.h: Updated comments. Removed the
- RefPtrHashMapRawKeyTranslator struct template; we can use the
- HashMapTranslator struct template from HashMap.h instead now that
- it is more flexible. Added MappedPassInType, MappedPassOutType,
- and MappedPeekType typedefs, and used them for the arguments
- and return types of the get, inlineGet, set, add, take, and inlineAdd
- functions. Changed the name of the RawKeyTranslator type to
- Translator since it's now a class that can handle both raw keys
- and conventional keys.
- (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator.
- Reduced the arguments passed to the HashTable function template.
- (WTF::HashMap::contains): Ditto.
- (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
- (WTF::HashMap::set): Ditto.
- (WTF::HashMap::add): Ditto.
- (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
- (WTF::HashMap::get): Ditto.
- (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
- that type in the implementation.
- (WTF::deleteAllValues): Removed unneeded template arguments from
- call to deleteAllPairSeconds.
- (WTF::deleteAllKeys): Removed unneeded template arguments from
- call to deleteAllPairFirsts.
-
-2011-12-02 Zoltan Herczeg <zherczeg@webkit.org>
-
- MacroAssemblerSH4 does not implement readCallTarget
- https://bugs.webkit.org/show_bug.cgi?id=73434
-
- Reviewed by Csaba Osztrogonác.
-
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::readCallTarget): Support for SH4.
-
-2011-12-02 Hajime Morrita <morrita@chromium.org>
-
- Unreviewed, rolling out r101751 and r101775.
- http://trac.webkit.org/changeset/101751
- http://trac.webkit.org/changeset/101775
- https://bugs.webkit.org/show_bug.cgi?id=73191
-
- breaks Windows build
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * config.h:
- * runtime/JSExportMacros.h: Removed.
- * wtf/ExportMacros.h:
- * wtf/Platform.h:
- * wtf/WTFThreadData.h:
- * wtf/text/AtomicString.h:
- * wtf/text/StringStatics.cpp:
-
-2011-12-01 Hajime Morrita <morrita@chromium.org>
-
- JS_INLINE and WTF_INLINE should be visible from WebCore
- https://bugs.webkit.org/show_bug.cgi?id=73191
-
- - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
- - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
- - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
-
- Reviewed by Kevin Ollivier.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * config.h:
- * runtime/JSExportMacros.h: Added.
- * wtf/ExportMacros.h:
- * wtf/Platform.h:
- * wtf/WTFThreadData.h:
- * wtf/text/AtomicString.h:
- * wtf/text/StringStatics.cpp:
-
-2011-12-01 Michael Saboff <msaboff@apple.com>
-
- Changes proposed for 73457 slow down Kraken json-parse-financial
- https://bugs.webkit.org/show_bug.cgi?id=73584
-
- Restructured StringImpl::equal to take advantage of 8 or 4 bytes
- at a time when possible.
-
- This is worth ~3% on Kraken json-parse-financial. It provides
- ~2% on SunSpider string-unpack-code.
-
- Reviewed by Sam Weinig.
-
- * wtf/text/StringImpl.cpp:
- (WTF::equal):
-
-2011-12-01 Oliver Hunt <oliver@apple.com>
-
- Support integer typed arrays in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=73608
-
- Reviewed by Filip Pizlo.
-
- Add support for all the integral typed arrays in the DFG JIT.
- Currently this loads the contents of Uint32 arrays as doubles,
- which is clearly not as efficient as it could be, but this is
- still in the order of 10-20x faster than the existing behaviour.
-
- This needed us to add support for writing 16bit values to the
- macroassembler, and also to support double<->unsigned conversion.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::strh):
- (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::store16):
- (JSC::MacroAssemblerARMv7::truncateDoubleToUint32):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::store16):
- (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movw_rm):
- (JSC::X86Assembler::cvttsd2siq_rr):
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- (JSC::predictionFromClassInfo):
- * bytecode/PredictedType.h:
- (JSC::isInt8ArrayPrediction):
- (JSC::isInt16ArrayPrediction):
- (JSC::isInt32ArrayPrediction):
- (JSC::isUint8ArrayPrediction):
- (JSC::isUint16ArrayPrediction):
- (JSC::isUint32ArrayPrediction):
- (JSC::isFloat32ArrayPrediction):
- (JSC::isFloat64ArrayPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::initialize):
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateInt8Array):
- (JSC::DFG::Node::shouldSpeculateInt16Array):
- (JSC::DFG::Node::shouldSpeculateInt32Array):
- (JSC::DFG::Node::shouldSpeculateUint8Array):
- (JSC::DFG::Node::shouldSpeculateUint16Array):
- (JSC::DFG::Node::shouldSpeculateUint32Array):
- (JSC::DFG::Node::shouldSpeculateFloat32Array):
- (JSC::DFG::Node::shouldSpeculateFloat64Array):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
- (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSGlobalData.h:
-
-2011-12-01 Benjamin Poulain <benjamin@webkit.org>
-
- URLs are encoded in UTF-8, then decoded as if they are Latin1
- https://bugs.webkit.org/show_bug.cgi?id=71758
-
- Reviewed by Darin Adler.
-
- Add the operator == between a String and a Vector of char. The implementation
- is the same as the comparison of String and char* but adds the length as a
- parameter for comparing the strings.
-
- * JavaScriptCore.exp:
- * wtf/text/StringImpl.h:
- (WTF::equal):
- * wtf/text/WTFString.h:
- (WTF::operator==):
- (WTF::operator!=):
-
-2011-12-01 Martin Robinson <mrobinson@igalia.com>
-
- [GTK] Read fonts from the jhbuild root
- https://bugs.webkit.org/show_bug.cgi?id=73487
-
- Reviewed by Gustavo Noronha Silva.
-
- Read fonts from the jhbuild root instead of from the system. This will ensure
- that all testers use the same fonts instead of leaving this up to luck.
-
- * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner.
-
-2011-12-01 Martin Robinson <mrobinson@igalia.com>
-
- [GTK] Add a helper function to find the current executable's path
- https://bugs.webkit.org/show_bug.cgi?id=73473
-
- Reviewed by Gustavo Noronha Silva.
-
- Add a WTF helper which gets the binary path. This is currently only used
- in WebKit2.
-
- * GNUmakefile.list.am: Add the new file to the source list.
- * wtf/gobject/GlibUtilities.cpp: Added.
- (getCurrentExecutablePath):
- * wtf/gobject/GlibUtilities.h: Added.
-
-2011-12-01 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r101691.
- http://trac.webkit.org/changeset/101691
- https://bugs.webkit.org/show_bug.cgi?id=73588
-
- Tests fail on Chromium bots, early warning system warned
- committer, please adjust test_expectations in patch (Requested
- by scheib on #webkit).
-
- * JavaScriptCore.exp:
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.h:
-
-2011-12-01 Filip Pizlo <fpizlo@apple.com>
-
- ARMv7 only allows for one-shot patching of compact offsets, while the
- JIT expects to be able to repatch
- https://bugs.webkit.org/show_bug.cgi?id=73548
-
- Reviewed by Oliver Hunt.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::setUInt7ForLoad):
-
-2011-11-30 Benjamin Poulain <benjamin@webkit.org>
-
- URLs are encoded in UTF-8, then decoded as if they are Latin1
- https://bugs.webkit.org/show_bug.cgi?id=71758
-
- Reviewed by Darin Adler.
-
- Add the operator == between a String and a Vector of char. The implementation
- is the same as the comparison of String and char* but adds the length as a
- parameter for comparing the strings.
-
- * JavaScriptCore.exp:
- * wtf/text/StringImpl.h:
- (WTF::equal):
- * wtf/text/WTFString.h:
- (WTF::operator==):
- (WTF::operator!=):
-
-2011-11-30 Dmitry Lomov <dslomov@google.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=73503
- [Chromium][V8] Implement ArrayBuffer transfer in chromium.
- Portions of this patch come from Luke Zarko.
-
- Reviewed by David Levin.
-
- * wtf/ArrayBuffer.cpp:
- (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr.
- * wtf/ArrayBuffer.h:
- (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr.
- (WTF::ArrayBuffer::isNeutered):
- * wtf/TypedArrayBase.h:
- (WTF::TypedArrayBase::neuter):
-
-2011-12-01 Chao-ying Fu <fu@mips.com>
-
- MacroAssemblerMIPS does not implement readCallTarget
- https://bugs.webkit.org/show_bug.cgi?id=73432
-
- Reviewed by Zoltan Herczeg.
-
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::readCallTarget):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::readCallTarget):
-
-2011-12-01 Noel Gordon <noel.gordon@gmail.com>
-
- [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects
- https://bugs.webkit.org/show_bug.cgi?id=73527
-
- Reviewed by Simon Hausmann.
-
- wtf/qt/ThreadingQt.cpp was removed in r101477
-
- * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp
-
-2011-12-01 Filip Pizlo <fpizlo@apple.com>
-
- BitVector isInline check could fail
- https://bugs.webkit.org/show_bug.cgi?id=70691
-
- Reviewed by Gavin Barraclough.
-
- Switch back to using the high bit as the inline marker, to make
- all of the bit indexing operations simpler. Computing the size in
- words and in bytes of a bitvector, using the number of bits as
- input is error-prone enough; and with the current approach to
- solving the X86 bug we end up getting it wrong. Making it right
- seems hard.
-
- So instead, to solve the original problem (the high bit may be
- meaningful on 32-bit systems), the out-of-line storage pointer is
- right-shifted by 1. Compared to the original BitVector code, this
- is a much smaller change (just three lines).
-
- This solves a bug where the DFG was corrupting its call frame
- because BitVector lost track of some bits.
-
- * wtf/BitVector.cpp:
- (WTF::BitVector::setSlow):
- (WTF::BitVector::resizeOutOfLine):
- * wtf/BitVector.h:
- (WTF::BitVector::quickGet):
- (WTF::BitVector::quickSet):
- (WTF::BitVector::quickClear):
- (WTF::BitVector::makeInlineBits):
- (WTF::BitVector::isInline):
- (WTF::BitVector::outOfLineBits):
-
-2011-11-30 Filip Pizlo <fpizlo@apple.com>
-
- DFG should make it easier to notice node boundaries in disassembly
- https://bugs.webkit.org/show_bug.cgi?id=73509
-
- Rubber-stamped by Gavin Barraclough
-
- If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will
- be emitted at node boundaries, where the immediate being xor'd is the
- node index.
-
- * dfg/DFGCommon.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-30 Geoffrey Garen <ggaren@apple.com>
-
- Removed ArgList iterators.
-
- Reviewed by Gavin Barraclough.
-
- Another step toward reversing the argument order.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct): Switched from iterator to int.
-
- * runtime/ArgList.h:
- (JSC::ArgList::ArgList):
- (JSC::ArgList::isEmpty): Removed iterators.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::finishCreation): Switched from iterator to int.
-
-2011-11-30 Yuqiang Xian <yuqiang.xian@intel.com>
-
- 32 bit DFG should handle logicalNot slow case instead of simply bailing out
- https://bugs.webkit.org/show_bug.cgi?id=73515
-
- Reviewed by Filip Pizlo.
-
- This improves Kraken performance by 14%, mainly due to ~3X improvement
- on imaging-desaturate.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-
-2011-11-30 Max Vujovic <mvujovic@adobe.com>
-
- Some date values not handled consistently with IE/Firefox
- https://bugs.webkit.org/show_bug.cgi?id=14176
-
- Reviewed by Gavin Barraclough.
-
- Changed time zone offset parsing behavior to match IE/Firefox/Opera's in
- implementation dependent cases like "GMT-4".
-
- * wtf/DateMath.cpp:
- (WTF::parseDateFromNullTerminatedCharacters):
-
-2011-11-30 Mark Hahnenberg <mhahnenberg@apple.com>
-
- toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback
- https://bugs.webkit.org/show_bug.cgi?id=73368
-
- Reviewed by Darin Adler.
-
- We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever
- happens to be in the first class of the chain, which potentially could be null.
-
- <rdar://problem/10493218>
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::toStringCallback):
- (JSC::JSCallbackFunction::valueOfCallback):
-
-2011-11-29 Sam Weinig <sam@webkit.org>
-
- Add adoptCF and adoptNS convenience functions to RetainPtr.h
- https://bugs.webkit.org/show_bug.cgi?id=73399
-
- Reviewed by Anders Carlsson.
-
- * wtf/RetainPtr.h:
- (WTF::adoptCF):
- (WTF::adoptNS):
- These adoption functions match the pattern we use in other
- smart pointer classes.
-
-2011-11-30 Adam Roben <aroben@apple.com>
-
- Fix RetainPtr's move assignment operators
-
- Fixes <http://webkit.org/b/73449> RetainPtr's move assignment operators don't modify the
- pointer being assigned to
-
- I didn't write a test for this because we don't have a way of unit testing C++11 code (see
- <http://webkit.org/b/73448>).
-
- Reviewed by Anders Carlsson.
-
- * wtf/RetainPtr.h:
- (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own
- pointer.
-
-2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
-
- Unreviewed rolling out incorrect r101481.
-
- * assembler/MIPSAssembler.h:
- * assembler/MacroAssemblerMIPS.h:
-
-2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
-
- Fix compilation with MingW.
-
- Reviewed by Csaba Osztrogonác.
-
- * wtf/ThreadingWin.cpp:
- (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for
- the time being make the thread name setting unimplemented for MingW.
-
-2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
-
- Unreviewed propective build fix for Qt/Windows part 2 after r101477.
-
- * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific<T>::Data
-
-2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
-
- Unreviewed propective build fix for Qt/Windows after r101477.
-
- * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's
- only referenced from within another OS(WINDOWS) section.
-
-2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
-
- Unreviewed speculative buildfix after r101457.
-
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::readCallTarget):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::readCallTarget):
-
-2011-11-30 Andrew Wason <rectalogic@rectalogic.com>
-
- Replace Qt QThread threading back-end with pthread/Win32 threading back-ends
- https://bugs.webkit.org/show_bug.cgi?id=72155
-
- Reviewed by Simon Hausmann.
-
- Use ThreadingPthreads and ThreadingWin instead of ThreadingQt.
-
- * heap/MachineStackMarker.cpp:
- * wtf/MainThread.cpp:
- (WTF::initializeMainThread):
- * wtf/Platform.h:
- * wtf/ThreadSpecific.h: Drop QThreadStorage related code.
- (WTF::::destroy):
- * wtf/ThreadingPrimitives.h:
- * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread().
- (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread.
- (WTF::scheduleDispatchFunctionsOnMainThread):
- * wtf/qt/ThreadingQt.cpp: Removed.
- * wtf/wtf.pro:
-
-2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
-
- MacroAssemblerARM does not implement readCallTarget
- https://bugs.webkit.org/show_bug.cgi?id=73413
-
- Based on Filip Pizlo's patch.
-
- Buildfix. Rubber-stamped by Gabor Loki.
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::readCallTarget):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::readCallTarget):
-
-2011-11-29 Filip Pizlo <fpizlo@apple.com>
-
- Resetting a put_by_id inline cache should preserve the "isDirect" bit
- https://bugs.webkit.org/show_bug.cgi?id=73375
-
- Reviewed by Gavin Barraclough.
-
- For the replace case, we can find out if it was direct by looking at the
- slow call. For the transition case, we explicitly remember if it was
- direct.
-
- * bytecode/CodeBlock.cpp:
- (JSC::printStructureStubInfo):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
- (JSC::StructureStubInfo::visitWeakReferences):
- * bytecode/StructureStubInfo.h:
- (JSC::isPutByIdAccess):
- (JSC::StructureStubInfo::initPutByIdTransition):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCachePutByID):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::resetPatchPutById):
- (JSC::JIT::isDirectPutById):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::resetPatchPutById):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::tryCachePutByID):
-
-2011-11-29 Sam Weinig <sam@webkit.org>
-
- Remove RetainPtr::releaseRef
- https://bugs.webkit.org/show_bug.cgi?id=73396
-
- Reviewed by Dan Bernstein.
-
- * wtf/RetainPtr.h:
- Be gone releaseRef! Long live leakRef!
-
-2011-11-29 Sam Weinig <sam@webkit.org>
-
- Add move semantics to RetainPtr
- https://bugs.webkit.org/show_bug.cgi?id=73393
-
- Reviewed by Anders Carlsson.
-
- * wtf/RetainPtr.h:
- (WTF::RetainPtr::RetainPtr):
- Add a move constructor and move enabled assignment operators
- to RetainPtr if the compiler being used supports rvalue
- references. If the compiler does not support it, we fallback
- to the copy semantics we have always had.
-
-2011-11-29 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG local CSE may cause incorrect reference counting for a node
- https://bugs.webkit.org/show_bug.cgi?id=73390
-
- Reviewed by Filip Pizlo.
-
- When performing a node substitution, the ref count of the replaced
- child will be increased, no matter whether the user node is skipped in
- code generation or not. This will cause the reference count of the
- replaced child never get the chance to become zero and so the
- registers occupied by it cannot be reused simply without spilling, if
- it's used by a "skipped" node.
- This is a 1% gain on V8 benchmark, tested on IA32 Linux.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::performSubstitution):
- (JSC::DFG::Propagator::performNodeCSE):
-
-2011-11-29 David Levin <levin@chromium.org>
-
- Add a way to revert a variable to its previous value after leaving a scope.
- https://bugs.webkit.org/show_bug.cgi?id=73371
-
- Reviewed by Adam Barth.
-
- In case anyone from Chromium sees this, it is nearly identical to AutoReset
- but if the same name were used, it causes unnecessary ambiguity.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/TemporarilyChange.h: Added.
- (WTF::TemporarilyChange::TemporarilyChange):
- (WTF::TemporarilyChange::~TemporarilyChange):
-
-2011-11-29 Sam Weinig <sam@webkit.org>
-
- Add COMPILER_SUPPORTS macro to allow for compiler feature testing
- https://bugs.webkit.org/show_bug.cgi?id=73386
-
- Reviewed by Anders Carlsson.
-
- * wtf/Compiler.h:
- Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and
- rvalue references for Clang.
-
-2011-11-29 Oliver Hunt <oliver@apple.com>
-
- Allow WebCore to describe typed arrays to JSC
- https://bugs.webkit.org/show_bug.cgi?id=73355
-
- Reviewed by Gavin Barraclough.
-
- Allow globaldata to track the structure of typed arrays.
-
- * runtime/JSGlobalData.h:
- (JSC::TypedArrayDescriptor::TypedArrayDescriptor):
-
-2011-11-28 Filip Pizlo <fpizlo@apple.com>
-
- DFG debugCall() mechanism only works on X86 and X86-64
- https://bugs.webkit.org/show_bug.cgi?id=73282
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::debugCall):
-
-2011-11-28 Filip Pizlo <fpizlo@apple.com>
-
- DFG non-X86 ArithDiv does speculation failure after mutating state,
- without a value recovery
- https://bugs.webkit.org/show_bug.cgi?id=73286
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-28 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fixes for ARM.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::readCallTarget):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
-
-2011-11-20 Roland Steiner <rolandsteiner@chromium.org>
-
- <style scoped>: add ENABLE(STYLE_SCOPED) flag to WebKit
- https://bugs.webkit.org/show_bug.cgi?id=72848
-
- Add ENABLE_STYLE_SCOPED flag.
-
- Reviewed by Dimitri Glazkov.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-11-28 Jon Lee <jonlee@apple.com>
-
- Create skeleton framework for notifications support in WK2
- https://bugs.webkit.org/show_bug.cgi?id=73253
- <rdar://problem/10356943>
-
- * Configurations/FeatureDefines.xcconfig: Split out ENABLE_NOTIFICATIONS based on platform.
-
-2011-11-28 Oliver Hunt <oliver@apple.com>
-
- Fix windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-28 Oliver Hunt <oliver@apple.com>
-
- Fix gyp build
-
- * JavaScriptCore.gypi:
-
-2011-11-28 Filip Pizlo <fpizlo@apple.com>
-
- GetById should not always speculate cell
- https://bugs.webkit.org/show_bug.cgi?id=73181
-
- Reviewed by Gavin Barraclough.
-
- GetById will now speculate cell if the predictions of the base are cell.
- Otherwise it will do like the old JIT (and like the old non-speculative
- DFG JIT): if not cell, go straight to slow-path but otherwise don't OSR
- out. This is a 1% speed-up on SunSpider.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
- (JSC::DFG::SpeculativeJIT::callOperation):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-28 Oliver Hunt <oliver@apple.com>
-
- Move typed array implementations into wtf
- https://bugs.webkit.org/show_bug.cgi?id=73248
-
- Reviewed by Sam Weinig.
-
- Move typed array implementation files from WebCore to wtf. Inline the
- .cpp files for each of the array views to cut down on unnecessary exports
- and function call overhead for trivial operations.
-
- Added files to all the project files.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/ArrayBuffer.cpp: Renamed from Source/WebCore/html/canvas/Float32Array.cpp.
- (WTF::ArrayBuffer::transfer):
- (WTF::ArrayBuffer::addView):
- (WTF::ArrayBuffer::removeView):
- * wtf/ArrayBuffer.h: Renamed from Source/WebCore/html/canvas/ArrayBuffer.cpp.
- (WTF::ArrayBufferContents::ArrayBufferContents):
- (WTF::ArrayBufferContents::data):
- (WTF::ArrayBufferContents::sizeInBytes):
- (WTF::ArrayBufferContents::transfer):
- (WTF::ArrayBuffer::~ArrayBuffer):
- (WTF::ArrayBuffer::clampValue):
- (WTF::ArrayBuffer::create):
- (WTF::ArrayBuffer::ArrayBuffer):
- (WTF::ArrayBuffer::data):
- (WTF::ArrayBuffer::byteLength):
- (WTF::ArrayBuffer::slice):
- (WTF::ArrayBuffer::sliceImpl):
- (WTF::ArrayBuffer::clampIndex):
- (WTF::ArrayBufferContents::tryAllocate):
- (WTF::ArrayBufferContents::~ArrayBufferContents):
- * wtf/ArrayBufferView.cpp: Copied from Source/WebCore/bindings/js/JSArrayBufferCustom.cpp.
- (WTF::ArrayBufferView::ArrayBufferView):
- (WTF::ArrayBufferView::~ArrayBufferView):
- (WTF::ArrayBufferView::neuter):
- * wtf/ArrayBufferView.h: Renamed from Source/WebCore/html/canvas/ArrayBufferView.h.
- (WTF::ArrayBufferView::isByteArray):
- (WTF::ArrayBufferView::isUnsignedByteArray):
- (WTF::ArrayBufferView::isShortArray):
- (WTF::ArrayBufferView::isUnsignedShortArray):
- (WTF::ArrayBufferView::isIntArray):
- (WTF::ArrayBufferView::isUnsignedIntArray):
- (WTF::ArrayBufferView::isFloatArray):
- (WTF::ArrayBufferView::isDoubleArray):
- (WTF::ArrayBufferView::isDataView):
- (WTF::ArrayBufferView::buffer):
- (WTF::ArrayBufferView::baseAddress):
- (WTF::ArrayBufferView::byteOffset):
- (WTF::ArrayBufferView::verifySubRange):
- (WTF::ArrayBufferView::clampOffsetAndNumElements):
- (WTF::ArrayBufferView::setImpl):
- (WTF::ArrayBufferView::setRangeImpl):
- (WTF::ArrayBufferView::zeroRangeImpl):
- (WTF::ArrayBufferView::calculateOffsetAndLength):
- * wtf/CMakeLists.txt:
- * wtf/Float32Array.h: Renamed from Source/WebCore/html/canvas/Float32Array.h.
- (WTF::Float32Array::set):
- (WTF::Float32Array::item):
- (WTF::Float32Array::isFloatArray):
- (WTF::Float32Array::create):
- (WTF::Float32Array::Float32Array):
- (WTF::Float32Array::subarray):
- * wtf/Float64Array.h: Renamed from Source/WebCore/html/canvas/Float64Array.h.
- (WTF::Float64Array::set):
- (WTF::Float64Array::item):
- (WTF::Float64Array::isDoubleArray):
- (WTF::Float64Array::create):
- (WTF::Float64Array::Float64Array):
- (WTF::Float64Array::subarray):
- * wtf/Int16Array.h: Renamed from Source/WebCore/html/canvas/Int16Array.cpp.
- (WTF::Int16Array::set):
- (WTF::Int16Array::isShortArray):
- (WTF::Int16Array::create):
- (WTF::Int16Array::Int16Array):
- (WTF::Int16Array::subarray):
- * wtf/Int32Array.h: Renamed from Source/WebCore/html/canvas/Int32Array.cpp.
- (WTF::Int32Array::set):
- (WTF::Int32Array::isIntArray):
- (WTF::Int32Array::create):
- (WTF::Int32Array::Int32Array):
- (WTF::Int32Array::subarray):
- * wtf/Int8Array.h: Renamed from Source/WebCore/html/canvas/Int8Array.cpp.
- (WTF::Int8Array::set):
- (WTF::Int8Array::isByteArray):
- (WTF::Int8Array::create):
- (WTF::Int8Array::Int8Array):
- (WTF::Int8Array::subarray):
- * wtf/IntegralTypedArrayBase.h: Renamed from Source/WebCore/html/canvas/IntegralTypedArrayBase.h.
- (WTF::IntegralTypedArrayBase::set):
- (WTF::IntegralTypedArrayBase::item):
- (WTF::IntegralTypedArrayBase::IntegralTypedArrayBase):
- * wtf/TypedArrayBase.h: Renamed from Source/WebCore/html/canvas/TypedArrayBase.h.
- (WTF::TypedArrayBase::data):
- (WTF::TypedArrayBase::set):
- (WTF::TypedArrayBase::setRange):
- (WTF::TypedArrayBase::zeroRange):
- (WTF::TypedArrayBase::length):
- (WTF::TypedArrayBase::byteLength):
- (WTF::TypedArrayBase::TypedArrayBase):
- (WTF::TypedArrayBase::create):
- (WTF::TypedArrayBase::subarrayImpl):
- * wtf/Uint16Array.h: Renamed from Source/WebCore/html/canvas/Uint16Array.cpp.
- (WTF::Uint16Array::set):
- (WTF::Uint16Array::isUnsignedShortArray):
- (WTF::Uint16Array::create):
- (WTF::Uint16Array::Uint16Array):
- (WTF::Uint16Array::subarray):
- * wtf/Uint32Array.h: Renamed from Source/WebCore/html/canvas/Uint32Array.cpp.
- (WTF::Uint32Array::set):
- (WTF::Uint32Array::isUnsignedIntArray):
- (WTF::Uint32Array::create):
- (WTF::Uint32Array::Uint32Array):
- (WTF::Uint32Array::subarray):
- * wtf/Uint8Array.h: Renamed from Source/WebCore/html/canvas/Uint8Array.h.
- (WTF::Uint8Array::set):
- (WTF::Uint8Array::isUnsignedByteArray):
- (WTF::Uint8Array::create):
- (WTF::Uint8Array::Uint8Array):
- (WTF::Uint8Array::subarray):
- * wtf/wtf.pro:
-
-2011-11-27 Filip Pizlo <fpizlo@apple.com>
-
- Don't try to optimize huge code blocks
- https://bugs.webkit.org/show_bug.cgi?id=73187
-
- Reviewed by Oliver Hunt.
-
- This unifies the heuristics used for deciding if a code block is too big
- to optimize, and sets this heuristic to 1000, which is intuitively better
- than numeric_limits<unsigned>::max(). It also results in what looks like
- a speed-up on both SunSpider and V8 (in Tools/Scripts/bencher).
-
- * dfg/DFGCapabilities.h:
- (JSC::DFG::mightCompileEval):
- (JSC::DFG::mightCompileProgram):
- (JSC::DFG::mightCompileFunctionForCall):
- (JSC::DFG::mightCompileFunctionForConstruct):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
-
-2011-11-28 Filip Pizlo <fpizlo@apple.com>
-
- Either remove the GetMethod node from the DFG backend, or find a use for it
- https://bugs.webkit.org/show_bug.cgi?id=73178
-
- Reviewed by Gavin Barraclough.
-
- More testing seemed to imply that the GetMethod code was indeed not profitable
- in any major test. So, it's probably best to just remove it.
-
- * bytecode/CodeBlock.cpp:
- (JSC::MethodCallLinkInfo::reset):
+ (CodeBlock):
+ (JSC::CodeBlock::canCompileWithDFG):
+ (JSC::CodeBlock::canCompileWithDFGState):
+ (ProgramCodeBlock):
+ (EvalCodeBlock):
+ (FunctionCodeBlock):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasIdentifier):
- (JSC::DFG::Node::hasHeapPrediction):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGRepatch.cpp:
- * dfg/DFGRepatch.h:
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-28 Michael Saboff <msaboff@apple.com>
-
- Change set 101187 from bug 73154 removed already lower case optimization
- https://bugs.webkit.org/show_bug.cgi?id=73174
-
- Added back the "string is already lower case" optimization.
-
- Reviewed by Geoffrey Garen.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncToLowerCase):
-
-2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
-
- Unreviewed prospective build fix. Touch the file to trigger correct
- rebuild on the Qt mips/sh4/sl bot.
-
- * wtf/unicode/qt4/UnicodeQt4.h:
-
-2011-11-28 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- [Qt] Remove cruft from project file
-
- Reviewed by Simon Hausmann.
-
- * Target.pri:
-
-2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] WTF should be built as separate static library
- https://bugs.webkit.org/show_bug.cgi?id=73201
-
- Reviewed by Tor Arne Vestbø.
-
- * Target.pri: Don't claim to build WTF, as that would cause
- the debug-with-shlibs build to not link in wtf.
- * jsc.pro: Require wtf.
- * wtf/wtf.pri: Removed.
- * wtf/wtf.pro: Added. Pro file to build wtf statically.
-
-2011-11-28 Martin Robinson <mrobinson@igalia.com>
-
- [GTK] JavaScriptCore generated sources should build in the DerivedSources directory
- https://bugs.webkit.org/show_bug.cgi?id=73197
-
- Reviewed by Philippe Normand.
-
- Build all JavaScriptCore generated sources in DerivedSources.
-
- * GNUmakefile.am: Update generation rules.
- * GNUmakefile.list.am: Update source lists.
-
-2011-11-27 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not emit GetMethod node
- https://bugs.webkit.org/show_bug.cgi?id=73175
-
- Reviewed by Gavin Barraclough.
-
- Replaces all instances of the GetMethod node with GetById. This appears to
- be a slight win on V8. This patch leaves GetMethod support in the code-base,
- making this decision easy to reverse, for now.
-
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-11-26 Hajime Morrita <morrita@chromium.org>
-
- Needs WTF_INLINE and JS_INLINE
- https://bugs.webkit.org/show_bug.cgi?id=72853
-
- Reviewed by Kevin Ollivier.
-
- Added WTF_HIDDEN, WTF_INLINE and JS_INLINE which
- indirect __attribute__((visibility("hidden"))
-
- * config.h:
- * wtf/ExportMacros.h:
-
-2011-11-25 Michael Saboff <msaboff@apple.com>
-
- String.prototype.toLower should be optimized for 8 bit strings
- https://bugs.webkit.org/show_bug.cgi?id=73154
-
- Changed stringProtoFuncToLowerCase to use StringImpl::lower() which has
- been optimized for 8 bit strings.
-
- This is worth ~7% to sunspider string.tagcloud.
-
- Reviewed by Filip Pizlo.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncToLowerCase):
-
-2011-11-25 Michael Saboff <msaboff@apple.com>
-
- Array.toString always uses StringImpl::characters()
- https://bugs.webkit.org/show_bug.cgi?id=72969
-
- If all component strings are 8 bit, create an 8 bit result string for toString().
-
- This appears to be performance neutral to sunspider and v8.
-
- Reviewed by Filip Pizlo.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
-
-2011-11-24 Michael Saboff <msaboff@apple.com>
-
- UString methods are not character size aware
- https://bugs.webkit.org/show_bug.cgi?id=72975
-
- Changed the UString number constructors to build 8 bit strings.
- Modified the other methods to check string bitness and process
- with 8 bits wherre appropriate.
-
- * runtime/UString.cpp:
- (JSC::UString::number):
- (JSC::operator==):
- (JSC::operator<):
- (JSC::UString::ascii):
-
-2011-11-24 Michael Saboff <msaboff@apple.com>
-
- JavaScript string to number conversion functions use characters()
- https://bugs.webkit.org/show_bug.cgi?id=72974
-
- Change the various JS to number routines to process strings
- using characters8() or characters16() as appropriate.
- Implemented using static template methods.
-
- Reviewed by Filip Pizlo.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::isInfinity):
- (JSC::jsHexIntegerLiteral):
- (JSC::jsStrDecimalLiteral):
- (JSC::toDouble):
- (JSC::jsToNumber):
-
-2011-11-24 Michael Saboff <msaboff@apple.com>
-
- Empty JSStrings are created as 16 bit
- https://bugs.webkit.org/show_bug.cgi?id=72968
-
- Clear m_is8Bit flag for empty strings.
-
- Reviewed by Filip Pizlo.
-
- * runtime/JSString.h:
- (JSC::RopeBuilder::finishCreation):
-
-2011-11-24 Michael Saboff <msaboff@apple.com>
-
- Tune JSStringBuilder for 8 bit Strings
- https://bugs.webkit.org/show_bug.cgi?id=72683
-
- Changed JSStringBuilder to use 8 bit buffers until 16 bit data is added.
- When 16 bit data is to be added, the 8 bit buffer is converted to 16 bit
- and building continues with a 16 bit buffer.
-
- Reviewed by Filip Pizlo.
-
- * runtime/JSStringBuilder.h:
- (JSC::JSStringBuilder::JSStringBuilder):
- (JSC::JSStringBuilder::append):
- (JSC::JSStringBuilder::upConvert):
- (JSC::JSStringBuilder::build):
- * runtime/UString.h:
- (JSC::UString::adopt):
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::adopt):
-
-2011-11-24 Zeno Albisser <zeno@webkit.org>
-
- [Qt]WK2][Mac] Use Mac port's IPC implementation instead of Unix sockets
- https://bugs.webkit.org/show_bug.cgi?id=72495
-
- Update defines to not use Unix Domain Sockets for platform Qt on Mac.
- This enables Qt to reuse existing code for mach ports and Grand
- Central Dispatch based IPC.
-
- Reviewed by Simon Hausmann.
-
- * wtf/Platform.h:
-
-2011-11-24 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] REGRESSION(r101131): WTF::scheduleDispatchFunctionsOnMainThread() doesn't work reliably
-
- Reviewed by Andreas Kling.
-
- We must make sure that the MainThreadInvoker object lives in the gui thread. There are a few
- ways of doing that and this fix seems like the least intrusive one by simply pushing the
- invoker to the gui thread if it's not there already.
-
- * wtf/qt/MainThreadQt.cpp:
- (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2011-11-24 Patrick Gansterer <paroga@webkit.org>
-
- [Qt] Use QEvent for dispatchFunctionsFromMainThread()
- https://bugs.webkit.org/show_bug.cgi?id=72704
-
- Reviewed by Simon Hausmann.
-
- Replace QMetaObject::invokeMethod with QCoreApplication::postEvent.
- This is the same as what invokeMethod does internally, but reduces
- the dependency on some internal QThread stuff.
-
- * wtf/qt/MainThreadQt.cpp:
- (WTF::MainThreadInvoker::MainThreadInvoker):
- (WTF::MainThreadInvoker::event):
- (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2011-11-23 George Staikos <staikos@webkit.org>
-
- Remove BlackBerry OS support from RandomNumberSeed, making QNX=UNIX.
- https://bugs.webkit.org/show_bug.cgi?id=73028
-
- Reviewed by Daniel Bates.
-
- * wtf/RandomNumberSeed.h:
- (WTF::initializeRandomNumberGenerator):
-
-2011-11-23 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Add flags/precision arguments to String::number(double) to allow fine-grained control over the result string
- https://bugs.webkit.org/show_bug.cgi?id=72793
-
- Reviewed by Zoltan Herczeg.
-
- This new code will be used in follow-up patches to replace the String::format("%.2f") usage in
- platform/text/TextStream.cpp, and String::format("%.6lg") usage in svg/SVGPathStringBuilder.cpp.
-
- The String::number(double) currently calls String::format("%.6lg") in trunk. In order to replace
- this by a variant that properly rounds to six significant figures, JSC code could be refactored.
- JSCs Number.toPrecision/toFixed uses wtf/dtoa/double-conversion which provides all features we need,
- except truncating trailing zeros, needed to mimic the "g" format, which is either f or e but with
- trailing zeros removed, producing shorter results. Changed the default signature to:
-
- "static String number(double, unsigned = ShouldRoundSignificantFigures | ShouldTruncateTrailingZeros, unsigned precision = 6);".
-
- In WebCore we can now replace String::format() calls like this:
- String::format("%.2f", f) -> String::number(f, ShouldRoundDecimalPlaces, 2)
- String::format("%.6lg", f) -> String::number(f)
-
- The default parameters for precison & flags exactly match the format of the string produced now, except that the result
- is rounded according to the rounding mode / formatting mode and precision. This paves the way towards reliable results
- in the d="" attribute dumps of SVG paths across platforms. The dtoa rounding code enforces a unique zero, resolving
- all 0.0 vs. -0.0 issues currently seen on Windows, and some Gtk/Qt bots.
-
- This patch needs a rebaseline of svg/dom/length-list-parser.html as we don't perfecly mimic the String::format() "lg" mode
- result for exponentials, we used to return eg. "e-7" and now return "e-07" - the trailing zero truncation hasn't been
- implemented for exponentials, as this really affects only this test and thus wasn't worth the trouble - in contrary the
- trailing zero truncation is needed for thousands of other results in "f" notation, and thus needed to match the DRT results.
-
- Here's a performance comparision using a JSC release build and some arbitary numbers:
- Converting 123.456 using old approach took 95.527100ms. avg 0.000955ms/call.
- Converting 123.456 using new approach took 28.126953ms. avg 0.000281ms/call.
-
- Converting 123 using old approach took 85.411133ms. avg 0.000854ms/call.
- Converting 123 using new approach took 24.190186ms. avg 0.000242ms/call.
-
- Converting 0.1 using old approach took 92.622803ms. avg 0.000926ms/call.
- Converting 0.1 using new approach took 23.317871ms. avg 0.000233ms/call.
-
- Converting 1/i using old approach took 106.893066ms. avg 0.001069ms/call.
- Converting 1/i using new approach took 27.164062ms. avg 0.000272ms/call.
-
- For all numbers I've tested in RoundingSignificantFigures mode and 6 digit precision the speedup was at least 250%.
-
- * JavaScriptCore.exp: Change String::number(double) signature.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Ditto.
- * runtime/NumberPrototype.cpp:
- (JSC::numberProtoFuncToFixed): Refactor this into numberToFixedPrecisionString(), move to wtf/dtoa.cpp.
- (JSC::numberProtoFuncToPrecision): Ditto, refactor this into numberToFixedWidthString.
- * wtf/dtoa.cpp: Moved fixedWidth/Precision helpers into dtoa, extend numberToFixedPrecisionString(). Add a mode which allows to truncate trailing zeros/decimal point.
- to make it possible to use them to generate strings that match the output from String::format("%6.lg"), while using our dtoas rounding facilities.
- * wtf/dtoa.h:
- * wtf/dtoa/utils.h: Expose new helper method, which allows us to truncate the result, before generating the output const char*.
- (WTF::double_conversion::StringBuilder::SetPosition):
- * wtf/text/WTFString.cpp:
- (WTF::String::number): Remove String::format("%6.lg") usage! Switch to rounding to six significant figures, while matching the output of String::format.
- * wtf/text/WTFString.h:
-
-2011-11-23 Hajime Morrita <morrita@chromium.org>
-
- WTF::String has extra WTF_EXPORT_PRIVATE
- https://bugs.webkit.org/show_bug.cgi?id=72858
-
- Reviewed by Kevin Ollivier.
-
- * wtf/text/WTFString.h:
- (WTF::String::String):
-
-2011-11-23 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- [CMake] Move the top-level logic to the top-level directory.
- https://bugs.webkit.org/show_bug.cgi?id=72685
-
- Reviewed by Brent Fulgham.
-
- * CMakeLists.txt: Point to the right Source/ directory.
- * wtf/CMakeLists.txt: Ditto.
-
-2011-11-22 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Strength reduction for Mul and Mod operations for known constants in DFG
- https://bugs.webkit.org/show_bug.cgi?id=72878
-
- Reviewed by Filip Pizlo.
-
- Also the code should be commonly shared by both 32_64 and 64.
-
- * dfg/DFGNode.h:
- (JSC::DFG::nodeMayOverflow):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::fmodAsDFGOperation):
- (JSC::DFG::SpeculativeJIT::compileInstanceOf):
- (JSC::DFG::isPowerOfTwo):
- (JSC::DFG::logTwo):
- (JSC::DFG::SpeculativeJIT::compileSoftModulo):
- (JSC::DFG::SpeculativeJIT::compileArithMul):
- (JSC::DFG::SpeculativeJIT::compileArithMod):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-22 Daniel Bates <dbates@rim.com>
-
- Add WTF infrastructure for the BlackBerry port
- https://bugs.webkit.org/show_bug.cgi?id=72970
-
- Reviewed by Antonio Gomes.
-
- * wtf/Assertions.cpp: Added BlackBerry-specific logging directive.
- * wtf/MathExtras.h:
- (abs): Added; stdlib doesn't contain abs() on QNX.
- * wtf/Platform.h: Define WTF_PLATFORM_BLACKBERRY and enable some platform features.
- * wtf/RandomNumberSeed.h:
- (WTF::initializeRandomNumberGenerator): For the BlackBerry port, we initialize
- the bad pseudo random number generator using time(3) before initializing the
- Mersenne Twister random number generator.
- * wtf/ThreadingPthreads.cpp:
- (WTF::createThreadInternal): Added.
- * wtf/blackberry: Added.
- * wtf/blackberry/MainThreadBlackBerry.cpp: Added.
- (WTF::initializeMainThreadPlatform):
- (WTF::scheduleDispatchFunctionsOnMainThread):
- * wtf/text/WTFString.h: Added constructor and conversion operator for
- BlackBerry WebString string object.
-
-2011-11-22 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r100988.
- http://trac.webkit.org/changeset/100988
- https://bugs.webkit.org/show_bug.cgi?id=72941
-
- "Broke pixel tests on Chromium-Linux" (Requested by kbalazs on
- #webkit).
-
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/ParallelJobs.h:
- * wtf/ParallelJobsGeneric.cpp:
- * wtf/ParallelJobsGeneric.h:
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::execute):
- * wtf/Platform.h:
-
-2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
-
- Enable ParallelJobs by default
- https://bugs.webkit.org/show_bug.cgi?id=70032
-
- Reviewed by Zoltan Herczeg.
-
- According to measurements on Mac and Linux it is a
- considerable speedup for SVG on multicore.
-
- Remove the ENABLE(PARALLEL_JOBS) guard.
- Fix build on Windows and Chromium.
-
- * JavaScriptCore.gypi: Add the files to the build. It was
- missing for the gyp build system.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- Export symbols.
- * wtf/ParallelJobs.h:
- * wtf/ParallelJobsGeneric.cpp:
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::execute):
- Deinline these to avoid exporting a lot of symbols.
- These are non-trivial and called only once on a given object
- so it doesn't seems to be worthwile to inline them.
- Additionally fix a signed-unsigned comparison in the constructor.
- * wtf/ParallelJobsGeneric.h:
- * wtf/Platform.h:
-
-2011-11-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG should have richer debug output for CFA and phi processing
- https://bugs.webkit.org/show_bug.cgi?id=72922
-
- Reviewed by Gavin Barraclough.
-
- In the default verbose mode, we now print information about variable
- state at the bottom of basic blocks in addition to the top, and we
- also print local variable linking. In the verbose propagation mode,
- the state of phi processing is dumped more richly and CFA merging (the
- most subtle part of CFA) is traced as well.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::endBasicBlock):
- (JSC::DFG::AbstractState::mergeStateAtTail):
- * dfg/DFGAbstractValue.h:
- (JSC::DFG::StructureAbstractValue::dump):
- (JSC::DFG::AbstractValue::dump):
- * dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCFGSimplificationPhase.cpp:
+ (JSC::DFG::CFGSimplificationPhase::run):
+ (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
+ (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
+ (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::getLocalLoadElimination):
+ (CSEPhase):
+ (JSC::DFG::CSEPhase::setReplacement):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::debugFail):
+ (DFG):
+ (JSC::DFG::canHandleOpcodes):
+ (JSC::DFG::canCompileOpcodes):
+ (JSC::DFG::canInlineOpcodes):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ (JSC::DFG::canInlineOpcode):
+ (DFG):
+ (JSC::DFG::canCompileOpcodes):
+ (JSC::DFG::canCompileEval):
+ (JSC::DFG::canCompileProgram):
+ (JSC::DFG::canCompileFunctionForCall):
+ (JSC::DFG::canCompileFunctionForConstruct):
* dfg/DFGCommon.h:
- (JSC::DFG::NodeIndexTraits::dump):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::dumpChildren):
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGOperands.h:
- (JSC::DFG::OperandValueTraits::dump):
- (JSC::DFG::dumpOperands):
-
-2011-11-21 Filip Pizlo <fpizlo@apple.com>
-
- Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
- https://bugs.webkit.org/show_bug.cgi?id=71505
-
- Reviewed by Gavin Barraclough.
-
- It turns out that we were corrupting phi nodes in case of overflow. The bug is
- really obvious, but producing a test case that causes the badness is hard. Even
- when the phi nodes do get corrupt, there's more that has to happen before it
- causes incorrect execution - and I wasn't able to reproduce in any kind of
- sensible reduced case.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::processPhiStack):
-
-2011-11-21 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] Speed up debug builds.
- https://bugs.webkit.org/show_bug.cgi?id=72882
-
- Reviewed by Tor Arne Vestbø.
-
- * Target.pri: Make BUILDING_JavaScriptCore available earlier, so it can be
- used by the build system.
-
-2011-11-21 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r100913.
- http://trac.webkit.org/changeset/100913
- https://bugs.webkit.org/show_bug.cgi?id=72885
-
- "Break Windows build" (Requested by kbalazs on #webkit).
-
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/ParallelJobs.h:
- * wtf/ParallelJobsGeneric.cpp:
- * wtf/ParallelJobsGeneric.h:
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::execute):
- * wtf/Platform.h:
-
-2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
-
- Enable ParallelJobs by default
- https://bugs.webkit.org/show_bug.cgi?id=70032
-
- Reviewed by Zoltan Herczeg.
-
- According to measurements on Mac and Linux it is a
- considerable speedup for SVG on multicore.
-
- Remove the ENABLE(PARALLEL_JOBS) guard.
- Fix build on Windows and Chromium.
-
- * JavaScriptCore.gypi: Add the files to the build. It was
- missing for the gyp build system.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- Export symbols.
- * wtf/ParallelJobs.h:
- * wtf/ParallelJobsGeneric.cpp:
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::execute):
- Deinline these to avoid exporting a lot of symbols.
- These are non-trivial and called only once on a given object
- so it doesn't seems to be worthwile to inline them.
- Additionally fix a signed-unsigned comparison in the constructor.
- * wtf/ParallelJobsGeneric.h:
- * wtf/Platform.h:
-
-2011-11-21 Andy Wingo <wingo@igalia.com>
-
- Add .dir-locals.el file for better Emacs defaults
- https://bugs.webkit.org/show_bug.cgi?id=72483
-
- Reviewed by Xan Lopez.
-
- * .dir-locals.el: Set appropriate directory-local variables for Emacs.
-
-2011-11-21 Filip Pizlo <fpizlo@apple.com>
-
- Another attempt at a build fix.
-
- * dfg/DFGRepatch.h:
- (JSC::DFG::dfgResetGetByID):
- (JSC::DFG::dfgResetPutByID):
-
-2011-11-20 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed interpreter build fix.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::finalizeUnconditionally):
- * dfg/DFGRepatch.h:
-
-2011-11-20 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Improve modulo operation on 32bit platforms
- https://bugs.webkit.org/show_bug.cgi?id=72501
-
- Reviewed by Filip Pizlo.
-
- Extend softModulo to support X86 and MIPS in baseline JIT.
- Apply the same optimization to 32bit DFG JIT.
- 1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit.
-
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileSoftModulo):
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_mod):
- (JSC::JIT::emitSlow_op_mod):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::softModulo):
- * wtf/Platform.h:
-
-2011-11-18 Filip Pizlo <fpizlo@apple.com>
-
- Inline caches that refer to otherwise dead objects should be cleared
- https://bugs.webkit.org/show_bug.cgi?id=72311
-
- Reviewed by Geoff Garen.
-
- DFG code blocks now participate in the weak reference harvester fixpoint
- so that they only consider themselves to be live if either they are
- currently executing, or their owner is live and all of their weak references
- are live. If not, the relevant code blocks are jettisoned.
-
- Inline caches in both the old JIT and the DFG are now cleared if any of
- their references are not marked at the end of a GC.
-
- This is performance-neutral on SunSpider, V8, and Kraken. With the clear-
- all-code-on-GC policy that we currently have, it shows a slight reduction
- in memory usage. If we turn that policy off, it's pretty easy to come up
- with an example program that will cause ToT to experience linear heap
- growth, while with this patch, the heap stays small and remains at a
- constant size.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::readCallTarget):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::readCallTarget):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::readCallTarget):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::readCallTarget):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- (JSC::CodeBlock::performTracingFixpointIteration):
- (JSC::CodeBlock::visitWeakReferences):
- (JSC::CodeBlock::finalizeUnconditionally):
- (JSC::CodeBlock::stronglyVisitStrongReferences):
- (JSC::MethodCallLinkInfo::reset):
- (JSC::ProgramCodeBlock::jettison):
- (JSC::EvalCodeBlock::jettison):
- (JSC::FunctionCodeBlock::jettison):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::reoptimize):
- (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::visitWeak):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::visitWeakReferences):
- * bytecode/StructureStubInfo.h:
- (JSC::isGetByIdAccess):
- (JSC::isPutByIdAccess):
- (JSC::StructureStubInfo::reset):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGOperations.cpp:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchByIdSelfAccess):
- (JSC::DFG::dfgResetGetByID):
- (JSC::DFG::dfgResetPutByID):
- * dfg/DFGRepatch.h:
- (JSC::DFG::dfgResetGetByID):
- (JSC::DFG::dfgResetPutByID):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::resetPatchGetById):
- (JSC::JIT::resetPatchPutById):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::resetPatchGetById):
- (JSC::JIT::resetPatchPutById):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITWriteBarrier.h:
- (JSC::JITWriteBarrierBase::clearToMaxUnsigned):
-
-2011-11-20 Filip Pizlo <fpizlo@apple.com>
-
- Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
- https://bugs.webkit.org/show_bug.cgi?id=71505
-
- Reviewed by Oliver Hunt.
-
- The bytecode generator was assuming that call_varargs never reuses the base register
- (i.e. the function being called) for the result. This is no longer true.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitCallVarargs):
- * bytecompiler/BytecodeGenerator.h:
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ApplyFunctionCallDotNode::emitBytecode):
-
-2011-11-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG 32_64 should directly store double virtual registers on SetLocal
- https://bugs.webkit.org/show_bug.cgi?id=72845
-
- Reviewed by Oliver Hunt.
-
- 2% win on Kraken.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-20 Noel Gordon <noel.gordon@gmail.com>
-
- [chromium] Remove DFG::JITCodeGenerator from the gyp projects
- https://bugs.webkit.org/show_bug.cgi?id=72842
-
- Reviewed by Filip Pizlo.
-
- dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244
-
- * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp}
-
-2011-11-18 Daniel Bates <dbates@rim.com>
-
- Add CMake build infrastructure for the BlackBerry port
- https://bugs.webkit.org/show_bug.cgi?id=72768
-
- Reviewed by Antonio Gomes.
-
- * PlatformBlackBerry.cmake: Added.
- * shell/PlatformBlackBerry.cmake: Added.
- * wtf/PlatformBlackBerry.cmake: Added.
-
-2011-11-18 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT fails speculation on InstanceOf if the base is not an object
- https://bugs.webkit.org/show_bug.cgi?id=72709
-
- Reviewed by Geoff Garen.
-
- InstanceOf already leverages the fact that we only allow the default
- hasInstance implementation. So, if the base is predicted to possibly
- be not an object and the CFA has not yet proven otherwise, InstanceOf
- will abstain from speculating cell and instead return false if the
- base is not a cell.
-
- This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so
- speed-up in earley-boyer. Neutral according to bencher on SunSpider,
- V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9%
- win on V8 even on my harness, due to a 12.5% win on earley-boyer.
-
- I also took this opportunity to make the code for InstanceOf common
- between the two JITs. This was partially successful, in that the
- "common code" has a bunch of #if's, but overall it seems like a code
- size reduction.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
- (JSC::DFG::SpeculativeJIT::compileInstanceOf):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Forgot to completely de-virtualize isDynamicScope
- https://bugs.webkit.org/show_bug.cgi?id=72763
-
- Reviewed by Darin Adler.
-
- * runtime/JSActivation.h: Removed virtual keyword.
-
-2011-11-18 Filip Pizlo <fpizlo@apple.com>
-
- Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
- https://bugs.webkit.org/show_bug.cgi?id=72292
-
- Reviewed by Darin Adler.
-
- Fix this for 32_64.
-
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
-
-2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize ExecutableBase::intrinsic
- https://bugs.webkit.org/show_bug.cgi?id=72548
-
- Reviewed by Oliver Hunt.
-
- * runtime/Executable.cpp:
- (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value.
- * runtime/Executable.h:
- * runtime/JSCell.h:
- (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo
- rather than requiring C++ RTTI.
-
-2011-11-18 Patrick Gansterer <paroga@webkit.org>
-
- [CMake] Remove duplicate dtoa files from CMakeLists.txt
- https://bugs.webkit.org/show_bug.cgi?id=72711
-
- Reviewed by Brent Fulgham.
-
- * wtf/CMakeLists.txt:
-
-2011-11-17 Michael Saboff <msaboff@apple.com>
-
- [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=72602
-
- Fixed StringImpl::foldCase by adding return in the case we need to handle
- folding of 8 bit strings with Latin-1 characters.
-
- Fixed case where StringImpl::replace was using a char temp instead of an
- LChar temp.
-
- Because of the second change, I changed other uses of char or
- unsigned char to LChar.
-
- Reviewed by Zoltan Herczeg.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::upper):
- (WTF::StringImpl::foldCase):
- (WTF::equal):
- (WTF::equalIgnoringCase):
- (WTF::StringImpl::replace):
-
-2011-11-17 Patrick Gansterer <paroga@webkit.org>
-
- [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt
- https://bugs.webkit.org/show_bug.cgi?id=72644
-
- Reviewed by Brent Fulgham.
-
- All ports need to do the same determination about fast malloc. Move the CMake code from
- platform specific files into the generic one, so that additional ports can reuse it.
-
- * wtf/CMakeLists.txt:
- * wtf/PlatformEfl.cmake:
- * wtf/PlatformWinCE.cmake:
-
-2011-11-17 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add finalizer to JSActivation
- https://bugs.webkit.org/show_bug.cgi?id=72575
-
- Reviewed by Geoffrey Garen.
-
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation.
- (JSC::JSActivation::finalize):
- * runtime/JSActivation.h: Replaced virtual destructor with static finalize function.
-
-2011-11-15 Filip Pizlo <fpizlo@apple.com>
-
- Code block jettisoning should be part of the GC's transitive closure
- https://bugs.webkit.org/show_bug.cgi?id=72467
-
- Reviewed by Geoff Garen.
-
- Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all
- DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak
- references) and helps track what state each of those code blocks is in during
- GC. The state consists of two flags; mayBeExecuting, which tells if the code block
- is live from call frames; and isJettisoned, which tells if the code block is
- not owned by any executable and thus should be deleted as soon as it is not
- mayBeExecuting.
-
- - Not executing, Not jettisoned: The code block may or may not be reachable from
- any executables, but it is owned by an executable, and hence should be
- kept alive if its executable is live and if all of its weak references are
- live. Otherwise it should be deleted during the current GC cycle, and its
- outgoing references should not be scanned.
-
- - Not executing but jettisoned: The code block should be deleted as soon as
- possible and none of its outgoing references should be scanned.
-
- - Executing but not jettisoned: The code block should be kept alive during this
- GC cycle, and all of its outgoing references (including the weak ones)
- should be scanned and marked strongly. The mayBeExecuting bit will be cleared at
- the end of the GC cycle.
-
- - Executing and jettisoned: The code block should be kept alive during this
- GC cycle, and all of its outgoing references (including the weak ones)
- should be scanned and marked strongly. However, on the next GC cycle, it
- will have its mayBeExecuting bit cleared and hence it will become a candidate
- for immediate deletion provided it is not executing again.
-
- This is performance-neutral.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::~CodeBlock):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::setJITCode):
- (JSC::CodeBlock::DFGData::DFGData):
- (JSC::DFGCodeBlocks::mark):
- * heap/ConservativeRoots.cpp:
- (JSC::ConservativeRoots::add):
- * heap/ConservativeRoots.h:
- * heap/DFGCodeBlocks.cpp: Added.
- (JSC::DFGCodeBlocks::DFGCodeBlocks):
- (JSC::DFGCodeBlocks::~DFGCodeBlocks):
- (JSC::DFGCodeBlocks::jettison):
- (JSC::DFGCodeBlocks::clearMarks):
- (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
- (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
- * heap/DFGCodeBlocks.h: Added.
- * heap/Heap.cpp:
- (JSC::Heap::jettisonDFGCodeBlock):
- (JSC::Heap::markRoots):
- (JSC::Heap::collect):
- * heap/Heap.h:
- * heap/JettisonedCodeBlocks.cpp: Removed.
- * heap/JettisonedCodeBlocks.h: Removed.
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::gatherConservativeRoots):
- * interpreter/RegisterFile.h:
- * runtime/Executable.cpp:
- (JSC::jettisonCodeBlock):
-
-2011-11-16 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed, build fix for 32-bit.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-16 Geoffrey Garen <ggaren@apple.com>
-
- Some CachedCall cleanup, in preparation for reversing argument order.
-
- Reviewed by Gavin Barraclough.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter,
- so I can test it.
-
- * interpreter/CachedCall.h:
- (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because
- we are not that desperate for character saving.
-
- (JSC::CachedCall::setThis):
- (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for
- CallFrameClosure.
-
- * interpreter/CallFrameClosure.h:
- (JSC::CallFrameClosure::setThis):
- (JSC::CallFrameClosure::setArgument):
- (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing,
- with an explicit setter for 'this', since that's how most clients think.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::prepareForRepeatCall):
- * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis,
- for clarity.
-
-2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize ScriptExecutable::unlinkCalls
- https://bugs.webkit.org/show_bug.cgi?id=72546
-
- Reviewed by Geoffrey Garen.
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error
- due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which
- didn't have complete type information on the things that needed to be destructed in the implicit destructor.
- * runtime/Executable.h:
- (JSC::EvalExecutable::createStructure): Used new type value from JSType
- (JSC::ProgramExecutable::createStructure): Ditto
- (JSC::FunctionExecutable::createStructure): Ditto
- (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation.
- * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable. Remove explicit numbers, since
- that just adds noise to patches and they currently have no significance.
-
-2011-11-16 Filip Pizlo <fpizlo@apple.com>
-
- JSC::CodeBlock should know which references generated by the DFG are weak
- https://bugs.webkit.org/show_bug.cgi?id=72563
-
- Reviewed by Geoff Garen.
-
- CodeBlock::m_dfgData now tracks weak references and weak reference transitions
- (like ephemerons) generated by the DFG. The DFG makes sure to notify the
- CodeBlock of all uses of weak references and weak reference transitions.
- CodeBlock currently marks them strongly, since the weak marking logic is not
- in place, yet.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- (JSC::CodeBlock::stronglyVisitWeakReferences):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::appendWeakReference):
- (JSC::CodeBlock::shrinkWeakReferencesToFit):
- (JSC::CodeBlock::appendWeakReferenceTransition):
- (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
- (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
- * bytecode/CodeOrigin.h:
- (JSC::CodeOrigin::codeOriginOwner):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addWeakReference):
- (JSC::DFG::JITCompiler::addWeakReferenceTransition):
- (JSC::DFG::JITCompiler::branchWeakPtr):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillJSValue):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-16 Michael Saboff <msaboff@apple.com>
-
- LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185)
- https://bugs.webkit.org/show_bug.cgi?id=72561
-
- Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED().
- Simplified the code in the process.
-
- Reviewed by James Robinson.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::CharAccess::CharAccess):
- (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
-
-2011-11-16 Geoffrey Garen <ggaren@apple.com>
-
- Interpreter build fixes.
-
- * bytecode/CodeBlock.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
-
-2011-11-16 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for !ENABLE(JIT) after r100363.
-
- * bytecode/CodeBlock.h:
-
-2011-11-16 Geoffrey Garen <ggaren@apple.com>
-
- Rolled back in r100375 and r100385 with 32-bit build fixed.
-
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArgList.cpp:
- (JSC::ArgList::getSlice):
- * runtime/ArgList.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::finishCreation):
- * runtime/JSArray.h:
- (JSC::JSArray::create):
- * runtime/JSGlobalObject.h:
- (JSC::constructArray):
-
-2011-11-16 Filip Pizlo <fpizlo@apple.com>
-
- DFG global variable CSE mishandles the cross-global-object inlining corner case
- https://bugs.webkit.org/show_bug.cgi?id=72542
-
- Reviewed by Geoff Garen.
-
- Moved code to get the global object for a code origin into CodeBlock, so it is
- more broadly accessible. Fixed CSE to compare both the variable number, and the
- global object, before deciding to perform elimination.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::globalObjectFor):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::globalObjectFor):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::globalVarLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
-
-2011-11-16 Michael Saboff <msaboff@apple.com>
-
- Enable 8 Bit Strings in JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=71337
-
- This patch turns on 8 bit strings in StringImpl and enables
- their use in JavaScriptCore. Some of the changes are to
- turn on code that had been staged (Lexer.cpp, Identifier.cpp,
- SmallStrings.cpp and some of StringImpl.{h,cpp}).
- Other changes are minor fixes to make 8 bit strings work
- (UString.h, StringImpl::getData16SlowCase()).
- Changed StringBuffer to be a templated class based on character
- type. This change rippled into WebCore code as well.
-
- Reviewed by Geoffrey Garen.
-
- * JavaScriptCore.exp:
- * parser/Lexer.cpp:
- (JSC::::append8): Changed to use 8 bit buffers.
- (JSC::::parseIdentifier): Changed to use 8 bit buffers.
- (JSC::::parseString): Changed to use 8 bit buffers.
- * runtime/Identifier.cpp:
- (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit
- (JSC::Identifier::toUInt32FromCharacters): Templated helper.
- (JSC::Identifier::toUInt32): Added 8 bit optimized path.
- * runtime/SmallStrings.cpp:
- (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings
- * runtime/UString.h:
- (JSC::UString::characters): Now calls StringImpl::characters()
- * wtf/Forward.h:
- * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type.
- (WTF::StringBuffer::StringBuffer):
- (WTF::StringBuffer::characters):
- (WTF::StringBuffer::release):
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::create):
- (WTF::StringImpl::getData16SlowCase): Fixed null terminated case.
- (WTF::StringImpl::removeCharacters): Added 8 bit path.
- (WTF::StringImpl::simplifyMatchedCharactersToSpace):
- (WTF::StringImpl::simplifyWhiteSpace):
- (WTF::equal): Removed bug from code copied from null terminated version.
- (WTF::StringImpl::adopt): Added 8 bit path.
- (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation.
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::StringImpl): Added new 8 bit constructor.
- (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED().
- (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings.
- (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings.
- * wtf/text/WTFString.h:
- (WTF::String::adopt): Changed to use StringBuffer template.
-
-2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize ExecutableBase::clearCodeVirtual
- https://bugs.webkit.org/show_bug.cgi?id=72337
-
- Reviewed by Darin Adler.
-
- Added static finalize functions to the subclasses of ExecutableBase that provide an implementation
- of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method,
- and had the finalize functions call the corresponding clearCode methods.
-
- * runtime/Executable.cpp:
- (JSC::ExecutableBase::clearCode):
- (JSC::NativeExecutable::finalize):
- (JSC::EvalExecutable::finalize):
- (JSC::EvalExecutable::clearCode):
- (JSC::ProgramExecutable::finalize):
- (JSC::ProgramExecutable::clearCode):
- (JSC::FunctionExecutable::discardCode):
- (JSC::FunctionExecutable::finalize):
- (JSC::FunctionExecutable::clearCode):
- * runtime/Executable.h:
- (JSC::ExecutableBase::finishCreation):
- (JSC::NativeExecutable::create):
- (JSC::EvalExecutable::create):
- (JSC::ProgramExecutable::create):
- (JSC::FunctionExecutable::create):
-
-2011-11-16 Yusuke Suzuki <utatane.tea@gmail.com>
-
- String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral
- https://bugs.webkit.org/show_bug.cgi?id=71572
-
- Reviewed by Gavin Barraclough and Darin Adler.
-
- * runtime/RegExpObject.cpp:
- (JSC::regExpObjectSource):
-
-2011-11-16 Darin Adler <darin@apple.com>
-
- Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer
- https://bugs.webkit.org/show_bug.cgi?id=72475
-
- Reviewed by Adam Roben.
-
- * wtf/HashTraits.h: Specialize HashTraits for OwnPtr.
- Do overloads so we can pass a nullptr and also be sure to get the
- raw pointer type from the OwnPtr template so we handle both forms
- of OwnPtr: OwnPtr<T> and OwnPtr<T*>.
-
-2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
-
- Reviewed by Tor Arne Vestbø.
-
- * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
-
-2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
-
- Unreviewed, rolling out r100266.
- http://trac.webkit.org/changeset/100266
-
- Broke WTR.
-
- * Target.pri:
-
-2011-11-16 Darin Adler <darin@apple.com>
-
- Add a "pass type" and "peek type" concept to HashTraits
- https://bugs.webkit.org/show_bug.cgi?id=72473
-
- Reviewed by Filip Pizlo.
-
- * wtf/HashTraits.h: Added the pass type and peek type.
- For OwnPtr, the pass type will be PassOwnPtr and the peek
- type will be a raw pointer.
-
-2011-11-16 Darin Adler <darin@apple.com>
-
- Fix some hash traits that don't derive from the base hash traits
- https://bugs.webkit.org/show_bug.cgi?id=72470
-
- Reviewed by Filip Pizlo.
-
- Hash traits structures need to derive from the base hash traits in
- HashTraits.h, but some were not. This is needed for compatibility with
- some additional traits we will be adding to make OwnPtr work with HashMap.
-
- * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from
- HashTraits<int>. This enabled removal of all the members except for the
- ones that control the empty value, because this is otherwise the same
- as the standard int hash.
-
- * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive
- from HashTraits<SymbolTableEntry> and removed redundant members.
-
-2011-11-15 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r100375 and r100385.
- http://trac.webkit.org/changeset/100375
- http://trac.webkit.org/changeset/100385
- https://bugs.webkit.org/show_bug.cgi?id=72465
-
- They broke 32 bit builds on Qt (Requested by ossy on #webkit).
-
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArgList.cpp:
- (JSC::ArgList::getSlice):
- * runtime/ArgList.h:
- (JSC::ArgList::ArgList):
- * runtime/JSArray.cpp:
- * runtime/JSArray.h:
- * runtime/JSGlobalObject.h:
-
-2011-11-15 George Staikos <staikos@webkit.org>
-
- Remove the guard page from the addressable stack region on QNX.
- https://bugs.webkit.org/show_bug.cgi?id=72455
-
- Reviewed by Daniel Bates.
-
- * wtf/StackBounds.cpp:
- (WTF::StackBounds::initialize):
-
-2011-11-15 Michael Saboff <msaboff@apple.com>
-
- Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings
- https://bugs.webkit.org/show_bug.cgi?id=72323
-
- Added 8 bit optimized paths for String and UString ascii() and utf8() methods.
-
- Added String::characters8(), characters16() and is8Bit() helper methods.
-
- Added an new Unicode::convertLatin1ToUTF8() method that works on
- LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8().
-
- Reviewed by Geoff Garen.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/UString.cpp:
- (JSC::UString::utf8):
- * wtf/text/WTFString.cpp:
- (WTF::String::ascii):
- (WTF::String::utf8):
- * wtf/text/WTFString.h:
- (WTF::String::characters8):
- (WTF::String::characters16):
- (WTF::String::is8Bit):
- (WTF::LChar):
- (WTF::UChar):
- * wtf/unicode/UTF8.cpp:
- (WTF::Unicode::convertLatin1ToUTF8):
- * wtf/unicode/UTF8.h:
- * wtf/unicode/Unicode.h:
-
-2011-11-15 Darin Adler <darin@apple.com>
-
- REGRESSION (r98887): ParserArena and Keywords leaking
- https://bugs.webkit.org/show_bug.cgi?id=72428
-
- Reviewed by Sam Weinig.
-
- * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr
- need to be able to destroy it.
-
- * parser/Parser.cpp:
- (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members.
-
- * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr.
-
-2011-11-15 Geoffrey Garen <ggaren@apple.com>
-
- Removed another use of ArgList that baked in the assumption that arguments
- are forward in the regiter file.
-
- Reviewed by Sam Weinig.
-
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of
- working through ArgList.
-
- * runtime/ArgList.h: Removed!
-
-2011-11-15 Geoffrey Garen <ggaren@apple.com>
-
- Removed a use of ArgList that baked in the assumption that arguments
- are forward in the regiter file.
-
- Reviewed by Sam Weinig.
-
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION): Use new API.
-
- * runtime/ArgList.cpp:
- (JSC::ArgList::getSlice): No need to provide an arbitrary constructor --
- getSlice can do the right thing by using its rights to private data.
-
- * runtime/ArgList.h: Removed constructor that took a forward-contiguous
- set of arguments.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::finishCreation):
- * runtime/JSArray.h:
- (JSC::JSArray::create):
- * runtime/JSGlobalObject.h:
- (JSC::constructArray): Added explicit support for creating an array from
- a pre-allocated set of values, so we could stop relying on the ArgList
- API we want to remove.
-
-2011-11-15 Filip Pizlo <fpizlo@apple.com>
-
- Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
- https://bugs.webkit.org/show_bug.cgi?id=72292
-
- Reviewed by Geoff Garen.
-
- We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling
- an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion()
- instead of CodeBlock::alternative().
-
- No performance effect.
-
- No tests because all of our heuristics work very hard to make sure that this never happens in
- the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation)
- is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still
- because the whole point of jettisoning is to bring the probability of future OSR exits to as
- close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR
- exit after a jettison to be the first of its kind; our whole design tries to ensure that
- CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning
- is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR
- compilation. So this is a truly evil case, and any test for it would be quite fragile.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::specializationKind):
- (JSC::CodeBlock::largeFailCountThreshold):
- (JSC::CodeBlock::largeFailCountThresholdForLoop):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
- (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
- (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGOSRExitCompiler.cpp:
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
-
-2011-11-15 Geoffrey Garen <ggaren@apple.com>
-
- Use MarkedArgumentBuffer to avoid making assumptions about argument order
- https://bugs.webkit.org/show_bug.cgi?id=72418
-
- Reviewed by Sam Weinig.
-
- A step toward reversing the argument order.
-
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::toJSON):
- (JSC::Stringifier::appendStringifiedValue):
- (JSC::Walker::callReviver): Don't assume that ArgList wants to point
- at arguments in forward order. Instead, use MarkedArgumentBuffer, which
- will make the decision for us.
-
-2011-11-15 Filip Pizlo <fpizlo@apple.com>
-
- DFG should distinguish between constants in the constant pool and weak
- constants added as artifacts of code generation
- https://bugs.webkit.org/show_bug.cgi?id=72367
-
- Reviewed by Geoff Garen.
-
- Added the notion of a WeakJSConstant, which is like a JSConstant except that
- it can only refer to JSCell*. Currently all WeakJSConstants are also backed
- by constants in the constant pool, since weak references originated from
- machine code are not yet properly handled.
-
- Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant
- and CheckStructure. This results in improved CSE, leading to a 1% win on V8.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::cellConstant):
- (JSC::DFG::ByteCodeParser::prepareToParseBlock):
- (JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::getJSConstantPrediction):
- (JSC::DFG::Graph::valueOfJSConstant):
- (JSC::DFG::Graph::valueOfInt32Constant):
- (JSC::DFG::Graph::valueOfNumberConstant):
- (JSC::DFG::Graph::valueOfBooleanConstant):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::isWeakConstant):
- (JSC::DFG::Node::hasConstant):
- (JSC::DFG::Node::weakConstant):
- (JSC::DFG::Node::valueOfJSConstant):
- (JSC::DFG::Node::isInt32Constant):
- (JSC::DFG::Node::isDoubleConstant):
- (JSC::DFG::Node::isNumberConstant):
- (JSC::DFG::Node::isBooleanConstant):
- (JSC::DFG::Node::hasIdentifier):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-15 Michael Saboff <msaboff@apple.com>
-
- Towards 8 bit Strings - Initial JS String Tuning
- https://bugs.webkit.org/show_bug.cgi?id=72326
-
- Added 8 bit optimized paths for the methods below.
-
- Reviewed by Geoffrey Garen.
-
- * runtime/JSString.h:
- (JSC::jsSubstring8):
- * runtime/StringPrototype.cpp:
- (JSC::jsSpliceSubstrings):
- (JSC::jsSpliceSubstringsWithSeparators):
- (JSC::stringProtoFuncReplace):
- (JSC::stringProtoFuncCharCodeAt):
-
-2011-11-15 Gavin Barraclough <barraclough@apple.com>
-
- Result of Error.prototype.toString not ES5 conformant
- https://bugs.webkit.org/show_bug.cgi?id=70889
-
- Reviewed by Oliver Hunt.
-
- * runtime/ErrorPrototype.cpp:
- (JSC::errorProtoFuncToString):
-
-2011-11-15 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
-
- Reviewed by Tor Arne Vestbø.
-
- * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
-
-2011-11-15 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Remove DFGJITCompilerInlineMethods
- https://bugs.webkit.org/show_bug.cgi?id=72366
-
- Reviewed by Filip Pizlo.
-
- Those methods are actually seldom used. Modify the few such places and
- remove DFGJITCompilerInlineMethods stuffs totally.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addressOfDoubleConstant):
- * dfg/DFGJITCompilerInlineMethods.h: Removed.
- * dfg/DFGSpeculativeJIT.cpp:
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::silentFillFPR):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillJSValue):
- (JSC::DFG::SpeculativeJIT::cachedGetMethod):
-
-2011-11-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined
- https://bugs.webkit.org/show_bug.cgi?id=72348
-
- Reviewed by Gavin Barraclough.
-
- Moved all of JITCodeGenerator into SpeculativeJIT.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGJITCodeGenerator.cpp: Removed.
- * dfg/DFGJITCodeGenerator.h: Removed.
- * dfg/DFGJITCodeGenerator32_64.cpp: Removed.
- * dfg/DFGJITCodeGenerator64.cpp: Removed.
- * dfg/DFGJITCompiler.cpp:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::generateProtoChainAccessStub):
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryCachePutByID):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::clearGenerationInfo):
- (JSC::DFG::SpeculativeJIT::fillStorage):
- (JSC::DFG::SpeculativeJIT::useChildren):
- (JSC::DFG::SpeculativeJIT::isStrictInt32):
- (JSC::DFG::SpeculativeJIT::isKnownInteger):
- (JSC::DFG::SpeculativeJIT::isKnownNumeric):
- (JSC::DFG::SpeculativeJIT::isKnownCell):
- (JSC::DFG::SpeculativeJIT::isKnownNotCell):
- (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
- (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
- (JSC::DFG::SpeculativeJIT::isKnownBoolean):
- (JSC::DFG::SpeculativeJIT::writeBarrier):
- (JSC::DFG::SpeculativeJIT::markCellCard):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
- (JSC::DFG::dataFormatString):
- (JSC::DFG::SpeculativeJIT::dump):
- (JSC::DFG::SpeculativeJIT::checkConsistency):
- (JSC::DFG::GPRTemporary::GPRTemporary):
- (JSC::DFG::GPRTemporary::adopt):
- (JSC::DFG::FPRTemporary::FPRTemporary):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::at):
- (JSC::DFG::SpeculativeJIT::lock):
- (JSC::DFG::SpeculativeJIT::unlock):
- (JSC::DFG::SpeculativeJIT::canReuse):
- (JSC::DFG::SpeculativeJIT::reuse):
- (JSC::DFG::SpeculativeJIT::allocate):
- (JSC::DFG::SpeculativeJIT::tryAllocate):
- (JSC::DFG::SpeculativeJIT::fprAllocate):
- (JSC::DFG::SpeculativeJIT::isFilled):
- (JSC::DFG::SpeculativeJIT::isFilledDouble):
- (JSC::DFG::SpeculativeJIT::use):
- (JSC::DFG::SpeculativeJIT::selectScratchGPR):
- (JSC::DFG::SpeculativeJIT::silentSpillGPR):
- (JSC::DFG::SpeculativeJIT::silentSpillFPR):
- (JSC::DFG::SpeculativeJIT::silentFillGPR):
- (JSC::DFG::SpeculativeJIT::silentFillFPR):
- (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
- (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
- (JSC::DFG::SpeculativeJIT::boxDouble):
- (JSC::DFG::SpeculativeJIT::unboxDouble):
- (JSC::DFG::SpeculativeJIT::spill):
- (JSC::DFG::SpeculativeJIT::isConstant):
- (JSC::DFG::SpeculativeJIT::isJSConstant):
- (JSC::DFG::SpeculativeJIT::isInt32Constant):
- (JSC::DFG::SpeculativeJIT::isDoubleConstant):
- (JSC::DFG::SpeculativeJIT::isNumberConstant):
- (JSC::DFG::SpeculativeJIT::isBooleanConstant):
- (JSC::DFG::SpeculativeJIT::isFunctionConstant):
- (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
- (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
- (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
- (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
- (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
- (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
- (JSC::DFG::SpeculativeJIT::isNullConstant):
- (JSC::DFG::SpeculativeJIT::identifier):
- (JSC::DFG::SpeculativeJIT::flushRegisters):
- (JSC::DFG::SpeculativeJIT::isFlushed):
- (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr):
- (JSC::DFG::SpeculativeJIT::bitOp):
- (JSC::DFG::SpeculativeJIT::shiftOp):
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::addressOfCallData):
- (JSC::DFG::SpeculativeJIT::tagOfCallData):
- (JSC::DFG::SpeculativeJIT::payloadOfCallData):
- (JSC::DFG::SpeculativeJIT::integerResult):
- (JSC::DFG::SpeculativeJIT::noResult):
- (JSC::DFG::SpeculativeJIT::cellResult):
- (JSC::DFG::SpeculativeJIT::booleanResult):
- (JSC::DFG::SpeculativeJIT::jsValueResult):
- (JSC::DFG::SpeculativeJIT::storageResult):
- (JSC::DFG::SpeculativeJIT::doubleResult):
- (JSC::DFG::SpeculativeJIT::initConstantInfo):
- (JSC::DFG::SpeculativeJIT::resetCallArguments):
- (JSC::DFG::SpeculativeJIT::addCallArgument):
- (JSC::DFG::SpeculativeJIT::setupArguments):
- (JSC::DFG::SpeculativeJIT::setupArgumentsExecState):
- (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
- (JSC::DFG::SpeculativeJIT::setupTwoStubArgs):
- (JSC::DFG::SpeculativeJIT::setupStubArguments):
- (JSC::DFG::SpeculativeJIT::callOperation):
- (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
- (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
- (JSC::DFG::SpeculativeJIT::setupResults):
- (JSC::DFG::SpeculativeJIT::appendCallSetResult):
- (JSC::DFG::SpeculativeJIT::addBranch):
- (JSC::DFG::SpeculativeJIT::linkBranches):
- (JSC::DFG::SpeculativeJIT::block):
- (JSC::DFG::SpeculativeJIT::checkConsistency):
- (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
- (JSC::DFG::IntegerOperand::IntegerOperand):
- (JSC::DFG::IntegerOperand::~IntegerOperand):
- (JSC::DFG::IntegerOperand::index):
- (JSC::DFG::IntegerOperand::format):
- (JSC::DFG::IntegerOperand::gpr):
- (JSC::DFG::IntegerOperand::use):
- (JSC::DFG::DoubleOperand::DoubleOperand):
- (JSC::DFG::DoubleOperand::~DoubleOperand):
- (JSC::DFG::DoubleOperand::index):
- (JSC::DFG::DoubleOperand::fpr):
- (JSC::DFG::DoubleOperand::use):
- (JSC::DFG::JSValueOperand::JSValueOperand):
- (JSC::DFG::JSValueOperand::~JSValueOperand):
- (JSC::DFG::JSValueOperand::index):
- (JSC::DFG::JSValueOperand::gpr):
- (JSC::DFG::JSValueOperand::jsValueRegs):
- (JSC::DFG::JSValueOperand::isDouble):
- (JSC::DFG::JSValueOperand::fill):
- (JSC::DFG::JSValueOperand::tagGPR):
- (JSC::DFG::JSValueOperand::payloadGPR):
- (JSC::DFG::JSValueOperand::fpr):
- (JSC::DFG::JSValueOperand::use):
- (JSC::DFG::StorageOperand::StorageOperand):
- (JSC::DFG::StorageOperand::~StorageOperand):
- (JSC::DFG::StorageOperand::index):
- (JSC::DFG::StorageOperand::gpr):
- (JSC::DFG::StorageOperand::use):
- (JSC::DFG::GPRTemporary::~GPRTemporary):
- (JSC::DFG::GPRTemporary::gpr):
- (JSC::DFG::FPRTemporary::~FPRTemporary):
- (JSC::DFG::FPRTemporary::fpr):
- (JSC::DFG::FPRTemporary::FPRTemporary):
- (JSC::DFG::GPRResult::GPRResult):
- (JSC::DFG::GPRResult2::GPRResult2):
- (JSC::DFG::FPRResult::FPRResult):
- (JSC::DFG::FPRResult::lockedResult):
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillInteger):
- (JSC::DFG::SpeculativeJIT::fillDouble):
- (JSC::DFG::SpeculativeJIT::fillJSValue):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- (JSC::DFG::SpeculativeJIT::cachedGetMethod):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillInteger):
- (JSC::DFG::SpeculativeJIT::fillDouble):
- (JSC::DFG::SpeculativeJIT::fillJSValue):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
- (JSC::DFG::SpeculativeJIT::cachedGetById):
- (JSC::DFG::SpeculativeJIT::cachedPutById):
- (JSC::DFG::SpeculativeJIT::cachedGetMethod):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
- (JSC::DFG::SpeculativeJIT::emitCall):
- * runtime/JSFunction.h:
-
-2011-11-14 Filip Pizlo <fpizlo@apple.com>
-
- Weak reference harvesters should run to fixpoint
- https://bugs.webkit.org/show_bug.cgi?id=72346
-
- Reviewed by Oliver Hunt.
-
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- * heap/ListableHandler.h:
- (JSC::ListableHandler::next):
- (JSC::ListableHandler::List::head):
- (JSC::ListableHandler::List::removeNext):
- (JSC::ListableHandler::List::removeAll):
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::reset):
- (JSC::SlotVisitor::harvestWeakReferences):
- * heap/MarkStack.h:
- (JSC::MarkStack::isEmpty):
-
-2011-11-14 Oliver Hunt <oliver@apple.com>
-
- Start migrating typed array impl types to WTF
- https://bugs.webkit.org/show_bug.cgi?id=72336
-
- Reviewed by Geoffrey Garen.
-
- Add typed array impls to WTF forwarding header.
-
- * wtf/Forward.h:
-
-2011-11-14 Julien Chaffraix <jchaffraix@webkit.org>
-
- Add --css-grid-layout to build-webkit and the build systems
- https://bugs.webkit.org/show_bug.cgi?id=72320
-
- Reviewed by Ojan Vafai.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-11-14 Geoffrey Garen <ggaren@apple.com>
-
- A little bit of arguments / activation cleanup
- https://bugs.webkit.org/show_bug.cgi?id=72339
-
- Reviewed by Gavin Barraclough.
-
- Renamed copyRegisters => tearOff to match bytecode and other terminology.
-
- Renamed setActivation => didTearOffActivation to indicate that this is a
- notification the object may choose to ignore. Moved "Should I ignore?"
- code into the arguments object to avoid duplication elsewhere.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::unwindCallFrame):
- (JSC::Interpreter::privateExecute):
- (JSC::Interpreter::retrieveArguments):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Arguments.h:
- (JSC::Arguments::createAndTearOff):
- (JSC::Arguments::didTearOffActivation):
- (JSC::Arguments::finishCreationButDontTearOff):
- (JSC::Arguments::finishCreation):
- (JSC::Arguments::finishCreationAndTearOff):
- (JSC::Arguments::tearOff):
-
- * runtime/JSActivation.h:
- (JSC::JSActivation::tearOff): Moved Activation's code into its own header
- because that's where it belongs.
-
-2011-11-14 Gavin Barraclough <barraclough@apple.com>
-
- Should sign the jsc binary
- https://bugs.webkit.org/show_bug.cgi?id=72332
-
- Reviewed by David Kilzer.
-
- * Configurations/JSC.xcconfig:
- * entitlements.plist: Added.
-
-2011-11-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG's inline references to objects should be tracked
- https://bugs.webkit.org/show_bug.cgi?id=72313
-
- Reviewed by Gavin Barraclough.
-
- Added a pinCell() method in the parser that currently creates a
- dummy constant in CodeBlock. Added calls to pinCell() wherever the
- DFG would inline a constant reference that the original code would
- not have referred to.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getCellConstantIndex):
- (JSC::DFG::ByteCodeParser::pinCell):
- (JSC::DFG::ByteCodeParser::cellConstant):
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-11-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG put_by_id transition optimizations test the wrong structures
- https://bugs.webkit.org/show_bug.cgi?id=72324
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::structureChainIsStillValid):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
-
-2011-11-14 Michael Saboff <msaboff@apple.com>
-
- Further changes and cleanup to JSString.h and cpp.
-
- Reviewed by Darin Adler.
-
- * runtime/JSString.cpp:
- (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr. Eliminated exec in slow case calls.
- (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name.
- (JSC::JSString::resolveRopeSlowCase): Removed exec parameter.
- * runtime/JSString.h:
-
-2011-11-14 Adam Barth <abarth@webkit.org>
-
- DateMath.cpp should not depend on JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=71747
-
- Reviewed by Darin Adler.
-
- This patch moves the JSC-specific parts of DateMath into JSDateMath in
- JavaScriptCore. There shouldn't be any behavior change.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * runtime/DateConstructor.cpp:
- * runtime/DateConversion.cpp:
- * runtime/DateInstance.cpp:
- * runtime/DateInstanceCache.h:
- * runtime/DatePrototype.cpp:
- * runtime/InitializeThreading.cpp:
- * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp.
- (JSC::timeToMS):
- (JSC::msToSeconds):
- * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h.
- * wtf/DateMath.cpp:
- (WTF::isLeapYear):
- (WTF::msToDays):
- (WTF::msToMinutes):
- (WTF::msToHours):
- (WTF::parseDateFromNullTerminatedCharacters):
- (WTF::makeRFC2822DateString):
- * wtf/DateMath.h:
-
-2011-11-14 Michael Saboff <msaboff@apple.com>
-
- Towards 8 bit strings - Add 8 bit handling to JSString Ropes
- https://bugs.webkit.org/show_bug.cgi?id=72317
-
- Added bit to track that a rope is made up of all 8 bit fibers.
- Created an 8 bit path (fast and slow cases) to handle 8 bit
- only ropes.
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSString.cpp:
- (JSC::JSString::resolveRope):
- (JSC::JSString::resolveRopeSlowCase8):
- (JSC::JSString::resolveRopeSlowCase16):
- * runtime/JSString.h:
- (JSC::RopeBuilder::finishCreation):
- (JSC::RopeBuilder::is8Bit):
- (JSC::jsSubstring8):
-
-2011-11-14 Geoffrey Garen <ggaren@apple.com>
-
- A little bit of function call cleanup
- https://bugs.webkit.org/show_bug.cgi?id=72314
-
- Reviewed by Oliver Hunt.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset
- because this value doesn't give you the offset of the callee's call frame.
-
- (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead
- of greater-than. Removed comment since its reasoning was wrong.
-
- (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above.
-
- (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way
- to ask this question, giving the bytecode generator more freedom to change
- internal implementation details.
-
- * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because
- 16 was overkill.
- (JSC::CallArguments::registerOffset): Updated for rename mentioned above.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::CallArguments::CallArguments):
- (JSC::CallArguments::newArgument): Factored out argument allocation into
- a helper function, so I can change it later.
-
- (JSC::CallFunctionCallDotNode::emitBytecode):
- (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above.
-
-2011-11-14 Tony Chang <tony@chromium.org>
-
- Remove the CSS3_FLEXBOX compile time flag and enable on all ports
- https://bugs.webkit.org/show_bug.cgi?id=72196
-
- Reviewed by Ojan Vafai.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-11-14 Mark Rowe <mrowe@apple.com>
-
- <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore
-
- testRegExp and testapi.js were being installed in the JavaScriptCore framework.
- As test-only tools they shouldn't be installed there by default, only when
- FORCE_TOOL_INSTALL is set to YES.
-
- This patch incorprorates a few related changes:
- 1) Make the jsc and testRegExp targets be configured via .xcconfig files.
- 2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when
- FORCE_TOOL_INSTALL is YES.
- 3) Switches the testapi target to using a script build phase to install testapi.js
- so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure
- why this isn't the built-in behavior when a Copy Files build phase has "Copy only
- when installing" checked, but it doesn't seem to be.
- 4) Other random cleanup such as removing a bogus group that refers to files that do
- not exist, moving testRegExp.cpp in to the tests group, etc.
-
- Reviewed by Geoff Garen.
-
- * Configurations/JSC.xcconfig: Added.
- * Configurations/TestRegExp.xcconfig: Added.
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-11-14 Michael Saboff <msaboff@apple.com>
-
- Towards 8 bit strings - Add 8 bit paths to StringImpl methods
- https://bugs.webkit.org/show_bug.cgi?id=72290
-
- Added 8 bit patchs to StringImpl to number and find methods.
-
- Reviewed by Oliver Hunt.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::toIntStrict):
- (WTF::StringImpl::toUIntStrict):
- (WTF::StringImpl::toInt64Strict):
- (WTF::StringImpl::toUInt64Strict):
- (WTF::StringImpl::toIntPtrStrict):
- (WTF::StringImpl::toInt):
- (WTF::StringImpl::toUInt):
- (WTF::StringImpl::toInt64):
- (WTF::StringImpl::toUInt64):
- (WTF::StringImpl::toIntPtr):
- (WTF::StringImpl::toDouble):
- (WTF::StringImpl::toFloat):
- (WTF::StringImpl::find):
- (WTF::StringImpl::reverseFind):
- * wtf/text/WTFString.cpp:
- (WTF::toIntegralType):
- (WTF::lengthOfCharactersAsInteger):
- (WTF::charactersToIntStrict):
- (WTF::charactersToUIntStrict):
- (WTF::charactersToInt64Strict):
- (WTF::charactersToUInt64Strict):
- (WTF::charactersToIntPtrStrict):
- (WTF::charactersToInt):
- (WTF::charactersToUInt):
- (WTF::charactersToInt64):
- (WTF::charactersToUInt64):
- (WTF::charactersToIntPtr):
- (WTF::toDoubleType):
- (WTF::charactersToDouble):
- (WTF::charactersToFloat):
- * wtf/text/WTFString.h:
- (WTF::find):
- (WTF::reverseFind):
-
-2011-11-14 Vincent Scheib <scheib@chromium.org>
-
- Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags
- https://bugs.webkit.org/show_bug.cgi?id=72286
-
- Reviewed by Adam Barth.
-
- * wtf/Platform.h:
-
-2011-11-14 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=72280
-
- Rubber stamped by Geoff Garen.
-
- Fix 32-bit Lion.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
-
-2011-11-14 Geoffrey Garen <ggaren@apple.com>
-
- 32-bit Build fix: declare virtual register indices to be int rather than
- unsigned, since they can be positive or negative.
-
- For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
- state, since we'll never load and operate on the ReturnPC as a JS value.
-
- * jit/JIT.cpp:
- (JSC::JIT::JIT):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitLoadTag):
- (JSC::JIT::emitLoadPayload):
- (JSC::JIT::emitLoad):
- (JSC::JIT::emitLoad2):
- (JSC::JIT::emitLoadDouble):
- (JSC::JIT::emitLoadInt32ToDouble):
- (JSC::JIT::emitStore):
- (JSC::JIT::emitStoreInt32):
- (JSC::JIT::emitStoreAndMapInt32):
- (JSC::JIT::emitStoreCell):
- (JSC::JIT::emitStoreBool):
- (JSC::JIT::emitStoreDouble):
- (JSC::JIT::map):
- (JSC::JIT::unmap):
- (JSC::JIT::isMapped):
- (JSC::JIT::getMappedPayload):
- (JSC::JIT::getMappedTag):
- (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-
-2011-11-14 Michael Saboff <msaboff@apple.com>
-
- Remove unused m_data member from UStringSourceProvider
- https://bugs.webkit.org/show_bug.cgi?id=72289
-
- Removed unused m_data member from UStringSourceProvider.
-
- Reviewed by Oliver Hunt.
-
- * parser/SourceProvider.h:
- (JSC::UStringSourceProvider::UStringSourceProvider):
-
-2011-11-14 Michael Saboff <msaboff@apple.com>
-
- Towards 8 Bit Strings: Templatize YARR Parser
- https://bugs.webkit.org/show_bug.cgi?id=72288
-
- Changed Yarr::Parser to be a template based on character type.
-
- Reviewed by Oliver Hunt.
-
- * yarr/YarrParser.h:
- (JSC::Yarr::Parser::Parser):
- (JSC::Yarr::parse):
-
-2011-11-14 Geoffrey Garen <ggaren@apple.com>
-
- 32-bit build fix: Removed unused declaration.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-11-12 Geoffrey Garen <ggaren@apple.com>
-
- Standardized the JS calling convention
- https://bugs.webkit.org/show_bug.cgi?id=72221
-
- Reviewed by Oliver Hunt.
-
- This patch standardizes the calling convention so that the caller always
- sets up the callee's CallFrame. Adjustments for call type, callee type,
- argument count, etc. now always take place after that initial setup.
-
- This is a step toward reversing the argument order, but also has these
- immediate benefits (measured on x64):
-
- (1) 1% benchmark speedup across the board.
-
- (2) 50% code size reduction in baseline JIT function calls.
-
- (3) 1.5x speedup for single-dispatch .apply forwarding.
-
- (4) 1.1x speedup for multi-dispatch .apply forwarding.
-
- This change affected the baseline JIT most, since the baseline JIT had
- lots of ad hoc calling conventions for different caller / callee types.
-
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::branchPtr):
- (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
- a test, like other assemblers do. (I added some compares to 0, and didn't
- want them to be slow.)
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
- op_call_varargs could share code generation with other forms of op_call.
- This is also a small optimization, since op_*varargs no longer have to
- pass arguments to each other through the register file.
-
- (JSC::CallLinkInfo::unlink):
- * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
- us to link functions called through .apply syntax. We need to distinguish
- CallVarargs from Call because CallVarargs changes its argument count
- on each inovcation, so we must always link to the argument count checking
- version of the callee.
-
- * bytecode/Opcode.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitCallVarargs):
- * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
- some of this bytecode generation to remove redundant copies.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
- DFG doesn't support this type, but its code needs to change slightly
- to accomodate a 3-state variable.
-
- Stopped passing the argument count in regT1 because this is non-standard.
- (The argument count goes in the CallFrame. This trades speed on the slow
- path for speed and code size on the fast path, and simplicity on all paths.
- A good trade, in my opinion.)
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::link):
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
- setup more obvious when single-stepping. Also, updated for argument count
- not being in regT1.
-
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addJSCall):
- (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
- type: CallVarargs.
-
- * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
- doing anything else. Don't check for stack overflow because we have no callee
- registers, and our caller has already checked for its own registers.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
- count doesn't match -- we just need to link to the argument count checking
- version.
-
- * interpreter/CallFrameClosure.h:
- (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
- arguments from C++, we need to supply a full copy of the arguments prior
- to the subset copy that matches our callee's argument count. (That is what
- the standard calling convention would have produced in JS.) I would have
- split this into its own patch, but I couldn't find a way to get the JIT
- to fail a regression test in this area without my patch applied.
-
- * interpreter/Interpreter.cpp: Let the true code bomb begin!
-
- (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
- and not eval()'s caller frame. We no longer leave the CallFrame pointing
- to eval()'s caller during a call to eval(), since that is not standard.
-
- (JSC::loadVarargs): Factored out a shared helper function for use by JIT
- and interpreter because half the code means one quarter the bugs -- in my
- programming, at least.
-
- (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
-
- (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
- putDirect, because it got in the way of my testing. (When putting a
- function, the cached base of a PutPropertySlot can be 0 to signify "do
- not optimize".)
-
- op_call_eval: Updated for new, standard eval calling convention.
-
- op_load_varargs: Merged op_load_varargs into op_call_varargs.
-
- op_call_varags: Updated for new, standard eval calling convention. Don't
- check for stack overflow because the loadVarargs helper function already
- checked.
-
- * interpreter/Interpreter.h:
- (JSC::Interpreter::execute): Headers are fun and educational!
-
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::growSlowCase):
- * interpreter/RegisterFile.h:
- (JSC::RegisterFile::grow): Factored out the slow case into a slow
- case because it was cramping the style of my fast case.
-
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile): Moved initialization of
- RegisterFile::CodeBlock to make it more obvious when debugging. Removed
- assumption that argument count is in regT1, as above. Removed call to
- restoreArgumentReference() because the JITStubCall abstraction does this for us.
-
- (JSC::JIT::linkFor): Link even if we miss on argument count, as above.
-
- * jit/JIT.h:
- * jit/JITCall32_64.cpp:
- (JSC::JIT::emitSlow_op_call):
- (JSC::JIT::emitSlow_op_call_eval):
- (JSC::JIT::emitSlow_op_call_varargs):
- (JSC::JIT::emitSlow_op_construct):
- (JSC::JIT::emit_op_call_eval):
- (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
- Don't count call_eval when accounting for linkable function calls because
- eval doesn't link. (Its fast path is to perform the eval.)
-
- (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
- to our new calling convention. The key to this optimization is the
- observation that, in a function that declares no arguments, if any
- arguments are passed, they all end up right behind 'this'.
-
- (JSC::JIT::compileCallEval):
- (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
-
- (JSC::JIT::compileOpCall):
- (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
- this is the whole point of my patch. The caller now unconditionally moves
- the CallFrame forward and fills in the data it knows before taking any
- branches to deal with weird caller/callee pairs.
-
- This also means that there is almost no slow path for calls -- it all
- gets folded into the shared virtual call stub. The only things remaining
- in the slow path are the rare case counter and a call to the stub.
-
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
- different registers or in memory, based on our new standard calling
- convention.
-
- Added a shared path for calling out to CTI helper functions for non-JS
- calls.
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_method_check): method_check emits its own code and
- the following get_by_id's code, so it needs to add both when informing
- result chaining of its result. This is important because the standard
- calling convention can now take advantage of this chaining.
-
- * jit/JITCall.cpp:
- (JSC::JIT::compileLoadVarargs):
- (JSC::JIT::compileCallEval):
- (JSC::JIT::compileCallEvalSlowCase):
- (JSC::JIT::compileOpCall):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::emit_op_call_eval):
- (JSC::JIT::emit_op_call_varargs):
- (JSC::JIT::emitSlow_op_call):
- (JSC::JIT::emitSlow_op_call_eval):
- (JSC::JIT::emitSlow_op_call_varargs):
- (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
- second time, now with 64 bits.
-
- * jit/JITStubs.cpp:
- (JSC::throwExceptionFromOpCall):
- (JSC::jitCompileFor):
- (JSC::arityCheckFor):
- (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
- Exceptions thrown in the middle of a function call now use a shared helper
- function (throwExceptionFromOpCall). This function understands that the
- CallFrame currently points to the callEE, and the exception must be
- thrown by the callER. (The old calling convention would often still have
- the CallFrame pointing at the callER at the point of an exception. That
- is not the way of our new, standard calling convention.)
-
- (JSC::op_call_eval): Finish standard CallFrame setup before calling
- our eval helper function, which now depends on that setup.
-
- * runtime/Arguments.h:
- (JSC::Arguments::length): Renamed numProvidedArguments() to length()
- because that's what other objects call it, and the difference made our
- new loadVarargs helper function hard to read.
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
- fixes.
-
- * runtime/FunctionPrototype.cpp:
- (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
- the .apply call_varargs optimization fails. (This bug appears on layout
- tests when you disable the optimization.)
-
-2011-11-11 Jer Noble <jer.noble@apple.com>
-
- Implement MediaController.
- https://bugs.webkit.org/show_bug.cgi?id=71408
-
- Reviewed by Eric Carlson.
-
- Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as
- CoreAudioClock.h is not available there.
-
- * wtf/Platform.h:
-
-2011-11-14 Patrick Gansterer <paroga@webkit.org>
-
- [WIN] Remove dependency on pthread from FastMalloc
- https://bugs.webkit.org/show_bug.cgi?id=72098
-
- Reviewed by Adam Roben.
-
- All pthread calls are already ported to native Windows calls.
- Use the native version for all OS(WINDOWS) to remove the
- runtime dependency on the pthread dll.
-
- * wtf/FastMalloc.cpp:
-
-2011-11-14 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] Replace use of QApplication with QGuiApplication.
-
- Reviewed by Tor Arne Vestbø.
-
- * wtf/qt/compat/qguiapplication.h:
- (QGuiApplication::styleHints): Introduce styleHints wrapper hack.
-
-2011-11-14 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck build.
-
- * GNUmakefile.list.am: Add missing files.
-
-2011-11-11 Yury Semikhatsky <yurys@chromium.org>
-
- Web Inspector: function remote objetct should provide access to function position in the script
- https://bugs.webkit.org/show_bug.cgi?id=71808
-
- Exposed accessor for function source code.
-
- Reviewed by Pavel Feldman.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::sourceCode):
- * runtime/JSFunction.h:
-
-2011-11-13 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Fix silent spilling/filling GPRs in DFG 32_64
- https://bugs.webkit.org/show_bug.cgi?id=72201
-
- Reviewed by Gavin Barraclough.
-
- Current silentSpillGPR/silentFillGPR may not work as expected for some
- cases in 32_64. If there's a JSValue which was retained by two GPRs,
- we may end up failing to spill/fill some GPRs or redundantly
- spilling/filling some GPRs. For example, if we tend to exclude "eax"
- from spilling while a JSValue is retained by both "eax" and "edx",
- then "edx" won't be spilled as well (wrong). And if another JSValue is
- retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
- twice. The similar problem applies to silentFillGPR.
- The fix is to make silentSpillGPR/silentFillGPR more straightforward,
- i.e., spilling/filling based on the GPR instead of the virtual
- register. FPR spilling/filling is also modified accordingly to make it
- consistent with GPR spilling/filling.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentSpillGPR):
- (JSC::DFG::JITCodeGenerator::silentSpillFPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
- (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
-
-2011-11-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
-
- [Qt][Symbian] Remove support for WINSCW compiler
- https://bugs.webkit.org/show_bug.cgi?id=70178
-
- Reviewed by Chang Shu.
-
- * API/JSStringRef.h:
- * create_hash_table: Revert r45553.
- * runtime/JSGlobalData.cpp: Revert r45553.
- * runtime/LiteralParser.cpp: Remove WINSCW comment.
- (JSC::LiteralParser::Lexer::lexString):
- * runtime/Lookup.h: Revert r45553.
- * runtime/Structure.h: Revert r48461.
- * wtf/Alignment.h:
- * wtf/Assertions.h: Revert r52337.
- * wtf/Compiler.h:
- * wtf/ListRefPtr.h: Revert r48988.
- (WTF::ListRefPtr::~ListRefPtr):
- * wtf/OwnArrayPtr.h: Revert r45911.
- (WTF::OwnArrayPtr::operator UnspecifiedBoolType):
- * wtf/PassOwnArrayPtr.h:
- (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType):
- * wtf/PassRefPtr.h:
- * wtf/StaticConstructors.h:
- * wtf/unicode/qt4/UnicodeQt4.h:
-
-2011-11-12 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code.
-
- * dfg/DFGCorrectableJumpPoint.cpp:
- * dfg/DFGCorrectableJumpPoint.h:
-
-2011-11-12 Patrick Gansterer <paroga@webkit.org>
-
- [CMake] Move list of DFG source files into correct file
- https://bugs.webkit.org/show_bug.cgi?id=72212
-
- Reviewed by Daniel Bates.
-
- The DFG files are platform independent. So move them from
- the EFL specific file into the general CMakeLists.txt.
-
- * CMakeLists.txt:
- * PlatformEfl.cmake:
-
-2011-11-12 Patrick Gansterer <paroga@webkit.org>
-
- Fix "unused variable" warning in JSLock
- https://bugs.webkit.org/show_bug.cgi?id=72213
-
- Reviewed by Anders Carlsson.
-
- Use ASSERT_UNUSED() instead of ASSERT() to make sure
- that the variable is also used in the release build.
-
- * runtime/JSLock.cpp:
- (JSC::JSLock::lock):
- (JSC::JSLock::unlock):
-
-2011-11-11 Gavin Barraclough <barraclough@apple.com>
-
- Update iOS compiler version.
-
- Reviewed by David Kilzer.
-
- * Configurations/CompilerVersion.xcconfig:
- - Update compiler version.
-
-2011-11-11 Gavin Barraclough <barraclough@apple.com>
-
- Update iOS port's configuration setting, particularly in Platform.h
- https://bugs.webkit.org/show_bug.cgi?id=72187
-
- Reviewed by David Kilzer.
-
- * interpreter/Interpreter.h:
- - Lower the reentry depth.
- * runtime/DatePrototype.cpp:
- - iOS also uses CF.
- * wtf/FastMalloc.cpp:
- (WTF::TCMalloc_PageHeap::IncrementalScavenge):
- - Update fastmalloc configuration for iOS.
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
- - Added flag.
- * wtf/Platform.h:
- - Update platform configuration for iOS.
-
-2011-11-11 David Kilzer <ddkilzer@apple.com>
-
- Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X
- <http://webkit.org/b/72175>
-
- Reviewed by Joseph Pecoraro.
-
- * wtf/Platform.h: Move the definition of the BUILDING_ON_* and
- TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined
- so that they're only defined on Mac OS X builds. Also include
- Availability.h, which is needed on iOS builds.
-
-2011-11-11 Darin Adler <darin@apple.com>
-
- Remove all releaseRef implementations except for RetainPtr
- https://bugs.webkit.org/show_bug.cgi?id=71423
-
- Reviewed by Julien Chaffraix.
-
- * API/JSRetainPtr.h: Removed releaseRef.
- * wtf/PassRefPtr.h: Removed releaseRef.
-
-2011-11-11 Darin Adler <darin@apple.com>
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
- If an older Xcode downgrades this file and we have a risk of some kind of
- oscillating commit situation, please contact me so I know not to do this again.
-
-2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add jsCast to replace static_cast
- https://bugs.webkit.org/show_bug.cgi?id=72071
-
- Reviewed by Geoffrey Garen.
-
- Added new jsCast and changed all of the static_cast sites in functions that
- are in the MethodTable to use jsCast instead.
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::toStringCallback):
- (JSC::JSCallbackFunction::valueOfCallback):
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::visitChildren):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::className):
- (JSC::::getOwnPropertySlot):
- (JSC::::getOwnPropertyDescriptor):
- (JSC::::put):
- (JSC::::deleteProperty):
- (JSC::::deletePropertyByIndex):
- (JSC::::getConstructData):
- (JSC::::hasInstance):
- (JSC::::getCallData):
- (JSC::::getOwnPropertyNames):
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::visitChildren):
- (JSC::DebuggerActivation::className):
- (JSC::DebuggerActivation::getOwnPropertySlot):
- (JSC::DebuggerActivation::put):
- (JSC::DebuggerActivation::putWithAttributes):
- (JSC::DebuggerActivation::deleteProperty):
- (JSC::DebuggerActivation::getOwnPropertyNames):
- (JSC::DebuggerActivation::getOwnPropertyDescriptor):
- (JSC::DebuggerActivation::defineGetter):
- (JSC::DebuggerActivation::defineSetter):
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildren):
- (JSC::Arguments::getOwnPropertySlotByIndex):
- (JSC::Arguments::getOwnPropertySlot):
- (JSC::Arguments::getOwnPropertyDescriptor):
- (JSC::Arguments::getOwnPropertyNames):
- (JSC::Arguments::putByIndex):
- (JSC::Arguments::put):
- (JSC::Arguments::deletePropertyByIndex):
- (JSC::Arguments::deleteProperty):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::getOwnPropertySlot):
- (JSC::ArrayConstructor::getOwnPropertyDescriptor):
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertySlot):
- (JSC::ArrayPrototype::getOwnPropertyDescriptor):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::getOwnPropertySlot):
- (JSC::BooleanPrototype::getOwnPropertyDescriptor):
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getOwnPropertySlot):
- (JSC::DateConstructor::getOwnPropertyDescriptor):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::getOwnPropertySlot):
- (JSC::DatePrototype::getOwnPropertyDescriptor):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::getOwnPropertySlot):
- (JSC::ErrorPrototype::getOwnPropertyDescriptor):
- * runtime/Executable.cpp:
- (JSC::ExecutableBase::clearCode):
- (JSC::EvalExecutable::visitChildren):
- (JSC::ProgramExecutable::visitChildren):
- (JSC::FunctionExecutable::visitChildren):
- * runtime/GetterSetter.cpp:
- (JSC::GetterSetter::visitChildren):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- (JSC::JSActivation::getOwnPropertyNames):
- (JSC::JSActivation::getOwnPropertySlot):
- (JSC::JSActivation::put):
- (JSC::JSActivation::putWithAttributes):
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertySlotByIndex):
- (JSC::JSArray::getOwnPropertySlot):
- (JSC::JSArray::getOwnPropertyDescriptor):
- (JSC::JSArray::put):
- (JSC::JSArray::putByIndex):
- (JSC::JSArray::deleteProperty):
- (JSC::JSArray::deletePropertyByIndex):
- (JSC::JSArray::getOwnPropertyNames):
- (JSC::JSArray::visitChildren):
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::hasInstance):
- (JSC::JSBoundFunction::visitChildren):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::getOwnPropertySlot):
- (JSC::JSByteArray::getOwnPropertyDescriptor):
- (JSC::JSByteArray::getOwnPropertySlotByIndex):
- (JSC::JSByteArray::put):
- (JSC::JSByteArray::putByIndex):
- (JSC::JSByteArray::getOwnPropertyNames):
- * runtime/JSCell.h:
- (JSC::JSCell::visitChildren):
- (JSC::jsCast):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::visitChildren):
- (JSC::JSFunction::getCallData):
- (JSC::JSFunction::getOwnPropertySlot):
- (JSC::JSFunction::getOwnPropertyDescriptor):
- (JSC::JSFunction::getOwnPropertyNames):
- (JSC::JSFunction::put):
- (JSC::JSFunction::deleteProperty):
- (JSC::JSFunction::getConstructData):
- * runtime/JSGlobalData.cpp:
- (JSC::StackPreservingRecompiler::operator()):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::put):
- (JSC::JSGlobalObject::putWithAttributes):
- (JSC::JSGlobalObject::defineGetter):
- (JSC::JSGlobalObject::defineSetter):
- (JSC::JSGlobalObject::visitChildren):
- (JSC::JSGlobalObject::getOwnPropertySlot):
- (JSC::JSGlobalObject::getOwnPropertyDescriptor):
- (JSC::JSGlobalObject::clearRareData):
- * runtime/JSGlobalThis.cpp:
- (JSC::JSGlobalThis::visitChildren):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::getOwnPropertySlot):
- (JSC::JSONObject::getOwnPropertyDescriptor):
- * runtime/JSObject.cpp:
- (JSC::JSObject::finalize):
- (JSC::JSObject::visitChildren):
- (JSC::JSObject::getOwnPropertySlotByIndex):
- (JSC::JSObject::put):
- (JSC::JSObject::putByIndex):
- (JSC::JSObject::deleteProperty):
- (JSC::JSObject::deletePropertyByIndex):
- * runtime/JSObject.h:
- (JSC::JSObject::getOwnPropertySlot):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::visitChildren):
- (JSC::JSStaticScopeObject::put):
- (JSC::JSStaticScopeObject::putWithAttributes):
- (JSC::JSStaticScopeObject::getOwnPropertySlot):
- * runtime/JSString.cpp:
- (JSC::JSString::visitChildren):
- (JSC::JSString::toThisObject):
- (JSC::JSString::getOwnPropertySlot):
- (JSC::JSString::getOwnPropertySlotByIndex):
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::deleteProperty):
- (JSC::JSVariableObject::getOwnPropertyNames):
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::visitChildren):
- * runtime/MathObject.cpp:
- (JSC::MathObject::getOwnPropertySlot):
- (JSC::MathObject::getOwnPropertyDescriptor):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::visitChildren):
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getOwnPropertySlot):
- (JSC::NumberConstructor::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::getOwnPropertySlot):
- (JSC::NumberPrototype::getOwnPropertyDescriptor):
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getOwnPropertySlot):
- (JSC::ObjectConstructor::getOwnPropertyDescriptor):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::put):
- (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
- (JSC::ObjectPrototype::getOwnPropertySlot):
- (JSC::ObjectPrototype::getOwnPropertyDescriptor):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getOwnPropertySlot):
- (JSC::RegExpConstructor::getOwnPropertyDescriptor):
- (JSC::RegExpConstructor::put):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::getOwnPropertySlot):
- (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
- (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
- (JSC::RegExpMatchesArray::put):
- (JSC::RegExpMatchesArray::putByIndex):
- (JSC::RegExpMatchesArray::deleteProperty):
- (JSC::RegExpMatchesArray::deletePropertyByIndex):
- (JSC::RegExpMatchesArray::getOwnPropertyNames):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::visitChildren):
- (JSC::RegExpObject::getOwnPropertySlot):
- (JSC::RegExpObject::getOwnPropertyDescriptor):
- (JSC::RegExpObject::put):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::getOwnPropertySlot):
- (JSC::RegExpPrototype::getOwnPropertyDescriptor):
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::visitChildren):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getOwnPropertySlot):
- (JSC::StringConstructor::getOwnPropertyDescriptor):
- * runtime/StringObject.cpp:
- (JSC::StringObject::getOwnPropertySlot):
- (JSC::StringObject::getOwnPropertySlotByIndex):
- (JSC::StringObject::getOwnPropertyDescriptor):
- (JSC::StringObject::deleteProperty):
- (JSC::StringObject::getOwnPropertyNames):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::getOwnPropertySlot):
- (JSC::StringPrototype::getOwnPropertyDescriptor):
- * runtime/Structure.cpp:
- (JSC::Structure::visitChildren):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::visitChildren):
-
-2011-11-11 Gavin Barraclough <barraclough@apple.com>
-
- Enable DFG JIT for ARMv7/iOS.
-
- Rubber stamped by Oliver Hunt.
-
- * wtf/Platform.h:
- - enable DFG JIT for ARMv7/iOS.
-
-2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
- https://bugs.webkit.org/show_bug.cgi?id=72035
-
- Reviewed by Geoffrey Garen.
-
- De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable.
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * interpreter/Interpreter.cpp: Ditto.
- (JSC::Interpreter::execute):
- * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers.
- * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table.
- (JSC::JSGlobalObject::JSGlobalObject):
- (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers.
- (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table.
- (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto.
- (JSC::JSGlobalObject::shouldInterruptScript): Ditto.
- * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup.
- (JSC::TimeoutChecker::didTimeOut):
-
-2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSGlobalObject::allowsAccessFrom
- https://bugs.webkit.org/show_bug.cgi?id=71969
-
- Reviewed by Darin Adler.
-
- * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to
- JSDOMWindowBase and WebScriptObject.
-
-2011-11-11 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r99950.
- http://trac.webkit.org/changeset/99950
- https://bugs.webkit.org/show_bug.cgi?id=72117
-
- "Landed wrong patch by mistake" (Requested by yurys on
- #webkit).
-
- * JavaScriptCore.exp:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
-
-2011-11-11 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for !ENABLE(JIT) after r99898.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
-
-2011-11-10 Dan Bernstein <mitz@apple.com>
-
- Disabling assertions breaks the debug build
- https://bugs.webkit.org/show_bug.cgi?id=72091
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGNode.h: Made hasIdentifier() available when assertions are
- disabled. It is used in Graph::dump().
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation
- only if assertions are enabled.
- * wtf/Deque.h:
- (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED.
- * wtf/ThreadRestrictionVerifier.h:
- (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of
- a local variable that is only used in an assertion.
-
-2011-11-10 Filip Pizlo <fpizlo@apple.com>
-
- JSString forgets to clear m_fibers when resolving ropes
- https://bugs.webkit.org/show_bug.cgi?id=72089
-
- Reviewed by Geoff Garen.
-
- * runtime/JSString.cpp:
- (JSC::JSString::resolveRopeSlowCase):
-
-2011-11-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG byte array support sometimes clamps values incorrectly
- https://bugs.webkit.org/show_bug.cgi?id=71975
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-
-2011-11-10 Filip Pizlo <fpizlo@apple.com>
-
- ValueProfile/PredictedType contains dead code, and doesn't recognize functions
- https://bugs.webkit.org/show_bug.cgi?id=72065
-
- Reviewed by Gavin Barraclough and Geoff Garen.
-
- Added PredictFunction support, and did some cleaning up along the way.
- ValueProfile no longer has statistics machinery, because we never used
- it. Rearranged some bits in PredictedType to more easily make room for
- one more object type. Changed some debug code to use more consistent
- conventions (ByteArray becomes Bytearray so that if we ever have a
- "Byte" prediction we don't get confused between a prediction that is
- the union of Byte and Array and a prediction that indicates precisely
- a ByteArray).
-
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- (JSC::predictionFromClassInfo):
- * bytecode/PredictedType.h:
- (JSC::isFunctionPrediction):
- * bytecode/ValueProfile.cpp:
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::dump):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-11-10 David Kilzer <ddkilzer@apple.com>
-
- <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
-
- Reviewed by Joseph Pecoraro.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
- script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
- for installation. Also removed "Versions/A/" from the path
- since this is unneeded due the default symlinks present in the
- framework.
-
-2011-11-10 Gavin Barraclough <barraclough@apple.com>
-
- Add ARMv7 support to the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=72061
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
- (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
- (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
- (JSC::DFG::AssemblyHelpers::boxDouble):
- (JSC::DFG::AssemblyHelpers::unboxDouble):
- - Add CPU(ARM) copies of these functions.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::spill):
- - Fix matching of '}' re #if blocks, makes some tools happy.
- (JSC::DFG::JITCodeGenerator::setupArguments):
- (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState):
- (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult):
- (JSC::DFG::JITCodeGenerator::appendCallSetResult):
- - Add CPU(ARM) / 4 argument register copies of these functions.
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- - Should use callOperation to plant a call to a DFG_OPERATION.
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- - These methods need to plant a relinkable jump; we currently do so
- using beginUninterruptedSequence() / endUninterruptedSequence().
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- - Should use callOperation to plant a call to a DFG_OPERATION.
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkOSRExits):
- - This method needs to plant a relinkable jump; we currently do so
- using beginUninterruptedSequence() / endUninterruptedSequence().
- (JSC::DFG::JITCompiler::compileBody):
- - Add abstraction to retrieve the pc after a call.
- * dfg/DFGOSRExitCompiler.cpp:
- - Fix a bug - CodeLocationLabel needs a data address rather than an
- executable one, but can just take a MacroAssemblerCodePtr instead!
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::compileClampDoubleToByte):
- - Add FIXME comment to come back to! - bug#72054.
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- - Add missing method (ooops, required by bug#72047)
- * dfg/DFGSpeculativeJIT32_64.cpp:
- - Need to wrap fmod on ARMv7.
-
-
-2011-11-10 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not reparse code that was just parsed
- https://bugs.webkit.org/show_bug.cgi?id=71977
-
- Reviewed by Geoff Garen.
-
- The instruction stream of a code block is now kept around until
- the next GC. When doing either an optimizing compilation of an
- executable, or inlining of an executable, we now try to find the
- already preexisting bytecode. If we find it, we don't have to parse.
- If we don't find it, we parse as before. Inlining takes the extra
- step of caching code blocks, so if the same executable gets inlined
- multiple times into the same caller, then we parse it at most once
- even if prior to inlining that executable did not have any code
- blocks with an instruction stream.
-
- Also fixed a silly bug where the strict mode for various operations
- was being determined by looking at the machine code block rather
- than the inlinee.
-
- To enable the delete-on-next-GC policy, I introduced the notion
- of an ultra weak finalizer, which anyone can register during
- tracing. This is thread-safe (for parallel GC) and
- stop-the-world-safe (so calls to free() are postponed until the
- world is resumed). This required reusing some facilities previously
- created for WeakReferenceHarvester, so I created a common utility
- class. I also retweaked the handling of WeakReferenceHarvesters,
- since they should be executed during stop-the-world since in the
- future we may want to allow them to call drain().
-
- 2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
- elsewhere.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::visitAggregate):
- (JSC::CodeBlock::copyPostParseDataFrom):
- (JSC::CodeBlock::copyPostParseDataFromAlternative):
- (JSC::CodeBlock::finalizeUnconditionally):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::canProduceCopyWithBytecode):
- (JSC::CodeBlock::discardBytecodeLater):
- (JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
- (JSC::GlobalCodeBlock::GlobalCodeBlock):
- (JSC::ProgramCodeBlock::ProgramCodeBlock):
- (JSC::EvalCodeBlock::EvalCodeBlock):
- (JSC::FunctionCodeBlock::FunctionCodeBlock):
- (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
- (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::strictModeFor):
- * dfg/DFGByteCodeCache.h: Added.
- (JSC::DFG::CodeBlockKey::CodeBlockKey):
- (JSC::DFG::CodeBlockKey::operator==):
- (JSC::DFG::CodeBlockKey::hash):
- (JSC::DFG::CodeBlockKey::executable):
- (JSC::DFG::CodeBlockKey::kind):
- (JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
- (JSC::DFG::CodeBlockKeyHash::hash):
- (JSC::DFG::CodeBlockKeyHash::equal):
- (JSC::DFG::ByteCodeCache::ByteCodeCache):
- (JSC::DFG::ByteCodeCache::~ByteCodeCache):
- (JSC::DFG::ByteCodeCache::get):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleInlining):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * heap/Heap.cpp:
- (JSC::Heap::finalizeUnconditionally):
- (JSC::Heap::markRoots):
- (JSC::Heap::collect):
- * heap/Heap.h:
- * heap/ListableHandler.h: Added.
- (JSC::ListableHandler::ListableHandler):
- (JSC::ListableHandler::~ListableHandler):
- (JSC::ListableHandler::List::List):
- (JSC::ListableHandler::List::addNotThreadSafe):
- (JSC::ListableHandler::List::addThreadSafe):
- (JSC::ListableHandler::List::hasNext):
- (JSC::ListableHandler::List::removeNext):
- * heap/MarkStack.cpp:
- (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
- (JSC::SlotVisitor::harvestWeakReferences):
- (JSC::SlotVisitor::finalizeUnconditionally):
- * heap/MarkStack.h:
- (JSC::MarkStack::addWeakReferenceHarvester):
- (JSC::MarkStack::addUnconditionalFinalizer):
- * heap/SlotVisitor.h:
- * heap/UnconditionalFinalizer.h: Added.
- (JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
- * heap/WeakReferenceHarvester.h:
- (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
- (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::baselineCodeBlockFor):
- (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
- (JSC::FunctionExecutable::produceCodeBlockFor):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::profiledCodeBlockFor):
-
-2011-11-10 Gavin Barraclough <barraclough@apple.com>
-
- Add ARMv7 register info for the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=72050
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGFPRInfo.h:
- (JSC::DFG::FPRInfo::toRegister):
- (JSC::DFG::FPRInfo::toIndex):
- (JSC::DFG::FPRInfo::debugName):
- * dfg/DFGGPRInfo.h:
- (JSC::DFG::GPRInfo::toRegister):
- (JSC::DFG::GPRInfo::toIndex):
- (JSC::DFG::GPRInfo::debugName):
-
-2011-11-10 Gavin Barraclough <barraclough@apple.com>
-
- #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64
- https://bugs.webkit.org/show_bug.cgi?id=72047
-
- Reviewed by Geoff Garen.
-
- We currently don't attempt to abstract divide through the macro assembler,
- due to these instructions commonly having specific requirements. This means
- there is architecture specific code in the JIT - #ifdef it, and provide a
- common implementation.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::fmodAsDFGOperation):
(JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-10 Gavin Barraclough <barraclough@apple.com>
-
- Add ENABLE_VALUE_PROFILER support for ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=72043
-
- Reviewed by Geoff Garen.
-
- This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code.
-
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emitSlow_op_mod):
- - cleanup location of UNUSED_PARAM
- * jit/JITStubs.cpp:
- (JSC::ctiTrampoline):
- (JSC::ctiVMThrowTrampoline):
- (JSC::ctiOpThrowNotCaught):
- (JSC::JITThunks::JITThunks):
- * jit/JITStubs.h:
- - Update JITStackFrame structure & asm code to spill more registers.
- * jit/JSInterfaceJIT.h:
- - Assign a bucketCounterRegister.
-
-2011-11-10 Gavin Barraclough <barraclough@apple.com>
-
- Fix sampling counters on ARMv7, move add64 functionality to macro assembler
- https://bugs.webkit.org/show_bug.cgi?id=72040
-
- Reviewed by Geoff Garen.
-
- The ability to add an integer to a uint64_t in memory is poorly copied in
- multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly
- designed interface since add32 is not required to set flags (we have no
- concept of flags in the macro assembler interface).
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::add64):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::add64):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::add64):
- * dfg/DFGAssemblyHelpers.cpp:
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::emitCount):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::writeBarrier):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitCount):
-
-011-11-10 Ryuan Choi <ryuan.choi@samsung.com>
-
- [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake
- https://bugs.webkit.org/show_bug.cgi?id=56705
-
- Reviewed by Adam Roben.
-
- * CMakeLists.txt:
- * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt.
- * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt.
- * shell/CMakeLists.txt:
- * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt.
- * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt.
- * wtf/CMakeLists.txt:
- * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt.
- * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt.
-
-2011-11-10 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix make distcheck build.
-
- * GNUmakefile.list.am: Add missing files.
-
-2011-11-09 Michael Saboff <msaboff@apple.com>
-
- Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type
- https://bugs.webkit.org/show_bug.cgi?id=71862
-
- Changed LiteralParser to be templatized of character type.
-
- Moved five enums out of class definition to work around a clang compiler defect.
-
- Added lexIdentifier templated method to break out character specific versions.
- Added static setParserTokenString templated method to handle setting approriately
- sized string pointer.
-
- To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two
- flavors of LiteralParser are explicitly instantiated at the end of
- LiteralParser.cpp.
-
- Reviewed by Oliver Hunt.
-
- * API/JSValueRef.cpp:
- (JSValueMakeFromJSONString):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- (JSC::Interpreter::execute):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncEval):
- * runtime/JSONObject.cpp:
- (JSC::JSONProtoFuncParse):
- * runtime/LiteralParser.cpp:
- (JSC::isJSONWhiteSpace):
- (JSC::::tryJSONPParse):
- (JSC::::makeIdentifier):
- (JSC::::Lexer::lex):
- (JSC::::Lexer::lexIdentifier):
- (JSC::::Lexer::next):
- (JSC::LChar):
- (JSC::UChar):
- (JSC::isSafeStringCharacter):
- (JSC::::Lexer::lexString):
- (JSC::::Lexer::lexNumber):
- (JSC::::parse):
- * runtime/LiteralParser.h:
- (JSC::LiteralParser::LiteralParser):
- (JSC::LiteralParser::getErrorMessage):
- (JSC::LiteralParser::tryLiteralParse):
- (JSC::LiteralParser::Lexer::Lexer):
- (JSC::LiteralParser::Lexer::currentToken):
- (JSC::LiteralParser::Lexer::getErrorMessage):
- * runtime/UString.h:
- (JSC::LChar):
- (JSC::UChar):
- * wtf/text/StringBuilder.cpp:
- (WTF::StringBuilder::append):
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::append):
-
-2011-11-09 Filip Pizlo <fpizlo@apple.com>
-
- Multiple CodeBlock should be able to share the same instruction
- stream without copying
- https://bugs.webkit.org/show_bug.cgi?id=71978
-
- Reviewed by Oliver Hunt.
-
- This refactors CodeBlock::m_instructions to be a Vector boxed in a
- ref-counted object, but otherwise does not take advantage of this.
-
- This is performance neutral.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::printStructure):
- (JSC::CodeBlock::printStructures):
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::visitAggregate):
- (JSC::CodeBlock::shrinkToFit):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::hasInstructions):
- (JSC::CodeBlock::numberOfInstructions):
- (JSC::CodeBlock::instructions):
+ * dfg/DFGValidate.cpp:
+ (Validate):
+ (JSC::DFG::Validate::validate):
+ (JSC::DFG::Validate::checkOperand):
+ (JSC::DFG::Validate::reportValidationContext):
* jit/JIT.cpp:
- (JSC::JIT::JIT):
-
-2011-11-09 Gavin Barraclough <barraclough@apple.com>
-
- Renovate ARMv7 assembler/macro-assembler
- https://bugs.webkit.org/show_bug.cgi?id=71982
-
- Reviewed by Geoff Garen.
-
- ARMv7Assembler:
- * add support for strb (byte stores)
- * rename the VMOV_CtoS opcodes (there are currently backwards!)
- * add support for adc (add with carry)
- * add support for vsqrt, vabs
- * add support for vmov (between FPRs, and to/from GPR pairs).
- * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures).
- * rename vcvt_F64_S32 to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32).
- * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates).
-
- MacroAssemblerARMv7:
- * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32,
- * add store8, and store32 imm to base-index.
- * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code).
- * Update supportsFloating* flags (all features now supported).
- * add moveDouble, storeDouble to absolute address, addDouble to absolute address
- * add 3-operand double operations.
- * implement sqrtDouble/absDouble
- * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32
- * move should do nothing if src == dest
- * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed).
- * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address.
-
-2011-11-09 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=71873
-
- Reviewed by Geoff Garen.
-
- Incrementally re-landing these changes, trying to determine what went wrong.
- (The whole patch failed tests on the build bot but worked locally.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
-
-2011-11-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG OSR exit code should be lazily generated
- https://bugs.webkit.org/show_bug.cgi?id=71744
-
- Reviewed by Gavin Barraclough.
-
- The OSR exit code is now generated the first time it is executed,
- rather than right after speculative compilation. Because most OSR
- exits are never taken, this should greatly reduce both code size
- and compilation time.
-
- This is a 1% win on SunSpider, and a 1% win on V8 when running in
- my harness. No change in V8 in V8's harness (due to the long runs,
- so compile time is not an issue) and no change in Kraken (again,
- long runs of small code so compile time has no measurable effect).
-
- * CMakeListsEfl.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * assembler/AbstractMacroAssembler.h:
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::jump):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::jump):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::jmp_m):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::createDFGDataIfNecessary):
- (JSC::CodeBlock::appendDFGOSREntryData):
- (JSC::CodeBlock::numberOfDFGOSREntries):
- (JSC::CodeBlock::dfgOSREntryData):
- (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
- (JSC::CodeBlock::appendOSRExit):
- (JSC::CodeBlock::appendSpeculationRecovery):
- (JSC::CodeBlock::numberOfOSRExits):
- (JSC::CodeBlock::numberOfSpeculationRecoveries):
- (JSC::CodeBlock::osrExit):
- (JSC::CodeBlock::speculationRecovery):
- * dfg/DFGAssemblyHelpers.h:
- (JSC::DFG::AssemblyHelpers::debugCall):
- * dfg/DFGCorrectableJumpPoint.cpp: Added.
- (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
- * dfg/DFGCorrectableJumpPoint.h: Added.
- (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
- (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
- (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
- (JSC::DFG::CorrectableJumpPoint::correctLateJump):
- (JSC::DFG::CorrectableJumpPoint::initialJump):
- (JSC::DFG::CorrectableJumpPoint::lateJump):
- (JSC::DFG::CorrectableJumpPoint::correctJump):
- (JSC::DFG::CorrectableJumpPoint::getJump):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkOSRExits):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- * dfg/DFGOSRExit.cpp: Added.
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::OSRExit::dump):
- * dfg/DFGOSRExit.h:
- * dfg/DFGOSRExitCompiler.cpp: Added.
- * dfg/DFGOSRExitCompiler.h:
- * dfg/DFGOSRExitCompiler32_64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp:
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- * dfg/DFGThunks.cpp: Added.
- (JSC::DFG::osrExitGenerationThunkGenerator):
- * dfg/DFGThunks.h: Added.
- * jit/JITCode.h:
- (JSC::JITCode::dataAddressAtOffset):
- * runtime/JSGlobalData.h:
-
-2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fixing build breakage
-
- Unreviewed build fix
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSVariableObject::isDynamicScope
- https://bugs.webkit.org/show_bug.cgi?id=71933
-
- Reviewed by Geoffrey Garen.
-
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope
- (JSC::JSActivation::isDynamicScope):
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope
- (JSC::JSGlobalObject::isDynamicScope):
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope
- (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType
- (JSC::JSStaticScopeObject::isDynamicScope):
- * runtime/JSType.h: Added new type for JSStaticScopeObject
- * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the
- object's type and calls the corresponding implementation.
- (JSC::JSVariableObject::isDynamicScope):
- * runtime/JSVariableObject.h:
-
-2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSGlobalObject::hasOwnPropertyForWrite
- https://bugs.webkit.org/show_bug.cgi?id=71934
-
- Reviewed by Geoffrey Garen.
-
- * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it.
-
-2011-11-09 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=71873
-
- Reviewed by Geoff Garen.
-
- Incrementally re-landing these changes, trying to determine what went wrong.
- (The whole patch failed tests on the build bot but worked locally.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::absDouble):
- * assembler/MacroAssemblerARMv7.h:
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::absDouble):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::absDouble):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::absDouble):
- * assembler/MacroAssemblerX86Common.h:
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::absDouble):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/ThunkGenerators.cpp:
- (JSC::absThunkGenerator):
-
-2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::getOwnPropertyDescriptor
- https://bugs.webkit.org/show_bug.cgi?id=71523
-
- Reviewed by Sam Weinig.
-
- Added getOwnPropertyDescriptor to the MethodTable, changed all of the
- virtual versions of getOwnPropertyDescriptor to static ones, and
- changed all of the call sites to the corresponding lookup in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getOwnPropertyDescriptor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::getOwnPropertyDescriptor):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertyDescriptor):
- * runtime/Arguments.h:
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::getOwnPropertyDescriptor):
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertyDescriptor):
- * runtime/ArrayPrototype.h:
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::getOwnPropertyDescriptor):
- * runtime/BooleanPrototype.h:
- * runtime/ClassInfo.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getOwnPropertyDescriptor):
- * runtime/DateConstructor.h:
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::getOwnPropertyDescriptor):
- * runtime/DatePrototype.h:
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::getOwnPropertyDescriptor):
- * runtime/ErrorPrototype.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertyDescriptor):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::getOwnPropertyDescriptor):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getOwnPropertyDescriptor):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertyDescriptor):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::getOwnPropertyDescriptor):
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::getOwnPropertyDescriptor):
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::getOwnPropertyDescriptor):
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::vtableAnchor):
- (JSC::JSObject::propertyIsEnumerable):
- (JSC::JSObject::getOwnPropertyDescriptor):
- (JSC::JSObject::getPropertyDescriptor):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a
- bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject. There were
- no call sites for this version of getOwnPropertyDescriptor in the entire project.
- * runtime/JSString.h:
- * runtime/Lookup.h:
- (JSC::getStaticPropertyDescriptor):
- (JSC::getStaticFunctionDescriptor):
- (JSC::getStaticValueDescriptor):
- * runtime/MathObject.cpp:
- (JSC::MathObject::getOwnPropertyDescriptor):
- * runtime/MathObject.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getOwnPropertyDescriptor):
- * runtime/NumberConstructor.h:
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getOwnPropertyDescriptor):
- (JSC::objectConstructorGetOwnPropertyDescriptor):
- * runtime/ObjectConstructor.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::getOwnPropertyDescriptor):
- * runtime/ObjectPrototype.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getOwnPropertyDescriptor):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::getOwnPropertyDescriptor):
- * runtime/RegExpObject.h:
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::getOwnPropertyDescriptor):
- * runtime/RegExpPrototype.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getOwnPropertyDescriptor):
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
- (JSC::StringObject::getOwnPropertyDescriptor):
- * runtime/StringObject.h:
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::getOwnPropertyDescriptor):
- * runtime/StringPrototype.h:
-
-2011-11-09 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=71873
-
- Reviewed by Geoff Garen.
-
- Incrementally re-landing these changes, trying to determine what went wrong.
- (The whole patch failed tests on the build bot but worked locally.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::supportsFloatingPoint):
- (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::supportsFloatingPoint):
- (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::supportsFloatingPoint):
- (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
- * jit/ThunkGenerators.cpp:
- (JSC::absThunkGenerator):
-
-2011-11-08 Darin Adler <darin@apple.com>
-
- Add code path in HashTable for emptyValueIsZero that does not require copying the empty value
- https://bugs.webkit.org/show_bug.cgi?id=71875
-
- Reviewed by Anders Carlsson.
-
- This is a step along the path of making OwnPtr work as HashMap value types.
-
- * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here.
- Also fixed include style. To include other WTF headers inside WTF, we use "" includes.
- I did not change the code to fix style checker complaints.
-
- * wtf/HashTable.h: Added includes as needed and fixed include style.
- (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which
- gave it internal linkage for no good reason.
- (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid
- construction/destruction problems instead of doing the trick where we construct and destroy
- an empty value twice. It's cleaner and simpler and avoids copying the empty value.
- (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the
- empty value is zero rather than copying an empty value.
-
- * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h.
-
-2011-11-09 Gabor Rapcsanyi <rgabor@webkit.org>
-
- Buildfix for 32bit debug mode.
-
- Reviewed by Csaba Osztrogonác.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::dump):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
-
-2011-11-09 Andy Wingo <wingo@igalia.com>
-
- Enable the DFG JIT on X86-64 Linux platforms
- https://bugs.webkit.org/show_bug.cgi?id=71373
-
- Reviewed by Csaba Osztrogonác.
-
- * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
- x86-64 GNU/Linux platform.
- * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
-
-2011-11-09 Csaba Osztrogonác <ossy@webkit.org>
-
- Enable the DFG JIT on x86-64 Linux platforms
- https://bugs.webkit.org/show_bug.cgi?id=71373
-
- Enable DFG JIT by default on X86 Linux and Mac platforms
- https://bugs.webkit.org/show_bug.cgi?id=71686
-
- Buildfix for stricter compilers: -Werror=unused-but-set-variable
-
- Reviewed by Zoltan Herczeg.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-09 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r99678.
- http://trac.webkit.org/changeset/99678
- https://bugs.webkit.org/show_bug.cgi?id=71882
-
- broke the build with -Werror=unused-but-set-variable
- (Requested by tronical_ on #webkit).
-
- * CMakeListsEfl.txt:
- * wtf/Platform.h:
-
-2011-11-09 Andy Wingo <wingo@igalia.com>
-
- Enable the DFG JIT on X86-64 Linux platforms
- https://bugs.webkit.org/show_bug.cgi?id=71373
-
- Reviewed by Filip Pizlo.
-
- * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
- x86-64 GNU/Linux platform.
- * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
-
-2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::defineOwnProperty
- https://bugs.webkit.org/show_bug.cgi?id=71429
-
- Reviewed by Geoffrey Garen.
-
- Added defineOwnProperty to the MethodTable, changed all the virtual
- implementations of defineOwnProperty to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/Arguments.cpp:
- (JSC::Arguments::createStrictModeCallerIfNecessary):
- (JSC::Arguments::createStrictModeCalleeIfNecessary):
- * runtime/ClassInfo.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::defineOwnProperty):
- * runtime/JSCell.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorDefineProperty):
- (JSC::defineProperties):
-
-2011-11-09 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] Build system cleanup
- https://bugs.webkit.org/show_bug.cgi?id=71815
-
- Reviewed by Kenneth Rohde Christiansen.
-
- * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf.
-
-2011-11-08 Simon Hausmann <simon.hausmann@nokia.com>
-
- [Qt] Replace use of QApplication with QGuiApplication
- https://bugs.webkit.org/show_bug.cgi?id=71794
-
- Reviewed by Andreas Kling.
-
- Add compat headers for use when building with Qt 4: QGuiApplication
- is typedef'ed to QApplication.
-
- * wtf/qt/compat/QGuiApplication: Added.
- * wtf/qt/compat/qguiapplication.h: Added.
-
-2011-11-08 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r99647.
- http://trac.webkit.org/changeset/99647
- https://bugs.webkit.org/show_bug.cgi?id=71876
-
- It broke jsc and layout tests on all bot (Requested by
- Ossy_night on #webkit).
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::supportsFloatingPoint):
- (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARM::supportsDoubleBitops):
- (JSC::MacroAssemblerARM::andnotDouble):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::andnotDouble):
- (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::supportsFloatingPoint):
- (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerSH4::supportsDoubleBitops):
- (JSC::MacroAssemblerSH4::andnotDouble):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::MacroAssemblerX86):
- (JSC::MacroAssemblerX86::supportsFloatingPoint):
- (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerX86::supportsDoubleBitops):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::andnotDouble):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
- * assembler/X86Assembler.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/ThunkGenerators.cpp:
- (JSC::absThunkGenerator):
- * runtime/JSGlobalData.cpp:
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Better abstract 'abs' operation through the MacroAssembler.
- https://bugs.webkit.org/show_bug.cgi?id=71873
-
- Reviewed by Geoff Garen.
-
- Currently the x86 specific instruction sequence to perform a double abs
- is duplicated throughout the JITs / thunk generators.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::supportsFloatingPoint):
- (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
- (JSC::MacroAssemblerARM::absDouble):
- - Renamed supportsFloatingPointAbs, make these methods static so that
- we can check the JIT's capabilites before we begin compilation.
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
- - Renamed supportsFloatingPointAbs, make these methods static so that
- we can check the JIT's capabilites before we begin compilation.
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::absDouble):
- (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
- - Renamed supportsFloatingPointAbs, make these methods static so that
- we can check the JIT's capabilites before we begin compilation.
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::supportsFloatingPoint):
- (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
- (JSC::MacroAssemblerSH4::absDouble):
- - Renamed supportsFloatingPointAbs, make these methods static so that
- we can check the JIT's capabilites before we begin compilation.
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::absDouble):
- (JSC::MacroAssemblerX86::supportsFloatingPoint):
- (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
- - Made supports* methods static so that we can check the JIT's
- capabilites before we begin compilation. Added absDouble.
- * assembler/MacroAssemblerX86Common.h:
- - Removed andnotDouble, added s_maskSignBit.
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::absDouble):
- (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
- - Made supports* methods static so that we can check the JIT's
- capabilites before we begin compilation. Added absDouble.
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::andpd_rr):
- (JSC::X86Assembler::andpd_mr):
- - Added support for andpd instruction.
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - Switched to use doubleAbs, we can now also reuse the operand register for the result.
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - Switched to use doubleAbs, we can now also reuse the operand register for the result.
- * jit/ThunkGenerators.cpp:
- - Switched to use doubleAbs.
- (JSC::absThunkGenerator):
- * runtime/JSGlobalData.cpp:
- - Declared MacroAssemblerX86Common::s_maskSignBit here.
- This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
- to the compile for just one constant.
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Move duplicates of SYMBOL_STRING* macros to the single location
- https://bugs.webkit.org/show_bug.cgi?id=71456
-
- Reviewed by Sam Weinig.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- * wtf/InlineASM.h: Added.
- - Moved asm related macros.
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Move code to handle 8bit regs from X86Assembler to MacroAssembler
- https://bugs.webkit.org/show_bug.cgi?id=71867
-
- Reviewed by Oliver Hunt.
-
- This code is fine, but is in the wrong place really. X86 assembler should
- basically just format up exactly the instruction you request - not expand
- out to a set of instructions (that is what the macro assembler layer is
- for!). For other 8-bit ops, on X86 we don't guard against clients accessing
- the XH registers.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::store8):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movb_rm):
- - moved some code.
-
-2011-11-08 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for GTK.
-
- * GNUmakefile.list.am:
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Build fix.
-
- * assembler/X86Assembler.h:
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Errrk, failed to commit this in last change.
-
- * assembler/X86Assembler.h:
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Remove an unused method.
-
- Rubber stamped by Geoff Garen.
-
- * assembler/AbstractMacroAssembler.h:
- * assembler/AssemblerBuffer.h:
- - removed rewindToLabel.
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
- https://bugs.webkit.org/show_bug.cgi?id=71864
-
- Reviewed by Filip Pizlo.
-
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::offsetOf):
- - We use this to return the offsets into the code of the entry points.
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction):
- - Move the construction of the speculative JIT outside of
- compileBody, such that it is still available to link the
- OSR entry points at the point we are linking.
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
- - Pass the label of the block & linkbuffer into noticeOSREntry.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::linkOSREntries):
- - Moved call to noticeOSREntry until we we linking.
- * dfg/DFGSpeculativeJIT.h:
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::emitOptimizationCheck):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
- - Moved calculation of entries until we we linking.
* jit/JIT.h:
- - Removed some members.
-
-2011-11-08 Filip Pizlo <fpizlo@apple.com>
-
- DFG OSR exit code should be generated by a separate compiler, not
- related to DFG::JITCompiler
- https://bugs.webkit.org/show_bug.cgi?id=71787
-
- Reviewed by Gavin Barraclough.
-
- Moves the exitSpeculativeWithOSR() method from JITCompiler to
- OSRExitCompiler::compileExit().
-
- * CMakeListsEfl.txt:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * Target.pri:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkOSRExits):
- * dfg/DFGJITCompiler32_64.cpp: Removed.
- * dfg/DFGOSRExitCompiler.h: Added.
- (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
- * dfg/DFGOSRExitCompiler32_64.cpp: Added.
- (JSC::DFG::OSRExitCompiler::compileExit):
- * dfg/DFGOSRExitCompiler64.cpp: Added.
- (JSC::DFG::OSRExitCompiler::compileExit):
- * runtime/JSValue.h:
-
-2011-11-08 Filip Pizlo <fpizlo@apple.com>
-
- Basic DFG definitions should be moved out of DFGNode.h
- https://bugs.webkit.org/show_bug.cgi?id=71861
-
- Rubber-stamped by Gavin Barraclough.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGCommon.h: Added.
- (JSC::DFG::NodeIndexTraits::defaultValue):
- * dfg/DFGNode.h:
- * dfg/DFGOSRExit.h:
- * dfg/DFGRegisterBank.h:
-
-2011-11-08 Michael Saboff <msaboff@apple.com>
-
- Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
- https://bugs.webkit.org/show_bug.cgi?id=71761
-
- Templatized Parser based on Lexer<T>. Moved two enums,
- SourceElementsMode and FunctionRequirements out of Parser definition
- to work around a clang compiler defect.
-
- Cleaned up SourceCode data() to return StringImpl* and eliminated
- the recently added stringData() virtual method.
-
- To keep code in Parser.cpp and keep Parser.h small, the two flavors
- of Parser are explicitly instantiated at the end of Parser.cpp.
-
- Reviewed by Gavin Barraclough.
-
- * interpreter/Interpreter.cpp:
- (JSC::appendSourceToError):
- * parser/Lexer.cpp:
- (JSC::::setCode):
- (JSC::::sourceCode):
- * parser/Parser.cpp:
- (JSC::::Parser):
- (JSC::::~Parser):
- (JSC::::parseInner):
- (JSC::::didFinishParsing):
- (JSC::::allowAutomaticSemicolon):
- (JSC::::parseSourceElements):
- (JSC::::parseVarDeclaration):
- (JSC::::parseConstDeclaration):
- (JSC::::parseDoWhileStatement):
- (JSC::::parseWhileStatement):
- (JSC::::parseVarDeclarationList):
- (JSC::::parseConstDeclarationList):
- (JSC::::parseForStatement):
- (JSC::::parseBreakStatement):
- (JSC::::parseContinueStatement):
- (JSC::::parseReturnStatement):
- (JSC::::parseThrowStatement):
- (JSC::::parseWithStatement):
- (JSC::::parseSwitchStatement):
- (JSC::::parseSwitchClauses):
- (JSC::::parseSwitchDefaultClause):
- (JSC::::parseTryStatement):
- (JSC::::parseDebuggerStatement):
- (JSC::::parseBlockStatement):
- (JSC::::parseStatement):
- (JSC::::parseFormalParameters):
- (JSC::::parseFunctionBody):
- (JSC::::parseFunctionInfo):
- (JSC::::parseFunctionDeclaration):
- (JSC::::parseExpressionOrLabelStatement):
- (JSC::::parseExpressionStatement):
- (JSC::::parseIfStatement):
- (JSC::::parseExpression):
- (JSC::::parseAssignmentExpression):
- (JSC::::parseConditionalExpression):
- (JSC::::isBinaryOperator):
- (JSC::::parseBinaryExpression):
- (JSC::::parseProperty):
- (JSC::::parseObjectLiteral):
- (JSC::::parseStrictObjectLiteral):
- (JSC::::parseArrayLiteral):
- (JSC::::parsePrimaryExpression):
- (JSC::::parseArguments):
- (JSC::::parseMemberExpression):
- (JSC::::parseUnaryExpression):
- * parser/Parser.h:
- (JSC::::parse):
- (JSC::parse):
- * parser/SourceCode.h:
- (JSC::SourceCode::data):
- (JSC::SourceCode::subExpression):
- * parser/SourceProvider.h:
- (JSC::UStringSourceProvider::data):
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
- https://bugs.webkit.org/show_bug.cgi?id=71855
-
- Reviewed by Filip Pizlo.
-
- The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
- This won't work on ARMv7.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::locationOf):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
- (JSC::DFG::JITCompiler::addPropertyAccess):
-
-2011-11-08 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT calculation of OSR entry points is not THUMB2 safe
- https://bugs.webkit.org/show_bug.cgi?id=71852
-
- Reviewed by Oliver Hunt.
-
- Executable addresses are tagged with a low bit set to distinguish
- between THUMB2 and traditional ARM.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * jit/JITCode.h:
- (JSC::JITCode::executableAddressAtOffset):
- (JSC::JITCode::start):
- (JSC::JITCode::size):
-
-2011-11-08 Michael Saboff <msaboff@apple.com>
-
- JSC::Parser::Parser leaks Lexer member
- https://bugs.webkit.org/show_bug.cgi?id=71847
-
- Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
-
- Reviewed by Oliver Hunt.
-
- * parser/Parser.cpp:
- (JSC::Parser::Parser):
- (JSC::Parser::parseFunctionBody):
- * parser/Parser.h:
-
-2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Enable DFG JIT by default on X86 Linux and Mac platforms
- https://bugs.webkit.org/show_bug.cgi?id=71686
-
- Reviewed by Filip Pizlo.
-
- We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
-
- * wtf/Platform.h:
-
-2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
- https://bugs.webkit.org/show_bug.cgi?id=71768
-
- Reviewed by Geoffrey Garen.
-
- Also includes a fix to make the newly introduced AssemblyHelpers
- friend of JSValue as we need the Tag definitions.
-
- * CMakeListsEfl.txt:
- * GNUmakefile.list.am:
- * Target.pri:
- * runtime/JSValue.h:
-
-2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Fix gcc 4.4 compilation warnings in DFG 32_64
- https://bugs.webkit.org/show_bug.cgi?id=71762
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::registersMatched):
-
-2011-11-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG code base should allow for classes not related to DFG::JITCompiler
- to use DFG idioms
- https://bugs.webkit.org/show_bug.cgi?id=71746
-
- Reviewed by Gavin Barraclough.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGAssemblyHelpers.cpp: Added.
- (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
- (JSC::DFG::AssemblyHelpers::emitCount):
- (JSC::DFG::AssemblyHelpers::setSamplingFlag):
- (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
- (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
- (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
- (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
- (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
- (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
- * dfg/DFGAssemblyHelpers.h: Added.
- * dfg/DFGJITCompiler.cpp:
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::JITCompiler):
- (JSC::DFG::JITCompiler::graph):
- * dfg/DFGJITCompiler32_64.cpp:
- * dfg/DFGOSRExit.h: Added.
- (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
- (JSC::DFG::SpeculationRecovery::type):
- (JSC::DFG::SpeculationRecovery::dest):
- (JSC::DFG::SpeculationRecovery::src):
- (JSC::DFG::OSRExit::numberOfRecoveries):
- (JSC::DFG::OSRExit::valueRecovery):
- (JSC::DFG::OSRExit::isArgument):
- (JSC::DFG::OSRExit::isVariable):
- (JSC::DFG::OSRExit::argumentForIndex):
- (JSC::DFG::OSRExit::variableForIndex):
- (JSC::DFG::OSRExit::operandForArgument):
- (JSC::DFG::OSRExit::operandForIndex):
- * dfg/DFGSpeculativeJIT.h:
-
-2011-11-07 Filip Pizlo <fpizlo@apple.com>
-
- Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
- but it appears to help on other benchmarks.
-
- Rubber stamped by Oliver Hunt.
-
- * bytecode/ValueProfile.h:
-
-2011-11-07 Ariya Hidayat <ariya@sencha.com>
-
- "use strict" can not contain escape sequences or line continuation
- https://bugs.webkit.org/show_bug.cgi?id=71532
-
- Reviewed by Darin Adler.
-
- Store the actual literal length (before the escapes and line
- continuation are encoded) while parsing the directive and use it
- for the directive comparison.
-
- * parser/Parser.cpp:
- (JSC::Parser::parseSourceElements):
- (JSC::Parser::parseStatement):
- * parser/Parser.h:
-
-2011-11-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG operationCreateThis slow path may get the wrong callee in case of inlining
- https://bugs.webkit.org/show_bug.cgi?id=71647
-
- Reviewed by Oliver Hunt.
-
- No new tests because I only saw this manifest itself when I had other bugs
- leading to spurious slow path executions.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-07 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::putWithAttributes
- https://bugs.webkit.org/show_bug.cgi?id=71716
-
- Reviewed by Darin Adler.
-
- Added putWithAttributes to the MethodTable, changed all the virtual
- implementations of putWithAttributes to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * API/JSObjectRef.cpp:
- (JSObjectSetProperty):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::putWithAttributes):
- * debugger/DebuggerActivation.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- * runtime/ClassInfo.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::putWithAttributes):
- * runtime/JSActivation.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::putWithAttributes):
- * runtime/JSCell.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::putWithAttributes):
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::putWithAttributes):
- (JSC::putDescriptor):
- * runtime/JSObject.h:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::putWithAttributes):
- * runtime/JSStaticScopeObject.h:
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::putWithAttributes):
- * runtime/JSVariableObject.h:
-
-2011-11-07 Dmitry Lomov <dslomov@google.com>
-
- Unreviewed. Release build fix.
-
- * parser/Lexer.cpp:
- (JSC::assertCharIsIn8BitRange):
-
-2011-11-07 Filip Pizlo <fpizlo@apple.com>
-
- Switch the value profiler back to 8 buckets, because we suspect that while this
- is more expensive it's also more stable.
-
- Rubber stamped by Geoff Garen.
-
- * bytecode/ValueProfile.h:
-
-2011-11-07 Andrew Wason <rectalogic@rectalogic.com>
-
- Uninitialized Heap member var
- https://bugs.webkit.org/show_bug.cgi?id=71722
-
- Reviewed by Filip Pizlo.
-
- * heap/Heap.cpp:
- (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
-
-2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
- https://bugs.webkit.org/show_bug.cgi?id=71684
-
- Reviewed by Filip Pizlo.
-
- Currently in DFG JIT, we try to reuse the physical register of an
- operand for temporary usage if the current use of the operand is the
- last use. But sometimes this can be wrong, for example if there are
- possible speculation failures and we need to fallback to baseline JIT,
- the value of the operand which is supposed to be hold in the physical
- register can be modified by register reusing. The fixes the last
- inspector failures in layout test on Mac 32-bit if switching on DFG.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-07 Ryosuke Niwa <rniwa@webkit.org>
-
- REGRESSION(r99436): Broke Snow Leopard debug build
- https://bugs.webkit.org/show_bug.cgi?id=71713
-
- Reviewed by Darin Adler.
-
- Put the assertion in a template and use template specialization
- to avoid warning when instantiated with UChar or LChar.
-
- In the long term, we should have traits for unsigned integral types
- and use that to specialize template instead of specializing it for UChar and LChar.
-
- * parser/Lexer.cpp:
- (JSC::assertCharIsIn8BitRange):
- (JSC::::append8):
-
-2011-11-07 ChangSeok Oh <shivamidow@gmail.com>
-
- [EFL] Support requestAnimationFrame API
- https://bugs.webkit.org/show_bug.cgi?id=67112
-
- Reviewed by Andreas Kling.
-
- Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
-
- * wtf/Platform.h:
-
-2011-11-07 Michael Saboff <msaboff@apple.com>
-
- Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
- https://bugs.webkit.org/show_bug.cgi?id=71331
-
- Change the Lexer class to be a template class based on the character
- type of the source. In the process updated the parseIdentifier()
- and parseString() methods to create 8 bit strings where possible.
- Also added some helper methods for accumulating temporary string
- data in the 8 and 16 bit vectors.
-
- Changed the SourceProvider::data() virtual method to return a
- StringImpl* instead of a UChar*.
-
- Updated the KeywordLookup generator to create code to match keywords
- for both 8 and 16 bit source strings.
-
- Due to a compiler bug (<rdar://problem/10194295>) moved enum
- definition outside of Lexer class declaration. Remove second enum
- no longer needed.
-
- Reviewed by Darin Adler.
-
- * KeywordLookupGenerator.py:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- * parser/Lexer.cpp:
- (JSC::::Lexer):
- (JSC::::~Lexer):
- (JSC::::getInvalidCharMessage):
- (JSC::::currentCharacter):
- (JSC::::setCode):
- (JSC::::internalShift):
- (JSC::::shift):
- (JSC::::peek):
- (JSC::::getUnicodeCharacter):
- (JSC::::shiftLineTerminator):
- (JSC::::lastTokenWasRestrKeyword):
- (JSC::::record8):
- (JSC::::append8):
- (JSC::::append16):
- (JSC::::record16):
- (JSC::::parseIdentifier):
- (JSC::::parseIdentifierSlowCase):
- (JSC::::parseString):
- (JSC::::parseStringSlowCase):
- (JSC::::parseHex):
- (JSC::::parseOctal):
- (JSC::::parseDecimal):
- (JSC::::parseNumberAfterDecimalPoint):
- (JSC::::parseNumberAfterExponentIndicator):
- (JSC::::parseMultilineComment):
- (JSC::::nextTokenIsColon):
- (JSC::::lex):
- (JSC::::scanRegExp):
- (JSC::::skipRegExp):
- (JSC::::clear):
- (JSC::::sourceCode):
- * parser/Lexer.h:
- (JSC::Lexer::append16):
- (JSC::Lexer::currentOffset):
- (JSC::Lexer::setOffsetFromCharOffset):
- (JSC::::isWhiteSpace):
- (JSC::::isLineTerminator):
- (JSC::::convertHex):
- (JSC::::convertUnicode):
- (JSC::::makeIdentifier):
- (JSC::::setCodeStart):
- (JSC::::makeIdentifierLCharFromUChar):
- (JSC::::lexExpectIdentifier):
- * parser/Parser.cpp:
- (JSC::Parser::Parser):
- (JSC::Parser::parseProperty):
- (JSC::Parser::parseMemberExpression):
- * parser/Parser.h:
- (JSC::Parser::next):
- (JSC::Parser::nextExpectIdentifier):
- * parser/ParserArena.h:
- (JSC::IdentifierArena::makeIdentifier):
- (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
- * parser/SourceCode.h:
- (JSC::SourceCode::subExpression):
- * parser/SourceProvider.h:
- (JSC::UStringSourceProvider::stringData):
- * parser/SourceProviderCache.h:
- * parser/SyntaxChecker.h:
- * runtime/FunctionPrototype.cpp:
- (JSC::insertSemicolonIfNeeded):
- * runtime/Identifier.cpp:
- (JSC::IdentifierTable::add):
- (JSC::IdentifierLCharFromUCharTranslator::hash):
- (JSC::IdentifierLCharFromUCharTranslator::equal):
- (JSC::IdentifierLCharFromUCharTranslator::translate):
- (JSC::Identifier::add8):
- * runtime/Identifier.h:
- (JSC::Identifier::Identifier):
- (JSC::Identifier::createLCharFromUChar):
- (JSC::Identifier::canUseSingleCharacterString):
- (JSC::IdentifierCharBufferTranslator::hash):
- (JSC::IdentifierCharBufferTranslator::equal):
- (JSC::IdentifierCharBufferTranslator::translate):
- (JSC::Identifier::add):
- (JSC::Identifier::equal):
- (JSC::IdentifierTable::add):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::decode):
- (JSC::parseIntOverflow):
- (JSC::globalFuncUnescape):
- * runtime/JSGlobalObjectFunctions.h:
- (JSC::parseIntOverflow):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::tryJSONPParse):
- (JSC::LiteralParser::Lexer::lexString):
- * wtf/text/StringImpl.h:
-
-2011-11-07 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
-
- Allows us to not package up the whole Source/JavaScriptCore directory for the
- buildbots.
-
- Reviewed-by Simon Hausmann.
-
- * jsc.pro:
-
-2011-11-06 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
- to initializeMainThread, and crashes
- https://bugs.webkit.org/show_bug.cgi?id=71643
-
- Reviewed by Sam Weinig.
-
- * jsc.cpp:
- (main):
-
-2011-11-06 Sam Weinig <sam@webkit.org>
-
- Add space missing from some class declarations
- https://bugs.webkit.org/show_bug.cgi?id=71632
-
- Reviewed by Anders Carlsson.
-
- * assembler/AssemblerBufferWithConstantPool.h:
- * bytecode/CodeBlock.h:
- * dfg/DFGVariableAccessData.h:
- * heap/VTableSpectrum.h:
- * jit/ExecutableAllocator.cpp:
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- * wtf/MetaAllocatorHandle.h:
- * wtf/UnionFind.h:
-
-2011-11-06 Sam Weinig <sam@webkit.org>
-
- Allow use of FINAL in JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=71630
-
- Reviewed by Anders Carlsson.
-
- * Configurations/Base.xcconfig:
- Don't warn about C++11 extensions used in C++98 mode.
-
-2011-11-05 Filip Pizlo <fpizlo@apple.com>
-
- Value profiling should just use two buckets
- https://bugs.webkit.org/show_bug.cgi?id=71619
-
- Reviewed by Gavin Barraclough.
-
- Added one more configuration options (like Heuristics::minimumOptimizationDelay),
- improved debugging in JIT optimization support, changed the number of buckets
- in the value profile from 9 to 2, and wrote a more optimal value profiling path
- in the old JIT to take advantage of this. It's still possible to play around with
- larger numbers of buckets, and we should probably keep this for a little while
- until we convince ourselves that using just two buckets is the right call.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::shouldOptimizeNow):
- * bytecode/ValueProfile.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
-
-2011-11-03 Filip Pizlo <fpizlo@apple.com>
-
- JSC should be able to sample itself in a more flexible way than just sampling flags
- https://bugs.webkit.org/show_bug.cgi?id=71522
-
- Reviewed by Gavin Barraclough.
-
- Added a construct that looks like SamplingRegion samplingRegion("name").
-
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/SamplingTool.cpp:
- (JSC::SamplingRegion::Locker::Locker):
- (JSC::SamplingRegion::Locker::~Locker):
- (JSC::SamplingRegion::sample):
- (JSC::SamplingRegion::dump):
- (JSC::SamplingRegion::dumpInternal):
- (JSC::SamplingThread::threadStartFunc):
- * bytecode/SamplingTool.h:
- (JSC::SamplingRegion::SamplingRegion):
- (JSC::SamplingRegion::~SamplingRegion):
- (JSC::SamplingRegion::exchangeCurrent):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::generate):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- (JSC::Heap::collect):
- * heap/VTableSpectrum.cpp:
- (JSC::VTableSpectrum::countVPtr):
- (JSC::VTableSpectrum::dump):
- * heap/VTableSpectrum.h:
- * jsc.cpp:
- (main):
- (runWithScripts):
- * parser/Parser.h:
- (JSC::parse):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * wtf/Atomics.h:
- (WTF::weakCompareAndSwap):
- * wtf/Platform.h:
- * wtf/Spectrum.h: Added.
- (WTF::Spectrum::Spectrum):
- (WTF::Spectrum::add):
- (WTF::Spectrum::get):
- (WTF::Spectrum::begin):
- (WTF::Spectrum::end):
- (WTF::Spectrum::KeyAndCount::KeyAndCount):
- (WTF::Spectrum::KeyAndCount::operator<):
- (WTF::Spectrum::buildList):
- * wtf/wtf.pri:
-
-2011-11-05 Sam Weinig <sam@webkit.org>
-
- Fix windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-04 Sam Weinig <sam@webkit.org>
-
- Reduce the number of putWithAttributes
- https://bugs.webkit.org/show_bug.cgi?id=71597
-
- Reviewed by Adam Roben.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- Remove exports of removed functions.
-
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::putWithAttributes):
- Calling the overload without the extra parameters does the same thing.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::putWithAttributes):
- * runtime/JSObject.h:
- Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
- two overloads not virtual, since no one overrides it.
-
-2011-11-04 Pratik Solanki <psolanki@apple.com>
-
- sqrtDouble and andnotDouble should be declared noreturn
- https://bugs.webkit.org/show_bug.cgi?id=71592
-
- Reviewed by Sam Weinig.
-
- * assembler/MacroAssemblerARMv7.h:
-
-2011-11-04 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::hasInstance
- https://bugs.webkit.org/show_bug.cgi?id=71430
-
- Reviewed by Darin Adler.
-
- Added hasInstance to the MethodTable, changed all the virtual
- implementations of hasInstance to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::hasInstance):
- * API/JSValueRef.cpp:
- (JSValueIsInstanceOfConstructor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ClassInfo.h:
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::hasInstance):
- * runtime/JSBoundFunction.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::hasInstance):
- * runtime/JSCell.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::hasInstance):
- * runtime/JSObject.h:
-
-2011-11-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- [Qt] Refactor and clean up the qmake build system
-
- The qmake build system has accumulated a bit of cruft and redundancy
- over time. There's also a fairly tight coupling between how to build
- the various targets, and _what_ to build, making it harder to add new
- rules or sources. This patch aims to elevate these issues somewhat.
-
- This is a short-list of the changes:
-
- * The rules for how to build targets are now mostly contained as
- prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
- allows us to do pre- and post-processing of each project file,
- which helps to clean up the actual project files.
-
- * Derived sources are no longer generated as a separate make-step
- but is part of each target's project file as a subdir. Makefile
- rules are used to ensure that we run make on the derived sources
- before running qmake on the actual target makefile. This makes
- it easier to keep a proper dependency between derived sources
- and the target.
-
- * We use GNU make and the compiler to generate dependencies on
- UNIX-based systems running Qt 5. This allows us to lessen the
- need to run qmake, which should reduce compile time.
-
- * WebKit2 is now build by default if building with Qt 5. It can
- be disabled by passing --no-webkit2 to build-webkit.
-
- The result of these changes are hopefully a cleaner and easier
- build system to modify, and faster build times due to no longer
- running qmake on every single build. It's also a first step
- towards possibly generating the list of sources using another
- build system.
-
- https://bugs.webkit.org/show_bug.cgi?id=71222
-
- Reviewed by Simon Hausmann.
-
- * DerivedSources.pri: Added.
- * DerivedSources.pro: Removed.
- * JavaScriptCore.pro:
- * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
- * headers.pri: Removed.
- * jsc.pro:
- * wtf/wtf.pri:
- * yarr/yarr.pri:
-
-2011-11-04 Yuqiang Xian <yuqiang.xian@intel.com>
-
- More code clean-up in DFG 32_64
- https://bugs.webkit.org/show_bug.cgi?id=71540
-
- Remove unnecessary code duplications, and fix compilation warnings.
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::emitCount):
- (JSC::DFG::JITCompiler::setSamplingFlag):
- (JSC::DFG::JITCompiler::clearSamplingFlag):
- (JSC::DFG::JITCompiler::jitAssertIsCell):
- * dfg/DFGJITCompiler32_64.cpp:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-04 Csaba Osztrogonác <ossy@webkit.org>
-
- De-virtualize JSObject::hasInstance
- https://bugs.webkit.org/show_bug.cgi?id=71430
-
- Unreviewed rolling out r99238, because it made a test crash on all platform.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::hasInstance):
- * API/JSValueRef.cpp:
- (JSValueIsInstanceOfConstructor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ClassInfo.h:
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::hasInstance):
- * runtime/JSBoundFunction.h:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::hasInstance):
- * runtime/JSObject.h:
-
-2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::getPropertyNames
- https://bugs.webkit.org/show_bug.cgi?id=71306
-
- Reviewed by Darin Adler.
-
- Added getPropertyNames to the MethodTable, changed all the virtual
- implementations of getPropertyNames to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * API/JSObjectRef.cpp:
- (JSObjectCopyPropertyNames):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::getOwnPropertyNames):
- * runtime/ClassInfo.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getPropertyNames):
- * runtime/JSCell.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::getPropertyNames):
- (JSC::JSObject::getOwnPropertyNames):
- * runtime/JSObject.h:
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::create):
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::print):
- * runtime/Structure.cpp:
- (JSC::Structure::getPropertyNamesFromStructure):
- * runtime/Structure.h:
-
-2011-11-03 Darin Adler <darin@apple.com>
-
- Change remaining callers of releaseRef to call leakRef
- https://bugs.webkit.org/show_bug.cgi?id=71422
-
- * wtf/text/AtomicString.cpp:
- (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
-
-2011-11-02 Darin Adler <darin@apple.com>
-
- Change remaining callers of releaseRef to call leakRef
- https://bugs.webkit.org/show_bug.cgi?id=71422
-
- * wtf/text/AtomicString.cpp:
- (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
-
-2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::hasInstance
- https://bugs.webkit.org/show_bug.cgi?id=71430
-
- Reviewed by Darin Adler.
-
- Added hasInstance to the MethodTable, changed all the virtual
- implementations of hasInstance to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::hasInstance):
- * API/JSValueRef.cpp:
- (JSValueIsInstanceOfConstructor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ClassInfo.h:
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::hasInstance):
- * runtime/JSBoundFunction.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::hasInstance):
- * runtime/JSCell.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::hasInstance):
- * runtime/JSObject.h:
-
-2011-11-03 Filip Pizlo <fpizlo@apple.com>
-
- JIT-specific code should be able to refer to register types even on JIT-disabled builds
- https://bugs.webkit.org/show_bug.cgi?id=71498
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssembler.h:
- (MacroAssembler::MacroAssembler):
-
-2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::className
- https://bugs.webkit.org/show_bug.cgi?id=71428
-
- Reviewed by Sam Weinig.
-
- Added className to the MethodTable, changed all the virtual
- implementations of className to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::className):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::className):
- * debugger/DebuggerActivation.h:
- * jsc.cpp:
- (GlobalObject::createStructure):
- * profiler/Profiler.cpp:
- (JSC::Profiler::createCallIdentifier):
- * runtime/ClassInfo.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::className):
- * runtime/JSCell.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::className):
- * runtime/JSObject.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncToString):
- * testRegExp.cpp:
- (GlobalObject::createStructure):
-
-2011-11-02 Jer Noble <jer.noble@apple.com>
-
- Add Clock class and platform-specific implementations.
- https://bugs.webkit.org/show_bug.cgi?id=71341
-
- Reviewed by Sam Weinig.
-
- Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
-
- * wtf/Platform.h:
-
-2011-11-03 Pavel Feldman <pfeldman@chromium.org>
-
- Not reviewed: fixing win build. step2.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-03 Pavel Feldman <pfeldman@chromium.org>
-
- Not reviewed: fix windows build, step1
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-03 Pavel Feldman <pfeldman@google.com>
-
- Web Inspector: preserve script location for inline handlers.
- https://bugs.webkit.org/show_bug.cgi?id=71367
-
- Makes SourceCode factories receive TextPosition instead of the line number;
- Stores consistent position values in SourceCode and SourceProvider;
-
- Reviewed by Yury Semikhatsky.
-
- * API/JSBase.cpp:
- (JSEvaluateScript):
- (JSCheckScriptSyntax):
- * API/JSObjectRef.cpp:
- (JSObjectMakeFunction):
- * parser/SourceCode.h:
- (JSC::makeSource):
- * parser/SourceProvider.h:
- (JSC::SourceProvider::SourceProvider):
- (JSC::SourceProvider::startPosition):
- (JSC::UStringSourceProvider::create):
- (JSC::UStringSourceProvider::UStringSourceProvider):
- * runtime/FunctionConstructor.cpp:
- (JSC::constructFunction):
- (JSC::constructFunctionSkippingEvalEnabledCheck):
- * runtime/FunctionConstructor.h:
-
-2011-11-03 Kentaro Hara <haraken@chromium.org>
-
- Fixed wrong implementation of doubleValue % 2^{64}.
- https://bugs.webkit.org/show_bug.cgi?id=67980
-
- Reviewed by Hajime Morita.
-
- fast/events/constructors/progress-event-constructor.html was failing
- because of the wrong implementation of conversion from an ECMAScript value
- to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
- In particular, the calculation of doubleValue % 2^{64} was wrong.
- This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
-
- * wtf/MathExtras.h:
- (doubleToInteger): Implemented the spec correctly.
-
-2011-11-03 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r99089.
- http://trac.webkit.org/changeset/99089
- https://bugs.webkit.org/show_bug.cgi?id=71448
-
- @plt postfix for math functions cause crash on Linux 32 (the
- symbol is defined but it points to NULL) (Requested by
- zherczeg on #webkit).
-
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- * jit/ThunkGenerators.cpp:
-
-2011-11-02 Filip Pizlo <fpizlo@apple.com>
-
- DFG inlining breaks function.arguments[something] if the argument being
- retrieved was subjected to DFG's unboxing optimizations
- https://bugs.webkit.org/show_bug.cgi?id=71436
-
- Reviewed by Oliver Hunt.
-
- This makes inlined arguments retrieval use some of the same machinery as
- OSR to determine where from, and how, to retrieve a value that the DFG
- might have somehow squirreled away while the old JIT would put it in its
- obvious location, using an obvious format.
-
- To that end, previously DFG-internal notions such as DataFormat,
- VirtualRegister, and ValueRecovery are now in bytecode/ since they are
- stored as part of InlineCallFrames.
-
- * bytecode/CodeOrigin.h:
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::trueCallerFrame):
- * interpreter/CallFrame.h:
- (JSC::ExecState::inlineCallFrame):
- * interpreter/Register.h:
- (JSC::Register::asInlineCallFrame):
- (JSC::Register::unboxedInt32):
- (JSC::Register::unboxedBoolean):
- (JSC::Register::unboxedCell):
- * runtime/Arguments.h:
- (JSC::Arguments::finishCreationAndCopyRegisters):
-
-2011-11-02 Filip Pizlo <fpizlo@apple.com>
-
- ValueRecovery should be moved out of the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=71439
-
- Reviewed by Oliver Hunt.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/DataFormat.h: Added.
- (JSC::dataFormatToString):
- (JSC::needDataFormatConversion):
- (JSC::isJSFormat):
- (JSC::isJSInteger):
- (JSC::isJSDouble):
- (JSC::isJSCell):
- (JSC::isJSBoolean):
- * bytecode/ValueRecovery.h: Added.
- (JSC::ValueRecovery::ValueRecovery):
- (JSC::ValueRecovery::alreadyInRegisterFile):
- (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
- (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
- (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
- (JSC::ValueRecovery::inGPR):
- (JSC::ValueRecovery::inPair):
- (JSC::ValueRecovery::inFPR):
- (JSC::ValueRecovery::displacedInRegisterFile):
- (JSC::ValueRecovery::constant):
- (JSC::ValueRecovery::technique):
- (JSC::ValueRecovery::isInRegisters):
- (JSC::ValueRecovery::gpr):
- (JSC::ValueRecovery::tagGPR):
- (JSC::ValueRecovery::payloadGPR):
- (JSC::ValueRecovery::fpr):
- (JSC::ValueRecovery::virtualRegister):
- (JSC::ValueRecovery::dump):
- * bytecode/VirtualRegister.h: Added.
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::isJSFormat):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGVariableAccessData.h:
-
-2011-11-02 Sam Weinig <sam@webkit.org>
-
- Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
- https://bugs.webkit.org/show_bug.cgi?id=71333
-
- Reviewed by Gavin Barraclough.
-
- Tested by fast/dom/getter-on-window-object2.html
-
- * runtime/PropertyDescriptor.cpp:
- (JSC::PropertyDescriptor::setDescriptor):
- The attributes returned from Structure::get do not include Getter or Setter, so
- instead check if the value is a GetterSetter like we do elsewhere. If it is, update
- the descriptor's attributes accordingly.
-
-2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
-
- FunctionPtr should accept FASTCALL functions on X86
- https://bugs.webkit.org/show_bug.cgi?id=71434
-
- Reviewed by Filip Pizlo.
-
- On X86 we sometimes use FASTCALL convention functions, for example the
- cti functions, and we may need the pointers to such functions, e.g.,
- in current DFG register file check and arity check, though long term
- we may avoid such usage of cti calls in DFG.
-
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::FunctionPtr::FunctionPtr):
-
-2011-11-02 Filip Pizlo <fpizlo@apple.com>
-
- Inlined uses of the global object should use the right global object
- https://bugs.webkit.org/show_bug.cgi?id=71427
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::globalObjectFor):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Remove some unnecessary loads/stores in DFG JIT 32_64
- https://bugs.webkit.org/show_bug.cgi?id=71090
-
- Reviewed by Filip Pizlo.
-
- In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
- be eliminated.
-
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-
-2011-11-02 Adam Klein <adamk@chromium.org>
-
- Replace usage of StringImpl with String where possible in CharacterData and Text
- https://bugs.webkit.org/show_bug.cgi?id=71383
-
- Reviewed by Darin Adler.
-
- * wtf/text/WTFString.h:
- (WTF::String::containsOnlyWhitespace): Added new method.
-
-2011-11-02 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::getOwnPropertyNames
- https://bugs.webkit.org/show_bug.cgi?id=71307
-
- Reviewed by Darin Adler.
-
- Added getOwnPropertyNames to the MethodTable, changed all the virtual
- implementations of getOwnPropertyNames to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getOwnPropertyNames):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::getOwnPropertyNames):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertyNames):
- * runtime/Arguments.h:
- * runtime/ClassInfo.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::getOwnPropertyNames):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertyNames):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::getOwnPropertyNames):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getOwnPropertyNames):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertyNames):
- * runtime/JSFunction.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::getOwnPropertyNames):
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Holder::appendNextProperty):
- (JSC::Walker::walk):
- * runtime/JSObject.cpp:
- (JSC::JSObject::getPropertyNames):
- (JSC::JSObject::getOwnPropertyNames):
- * runtime/JSObject.h:
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::~JSVariableObject):
- (JSC::JSVariableObject::getOwnPropertyNames):
- * runtime/JSVariableObject.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorGetOwnPropertyNames):
- (JSC::objectConstructorKeys):
- (JSC::defineProperties):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::getOwnPropertyNames):
- * runtime/StringObject.cpp:
- (JSC::StringObject::getOwnPropertyNames):
- * runtime/StringObject.h:
- * runtime/Structure.h:
-
-2011-11-02 Dean Jackson <dino@apple.com>
-
- Add ENABLE_CSS_SHADERS flag
- https://bugs.webkit.org/show_bug.cgi?id=71394
-
- Reviewed by Sam Weinig.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-11-02 Alexey Shabalin <a.shabalin@gmail.com>
-
- TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
- https://bugs.webkit.org/show_bug.cgi?id=70610
-
- Reviewed by Martin Robinson.
-
- Properly annotate ASM on BSD and Linux x86 systems.
-
- * dfg/DFGOperations.cpp: Add annotation for X86.
- * jit/JITStubs.cpp: Ditto.
- * jit/ThunkGenerators.cpp: Ditto.
-
-2011-11-02 Xianzhu Wang <wangxianzhu@chromium.org>
-
- Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
- https://bugs.webkit.org/show_bug.cgi?id=71347
-
- Reviewed by Geoffrey Garen.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::reallocate):
-
-2011-11-01 Darin Adler <darin@apple.com>
-
- Cut down on malloc/free a bit in the parser arena
- https://bugs.webkit.org/show_bug.cgi?id=71343
-
- Reviewed by Oliver Hunt.
-
- * parser/ParserArena.cpp:
- (JSC::ParserArena::deallocateObjects): Call the destructors of
- the deletable objects before freeing the pools. Don't call
- fastFree on the deletable objects any more.
-
- * parser/ParserArena.h:
- (JSC::ParserArena::allocateDeletable): Use allocateFreeable
- instead of fastMalloc here.
-
-2011-11-01 Sam Weinig <sam@webkit.org>
-
- Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
- https://bugs.webkit.org/show_bug.cgi?id=71336
-
- Reviewed by Darin Adler.
-
- * debugger/DebuggerActivation.cpp:
- * debugger/DebuggerActivation.h:
- Remove overrides of lookupGetter/lookupSetter, which are no longer needed
- due to implementing getPropertyDescriptor.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::lookupGetter):
- (JSC::JSObject::lookupSetter):
- * runtime/JSObject.h:
- De-virtualize lookupGetter/lookupSetter, and implement them in terms of
- getPropertyDescriptor.
-
-2011-11-01 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::defineSetter
- https://bugs.webkit.org/show_bug.cgi?id=71303
-
- Reviewed by Darin Adler.
-
- Added defineSetter to the MethodTable, changed all the virtual
- implementations of defineSetter to static ones, and replaced
- all call sites with corresponding lookups in the MethodTable.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::defineSetter):
- * debugger/DebuggerActivation.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ClassInfo.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::defineSetter):
- * runtime/JSCell.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::defineSetter):
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineSetter):
- (JSC::putDescriptor):
- * runtime/JSObject.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncDefineSetter):
-
-2011-11-01 Filip Pizlo <fpizlo@apple.com>
-
- DFG inlining breaks function.arguments
- https://bugs.webkit.org/show_bug.cgi?id=71329
-
- Reviewed by Oliver Hunt.
-
- The DFG was forgetting to store code origin mappings for inlined
- call sites. Some of the fast-path optimizations for
- CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
- was wrong.
-
- I also took the opportunity to decrease code duplication between
- DFG64 and DFG32_64, because I didn't feel like writing the same
- code twice.
-
- * bytecode/CodeBlock.h:
- (JSC::ExecState::isInlineCallFrame):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler32_64.cpp:
- * dfg/DFGNode.h:
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::trueCallerFrame):
- * interpreter/CallFrame.h:
- * runtime/Arguments.h:
- (JSC::Arguments::getArgumentsData):
-
-2011-11-01 Xianzhu Wang <wangxianzhu@chromium.org>
-
- StringImpl::reallocate() should have a 8-bit version
- https://bugs.webkit.org/show_bug.cgi?id=71210
-
- Reviewed by Geoffrey Garen.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::reallocate):
- * wtf/text/StringImpl.h:
-
-2011-10-31 Filip Pizlo <fpizlo@apple.com>
-
- The GC should be parallel
- https://bugs.webkit.org/show_bug.cgi?id=70995
-
- Reviewed by Geoff Garen.
-
- Added parallel tracing to the GC. This works by having local mark
- stacks per thread, and a global shared one. Threads sometimes
- donate cells from the mark stack to the global one if the heuristics
- tell them that it's affordable to do so. Threads that have depleted
- their local mark stacks try to steal some from the shared one.
-
- Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
-
- This is a 23% speed-up on V8-splay when I use 4 marking threads,
- leading to a 3.5% speed-up on V8.
-
- It also appears that this reduces GC pause times on real websites by
- more than half.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::~Heap):
- (JSC::Heap::markRoots):
- * heap/Heap.h:
- * heap/MarkStack.cpp:
- (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
- (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
- (JSC::MarkStackSegmentAllocator::allocate):
- (JSC::MarkStackSegmentAllocator::release):
- (JSC::MarkStackSegmentAllocator::shrinkReserve):
- (JSC::MarkStackArray::MarkStackArray):
- (JSC::MarkStackArray::~MarkStackArray):
- (JSC::MarkStackArray::expand):
- (JSC::MarkStackArray::refill):
- (JSC::MarkStackArray::donateSomeCellsTo):
- (JSC::MarkStackArray::stealSomeCellsFrom):
- (JSC::MarkStackThreadSharedData::markingThreadMain):
- (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
- (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
- (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
- (JSC::MarkStackThreadSharedData::reset):
- (JSC::MarkStack::reset):
- (JSC::SlotVisitor::donateSlow):
- (JSC::SlotVisitor::drain):
- (JSC::SlotVisitor::drainFromShared):
- (JSC::MarkStack::mergeOpaqueRoots):
- (JSC::SlotVisitor::harvestWeakReferences):
- * heap/MarkStack.h:
- (JSC::MarkStackSegment::data):
- (JSC::MarkStackSegment::capacityFromSize):
- (JSC::MarkStackSegment::sizeFromCapacity):
- (JSC::MarkStackArray::postIncTop):
- (JSC::MarkStackArray::preDecTop):
- (JSC::MarkStackArray::setTopForFullSegment):
- (JSC::MarkStackArray::setTopForEmptySegment):
- (JSC::MarkStackArray::top):
- (JSC::MarkStackArray::validatePrevious):
- (JSC::MarkStack::addWeakReferenceHarvester):
- (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
- (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
- (JSC::MarkStack::MarkStack):
- (JSC::MarkStack::addOpaqueRoot):
- (JSC::MarkStack::containsOpaqueRoot):
- (JSC::MarkStack::opaqueRootCount):
- (JSC::MarkStackArray::append):
- (JSC::MarkStackArray::canRemoveLast):
- (JSC::MarkStackArray::removeLast):
- (JSC::MarkStackArray::isEmpty):
- (JSC::MarkStackArray::canDonateSomeCells):
- (JSC::MarkStackArray::size):
- (JSC::ParallelModeEnabler::ParallelModeEnabler):
- (JSC::ParallelModeEnabler::~ParallelModeEnabler):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::testAndSetMarked):
- * heap/SlotVisitor.h:
- (JSC::SlotVisitor::donate):
- (JSC::SlotVisitor::donateAndDrain):
- (JSC::SlotVisitor::donateKnownParallel):
- (JSC::SlotVisitor::SlotVisitor):
- * heap/WeakReferenceHarvester.h:
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
- * wtf/Atomics.h:
- (WTF::weakCompareAndSwap):
- * wtf/Bitmap.h:
- (WTF::::Bitmap):
- (WTF::::get):
- (WTF::::set):
- (WTF::::testAndSet):
- (WTF::::testAndClear):
- (WTF::::concurrentTestAndSet):
- (WTF::::concurrentTestAndClear):
- (WTF::::clear):
- (WTF::::clearAll):
- (WTF::::nextPossiblyUnset):
- (WTF::::findRunOfZeros):
- (WTF::::count):
- (WTF::::isEmpty):
- (WTF::::isFull):
- * wtf/MainThread.h:
- (WTF::isMainThreadOrGCThread):
- * wtf/Platform.h:
- * wtf/ThreadSpecific.h:
- (WTF::::isSet):
- * wtf/mac/MainThreadMac.mm:
- (WTF::initializeGCThreads):
- (WTF::initializeMainThreadPlatform):
- (WTF::initializeMainThreadToProcessMainThreadPlatform):
- (WTF::registerGCThread):
- (WTF::isMainThreadOrGCThread):
-
-2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::defaultValue
- https://bugs.webkit.org/show_bug.cgi?id=71146
-
- Reviewed by Sam Weinig.
-
- Added defaultValue to the MethodTable. Replaced all virtual versions of
- defaultValue with static versions. Replaced all call sites with lookups in the
- MethodTable.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/ClassInfo.h:
- * runtime/ExceptionHelpers.cpp:
- (JSC::InterruptedExecutionError::defaultValue):
- (JSC::TerminatedExecutionError::defaultValue):
- * runtime/ExceptionHelpers.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::defaultValue):
- * runtime/JSCell.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::defaultValue):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::getPrimitiveNumber):
- (JSC::JSObject::defaultValue):
- * runtime/JSObject.h:
- (JSC::JSObject::toPrimitive):
-
-2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Interpreter build fix
-
- Unreviewed build fix
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-10-31 Filip Pizlo <fpizlo@apple.com>
-
- DFG OSR exits should add to value profiles
- https://bugs.webkit.org/show_bug.cgi?id=71202
-
- Reviewed by Oliver Hunt.
-
- Value profiles now have an extra special slot not used by the old JIT's
- profiling, which is reserved for OSR exits.
-
- The DFG's OSR exit code now knows which register, node index, and value
- profiling site was responsible for the (possibly flawed) information that
- led to the OSR failure. This is somewhat opportunistic and imperfect;
- if there's a lot of control flow between the value profiling site and the
- OSR failure point, then this mechanism simply gives up. It also gives up
- if the OSR failure is caused by either known deficiencies in the DFG
- (like that we always assume that the index in a strict charCodeAt access
- is within bounds) or where the OSR failure would be catalogues and
- profiled through other means (like slow case counters).
-
- This patch also adds the notion of a JSValueRegs, which is either a
- single register in JSVALUE64 or a pair in JSVALUE32_64. We should
- probably move the 32_64 DFG towards using this, since it often makes it
- easier to share code between 64 and 32_64.
-
- Also fixed a number of pathologies that this uncovered. op_method_check
- didn't have a value profiling site on the slow path. GetById should not
- always force OSR exit if it never executed in the old JIT; we may be
- able to infer its type if it's a array or string length get. Finally,
- these changes benefit from a slight tweak to optimization delay
- heuristics (profile fullness is now 0.35 instead of 0.25).
-
- 3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
- and imaging-darkroom.
-
- * bytecode/ValueProfile.cpp:
- (JSC::ValueProfile::computeStatistics):
- (JSC::ValueProfile::computeUpdatedPrediction):
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::ValueProfile):
- (JSC::ValueProfile::specFailBucket):
- (JSC::ValueProfile::numberOfSamples):
- (JSC::ValueProfile::isLive):
- (JSC::ValueProfile::numberOfInt32s):
- (JSC::ValueProfile::numberOfDoubles):
- (JSC::ValueProfile::numberOfCells):
- (JSC::ValueProfile::numberOfObjects):
- (JSC::ValueProfile::numberOfFinalObjects):
- (JSC::ValueProfile::numberOfStrings):
- (JSC::ValueProfile::numberOfArrays):
- (JSC::ValueProfile::numberOfBooleans):
- (JSC::ValueProfile::dump):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
- (JSC::DFG::ByteCodeParser::getPrediction):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGPRInfo.h:
- (JSC::DFG::JSValueRegs::JSValueRegs):
- (JSC::DFG::JSValueRegs::operator!):
- (JSC::DFG::JSValueRegs::gpr):
- (JSC::DFG::JSValueSource::JSValueSource):
- (JSC::DFG::JSValueSource::unboxedCell):
- (JSC::DFG::JSValueSource::operator!):
- (JSC::DFG::JSValueSource::isAddress):
- (JSC::DFG::JSValueSource::offset):
- (JSC::DFG::JSValueSource::base):
- (JSC::DFG::JSValueSource::gpr):
- (JSC::DFG::JSValueSource::asAddress):
- (JSC::DFG::JSValueSource::notAddress):
- (JSC::DFG::JSValueRegs::tagGPR):
- (JSC::DFG::JSValueRegs::payloadGPR):
- (JSC::DFG::JSValueSource::tagGPR):
- (JSC::DFG::JSValueSource::payloadGPR):
- (JSC::DFG::JSValueSource::hasKnownTag):
- (JSC::DFG::JSValueSource::tag):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::jsValueRegs):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::valueProfileFor):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::JSValueOperand::jsValueRegs):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::valueProfileFor):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::compileBinaryArithOp):
* jit/JITPropertyAccess.cpp:
- (JSC::JIT::emitSlow_op_method_check):
+ (JSC::JIT::privateCompilePutByIdTransition):
* jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emitSlow_op_method_check):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/JSValue.h:
-
-2011-10-31 Sam Weinig <sam@webkit.org>
-
- Remove need for virtual JSObject::unwrappedObject
- https://bugs.webkit.org/show_bug.cgi?id=71034
-
- Reviewed by Geoffrey Garen.
-
- * JavaScriptCore.exp:
- Update exports.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- Add JSGlobalThis.cpp.
-
- * runtime/JSGlobalThis.cpp: Added.
- (JSC::JSGlobalThis::visitChildren):
- (JSC::JSGlobalThis::unwrappedObject):
- * runtime/JSGlobalThis.h:
- (JSC::JSGlobalThis::createStructure):
- Move underlying object from JSDOMWindowShell down to JSGlobalThis
- and corresponding visitChildren method.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::unwrappedObject):
- Change unwrappedObject from virtual, to just needing an if check.
-
- * runtime/JSObject.h:
- (JSC::JSObject::isGlobalThis):
- * runtime/JSType.h:
- Add isGlobalThis predicate and type.
-
-2011-10-31 Xianzhu Wang <wangxianzhu@chromium.org>
-
- WTF::StringImpl::create(const char*, unsigned) calls itself
- https://bugs.webkit.org/show_bug.cgi?id=71206
-
- The original implementation just calls itself, causing infinite recursion.
- Cast the first parameter to const LChar* to fix that.
-
- Reviewed by Ryosuke Niwa.
-
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::create):
-
-2011-10-31 Andy Wingo <wingo@igalia.com>
-
- Fix DFG JIT compilation on Linux targets.
- https://bugs.webkit.org/show_bug.cgi?id=70904
-
- Reviewed by Darin Adler.
-
- * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
- macro.
-
- * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
- simplified definition from jit/JITStubs.cpp.
- (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
- Use the macro to access trampoline targets through the PLT on PIC
- systems, instead of introducing a text relocation. Otherwise, the
- library fails to link.
-
-2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSObject::defineGetter
- https://bugs.webkit.org/show_bug.cgi?id=71134
-
- Reviewed by Darin Adler.
-
- Added defineGetter to the MethodTable. Replaced all virtual versions of defineGetter
- with static versions. Replaced all call sites with lookups in the MethodTable.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::defineGetter):
- * debugger/DebuggerActivation.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ClassInfo.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::defineGetter):
- * runtime/JSCell.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::defineGetter):
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineGetter):
- (JSC::putDescriptor):
- * runtime/JSObject.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncDefineGetter):
-
-2011-10-31 Michael Saboff <msaboff@apple.com>
-
- Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
- https://bugs.webkit.org/show_bug.cgi?id=71138
-
- Restructure and movement of Lexer and Parser code.
- Moved Lexer and Parser objects out of JSGlobalData.
- Added a new ParserTokens class and instance to JSGlobalData that
- have JavaScript token related definitions.
- Replaced JSGlobalData arguments to Node classes with lineNumber,
- as that was the only use of the JSGlobalData.
- Combined JSParser and Parser classes into one class,
- eliminating JSParser.h and .cpp.
- Various supporting #include changes.
-
- These mostly mechanical changes are done in preparation to
- making the Lexer and Parser template classes.
-
- Reviewed by Darin Adler.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ArrayNode::toArgumentList):
- (JSC::ApplyFunctionCallDotNode::emitBytecode):
- * parser/ASTBuilder.h:
- (JSC::ASTBuilder::ASTBuilder):
- (JSC::ASTBuilder::createSourceElements):
- (JSC::ASTBuilder::createCommaExpr):
- (JSC::ASTBuilder::createLogicalNot):
- (JSC::ASTBuilder::createUnaryPlus):
- (JSC::ASTBuilder::createVoid):
- (JSC::ASTBuilder::thisExpr):
- (JSC::ASTBuilder::createResolve):
- (JSC::ASTBuilder::createObjectLiteral):
- (JSC::ASTBuilder::createArray):
- (JSC::ASTBuilder::createNumberExpr):
- (JSC::ASTBuilder::createString):
- (JSC::ASTBuilder::createBoolean):
- (JSC::ASTBuilder::createNull):
- (JSC::ASTBuilder::createBracketAccess):
- (JSC::ASTBuilder::createDotAccess):
- (JSC::ASTBuilder::createRegExp):
- (JSC::ASTBuilder::createNewExpr):
- (JSC::ASTBuilder::createConditionalExpr):
- (JSC::ASTBuilder::createAssignResolve):
- (JSC::ASTBuilder::createFunctionExpr):
- (JSC::ASTBuilder::createFunctionBody):
- (JSC::ASTBuilder::createGetterOrSetterProperty):
- (JSC::ASTBuilder::createArguments):
- (JSC::ASTBuilder::createArgumentsList):
- (JSC::ASTBuilder::createPropertyList):
- (JSC::ASTBuilder::createElementList):
- (JSC::ASTBuilder::createFormalParameterList):
- (JSC::ASTBuilder::createClause):
- (JSC::ASTBuilder::createClauseList):
- (JSC::ASTBuilder::createFuncDeclStatement):
- (JSC::ASTBuilder::createBlockStatement):
- (JSC::ASTBuilder::createExprStatement):
- (JSC::ASTBuilder::createIfStatement):
- (JSC::ASTBuilder::createForLoop):
- (JSC::ASTBuilder::createForInLoop):
- (JSC::ASTBuilder::createEmptyStatement):
- (JSC::ASTBuilder::createVarStatement):
- (JSC::ASTBuilder::createReturnStatement):
- (JSC::ASTBuilder::createBreakStatement):
- (JSC::ASTBuilder::createContinueStatement):
- (JSC::ASTBuilder::createTryStatement):
- (JSC::ASTBuilder::createSwitchStatement):
- (JSC::ASTBuilder::createWhileStatement):
- (JSC::ASTBuilder::createDoWhileStatement):
- (JSC::ASTBuilder::createLabelStatement):
- (JSC::ASTBuilder::createWithStatement):
- (JSC::ASTBuilder::createThrowStatement):
- (JSC::ASTBuilder::createDebugger):
- (JSC::ASTBuilder::createConstStatement):
- (JSC::ASTBuilder::appendConstDecl):
- (JSC::ASTBuilder::combineCommaNodes):
- (JSC::ASTBuilder::appendBinaryOperation):
- (JSC::ASTBuilder::createAssignment):
- (JSC::ASTBuilder::createNumber):
- (JSC::ASTBuilder::makeTypeOfNode):
- (JSC::ASTBuilder::makeDeleteNode):
- (JSC::ASTBuilder::makeNegateNode):
- (JSC::ASTBuilder::makeBitwiseNotNode):
- (JSC::ASTBuilder::makeMultNode):
- (JSC::ASTBuilder::makeDivNode):
- (JSC::ASTBuilder::makeModNode):
- (JSC::ASTBuilder::makeAddNode):
- (JSC::ASTBuilder::makeSubNode):
- (JSC::ASTBuilder::makeLeftShiftNode):
- (JSC::ASTBuilder::makeRightShiftNode):
- (JSC::ASTBuilder::makeURightShiftNode):
- (JSC::ASTBuilder::makeBitOrNode):
- (JSC::ASTBuilder::makeBitAndNode):
- (JSC::ASTBuilder::makeBitXOrNode):
- (JSC::ASTBuilder::makeFunctionCallNode):
- (JSC::ASTBuilder::makeBinaryNode):
- (JSC::ASTBuilder::makeAssignNode):
- (JSC::ASTBuilder::makePrefixNode):
- (JSC::ASTBuilder::makePostfixNode):
- * parser/JSParser.cpp: Removed.
- * parser/JSParser.h: Removed.
- * parser/Lexer.cpp:
- (JSC::Keywords::Keywords):
- (JSC::Lexer::Lexer):
- (JSC::Lexer::~Lexer):
- (JSC::Lexer::setCode):
- (JSC::Lexer::parseIdentifier):
- * parser/Lexer.h:
- (JSC::Keywords::isKeyword):
- (JSC::Keywords::getKeyword):
- (JSC::Keywords::~Keywords):
- (JSC::Lexer::setIsReparsing):
- (JSC::Lexer::isReparsing):
- (JSC::Lexer::lineNumber):
- (JSC::Lexer::setLastLineNumber):
- (JSC::Lexer::lastLineNumber):
- (JSC::Lexer::prevTerminator):
- (JSC::Lexer::sawError):
- (JSC::Lexer::getErrorMessage):
- (JSC::Lexer::currentOffset):
- (JSC::Lexer::setOffset):
- (JSC::Lexer::setLineNumber):
- (JSC::Lexer::sourceProvider):
- (JSC::Lexer::isWhiteSpace):
- (JSC::Lexer::isLineTerminator):
- (JSC::Lexer::convertHex):
- (JSC::Lexer::convertUnicode):
- (JSC::Lexer::makeIdentifier):
- (JSC::Lexer::lexExpectIdentifier):
- * parser/NodeConstructors.h:
- (JSC::ParserArenaFreeable::operator new):
- (JSC::ParserArenaDeletable::operator new):
- (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
- (JSC::Node::Node):
- (JSC::ExpressionNode::ExpressionNode):
- (JSC::StatementNode::StatementNode):
- (JSC::NullNode::NullNode):
- (JSC::BooleanNode::BooleanNode):
- (JSC::NumberNode::NumberNode):
- (JSC::StringNode::StringNode):
- (JSC::RegExpNode::RegExpNode):
- (JSC::ThisNode::ThisNode):
- (JSC::ResolveNode::ResolveNode):
- (JSC::ElementNode::ElementNode):
- (JSC::ArrayNode::ArrayNode):
- (JSC::PropertyNode::PropertyNode):
- (JSC::PropertyListNode::PropertyListNode):
- (JSC::ObjectLiteralNode::ObjectLiteralNode):
- (JSC::BracketAccessorNode::BracketAccessorNode):
- (JSC::DotAccessorNode::DotAccessorNode):
- (JSC::ArgumentListNode::ArgumentListNode):
- (JSC::ArgumentsNode::ArgumentsNode):
- (JSC::NewExprNode::NewExprNode):
- (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
- (JSC::FunctionCallValueNode::FunctionCallValueNode):
- (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
- (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
- (JSC::FunctionCallDotNode::FunctionCallDotNode):
- (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
- (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
- (JSC::PrePostResolveNode::PrePostResolveNode):
- (JSC::PostfixResolveNode::PostfixResolveNode):
- (JSC::PostfixBracketNode::PostfixBracketNode):
- (JSC::PostfixDotNode::PostfixDotNode):
- (JSC::PostfixErrorNode::PostfixErrorNode):
- (JSC::DeleteResolveNode::DeleteResolveNode):
- (JSC::DeleteBracketNode::DeleteBracketNode):
- (JSC::DeleteDotNode::DeleteDotNode):
- (JSC::DeleteValueNode::DeleteValueNode):
- (JSC::VoidNode::VoidNode):
- (JSC::TypeOfResolveNode::TypeOfResolveNode):
- (JSC::TypeOfValueNode::TypeOfValueNode):
- (JSC::PrefixResolveNode::PrefixResolveNode):
- (JSC::PrefixBracketNode::PrefixBracketNode):
- (JSC::PrefixDotNode::PrefixDotNode):
- (JSC::PrefixErrorNode::PrefixErrorNode):
- (JSC::UnaryOpNode::UnaryOpNode):
- (JSC::UnaryPlusNode::UnaryPlusNode):
- (JSC::NegateNode::NegateNode):
- (JSC::BitwiseNotNode::BitwiseNotNode):
- (JSC::LogicalNotNode::LogicalNotNode):
- (JSC::BinaryOpNode::BinaryOpNode):
- (JSC::MultNode::MultNode):
- (JSC::DivNode::DivNode):
- (JSC::ModNode::ModNode):
- (JSC::AddNode::AddNode):
- (JSC::SubNode::SubNode):
- (JSC::LeftShiftNode::LeftShiftNode):
- (JSC::RightShiftNode::RightShiftNode):
- (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
- (JSC::LessNode::LessNode):
- (JSC::GreaterNode::GreaterNode):
- (JSC::LessEqNode::LessEqNode):
- (JSC::GreaterEqNode::GreaterEqNode):
- (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
- (JSC::InstanceOfNode::InstanceOfNode):
- (JSC::InNode::InNode):
- (JSC::EqualNode::EqualNode):
- (JSC::NotEqualNode::NotEqualNode):
- (JSC::StrictEqualNode::StrictEqualNode):
- (JSC::NotStrictEqualNode::NotStrictEqualNode):
- (JSC::BitAndNode::BitAndNode):
- (JSC::BitOrNode::BitOrNode):
- (JSC::BitXOrNode::BitXOrNode):
- (JSC::LogicalOpNode::LogicalOpNode):
- (JSC::ConditionalNode::ConditionalNode):
- (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
- (JSC::AssignResolveNode::AssignResolveNode):
- (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
- (JSC::AssignBracketNode::AssignBracketNode):
- (JSC::AssignDotNode::AssignDotNode):
- (JSC::ReadModifyDotNode::ReadModifyDotNode):
- (JSC::AssignErrorNode::AssignErrorNode):
- (JSC::CommaNode::CommaNode):
- (JSC::ConstStatementNode::ConstStatementNode):
- (JSC::SourceElements::SourceElements):
- (JSC::EmptyStatementNode::EmptyStatementNode):
- (JSC::DebuggerStatementNode::DebuggerStatementNode):
- (JSC::ExprStatementNode::ExprStatementNode):
- (JSC::VarStatementNode::VarStatementNode):
- (JSC::IfNode::IfNode):
- (JSC::IfElseNode::IfElseNode):
- (JSC::DoWhileNode::DoWhileNode):
- (JSC::WhileNode::WhileNode):
- (JSC::ForNode::ForNode):
- (JSC::ContinueNode::ContinueNode):
- (JSC::BreakNode::BreakNode):
- (JSC::ReturnNode::ReturnNode):
- (JSC::WithNode::WithNode):
- (JSC::LabelNode::LabelNode):
- (JSC::ThrowNode::ThrowNode):
- (JSC::TryNode::TryNode):
- (JSC::ParameterNode::ParameterNode):
- (JSC::FuncExprNode::FuncExprNode):
- (JSC::FuncDeclNode::FuncDeclNode):
- (JSC::CaseClauseNode::CaseClauseNode):
- (JSC::ClauseListNode::ClauseListNode):
- (JSC::CaseBlockNode::CaseBlockNode):
- (JSC::SwitchNode::SwitchNode):
- (JSC::ConstDeclNode::ConstDeclNode):
- (JSC::BlockNode::BlockNode):
- (JSC::ForInNode::ForInNode):
- * parser/NodeInfo.h:
- * parser/Nodes.cpp:
- (JSC::StatementNode::setLoc):
- (JSC::ScopeNode::ScopeNode):
- (JSC::ProgramNode::ProgramNode):
- (JSC::ProgramNode::create):
- (JSC::EvalNode::EvalNode):
- (JSC::EvalNode::create):
- (JSC::FunctionBodyNode::FunctionBodyNode):
- (JSC::FunctionBodyNode::create):
- * parser/Nodes.h:
- (JSC::Node::lineNo):
- * parser/Parser.cpp:
- (JSC::Parser::Parser):
- (JSC::Parser::~Parser):
- (JSC::Parser::parseInner):
- (JSC::Parser::allowAutomaticSemicolon):
- (JSC::Parser::parseSourceElements):
- (JSC::Parser::parseVarDeclaration):
- (JSC::Parser::parseConstDeclaration):
- (JSC::Parser::parseDoWhileStatement):
- (JSC::Parser::parseWhileStatement):
- (JSC::Parser::parseVarDeclarationList):
- (JSC::Parser::parseConstDeclarationList):
- (JSC::Parser::parseForStatement):
- (JSC::Parser::parseBreakStatement):
- (JSC::Parser::parseContinueStatement):
- (JSC::Parser::parseReturnStatement):
- (JSC::Parser::parseThrowStatement):
- (JSC::Parser::parseWithStatement):
- (JSC::Parser::parseSwitchStatement):
- (JSC::Parser::parseSwitchClauses):
- (JSC::Parser::parseSwitchDefaultClause):
- (JSC::Parser::parseTryStatement):
- (JSC::Parser::parseDebuggerStatement):
- (JSC::Parser::parseBlockStatement):
- (JSC::Parser::parseStatement):
- (JSC::Parser::parseFormalParameters):
- (JSC::Parser::parseFunctionBody):
- (JSC::Parser::parseFunctionInfo):
- (JSC::Parser::parseFunctionDeclaration):
- (JSC::LabelInfo::LabelInfo):
- (JSC::Parser::parseExpressionOrLabelStatement):
- (JSC::Parser::parseExpressionStatement):
- (JSC::Parser::parseIfStatement):
- (JSC::Parser::parseExpression):
- (JSC::Parser::parseAssignmentExpression):
- (JSC::Parser::parseConditionalExpression):
- (JSC::isUnaryOp):
- (JSC::Parser::isBinaryOperator):
- (JSC::Parser::parseBinaryExpression):
- (JSC::Parser::parseProperty):
- (JSC::Parser::parseObjectLiteral):
- (JSC::Parser::parseStrictObjectLiteral):
- (JSC::Parser::parseArrayLiteral):
- (JSC::Parser::parsePrimaryExpression):
- (JSC::Parser::parseArguments):
- (JSC::Parser::parseMemberExpression):
- (JSC::Parser::parseUnaryExpression):
- * parser/Parser.h:
- (JSC::isEvalNode):
- (JSC::EvalNode):
- (JSC::DepthManager::DepthManager):
- (JSC::DepthManager::~DepthManager):
- (JSC::ScopeLabelInfo::ScopeLabelInfo):
- (JSC::Scope::Scope):
- (JSC::Scope::startSwitch):
- (JSC::Scope::endSwitch):
- (JSC::Scope::startLoop):
- (JSC::Scope::endLoop):
- (JSC::Scope::inLoop):
- (JSC::Scope::breakIsValid):
- (JSC::Scope::continueIsValid):
- (JSC::Scope::pushLabel):
- (JSC::Scope::popLabel):
- (JSC::Scope::getLabel):
- (JSC::Scope::setIsFunction):
- (JSC::Scope::isFunction):
- (JSC::Scope::isFunctionBoundary):
- (JSC::Scope::declareVariable):
- (JSC::Scope::declareWrite):
- (JSC::Scope::preventNewDecls):
- (JSC::Scope::allowsNewDecls):
- (JSC::Scope::declareParameter):
- (JSC::Scope::useVariable):
- (JSC::Scope::setNeedsFullActivation):
- (JSC::Scope::collectFreeVariables):
- (JSC::Scope::getUncapturedWrittenVariables):
- (JSC::Scope::getCapturedVariables):
- (JSC::Scope::setStrictMode):
- (JSC::Scope::strictMode):
- (JSC::Scope::isValidStrictMode):
- (JSC::Scope::shadowsArguments):
- (JSC::Scope::copyCapturedVariablesToVector):
- (JSC::Scope::saveFunctionInfo):
- (JSC::Scope::restoreFunctionInfo):
- (JSC::ScopeRef::ScopeRef):
- (JSC::ScopeRef::operator->):
- (JSC::ScopeRef::index):
- (JSC::ScopeRef::hasContainingScope):
- (JSC::ScopeRef::containingScope):
- (JSC::Parser::AllowInOverride::AllowInOverride):
- (JSC::Parser::AllowInOverride::~AllowInOverride):
- (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
- (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
- (JSC::Parser::AutoPopScopeRef::setPopped):
- (JSC::Parser::currentScope):
- (JSC::Parser::pushScope):
- (JSC::Parser::popScopeInternal):
- (JSC::Parser::popScope):
- (JSC::Parser::declareVariable):
- (JSC::Parser::declareWrite):
- (JSC::Parser::findCachedFunctionInfo):
- (JSC::Parser::isFunctionBodyNode):
- (JSC::Parser::next):
- (JSC::Parser::nextExpectIdentifier):
- (JSC::Parser::nextTokenIsColon):
- (JSC::Parser::consume):
- (JSC::Parser::getToken):
- (JSC::Parser::match):
- (JSC::Parser::tokenStart):
- (JSC::Parser::tokenLine):
- (JSC::Parser::tokenEnd):
- (JSC::Parser::getTokenName):
- (JSC::Parser::updateErrorMessageSpecialCase):
- (JSC::Parser::updateErrorMessage):
- (JSC::Parser::updateErrorWithNameAndMessage):
- (JSC::Parser::startLoop):
- (JSC::Parser::endLoop):
- (JSC::Parser::startSwitch):
- (JSC::Parser::endSwitch):
- (JSC::Parser::setStrictMode):
- (JSC::Parser::strictMode):
- (JSC::Parser::isValidStrictMode):
- (JSC::Parser::declareParameter):
- (JSC::Parser::breakIsValid):
- (JSC::Parser::continueIsValid):
- (JSC::Parser::pushLabel):
- (JSC::Parser::popLabel):
- (JSC::Parser::getLabel):
- (JSC::Parser::autoSemiColon):
- (JSC::Parser::canRecurse):
- (JSC::Parser::lastTokenEnd):
- (JSC::Parser::DepthManager::DepthManager):
- (JSC::Parser::DepthManager::~DepthManager):
- (JSC::Parser::parse):
- (JSC::parse):
- * parser/ParserTokens.h: Added.
- (JSC::JSTokenInfo::JSTokenInfo):
- * parser/SourceCode.h:
- (JSC::SourceCode::subExpression):
- * parser/SourceProviderCacheItem.h:
- * parser/SyntaxChecker.h:
- (JSC::SyntaxChecker::SyntaxChecker):
- (JSC::SyntaxChecker::makeFunctionCallNode):
- (JSC::SyntaxChecker::createCommaExpr):
- (JSC::SyntaxChecker::makeAssignNode):
- (JSC::SyntaxChecker::makePrefixNode):
- (JSC::SyntaxChecker::makePostfixNode):
- (JSC::SyntaxChecker::makeTypeOfNode):
- (JSC::SyntaxChecker::makeDeleteNode):
- (JSC::SyntaxChecker::makeNegateNode):
- (JSC::SyntaxChecker::makeBitwiseNotNode):
- (JSC::SyntaxChecker::createLogicalNot):
- (JSC::SyntaxChecker::createUnaryPlus):
- (JSC::SyntaxChecker::createVoid):
- (JSC::SyntaxChecker::thisExpr):
- (JSC::SyntaxChecker::createResolve):
- (JSC::SyntaxChecker::createObjectLiteral):
- (JSC::SyntaxChecker::createArray):
- (JSC::SyntaxChecker::createNumberExpr):
- (JSC::SyntaxChecker::createString):
- (JSC::SyntaxChecker::createBoolean):
- (JSC::SyntaxChecker::createNull):
- (JSC::SyntaxChecker::createBracketAccess):
- (JSC::SyntaxChecker::createDotAccess):
- (JSC::SyntaxChecker::createRegExp):
- (JSC::SyntaxChecker::createNewExpr):
- (JSC::SyntaxChecker::createConditionalExpr):
- (JSC::SyntaxChecker::createAssignResolve):
- (JSC::SyntaxChecker::createFunctionExpr):
- (JSC::SyntaxChecker::createFunctionBody):
- (JSC::SyntaxChecker::createArguments):
- (JSC::SyntaxChecker::createArgumentsList):
- (JSC::SyntaxChecker::createProperty):
- (JSC::SyntaxChecker::createPropertyList):
- (JSC::SyntaxChecker::createFuncDeclStatement):
- (JSC::SyntaxChecker::createBlockStatement):
- (JSC::SyntaxChecker::createExprStatement):
- (JSC::SyntaxChecker::createIfStatement):
- (JSC::SyntaxChecker::createForLoop):
- (JSC::SyntaxChecker::createForInLoop):
- (JSC::SyntaxChecker::createEmptyStatement):
- (JSC::SyntaxChecker::createVarStatement):
- (JSC::SyntaxChecker::createReturnStatement):
- (JSC::SyntaxChecker::createBreakStatement):
- (JSC::SyntaxChecker::createContinueStatement):
- (JSC::SyntaxChecker::createTryStatement):
- (JSC::SyntaxChecker::createSwitchStatement):
- (JSC::SyntaxChecker::createWhileStatement):
- (JSC::SyntaxChecker::createWithStatement):
- (JSC::SyntaxChecker::createDoWhileStatement):
- (JSC::SyntaxChecker::createLabelStatement):
- (JSC::SyntaxChecker::createThrowStatement):
- (JSC::SyntaxChecker::createDebugger):
- (JSC::SyntaxChecker::createConstStatement):
- (JSC::SyntaxChecker::appendConstDecl):
- (JSC::SyntaxChecker::createGetterOrSetterProperty):
- (JSC::SyntaxChecker::combineCommaNodes):
- (JSC::SyntaxChecker::operatorStackPop):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::checkSyntax):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::produceCodeBlockFor):
- (JSC::FunctionExecutable::fromGlobalCode):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::tryJSONPParse):
-
-2011-10-31 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
- https://bugs.webkit.org/show_bug.cgi?id=71227
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * tools/CodeProfile.cpp:
+ (JSC::CodeProfile::sample):
- Reviewed by Oliver Hunt.
-
- No new tests, since while I can see exactly where the DFG went wrong on the
- site in question from looking at the generated machine code, and while I can
- certainly believe that such a scenario would happen, I cannot visualize how
- to make it happen reproducibly. It requires an odd combination of double
- values getting spilled and then refilled, but then reboxed at just the right
- time so that the spilled value is an unboxed double while the in-register
- value is a boxed double.
+2012-05-23 Geoffrey Garen <ggaren@apple.com>
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ Refactored WeakBlock to use malloc, clarify behavior
+ https://bugs.webkit.org/show_bug.cgi?id=87318
-2011-10-30 Filip Pizlo <fpizlo@apple.com>
+ Reviewed by Filip Pizlo.
- JSParser::parsePrimaryExpression should have an overflow check
- https://bugs.webkit.org/show_bug.cgi?id=71197
+ We want to use malloc so we can make these smaller than 4KB,
+ since an individual MarkedBlock will usually have fewer than
+ 4KB worth of weak pointers.
- Reviewed by Geoff Garen.
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots): Renamed visitLiveWeakImpls to visit, since
+ we no longer need to distinguish from "visitDeadWeakImpls".
- * parser/JSParser.cpp:
- (JSC::JSParser::parsePrimaryExpression):
+ Renamed "visitDeadWeakImpls" to "reap" because we're not actually
+ doing any visiting -- we're just tagging things as dead.
-2011-10-30 Filip Pizlo <fpizlo@apple.com>
+ * heap/WeakBlock.cpp:
+ (JSC::WeakBlock::create):
+ (JSC::WeakBlock::destroy):
+ (JSC::WeakBlock::WeakBlock): Malloc!
- DFG ValueAdd(string, int) should not fail speculation
- https://bugs.webkit.org/show_bug.cgi?id=71195
+ (JSC::WeakBlock::visit):
+ (JSC::WeakBlock::reap): Renamed as above.
- Reviewed by Geoff Garen.
-
- 1% speed-up on V8.
+ * heap/WeakBlock.h:
+ (WeakBlock): Reduced to 3KB, as explained above.
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldNotSpeculateInteger):
- (JSC::DFG::Node::shouldSpeculateInteger):
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::visit):
+ (JSC::WeakSet::reap):
+ * heap/WeakSet.h:
+ (WeakSet): Updated for renames, and to match WebKit style.
-2011-10-30 Filip Pizlo <fpizlo@apple.com>
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- The DFG inliner should not flush the callee
- https://bugs.webkit.org/show_bug.cgi?id=71191
+ Use after free in JSC::DFG::ByteCodeParser::processPhiStack
+ https://bugs.webkit.org/show_bug.cgi?id=87312
+ <rdar://problem/11518848>
Reviewed by Oliver Hunt.
-
- 0.6% speed-up on V8.
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeOrigin.h:
* dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::flush):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::trueCallerFrameSlow):
-
-2011-10-28 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
- https://bugs.webkit.org/show_bug.cgi?id=70968
-
- Reviewed by Geoffrey Garen.
-
- * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
- TypeInfo. Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that
- needed it because Windows wouldn't build without it.
- (JSC::::createStructure):
- * API/JSCallbackObject.h:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure.
- (JSC::ErrorInstance::createStructure):
- * runtime/ErrorPrototype.h: Ditto
- (JSC::ErrorPrototype::createStructure):
- * runtime/JSActivation.h: Ditto
- (JSC::JSActivation::createStructure):
- * runtime/JSGlobalObject.h: Ditto
- (JSC::JSGlobalObject::createStructure):
- * runtime/JSObject.h: De-virtualized functions. They now check the JSType of the object for the corresponding type.
- (JSC::JSObject::isGlobalObject):
- (JSC::JSObject::isVariableObject):
- (JSC::JSObject::isActivationObject):
- (JSC::JSObject::isErrorInstance):
- * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
- * runtime/JSVariableObject.cpp: Removed virtual function.
- * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
- (JSC::JSVariableObject::createStructure):
-
-2011-10-28 Pavel Feldman <pfeldman@google.com>
-
- Reset line numbers for scripts generated with document.write.
- https://bugs.webkit.org/show_bug.cgi?id=71099
-
- Reviewed by Yury Semikhatsky.
-
- * wtf/text/TextPosition.h:
- (WTF::OrdinalNumber::OrdinalNumber):
-
-2011-10-27 Daniel Bates <dbates@rim.com>
-
- CMake: Add support to optionally install the built JavaScript shell
- https://bugs.webkit.org/show_bug.cgi?id=71062
-
- Reviewed by Antonio Gomes.
-
- Generate an installation rule for installing the JavaScript shell in
- /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
- is defined.
- * shell/CMakeLists.txt:
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
-2011-10-27 Kentaro Hara <haraken@chromium.org>
-
- Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
- https://bugs.webkit.org/show_bug.cgi?id=70215
-
- Reviewed by Adam Barth.
-
- Added a method that judges if a given JSValue is empty.
-
- Tests: transforms/svg-vs-css.xhtml
- transforms/cssmatrix-2d-interface.xhtml
- transforms/cssmatrix-3d-interface.xhtml
-
- * runtime/JSValue.h:
- * runtime/JSValueInlineMethods.h:
- (JSC::JSValue::isEmpty):
-
-2011-10-27 Michael Saboff <msaboff@apple.com>
-
- ENH: Add 8 bit string support to JSC JIT
- https://bugs.webkit.org/show_bug.cgi?id=71073
-
- Changed the JIT String character access generation to create code
- to check the character size and load8() or load16() as approriate.
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::load8):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movzbl_mr):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitLoadCharacterString):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- * jit/JSInterfaceJIT.h:
- (JSC::ThunkHelpers::stringImplFlagsOffset):
- (JSC::ThunkHelpers::stringImpl8BitFlag):
- * jit/ThunkGenerators.cpp:
- (JSC::stringCharLoad):
-
-2011-10-27 Filip Pizlo <fpizlo@apple.com>
-
- If the bytecode generator emits code after the return in the first basic block,
- DFG's inliner crashes
- https://bugs.webkit.org/show_bug.cgi?id=71071
+ It should be possible to make C function calls from DFG code on ARM in debug mode
+ https://bugs.webkit.org/show_bug.cgi?id=87313
Reviewed by Gavin Barraclough.
-
- Removed some cruft dealing with parsing failures due to unsupported functionality
- (that's never reached anymore due to it being caught in DFGCapabilities). This
- allowed me to repurpose the bool return from parseBlock() to mean: true if we
- should continue to parse, or false if we've already parsed all live code.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
-
-2011-10-27 Joseph Pecoraro <pecoraro@apple.com>
-
- Reviewed by David Kilzer.
-
- Make FeatureDefines Identical Across OS X Projects
- https://bugs.webkit.org/show_bug.cgi?id=71051
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-10-27 Filip Pizlo <fpizlo@apple.com>
-
- Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
- https://bugs.webkit.org/show_bug.cgi?id=71045
-
- Reviewed by Geoff Garen.
-
- Make sure that if a structure is pinned, it also has a property map.
-
- * runtime/Structure.cpp:
- (JSC::Structure::changePrototypeTransition):
- (JSC::Structure::despecifyFunctionTransition):
- (JSC::Structure::getterSetterTransition):
- (JSC::Structure::toDictionaryTransition):
- (JSC::Structure::preventExtensionsTransition):
- (JSC::Structure::addPropertyWithoutTransition):
- (JSC::Structure::removePropertyWithoutTransition):
- (JSC::Structure::pin):
- (JSC::Structure::copyPropertyTableForPinning):
- * runtime/Structure.h:
- (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
-
-2011-10-27 Michael Saboff <msaboff@apple.com>
-
- 32bit build failure after r98624
- https://bugs.webkit.org/show_bug.cgi?id=71064
-
- Disambiguated operator overload with unsigned index (0u).
-
- Reviewed by Sam Weinig.
-
- * runtime/UString.h:
- (JSC::operator==):
-
-2011-10-27 Gustavo Noronha Silva <gns@gnome.org>
-
- Fix building on GNU/kFreeBSD
- https://bugs.webkit.org/show_bug.cgi?id=71005
-
- Reviewed by Darin Adler.
-
- * config.h:
- * wtf/Platform.h:
-
-2011-10-27 Michael Saboff <msaboff@apple.com>
-
- Investigate storing strings in 8-bit buffers when possible
- https://bugs.webkit.org/show_bug.cgi?id=66161
-
- Investigate storing strings in 8-bit buffers when possible
- https://bugs.webkit.org/show_bug.cgi?id=66161
-
- Added support for 8 bit string data in StringImpl. Changed
- (UChar*) m_data to m_data16. Added char* m_data8 as a union
- with m_data16. Added UChar* m_copyData16 to the other union
- to store a 16 bit copy of an 8 bit string when needed.
- Added characters8() and characters16() accessor methods
- that assume the caller has checked the underlying string type
- via the new is8Bit() method. The characters() method will
- return a UChar* of the string, materializing a 16 bit copy if the
- string is an 8 bit string. Added two flags, one for 8 bit buffer
- and a second for a 16 bit copy for an 8 bit string.
-
- Fixed method name typo (StringHasher::defaultCoverter()).
-
- Over time the goal is to eliminate calls to characters() and
- us the character8() and characters16() accessors.
-
- This patch does not include changes that actually create 8 bit
- strings. This is the first of at least 8 patches. Subsequent
- patches will be submitted for JIT changes, making the JSC lexer,
- parser and literal parser, JavaScript string changes and
- then changes in webcore to take advantage of the 8 bit strings.
-
- This change is performance neutral for SunSpider and V8 when
- run from the command line with "jsc".
-
- Reviewed by Geoffrey Garen.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- * parser/SourceProvider.h:
- (JSC::UStringSourceProvider::data):
- (JSC::UStringSourceProvider::UStringSourceProvider):
- * runtime/Identifier.cpp:
- (JSC::IdentifierCStringTranslator::hash):
- (JSC::IdentifierCStringTranslator::equal):
- (JSC::IdentifierCStringTranslator::translate):
- (JSC::Identifier::add):
- (JSC::Identifier::toUInt32):
- * runtime/Identifier.h:
- (JSC::Identifier::equal):
- (JSC::operator==):
- (JSC::operator!=):
- * runtime/JSString.cpp:
- (JSC::JSString::resolveRope):
- (JSC::JSString::resolveRopeSlowCase):
- * runtime/RegExp.cpp:
- (JSC::RegExp::match):
- * runtime/StringPrototype.cpp:
- (JSC::jsSpliceSubstringsWithSeparators):
- * runtime/UString.cpp:
- (JSC::UString::UString):
- (JSC::equalSlowCase):
- (JSC::UString::utf8):
- * runtime/UString.h:
- (JSC::UString::characters):
- (JSC::UString::characters8):
- (JSC::UString::characters16):
- (JSC::UString::is8Bit):
- (JSC::UString::operator[]):
- (JSC::UString::find):
- (JSC::operator==):
- * wtf/StringHasher.h:
- (WTF::StringHasher::computeHash):
- (WTF::StringHasher::defaultConverter):
- * wtf/text/AtomicString.cpp:
- (WTF::CStringTranslator::hash):
- (WTF::CStringTranslator::equal):
- (WTF::CStringTranslator::translate):
- (WTF::AtomicString::add):
- * wtf/text/AtomicString.h:
- (WTF::AtomicString::AtomicString):
- (WTF::AtomicString::contains):
- (WTF::AtomicString::find):
- (WTF::AtomicString::add):
- (WTF::operator==):
- (WTF::operator!=):
- (WTF::equalIgnoringCase):
- * wtf/text/StringConcatenate.h:
- * wtf/text/StringHash.h:
- (WTF::StringHash::equal):
- (WTF::CaseFoldingHash::hash):
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::~StringImpl):
- (WTF::StringImpl::createUninitialized):
- (WTF::StringImpl::create):
- (WTF::StringImpl::getData16SlowCase):
- (WTF::StringImpl::containsOnlyWhitespace):
- (WTF::StringImpl::substring):
- (WTF::StringImpl::characterStartingAt):
- (WTF::StringImpl::lower):
- (WTF::StringImpl::upper):
- (WTF::StringImpl::fill):
- (WTF::StringImpl::foldCase):
- (WTF::StringImpl::stripMatchedCharacters):
- (WTF::StringImpl::removeCharacters):
- (WTF::StringImpl::simplifyMatchedCharactersToSpace):
- (WTF::StringImpl::toIntStrict):
- (WTF::StringImpl::toUIntStrict):
- (WTF::StringImpl::toInt64Strict):
- (WTF::StringImpl::toUInt64Strict):
- (WTF::StringImpl::toIntPtrStrict):
- (WTF::StringImpl::toInt):
- (WTF::StringImpl::toUInt):
- (WTF::StringImpl::toInt64):
- (WTF::StringImpl::toUInt64):
- (WTF::StringImpl::toIntPtr):
- (WTF::StringImpl::toDouble):
- (WTF::StringImpl::toFloat):
- (WTF::equal):
- (WTF::equalIgnoringCase):
- (WTF::StringImpl::find):
- (WTF::StringImpl::findIgnoringCase):
- (WTF::StringImpl::reverseFind):
- (WTF::StringImpl::replace):
- (WTF::StringImpl::defaultWritingDirection):
- (WTF::StringImpl::adopt):
- (WTF::StringImpl::createWithTerminatingNullCharacter):
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::StringImpl):
- (WTF::StringImpl::create):
- (WTF::StringImpl::create8):
- (WTF::StringImpl::tryCreateUninitialized):
- (WTF::StringImpl::flagsOffset):
- (WTF::StringImpl::flagIs8Bit):
- (WTF::StringImpl::dataOffset):
- (WTF::StringImpl::is8Bit):
- (WTF::StringImpl::characters8):
- (WTF::StringImpl::characters16):
- (WTF::StringImpl::characters):
- (WTF::StringImpl::has16BitShadow):
- (WTF::StringImpl::setHash):
- (WTF::StringImpl::hash):
- (WTF::StringImpl::copyChars):
- (WTF::StringImpl::operator[]):
- (WTF::StringImpl::find):
- (WTF::StringImpl::findIgnoringCase):
- (WTF::equal):
- (WTF::equalIgnoringCase):
- (WTF::StringImpl::isolatedCopy):
- * wtf/text/WTFString.cpp:
- (WTF::String::String):
- (WTF::String::append):
- (WTF::String::format):
- (WTF::String::fromUTF8):
- (WTF::String::fromUTF8WithLatin1Fallback):
- * wtf/text/WTFString.h:
- (WTF::String::find):
- (WTF::String::findIgnoringCase):
- (WTF::String::contains):
- (WTF::String::append):
- (WTF::String::fromUTF8):
- (WTF::String::fromUTF8WithLatin1Fallback):
- (WTF::operator==):
- (WTF::operator!=):
- (WTF::equalIgnoringCase):
- * wtf/unicode/Unicode.h:
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::execute):
- * yarr/YarrJIT.h:
- (JSC::Yarr::YarrCodeBlock::execute):
- * yarr/YarrParser.h:
- (JSC::Yarr::Parser::Parser):
-
-2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fixing windows build
-
- Unreviewed build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add ability to check for presence of static members at compile time
- https://bugs.webkit.org/show_bug.cgi?id=70986
-
- Reviewed by Geoffrey Garen.
-
- Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the
- HAS_MEMBER_NAMED macro to use that template to check if the specified class
- does indeed have a method with that name. This mechanism is not currently
- used anywhere, but will be in the future when adding virtual methods from
- JSObject to the MethodTable.
-
- * runtime/ClassInfo.h:
-
-2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSCell::toThisObject
- https://bugs.webkit.org/show_bug.cgi?id=70958
-
- Reviewed by Geoffrey Garen.
-
- Converted all instances of toThisObject to static functions,
- added toThisObject to the MethodTable, and replaced all call sites
- with a corresponding lookup in the MethodTable.
-
- * API/JSContextRef.cpp:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/ClassInfo.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::toThisObject):
- * runtime/JSActivation.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::toThisObject):
- * runtime/JSCell.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC::JSObject::toThisObject):
- * runtime/JSObject.h:
- (JSC::JSValue::toThisObject):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::toThisObject):
- * runtime/JSStaticScopeObject.h:
- * runtime/JSString.cpp:
- (JSC::JSString::toThisObject):
- * runtime/JSString.h:
- * runtime/StrictEvalActivation.cpp:
- (JSC::StrictEvalActivation::toThisObject):
- * runtime/StrictEvalActivation.h:
-
-2011-10-27 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Fix a small bug in callOperation after r98431
- https://bugs.webkit.org/show_bug.cgi?id=70984
-
- Reviewed by Geoffrey Garen.
-
- TrustedImmPtr is not expecting "int" type parameters.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
-
-2011-10-26 Oliver Hunt <oliver@apple.com>
-
- Restore structure-clearing behaviour of allocateCell<>
- https://bugs.webkit.org/show_bug.cgi?id=70976
-
- Reviewed by Geoffrey Garen.
-
- This restores the logic that allows the markstack to filter
- live objects that have not yet been initialised.
-
- * runtime/JSCell.h:
- (JSC::JSCell::clearStructure):
- Validation-safe method to clear a cell's structure.
- (JSC::allocateCell):
- Call the above method.
- * runtime/Structure.h:
- (JSC::MarkStack::internalAppend):
- Don't visit cells that haven't been initialised.
-
-2011-10-26 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION (r97030): Cannot log in to progressive.com
- https://bugs.webkit.org/show_bug.cgi?id=70094
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
-
-2011-10-26 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove getOwnPropertySlotVirtual
- https://bugs.webkit.org/show_bug.cgi?id=70741
-
- Reviewed by Geoffrey Garen.
-
- Removed all declarations and definitions of getOwnPropertySlotVirtual.
- Also replaced all call sites to getOwnPropertyVirtualVirtual with a
- corresponding lookup in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getOwnPropertyDescriptor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::getOwnPropertySlot):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- * runtime/Arguments.h:
- * runtime/ArrayConstructor.cpp:
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- * runtime/ArrayPrototype.h:
- * runtime/BooleanPrototype.cpp:
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- * runtime/DateConstructor.h:
- * runtime/DatePrototype.cpp:
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::create):
- * runtime/ErrorPrototype.cpp:
- * runtime/ErrorPrototype.h:
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertySlotByIndex):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertyDescriptor):
- (JSC::JSFunction::getOwnPropertyNames):
- (JSC::JSFunction::put):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Holder::appendNextProperty):
- (JSC::Walker::walk):
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::getOwnPropertySlotByIndex):
- (JSC::JSObject::hasOwnProperty):
- * runtime/JSObject.h:
- (JSC::JSCell::fastGetOwnPropertySlot):
- (JSC::JSObject::getPropertySlot):
- (JSC::JSValue::get):
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlot):
- * runtime/JSString.h:
- * runtime/MathObject.cpp:
- * runtime/MathObject.h:
- (JSC::MathObject::create):
- * runtime/NumberConstructor.cpp:
- * runtime/NumberConstructor.h:
- * runtime/NumberPrototype.cpp:
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectConstructor.h:
- * runtime/ObjectPrototype.cpp:
- * runtime/ObjectPrototype.h:
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::createStructure):
- * runtime/RegExpObject.cpp:
- * runtime/RegExpObject.h:
- * runtime/RegExpPrototype.cpp:
- * runtime/RegExpPrototype.h:
- * runtime/StringConstructor.cpp:
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- * runtime/StringObject.h:
- * runtime/StringPrototype.cpp:
- * runtime/StringPrototype.h:
-
-2011-10-26 Alejandro G. Castro <alex@igalia.com>
-
- [GTK] [WK2] Add WebKit2 distcheck support
- https://bugs.webkit.org/show_bug.cgi?id=70933
-
- Reviewed by Martin Robinson.
-
- * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
-
-2011-10-26 Michael Saboff <msaboff@apple.com>
-
- Increase StringImpl Flag Bits for 8 bit Strings
- https://bugs.webkit.org/show_bug.cgi?id=70937
-
- Increased the number of bits used for flags in StringImpl
- from 6 to 8 bits. This frees up 2 flag bits that will be
- used for 8-bit string support. Updated hash methods accordingly.
- Changed hash value masking from the low bits to the high
- bits.
-
- Reviewed by Darin Adler.
-
- * create_hash_table:
- * wtf/StringHasher.h:
- (WTF::StringHasher::hash):
- * wtf/text/StringImpl.h:
-
-2011-10-26 Dan Bernstein <mitz@apple.com>
-
- Build fix.
-
- Reverted r98488, which caused the scripts’ status messages to be included in the generated
- files.
-
- * create_hash_table:
- * create_jit_stubs:
-
-2011-10-26 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- Don't print regular output to STDERR when generating hashtables and JIT stubs
-
- Reviewed by Simon Hausmann.
-
- * create_hash_table:
- * create_jit_stubs:
-
-2011-10-25 Gavin Barraclough <barraclough@apple.com>
-
- Split DFGJITCodeGenerator::callOperation methods
- https://bugs.webkit.org/show_bug.cgi?id=70870
-
- Reviewed by Filip Pizlo.
-
- The DFGJITCodeGenerator currently contains two sets of callOperation methods.
- One set works with the JSVALUE64 value representation and passes arguments in
- registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
- value representation and passes arguments in memory (suitable for use on x86).
- By refactoring out the representation and calling convention specific aspects
- of the code we can also configure the DFG JIT to operator on platforms that use
- the JSVALUE32_64 value representation but pass arguments in registers.
-
- On platforms supported by the JIT, the payload precedes the tag of a value in
- argument/result ordering, as such, in order to make the setupResults method
- generally applicable to return the results of a function that are returned in
- two registers, the ordering of arguments to this function has been reversed -
- as is the ordering of augments passed to setupArguments methods, with respect
- to the ordering with which they are passed in to callOperation.
- This inconsistency will be resolved in a later change when we combine the pairs
- of arguments passed into callOperation, such that the function signatures can
- be made consistent across the two value representations (the callOperation
- methods will be passed a reference to a struct representing the JSValue
- temporary, this will consist of two gprs on 32_64 and one on 64).
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::resetCallArguments):
- (JSC::DFG::addCallArgument):
- - moved, removed tag,payload version of this method.
- (JSC::DFG::setupArguments):
- (JSC::DFG::setupArgumentsExecState):
- (JSC::DFG::setupArgumentsWithExecState):
- - Calling convention specific portion of callOperation refactored out into these methods.
- (JSC::DFG::callOperation):
- - updated these methods to use setupArguments* methods.
- (JSC::DFG::setupResults):
- - setupResults is now passed payload,tag.
- (JSC::DFG::appendCallWithExceptionCheckSetResult):
- - Added fpr versions of this function.
- (JSC::DFG::appendCallSetResult):
- - Added versions of this function without exception check.
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- - setupResults is now passed payload,tag.
-
-2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove deletePropertyVirtual
- https://bugs.webkit.org/show_bug.cgi?id=70738
-
- Reviewed by Geoffrey Garen.
-
- Removed all declarations and definitions of deletePropertyVirtual.
- Also replaced all call sites to deletePropertyVirtual with a
- corresponding lookup in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::deletePropertyByIndex):
- * API/JSObjectRef.cpp:
- (JSObjectDeleteProperty):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::deleteProperty):
- * debugger/DebuggerActivation.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Arguments.cpp:
- * runtime/Arguments.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncPop):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::deleteProperty):
- (JSC::JSArray::deletePropertyByIndex):
- * runtime/JSArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::deleteProperty):
- (JSC::JSCell::deletePropertyByIndex):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Walker::walk):
- * runtime/JSObject.cpp:
- (JSC::JSObject::deletePropertyByIndex):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- * runtime/JSVariableObject.cpp:
- * runtime/JSVariableObject.h:
- * runtime/RegExpMatchesArray.h:
- * runtime/StrictEvalActivation.cpp:
- * runtime/StrictEvalActivation.h:
- * runtime/StringObject.cpp:
- * runtime/StringObject.h:
-
-2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove putVirtual
- https://bugs.webkit.org/show_bug.cgi?id=70740
-
- Reviewed by Geoffrey Garen.
-
- Removed all declarations and definitions of putVirtual.
- Also replaced all call sites to putVirtual with a
- corresponding lookup in the MethodTable.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- * API/JSObjectRef.cpp:
- (JSObjectSetProperty):
- (JSObjectSetPropertyAtIndex):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::put):
- * debugger/DebuggerActivation.h:
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::privateExecute):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- * runtime/Arguments.cpp:
- * runtime/Arguments.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::putProperty):
- (JSC::arrayProtoFuncConcat):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::putSlowCase):
- (JSC::JSArray::push):
- (JSC::JSArray::shiftCount):
- (JSC::JSArray::unshiftCount):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::put):
- (JSC::JSCell::putByIndex):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Walker::walk):
- * runtime/JSObject.cpp:
- (JSC::JSObject::putByIndex):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- (JSC::JSValue::put):
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/ObjectPrototype.cpp:
- * runtime/ObjectPrototype.h:
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- * runtime/RegExpObject.cpp:
- * runtime/RegExpObject.h:
- * runtime/StringObject.cpp:
- * runtime/StringObject.h:
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncSplit):
-
-2011-10-25 Gavin Barraclough <barraclough@apple.com>
-
- Separate out function linking & exception check data structures.
- https://bugs.webkit.org/show_bug.cgi?id=70858
-
- Reviewed by Oliver Hunt.
-
- This will make it easier to refactor the callOperation methods to spilt the value
- representation specific handling from the cpu/calling-convention implementation.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::appendCallWithExceptionCheck):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::CallLinkRecord::CallLinkRecord):
- (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
- (JSC::DFG::JITCompiler::JITCompiler):
- (JSC::DFG::JITCompiler::notifyCall):
- (JSC::DFG::JITCompiler::appendCall):
- (JSC::DFG::JITCompiler::addExceptionCheck):
- (JSC::DFG::JITCompiler::addFastExceptionCheck):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
-
-2011-10-25 Filip Pizlo <fpizlo@apple.com>
-
- Tiered compilation may introduce dangling pointers in constant buffers
- https://bugs.webkit.org/show_bug.cgi?id=70854
-
- Reviewed by Oliver Hunt.
-
- Tiered compilation now copies constant buffers, which fixes the regression in
- https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
- regression relies on a subtle interleaving of optimized compilation and garbage
- collection, and cannot be reproduced in a simple test.
-
- This also adds some new debug support, which was used to fix this bug and is
- likely to be useful in the future.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::copyDataFrom):
- (JSC::CodeBlock::usesOpcode):
- * bytecode/CodeBlock.h:
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
-
-2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fixing Windows build after r98367
-
- Unreviewed build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-25 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Add missing DFG file entries to the make lists for GTK and Qt ports
- https://bugs.webkit.org/show_bug.cgi?id=70806
-
- Reviewed by Darin Adler.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.pro:
-
-2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add getOwnPropertySlot to MethodTable
- https://bugs.webkit.org/show_bug.cgi?id=69807
-
- Reviewed by Oliver Hunt.
-
- * JavaScriptCore.exp:
- * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
- * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can
- reference it in their MethodTables.
-
-2011-10-25 Oliver Hunt <oliver@apple.com>
-
- Need to support marking of multiple nested codeblocks when compiling
- https://bugs.webkit.org/show_bug.cgi?id=70832
-
- Reviewed by Gavin Barraclough.
-
- When inlining a function we end up with multiple codeblocks being
- compiled at the same time, so we need to support a list of live
- codeblocks.
-
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::startedCompiling):
- (JSC::JSGlobalData::finishedCompiling):
-
-2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
- https://bugs.webkit.org/show_bug.cgi?id=70798
-
- Reviewed by Filip Pizlo.
-
- When filling an integer for a known integer node (not speculated), it
- should accept DataFormatJSInteger as well.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
-
-2011-10-24 Geoffrey Garen <ggaren@apple.com>
-
- Build fix: removed some cases of threadsafeCopy() that I missed in
- my previous patch.
-
- * JavaScriptCore.order:
-
-2011-10-24 Geoffrey Garen <ggaren@apple.com>
-
- Removed SharedUChar and tightened language around its previous uses
- https://bugs.webkit.org/show_bug.cgi?id=70698
-
- Reviewed by David Levin.
-
- - Removed SharedUChar because most of its functionality has moved into
- other abstraction layers, and we want remaining clients to choose their
- abstractions explicitly instead of relying on StringImpl to provide this
- behavior implicitly, since we think they can sometimes make more efficient
- choices.
-
- - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
- the former names could give the impression that the resulting object was
- thread-safe, but actually it's just an isolated copy, which is not
- thread-safe by itself, but can be used to implement a thread-safe
- algorithm through isolation.
-
- * wtf/CrossThreadRefCounted.h: Removed.
-
- * JavaScriptCore.exp: Export!
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
-
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::length): Ditto.
-
- (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
-
- * wtf/text/WTFString.cpp:
- (WTF::String::isolatedCopy):
- * wtf/text/WTFString.h: Updated for StringImpl changes.
-
- * API/OpaqueJSString.h:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.order:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- * wtf/OwnFastMallocPtr.h:
- * wtf/RefCounted.h:
- * wtf/SizeLimits.cpp:
- * wtf/ThreadSafeRefCounted.h:
- * wtf/wtf.pri:
- * yarr/YarrPattern.h: Updated these files to accomodate removal of
- CrossThreadRefCounted.h.
-
-2011-10-24 Oliver Hunt <oliver@apple.com>
-
- Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
- https://bugs.webkit.org/show_bug.cgi?id=70689
-
- Reviewed by Filip Pizlo.
-
- While performing codegen we need to make the GlobalData explicitly
- aware of the codeblock being compiled, as compilation may trigger GC
- and CodeBlock holds GC values, but has not yet been assigned to its
- owner executable.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- (JSC::BytecodeGenerator::~BytecodeGenerator):
- * bytecompiler/BytecodeGenerator.h:
- * heap/AllocationSpace.cpp:
- (JSC::AllocationSpace::allocateSlowCase):
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::startedCompiling):
- (JSC::JSGlobalData::finishedCompiling):
-
-2011-10-24 Filip Pizlo <fpizlo@apple.com>
-
- Object-or-other branch speculation may corrupt the state for OSR if the child of the
- branch is an integer
- https://bugs.webkit.org/show_bug.cgi?id=70777
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2011-10-24 Filip Pizlo <fpizlo@apple.com>
-
- op_new_array_buffer is not inlined correctly
- https://bugs.webkit.org/show_bug.cgi?id=70770
-
- Reviewed by Oliver Hunt.
-
- Disabled inlining of op_new_array_buffer, for now.
-
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canInlineOpcode):
-
-2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Add boolean speculations to DFG JIT 32_64
- https://bugs.webkit.org/show_bug.cgi?id=70706
-
- Reviewed by Filip Pizlo.
-
- Different from the boolean speculations in DFG 64, the boolean
- speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
- boolean instead of a JSBoolean. This choice is not only for
- performance, but also to save a register as we're short of registers on
- X86.
- To accomplish this we make use of DataFormatBoolean, allow a value to
- be represented as a primitive boolean and converted from/to a
- JSBoolean.
- This patch also fixes SpillOrder in 32_64, which should be different
- from 64, and fixes needDataFormatConversion logic in 32_64.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::branchTest32):
- We don't expect byte test actually as it doesn't work for registers
- esp..edi on X86.
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::needDataFormatConversion):
- (JSC::DFG::GenerationInfo::initBoolean):
- (JSC::DFG::GenerationInfo::gpr):
- (JSC::DFG::GenerationInfo::fillInteger):
- (JSC::DFG::GenerationInfo::fillBoolean):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::checkConsistency):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::use):
- (JSC::DFG::JITCodeGenerator::silentSpillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::spill):
- (JSC::DFG::cellResult):
- (JSC::DFG::booleanResult):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::ValueRecovery::dump):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueSource::forPrediction):
- (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
- (JSC::DFG::ValueRecovery::inGPR):
- (JSC::DFG::ValueRecovery::gpr):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fixing Windows build
-
- Unreviewed build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
-
- BitVector isInline check could fail
- https://bugs.webkit.org/show_bug.cgi?id=70691
-
- Reviewed by Geoffrey Garen.
-
- Current BitVector uses the highest bit of m_bitsOrPointer to indicate
- whether it's an inlined bit set or a pointer to an outOfLine bit set.
- This check may fail in case the pointer also has the highest bit set,
- which is surely possible on IA32 (Linux).
- In this case the check failure can result in unexpected behaviors,
- for example if the BitVector is incorrectly determined as having an
- inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
- modify the memory adjacent to the BitVector object.
- This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
- or outofline, based on the assumption that the pointer to OutOfLineBits
- should be 4 or 8 byte aligned.
- We could mark the lowest bit (bit 0) with 1 for inlined bit set,
- and bits 1~bitsInPointer are used for bit set/test.
- In this case we need do one bit more shift for bit set/test.
-
- * wtf/BitVector.cpp:
- (WTF::BitVector::resizeOutOfLine):
- * wtf/BitVector.h:
- (WTF::BitVector::quickGet):
- (WTF::BitVector::quickSet):
- (WTF::BitVector::quickClear):
- (WTF::BitVector::makeInlineBits):
- (WTF::BitVector::isInline):
-
-2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
- https://bugs.webkit.org/show_bug.cgi?id=70271
-
- Reviewed by Darin Adler.
-
- Renaming versions of getOwnPropertySlot that use an unsigned as the property
- name to "getOwnPropertySlotByIndex" in preparation for adding them to the
- MethodTable, which requires unique names for each method.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertySlotVirtual):
- (JSC::Arguments::getOwnPropertySlotByIndex):
- * runtime/Arguments.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertySlotVirtual):
- (JSC::JSArray::getOwnPropertySlotByIndex):
- (JSC::JSArray::getOwnPropertySlot):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::getOwnPropertySlotVirtual):
- (JSC::JSByteArray::getOwnPropertySlotByIndex):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getOwnPropertySlotVirtual):
- (JSC::JSCell::getOwnPropertySlotByIndex):
- * runtime/JSCell.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
- (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::getOwnPropertySlotVirtual):
- (JSC::JSObject::getOwnPropertySlotByIndex):
- * runtime/JSObject.h:
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlotVirtual):
- (JSC::JSString::getOwnPropertySlotByIndex):
- * runtime/JSString.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
- (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
- * runtime/ObjectPrototype.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
- (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
- * runtime/StringObject.cpp:
- (JSC::StringObject::getOwnPropertySlotVirtual):
- (JSC::StringObject::getOwnPropertySlotByIndex):
- * runtime/StringObject.h:
-
-2011-10-24 Patrick Gansterer <paroga@webkit.org>
-
- Interpreter build fix after r98179.
-
- * bytecode/CodeBlock.h:
- Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
- since it is only used there.
-
-2011-10-23 Geoffrey Garen <ggaren@apple.com>
-
- Fixed a typo Darin spotted.
-
- * wtf/StringHasher.h:
- (WTF::StringHasher::hash): Expelliarmus!
-
-2011-10-23 Geoffrey Garen <ggaren@apple.com>
-
- Removed StringImpl::createStrippingNullCharacters
- https://bugs.webkit.org/show_bug.cgi?id=70700
-
- Reviewed by David Levin.
-
- It was unused.
-
- * JavaScriptCore.exp:
- * wtf/text/StringImpl.cpp:
- * wtf/text/StringImpl.h:
+ (SpeculativeJIT):
-2011-10-22 Filip Pizlo <fpizlo@apple.com>
+2012-05-11 Filip Pizlo <fpizlo@apple.com>
- DFG should inline constructors
- https://bugs.webkit.org/show_bug.cgi?id=70675
+ DFG should be able to inline functions that use arguments reflectively
+ https://bugs.webkit.org/show_bug.cgi?id=86132
Reviewed by Oliver Hunt.
- Adds support for inlining constructors. Also fixes two pathologies
- uncovered along the way: CheckMethod claimed that it never returned a
- result (causing CheckMethod -> SetLocal -> GetLocal sequences to
- result in the GetLocal doing OSR exit), and get_by_id parsing never
- checked if it was hot in slow path. Also fiddled with inlining
- heuristics; it appears that for now, the more inlining, the happier
- V8 is. Finally, a bug was uncovered where a silent spill of a boxed
- integer that had previously been spilled unboxed causes the silent
- fill to forget to unbox.
-
- This appears to be a 4% speed-up on V8 in their harness, or a 1%
- speed-up in my harness. The difference is due to warm-up: in my
- harness we see significant amounts of time spent in compilation, but
- in V8's harness compilation gets amortizes. Profiling indicates that
- we have the potential for a 5% win from basic optimizations like
- generating OSR exits lazily and holding onto bytecode longer.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleCall):
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::handleMinMax):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::mightInlineFunctionForConstruct):
- (JSC::DFG::canInlineOpcode):
- (JSC::DFG::mightInlineFunctionFor):
- (JSC::DFG::canInlineFunctionFor):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- * runtime/Executable.h:
- (JSC::isCall):
- (JSC::ExecutableBase::intrinsicFor):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
-
-2011-10-23 Noel Gordon <noel.gordon@gmail.com>
-
- [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
- https://bugs.webkit.org/show_bug.cgi?id=70703
-
- Reviewed by Kent Tamura.
-
- runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
- to these files from the gyp project files.
-
- * JavaScriptCore.gypi:
-
-2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add deleteProperty to the MethodTable
- https://bugs.webkit.org/show_bug.cgi?id=70162
-
- Reviewed by Sam Weinig.
-
- * JavaScriptCore.exp:
- * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
- * runtime/JSFunction.h: Changed JSFunction::deleteProperty to
- be protected rather than private for subclasses who don't provide their own
- implementation.
-
-2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove getConstructDataVirtual
- https://bugs.webkit.org/show_bug.cgi?id=70638
-
- Reviewed by Darin Adler.
-
- Removed all declarations and definitions of getConstructDataVirtual.
- Also replaced all call sites to getConstructDataVirtual with a
- corresponding lookup in the MethodTable.
-
- * API/JSCallbackConstructor.cpp:
- * API/JSCallbackConstructor.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- * API/JSObjectRef.cpp:
- (JSObjectIsConstructor):
- (JSObjectCallAsConstructor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArrayConstructor.cpp:
- * runtime/ArrayConstructor.h:
- * runtime/BooleanConstructor.cpp:
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- * runtime/DateConstructor.h:
- * runtime/Error.h:
- (JSC::StrictModeTypeErrorFunction::getConstructData):
- * runtime/ErrorConstructor.cpp:
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- * runtime/FunctionConstructor.h:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
- * runtime/JSObject.h:
- (JSC::getConstructData):
- * runtime/NativeErrorConstructor.cpp:
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- * runtime/NumberConstructor.h:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectConstructor.h:
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- * runtime/StringConstructor.h:
-
-2011-10-23 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the SL build.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
- away int vs unisgned warning.
-
-2011-10-21 Geoffrey Garen <ggaren@apple.com>
-
- Separated string lifetime bits from character buffer state bits
- https://bugs.webkit.org/show_bug.cgi?id=70673
-
- Reviewed by Anders Carlsson.
-
- Moved the static/immortal bit into the bottom bit of the refcount, and
- moved all other bits into the high bits of the hash code.
+ Merged r116838 from dfgopt.
- This is the first step toward a new Characters/PassString class, and it
- makes ref/deref slightly more efficient.
-
- * create_hash_table:
- * wtf/StringHasher.h:
- (WTF::StringHasher::hash): Tweaked the string hashing function to leave
- the top bits clear, so they can be used as flags.
-
- Fixed some small differences between the PERL copy of this function and
- the C++ copy of this function, which could have in theory caused subtle
- crashes.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::sharedBuffer):
- (WTF::StringImpl::createWithTerminatingNullCharacter):
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::StringImpl):
- (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
- s_didReportExtraCost, since the original name was both self-contradictory
- and used as a double-negative.
-
- (WTF::StringImpl::isIdentifier):
- (WTF::StringImpl::setIsIdentifier):
- (WTF::StringImpl::hasTerminatingNullCharacter):
- (WTF::StringImpl::isAtomic):
- (WTF::StringImpl::setIsAtomic):
- (WTF::StringImpl::setHash):
- (WTF::StringImpl::rawHash):
- (WTF::StringImpl::hasHash):
- (WTF::StringImpl::existingHash):
- (WTF::StringImpl::hash):
- (WTF::StringImpl::hasOneRef):
- (WTF::StringImpl::ref):
- (WTF::StringImpl::deref):
- (WTF::StringImpl::bufferOwnership):
- (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
- bit of the refcount. Now, all lifetime information lives in the refcount
- field. Moved the other bits into the hash code field.
-
-2011-10-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG inlining sometimes fails to reset constant references
- https://bugs.webkit.org/show_bug.cgi?id=70668
+ This turns on inlining of functions that use arguments reflectively, but it
+ does not do any of the obvious optimizations that this exposes. I'll save that
+ for another patch - the important thing for now is that this contains all of
+ the plumbing necessary to make this kind of inlining sound even in bizarro
+ cases like an inline callee escaping the arguments object to parts of the
+ inline caller where the arguments are otherwise dead. Or even more fun cases
+ like where you've inlined to an inline stack that is three-deep, and the
+ function on top of the inline stack reflectively accesses the arguments of a
+ function that is in the middle of the inline stack. Any subsequent
+ optimizations that we do for the obvious cases of arguments usage in inline
+ functions will have to take care not to break the baseline functionality that
+ this patch plumbs together.
- Reviewed by Anders Carlsson.
-
- Reset constant references when we need to (new block created) and not
- when we don't (change of inlining depth).
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::prepareToParseBlock):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
-
-2011-10-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG should have inlining
- https://bugs.webkit.org/show_bug.cgi?id=69996
-
- Reviewed by Oliver Hunt.
-
- Implements inlining that's hooked into the bytecode parser. Only
- works for calls, for now, though nothing fundamentally prevents us
- from inlining constructor calls. 2% overall speed-up on all
- benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
- richards respectively), neutral on Kraken and SunSpider.
-
* bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::printCallOp):
+ (JSC::CodeBlock::dump):
* bytecode/CodeBlock.h:
- (JSC::CodeBlock::baselineVersion):
- (JSC::CodeBlock::setInstructionCount):
- (JSC::CodeBlock::likelyToTakeSlowCase):
- (JSC::CodeBlock::couldTakeSlowCase):
- (JSC::CodeBlock::likelyToTakeSpecialFastCase):
- (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
- (JSC::CodeBlock::likelyToTakeAnySlowCase):
- * bytecode/CodeOrigin.h:
- (JSC::CodeOrigin::inlineDepthForCallFrame):
- (JSC::CodeOrigin::inlineDepth):
- (JSC::CodeOrigin::operator==):
- (JSC::CodeOrigin::inlineStack):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::generate):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::beginBasicBlock):
- (JSC::DFG::AbstractState::execute):
- (JSC::DFG::AbstractState::mergeStateAtTail):
- * dfg/DFGBasicBlock.h:
- (JSC::DFG::BasicBlock::BasicBlock):
- (JSC::DFG::BasicBlock::ensureLocals):
- (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
+ (AssemblyHelpers):
* dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::getDirect):
- (JSC::DFG::ByteCodeParser::get):
- (JSC::DFG::ByteCodeParser::setDirect):
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::flush):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
+ (InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleInlining):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::linkBlock):
- (JSC::DFG::ByteCodeParser::linkBlocks):
- (JSC::DFG::ByteCodeParser::handleSuccessor):
- (JSC::DFG::ByteCodeParser::determineReachability):
- (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
(JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGCapabilities.cpp:
- (JSC::DFG::canHandleOpcodes):
- (JSC::DFG::canCompileOpcodes):
- (JSC::DFG::canInlineOpcodes):
+ * dfg/DFGCCallHelpers.h:
+ (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
+ (CCallHelpers):
* dfg/DFGCapabilities.h:
- (JSC::DFG::mightCompileEval):
- (JSC::DFG::mightCompileProgram):
- (JSC::DFG::mightCompileFunctionForCall):
- (JSC::DFG::mightCompileFunctionForConstruct):
- (JSC::DFG::mightInlineFunctionForCall):
- (JSC::DFG::mightInlineFunctionForConstruct):
(JSC::DFG::canInlineOpcode):
- (JSC::DFG::canInlineOpcodes):
- (JSC::DFG::canInlineFunctionForCall):
- (JSC::DFG::canInlineFunctionForConstruct):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::printWhiteSpace):
- (JSC::DFG::Graph::dumpCodeOrigin):
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::GetBytecodeBeginForBlock::operator()):
- (JSC::DFG::Graph::blockIndexForBytecodeOffset):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::decodedCodeMapFor):
- (JSC::DFG::JITCompiler::linkOSRExits):
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::debugCall):
- (JSC::DFG::JITCompiler::baselineCodeBlockFor):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasVariableAccessData):
- (JSC::DFG::Node::shouldGenerate):
- * dfg/DFGOperands.h:
- (JSC::DFG::Operands::ensureLocals):
- (JSC::DFG::Operands::setLocal):
- (JSC::DFG::Operands::getLocal):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * interpreter/CallFrame.cpp:
- (JSC::CallFrame::trueCallerFrameSlow):
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::baselineCodeBlockFor):
- (JSC::FunctionExecutable::produceCodeBlockFor):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::profiledCodeBlockFor):
- (JSC::FunctionExecutable::parameterCount):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h:
- * runtime/JSFunction.h:
-
-2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add put to the MethodTable
- https://bugs.webkit.org/show_bug.cgi?id=70439
-
- Reviewed by Oliver Hunt.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
- * runtime/JSFunction.h: Changed access modifier for put to protected since some
- subclasses of JSFunction need to reference it in their MethodTables.
-
-2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add finalizer to JSObject
- https://bugs.webkit.org/show_bug.cgi?id=70336
-
- Reviewed by Darin Adler.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::callDestructor): Skip the call to the destructor
- if we're a JSFinalObject, since the finalizer takes care of things.
- * runtime/JSCell.h:
- (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with
- future changes and the fact that we no longer always call the destructor, making
- the information provided less useful.
- * runtime/JSObject.cpp:
- (JSC::JSObject::finalize): Add finalizer for JSObject.
- (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
- property storage, we add a finalizer to ourself.
- * runtime/JSObject.h:
-
-2011-10-21 Simon Hausmann <simon.hausmann@nokia.com>
-
- Remove QtScript source code from WebKit.
- https://bugs.webkit.org/show_bug.cgi?id=64088
-
- Reviewed by Tor Arne Vestbø.
-
- Removed dead code that isn't developed anymore.
-
- * JavaScriptCore.gypi:
- * JavaScriptCore.pri:
- * qt/api/QtScript.pro: Removed.
- * qt/api/qscriptconverter_p.h: Removed.
- * qt/api/qscriptengine.cpp: Removed.
- * qt/api/qscriptengine.h: Removed.
- * qt/api/qscriptengine_p.cpp: Removed.
- * qt/api/qscriptengine_p.h: Removed.
- * qt/api/qscriptfunction.cpp: Removed.
- * qt/api/qscriptfunction_p.h: Removed.
- * qt/api/qscriptoriginalglobalobject_p.h: Removed.
- * qt/api/qscriptprogram.cpp: Removed.
- * qt/api/qscriptprogram.h: Removed.
- * qt/api/qscriptprogram_p.h: Removed.
- * qt/api/qscriptstring.cpp: Removed.
- * qt/api/qscriptstring.h: Removed.
- * qt/api/qscriptstring_p.h: Removed.
- * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
- * qt/api/qscriptsyntaxcheckresult.h: Removed.
- * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
- * qt/api/qscriptvalue.cpp: Removed.
- * qt/api/qscriptvalue.h: Removed.
- * qt/api/qscriptvalue_p.h: Removed.
- * qt/api/qscriptvalueiterator.cpp: Removed.
- * qt/api/qscriptvalueiterator.h: Removed.
- * qt/api/qscriptvalueiterator_p.h: Removed.
- * qt/api/qtscriptglobal.h: Removed.
- * qt/benchmarks/benchmarks.pri: Removed.
- * qt/benchmarks/benchmarks.pro: Removed.
- * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
- * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
- * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
- * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
- * qt/tests/qscriptengine/qscriptengine.pro: Removed.
- * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
- * qt/tests/qscriptstring/qscriptstring.pro: Removed.
- * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
- * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
- * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
- * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
- * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
- * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
- * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
- * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
- * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
- * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
- * qt/tests/tests.pri: Removed.
- * qt/tests/tests.pro: Removed.
-
-2011-10-21 Zheng Liu <zheng.z.liu@intel.com>
-
- bytecompiler sometimes generates incorrect bytecode for put_by_id
- https://bugs.webkit.org/show_bug.cgi?id=70403
-
- Reviewed by Filip Pizlo.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::AssignDotNode::emitBytecode):
- (JSC::AssignBracketNode::emitBytecode):
-
-2011-10-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not try to predict argument types by looking at the values of
- argument registers at the time of compilation
- https://bugs.webkit.org/show_bug.cgi?id=70578
-
- Reviewed by Oliver Hunt.
-
- * bytecode/CodeBlock.cpp:
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- (JSC::DFG::tryCompile):
- (JSC::DFG::tryCompileFunction):
- * dfg/DFGDriver.h:
- (JSC::DFG::tryCompileFunction):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGGraph.h:
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileOptimizedForCall):
- (JSC::FunctionExecutable::compileOptimizedForConstruct):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::compileForCall):
- (JSC::FunctionExecutable::compileForConstruct):
- (JSC::FunctionExecutable::compileFor):
- (JSC::FunctionExecutable::compileOptimizedFor):
-
-2011-10-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG call optimization handling will fail if the call had been unlinked due
- to the callee being optimized
- https://bugs.webkit.org/show_bug.cgi?id=70468
-
- Reviewed by Geoff Garen.
-
- If a call had ever been linked, we remember this fact as well as the function
- to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
- called.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeBlock.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgLinkFor):
- * jit/JIT.cpp:
- (JSC::JIT::linkFor):
-
-2011-10-20 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT 32_64 - Fix ByteArray speculation
- https://bugs.webkit.org/show_bug.cgi?id=70571
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueSource::forPrediction):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-20 Vincent Scheib <scheib@chromium.org>
-
- MouseLock compile and run time flags.
- https://bugs.webkit.org/show_bug.cgi?id=70530
-
- Reviewed by Darin Fisher.
-
- * wtf/Platform.h:
-
-2011-10-20 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename static deleteProperty to deletePropertyByIndex
- https://bugs.webkit.org/show_bug.cgi?id=70257
-
- Reviewed by Geoffrey Garen.
-
- Renaming versions of deleteProperty that use an unsigned as the property
- name to "deletePropertyByIndex" in preparation for adding them to the
- MethodTable, which requires unique names for each method.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::deletePropertyVirtual):
- (JSC::::deletePropertyByIndex):
- * runtime/Arguments.cpp:
- (JSC::Arguments::deletePropertyVirtual):
- (JSC::Arguments::deletePropertyByIndex):
- * runtime/Arguments.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::deletePropertyVirtual):
- (JSC::JSArray::deletePropertyByIndex):
- * runtime/JSArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::deletePropertyVirtual):
- (JSC::JSCell::deletePropertyByIndex):
- * runtime/JSCell.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::deletePropertyVirtual):
- (JSC::JSNotAnObject::deletePropertyByIndex):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::deletePropertyVirtual):
- (JSC::JSObject::deletePropertyByIndex):
- * runtime/JSObject.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::deletePropertyVirtual):
- (JSC::RegExpMatchesArray::deletePropertyByIndex):
-
-2011-10-20 Filip Pizlo <fpizlo@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=70482
- DFG-related stubs in the old JIT should not be built if the DFG is disabled
-
- Reviewed by Zoltan Herczeg.
-
- Aiming for a slight code size/build time reduction if the DFG is not in
- play. This should also make further DFG development slightly easier since
- the bodies of these JIT stubs can now safely refer to things that are only
- declared when the DFG is enabled.
-
- * jit/JITStubs.cpp:
- * jit/JITStubs.h:
-
-2011-10-19 Filip Pizlo <fpizlo@apple.com>
-
- DFG ConvertThis emits slow code when the source node is known to be,
- but not predicted to be, a final object
- https://bugs.webkit.org/show_bug.cgi?id=70466
-
- Reviewed by Oliver Hunt.
-
- Added a new case in ConvertThis compilation.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-19 Filip Pizlo <fpizlo@apple.com>
-
- Optimization triggers in the old JIT may sometimes fire repeatedly even
- though there is no optimization to be done
- https://bugs.webkit.org/show_bug.cgi?id=70467
-
- Reviewed by Oliver Hunt.
-
- If optimize_from_ret does nothing, it delays the next optimization trigger.
- This is performance-neutral.
-
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Heuristics.cpp:
- (JSC::Heuristics::initializeHeuristics):
-
-2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
- https://bugs.webkit.org/show_bug.cgi?id=70460
-
- Reviewed by Filip Pizlo.
-
- As pointed out by Gavin in bug #70418, when a value is already in memory
- we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
- This gives 9% improvement on Kraken if without the change in bug #70418,
- and 1% if based on the code with bug #70418 change.
- Performance is neutral in V8 and SunSpider.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-10-19 Gavin Barraclough <barraclough@apple.com>
-
- Poisoning of strict caller,arguments inappropriately poisoning "in"
- https://bugs.webkit.org/show_bug.cgi?id=63398
-
- Reviewed by Oliver Hunt.
-
- This fixes the problem by correctly implementing the spec -
- the error should actually be being thrown from a standard JS getter/setter.
- This implements spec correct behaviour for strict mode JS functions & bound
- functions, I'll follow up with a patch to do the same for arguments.
-
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::finishCreation):
- - Add the poisoned caller/arguments properties.
- * runtime/JSBoundFunction.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::finishCreation):
- (JSC::JSFunction::getOwnPropertySlot):
- (JSC::JSFunction::getOwnPropertyDescriptor):
- (JSC::JSFunction::put):
- - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::createThrowTypeError):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
- - Add a ThrowTypeError type, per ES5 13.2.3.
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncThrowTypeError):
- * runtime/JSGlobalObjectFunctions.h:
- - Implementation of ThrowTypeError.
- * runtime/JSObject.cpp:
- (JSC::JSObject::initializeGetterSetterProperty):
- * runtime/JSObject.h:
- - This function adds a new property (must not exist already) that is an initialized getter/setter.
-
-2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT 32_64 - improve double boxing/unboxing
- https://bugs.webkit.org/show_bug.cgi?id=70418
-
- Reviewed by Gavin Barraclough.
-
- Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
- which tries to exchange data through memory.
- On X86 some SSE instructions can help us on such operations with better performance.
- This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
- and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::lshiftPacked):
- (JSC::MacroAssemblerX86Common::rshiftPacked):
- (JSC::MacroAssemblerX86Common::orPacked):
- (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
- (JSC::MacroAssemblerX86Common::movePackedToInt32):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movd_rr):
- (JSC::X86Assembler::psllq_i8r):
- (JSC::X86Assembler::psrlq_i8r):
- (JSC::X86Assembler::por_rr):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::boxDouble):
- (JSC::DFG::JITCodeGenerator::unboxDouble):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::boxDouble):
- (JSC::DFG::JITCompiler::unboxDouble):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::convertToDouble):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-19 Gyuyoung Kim <gyuyoung.kim@samsung.com>
-
- [EFL] Fix DSO linkage of wtf_efl.
-
- Unreviewed build fix.
-
- Need to add -ldl to jsc_efl (requested by dladdr).
-
- * wtf/CMakeListsEfl.txt:
-
-2011-10-19 Geoffrey Garen <ggaren@apple.com>
-
- Removed StringImplBase, fusing it into StringImpl
- https://bugs.webkit.org/show_bug.cgi?id=70443
-
- Reviewed by Gavin Barraclough.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.order:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::StringImpl):
- (WTF::StringImpl::ref):
- (WTF::StringImpl::length):
- * wtf/text/StringImplBase.h: Removed.
- * wtf/wtf.pri: Removed!
-
-2011-10-19 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add getConstructData to the MethodTable
- https://bugs.webkit.org/show_bug.cgi?id=70163
-
- Reviewed by Geoffrey Garen.
-
- Adding getConstructData to the MethodTable in order to be able to
- remove all calls to getConstructDataVirtual soon. Part of the process
- of de-virtualizing JSCell.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/ClassInfo.h:
-
-2011-10-18 Oliver Hunt <oliver@apple.com>
-
- Support CanvasPixelArray in the DFG
- https://bugs.webkit.org/show_bug.cgi?id=70384
-
- Reviewed by Filip Pizlo.
-
- Add support for the old CanvasPixelArray optimisations to the
- DFG. This removes the regression seen in the DFG when using
- a CPA.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::store8):
- (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movb_rm):
- (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- (JSC::predictionFromClassInfo):
- * bytecode/PredictedType.h:
- (JSC::isByteArrayPrediction):
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::initialize):
- (JSC::DFG::AbstractState::execute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateByteArray):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::compileClampDoubleToByte):
- (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::offsetOfStorage):
- * wtf/ByteArray.cpp:
- * wtf/ByteArray.h:
- (WTF::ByteArray::offsetOfSize):
- (WTF::ByteArray::offsetOfData):
-
-2011-10-18 Geoffrey Garen <ggaren@apple.com>
-
- Some rope cleanup following r97827
- https://bugs.webkit.org/show_bug.cgi?id=70398
-
- Reviewed by Oliver Hunt.
-
- 9% speedup on date-format-xparb, neutral overall.
-
- - Removed RopeImpl*.
- - Removed JSString::m_fiberCount, since this can be deduced from other data.
- - Renamed a jsString() variant to jsStringFromArguments for clarity.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.order:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitLoadCharacterString):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::loadJSStringArgument):
- * jit/ThunkGenerators.cpp:
- (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
- of testing m_fiberCount, since m_fiberCount is gone now.
-
- * runtime/JSString.cpp:
- (JSC::JSString::RopeBuilder::expand):
- (JSC::JSString::visitChildren):
- (JSC::JSString::resolveRope):
- (JSC::JSString::resolveRopeSlowCase):
- (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
- in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
-
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::finishCreation):
- (JSC::RopeBuilder::offsetOfLength):
- (JSC::RopeBuilder::isRope):
- (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
- jsString => jsStringFromArguments for clarity.
-
- * runtime/Operations.h:
- (JSC::jsStringFromArguments): Renamed.
-
- * runtime/RopeImpl.cpp: Removed.
- * runtime/RopeImpl.h: Removed.
-
- * runtime/SmallStrings.cpp:
- (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
- which is slightly faster.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncConcat): Updated for rename.
-
- * wtf/text/StringImplBase.h:
- (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
- StringImpl, since this was only used by RopeImpl, which is now gone.
-
-2011-10-19 Rafael Antognolli <antognolli@profusion.mobi>
-
- [EFL] Fix DSO linkage of jsc_efl.
- https://bugs.webkit.org/show_bug.cgi?id=70412
-
- Unreviewed build fix.
-
- Need to add -ldl to jsc_efl (requested by dladdr).
-
- * shell/CMakeListsEfl.txt:
-
-2011-10-18 Geoffrey Garen <ggaren@apple.com>
-
- Rolled out last Windows build fix because it was wrong.
-
-2011-10-18 Geoffrey Garen <ggaren@apple.com>
-
- Rolled out last Windows build fix because it was wrong.
-
-2011-10-18 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix part of the Windows build.
-
- Export!
-
-2011-10-18 Geoffrey Garen <ggaren@apple.com>
-
- Switched ropes from malloc memory to GC memory
- https://bugs.webkit.org/show_bug.cgi?id=70364
-
- Reviewed by Gavin Barraclough.
-
- ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
- having C++ destructors.
-
- * heap/MarkStack.cpp:
- (JSC::visitChildren): Call the JSString visitChildren function now,
- since it's no longer a no-op.
-
- * runtime/JSString.cpp:
- (JSC::JSString::~JSString): Moved this destructor out of line because
- it's called virtually, so there's no value to inlining.
-
- (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
- initializing wrapper around JSString. JSString now represents ropes
- directly, rather than relying on an underlying malloc object.
-
- (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
- objects now.
-
- (JSC::JSString::resolveRope):
- (JSC::JSString::resolveRopeSlowCase):
- (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
- of malloc objects.
-
- (JSC::JSString::replaceCharacter): Removed optimizations for substringing
- ropes and replacing subsections of ropes. We want to reimplement versions
- of these optimizations in the future, but this patch already has good
- performance without them.
-
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::finishCreation):
- (JSC::RopeBuilder::createNull):
- (JSC::RopeBuilder::create):
- (JSC::RopeBuilder::createHasOtherOwner):
- (JSC::jsSingleCharacterString):
- (JSC::jsSingleCharacterSubstring):
- (JSC::jsNontrivialString):
- (JSC::jsString):
- (JSC::jsSubstring):
- (JSC::jsOwnedString): Lots of mechanical changes here. The two important
- things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
- malloc objects; (2) I simplified the JSString constructor interface to
- only accept PassRefPtr<StringImpl>, instead of variations on that like
- UString, reducing refcount churn.
-
- * runtime/JSValue.h:
- * runtime/JSValue.cpp:
- (JSC::JSValue::toPrimitiveString): Updated this function to return a
- JSString instead of a UString, since that's what clients want now.
-
- * runtime/Operations.cpp:
- (JSC::jsAddSlowCase):
- * runtime/Operations.h:
- (JSC::jsString):
- * runtime/SmallStrings.cpp:
- (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
-
- * runtime/StringConstructor.cpp:
- (JSC::constructWithStringConstructor):
- * runtime/StringObject.h:
- (JSC::StringObject::create): Don't create a new JSString if we already
- have a JSString.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncConcat): Updated for interface changes above.
-
-2011-10-18 Gavin Barraclough <barraclough@apple.com>
-
- Errrk, fix partial commit of r97825!
-
- * runtime/DatePrototype.cpp:
- (JSC::dateProtoFuncToISOString):
-
-2011-10-18 Gavin Barraclough <barraclough@apple.com>
-
- Date.prototype.toISOString fails to throw exception
- https://bugs.webkit.org/show_bug.cgi?id=70394
-
- Reviewed by Sam Weinig.
-
- * runtime/DatePrototype.cpp:
- (JSC::dateProtoFuncToISOString):
- - Should throw a range error if the internal value is not finite.
-
-2011-10-18 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename static put to putByIndex
- https://bugs.webkit.org/show_bug.cgi?id=70281
-
- Reviewed by Geoffrey Garen.
-
- Renaming versions of deleteProperty that use an unsigned as the property
- name to "deletePropertyByIndex" in preparation for adding them to the
- MethodTable, which requires unique names for each method.
-
- * dfg/DFGOperations.cpp:
- (JSC::DFG::putByVal):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Arguments.cpp:
- (JSC::Arguments::putVirtual):
- (JSC::Arguments::putByIndex):
- * runtime/Arguments.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncMap):
- * runtime/JSArray.cpp:
- (JSC::JSArray::put):
- (JSC::JSArray::putVirtual):
- (JSC::JSArray::putByIndex):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::putVirtual):
- (JSC::JSByteArray::putByIndex):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::putVirtual):
- (JSC::JSCell::putByIndex):
- * runtime/JSCell.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::putVirtual):
- (JSC::JSNotAnObject::putByIndex):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::putVirtual):
- (JSC::JSObject::putByIndex):
- * runtime/JSObject.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpMatchesArray::fillArrayInstance):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::putVirtual):
- (JSC::RegExpMatchesArray::putByIndex):
-
-2011-10-18 Gavin Barraclough <barraclough@apple.com>
-
- Array.prototype methods missing exception checks
- https://bugs.webkit.org/show_bug.cgi?id=70360
-
- Reviewed by Geoff Garen.
-
- Missing exception checks after calls to the static getProperty helper,
- these may result in the wrong exception being thrown (or an ASSERT being hit,
- as is currently the case running test-262).
-
- No performance impact.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncConcat):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- (JSC::arrayProtoFuncIndexOf):
- (JSC::arrayProtoFuncLastIndexOf):
-
-2011-10-18 Adam Barth <abarth@webkit.org>
-
- Always enable ENABLE(XPATH)
- https://bugs.webkit.org/show_bug.cgi?id=70217
-
- Reviewed by Eric Seidel.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-10-18 Gavin Barraclough <barraclough@apple.com>
-
- Indexed arguments on the Arguments object should be enumerable.
- https://bugs.webkit.org/show_bug.cgi?id=70302
-
- Reviewed by Sam Weinig.
-
- See ECMA-262 5.1 chapter 10.6 step 11b.
- This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
-
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertyDescriptor):
- - The 'enumerable' property should be true for indexed arguments.
- (JSC::Arguments::getOwnPropertyNames):
- - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
-
-2011-10-18 Gustavo Noronha Silva <gns@gnome.org>
-
- Fix distcheck.
-
- * GNUmakefile.list.am: fix a typo and add a missing header to the
- list.
-
-2011-10-18 Balazs Kelemen <kbalazs@webkit.org>
-
- ParallelJobs: maximum number of threads should be determined dynamically
- https://bugs.webkit.org/show_bug.cgi?id=68540
-
- Reviewed by Zoltan Herczeg.
-
- Add logic to determine the number of cores and use this as
- the maximum number of threads. The implementation currently
- covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
- The patch was tested on Linux, Mac and Windows which was enough to
- cover all code path. It should work on the rest accoring to the
- documentation of those OS's. The hard coded constant is still used
- on uncovered OS's which should be fixed in the future.
-
- * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
- argument because clients should always fill it and the 0 default value
- was incorrect anyway.
- (WTF::ParallelJobs::ParallelJobs):
- * wtf/ParallelJobsGeneric.cpp:
- (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
- * wtf/ParallelJobsGeneric.h:
- (WTF::ParallelEnvironment::ParallelEnvironment):
-
-2011-10-17 Gavin Barraclough <barraclough@apple.com>
-
- Reverted r997709, this caused test failures.
-
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSObject.cpp:
- (JSC::JSObject::hasProperty):
- (JSC::JSObject::hasOwnProperty):
-
-2011-10-17 Ryosuke Niwa <rniwa@webkit.org>
-
- Rename deregister* to unregister*
- https://bugs.webkit.org/show_bug.cgi?id=70272
-
- Reviewed by Darin Adler.
-
- Renamed deregisterWeakMap to unregisterWeakMap.
-
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::unregisterWeakMap):
-
-2011-10-17 Gavin Barraclough <barraclough@apple.com>
-
- Poisoning of strict caller/arguments inappropriately poisoning "in"
- https://bugs.webkit.org/show_bug.cgi?id=63398
-
- Reviewed by Sam Weinig.
-
- The problem here is that the has[Own]Property methods get the slot rather than
- the descriptor, and getting the slot may cause the property to be eagerly accessed.
-
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- - We don't expect hasProperty to ever throw. If it does, it won't get caught
- (since it is after the exception check), so ASSERT to guard against this.
- * runtime/JSObject.cpp:
- (JSC::JSObject::hasProperty):
- (JSC::JSObject::hasOwnProperty):
- - These methods should not check for the presence of the descriptor; never get the value.
-
-2011-10-17 Gavin Barraclough <barraclough@apple.com>
-
- Exception ordering in String.prototype.replace
- https://bugs.webkit.org/show_bug.cgi?id=70290
-
- If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
-
- Reviewed by Oliver Hunt.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncReplace):
-
-2011-10-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG bytecode parser should understand inline stacks
- https://bugs.webkit.org/show_bug.cgi?id=70278
-
- Reviewed by Oliver Hunt.
-
- The DFG bytecode parser is now capable of parsing multiple code blocks at
- once. This remains turned off since not all inlining functionality is
- implemented.
-
- This required making a few changes elsewhere in the system. The bytecode
- parser now may do some of the same things that the bytecode generator does,
- like allocating constants and identifiers. Basic block linking relies on
- bytecode indices, which are only meaningful within the context of one basic
- block. This is fine, so long as linking is done eagerly whenever switching
- from one code block to another.
-
- * bytecode/CodeOrigin.h:
- (JSC::CodeOrigin::CodeOrigin):
- * bytecompiler/BytecodeGenerator.h:
- * dfg/DFGBasicBlock.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::get):
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::getThis):
- (JSC::DFG::ByteCodeParser::setThis):
- (JSC::DFG::ByteCodeParser::currentCodeOrigin):
- (JSC::DFG::ByteCodeParser::getPrediction):
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::linkBlock):
- (JSC::DFG::ByteCodeParser::linkBlocks):
- (JSC::DFG::ByteCodeParser::setupPredecessors):
- (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- (JSC::DFG::ByteCodeParser::parseCodeBlock):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.h:
- (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
- (JSC::DFG::GetBytecodeBeginForBlock::operator()):
- (JSC::DFG::Graph::blockIndexForBytecodeOffset):
- * dfg/DFGNode.h:
- * runtime/Identifier.h:
- (JSC::IdentifierMapIndexHashTraits::emptyValue):
- * runtime/JSValue.h:
- * wtf/StdLibExtras.h:
- (WTF::binarySearchWithFunctor):
-
-2011-10-17 Gavin Barraclough <barraclough@apple.com>
-
- Incorrect behavior from String match/search & undefined pattern
- https://bugs.webkit.org/show_bug.cgi?id=70286
-
- Reviewed by Sam weinig.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
- - In case of undefined, pattern is "".
- (JSC::stringProtoFuncSearch):
- - In case of undefined, pattern is "".
-
-2011-10-17 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=70207
- After deleting __defineSetter__, it is absent but appears in name list
-
- Reviewed by Darin Adler.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::getOwnPropertyNames):
- - This should check whether static functions have been reified.
-
-2011-10-17 Geoffrey Garen <ggaren@apple.com>
-
- Mac build fix.
-
- * JavaScriptCore.exp: Export!
-
-2011-10-17 Geoffrey Garen <ggaren@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
-
-2011-10-17 Geoffrey Garen <ggaren@apple.com>
-
- Windows build fix.
-
- * heap/HandleStack.cpp: Added a missing #include.
-
-2011-10-17 Geoffrey Garen <ggaren@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
- longer existant symbol.
-
- * heap/MarkStack.cpp:
- (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
-
-2011-10-17 Geoffrey Garen <ggaren@apple.com>
-
- Simplified GC marking logic
- https://bugs.webkit.org/show_bug.cgi?id=70258
-
- Reviewed by Filip Pizlo.
-
- No perf. change.
-
- This is a first step toward GC allocating string backing stores, starting
- with ropes. It also enables future simplifications and optimizations.
-
- - Replaced some complex mark stack logic with a simple linear stack of
- JSCell pointers.
-
- - Replaced logic for short-circuiting marking based on JSType and/or
- Structure flags with special cases for object, array, and string.
-
- - Fiddled with inlining for better codegen.
-
- * JavaScriptCore.exp:
- * heap/HandleStack.cpp: Build!
-
- * heap/Heap.cpp:
- (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
-
- * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
-
- * heap/MarkStack.cpp:
- (JSC::MarkStackArray::MarkStackArray):
- (JSC::MarkStackArray::~MarkStackArray):
- (JSC::MarkStackArray::expand):
- (JSC::MarkStackArray::shrinkAllocation):
- (JSC::MarkStack::reset):
- (JSC::visitChildren):
- (JSC::SlotVisitor::drain):
- * heap/MarkStack.h:
- (JSC::MarkStack::MarkStack):
- (JSC::MarkStack::~MarkStack):
- (JSC::MarkStackArray::append):
- (JSC::MarkStackArray::removeLast):
- (JSC::MarkStackArray::isEmpty):
- (JSC::MarkStack::append):
- (JSC::MarkStack::appendUnbarrieredPointer):
- (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
- simple linear stack.
-
- * heap/SlotVisitor.h:
- (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildren):
- * runtime/JSArray.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren):
- * runtime/JSObject.h: Don't inline visitChildren; it's too big.
-
- * runtime/Structure.h:
- (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
- because it prevented strings from owning GC pointers.
-
- * runtime/WriteBarrier.h:
- (JSC::MarkStack::appendValues): No need to validate; internalAppend will
- do that for us.
-
-2011-10-17 Adam Roben <aroben@apple.com>
-
- Windows build fix after r97536, part 3
-
- * runtime/JSAPIValueWrapper.h:
- * runtime/JSObject.h:
- Use JS_EXPORTDATA to export the s_info members.
-
-2011-10-17 Adam Roben <aroben@apple.com>
-
- Interpreter build fix after r97564
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
- there.
-
-2011-10-17 Adam Roben <aroben@apple.com>
-
- Windows build fix after r97536, part 2
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
- JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
- was at it.
-
-2011-10-17 Adam Roben <aroben@apple.com>
-
- Windows build fix after r97536
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
- JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
- s_info members, which need to be exported via JS_EXPORTDATA instead.
-
-2011-10-17 Patrick Gansterer <paroga@webkit.org>
-
- Interpreter build fix after r97436, r97506, r97532 and r97537.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
-
-2011-10-16 Adam Barth <abarth@webkit.org>
-
- Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
- https://bugs.webkit.org/show_bug.cgi?id=70216
-
- Reviewed by Eric Seidel.
-
- * wtf/Platform.h:
-
-2011-10-16 Noel Gordon <noel.gordon@gmail.com>
-
- [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
- https://bugs.webkit.org/show_bug.cgi?id=70205
-
- Reviewed by James Robinson.
-
- wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
- wtf/gtk/ThreadingGtk.cpp was removed in r97269.
-
- * JavaScriptCore.gypi:
-
-2011-10-16 Adam Barth <abarth@webkit.org>
-
- Always enable ENABLE(DOM_STORAGE)
- https://bugs.webkit.org/show_bug.cgi?id=70189
-
- Reviewed by Eric Seidel.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-10-15 Dan Horák <dan@danny.cz>
-
- The s390 and s390x architectures both use 64-bit double type
- that conforms to the IEEE-754 standard.
-
- https://bugs.webkit.org/show_bug.cgi?id=69940
-
- Reviewed by Gavin Barraclough.
-
- * wtf/dtoa/utils.h:
-
-2011-10-14 Filip Pizlo <fpizlo@apple.com>
-
- FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
- https://bugs.webkit.org/show_bug.cgi?id=70157
-
- Reviewed by Geoff Garen.
-
- Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
- and compileForConstructInternal() to use this method. This required more cleanly
- exposing some of CodeBlock's tiering functionality and moving the CompilationKind
- enum to Executable.h, as this was the easiest way to make it available to the
- declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::copyDataFrom):
- (JSC::CodeBlock::copyDataFromAlternative):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::setAlternative):
- * bytecompiler/BytecodeGenerator.h:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::produceCodeBlockFor):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::codeBlockFor):
-
-2011-10-15 Laszlo Gombos <laszlo.1.gombos@nokia.com>
-
- [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
- https://bugs.webkit.org/show_bug.cgi?id=69920
-
- Reviewed by Kenneth Rohde Christiansen.
-
- * JavaScriptCore.pri:
- * JavaScriptCore.pro:
- * heap/MarkStack.h:
- (JSC::::shrinkAllocation):
- * jit/ExecutableAllocator.cpp:
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::cacheFlush):
- * jit/JITStubs.cpp:
- * jsc.pro:
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- * runtime/DatePrototype.cpp:
- (JSC::formatLocaleDate):
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncLastIndexOf):
- * runtime/TimeoutChecker.cpp:
- (JSC::getCPUTime):
- * wtf/Assertions.cpp:
- * wtf/Assertions.h:
- * wtf/Atomics.h:
- * wtf/MathExtras.h:
- * wtf/OSAllocator.h:
- (WTF::OSAllocator::decommitAndRelease):
- * wtf/OSAllocatorSymbian.cpp: Removed.
- * wtf/OSRandomSource.cpp:
- (WTF::cryptographicallyRandomValuesFromOS):
- * wtf/PageAllocation.h:
- * wtf/PageAllocatorSymbian.h: Removed.
- * wtf/PageBlock.cpp:
- * wtf/Platform.h:
- * wtf/StackBounds.cpp:
- * wtf/wtf.pri:
-
-2011-10-15 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Trivial fix for a missing change in r97512
- https://bugs.webkit.org/show_bug.cgi?id=70166
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::link):
-
-2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename getOwnPropertySlot to getOwnPropertySlotVirtual
- https://bugs.webkit.org/show_bug.cgi?id=69810
-
- Reviewed by Geoffrey Garen.
-
- Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
- in preparation for when we add the static getOwnPropertySlot to the MethodTable
- in ClassInfo.
-
- Also added a few static getOwnPropertySlot functions where they had been overlooked
- before (especially in CodeGeneratorJS.pm).
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getOwnPropertySlotVirtual):
- (JSC::::getOwnPropertySlot):
- (JSC::::getOwnPropertyDescriptor):
- (JSC::::staticFunctionGetter):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::getOwnPropertySlotVirtual):
- (JSC::DebuggerActivation::getOwnPropertySlot):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertySlotVirtual):
- (JSC::Arguments::getOwnPropertySlot):
- * runtime/Arguments.h:
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::getOwnPropertySlotVirtual):
- (JSC::ArrayConstructor::getOwnPropertySlot):
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertySlotVirtual):
- * runtime/ArrayPrototype.h:
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::getOwnPropertySlotVirtual):
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getOwnPropertySlotVirtual):
- * runtime/DateConstructor.h:
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::getOwnPropertySlotVirtual):
- * runtime/DatePrototype.h:
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::getOwnPropertySlotVirtual):
- * runtime/ErrorPrototype.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::getOwnPropertySlotVirtual):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertySlotVirtual):
- (JSC::JSArray::getOwnPropertySlot):
- * runtime/JSArray.h:
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::getOwnPropertySlotVirtual):
- * runtime/JSBoundFunction.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::getOwnPropertySlotVirtual):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getOwnPropertySlotVirtual):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertySlotVirtual):
- (JSC::JSFunction::getOwnPropertyDescriptor):
- (JSC::JSFunction::getOwnPropertyNames):
- (JSC::JSFunction::put):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::getOwnPropertySlotVirtual):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::hasOwnPropertyForWrite):
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Holder::appendNextProperty):
- (JSC::JSONObject::getOwnPropertySlotVirtual):
- (JSC::Walker::walk):
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::getOwnPropertySlotVirtual):
- (JSC::JSObject::getOwnPropertySlot):
- (JSC::JSObject::hasOwnProperty):
- * runtime/JSObject.h:
- (JSC::JSObject::getOwnPropertySlotVirtual):
- (JSC::JSCell::fastGetOwnPropertySlot):
- (JSC::JSObject::getPropertySlot):
- (JSC::JSValue::get):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
- * runtime/JSStaticScopeObject.h:
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlotVirtual):
- (JSC::JSString::getOwnPropertySlot):
- * runtime/JSString.h:
- * runtime/Lookup.h:
- (JSC::getStaticPropertySlot):
- (JSC::getStaticFunctionSlot):
- (JSC::getStaticValueSlot):
- * runtime/MathObject.cpp:
- (JSC::MathObject::getOwnPropertySlotVirtual):
- * runtime/MathObject.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getOwnPropertySlotVirtual):
- * runtime/NumberConstructor.h:
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::getOwnPropertySlotVirtual):
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getOwnPropertySlotVirtual):
- * runtime/ObjectConstructor.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
- * runtime/ObjectPrototype.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getOwnPropertySlotVirtual):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::getOwnPropertySlotVirtual):
- * runtime/RegExpObject.h:
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::getOwnPropertySlotVirtual):
- * runtime/RegExpPrototype.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getOwnPropertySlotVirtual):
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::getOwnPropertySlotVirtual):
- * runtime/StringObject.h:
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::getOwnPropertySlotVirtual):
- * runtime/StringPrototype.h:
-
-2011-10-14 Gavin Barraclough <baraclough@apple.com>
-
- Most built-in properties are not deletable
- https://bugs.webkit.org/show_bug.cgi?id=61014
-
- Reviewed by Filip Pizlo.
-
- Our static hash tables don't allow for deleting properties.
- This is the cause of a bunch of expected failures in LayoutTests/sputnik.
-
- This fixes the problem by reifying all static functions immediately prior
- to the first deletion. Reification is tracked by a flag on the structure,
- so properties will no longer 'bounce-back' on later access.
-
- Theoretically there could probably also be an issue with custom accessor
- properties, but we probably do not really require any of these to be
- Configurable anyway. I'll follow up with a separate patch to address this.
-
- * runtime/ClassInfo.h:
- (JSC::ClassInfo::hasStaticProperties):
- - detects static property tables.
- * runtime/JSObject.cpp:
- (JSC::JSObject::deleteProperty):
- - call reifyStaticFunctions before deletion.
- (JSC::JSObject::reifyStaticFunctions):
- - If the class has static functions, set them up now.
- * runtime/JSObject.h:
- (JSC::JSObject::staticFunctionsReified):
- - returns true if static functions have been reified,
- and as such should no longer be added.
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- - If static functions have been reified do not add.
- * runtime/Lookup.h:
- (JSC::HashTable::ConstIterator::ConstIterator):
- (JSC::HashTable::ConstIterator::operator->):
- (JSC::HashTable::ConstIterator::operator*):
- (JSC::HashTable::ConstIterator::operator!=):
- (JSC::HashTable::ConstIterator::operator++):
- (JSC::HashTable::ConstIterator::skipInvalidKeys):
- (JSC::HashTable::begin):
- (JSC::HashTable::end):
- (JSC::getStaticPropertySlot):
- (JSC::getStaticPropertyDescriptor):
- (JSC::getStaticFunctionSlot):
- (JSC::getStaticFunctionDescriptor):
- - setUpStaticFunctionSlot may not add, returns a bool.
- (JSC::lookupPut):
- - remove redundant branch.
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- - initialize new flag in constructors.
- * runtime/Structure.h:
- (JSC::Structure::staticFunctionsReified):
- (JSC::Structure::setStaticFunctionsReified):
- - added flag
-
-2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename virtual put to putVirtual
- https://bugs.webkit.org/show_bug.cgi?id=69851
-
- Reviewed by Darin Adler.
-
- Renamed virtual versions of put to putVirtual in prepration for
- adding the static put to the MethodTable in ClassInfo since the
- compiler gets mad if the virtual and static versions have the same
- name.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::putVirtual):
- * API/JSObjectRef.cpp:
- (JSObjectSetProperty):
- (JSObjectSetPropertyAtIndex):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::putVirtual):
- (JSC::DebuggerActivation::put):
- * debugger/DebuggerActivation.h:
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGOperations.cpp:
- (JSC::DFG::putByVal):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- * runtime/Arguments.cpp:
- (JSC::Arguments::putVirtual):
- * runtime/Arguments.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::putProperty):
- (JSC::arrayProtoFuncConcat):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::putVirtual):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::putVirtual):
- (JSC::JSArray::putSlowCase):
- (JSC::JSArray::push):
- (JSC::JSArray::shiftCount):
- (JSC::JSArray::unshiftCount):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::putVirtual):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::putVirtual):
- (JSC::JSCell::put):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::putVirtual):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::putVirtual):
- (JSC::JSGlobalObject::putWithAttributes):
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::putVirtual):
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Walker::walk):
- * runtime/JSObject.cpp:
- (JSC::JSObject::putVirtual):
- (JSC::JSObject::put):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- (JSC::JSValue::put):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::putVirtual):
- * runtime/JSStaticScopeObject.h:
- * runtime/Lookup.h:
- (JSC::lookupPut):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::putVirtual):
- * runtime/ObjectPrototype.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpMatchesArray::fillArrayInstance):
- (JSC::RegExpConstructor::putVirtual):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::putVirtual):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::putVirtual):
- * runtime/RegExpObject.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::putVirtual):
- * runtime/StringObject.h:
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncSplit):
-
-2011-10-13 Filip Pizlo <fpizlo@apple.com>
-
- Reflective Arguments retrieval should be hardened for the
- possibility of inlining
- https://bugs.webkit.org/show_bug.cgi?id=70068
-
- Reviewed by Oliver Hunt.
-
- CodeBlock can now track, as part of its RareData, the virtual inline
- stack at callsites. CallFrame walking can now rematerialize "inline"
- CallFrames by combining the meta-data in CodeBlock with the information
- already in the JS stack. Arguments can now safely retrieve the
- arguments from inline CallFrames.
-
- The DFG already had the notion of a "CodeOrigin" in preparation for
- inlining. This notion will now be saved into the CodeBlock, if the DFG
- had done inlining. So, CodeOrigin has been moved to bytecode/ and has
- been changed to behave more like a struct since that is how it's
- meant to be used.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::inlineCallFrames):
- (JSC::CodeBlock::codeOrigins):
- (JSC::CodeBlock::hasCodeOrigins):
- (JSC::CodeBlock::codeOriginForReturn):
- * bytecode/CodeOrigin.h: Added.
- (JSC::CodeOrigin::CodeOrigin):
- (JSC::CodeOrigin::isSet):
- (JSC::getCallReturnOffsetForCodeOrigin):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGNode.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* interpreter/CallFrame.cpp:
- (JSC::CallFrame::isInlineCallFrame):
- (JSC::CallFrame::trueCallerFrame):
+ (JSC):
+ (JSC::CallFrame::someCodeBlockForPossiblyInlinedCode):
* interpreter/CallFrame.h:
- (JSC::ExecState::inlineCallFrame):
- (JSC::ExecState::setInlineCallFrame):
- (JSC::ExecState::isInlineCallFrame):
- (JSC::ExecState::trueCallerFrame):
+ (ExecState):
+ (JSC::ExecState::someCodeBlockForPossiblyInlinedCode):
* interpreter/Interpreter.cpp:
- (JSC::Interpreter::findFunctionCallFrame):
- * interpreter/Register.h:
- (JSC::Register::operator=):
- (JSC::Register::inlineCallFrame):
- * runtime/Arguments.h:
- (JSC::Arguments::getArgumentsData):
- (JSC::Arguments::finishCreationButDontCopyRegisters):
- (JSC::Arguments::finishCreation):
- (JSC::Arguments::finishCreationAndCopyRegisters):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::parameterCount):
-
-2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename virtual deleteProperty to deletePropertyVirtual
- https://bugs.webkit.org/show_bug.cgi?id=69884
-
- Reviewed by Darin Adler.
-
- Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for
- adding the static deleteProperty to the MethodTable in ClassInfo since the
- compiler gets mad if the virtual and static versions have the same name.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::deletePropertyVirtual):
- (JSC::::deleteProperty):
- * API/JSObjectRef.cpp:
- (JSObjectDeleteProperty):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::deletePropertyVirtual):
- (JSC::DebuggerActivation::deleteProperty):
- * debugger/DebuggerActivation.h:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::Interpreter::retrieveArgumentsFromVMCode):
* runtime/Arguments.cpp:
- (JSC::Arguments::deletePropertyVirtual):
- * runtime/Arguments.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncPop):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::deletePropertyVirtual):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::deletePropertyVirtual):
- (JSC::JSArray::deleteProperty):
- * runtime/JSArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::deletePropertyVirtual):
- (JSC::JSCell::deleteProperty):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::deletePropertyVirtual):
- * runtime/JSFunction.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::deletePropertyVirtual):
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Walker::walk):
- * runtime/JSObject.cpp:
- (JSC::JSObject::deletePropertyVirtual):
- (JSC::JSObject::deleteProperty):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::deletePropertyVirtual):
- * runtime/JSVariableObject.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::deletePropertyVirtual):
- * runtime/StrictEvalActivation.cpp:
- (JSC::StrictEvalActivation::deletePropertyVirtual):
- * runtime/StrictEvalActivation.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::deletePropertyVirtual):
- * runtime/StringObject.h:
-
-2011-10-14 Peter Beverloo <peter@chromium.org>
-
- [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo
- https://bugs.webkit.org/show_bug.cgi?id=70028
-
- Reviewed by Adam Barth.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-10-14 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT 32_64 - Performance fix for ResolveGlobal
- https://bugs.webkit.org/show_bug.cgi?id=70096
-
- Reviewed by Gavin Barraclough.
-
- Structure check of global object should be a pointer comparison
- instead of a tag and payload pair comparison. This fix improves
- SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X.
- Also two trivial fixes for successful 32-bit build are included.
-
- * dfg/DFGSpeculativeJIT.cpp:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-13 Filip Pizlo <fpizlo@apple.com>
-
- Speculation failures in ValueToInt32 are causing a 2x slow-down
- in Kraken/stanford-crypto-pbkdf2
- https://bugs.webkit.org/show_bug.cgi?id=70089
-
- Reviewed by Gavin Barraclough.
-
- If we can't truncate to Int32 using machine code, then don't fail
- speculation. Just call JSC::toInt32.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileValueToInt32):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Rename virtual getConstructData to getConstructDataVirtual
- https://bugs.webkit.org/show_bug.cgi?id=69872
-
- Reviewed by Geoffrey Garen.
-
- Renamed virtual getConstructData functions to getConstructDataVirtual to
- avoid conflicts when we add static getConstructData to the MethodTable.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::getConstructDataVirtual):
- * API/JSCallbackConstructor.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getConstructDataVirtual):
- * API/JSObjectRef.cpp:
- (JSObjectIsConstructor):
- (JSObjectCallAsConstructor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::getConstructDataVirtual):
- * runtime/ArrayConstructor.h:
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::getConstructDataVirtual):
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getConstructDataVirtual):
- * runtime/DateConstructor.h:
- * runtime/Error.h:
- (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::getConstructDataVirtual):
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::getConstructDataVirtual):
- * runtime/FunctionConstructor.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getConstructDataVirtual):
- * runtime/JSCell.h:
- (JSC::getConstructData):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getConstructDataVirtual):
- * runtime/JSFunction.h:
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::getConstructDataVirtual):
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getConstructDataVirtual):
- * runtime/NumberConstructor.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getConstructDataVirtual):
- * runtime/ObjectConstructor.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getConstructDataVirtual):
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getConstructDataVirtual):
- * runtime/StringConstructor.h:
-
-2011-10-13 Filip Pizlo <fpizlo@apple.com>
-
- Rubber stamped Stephanie Lewis.
-
- DFG_ENABLE() macro was always returning false.
-
- * dfg/DFGNode.h:
-
-2011-10-13 Gavin Barraclough <baraclough@apple.com>
-
- Speculative build fix for !DFG builds.
-
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
-
-2011-10-13 Oliver Hunt <oliver@apple.com>
-
- Fix performance of ValueToInt32 node when predicting double
- https://bugs.webkit.org/show_bug.cgi?id=70063
-
- Reviewed by Filip Pizlo.
-
- Currently we fail to inline double to int conversion when
- performing a ValueToInt32 operation on a value we predict
- to be a double.
-
- * dfg/DFGAbstractState.cpp:
- (JSC::DFG::AbstractState::execute):
- Apply correct filter for the double prediction path
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- Support double parameters even when value has been spilled.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileValueToInt32):
- Moved old valueToInt32 code to this function, and added
- path for double prediction
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- Made the two implementations of ValueToInt32 call a single
- shared compileValueToInt32 function.
-
-2011-10-13 Chris Marrin <cmarrin@apple.com>
-
- Sync requestAnimationFrame callback to CVDisplayLink on Mac
- https://bugs.webkit.org/show_bug.cgi?id=68911
-
- Reviewed by Simon Fraser.
-
- Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations
- that use the DisplayRefreshMonitor logic.
-
- * wtf/Platform.h:
-
-2011-10-13 Gavin Barraclough <baraclough@apple.com>
-
- DFG JIT should not be using ENABLE macro to enable features
- https://bugs.webkit.org/show_bug.cgi?id=70060
-
- Reviewed by Oliver Hunt.
-
- The ENABLE macro is only intended to be used to detect features that are configured
- in Platform.h. Using its to detect settings defined in other headers is an error.
-
- The problem is that the ENABLE macro checks if the value is defined, so will silently
- return false if you fail to include the header defining the switch. This is not a problem
- if (1) the settings are defined in the same header that defines the macro that tests them,
- or (2) the header is included everywhere. In the case of ENABLE settings defined in
- Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro.
-
- * bytecode/CodeBlock.cpp:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getPrediction):
- (JSC::DFG::ByteCodeParser::makeSafe):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGJITCodeGenerator.cpp:
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGNode.h:
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
- (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::propagatePredictionsForward):
- (JSC::DFG::Propagator::propagatePredictionsBackward):
- (JSC::DFG::Propagator::propagatePredictions):
- (JSC::DFG::Propagator::toDouble):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::fixup):
- (JSC::DFG::Propagator::startIndexForChildren):
- (JSC::DFG::Propagator::endIndexForPureCSE):
- (JSC::DFG::Propagator::setReplacement):
- (JSC::DFG::Propagator::eliminate):
- (JSC::DFG::Propagator::performNodeCSE):
- (JSC::DFG::Propagator::localCSE):
- (JSC::DFG::Propagator::allocateVirtualRegisters):
- (JSC::DFG::Propagator::performBlockCFA):
- (JSC::DFG::Propagator::performForwardCFA):
- (JSC::DFG::Propagator::globalCFA):
- * dfg/DFGScoreBoard.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
-
-2011-10-13 Gavin Barraclough <baraclough@apple.com>
-
- terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell
-
- Rubber stamped by Filip Pizlo
-
- This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualized JSCell::toNumber
- https://bugs.webkit.org/show_bug.cgi?id=69858
-
- Reviewed by Sam Weinig.
-
-
- Removed JSCallbackObject::toNumber because its no longer necessary since
- JSObject::toNumber now suffices since we implicitly add valueOf to an object's
- prototype whenever a convertToType callback is provided.
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
- De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber.
- * runtime/JSCell.cpp:
- (JSC::JSCell::toNumber):
- * runtime/JSCell.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
-
- Removed JSNotAnObject::toNumber because its result doesn't matter and it implements
- defaultValue, therefore JSObject::toNumber can cover its case.
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
-
-2011-10-13 Xianzhu Wang <wangxianzhu@chromium.org>
-
- Use realloc() to expand/shrink StringBuilder buffer
- https://bugs.webkit.org/show_bug.cgi?id=69913
-
- Reviewed by Darin Adler.
-
- * wtf/text/StringBuilder.cpp:
- (WTF::StringBuilder::reserveCapacity):
- (WTF::StringBuilder::reallocateBuffer):
- (WTF::StringBuilder::appendUninitialized):
- (WTF::StringBuilder::shrinkToFit):
- * wtf/text/StringBuilder.h:
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer.
- * wtf/text/StringImpl.h:
-
-2011-10-12 Filip Pizlo <fpizlo@apple.com>
-
- If an Arguments object is being used to copy the arguments, then
- make this explicit
- https://bugs.webkit.org/show_bug.cgi?id=69995
-
- Reviewed by Sam Weinig.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::retrieveArguments):
+ (JSC::Arguments::tearOff):
+ (JSC):
+ (JSC::Arguments::tearOffForInlineCallFrame):
* runtime/Arguments.h:
- (JSC::Arguments::createAndCopyRegisters):
- (JSC::Arguments::finishCreationButDontCopyRegisters):
+ (Arguments):
+ (JSC::Arguments::create):
(JSC::Arguments::finishCreation):
- (JSC::Arguments::finishCreationAndCopyRegisters):
-
-2011-10-12 Filip Pizlo <fpizlo@apple.com>
-
- DFG CFA does not filter structures aggressively enough.
- https://bugs.webkit.org/show_bug.cgi?id=69989
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGAbstractValue.h:
- (JSC::DFG::AbstractValue::clear):
- (JSC::DFG::AbstractValue::makeTop):
- (JSC::DFG::AbstractValue::clobberStructures):
- (JSC::DFG::AbstractValue::set):
- (JSC::DFG::AbstractValue::merge):
- (JSC::DFG::AbstractValue::filter):
- (JSC::DFG::AbstractValue::checkConsistency):
-
-2011-10-12 Adam Barth <abarth@webkit.org>
-
- Remove ENABLE(XHTMLMP) and associated code
- https://bugs.webkit.org/show_bug.cgi?id=69729
-
- Reviewed by David Levin.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-10-12 Gavin Barraclough <baraclough@apple.com>
-
- MacroAssemblerX86 8-bit register ops unsafe on CPU(X86)
- https://bugs.webkit.org/show_bug.cgi?id=69978
-
- Reviewed by Filip Pizlo.
-
- Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ).
-
- compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding
- a couple of xchg instructions.
-
- branchTest8 with a register argument is also affected. In all cases this is currently used
- this is testing a value that is correct to 32 or more bits, so we can simply switch these
- to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the
- 32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction).
-
- This fixes the remaining fast/js failures with the DFG JIT 32_64.
-
- * assembler/MacroAssemblerARMv7.h
- - removed branchTest8.
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::compare32):
- (JSC::MacroAssemblerX86Common::test8):
- (JSC::MacroAssemblerX86Common::test32):
- (JSC::MacroAssemblerX86Common::set32):
- - added set32 helper that is 'h' register safe.
- - removed branchTest8.
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- - switch uses of branchTest8 to branchTest32.
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- - switch uses of branchTest8 to branchTest32.
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitBranch):
- - switch uses of branchTest8 to branchTest32.
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitBranch):
- - switch uses of branchTest8 to branchTest32.
-
-2011-10-12 Gavin Barraclough <baraclough@apple.com>
-
- Errrk, revert accidental commit!
-
- * wtf/Platform.h:
-
-2011-10-12 Gavin Barraclough <baraclough@apple.com>
-
- Unreviewed, re-land changes from #69890, #69903.
-
- These were reverted due to bug #69897, but #69903 fixed this problem.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-12 Filip Pizlo <fpizlo@apple.com>
-
- ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly
- https://bugs.webkit.org/show_bug.cgi?id=69906
-
- Reviewed by Gavin Barraclough.
-
- It turns out that the simplest fix is to switch computeUpdatedPredictions()
- to using predictionFromValue() combined with mergePrediction(). Doing so
- allowed me to kill off weakBuckets and visitWeakReferences(). Hence this
- not only fixes a performance bug but kills off a lot of code that I never
- liked to begin with.
-
- This appears to be a 1% win on V8.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeBlock.h:
- * bytecode/PredictedType.cpp:
- (JSC::predictionFromValue):
- * bytecode/ValueProfile.cpp:
- (JSC::ValueProfile::computeStatistics):
- (JSC::ValueProfile::computeUpdatedPrediction):
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::classInfo):
- (JSC::ValueProfile::numberOfSamples):
- (JSC::ValueProfile::isLive):
- (JSC::ValueProfile::dump):
-
-2011-10-12 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSCell::toString
- https://bugs.webkit.org/show_bug.cgi?id=69677
-
- Reviewed by Sam Weinig.
-
- Removed toString from JSCallbackObject, since it is no
- longer necessary since we now implicitly add toString and valueOf
- functions to object prototypes when a convertToType callback
- is provided, which is now the standard way to override toString
- and valueOf in the JSC C API.
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
- Removed toString from InterruptedExecutionError and
- TerminatedExecutionError and replaced it with defaultValue,
- which JSObject::toString calls. We'll probably have to de-virtualize
- defaultValue eventually, but we'll cross that bridge when we
- come to it.
- * runtime/ExceptionHelpers.cpp:
- (JSC::InterruptedExecutionError::defaultValue):
- (JSC::TerminatedExecutionError::defaultValue):
- * runtime/ExceptionHelpers.h:
-
- Removed toString from JSNotAnObject, since its return value doesn't
- actually matter and JSObject::toString can cover it.
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
-
- De-virtualized JSCell::toString, JSObject::toString and JSString::toString.
- Added handling of all cases for JSCell to JSCell::toString.
- * runtime/JSObject.h:
- * runtime/JSString.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::toString):
- * runtime/JSCell.h:
-
-2011-10-12 Oliver Hunt <oliver@apple.com>
-
- Global stringStructure caches its prototype chain, abandoning a web page
- https://bugs.webkit.org/show_bug.cgi?id=69952
-
- Reviewed by Filip Pizlo.
-
- When visiting a structure, we don't keep the prototype chain
- alive if we're not the structure for an object type.
-
- * runtime/Structure.cpp:
- (JSC::Structure::visitChildren):
-
-2011-10-12 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT 32_64 - Fix ArrayPop
- https://bugs.webkit.org/show_bug.cgi?id=69918
-
- Reviewed by Filip Pizlo.
-
- The storageLengthGPR is polluted by EmptyValueTag and later used to
- index the array, which results in abnormal behaviors in execution.
- This fix makes 32_64 DFG pass v8-deltablue and kraken
- crypto-sha256-iterative on Linux ia32.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::store32):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movl_i32m):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-12 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
-
- Fix build with GLib 2.31
- https://bugs.webkit.org/show_bug.cgi?id=69840
-
- Reviewed by Martin Robinson.
-
- * GNUmakefile.list.am: removed ThreadingGtk.cpp.
- * wtf/ThreadingPrimitives.h: remove GTK+-specific definitions.
- * wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations.
- * wtf/gobject/GOwnPtr.h: ditto.
- * wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations.
- * wtf/gtk/ThreadingGtk.cpp: Removed.
-
-2011-10-12 Filip Pizlo <fpizlo@apple.com>
-
- Layout tests crashing in DFG JIT code
- https://bugs.webkit.org/show_bug.cgi?id=69897
-
- Reviewed by Gavin Barraclough.
-
- Abstract value filtration didn't take into account cases where a structure
- set filter, combined with predicted type knowledge, could lead to a stronger
- filter for the structure abstract value.
-
- This bug would have been benign in release builds; it would have just meant
- that the analysis was less precise and some optimization opportunities would
- be missed. I have an ASSERT that is meant to catch such cases, and it was
- triggering sporadically in one of the LayoutTests.
-
- * dfg/DFGAbstractValue.h:
- (JSC::DFG::AbstractValue::filter):
-
-2011-10-11 Gavin Barraclough <baraclough@apple.com>
-
- Unreviewed, temporarily reverted r97216 due to bug #69897.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG 32_64 - fix silentFillGPR
- https://bugs.webkit.org/show_bug.cgi?id=69903
-
- Reviewed by Filip Pizlo.
-
- Fix a small bug in silentFillGPR,
- and add the newly introduced DFG file to CMakeListsEfl.
-
- * CMakeListsEfl.txt:
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-08 Filip Pizlo <fpizlo@apple.com>
-
- DFG does not have flow-sensitive intraprocedural control flow analysis
- https://bugs.webkit.org/show_bug.cgi?id=69690
-
- Reviewed by Gavin Barraclough.
-
- Implemented a control flow analysis (CFA). It currently propagates type
- proofs only. For example, if all predecessors to a basic block have
- checks that variable X is a JSFinalObject with structure 0xabcdef, then
- this basic block will now know this fact and will know that it does not
- have to emit either JSFinalObject checks or any structure checks since
- the structure is precisely known. The CFA takes heap side-effects into
- account (though somewhat conservatively), so that if the object pointed
- to by variable X could have possibly undergone a structure transition
- then this is reflected: the analysis may simply say that X's structure
- is unknown.
-
- This also propagates a wealth of other type information which is
- currently not being used. For example, we now know when a variable can
- only hold doubles. Even if a variable may hold other types at different
- points in its live range, we can still prove exactly when it will only
- be double.
-
- There's a bunch of stuff that the CFA could do that it still does not
- do, like precise handling of PutStructure (i.e. structure transitions),
- precise handling of CheckFunction and CheckMethod, etc. So this is
- very much intended to be a starting point rather than an end unto
- itself.
-
- This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue)
- and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate).
- Neutral on SunSpider.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/ActionablePrediction.h: Removed.
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- * bytecode/PredictedType.h:
- * dfg/DFGAbstractState.cpp: Added.
- (JSC::DFG::AbstractState::AbstractState):
- (JSC::DFG::AbstractState::~AbstractState):
- (JSC::DFG::AbstractState::beginBasicBlock):
- (JSC::DFG::AbstractState::initialize):
- (JSC::DFG::AbstractState::endBasicBlock):
- (JSC::DFG::AbstractState::reset):
- (JSC::DFG::AbstractState::execute):
- (JSC::DFG::AbstractState::clobberStructures):
- (JSC::DFG::AbstractState::mergeStateAtTail):
- (JSC::DFG::AbstractState::merge):
- (JSC::DFG::AbstractState::mergeToSuccessors):
- (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
- (JSC::DFG::AbstractState::dump):
- * dfg/DFGAbstractState.h: Added.
- (JSC::DFG::AbstractState::forNode):
- (JSC::DFG::AbstractState::isValid):
- * dfg/DFGAbstractValue.h: Added.
- (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
- (JSC::DFG::StructureAbstractValue::clear):
- (JSC::DFG::StructureAbstractValue::makeTop):
- (JSC::DFG::StructureAbstractValue::top):
- (JSC::DFG::StructureAbstractValue::add):
- (JSC::DFG::StructureAbstractValue::addAll):
- (JSC::DFG::StructureAbstractValue::contains):
- (JSC::DFG::StructureAbstractValue::isSubsetOf):
- (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
- (JSC::DFG::StructureAbstractValue::isSupersetOf):
- (JSC::DFG::StructureAbstractValue::filter):
- (JSC::DFG::StructureAbstractValue::isClear):
- (JSC::DFG::StructureAbstractValue::isTop):
- (JSC::DFG::StructureAbstractValue::size):
- (JSC::DFG::StructureAbstractValue::at):
- (JSC::DFG::StructureAbstractValue::operator[]):
- (JSC::DFG::StructureAbstractValue::last):
- (JSC::DFG::StructureAbstractValue::predictionFromStructures):
- (JSC::DFG::StructureAbstractValue::operator==):
- (JSC::DFG::StructureAbstractValue::dump):
- (JSC::DFG::AbstractValue::AbstractValue):
- (JSC::DFG::AbstractValue::clear):
- (JSC::DFG::AbstractValue::isClear):
- (JSC::DFG::AbstractValue::makeTop):
- (JSC::DFG::AbstractValue::clobberStructures):
- (JSC::DFG::AbstractValue::isTop):
- (JSC::DFG::AbstractValue::top):
- (JSC::DFG::AbstractValue::set):
- (JSC::DFG::AbstractValue::operator==):
- (JSC::DFG::AbstractValue::merge):
- (JSC::DFG::AbstractValue::filter):
- (JSC::DFG::AbstractValue::validate):
- (JSC::DFG::AbstractValue::dump):
- * dfg/DFGBasicBlock.h: Added.
- (JSC::DFG::BasicBlock::BasicBlock):
- (JSC::DFG::BasicBlock::getBytecodeBegin):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::setLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::setArgument):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::setupPredecessors):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::block):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
- * dfg/DFGNode.h:
- (JSC::DFG::NodeIndexTraits::defaultValue):
- (JSC::DFG::Node::variableAccessData):
- (JSC::DFG::Node::takenBytecodeOffsetDuringParsing):
- (JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing):
- (JSC::DFG::Node::setTakenBlockIndex):
- (JSC::DFG::Node::setNotTakenBlockIndex):
- (JSC::DFG::Node::takenBlockIndex):
- (JSC::DFG::Node::notTakenBlockIndex):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGOSREntry.h:
- * dfg/DFGOperands.h: Added.
- (JSC::DFG::operandIsArgument):
- (JSC::DFG::OperandValueTraits::defaultValue):
- (JSC::DFG::Operands::Operands):
- (JSC::DFG::Operands::numberOfArguments):
- (JSC::DFG::Operands::numberOfLocals):
- (JSC::DFG::Operands::argument):
- (JSC::DFG::Operands::local):
- (JSC::DFG::Operands::setLocal):
- (JSC::DFG::Operands::setArgumentFirstTime):
- (JSC::DFG::Operands::setLocalFirstTime):
- (JSC::DFG::Operands::operand):
- (JSC::DFG::Operands::setOperand):
- (JSC::DFG::Operands::clear):
- (JSC::DFG::dumpOperands):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::propagatePredictions):
- (JSC::DFG::Propagator::performBlockCFA):
- (JSC::DFG::Propagator::performForwardCFA):
- (JSC::DFG::Propagator::globalCFA):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGStructureSet.h:
- (JSC::DFG::StructureSet::clear):
- (JSC::DFG::StructureSet::predictionFromStructures):
- (JSC::DFG::StructureSet::operator==):
- (JSC::DFG::StructureSet::dump):
- * dfg/DFGVariableAccessData.h: Added.
-
-2011-10-11 Gavin Barraclough <baraclough@apple.com>
-
- DFG JIT 32_64 - Fix silentFillGPR for non-integer constants.
- https://bugs.webkit.org/show_bug.cgi?id=69890
-
- Reviewed by Oliver Hunt.
-
- Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-11 Ryosuke Niwa <rniwa@webkit.org>
-
- GTK build fix attempt after r97197.
-
- * wtf/BitVector.h:
-
-2011-10-11 Oliver Hunt <oliver@apple.com>
-
- Remove unintentional logging.
-
- * heap/Heap.cpp:
-
-2011-10-11 Oliver Hunt <oliver@apple.com>
-
- Tidy up card walking logic
- https://bugs.webkit.org/show_bug.cgi?id=69883
-
- Reviewed by Gavin Barraclough.
-
- Special case common cell sizes when walking a block's
- cards.
-
- * heap/CardSet.h:
- (JSC::::testAndClear):
- * heap/Heap.cpp:
- (JSC::GCTimer::GCCounter::GCCounter):
- (JSC::GCTimer::GCCounter::count):
- (JSC::GCTimer::GCCounter::~GCCounter):
- (JSC::Heap::markRoots):
- * heap/MarkStack.cpp:
- (JSC::MarkStack::reset):
- * heap/MarkStack.h:
- (JSC::MarkStack::visitCount):
- (JSC::MarkStack::MarkStack):
- (JSC::MarkStack::append):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::gatherDirtyCellsWithSize):
- (JSC::MarkedBlock::gatherDirtyCells):
- * runtime/Structure.h:
- (JSC::MarkStack::internalAppend):
-
-2011-10-11 Filip Pizlo <fpizlo@apple.com>
-
- DFG virtual register allocator should be more aggressive in
- reusing temporary slots
- https://bugs.webkit.org/show_bug.cgi?id=69868
-
- Reviewed by Oliver Hunt.
-
- 1.2% win on V8, neutral elsewhere. The win is probably because it
- increases precision of GC conservative scans.
-
- This required making the DFG::ScoreBoard operate over a bitvector
- of preserved variables, rather than just a preserved variable
- threshold. To do this, I improved the WTF::BitVector class to make
- it more user-friendly. It still retains all previous functionality.
- Also made changes to PackedIntVector to accomodate those changes.
- Finally, this adds more debugging to the virtual register allocator
- and to the OSR exit code, as this was necessary to track down bugs
- in an earlier version of this patch.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::getLocal):
- * dfg/DFGGraph.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::allocateVirtualRegisters):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::ScoreBoard):
- (JSC::DFG::ScoreBoard::~ScoreBoard):
- (JSC::DFG::ScoreBoard::allocate):
- (JSC::DFG::ScoreBoard::use):
- (JSC::DFG::ScoreBoard::highWatermark):
- (JSC::DFG::ScoreBoard::dump):
- (JSC::DFG::ScoreBoard::max):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueRecovery::dump):
- * wtf/BitVector.cpp:
- (WTF::BitVector::setSlow):
- (WTF::BitVector::resizeOutOfLine):
- (WTF::BitVector::dump):
- * wtf/BitVector.h:
- (WTF::BitVector::BitVector):
- (WTF::BitVector::operator=):
- (WTF::BitVector::quickGet):
- (WTF::BitVector::quickSet):
- (WTF::BitVector::quickClear):
- (WTF::BitVector::get):
- (WTF::BitVector::set):
- (WTF::BitVector::clear):
- * wtf/PackedIntVector.h:
- (WTF::PackedIntVector::get):
- (WTF::PackedIntVector::set):
-
-2011-10-11 Gavin Barraclough <baraclough@apple.com>
-
- DFG JIT 32_64 - Switch to cdecl calling convention.
- https://bugs.webkit.org/show_bug.cgi?id=69863
-
- Reviewed by Oliver Hunt.
-
- This makes it easier to keep the stack correctly aligned, which is required on OS X.
-
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::FunctionPtr::FunctionPtr):
- - Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- - Switch calls to poke arguments rather than pushing them.
- (JSC::DFG::resetCallArguments):
- (JSC::DFG::addCallArgument):
- (JSC::DFG::addCallArgumentBoxed):
- - Helper functions to stack up call arguments on X86.
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- - Don't push, poke!
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::compileBody):
- - Don't push, poke!
- * dfg/DFGOperations.cpp:
- - Switch ReturnAddress wrappers to push return address last, update asm trampolines.
- * dfg/DFGOperations.h:
- - switch DFG_OPERATION to assert CDECL on STDCALL platforms.
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::fmodWithCDecl):
- (JSC::DFG::SpeculativeJIT::compile):
- - On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL.
-
-2011-10-11 Gavin Barraclough <baraclough@apple.com>
-
- Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t
- https://bugs.webkit.org/show_bug.cgi?id=69821
-
- Reviewed by Filip Pizlo.
-
- Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an
- intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building.
-
- dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for
- JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary
- move), so by switching all associated operations to return a size_t we can fix the type
- problem on Linux & make it a small tweak that removes an unnecessary instruction.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
- - comparisons now return a size_t.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- - Removed Z_DFGOperation_EJ form.
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- - comparisons now return a size_t.
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- - comparisons now return a size_t.
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- - Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t,
- Both need to return values zero extended to fill a register.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- - comparisons now return a size_t.
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- - comparisons now return a size_t.
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- - comparisons now return a size_t.
-
-2011-10-11 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
-
- [Qt] Remove all references to QTDIR_build and standalone_package
-
- Qt is now modularized, which means we no longer import WebKit into
- the Qt source tree. Instead we use git submodules, and building
- QtWebKit as "part of Qt" is really building QtWebKit as from trunk.
-
- To decrease the number of buildsystem configurations we also remove
- the standalone_package code-path used when we were providing tarballs
- with the derived sources pre-generated.
-
- Reviewed by Simon Hausmann.
-
- * DerivedSources.pro:
- * JavaScriptCore.pri:
- * JavaScriptCore.pro:
-
-2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Add missing copyright notice in DFG JIT files
- https://bugs.webkit.org/show_bug.cgi?id=69809
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- * dfg/DFGJITCompiler32_64.cpp:
- * dfg/DFGJITCompilerInlineMethods.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
-
-2011-10-10 Filip Pizlo <fpizlo@apple.com>
-
- DFG JSVALUE64 spill/fill code should not box integers and doubles
- https://bugs.webkit.org/show_bug.cgi?id=69782
-
- Reviewed by Oliver Hunt.
-
- Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat.
- This required changing all of the places that spill registers (both silently
- and not) and filling registers (both silently and on demand). It also required
- changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile)
- may have the wrong format for the old JIT (unboxed int or double).
-
- This is a slight win on Kraken (0.25%) and neutral elsewhere.
-
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::spill):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::JITCodeGenerator::spill):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueRecovery::displacedInRegisterFile):
- (JSC::DFG::ValueRecovery::virtualRegister):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-
-2011-10-10 Gavin Barraclough <baraclough@apple.com>
-
- DFG JIT switch dfgConvert methods to use callOperation
- https://bugs.webkit.org/show_bug.cgi?id=69806
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- * dfg/DFGOperations.h:
-
-2011-10-10 Gavin Barraclough <baraclough@apple.com>
-
- Remove some unused methods from the DFG JIT.
-
- Rubber stamped by Oliver Hunt
-
- Thee methods were only used by the non-speculative JIT, and can be removed.
-
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCodeGenerator32_64.cpp:
- * dfg/DFGJITCodeGenerator64.cpp:
- - removed:
- nonSpeculativeAdd
- nonSpeculativeArithSub
- nonSpeculativeArithMod
- nonSpeculativeCheckHasInstance
- nonSpeculativeInstanceOf
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- - removed:
- operationArithMod
- operationInstanceOf
- operationThrowHasInstanceError
-
-2011-10-10 Gavin Barraclough <baraclough@apple.com>
-
- Switch most calls in DFGJITCodeGenerator to use callOperation.
- https://bugs.webkit.org/show_bug.cgi?id=69802
-
- Reviewed by Oliver Hunt.
-
- Compares, add, mod are the easy cases.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
-
-2011-10-10 Gavin Barraclough <baraclough@apple.com>
-
- DFG: Switch GetById / PutById to use callOperation
- https://bugs.webkit.org/show_bug.cgi?id=69795
-
- Reviewed by Oliver Hunt.
-
- Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::appropriatePutByIdFunction):
-
-2011-10-10 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
- https://bugs.webkit.org/show_bug.cgi?id=69412
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
-
-2011-10-10 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove getCallDataVirtual methods
- https://bugs.webkit.org/show_bug.cgi?id=69186
-
- Reviewed by Geoffrey Garen.
-
- Removed all getCallDataVirtual methods and replaced their call sites
- with an explicit lookup in the MethodTable.
-
- * API/JSCallbackFunction.cpp:
- * API/JSCallbackFunction.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- * API/JSObjectRef.cpp:
- (JSObjectIsFunction):
- (JSObjectCallAsFunction):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArrayConstructor.cpp:
- * runtime/ArrayConstructor.h:
- * runtime/BooleanConstructor.cpp:
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- * runtime/DateConstructor.h:
-
- Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
- the class definition in JSGlobalObject.cpp.
- * runtime/Error.cpp:
- (JSC::createTypeErrorFunction):
- * runtime/Error.h:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- (JSC::StrictModeTypeErrorFunction::create):
- (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
- (JSC::StrictModeTypeErrorFunction::getConstructData):
- (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
- (JSC::StrictModeTypeErrorFunction::getCallData):
- (JSC::StrictModeTypeErrorFunction::createStructure):
- * runtime/ErrorConstructor.cpp:
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- * runtime/FunctionPrototype.h:
-
- To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
- to declare their own ClassInfo if they don't override getCallData, provided
- an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
- functionality as of the pure virtual method InternalFunction used to have.
- Also made this new implementation protected rather than private for the same reason.
- Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
- object is being created provides their own implementation of getCallData. This
- just makes execution fail earlier in a place where the source of the error is
- easy to trace. These ASSERTs are better than putting a null in the MethodTable because
- they appear much more intentional to anybody who fails to provide their own
- implementation or who tries to explicitly call InternalFunction::getCallData.
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::finishCreation):
- (JSC::InternalFunction::getCallData):
- * runtime/InternalFunction.h:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
-
- Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
- it to be reused rather than creating a new Structure every time we instantiate it.
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Stringifier):
- (JSC::Stringifier::toJSON):
- (JSC::Stringifier::appendStringifiedValue):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- * runtime/JSObject.h:
- (JSC::getCallData):
- * runtime/NativeErrorConstructor.cpp:
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- * runtime/NumberConstructor.h:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectConstructor.h:
- * runtime/Operations.cpp:
- (JSC::jsTypeStringForValue):
- (JSC::jsIsObjectType):
- (JSC::jsIsFunctionType):
- * runtime/PropertySlot.cpp:
- (JSC::PropertySlot::functionGetter):
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- * runtime/StringConstructor.h:
- * runtime/Structure.h:
-
-2011-10-10 Gavin Barraclough <barraclough@apple.com>
-
- Switch last calls from DFGSpeculativeJIT to use callOperation.
- https://bugs.webkit.org/show_bug.cgi?id=69780
-
- Reviewed by Oliver Hunt.
-
- Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compile):
- * wtf/Platform.h:
-
-2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace"
- https://bugs.webkit.org/show_bug.cgi?id=69748
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetMethod):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-
-2011-10-10 Adam Roben <aroben@apple.com>
-
- Build fix
-
- * wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros.
-
-2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT - Bug fix for BranchNull
- https://bugs.webkit.org/show_bug.cgi?id=69743
-
- Reviewed by Darin Adler.
-
- This fixes the error in access-binary-trees. All SunSpider cases passed.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-
-2011-10-07 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT: callOperation should return the Call.
- https://bugs.webkit.org/show_bug.cgi?id=69682
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- (JSC::DFG::appendCallWithExceptionCheckSetResult):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::appendCall):
- * wtf/Platform.h:
-
-2011-10-10 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r97045.
- http://trac.webkit.org/changeset/97045
- https://bugs.webkit.org/show_bug.cgi?id=69746
-
- makes apple bots very crashy :( (Requested by kling on
- #webkit).
-
- * config.h:
-
-2011-10-10 Andreas Kling <kling@webkit.org>
-
- Shrink BorderValue.
- https://bugs.webkit.org/show_bug.cgi?id=69521
-
- Reviewed by Antti Koivisto.
-
- * config.h: Touch to force full rebuild.
-
-2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Improve Null or Undefined test in 32_64 DFG
- https://bugs.webkit.org/show_bug.cgi?id=69734
-
- Reviewed by Darin Adler.
-
- Currently Null or Undefined value test in 32_64 DFG will check
- Null and Undefined tag separately and introduce one more branch.
- It can be improved in the way how the baseline JIT is doing - by
- relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1".
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT - Bug fix for ConvertThis
- https://bugs.webkit.org/show_bug.cgi?id=69721
-
- Reviewed by Darin Adler.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Remove unused callOperation code of DFG JIT on X86
- https://bugs.webkit.org/show_bug.cgi?id=69722
-
- Reviewed by Filip Pizlo.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
-
-2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble
- https://bugs.webkit.org/show_bug.cgi?id=69720
-
- Reviewed by Filip Pizlo.
-
- In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by
- a FPR and will be used for further optimizations, though we currently
- don't fully utilize it. For now when filling a JS value which was
- spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat
- to DataFormatJS to avoid compilation errors.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillJSValue):
-
-2011-10-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not always speculate that a ByVal access has an integer index
- https://bugs.webkit.org/show_bug.cgi?id=69716
-
- Reviewed by Oliver Hunt.
-
- 1% win on SunSpider, neutral elsewhere.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGNode.h:
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::byValHasIntBase):
- (JSC::DFG::Propagator::clobbersWorld):
- (JSC::DFG::Propagator::getMethodLoadElimination):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Fix value profiling in 32_64 JIT
- https://bugs.webkit.org/show_bug.cgi?id=69717
-
- Reviewed by Filip Pizlo.
-
- Current value profiling for 32_64 JIT is broken and cannot record
- correct predicated types, which results in many speculation failures
- in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
- again and again.
- With this fix 32_64 DFG JIT can demonstrate real performance gains.
-
- * bytecode/ValueProfile.cpp:
- (JSC::ValueProfile::computeStatistics):
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::classInfo):
- (JSC::ValueProfile::numberOfSamples):
- (JSC::ValueProfile::isLive):
- (JSC::ValueProfile::numberOfInt32s):
- (JSC::ValueProfile::numberOfDoubles):
- (JSC::ValueProfile::numberOfBooleans):
- (JSC::ValueProfile::dump):
- Empty value check should be performed on decoded JSValue,
- as for 32_64 empty value is not identical to encoded 0.
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITStubCall.h:
- (JSC::JITStubCall::callWithValueProfiling):
- Record the right profiling result for 32_64.
-
-2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Remove 32 bit restrictions in DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69711
-
- Reviewed by Filip Pizlo.
-
- op_call/op_construct support was disabled for 32 bit DFG JIT because
- there was regression in javascriptcore tests. Now the bugs are fixed
- and there should be no regression. This makes 32 bit DFG have the same
- capability as 64 bit DFG, and improves the coverage.
-
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
-
-2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static version of JSCell::getConstructData
- https://bugs.webkit.org/show_bug.cgi?id=69673
-
- Reviewed by Geoffrey Garen.
-
- Added static version of getConstructData to all classes that
- override it and changed the virtual versions to call the static
- versions. This is the first step in de-virtualizing JSCell::getConstructData.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::getConstructData):
- * API/JSCallbackConstructor.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getConstructData):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::getConstructData):
- * runtime/ArrayConstructor.h:
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::getConstructData):
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getConstructData):
- * runtime/DateConstructor.h:
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::getConstructData):
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::getConstructData):
- * runtime/FunctionConstructor.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getConstructData):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getConstructData):
- * runtime/JSFunction.h:
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::getConstructData):
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getConstructData):
- * runtime/NumberConstructor.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getConstructData):
- * runtime/ObjectConstructor.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getConstructData):
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getConstructData):
- * runtime/StringConstructor.h:
-
-2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static version of JSCell::getOwnPropertySlot
- https://bugs.webkit.org/show_bug.cgi?id=69593
-
- Reviewed by Geoffrey Garen.
-
- Added static version of getOwnPropertySlot to every class that overrides
- JSCell::getOwnPropertySlot. The virtual versions now call the static versions.
- This is the first step in de-virtualizing JSCell::getOwnPropertySlot.
-
- * JavaScriptCore.exp:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::getOwnPropertySlot):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertySlot):
- * runtime/Arguments.h:
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertySlot):
- * runtime/ArrayPrototype.h:
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::getOwnPropertySlot):
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getOwnPropertySlot):
- * runtime/DateConstructor.h:
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::getOwnPropertySlot):
- * runtime/DatePrototype.h:
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::getOwnPropertySlot):
- * runtime/ErrorPrototype.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::getOwnPropertySlot):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::getOwnPropertySlot):
- * runtime/JSArray.h:
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::getOwnPropertySlot):
- * runtime/JSBoundFunction.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::getOwnPropertySlot):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getOwnPropertySlot):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertySlot):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::getOwnPropertySlot):
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::getOwnPropertySlot):
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::getOwnPropertySlot):
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::getOwnPropertySlot):
- * runtime/JSObject.h:
- (JSC::JSObject::getOwnPropertySlot):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::getOwnPropertySlot):
- * runtime/JSStaticScopeObject.h:
- * runtime/JSString.cpp:
- (JSC::JSString::getOwnPropertySlot):
- * runtime/JSString.h:
- * runtime/MathObject.cpp:
- (JSC::MathObject::getOwnPropertySlot):
- * runtime/MathObject.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getOwnPropertySlot):
- * runtime/NumberConstructor.h:
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::getOwnPropertySlot):
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getOwnPropertySlot):
- * runtime/ObjectConstructor.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::getOwnPropertySlot):
- * runtime/ObjectPrototype.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getOwnPropertySlot):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::getOwnPropertySlot):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::getOwnPropertySlot):
- * runtime/RegExpObject.h:
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::getOwnPropertySlot):
- * runtime/RegExpPrototype.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getOwnPropertySlot):
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::getOwnPropertySlot):
- * runtime/StringObject.h:
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::getOwnPropertySlot):
- * runtime/StringPrototype.h:
-
-2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions
- https://bugs.webkit.org/show_bug.cgi?id=69699
-
- Reviewed by Filip Pizlo.
-
- It should match SetLocal where only payload is stored for array predictions.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot
- https://bugs.webkit.org/show_bug.cgi?id=69702
-
- Reviewed by Filip Pizlo.
-
- There are some errors in generating code for Branch and LogicalNot,
- when the operand is predicted as ObjectOrOther.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2011-10-08 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r96996.
- http://trac.webkit.org/changeset/96996
- https://bugs.webkit.org/show_bug.cgi?id=69697
-
- It broke all tests on the Qt bot (Requested by Ossy_night on
- #webkit).
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::getCallDataVirtual):
- * API/JSCallbackFunction.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getCallDataVirtual):
- * API/JSObjectRef.cpp:
- (JSObjectIsFunction):
- (JSObjectCallAsFunction):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::getCallDataVirtual):
- * runtime/ArrayConstructor.h:
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::getCallDataVirtual):
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getCallDataVirtual):
- * runtime/DateConstructor.h:
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- (JSC::StrictModeTypeErrorFunction::create):
- (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
- (JSC::StrictModeTypeErrorFunction::getConstructData):
- (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
- (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
- (JSC::StrictModeTypeErrorFunction::getCallData):
- (JSC::StrictModeTypeErrorFunction::createStructure):
- (JSC::createTypeErrorFunction):
- * runtime/Error.h:
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::getCallDataVirtual):
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::getCallDataVirtual):
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::getCallDataVirtual):
- * runtime/FunctionPrototype.h:
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::finishCreation):
- * runtime/InternalFunction.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getCallDataVirtual):
- * runtime/JSCell.h:
- (JSC::getCallData):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getCallDataVirtual):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Stringifier):
- (JSC::Stringifier::toJSON):
- (JSC::Stringifier::appendStringifiedValue):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- * runtime/JSObject.h:
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::getCallDataVirtual):
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getCallDataVirtual):
- * runtime/NumberConstructor.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getCallDataVirtual):
- * runtime/ObjectConstructor.h:
- * runtime/Operations.cpp:
- (JSC::jsTypeStringForValue):
- (JSC::jsIsObjectType):
- (JSC::jsIsFunctionType):
- * runtime/PropertySlot.cpp:
- (JSC::PropertySlot::functionGetter):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getCallDataVirtual):
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getCallDataVirtual):
- * runtime/StringConstructor.h:
- * runtime/Structure.h:
-
-2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT - only Array predictions can result in unboxed cells in register file
- https://bugs.webkit.org/show_bug.cgi?id=69695
-
- Reviewed by Filip Pizlo.
-
- In current DFG JIT, only array predictions can result in unboxed cells
- in register file, not for the other cell predictions.
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueSource::forPrediction):
-
-2011-10-07 Yuqiang Xian <yuqiang.xian@intel.com>
-
- bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69696
-
- Reviewed by Filip Pizlo.
-
- On 32-bit, we should use TimesEight (8) instead of ScalePtr (4)
- to compute the address of a JS array element.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static version of JSCell::deleteProperty
- https://bugs.webkit.org/show_bug.cgi?id=69659
-
- Reviewed by Geoffrey Garen.
-
- Added static version of both versions of put to all classes that
- override them and changed the virtual versions to call the static
- versions. This is the first step in de-virtualizing JSCell::deleteProperty.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::deleteProperty):
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::deleteProperty):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- (JSC::Arguments::deleteProperty):
- * runtime/Arguments.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::deleteProperty):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::deleteProperty):
- * runtime/JSArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::deleteProperty):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::deleteProperty):
- * runtime/JSFunction.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::deleteProperty):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::deleteProperty):
- * runtime/JSObject.h:
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::deleteProperty):
- * runtime/JSVariableObject.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::deleteProperty):
- * runtime/StrictEvalActivation.cpp:
- (JSC::StrictEvalActivation::deleteProperty):
- * runtime/StrictEvalActivation.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::deleteProperty):
- * runtime/StringObject.h:
-
-2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove getCallDataVirtual methods
- https://bugs.webkit.org/show_bug.cgi?id=69186
-
- Reviewed by Geoffrey Garen.
-
- Removed all getCallDataVirtual methods and replaced their call sites
- with an explicit lookup in the MethodTable.
-
- * API/JSCallbackFunction.cpp:
- * API/JSCallbackFunction.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- * API/JSObjectRef.cpp:
- (JSObjectIsFunction):
- (JSObjectCallAsFunction):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArrayConstructor.cpp:
- * runtime/ArrayConstructor.h:
- * runtime/BooleanConstructor.cpp:
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- * runtime/DateConstructor.h:
- * runtime/Error.cpp:
- (JSC::createTypeErrorFunction):
-
- Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
- the class definition in JSGlobalObject.cpp.
- * runtime/Error.h:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- (JSC::StrictModeTypeErrorFunction::create):
- (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
- (JSC::StrictModeTypeErrorFunction::getConstructData):
- (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
- (JSC::StrictModeTypeErrorFunction::getCallData):
- (JSC::StrictModeTypeErrorFunction::createStructure):
- * runtime/ErrorConstructor.cpp:
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- * runtime/FunctionPrototype.h:
-
- To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
- to declare their own ClassInfo if they don't override getCallData, provided
- an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
- functionality as of the pure virtual method InternalFunction used to have.
- Also made this new implementation protected rather than private for the same reason.
- Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
- object is being created provides their own implementation of getCallData. This
- just makes execution fail earlier in a place where the source of the error is
- easy to trace. These ASSERTs are better than putting a null in the MethodTable because
- they appear much more intentional to anybody who fails to provide their own
- implementation or who tries to explicitly call InternalFunction::getCallData.
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::finishCreation):
- (JSC::InternalFunction::getCallData):
- * runtime/InternalFunction.h:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
-
- Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
- it to be reused rather than creating a new Structure every time we instantiate it.
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Stringifier):
- (JSC::Stringifier::toJSON):
- (JSC::Stringifier::appendStringifiedValue):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- * runtime/JSObject.h:
- (JSC::getCallData):
- * runtime/NativeErrorConstructor.cpp:
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- * runtime/NumberConstructor.h:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectConstructor.h:
- * runtime/Operations.cpp:
- (JSC::jsTypeStringForValue):
- (JSC::jsIsObjectType):
- (JSC::jsIsFunctionType):
- * runtime/PropertySlot.cpp:
- (JSC::PropertySlot::functionGetter):
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- * runtime/StringConstructor.h:
- * runtime/Structure.h:
-
-2011-10-07 Oliver Hunt <oliver@apple.com>
-
- Add missing break statement.
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-10-07 Oliver Hunt <oliver@apple.com>
-
- Support some string intrinsics in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69678
-
- Reviewed by Gavin Barraclough.
-
- Add support for charAt and charCodeAt intrinsics in the DFG.
-
- * create_hash_table:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- * dfg/DFGIntrinsic.h:
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static version of JSCell::put
- https://bugs.webkit.org/show_bug.cgi?id=69382
-
- Reviewed by Geoffrey Garen.
-
- Added static version of both versions of put to all classes that
- override them and changed the virtual versions to call the static
- versions.
-
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::put):
- * JavaScriptCore.exp:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::put):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- (JSC::Arguments::put):
- * runtime/Arguments.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::put):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::put):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::put):
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::put):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::put):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::put):
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::put):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- * runtime/JSObject.h:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::put):
- * runtime/JSStaticScopeObject.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::put):
- * runtime/ObjectPrototype.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::put):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::put):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::put):
- * runtime/RegExpObject.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::put):
- * runtime/StringObject.h:
-
-2011-10-07 Gavin Barraclough <barraclough@apple.com>
-
- Refactor DFG to make for use of callOperation
- https://bugs.webkit.org/show_bug.cgi?id=69672
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- - Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too).
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- - Switch operationNewObject/operationCreateThis to return Cells,
- - Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types.
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- - Replace code plating calls to operations to with calls to callOperation.
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- - Replace code plating calls to operations to with calls to callOperation.
-
-2011-10-07 Oliver Hunt <oliver@apple.com>
-
- Support string indexing in the DFG
- https://bugs.webkit.org/show_bug.cgi?id=69671
-
- Reviewed by Gavin Barraclough.
-
- Emit code to support inline indexing of strings
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- Shared code to perform string indexing.
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- Use compileGetByValOnString if we predict that the base object
- is a string in GetByVal.
- * runtime/JSString.h:
- (JSC::JSString::offsetOfFiberCount):
- (JSC::JSString::offsetOfValue):
-
-2011-10-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG ConvertThis speculation logic is wrong
- https://bugs.webkit.org/show_bug.cgi?id=69663
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixupNode):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-07 Oliver Hunt <oliver@apple.com>
-
- Verify that our call speculation is valid.
-
- Reviewed by Filip Pizlo.
-
- Before specialising an intrinsic we need to verify that
- we our speculation is correct.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-10-07 Brent Fulgham <bfulgham@webkit.org>
-
- [WinCairo] Unreviewed build correction for the build bot.
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing
- Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that
- build-jsc can find the target it needs to run the JSC tests.
-
-2011-10-07 Oliver Hunt <oliver@apple.com>
-
- Fix 32-bit build.
-
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCall):
-
-2011-10-07 Oliver Hunt <oliver@apple.com>
-
- Support direct calls to intrinsic functions
- https://bugs.webkit.org/show_bug.cgi?id=69646
-
- Reviewed by Gavin Barraclough.
-
- Add support for optimising non-method_check calls
- to intrinsic functions (eg. when Math.abs, etc are
- cached in local variables).
-
- * bytecode/CodeBlock.h:
- (JSC::getCallLinkInfoBytecodeIndex):
- Support searching CallLinkInfos by bytecode index
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- Add support for linked calls in addition to method_check
- when searching for intrinsics
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasFunctionCheckData):
- (JSC::DFG::Node::function):
- Add ability to store a JSFunction* in a node - this is safe
- as the function will be marked by the codeblock we're compiling
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::checkFunctionElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- Add support for new CheckFunction node, and implement CSE pass.
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- Rather trivial implementation of CheckFunction
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCall):
- Need to propagate bytecode index for calls now.
-
-2011-10-07 Dominic Cooney <dominicc@chromium.org>
-
- [JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles
- https://bugs.webkit.org/show_bug.cgi?id=69599
-
- Reviewed by Sam Weinig.
-
- DFG JIT manipulates MetaAllocatorHandles across threads, eg in
- allocating JITCode buffers on a background thread to execute a
- proxy autoconfiguration PAC file but garbage collecting it in
- response to allocation on the main thread. Disabling
- ThreadRestrictionVerification until there is a verification scheme
- that understands this handoff.
-
- * wtf/MetaAllocator.cpp:
- (WTF::MetaAllocator::allocate):
-
-2011-10-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not always speculate that ConvertThis is operating on an object
- https://bugs.webkit.org/show_bug.cgi?id=69570
-
- Reviewed by Oliver Hunt.
-
- Mostly neutral, but with a slight regression in Kraken since it increases
- coverage in DFG and thus reveals some performance pathologies (which I
- prefer to think of as performance opportunities, in a good way).
-
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- * bytecode/PredictedType.h:
- (JSC::isOtherPrediction):
- (JSC::mergePredictions):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Windows build fix
-
- Unreviewed build fix. Weird runtime failures on Windows due to
- linking issues caused by the ClassInfo struct in JSByteArray not
- being declared with JS_EXPORTDATA.
-
- * runtime/JSByteArray.h:
-
-2011-10-06 Filip Pizlo <fpizlo@apple.com>
-
- Structure does not reset m_previous when pinning the property map
- https://bugs.webkit.org/show_bug.cgi?id=69583
-
- Reviewed by Gavin Barraclough.
-
- This is an 0.6% performance improvement in V8, and 0.2% overall.
-
- * runtime/Structure.cpp:
- (JSC::Structure::changePrototypeTransition):
- (JSC::Structure::despecifyFunctionTransition):
- (JSC::Structure::getterSetterTransition):
- (JSC::Structure::toDictionaryTransition):
- (JSC::Structure::preventExtensionsTransition):
- (JSC::Structure::addPropertyWithoutTransition):
- (JSC::Structure::removePropertyWithoutTransition):
- (JSC::Structure::pin):
- * runtime/Structure.h:
-
-2011-10-06 Anders Carlsson <andersca@apple.com>
-
- When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors
- https://bugs.webkit.org/show_bug.cgi?id=69586
-
- Reviewed by Darin Adler.
-
- * Configurations/Base.xcconfig:
- Add -Wglobal-constructors and -Wexit-time-destructors when building with clang.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- When building with clang, we don't need to run the check-for-global-initializers and
- check-for-exit-time-destructors anymore.
-
- * jsc.cpp:
- (runInteractive):
- Move interpreterName into runInteractive.
-
- * wtf/StdLibExtras.h:
- When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors
- warnings around the variable declaration.
-
-2011-10-06 Anders Carlsson <andersca@apple.com>
-
- Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds
- https://bugs.webkit.org/show_bug.cgi?id=69584
-
- Reviewed by Darin Adler.
-
- Add DEFINE_DEBUG_ONLY_GLOBAL macro.
-
- * wtf/StdLibExtras.h:
-
-2011-10-06 Oliver Hunt <oliver@apple.com>
-
- Write barrier shouldn't allocate temporaries inside control flow
- https://bugs.webkit.org/show_bug.cgi?id=69582
-
- Reviewed by Gavin Barraclough.
-
- Reorder the code to avoid spill-related badness.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::writeBarrier):
-
-2011-10-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG::shouldSpeculate methods are too complicated
- https://bugs.webkit.org/show_bug.cgi?id=69560
-
- Reviewed by Geoffrey Garen.
-
- Moved shouldSpeculate methods to DFG::Node, and cleaned them up to
- just use node predictions.
-
- By itself this would have meant that SpeculativeJIT code would have
- had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ().
- So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced
- all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex).
-
- This is an 0.4% progression overall that shows up in all benchmarks,
- for reasons unknown.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::at):
- (JSC::DFG::JITCodeGenerator::canReuse):
- (JSC::DFG::JITCodeGenerator::isFilled):
- (JSC::DFG::JITCodeGenerator::isFilledDouble):
- (JSC::DFG::JITCodeGenerator::use):
- (JSC::DFG::JITCodeGenerator::silentSpillFPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::detectPeepHoleBranch):
- (JSC::DFG::integerResult):
- (JSC::DFG::noResult):
- (JSC::DFG::cellResult):
- (JSC::DFG::jsValueResult):
- (JSC::DFG::storageResult):
- (JSC::DFG::doubleResult):
- (JSC::DFG::initConstantInfo):
- (JSC::DFG::appendCallWithExceptionCheck):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::shouldSpeculateInteger):
- (JSC::DFG::Node::shouldSpeculateDouble):
- (JSC::DFG::Node::shouldSpeculateNumber):
- (JSC::DFG::Node::shouldNotSpeculateInteger):
- (JSC::DFG::Node::shouldSpeculateFinalObject):
- (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
- (JSC::DFG::Node::shouldSpeculateArray):
- (JSC::DFG::Node::shouldSpeculateArrayOrOther):
- (JSC::DFG::Node::shouldSpeculateObject):
- (JSC::DFG::Node::shouldSpeculateCell):
- (JSC::DFG::Node::canSpeculateInteger):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isInteger):
- (JSC::DFG::SpeculativeJIT::isKnownArray):
- (JSC::DFG::SpeculativeJIT::isKnownString):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::convertToDouble):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitBranch):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-06 Gavin Peters <gavinp@chromium.org>
-
- REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1"
- https://bugs.webkit.org/show_bug.cgi?id=69556
-
- Reviewed by Adam Roben.
-
- * wtf/Assertions.cpp:
-
-2011-10-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG implementation of UInt32ToNumber is missing a break statement
- https://bugs.webkit.org/show_bug.cgi?id=69552
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-06 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed build fix for DFG JIT 32_64 release builds.
-
- * dfg/DFGJITCompiler.cpp:
- * dfg/DFGJITCompiler.h:
- * dfg/DFGJITCompiler32_64.cpp:
- - Remove three unused methods.
-
-2011-10-06 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT 32_64 should check type of values being filled by fillSpeculateInt
- https://bugs.webkit.org/show_bug.cgi?id=69549
-
- Reviewed by Oliver Hunt.
-
- This breaks sunspider/3d-cube.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- - Speculation check on the tag.
-
-2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Snow Leopard build fix
-
- Unreviewed build fix
-
- * JavaScriptCore.exp:
-
-2011-10-05 Gavin Barraclough <barraclough@apple.com>
-
- Add explicit JSGlobalThis type.
- https://bugs.webkit.org/show_bug.cgi?id=69478
-
- Reviewed by Darin Adler.
-
- JSC supports a split global object, as used by WebCore for the Window. As a stage
- of making this visible to JSC, make it so that if the global this value is not the
- global object itself, it must be a subclass of JSGlobalThis.
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::::finishCreation):
- - Don't pass the thisValue to JSGlobalObject::finishCreation.
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Added JSGlobalThis.h
- * jsc.cpp:
- (GlobalObject::finishCreation):
- - Don't pass the thisValue to JSGlobalObject::finishCreation.
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::create):
- (JSC::JSGlobalObject::finishCreation):
- - finishCreation takes a JSGlobalThis, or thisValue is implicit.
- * runtime/JSGlobalThis.h: Added.
- (JSC::JSGlobalThis::create):
- (JSC::JSGlobalThis::JSGlobalThis):
- (JSC::JSGlobalThis::finishCreation):
- - Thin wrapper on JSNonFinalObject to allow type checking.
- * testRegExp.cpp:
- (GlobalObject::finishCreation):
- - Don't pass the thisValue to JSGlobalObject::finishCreation.
+ (JSC):
-2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
+2012-05-23 Filip Pizlo <fpizlo@apple.com>
- JSC objects need to know their own cell size at runtime.
- https://bugs.webkit.org/show_bug.cgi?id=69390
+ Every OSR exit on ARM results in a crash
+ https://bugs.webkit.org/show_bug.cgi?id=87307
Reviewed by Geoffrey Garen.
- Added the cellSize field to ClassInfo and the static calculation of
- size of each class to the CREATE_METHOD_TABLE macro, which will be
- renamed in a followup patch to make its name match its broader use.
-
- Also added a few ClassInfo structs so that each object that is allocated has its
- correct size.
-
- * JavaScriptCore.exp:
- * runtime/ClassInfo.h:
-
- Changed JSByteArray s_defaultInfo to s_info so that the template will get the
- correct ClassInfo struct from it when it's allocated.
- * runtime/JSByteArray.cpp:
- * runtime/JSByteArray.h:
- * runtime/JSCell.h:
- (JSC::allocateCell):
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- * runtime/JSObject.h:
- (JSC::JSCell::cellSize):
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/StrictEvalActivation.cpp:
- * runtime/StrictEvalActivation.h:
-
-2011-10-06 Gavin Peters <gavinp@chromium.org>
-
- export new stack dumping method
- https://bugs.webkit.org/show_bug.cgi?id=69018
-
- The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use
- of this function, many builds broke. So here we add the exports, so that the function is usable.
-
- Reviewed by Adam Roben.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-06 Csaba Osztrogonác <ossy@webkit.org>
-
- REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS)
- https://bugs.webkit.org/show_bug.cgi?id=69413
-
- Reviewed by Darin Adler.
-
- * assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way.
-
-2011-10-05 Filip Pizlo <fpizlo@apple.com>
-
- SpeculativeJIT::isKnownString() is wrong
- https://bugs.webkit.org/show_bug.cgi?id=69501
-
- Reviewed by Oliver Hunt.
-
- Removed the wrong case (GetLocal predicted String) and added a case that
- works (StrCat).
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isKnownString):
-
-2011-10-05 Ryosuke Niwa <rniwa@webkit.org>
-
- Windows build fix attempt after r96760.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-05 Chris Rogers <crogers@google.com>
-
- Define a log2f() function for Windows in wtf/MathExtras.h
- https://bugs.webkit.org/show_bug.cgi?id=69491
-
- Reviewed by Darin Adler.
-
- * wtf/MathExtras.h:
- (log2f):
-
-2011-10-05 Jer Noble <jer.noble@apple.com>
-
- Enable WEB_AUDIO by default in the WebKit/mac port.
- https://bugs.webkit.org/show_bug.cgi?id=68587
-
- Reviewed by Simon Fraser.
-
- * Configurations/FeatureDefines.xcconfig:
- * wtf/Platform.h:
+ * dfg/DFGThunks.cpp:
+ (JSC::DFG::osrExitGenerationThunkGenerator):
-2011-10-05 Filip Pizlo <fpizlo@apple.com>
+2012-05-23 Geoffrey Garen <ggaren@apple.com>
- Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots
- https://bugs.webkit.org/show_bug.cgi?id=69346
+ Refactored heap tear-down to use normal value semantics (i.e., destructors)
+ https://bugs.webkit.org/show_bug.cgi?id=87302
Reviewed by Oliver Hunt.
-
- Removed the assertion, since it was completely wrong for op_post_inc.
- Short of having specialized PostInc nodes in the DFG, there is no
- robust way of asserting what this assertion was trying to assert while
- also supporting op_post_inc.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-05 Geoffrey Garen <ggaren@apple.com>
- Added a simpler mechanism for registering one-off finalizers
- https://bugs.webkit.org/show_bug.cgi?id=69466
+ This is a step toward incremental DOM finalization.
- Reviewed by Oliver Hunt.
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::~CopiedSpace):
+ * heap/CopiedSpace.h:
+ (CopiedSpace): Just use our destructor, instead of relying on the heap
+ to send us a special message at a special time.
* heap/Heap.cpp:
- (JSC::Heap::addFinalizer):
- (JSC::Heap::FinalizerOwner::finalize):
- * heap/Heap.h: New function for adding an arbitrary finalizer for an
- arbitrary cell without declaring any special classes or Handles yourself.
+ (JSC::Heap::Heap): Use OwnPtr for m_markListSet because this is not Sparta.
- * JavaScriptCore.exp: Fix build.
+ (JSC::Heap::~Heap): No need for delete or freeAllBlocks because normal
+ destructors do this work automatically now.
- * runtime/Executable.cpp:
- (JSC::ExecutableBase::clearCode):
- (JSC::ExecutableBase::clearCodeVirtual):
- (JSC::EvalExecutable::clearCodeVirtual):
- (JSC::ProgramExecutable::clearCodeVirtual):
- (JSC::FunctionExecutable::discardCode):
- (JSC::FunctionExecutable::clearCodeVirtual):
- * runtime/Executable.h:
- (JSC::ExecutableBase::finishCreation): Use the new mechanism for eager
- finalization of executables.
+ (JSC::Heap::lastChanceToFinalize): Just call lastChanceToFinalize on our
+ sub-objects, and assume it does the right thing. This improves encapsulation,
+ so we can add items requiring finalization to our sub-objects.
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::clearRareData):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::createRareDataIfNeeded):
- (JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager
- finalization of weak maps.
+ * heap/Heap.h: Moved m_blockAllocator to get the right destruction order.
-2011-10-05 Adam Roben <aroben@apple.com>
-
- Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer
-
- RetainPtr's behavior of allowing the template parameter to be either a pointer type or a
- pointed-to type confused us when we implemented hashTableDeletedValue.
-
- Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type
- in HashMap/HashSet fails to compile
+ * heap/MarkedSpace.cpp:
+ (Take):
+ (JSC):
+ (JSC::Take::Take):
+ (JSC::Take::operator()):
+ (JSC::Take::returnValue): Moved to the top of the file so it can be used
+ in another function.
- Reviewed by John Sullivan.
+ (JSC::MarkedSpace::~MarkedSpace): Delete all outstanding memory, like a good
+ destructor should.
- * wtf/RetainPtr.h:
- (WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*,
- since T might itself be a pointer.
+ (JSC::MarkedSpace::lastChanceToFinalize): Moved some code here from the heap,
+ since it pertains to our internal implementation details.
- (WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't
- seem to be causing a problem.
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ * heap/WeakBlock.cpp:
+ (JSC::WeakBlock::lastChanceToFinalize):
+ * heap/WeakBlock.h:
+ (WeakBlock):
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::lastChanceToFinalize):
+ * heap/WeakSet.h:
+ (WeakSet): Stop using a special freeAllBlocks() callback and just implement
+ lastChanceToFinalize.
-2011-10-05 Oliver Hunt <oliver@apple.com>
+2011-05-22 Geoffrey Garen <ggaren@apple.com>
- Remove last vestiges of anonymous storage.
+ Encapsulated some calculations for whether portions of the heap are empty
+ https://bugs.webkit.org/show_bug.cgi?id=87210
Reviewed by Gavin Barraclough.
- One anonymous storage function escaped my prior purge of
- this feature, this patch removes it.
-
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::finishCreation):
- * runtime/JSObject.h:
-
-2011-10-04 Filip Pizlo <fpizlo@apple.com>
-
- DFG should be capable of a broader range of speculations on branch and not
- https://bugs.webkit.org/show_bug.cgi?id=69322
+ This is a step toward incremental DOM finalization.
- Reviewed by Oliver Hunt.
-
- * bytecode/PredictedType.h:
- (JSC::isFinalObjectOrOtherPrediction):
- (JSC::isArrayOrOtherPrediction):
- * dfg/DFGJITCodeGenerator.cpp:
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther):
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitBranch):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
- (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2011-10-05 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r96733.
- http://trac.webkit.org/changeset/96733
- https://bugs.webkit.org/show_bug.cgi?id=69454
-
- Broke GCC for some reason (Requested by andersca on #webkit).
-
- * wtf/ListHashSet.h:
- (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
- (WTF::ListHashSetReverseIterator::get):
- (WTF::ListHashSetReverseIterator::operator*):
- (WTF::ListHashSetReverseIterator::operator->):
- (WTF::ListHashSetReverseIterator::operator++):
- (WTF::ListHashSetReverseIterator::operator--):
- (WTF::ListHashSetReverseIterator::operator==):
- (WTF::ListHashSetReverseIterator::operator!=):
- (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
- (WTF::ListHashSetReverseIterator::node):
- (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
- (WTF::ListHashSetConstReverseIterator::get):
- (WTF::ListHashSetConstReverseIterator::operator*):
- (WTF::ListHashSetConstReverseIterator::operator->):
- (WTF::ListHashSetConstReverseIterator::operator++):
- (WTF::ListHashSetConstReverseIterator::operator--):
- (WTF::ListHashSetConstReverseIterator::operator==):
- (WTF::ListHashSetConstReverseIterator::operator!=):
- (WTF::ListHashSetConstReverseIterator::node):
- (WTF::::rbegin):
- (WTF::::rend):
- (WTF::::makeReverseIterator):
- (WTF::::makeConstReverseIterator):
-
-2011-10-04 Oliver Hunt <oliver@apple.com>
-
- Add rudimentary filtering to write barriers
- https://bugs.webkit.org/show_bug.cgi?id=69392
-
- Reviewed by Filip Pizlo.
-
- Add approximate filtering for write barriers based on the
- target's mark bit. Also add some macros to support dumping
- GC phase timings.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::markCellCard):
* heap/Heap.cpp:
- (JSC::GCTimer::GCTimerScope::GCTimerScope):
- (JSC::GCTimer::GCTimerScope::~GCTimerScope):
- (JSC::Heap::markRoots):
- (JSC::Heap::collect):
- Add phase timing information.
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::offsetOfMarks):
- (JSC::MarkedBlock::gatherDirtyCells):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emitWriteBarrier):
-
-2011-10-05 Anders Carlsson <andersca@apple.com>
-
- Use std::reverse_iterator for ListHashSet reverse iterators
- https://bugs.webkit.org/show_bug.cgi?id=69446
-
- Reviewed by Darin Adler.
-
- * wtf/ListHashSet.h:
- Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators
- and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes.
-
-2011-10-04 Gavin Barraclough <barraclough@apple.com>
-
- Make Object.prototype getter/setter methods match ES5 behaviour
- https://bugs.webkit.org/show_bug.cgi?id=69393
-
- Reviewed by Sam Weinig.
-
- The rest of Object.prototype no longer substitute Null/Undefined with the global object,
- this is old ES3 behaviour. Remove it here too.
-
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncDefineGetter):
- (JSC::objectProtoFuncDefineSetter):
- (JSC::objectProtoFuncLookupGetter):
- (JSC::objectProtoFuncLookupSetter):
-
-2011-10-05 Patrick Gansterer <paroga@webkit.org>
-
- Get rid of posixThread in MachineStackMarker::Thread
- https://bugs.webkit.org/show_bug.cgi?id=54836
-
- Reviewed by Oliver Hunt.
-
- * heap/MachineStackMarker.cpp:
- (JSC::MachineThreads::Thread::Thread):
- (JSC::getCurrentPlatformThread):
- (JSC::equalThread):
- (JSC::MachineThreads::addCurrentThread):
- (JSC::MachineThreads::removeCurrentThread):
- (JSC::MachineThreads::gatherConservativeRoots):
-
-2011-10-04 Geoffrey Garen <ggaren@apple.com>
-
- Removed JSValue::toJSNumber
- https://bugs.webkit.org/show_bug.cgi?id=69399
-
- No perf. change.
-
- toJSNumber() used to provide an implicit fast path for immediate numbers,
- but those fast paths are all explicit now, so it's just cruft.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSValue.h:
- * runtime/JSValueInlineMethods.h:
-
-2011-10-05 Gavin Peters <gavinp@chromium.org>
-
- REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces
- https://bugs.webkit.org/show_bug.cgi?id=69424
-
- Skip an extra frame in WTFReportBacktrace. As well, I now don't count skipped frames in maxFrames,
- so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively
- 31 reported frames.
-
- Reviewed by Adam Roben.
-
- * wtf/Assertions.cpp:
- * wtf/Assertions.h:
-
-2011-10-05 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed WinCE build fix for r96595.
-
- * wtf/Assertions.cpp:
- RtlCaptureStackBackTrace() isn't available on WinCE.
-
-2011-10-04 Kent Tamura <tkent@chromium.org>
-
- Introduce feature flags for incomplete input types
- https://bugs.webkit.org/show_bug.cgi?id=68971
-
- Reviewed by Hajime Morita.
-
- * Configurations/FeatureDefines.xcconfig:
- Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS.
-
-2011-10-04 Geoffrey Garen <ggaren@apple.com>
-
- Build fix.
-
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening.
-
-2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static ClassInfo structs to classes that override JSCell::getCallData
- https://bugs.webkit.org/show_bug.cgi?id=69311
-
- Reviewed by Darin Adler.
-
- Added ClassInfo structs to each class that defined its own getCallData
- function but did not already have its own ClassInfo struct. This is a
- necessary addition for when we switch over to looking up getCallData from
- the MethodTable in ClassInfo rather than doing the virtual call (which we
- are removing). These new ClassInfo structs are public because we often
- use these structs in other areas of the code to uniquely identify JSC classes and
- to enforce runtime invariants based on those class identities using ASSERTs.
- Also added new createStructure methods to those classes that didn't have
- them so that the new ClassInfo structs would be used when creating the Structures
- in these classes.
-
- * runtime/BooleanConstructor.cpp:
- * runtime/BooleanConstructor.h:
- (JSC::BooleanConstructor::createStructure):
-
- getCallData was not marked as static in StrictModeTypeErrorFunction.
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
- (JSC::StrictModeTypeErrorFunction::getCallData):
- (JSC::StrictModeTypeErrorFunction::createStructure):
- * runtime/ErrorConstructor.cpp:
- * runtime/ErrorConstructor.h:
- (JSC::ErrorConstructor::createStructure):
- * runtime/FunctionConstructor.cpp:
- * runtime/FunctionConstructor.h:
- (JSC::FunctionConstructor::createStructure):
- * runtime/FunctionPrototype.cpp:
- * runtime/FunctionPrototype.h:
-
-2011-10-03 Geoffrey Garen <ggaren@apple.com>
-
- Some JSValue cleanup
- https://bugs.webkit.org/show_bug.cgi?id=69320
-
- Reviewed by Darin Adler.
-
- No measurable performance change.
-
- Removed some JSValue::get* functions. get* used to be an optimization
- when every value operation was a virtual function call: get* would combine
- two virtual calls into one. Now, with non-virtual, inlined functions, get*
- isn't faster, and may be slightly slower.
-
- Merged getBoolean(bool&) and getBoolean() into asBoolean().
-
- Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
- asNumber().
-
- * runtime/JSValue.h:
- * runtime/JSValueInlineMethods.h:
- (JSC::JSValue::asNumber):
- (JSC::JSValue::asBoolean): As promised!
-
- * runtime/NumberPrototype.cpp:
- (JSC::toThisNumber):
- (JSC::numberProtoFuncToExponential):
- (JSC::numberProtoFuncToFixed):
- (JSC::numberProtoFuncToPrecision):
- (JSC::numberProtoFuncToString):
- (JSC::numberProtoFuncToLocaleString):
- (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
- by switching to toThisNumber().
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::::toNumber):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::valueOfNumberConstant):
- (JSC::DFG::Graph::valueOfBooleanConstant):
- * dfg/DFGOperations.cpp:
- (JSC::DFG::putByVal):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/DateInstance.h:
- (JSC::DateInstance::internalNumber):
- * runtime/FunctionPrototype.cpp:
- (JSC::functionProtoFuncBind):
- * runtime/JSArray.cpp:
- (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
- getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
-
- * runtime/JSCell.cpp:
- * runtime/JSCell.h: Nixed getJSNumber().
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncParseInt):
- * runtime/JSONObject.cpp:
- (JSC::gap):
- (JSC::Stringifier::Stringifier):
- (JSC::Stringifier::appendStringifiedValue):
- * runtime/NumberObject.cpp:
- * runtime/NumberObject.h:
- (JSC::NumberObject::createStructure):
- * runtime/Operations.h:
- (JSC::JSValue::equalSlowCaseInline):
- (JSC::JSValue::strictEqual):
- (JSC::jsLess):
- (JSC::jsLessEq):
- (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
- getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
-
-2011-10-04 Scott Graham <scottmg@chromium.org>
-
- Add GAMEPAD feature flag
- https://bugs.webkit.org/show_bug.cgi?id=66859
-
- Reviewed by Darin Fisher.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-10-03 Filip Pizlo <fpizlo@apple.com>
-
- JITCodeGenerator should no longer have code that tries too hard
- to be both speculative and non-speculative
- https://bugs.webkit.org/show_bug.cgi?id=69321
-
- Reviewed by Gavin Barraclough.
-
- Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
- This required moving emitBranch() to SpeculativeJIT, since it was
- the main user of that field and method. Other than trvial clean-ups
- in emitBranch(), the code is unchanged (and still has some disparity
- between 64 and 32_64, and still lacks some obvious optimizations).
-
- * dfg/DFGJITCodeGenerator.cpp:
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- * dfg/DFGJITCodeGenerator64.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitBranch):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2011-10-04 David Hyatt <hyatt@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=69372
-
- [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
-
- Add support for reverse iteration to ListHashSet to support being able to walk them
- backwards easily.
+ (JSC::Heap::~Heap): Explicitly call freeAllBlocks() instead of relying
+ implicitly on all blocks thinking they're empty. In future, we may
+ choose to tear down the heap without first setting all data structures
+ to "empty".
- Reviewed by Anders Carlsson.
-
- * wtf/ListHashSet.h:
- (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
- (WTF::ListHashSetReverseIterator::get):
- (WTF::ListHashSetReverseIterator::operator*):
- (WTF::ListHashSetReverseIterator::operator->):
- (WTF::ListHashSetReverseIterator::operator++):
- (WTF::ListHashSetReverseIterator::operator--):
- (WTF::ListHashSetReverseIterator::operator==):
- (WTF::ListHashSetReverseIterator::operator!=):
- (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
- (WTF::ListHashSetReverseIterator::node):
- (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
- (WTF::ListHashSetConstReverseIterator::get):
- (WTF::ListHashSetConstReverseIterator::operator*):
- (WTF::ListHashSetConstReverseIterator::operator->):
- (WTF::ListHashSetConstReverseIterator::operator++):
- (WTF::ListHashSetConstReverseIterator::operator--):
- (WTF::ListHashSetConstReverseIterator::operator==):
- (WTF::ListHashSetConstReverseIterator::operator!=):
- (WTF::ListHashSetConstReverseIterator::node):
- (WTF::::rbegin):
- (WTF::::rend):
- (WTF::::makeReverseIterator):
- (WTF::::makeConstReverseIterator):
- (WTF::::makeConstIterator):
-
-2011-10-04 Gavin Peters <gavinp@chromium.org>
-
- fix gtk breakage caused by changeset 96595
- https://bugs.webkit.org/show_bug.cgi?id=69371
-
- ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
- the pretty printer on gtk, which should fix the build on that platform.
-
- Reviewed by NOBODY, this is a build fix.
-
- * wtf/Assertions.cpp:
-
-2011-10-04 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r96630.
- http://trac.webkit.org/changeset/96630
- https://bugs.webkit.org/show_bug.cgi?id=69368
-
- Caused assertion failures in validateCell (Requested by
- mhahnenberg on #webkit).
-
- * runtime/BooleanConstructor.cpp:
- * runtime/BooleanConstructor.h:
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
- (JSC::StrictModeTypeErrorFunction::getCallData):
- * runtime/ErrorConstructor.cpp:
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- * runtime/FunctionPrototype.h:
-
-2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static ClassInfo structs to classes that override JSCell::getCallData
- https://bugs.webkit.org/show_bug.cgi?id=69311
-
- Reviewed by Darin Adler.
-
- Added ClassInfo structs to each class that defined its own getCallData
- function but did not already have its own ClassInfo struct. This is a
- necessary addition for when we switch over to looking up getCallData from
- the MethodTable in ClassInfo rather than doing the virtual call (which we
- are removing). These new ClassInfo structs are public because we often
- use these structs in other areas of the code to uniquely identify JSC classes and
- to enforce runtime invariants based on those class identities using ASSERTs.
-
- * runtime/BooleanConstructor.cpp:
- * runtime/BooleanConstructor.h:
-
- getCallData was not marked as static is StrictModeTypeErrorFunction.
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
- (JSC::StrictModeTypeErrorFunction::getCallData):
- * runtime/ErrorConstructor.cpp:
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- * runtime/FunctionPrototype.h:
-
-2011-10-04 Ryosuke Niwa <rniwa@webkit.org>
-
- Leopard build fix after r96613.
-
- * wtf/Platform.h:
-
-2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Implicitly add toString and valueOf to prototype when convertToType callback is provided
- https://bugs.webkit.org/show_bug.cgi?id=69156
-
- Reviewed by Geoffrey Garen.
-
- Added callbacks for toString and valueOf which are implicitly added to a client object's
- prototype if they provide a convertToType callback when declaring their class through
- the JSC API.
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::toStringCallback):
- (JSC::JSCallbackFunction::valueOfCallback):
- * API/JSCallbackFunction.h:
- * API/JSClassRef.cpp:
- (OpaqueJSClass::prototype):
- * API/tests/testapi.js:
-
-2011-10-03 Jon Lee <jonlee@apple.com>
-
- Extend DOM WheelEvent to differentiate between physical and logical scroll directions
- https://bugs.webkit.org/show_bug.cgi?id=68959
- <rdar://problem/10036688>
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isEmpty):
+ (JSC::MarkedBlock::gatherDirtyCells): Renamed markCountIsZero to isEmpty,
+ in preparation for making it check for outstanding finalizers in addition
+ to marked cells.
- Reviewed by Sam Weinig.
+ * heap/MarkedSpace.cpp:
+ (Take):
+ (JSC::Take::Take):
+ (JSC::Take::operator()):
+ (JSC::Take::returnValue):
+ (JSC::MarkedSpace::shrink):
+ (JSC::MarkedSpace::freeAllBlocks): Refactored the "Take" functor to support
+ a conditional isEmpty check, so it dould be shared by shrink() and freeAllBlocks().
- * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.
+ * heap/WeakBlock.cpp:
+ (JSC::WeakBlock::WeakBlock):
+ (JSC::WeakBlock::visitLiveWeakImpls):
+ (JSC::WeakBlock::visitDeadWeakImpls):
+ * heap/WeakBlock.h:
+ (WeakBlock):
+ (JSC::WeakBlock::isEmpty):
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::sweep):
+ (JSC::WeakSet::shrink): Use isEmpty(), in preparation for changes in
+ its implementation.
-2011-10-04 Csaba Osztrogonác <ossy@webkit.org>
+2012-05-23 Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
- MinGW warning fix after r96286.
+ [Qt] Remove references to $$QT_SOURCE_TREE
- Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:
- #define __stdcall __attribute__((stdcall))
- #define STDCALL __stdcall
+ With a modularized Qt, it's ambigious. What we really want is qtbase,
+ which qtcore is a proxy for (we assume it will always live in qtbase).
Reviewed by Tor Arne Vestbø.
- * assembler/MacroAssemblerCodeRef.h:
-
-2011-10-04 Gavin Peters <gavinp@chromium.org>
-
- add more stack dumping methods
- https://bugs.webkit.org/show_bug.cgi?id=69018
-
- In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
- WebKit programmatically retrieve the current stack. This is useful if you need to add more
- reporting to field crash report uploads, if you're tracking down an irreproducable bug,
- for instance.
-
- Reviewed by Darin Adler.
-
- * wtf/Assertions.cpp:
- * wtf/Assertions.h:
-
-2011-10-03 Filip Pizlo <fpizlo@apple.com>
-
- DFG should inline Array.push and Array.pop
- https://bugs.webkit.org/show_bug.cgi?id=69314
-
- Reviewed by Geoff Garen.
-
- Fix 32-bit.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-03 Filip Pizlo <fpizlo@apple.com>
-
- DFG should inline Array.push and Array.pop
- https://bugs.webkit.org/show_bug.cgi?id=69314
-
- Reviewed by Oliver Hunt.
-
- 1% speed-up in V8 due to 6% speed-up in V8-deltablue.
-
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::storePtr):
- * create_hash_table:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGIntrinsic.h:
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasHeapPrediction):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::getMethodLoadElimination):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-03 Filip Pizlo <fpizlo@apple.com>
-
- JSC ASSERT Opening the Web Inspector
- https://bugs.webkit.org/show_bug.cgi?id=69293
-
- Reviewed by Oliver Hunt.
-
- If a polymorphic access structure list has a duplicated structure, then
- don't crash.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-10-03 Gavin Barraclough <barraclough@apple.com>
-
- On X86, switch bucketCount into a register, timeoutCheck into memory
- https://bugs.webkit.org/show_bug.cgi?id=69299
-
- Reviewed by Geoff Garen.
-
- We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
- it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
- but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
- function too frequently (regressing performance). This patch has no perf impact on sunspider.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::branchAdd32):
- (JSC::MacroAssemblerX86::branchSub32):
- - Added branchSub32 with AbsoluteAddress.
- * jit/JIT.cpp:
- (JSC::JIT::emitTimeoutCheck):
- - Keep timeout count in memory on X86.
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
- - remove X86 specific code, switch bucket count back into a register.
- * jit/JITStubs.cpp:
- - Stop initializing esi (it is no longer the timeoutCheck!)
- * jit/JSInterfaceJIT.h:
- - change definition of esi to be the bucketCountRegister.
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- - Add timeoutCount as a property to global data (the counter should be per-thread).
-
-2011-10-03 Filip Pizlo <fpizlo@apple.com>
-
- DFG backends don't have access to per-node predictions from the propagator
- https://bugs.webkit.org/show_bug.cgi?id=69291
-
- Reviewed by Oliver Hunt.
-
- Nodes now have two notion of predictions: the heap prediction, which is
- what came directly from value profiling, and the propagator's predictions,
- which arise out of abstract interpretation. Every node has a propagator
- prediction, but not every node has a heap prediction; and there is no
- guarantee that a node that has both will keep them consistent as the
- propagator may have additional information available to it.
-
- This is performance neutral.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::getPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::hasHeapPrediction):
- (JSC::DFG::Node::getHeapPrediction):
- (JSC::DFG::Node::predictHeap):
- (JSC::DFG::Node::prediction):
- (JSC::DFG::Node::predict):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::Propagator):
- (JSC::DFG::Propagator::setPrediction):
- (JSC::DFG::Propagator::mergePrediction):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::isPredictedNumerical):
- (JSC::DFG::Propagator::logicalNotIsPure):
- (JSC::DFG::Propagator::setReplacement):
-
-2011-10-03 Jer Noble <jer.noble@apple.com>
-
- Unreviewed, rolling out r96526.
- http://trac.webkit.org/changeset/96526
- https://bugs.webkit.org/show_bug.cgi?id=68587
-
- WEB_AUDIO has numerous 64->32 bit casting warnings, causing
- build breakages where -Wall is enabled.
-
- * Configurations/FeatureDefines.xcconfig:
- * wtf/Platform.h:
-
-2011-10-03 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed build fix for DFG JIT 32_64.
-
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-02 Filip Pizlo <fpizlo@apple.com>
-
- DFG should speculate more aggressively on obvious cases on
- polymorphic get_by_id
- https://bugs.webkit.org/show_bug.cgi?id=69235
-
- Reviewed by Oliver Hunt.
-
- This implements trivial polymorphic get_by_id. It also fixes
- problems in the CSE for CheckStructure in the put_by_id
- transition case.
-
- Doing this required knowing whether a polymorphic get_by_id stub
- was doing a direct access rather than a call of some kind.
-
- Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
- scaled mean of all benchmarks.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
- (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::cellConstant):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::addStructureSet):
- (JSC::DFG::Graph::addStructureTransitionData):
- * dfg/DFGNode.h:
- (JSC::DFG::StructureTransitionData::StructureTransitionData):
- (JSC::DFG::Node::hasStructureTransitionData):
- (JSC::DFG::Node::structureTransitionData):
- (JSC::DFG::Node::hasStructureSet):
- (JSC::DFG::Node::structureSet):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryBuildGetByIDList):
- (JSC::DFG::tryBuildGetByIDProtoList):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGStructureSet.h: Added.
- (JSC::DFG::StructureSet::StructureSet):
- (JSC::DFG::StructureSet::add):
- (JSC::DFG::StructureSet::addAll):
- (JSC::DFG::StructureSet::remove):
- (JSC::DFG::StructureSet::contains):
- (JSC::DFG::StructureSet::isSubsetOf):
- (JSC::DFG::StructureSet::isSupersetOf):
- (JSC::DFG::StructureSet::size):
- (JSC::DFG::StructureSet::at):
- (JSC::DFG::StructureSet::operator[]):
- (JSC::DFG::StructureSet::last):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::getPolymorphicAccessStructureListSlot):
-
-2011-10-03 Jer Noble <jer.noble@apple.com>
-
- Enable WEB_AUDIO by default in the WebKit/mac port.
- https://bugs.webkit.org/show_bug.cgi?id=68587
-
- Reviewed by Simon Fraser.
-
- * Configurations/FeatureDefines.xcconfig:
- * wtf/Platform.h:
-
-2011-10-03 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Fix make distcheck build
- https://bugs.webkit.org/show_bug.cgi?id=69243
-
- Reviewed by Martin Robinson.
-
- * GNUmakefile.list.am:
-
-2011-10-03 Pierre Rossi <pierre.rossi@gmail.com>
-
- [Qt] Build fix: Qt::escape is deprecated in Qt5
- https://bugs.webkit.org/show_bug.cgi?id=69162
-
- Use QString::toHtmlEscaped in the Qt5 case.
-
- Reviewed by Andreas Kling.
-
* JavaScriptCore.pri:
- * wtf/qt/UtilsQt.h: Added.
- (escapeHtml):
- * wtf/wtf.pri:
-
-2011-10-03 Balazs Kelemen <kbalazs@webkit.org>
-
- libdispatch based ParallelJobs is not enough parallel
- https://bugs.webkit.org/show_bug.cgi?id=66378
-
- Reviewed by Zoltan Herczeg.
-
- Use the appropriate libdispatch API for our use case.
- Throw away the hard coded limit of parallel threads
- and use dispatch_apply with the default priority normal
- queue istead of using our own custom serial queue (which
- was a misuse of the API). Enabling PARALLEL_JOBS is now
- a 60% win (2.63x as fast) on the methanol benchmark
- (https://gitorious.org/methanol) with an SVG centric test set
- while the old implementation was almost identical (less than 5% win).
-
- * wtf/ParallelJobsLibdispatch.h:
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::execute):
-
-2011-10-02 Zoltan Herczeg <zherczeg@webkit.org>
-
- [Qt]REGRESSION(r95912): It made sputnik tests flakey
- https://bugs.webkit.org/show_bug.cgi?id=68990
-
- Reviewed by Geoffrey Garen.
-
- Changing signed char to int in r96354 solved the
- problem. However transitionCount still returns
- with a signed char and should be changed to int.
-
- * runtime/Structure.h:
- (JSC::Structure::transitionCount):
-
-2011-10-02 Filip Pizlo <fpizlo@apple.com>
-
- DFG misses some obvious opportunities for common subexpression elimination
- https://bugs.webkit.org/show_bug.cgi?id=69233
-
- Reviewed by Oliver Hunt.
-
- 0.7% speed-up on SunSpider.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::getMethodLoadElimination):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
-
-2011-10-02 Gavin Barraclough <barraclough@apple.com>
-
- Bug 67455 - Different regular expression result
-
- Reviewed by Darin Adler.
-
- Fix a regression introduced in r72140. A return was added to the backtracking loop for
- backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
- This is incorrect. The additional return should only trigger to force an early return if
- an error has occured.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::matchParentheses):
- - Simplify some nested if else logic.
- (JSC::Yarr::Interpreter::backtrackParentheses):
- - Simplify some nested if else logic.
- - Only return early from backtrackParentheses on success/error, not on failure.
-
-2011-10-01 Geoffrey Garen <ggaren@apple.com>
-
- Removed redundant helper functions for allocating Strong handles
- https://bugs.webkit.org/show_bug.cgi?id=69218
-
- Reviewed by Sam Weinig.
-
- * heap/Heap.h:
- (JSC::Heap::handleHeap):
- * runtime/JSGlobalData.h: Removed these helper functions, since they
- just created indirection.
-
- * heap/StrongInlines.h: Added. Broke out a header for inline functions
- to resolve circular dependencies created by inlining. I'm told this is
- the future for JavaScriptCore.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::::init):
- * runtime/WeakGCMap.h:
- (JSC::WeakGCMap::add):
- (JSC::WeakGCMap::set):
- * runtime/StructureTransitionTable.h:
- (JSC::StructureTransitionTable::setSingleTransition):
- * heap/Local.h:
- (JSC::::Local):
- * heap/Strong.h:
- (JSC::::Strong):
- (JSC::::set):
- * heap/Weak.h:
- (JSC::Weak::Weak):
- (JSC::Weak::set): Allocate handles directly instead of going through a
- chain of forwarding functions.
-
- * bytecompiler/BytecodeGenerator.cpp:
- * runtime/JSGlobalData.cpp:
- * runtime/LiteralParser.cpp:
- * runtime/RegExpCache.cpp: Updated for header changes.
-
-2011-09-30 Filip Pizlo <fpizlo@apple.com>
-
- All of JSC's heuristics should be in one place for easier tuning
- https://bugs.webkit.org/show_bug.cgi?id=69201
-
- Reviewed by Oliver Hunt.
-
- This makes it possible to change tiered compilation heuristics in
- one place (Heuristics.cpp) without recompiling the whole project.
-
- It also makes it possible to enable setting heuristics using
- environment variables. This is off by default. When turned on, it
- makes tuning the system much easier.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::shouldOptimizeNow):
- * bytecode/CodeBlock.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
- * runtime/Heuristics.cpp: Added.
- (JSC::Heuristics::parse):
- (JSC::Heuristics::setHeuristic):
- (JSC::Heuristics::initializeHeuristics):
- * runtime/Heuristics.h: Added.
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
+ * Target.pri:
-2011-10-01 Oliver Hunt <oliver@apple.com>
+2012-05-09 Filip Pizlo <fpizlo@apple.com>
- Support string length in the DFG
- https://bugs.webkit.org/show_bug.cgi?id=69215
+ DFG should allow inlining in case of certain arity mismatches
+ https://bugs.webkit.org/show_bug.cgi?id=86059
Reviewed by Geoff Garen.
-
- Adds a GetStringLength node to the DFG so that we can support
- string.length inline.
-
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isKnownString):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSString.h:
- (JSC::JSString::offsetOfLength):
-
-2011-10-01 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69205
-
- Reviewed by Gavin Barraclough.
-
- If there are unboxed integers and cells in register file (e.g. by SetLocal),
- they must be reboxed before exiting from the speculative DFG JIT execution.
- This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
- ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).
-
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::ValueRecovery::dump):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueSource::forPrediction):
- (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
-
-2011-10-01 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r96421.
- http://trac.webkit.org/changeset/96421
- https://bugs.webkit.org/show_bug.cgi?id=69206
-
- It broke Qt-WK2 build (Requested by ossy on #webkit).
-
- * JavaScriptCore.pri:
- * wtf/qt/UtilsQt.h: Removed.
- * wtf/wtf.pri:
-
-2011-09-30 Daniel Bates <dbates@webkit.org>
-
- Attempt to fix the Apple Windows and WinCairo Debug builds after
- <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
- ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
- corresponding function, JSValue::toStrictThisObject(), was removed.
-
-2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG operation results are not set correctly in JSVALUE32_64 DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69126
-
- Reviewed by Gavin Barraclough.
-
- The setupResults routine has the bug of reversing the source and destination.
- Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::setupTwoStubArgs):
- (JSC::DFG::setupResults):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-
-2011-09-30 Gavin Barraclough <barraclough@apple.com>
-
- Remove toStrictThisObject, toThisString, toThisJSString
- https://bugs.webkit.org/show_bug.cgi?id=69203
-
- Rubber stamped by Sam Weinig
-
- These are no longer used.
-
- * JavaScriptCore.exp:
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSObject.cpp:
- * runtime/JSObject.h:
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSValue.h:
- * runtime/StrictEvalActivation.cpp:
- * runtime/StrictEvalActivation.h:
-
-2011-09-30 Filip Pizlo <fpizlo@apple.com>
-
- DFG does not speculate aggressively enough on put_by_id
- https://bugs.webkit.org/show_bug.cgi?id=69114
-
- Reviewed by Oliver Hunt.
-
- This adds new nodes along with optimizations for those nodes:
-
- GetPropertyStorage: CheckStructure used to do both the structure
- check and retrieve the storage pointer. Now CheckStructure just
- checks the structure, and GetPropertyStorage retrieves the
- storage pointer.
- PutStructure: Changes the structure, and has the expected store
- to load optimization with CheckStructure.
-
- PutByOffset: Directly sets the value. Has store to load
- optimization with GetByOffset.
+ Merge r116620 from dfgopt.
* dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::cellConstant):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::writeBarrier):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasStructure):
- (JSC::DFG::Node::hasStorageAccessData):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::impureCSE):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
- (JSC::DFG::Propagator::eliminate):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-30 Gavin Barraclough <barraclough@apple.com>
-
- StringRecursionChecker should not work in terms of EncodedJSValue
- https://bugs.webkit.org/show_bug.cgi?id=69188
-
- Reviewed by Oliver Hunt.
-
- 0 is not the empty value on 32_64.
- Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- (JSC::arrayProtoFuncToLocaleString):
- (JSC::arrayProtoFuncJoin):
- * runtime/ErrorPrototype.cpp:
- (JSC::errorProtoFuncToString):
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncToString):
- * runtime/StringRecursionChecker.cpp:
- (JSC::StringRecursionChecker::throwStackOverflowError):
- (JSC::StringRecursionChecker::emptyString):
- * runtime/StringRecursionChecker.h:
- (JSC::StringRecursionChecker::performCheck):
- (JSC::StringRecursionChecker::earlyReturnValue):
-
-2011-09-30 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT, Branch on integer can always be a 32-bit compare.
- https://bugs.webkit.org/show_bug.cgi?id=69174
-
- Reviewed by Sam Weinig.
-
- if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
- the JSVALUE64 JIT will currently compare all 64bits in the register, but in
- these cases the DataFormat is always a JS boxed integer. In these cases we
- can just compare the low 32bits anyway - no need to check the tag.
- This allows the code to be unified with the JSVALUE32_64 JIT.
-
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-30 Oliver Hunt <oliver@apple.com>
-
- Need a sensible GGC policy
-
- Reviewed by Geoff Garen.
-
- This replaces the existing random collection policy
- with a deterministic policy based on nursery size.
-
- * heap/AllocationSpace.cpp:
- (JSC::AllocationSpace::allocateSlowCase):
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::markRoots):
- (JSC::Heap::collect):
- * heap/Heap.h:
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::resetAllocator):
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::nurseryWaterMark):
- (JSC::MarkedSpace::allocate):
-
-2011-09-30 Filip Pizlo <fpizlo@apple.com>
-
- DFG 32-bit support for op_call and op_construct causes
- run-javascriptcore-tests to fail
- https://bugs.webkit.org/show_bug.cgi?id=69171
-
- Reviewed by Gavin Barraclough.
-
- This fixes one obvious bug that was causing test failures (no
- support for dummy slow case for op_add in 32_64), and disables
- op_call and op_construct by default.
-
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_add):
- (JSC::JIT::emitSlow_op_add):
+ (JSC::DFG::ByteCodeParser::handleInlining):
-2011-09-30 Geoffrey Garen <ggaren@apple.com>
+2012-05-08 Filip Pizlo <fpizlo@apple.com>
- Crash due to out of bounds read/write in MarkedSpace
- https://bugs.webkit.org/show_bug.cgi?id=69148
-
- This was a case of being surprised by a poorly aritulcated cell size limit,
- plus an incorrect ASSERT guarding the cell size limit.
+ DFG variable capture analysis should work even if the variables arose through inlining
+ https://bugs.webkit.org/show_bug.cgi?id=85945
Reviewed by Oliver Hunt.
-
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive,
- since it makes the ranges easier to understand.
- Bumped up the max cell size to support the use case in this bug. Since the
- atomSize is much bigger than it used to be, there isn't much accounting
- cost to handling more size classes.
+ Merged r116555 from dfgopt.
- Switched to FixedArray, to help catch SizeClass indexing bugs in the future.
-
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::resetAllocator):
- (JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges
- being inclusive.
-
-2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
-
- [Qt] Build fix: Qt::escape is deprecated in Qt5
- https://bugs.webkit.org/show_bug.cgi?id=69162
-
- Use QString::toHtmlEscaped in the Qt5 case.
-
- Reviewed by Andreas Kling.
-
- * JavaScriptCore.pri:
- * wtf/qt/UtilsQt.h: Added.
- (escapeHtml):
- * wtf/wtf.pri:
-
-2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Fix bug in getHostCallReturnValue of DFG JIT on X86
- https://bugs.webkit.org/show_bug.cgi?id=69133
-
- Reviewed by Gavin Barraclough.
-
- We need to insert the additional argument in the stack slot before
- return address instead of simply pushing it afterwards.
- Also getHostCallReturnValue* should be attributed as stdcall
- to make the stack cleaned up by the callee.
-
- * dfg/DFGOperations.cpp:
-
-2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
-
- [Qt] wtf header files are unknown to Qt Creator
- https://bugs.webkit.org/show_bug.cgi?id=69158
-
- Adding the HEADERS variable in wtf.pri so that
- the header files can be accessed easily.
-
- Reviewed by Andreas Kling.
-
- * wtf/wtf.pri:
-
-2011-09-30 Gavin Barraclough <barraclough@apple.com>
-
- Merge some more of DFGSpeculativeJIT 32_64/64
- https://bugs.webkit.org/show_bug.cgi?id=69164
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCodeGenerator32_64.cpp:
- * dfg/DFGJITCodeGenerator64.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- * dfg/DFGSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileValueAdd):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compileValueAdd):
- (JSC::DFG::SpeculativeJIT::compileLogicalNot):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-30 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add getCallData to MethodTable in ClassInfo
- https://bugs.webkit.org/show_bug.cgi?id=69024
-
- Reviewed by Sam Weinig.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
- Added the getCallData to the MethodTable in the ClassInfo struct.
- * runtime/ClassInfo.h:
-
-2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Add op_call/op_constructor support to JSVALUE32_64 DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69120
-
- Reviewed by Gavin Barraclough.
-
- Improve the coverage of JSVALUE32_64 DFG JIT.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::tagOfCallData):
- (JSC::DFG::payloadOfCallData):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG JIT - register not unlocked after usage in ArithDiv
- https://bugs.webkit.org/show_bug.cgi?id=69122
-
- Reviewed by Geoffrey Garen.
-
- Some allocated register is not unlocked after the usage in ArithDiv.
- Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK".
-
- * dfg/DFGNode.h:
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSCell::toObject
- https://bugs.webkit.org/show_bug.cgi?id=68937
-
- Reviewed by Darin Adler.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
- De-virtualized JSCell::toObject and changed its implementation to manually check the
- cases for JSString and JSObject rather than leaving it up to the virtual method call.
- * runtime/JSCell.cpp:
- (JSC::JSCell::toObject):
- * runtime/JSCell.h:
-
- Removed JSNotAnObject::toObject because the case for JSObject works for it.
- Also removed JSObject::toObject because it was essentially the identity function,
- which is not necessary since toObject is no longer virtual.
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- * runtime/JSObject.h:
-
- De-virtualized JSObject::toObject and JSString::toObject.
- * runtime/JSString.h:
-
-2011-09-29 Gavin Barraclough <barraclough@apple.com>
-
- Start refactoring DFGSpeculativeJIT
- https://bugs.webkit.org/show_bug.cgi?id=69112
-
- Reviewed by Oliver Hunt.
-
- Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::ValueRecovery::dump):
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::OSRExit::dump):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- * dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp.
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-29 Gavin Barraclough <barraclough@apple.com>
-
- Refactor out trivially duplicated code in DFGJITCodeGenerator.
- https://bugs.webkit.org/show_bug.cgi?id=69109
-
- Reviewed by Oliver Hunt.
-
- Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp
-
- Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code
- in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp.
-
- For some function differences are trivial & make more sense to ifdef individually, and some
- Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
- (JSC::DFG::JITCodeGenerator::isKnownBoolean):
- (JSC::DFG::JITCodeGenerator::writeBarrier):
- (JSC::DFG::JITCodeGenerator::dump):
- (JSC::DFG::JITCodeGenerator::checkConsistency):
- (JSC::DFG::GPRTemporary::GPRTemporary):
- (JSC::DFG::FPRTemporary::FPRTemporary):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- * dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp.
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::branchIfNotCell):
- * dfg/DFGJITCompilerInlineMethods.h:
-
-2011-09-28 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should infer which uses of a variable are not aliased
- https://bugs.webkit.org/show_bug.cgi?id=68593
-
- Reviewed by Oliver Hunt.
+ This just changes how the DFG queries whether a variable is captured. It does not
+ change any user-visible behavior.
- This separates how a variable is stored (i.e. its virtual register)
- from how it's predicted. Each variable now takes a
- VariableAccessData as its operand, instead of the virtual register.
- The VariableAccessData stores the operand and the prediction. If
- multiple uses of a variable are aliased, their VariableAccessDatas
- are unified.
+ As part of this change, I further solidified the policy that the CFA behaves in an
+ undefined way for captured locals and queries about their values will not yield
+ reliable results. This will likely be changed in the future, but for now it makes
+ sense.
- This also adds tracking of which argument values are used. It
- correctly observes that an argument value is not used, if the
- argument is assigned to inside the function before being used.
+ One fun part about this change is that it recognizes that the same variable may
+ be both captured and not, at the same time, because their live interval spans
+ inlining boundaries. This only happens in the case of arguments to functions that
+ capture their arguments, and this change treats them with just the right touch of
+ conservatism: they will be treated as if captured by the caller as well as the
+ callee.
- This also adds tracking of which variables are live at the head of
- a basic block, and separates that from a variable being live at the
- tail.
+ Finally, this also adds captured variable reasoning to the InlineCallFrame, which
+ I thought might be useful for later tooling.
- Finally, this communicates to both OSR entry and OSR exit code how
- a variable is predicted at a particular point in the code, rather
- than just communicating how it was predicted in the entire code
- block (since with this patch there is no longer the notion of a
- variable having just one prediction for a code block).
+ This is perf-neutral, since it does it does not make the DFG take advantage of this
+ new functionality in any way. In particular, it is still the case that the DFG will
+ not inline functions that use arguments reflectively or that create activations.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/ActionablePrediction.h: Added.
- (JSC::actionablePredictionFromPredictedType):
- (JSC::valueObeysPrediction):
- (JSC::actionablePredictionToString):
- (JSC::ActionablePredictions::ActionablePredictions):
- (JSC::ActionablePredictions::setArgument):
- (JSC::ActionablePredictions::argument):
- (JSC::ActionablePredictions::setVariable):
- (JSC::ActionablePredictions::variable):
- (JSC::ActionablePredictions::argumentUpperBound):
- (JSC::ActionablePredictions::variableUpperBound):
- (JSC::ActionablePredictions::pack):
- (JSC::ActionablePredictions::packVector):
* bytecode/CodeBlock.h:
- * bytecode/PredictionTracker.h:
+ (CodeBlock):
+ (JSC::CodeBlock::needsActivation):
+ (JSC::CodeBlock::argumentIsCaptured):
+ (JSC::CodeBlock::localIsCaptured):
+ (JSC::CodeBlock::isCaptured):
+ * bytecode/CodeOrigin.h:
+ (InlineCallFrame):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::merge):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::newVariableAccessData):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::flushArgument):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
+ (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGCFGSimplificationPhase.cpp:
+ (CFGSimplificationPhase):
+ (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
+ (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
+ (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
+ * dfg/DFGCommon.h:
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::nameOfVariableAccessData):
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
- (JSC::DFG::operandIsArgument):
- (JSC::DFG::VariableRecord::setFirstTime):
- (JSC::DFG::BasicBlock::BasicBlock):
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::getPrediction):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasVariableAccessData):
- (JSC::DFG::Node::hasLocal):
- (JSC::DFG::Node::variableAccessData):
- (JSC::DFG::Node::local):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGOSREntry.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Graph::needsActivation):
+ (JSC::DFG::Graph::usesArguments):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
* dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueSource::ValueSource):
- (JSC::DFG::ValueSource::forPrediction):
- (JSC::DFG::ValueSource::isSet):
- (JSC::DFG::ValueSource::kind):
- (JSC::DFG::ValueSource::nodeIndex):
- (JSC::DFG::ValueSource::nodeIndexFromKind):
- (JSC::DFG::ValueSource::kindFromNodeIndex):
- (JSC::DFG::SpeculativeJIT::isKnownArray):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * wtf/PackedIntVector.h: Added.
- (WTF::PackedIntVector::PackedIntVector):
- (WTF::PackedIntVector::operator=):
- (WTF::PackedIntVector::size):
- (WTF::PackedIntVector::ensureSize):
- (WTF::PackedIntVector::resize):
- (WTF::PackedIntVector::clearAll):
- (WTF::PackedIntVector::get):
- (WTF::PackedIntVector::set):
- (WTF::PackedIntVector::mask):
- * wtf/Platform.h:
- * wtf/UnionFind.h: Added.
- (WTF::UnionFind::UnionFind):
- (WTF::UnionFind::find):
- (WTF::UnionFind::unify):
-
-2011-09-29 Oliver Hunt <oliver@apple.com>
-
- Build fix.
-
- * heap/AllocationSpace.h:
-
-2011-09-29 Oliver Hunt <oliver@apple.com>
-
- Add logic to collect dirty objects as roots
- https://bugs.webkit.org/show_bug.cgi?id=69100
-
- Reviewed by Geoff Garen.
-
- This gives us the ability to walk all the MarkedBlocks in an
- AllocationSpace and collect the dirty objects, and then use
- them as GC roots.
-
- I also rearranged the order of these instructions because it
- makes them smaller on some platforms with some card sizes.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::markCellCard):
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::markCellCard):
- * heap/AllocationSpace.cpp:
- Tidy up the write barrier logic a bit.
- (JSC::MarkedBlock::gatherDirtyObjects):
- (JSC::TakeIfDirty::returnValue):
- (JSC::TakeIfDirty::TakeIfDirty):
- (JSC::TakeIfDirty::operator()):
- (JSC::AllocationSpace::gatherDirtyObjects):
- * heap/AllocationSpace.h:
- * heap/CardSet.h:
- (JSC::::isCardMarked):
- (JSC::::clearCard):
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- * heap/Heap.h:
- (JSC::Heap::writeBarrier):
- * heap/MarkStack.cpp:
- (JSC::SlotVisitor::visitChildren):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::setDirtyObject):
- (JSC::MarkedBlock::addressOfCardFor):
- * heap/SlotVisitor.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emitWriteBarrier):
- Tidy the write barrier a bit.
-
-2011-09-29 Gavin Barraclough <barraclough@apple.com>
-
- Unreviewed windows build fix.
-
- * assembler/MacroAssemblerCodeRef.h:
- * dfg/DFGOperations.h:
-
-2011-09-29 Filip Pizlo <fpizlo@apple.com>
-
- Structure transitions involving many (> 64) properties sometimes cause structure corruption
- https://bugs.webkit.org/show_bug.cgi?id=69102
-
- Reviewed by Darin Adler.
-
- Made m_offset an int instead of a signed char. Changed the code to ensure that transitions
- don't lead to the dictionary kind being forgotten.
-
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- * runtime/Structure.h:
-
-2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
-
- DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69058
-
- Reviewed by Gavin Barraclough.
-
- Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux
-
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::FunctionPtr::FunctionPtr):
-
-2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods
- https://bugs.webkit.org/show_bug.cgi?id=68839
-
- Reviewed by Geoffrey Garen.
-
- Removed the remaining visitChildrenVirtual methods. This patch completes the process of
- de-virtualizing visitChildren.
-
- * API/JSCallbackObject.h:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.cpp:
- * runtime/Arguments.h:
- * runtime/Executable.cpp:
- * runtime/Executable.h:
- * runtime/GetterSetter.cpp:
- * runtime/GetterSetter.h:
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- * runtime/JSArray.h:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- * runtime/JSPropertyNameIterator.cpp:
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSValue.h:
- * runtime/NativeErrorConstructor.cpp:
- * runtime/NativeErrorConstructor.h:
- * runtime/RegExpObject.cpp:
- * runtime/RegExpObject.h:
- * runtime/Structure.cpp:
- * runtime/Structure.h:
- * runtime/StructureChain.cpp:
- * runtime/StructureChain.h:
-
- Inlined the method table access and call to the visitChildren function (the only call sites
- to visitChildren are here).
- * heap/MarkStack.cpp:
- (JSC::SlotVisitor::visitChildren):
-
- Changed the field name for the visitChildren function pointer to visitChildren (from
- visitChildrenFunctionPtr) to make call sites less verbose.
- * runtime/ClassInfo.h:
-
- Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but
- overrides visitChildren, so it needs to have its own ClassInfo.
- * runtime/JSBoundFunction.cpp:
- * runtime/JSBoundFunction.h:
-
- Had to move className up to make sure that the virtual destructor in JSObject wasn't
- the first non-inline virtual method in JSObject (as per the comment in the file).
- Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
- to mitigate the cost of an extra method call.
-
- Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make
- call sites more concise. Implementation is inline in JSObject.h.
- * runtime/JSObject.h:
- (JSC::JSCell::methodTable):
- * runtime/JSCell.h:
-
- Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to
- appease the vtable gods. It refused to compile if there were no virtual methods in
- both of these classes due to the presence of a weak vtable pointer.
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::~JSWrapperObject):
- * runtime/JSWrapperObject.h:
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::~ScopeChainNode):
- * runtime/ScopeChain.h:
-
-2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=69075
-
- Reviewed by Gavin Barraclough.
-
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
-
- JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor
- https://bugs.webkit.org/show_bug.cgi?id=69054
-
- Reviewed by Gavin Barraclough.
-
- size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS.
-
- * dfg/DFGNode.h:
-
-2011-09-28 Filip Pizlo <fpizlo@apple.com>
-
- DFG checkArgumentTypes fails to check boolean predictions
- https://bugs.webkit.org/show_bug.cgi?id=69059
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-
-2011-09-28 Gavin Barraclough <barraclough@apple.com>
-
- Build fix pt 2 for r96286.
-
- * assembler/MacroAssemblerCodeRef.h:
-
-2011-09-28 Ryosuke Niwa <rniwa@webkit.org>
-
- Build fix attempt for r96286.
-
- * assembler/MacroAssemblerCodeRef.h:
-
-2011-09-28 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT Operations on 32_64 should use stdcall calling convention.
- https://bugs.webkit.org/show_bug.cgi?id=69046
-
- Reviewed by Sam Weinig.
-
- All calls out are expecting stdcall conventions, but the default on OS X are cdecl.
- Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link
- directly to std library functions like fmod - leave these calls obeying the default
- platform calling convention.
-
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::FunctionPtr::FunctionPtr):
- - Add implicit constructors for std calls.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- - Make this work non-Mac platforms.
- * dfg/DFGOperations.cpp:
- (JSC::DFG::operationPutByValInternal):
- * dfg/DFGOperations.h:
- - Mark all operations as stdcalls.
-
-2011-09-28 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT falls back on numerical comparisons when it does not
- recognize a prediction
- https://bugs.webkit.org/show_bug.cgi?id=68977
-
- Reviewed by Geoffrey Garen.
-
- This fixes both the way comparison implementations are selected. It
- also fixes a bug where comparisons other than equality (like < or >)
- on objects are compiled as if the comparison was equality.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
-
-2011-09-28 Gavin Barraclough <barraclough@apple.com>
-
- Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64
- https://bugs.webkit.org/show_bug.cgi?id=69026
-
- Reviewed by Sam Weinig.
-
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::fstpl):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
-
-2011-09-28 Gavin Barraclough <barraclough@apple.com>
-
- Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64
- https://bugs.webkit.org/show_bug.cgi?id=69017
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ * dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::VariableAccessData):
+ (JSC::DFG::VariableAccessData::mergeIsCaptured):
+ (VariableAccessData):
+ (JSC::DFG::VariableAccessData::isCaptured):
-2011-09-28 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64679
- Fix bugs in Array.prototype this handling.
-
- Reviewed by Oliver Hunt.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncJoin):
- (JSC::arrayProtoFuncConcat):
- (JSC::arrayProtoFuncPop):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- (JSC::arrayProtoFuncIndexOf):
- (JSC::arrayProtoFuncLastIndexOf):
- - These methods should throw if this value is undefined.
-
-2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Value profiling in baseline JIT for JSVALUE32_64
- https://bugs.webkit.org/show_bug.cgi?id=68750
-
- Reviewed by Geoff Garen.
-
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_mul):
- (JSC::JIT::emit_op_div):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::emit_op_call_put_result):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_resolve):
- (JSC::JIT::emit_op_resolve_base):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emit_op_resolve_global):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_resolve_with_this):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emitSlow_op_get_by_id):
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_get_global_var):
- * jit/JITStubCall.h:
- (JSC::JITStubCall::callWithValueProfiling):
-
-2011-09-28 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Wrong integer checks in JSVALUE32_64 DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=68985
-
- Reviewed by Geoffrey Garen.
-
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-09-28 Adam Barth <abarth@webkit.org>
-
- Remove empty directories.
-
- * wtf/brew: Removed.
- * wtf/unicode/brew: Removed.
-
-2011-09-27 Filip Pizlo <fpizlo@apple.com>
+2012-05-08 Filip Pizlo <fpizlo@apple.com>
- DFG JIT cannot compile op_new_object, op_new_array,
- op_new_array_buffer, or op_new_regexp
- https://bugs.webkit.org/show_bug.cgi?id=68580
+ DFG should support op_get_argument_by_val and op_get_arguments_length
+ https://bugs.webkit.org/show_bug.cgi?id=85911
Reviewed by Oliver Hunt.
- This implements all four opcodes, but has op_new_regexp turns off
- by default because it unveils some bad speculation logic when
- compiling string-validate-input.
+ Merged r116467 from dfgopt.
- With op_new_regexp turned off, this is a 5% win on Kraken and a
- 0.7% speed-up on V8. Neutral on SunSpider.
+ This adds a simple and relatively conservative implementation of op_get_argument_by_val
+ and op_get_arguments_length. We can optimize these later. For now it's great to have
+ the additional coverage.
+
+ This patch appears to be perf-neutral.
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::addressFor):
+ (JSC::DFG::AssemblyHelpers::tagFor):
+ (JSC::DFG::AssemblyHelpers::payloadFor):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::callOperation):
+ (JSC::DFG::canInlineOpcode):
* dfg/DFGNode.h:
- (JSC::DFG::Node::hasConstantBuffer):
- (JSC::DFG::Node::startConstant):
- (JSC::DFG::Node::numConstants):
- (JSC::DFG::Node::hasRegexpIndex):
- (JSC::DFG::Node::regexpIndex):
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGNodeType.h:
+ (DFG):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
- (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isKnownArray):
-
-2011-09-27 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should speculate more aggressively on reads of array.length
- https://bugs.webkit.org/show_bug.cgi?id=68932
-
- Reviewed by Oliver Hunt.
-
- This is a 2% speed-up on Kraken, neutral elsewhere.
-
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-27 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT - merge changes between 95905 - 96175
- https://bugs.webkit.org/show_bug.cgi?id=68963
-
- Reviewed by Sam Weinig.
-
- Merge missing changes from bug#68677, bug#68784, bug#68785.
-
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- * dfg/DFGSpeculativeJIT32_64.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-27 Gavin Barraclough <barraclough@apple.com>
-
- Get JSVALUE32_64 DFG JIT building on OS X.
- https://bugs.webkit.org/show_bug.cgi?id=68961
-
- Reviewed by Geoff Garen.
-
- * Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file).
- * Forward-declare functions in DFGOperations.cpp
- * UNUSED_PARAM for unused arguments
- * NO_RETURN for unimplemented function that ASSERT_NOT_REACHED
- * Fix argument types handled by OpInfo constructor.
- * Use SYMBOL_STRING instead of STRINGIZE for asm symbols.
- * Add files to Xcode project.
-
-2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=68755
-
- Reviewed by Gavin Barraclough.
-
- We need to load/store and repatch both tag and payload of a property
- for GetById/PutById. Also reorder the loads of tag and payload for
- GetByOffset as the result tag GPR could reuse the storage GPR.
-
- * bytecode/StructureStubInfo.h:
- * dfg/DFGJITCodeGenerator32_64.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addPropertyAccess):
- (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
- * dfg/DFGJITCompiler32_64.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchByIdSelfAccess):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ (SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-24 Gavin Barraclough <barraclough@apple.com>
-
- Macro assembler branch8 & 16 methods vary in treatment of upper bits
- https://bugs.webkit.org/show_bug.cgi?id=68301
-
- Reviewed by Sam Weinig.
-
- Fix for branch16 - remove it!
- No performance impact.
-
- * assembler/MacroAssembler.h:
- * assembler/MacroAssemblerARM.h:
- * assembler/MacroAssemblerARMv7.h:
- * assembler/MacroAssemblerMIPS.h:
- * assembler/MacroAssemblerSH4.h:
- * assembler/MacroAssemblerX86Common.h:
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
-
-2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static version of JSCell::getCallData
- https://bugs.webkit.org/show_bug.cgi?id=68741
-
- Reviewed by Darin Adler.
-
- In this patch we just extract the bodies of the virtual getCallData methods
- throughout the JSCell inheritance hierarchy out into static methods, which are
- now called from the virtual methods. This is an intermediate step in trying to
- move the virtual-ness of getCallData into our own method table stored in
- ClassInfo. We need to convert the methods to static methods because static methods
- can be represented as function pointers rather than pointers to member functions, and
- function pointers are smaller and faster to call than pointers to member functions.
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::getCallDataVirtual):
- (JSC::JSCallbackFunction::getCallData):
- * API/JSCallbackFunction.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getCallDataVirtual):
- (JSC::::getCallData):
- * API/JSObjectRef.cpp:
- (JSObjectIsFunction):
- (JSObjectCallAsFunction):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::getCallDataVirtual):
- (JSC::ArrayConstructor::getCallData):
- * runtime/ArrayConstructor.h:
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::getCallDataVirtual):
- (JSC::BooleanConstructor::getCallData):
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::getCallDataVirtual):
- (JSC::DateConstructor::getCallData):
- * runtime/DateConstructor.h:
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
- (JSC::StrictModeTypeErrorFunction::getCallData):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::getCallDataVirtual):
- (JSC::ErrorConstructor::getCallData):
- * runtime/ErrorConstructor.h:
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::getCallDataVirtual):
- (JSC::FunctionConstructor::getCallData):
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::getCallDataVirtual):
- (JSC::FunctionPrototype::getCallData):
- * runtime/FunctionPrototype.h:
- * runtime/InternalFunction.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getCallDataVirtual):
- (JSC::JSCell::getCallData):
- * runtime/JSCell.h:
- (JSC::getCallData):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getCallDataVirtual):
- (JSC::JSFunction::getCallData):
- * runtime/JSFunction.h:
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Stringifier):
- (JSC::Stringifier::toJSON):
- (JSC::Stringifier::appendStringifiedValue):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::getCallDataVirtual):
- (JSC::NativeErrorConstructor::getCallData):
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getCallDataVirtual):
- (JSC::NumberConstructor::getCallData):
- * runtime/NumberConstructor.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::getCallDataVirtual):
- (JSC::ObjectConstructor::getCallData):
- * runtime/ObjectConstructor.h:
- * runtime/Operations.cpp:
- (JSC::jsTypeStringForValue):
- (JSC::jsIsObjectType):
- (JSC::jsIsFunctionType):
- * runtime/PropertySlot.cpp:
- (JSC::PropertySlot::functionGetter):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::getCallDataVirtual):
- (JSC::RegExpConstructor::getCallData):
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::getCallDataVirtual):
- (JSC::StringConstructor::getCallData):
- * runtime/StringConstructor.h:
-
-2011-09-27 Tim Horton <timothy_horton@apple.com>
-
- Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption
- https://bugs.webkit.org/show_bug.cgi?id=68816
- <rdar://problem/10186468>
-
- Reviewed by Simon Fraser.
-
- Add ByteArray::clear, which zeros the memory in the ByteArray.
-
- * wtf/ByteArray.h:
- (WTF::ByteArray::clear): Added.
-
-2011-09-27 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r96131.
- http://trac.webkit.org/changeset/96131
- https://bugs.webkit.org/show_bug.cgi?id=68927
-
- It made 18+ tests crash on all platform (Requested by
- Ossy_night on #webkit).
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
- * interpreter/Interpreter.h:
- * jsc.cpp:
- (GlobalObject::finishCreation):
- * parser/Parser.h:
- (JSC::Parser::parse):
- * runtime/CommonIdentifiers.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/Error.h:
-
-2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSCell::getPrimitiveNumber
- https://bugs.webkit.org/show_bug.cgi?id=68851
-
- Reviewed by Darin Adler.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
- Changed JSCell::getPrimitiveNumber to manually handle the dispatch for
- JSCells (JSObject and JSString in this case).
- * runtime/JSCell.cpp:
- (JSC::JSCell::getPrimitiveNumber):
- * runtime/JSCell.h:
-
- Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't
- matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
- can cover the case for JSNotAnObject.
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
-
- De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber
- and changed them to be const. Also made JSString::getPrimitiveNumber public
- because it needs to be called from JSCell::getPrimitiveNumber and also since it's
- no longer virtual, we want people who have a more specific pointer (JSString*
- instead of JSCell*) to not have to pay the cost of a virtual method call.
- * runtime/JSObject.cpp:
- (JSC::JSObject::getPrimitiveNumber):
- * runtime/JSObject.h:
- * runtime/JSString.cpp:
- (JSC::JSString::getPrimitiveNumber):
- * runtime/JSString.h:
-
-2011-09-27 Juan Carlos Montemayor Elosua <j.mont@me.com>
-
- Implement Error.stack
- https://bugs.webkit.org/show_bug.cgi?id=66994
-
- Reviewed by Oliver Hunt.
-
- This patch utilizes topCallFrame to create a stack trace when
- an error is thrown. Users will also be able to use the stack()
- command in jsc to get arrays with stack trace information.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::getCallerLine):
- (JSC::getSourceURLFromCallFrame):
- (JSC::getStackFrameCodeType):
- (JSC::Interpreter::getStackTrace):
- (JSC::Interpreter::throwException):
- * interpreter/Interpreter.h:
- (JSC::StackFrame::toString):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (functionJSCStack):
- * parser/Parser.h:
- (JSC::Parser::parse):
- * runtime/CommonIdentifiers.h:
- * runtime/Error.cpp:
- (JSC::addErrorInfo):
- * runtime/Error.h:
-
-2011-09-27 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Reorganize header files
- https://bugs.webkit.org/show_bug.cgi?id=65616
-
- Reviewed by Martin Robinson.
-
- Install header files under $libwebkitgtkincludedir/JavaScriptCore.
-
- * GNUmakefile.am: Use $libwebkitgtkincludedir.
- * javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir.
-
-2011-09-26 Geoffrey Garen <ggaren@apple.com>
-
- REGRESSION (r95912): Conservative marking doesn't filter out pointers to
- MarkedBlock metadata
- https://bugs.webkit.org/show_bug.cgi?id=68860
-
- Reviewed by Oliver Hunt.
-
- Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom.
-
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask
- because the mask doesn't produce the actual atom number.
-
- (JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good
- enough; we also need to test that a pointer is beyond the metadata section
- of a MarkedBlock, to avoid treating random metadata as a JSCell.
-
-2011-09-26 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Make JSCell::toBoolean non-virtual
- https://bugs.webkit.org/show_bug.cgi?id=67727
-
- Reviewed by Geoffrey Garen.
-
- JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
- before it was simply virtual and would crash if its implementation was called).
- Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
- explicitly covers all cases of toBoolean, so having a virtual implementation of
- JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
- (JSC::JSCell::toBoolean):
- (JSC::JSValue::toBoolean):
-
-2011-09-26 Chris Marrin <cmarrin@apple.com>
-
- Enable requestAnimationFrame on Windows
- https://bugs.webkit.org/show_bug.cgi?id=68397
-
- Reviewed by Simon Fraser.
-
- Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows
-
- * wtf/Platform.h:
-
-2011-09-26 Noel Gordon <noel.gordon@gmail.com>
-
- [Chromium] Remove DFGAliasTracker.h references from gyp project files
- https://bugs.webkit.org/show_bug.cgi?id=68787
-
- Reviewed by Geoffrey Garen.
-
- DFG/DFGAliasTracker.h was removed in r95389. Cleanup (remove) references
- to that file from the gyp project files.
-
- * JavaScriptCore.gypi:
-
-2011-09-26 Zoltan Herczeg <zherczeg@webkit.org>
-
- [Qt]REGRESSION(r95865): It made 4 tests crash
- https://bugs.webkit.org/show_bug.cgi?id=68780
-
- Reviewed by Oliver Hunt.
-
- emitJumpSlowCaseIfNotJSCell(...) cannot be moved
- away since the next load depends on it.
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_put_by_val):
-
-2011-09-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add custom vtable struct to ClassInfo struct
- https://bugs.webkit.org/show_bug.cgi?id=68567
-
- Reviewed by Oliver Hunt.
-
- Declared/defined the MethodTable struct and added it to the ClassInfo struct.
- Also defined the CREATE_METHOD_TABLE macro to generate these method tables
- succinctly where they need to be defined.
-
- Also added to it the first function to use this macro, visitChildren.
-
- This is part of the process of getting rid of all C++ virtual methods in JSCell.
- Eventually all virtual functions in JSCell that can't easily be converted to
- non-virtual functions will be put into this custom vtable structure.
- * runtime/ClassInfo.h:
-
- Added the CREATE_METHOD_TABLE macro call as the last argument to each of the
- ClassInfo structs declared in these classes. This saves us from having to visit
- each s_info definition in the future when we add more methods to the MethodTable.
- * API/JSCallbackConstructor.cpp:
- * API/JSCallbackFunction.cpp:
- * API/JSCallbackObject.cpp:
- * JavaScriptCore.exp:
- * runtime/Arguments.cpp:
- * runtime/ArrayConstructor.cpp:
- * runtime/ArrayPrototype.cpp:
- * runtime/BooleanObject.cpp:
- * runtime/BooleanPrototype.cpp:
- * runtime/DateConstructor.cpp:
- * runtime/DateInstance.cpp:
- * runtime/DatePrototype.cpp:
- * runtime/ErrorInstance.cpp:
- * runtime/ErrorPrototype.cpp:
- * runtime/ExceptionHelpers.cpp:
- * runtime/Executable.cpp:
- * runtime/GetterSetter.cpp:
- * runtime/InternalFunction.cpp:
- * runtime/JSAPIValueWrapper.cpp:
- * runtime/JSActivation.cpp:
- * runtime/JSArray.cpp:
- * runtime/JSByteArray.cpp:
- * runtime/JSFunction.cpp:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSONObject.cpp:
- * runtime/JSObject.cpp:
- * runtime/JSPropertyNameIterator.cpp:
- * runtime/JSString.cpp:
- * runtime/MathObject.cpp:
- * runtime/NativeErrorConstructor.cpp:
- * runtime/NumberConstructor.cpp:
- * runtime/NumberObject.cpp:
- * runtime/NumberPrototype.cpp:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectPrototype.cpp:
- * runtime/RegExp.cpp:
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpObject.cpp:
- * runtime/RegExpPrototype.cpp:
- * runtime/ScopeChain.cpp:
- * runtime/StringConstructor.cpp:
- * runtime/StringObject.cpp:
- * runtime/StringPrototype.cpp:
- * runtime/Structure.cpp:
- * runtime/StructureChain.cpp:
-
- Had to make visitChildren and visitChildrenVirtual protected instead of private
- because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
- visitChildren function pointer in their vtable since they don't provide their own
- implementation. Same for RegExpObject.
- * runtime/JSWrapperObject.h:
- * runtime/RegExpObject.h:
-
-2011-09-25 Adam Barth <abarth@webkit.org>
-
- Finish removing PLATFORM(BREWMP) by removing associated code
- https://bugs.webkit.org/show_bug.cgi?id=68779
-
- Reviewed by Sam Weinig.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
- * wscript:
- * wtf/FastMalloc.cpp:
- (WTF::fastMallocSize):
- * wtf/Vector.h:
- * wtf/brew: Removed.
- * wtf/brew/MainThreadBrew.cpp: Removed.
- * wtf/brew/OwnPtrBrew.cpp: Removed.
- * wtf/brew/RefPtrBrew.h: Removed.
- * wtf/brew/ShellBrew.h: Removed.
- * wtf/brew/StringBrew.cpp: Removed.
- * wtf/brew/SystemMallocBrew.h: Removed.
- * wtf/unicode/brew: Removed.
- * wtf/unicode/brew/UnicodeBrew.cpp: Removed.
- * wtf/unicode/brew/UnicodeBrew.h: Removed.
-
-2011-09-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not count speculation successes correctly
- https://bugs.webkit.org/show_bug.cgi?id=68785
-
- Reviewed by Geoffrey Garen.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- * dfg/DFGOperations.cpp:
-
-2011-09-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG support for op_resolve_global is not enabled
- https://bugs.webkit.org/show_bug.cgi?id=68786
-
- Reviewed by Geoffrey Garen.
-
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
-
-2011-09-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG static prediction code is no longer needed and should be removed
- https://bugs.webkit.org/show_bug.cgi?id=68784
-
- Reviewed by Oliver Hunt.
-
- This gets rid of static prediction code, and ensures that we do not
- try to compile code where dynamic predictions are not available.
- This is accomplished by immediately performing an OSR exit wherever
- a value is retrieved for which no predictions exist.
-
- This also adds value profiling for this on functions used for calls.
-
- The heuristics for deciding when to optimize code are also tweaked,
- since it is now profitable to optimize sooner. This may need to be
- tweaked further, but this patch only makes minimal changes.
-
- This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
- overall win on Kraken. It's neutral elsewhere.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::shouldOptimizeNow):
- (JSC::CodeBlock::dumpValueProfiles):
- * bytecode/CodeBlock.h:
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- * bytecode/PredictedType.h:
- (JSC::isCellPrediction):
- (JSC::isObjectPrediction):
- (JSC::isFinalObjectPrediction):
- (JSC::isStringPrediction):
- (JSC::isArrayPrediction):
- (JSC::isInt32Prediction):
- (JSC::isDoublePrediction):
- (JSC::isNumberPrediction):
- (JSC::isBooleanPrediction):
- (JSC::mergePredictions):
- * bytecode/PredictionTracker.h:
- (JSC::PredictionTracker::predictArgument):
- (JSC::PredictionTracker::predict):
- (JSC::PredictionTracker::predictGlobalVar):
- * bytecode/ValueProfile.cpp:
- (JSC::ValueProfile::computeUpdatedPrediction):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::getPrediction):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::predictGlobalVar):
- (JSC::DFG::Graph::getMethodCheckPrediction):
- (JSC::DFG::Graph::getJSConstantPrediction):
- (JSC::DFG::Graph::getPrediction):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::writeBarrier):
- (JSC::DFG::JITCodeGenerator::emitBranch):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::getPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::valueOfJSConstantNode):
- (JSC::DFG::Node::isInt32Constant):
- (JSC::DFG::Node::isDoubleConstant):
- (JSC::DFG::Node::isNumberConstant):
- (JSC::DFG::Node::isBooleanConstant):
- (JSC::DFG::Node::predict):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::Propagator):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::isPredictedNumerical):
- (JSC::DFG::Propagator::logicalNotIsPure):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
- (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
-
-2011-09-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT Construct opcode takes a this argument even though it's
- not passed
- https://bugs.webkit.org/show_bug.cgi?id=68782
-
- Reviewed by Oliver Hunt.
-
- This is performance-neutral, mostly. It's a slight speed-up on
- v8-splay.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addCall):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-09-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG tracking of the value in cachedResultRegister does not handle
- op_mov correctly
- https://bugs.webkit.org/show_bug.cgi?id=68781
-
- Reviewed by Oliver Hunt.
-
- This takes the simplest approach: it makes the old JIT dumber rather
- than making the DFG JIT smarter. This is performance-neutral.
-
- * jit/JIT.h:
- (JSC::JIT::canBeOptimized):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_mov):
-
-2011-09-25 Adam Barth <abarth@webkit.org>
-
- Remove PLATFORM(HAIKU) and associated code
- https://bugs.webkit.org/show_bug.cgi?id=68774
-
- Reviewed by Sam Weinig.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
- * heap/MachineStackMarker.cpp:
- * wtf/PageAllocation.h:
- * wtf/Platform.h:
- * wtf/StackBounds.cpp:
- * wtf/haiku: Removed.
- * wtf/haiku/MainThreadHaiku.cpp: Removed.
- * wtf/haiku/StringHaiku.cpp: Removed.
- * wtf/text/WTFString.h:
-
-2011-09-24 Adam Barth <abarth@webkit.org>
-
- Always enable ENABLE(OFFLINE_WEB_APPLICATIONS)
- https://bugs.webkit.org/show_bug.cgi?id=68767
-
- Reviewed by Eric Seidel.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-24 Filip Pizlo <fpizlo@apple.com>
-
- JIT implementation of put_by_val increments m_length instead of setting
- it to index+1
- https://bugs.webkit.org/show_bug.cgi?id=68766
-
- Reviewed by Geoffrey Garen.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_put_by_val):
-
-2011-09-24 Geoffrey Garen <ggaren@apple.com>
-
- More build fixage.
-
- * heap/ConservativeRoots.cpp: Our system of #includes, it is chaos.
-
-2011-09-24 Filip Pizlo <fpizlo@apple.com>
-
- The DFG should not attempt to guess types in the absence of value
- profiles
- https://bugs.webkit.org/show_bug.cgi?id=68677
-
- Reviewed by Oliver Hunt.
-
- This adds the ForceOSRExit node, which is ignored by the propagator
- and virtual register allocator (and hence ensuring that liveness analysis
- works correctly), but forces terminateSpeculativeExecution() in the
- back-end. This appears to be a slight speed-up on benchmark averages,
- with ~5% swings on individual benchmarks, in both directions. But it's
- never a regression on any average, and appears to be a ~1% progression
- in the SunSpider average.
-
- This also adds a bit better debugging support in the old JIT and in DFG,
- as this was necessary to debug the much more frequent OSR transitions
- that occur with this change.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::getStrongPrediction):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
-
-2011-09-24 Geoffrey Garen <ggaren@apple.com>
-
- Some Windows build fixage.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::sweep):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::isLive): Show the compiler that all control paths
- return a value. There, there, compiler. Everything's going to be OK.
-
- * runtime/JSCell.h:
- (JSC::JSCell::setVPtr): Oops! Unrename this function.
-
-2011-09-24 Geoffrey Garen <ggaren@apple.com>
-
- Allocate new objects unmarked
- https://bugs.webkit.org/show_bug.cgi?id=68764
-
- Reviewed by Oliver Hunt.
-
- This is a pre-requisite to using the mark bit to determine object age.
-
- ~2% v8 speedup, mostly due to a 12% v8-splay speedup.
-
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::isLive):
- (JSC::MarkedBlock::isLiveCell): These two functions are the reason for
- this patch. They can now determine object liveness without relying on
- newly allocated objects having their mark bits set. Each MarkedBlock
- now has a state variable that tells us how to determine whether its
- cells are live. (This new state variable supercedes the old one about
- destructor state. The rest of this patch is just refactoring to support
- the invariants of this new state variable without introducing a
- performance regression.)
-
- (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
- state when a block becomes fully allocated.
-
- (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
- this function because, logically, clearing all mark bits is the first
- step in saying "mark bits now exactly reflect object liveness".
-
- (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
- that this function only tells you about the mark bits, so it's only
- meaningful if you've put the mark bits into a meaningful state before
- calling it.
-
- (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
- instead of testing mark bits, since mark bits are not always the right
- way to find out if an object is live anymore. (New objects are live, but
- not marked.)
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::recycle):
- (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
- initialization when recycling an old block -- into the MarkedBlock
- constructor, for simplicity.
-
- (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
- a zapped cell before running a destructor, and always zap after
- running a destructor. This does not seem to be expensive, and the
- alternative just creates a too-confusing matrix of possible cell states
- ((zombie undestructed cell + zombie destructed cell + zapped destructed
- cell) * 5! permutations for progressing through block states = "Oh my!").
-
- (JSC::MarkedBlock::specializedSweep):
- (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
- optimization to use template specialization to constant fold lots of
- branches and elide certain operations entirely during a sweep. Merged
- four or five functions that were logically about sweeping into this one
- function pair, so there's only one way to do things now, it's
- automatically correct, and it's always fast.
-
- (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
- about exactly what it does, and to honor the new block state system.
-
- * heap/AllocationSpace.cpp:
- (JSC::AllocationSpace::allocateBlock): Updated for rename.
-
- (JSC::AllocationSpace::freeBlocks): Updated for changed interface.
-
- (JSC::TakeIfUnmarked::TakeIfUnmarked):
- (JSC::TakeIfUnmarked::operator()):
- (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
- to clarify that this functor only tests the mark bits, so it's only
- valid if you've put the mark bits into a meaningful state before
- calling it.
-
- (JSC::AllocationSpace::shrink): Updated for rename.
-
- * heap/AllocationSpace.h:
- (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
- little more specific about what we're making canonical.
-
- (JSC::AllocationSpace::forEachCell): Updated for rename.
-
- (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
- liveness data before iterating blocks -- clients that want iterated
- blocks to have valid cell lieveness data should make this call for
- themselves. (And not all clients want it.)
-
- * heap/ConservativeRoots.cpp:
- (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
- obsolete comment.
-
- * heap/Heap.cpp:
- (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
- because clearMarks() now does that implicitly.
-
- (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
- tear-down tests cell liveness when running destructors.
-
- (JSC::Heap::markRoots):
- (JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
- and into collect, since it strictly depends on root marking, and does
- not contribute to root marking.
-
- (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
- specific about what we're making canonical.
-
- * heap/Heap.h:
- (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
- data before iterating protected cells, since we know they're all live,
- and don't need to test for it.
-
- * heap/Local.h:
- (JSC::::set): Can't make the same ASSERT we used to because we just don't
- have the mark bits for it anymore. Perhaps we can bring this ASSERT back
- in a weaker form in the future.
-
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::addBlock):
- (JSC::MarkedSpace::removeBlock): Updated for interface change.
- (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
- specific about what we're making canonical.
-
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::SizeClass::SizeClass):
- (JSC::MarkedSpace::SizeClass::resetAllocator):
- (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
- functionality a bit. We now track only one block -- "currentBlock" --
- and rely on its internal state to know whether it has more cells to
- allocate.
-
- * heap/Weak.h:
- (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
- have the mark bits for it anymore. Perhaps we can bring this ASSERT back
- in a weaker form in the future.
-
- * runtime/JSCell.h:
- (JSC::JSCell::vptr):
- (JSC::JSCell::zap):
- (JSC::JSCell::isZapped):
- (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
- In the future, exactly how a JSCell zaps itself will change, as the
- internal representation of JSCell changes.
-
-2011-09-24 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should not eagerly initialize integer tags in the register file
- https://bugs.webkit.org/show_bug.cgi?id=68763
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueRecovery::dump):
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
- (JSC::DFG::OSRExit::operandForArgument):
- (JSC::DFG::OSRExit::operandForIndex):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-
-2011-09-23 Yuqiang Xian <yuqiang.xian@intel.com>
-
- Add JSVALUE32_64 support to DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=67460
-
- Reviewed by Gavin Barraclough.
-
- This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
- It's tested on IA32 Linux EFL port currently. It still cannot run
- all the test cases and benchmarks so should be turned off now.
-
- The major work includes:
- 1) dealing with JSVALUE32_64 data format in DFG JIT;
- 2) bindings between 64-bit JS Value and 32-bit registers;
- 3) handling of function calls. Currently for DFG operation function
- calls we follow the X86 cdecl calling convention on Linux, and the
- implementation is in a naive way by pushing the arguments into stack
- one by one.
-
- The known issues include:
- 1) some code duplicates unnecessarily, especially in Speculative JIT
- code generation, where most of the operations on SpeculataInteger /
- SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
- is needed in the future;
- 2) lack of op_call and op_construct support, comparing to current
- JSVALUE64 DFG;
- 3) currently integer speculations assume to be StrictInt32;
- 4) lack of JSBoolean speculations;
- 5) boxing and unboxing doubles could be improved;
- 6) DFG X86 register description is different with the baseline JIT,
- the timeoutCheckRegister is used for general purpose usage;
- 7) calls to runtime functions with primitive double parameters (e.g.
- fmod) don't work. Support needs to be added to the assembler to
- implement the mechanism of passing double parameters for X86 cdecl
- convention.
-
- And there should be many other hidden bugs which should be exposed and
- resolved in later debugging process.
-
- * CMakeListsEfl.txt:
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::loadDouble):
- (JSC::MacroAssemblerX86::storeDouble):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movsd_rm):
- * bytecode/StructureStubInfo.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGFPRInfo.h:
- (JSC::DFG::FPRInfo::debugName):
- * dfg/DFGGPRInfo.h:
- (JSC::DFG::GPRInfo::toRegister):
- (JSC::DFG::GPRInfo::toIndex):
- (JSC::DFG::GPRInfo::debugName):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::needDataFormatConversion):
- (JSC::DFG::GenerationInfo::initJSValue):
- (JSC::DFG::GenerationInfo::initDouble):
- (JSC::DFG::GenerationInfo::gpr):
- (JSC::DFG::GenerationInfo::tagGPR):
- (JSC::DFG::GenerationInfo::payloadGPR):
- (JSC::DFG::GenerationInfo::fpr):
- (JSC::DFG::GenerationInfo::fillJSValue):
- (JSC::DFG::GenerationInfo::fillCell):
- (JSC::DFG::GenerationInfo::fillDouble):
- * dfg/DFGJITCodeGenerator.cpp:
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::allocate):
- (JSC::DFG::JITCodeGenerator::use):
- (JSC::DFG::JITCodeGenerator::registersMatched):
- (JSC::DFG::JITCodeGenerator::silentSpillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
- (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
- (JSC::DFG::JITCodeGenerator::boxDouble):
- (JSC::DFG::JITCodeGenerator::unboxDouble):
- (JSC::DFG::JITCodeGenerator::spill):
- (JSC::DFG::addressOfDoubleConstant):
- (JSC::DFG::integerResult):
- (JSC::DFG::jsValueResult):
- (JSC::DFG::setupResults):
- (JSC::DFG::callOperation):
- (JSC::JSValueOperand::JSValueOperand):
- (JSC::JSValueOperand::~JSValueOperand):
- (JSC::JSValueOperand::isDouble):
- (JSC::JSValueOperand::fill):
- (JSC::JSValueOperand::tagGPR):
- (JSC::JSValueOperand::payloadGPR):
- (JSC::JSValueOperand::fpr):
- (JSC::GPRTemporary::~GPRTemporary):
- (JSC::GPRTemporary::gpr):
- (JSC::GPRResult2::GPRResult2):
- * dfg/DFGJITCodeGenerator32_64.cpp: Added.
- (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::fillStorage):
- (JSC::DFG::JITCodeGenerator::useChildren):
- (JSC::DFG::JITCodeGenerator::isStrictInt32):
- (JSC::DFG::JITCodeGenerator::isKnownInteger):
- (JSC::DFG::JITCodeGenerator::isKnownNumeric):
- (JSC::DFG::JITCodeGenerator::isKnownCell):
- (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
- (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
- (JSC::DFG::JITCodeGenerator::isKnownBoolean):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::writeBarrier):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- (JSC::DFG::JITCodeGenerator::cachedGetMethod):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
- (JSC::DFG::JITCodeGenerator::emitBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
- (JSC::DFG::JITCodeGenerator::emitCall):
- (JSC::DFG::JITCodeGenerator::speculationCheck):
- (JSC::DFG::dataFormatString):
- (JSC::DFG::JITCodeGenerator::dump):
- (JSC::DFG::JITCodeGenerator::checkConsistency):
- (JSC::DFG::GPRTemporary::GPRTemporary):
- (JSC::DFG::FPRTemporary::FPRTemporary):
- * dfg/DFGJITCompiler.cpp:
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::tagForGlobalVar):
- (JSC::DFG::JITCompiler::payloadForGlobalVar):
- (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
- (JSC::DFG::JITCompiler::addressOfDoubleConstant):
- (JSC::DFG::JITCompiler::boxDouble):
- (JSC::DFG::JITCompiler::unboxDouble):
- (JSC::DFG::JITCompiler::addPropertyAccess):
- (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
- * dfg/DFGJITCompiler32_64.cpp: Added.
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::fillInt32ToInteger):
- (JSC::DFG::JITCompiler::fillToJS):
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::linkOSRExits):
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction):
- (JSC::DFG::JITCompiler::jitAssertIsInt32):
- (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
- (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
- (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
- (JSC::DFG::JITCompiler::jitAssertIsCell):
- (JSC::DFG::JITCompiler::emitCount):
- (JSC::DFG::JITCompiler::setSamplingFlag):
- (JSC::DFG::JITCompiler::clearSamplingFlag):
- * dfg/DFGJITCompilerInlineMethods.h: Added.
- (JSC::DFG::JITCompiler::emitLoadTag):
- (JSC::DFG::JITCompiler::emitLoadPayload):
- (JSC::DFG::JITCompiler::emitLoad):
- (JSC::DFG::JITCompiler::emitLoad2):
- (JSC::DFG::JITCompiler::emitLoadDouble):
- (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
- (JSC::DFG::JITCompiler::emitStore):
- (JSC::DFG::JITCompiler::emitStoreInt32):
- (JSC::DFG::JITCompiler::emitStoreCell):
- (JSC::DFG::JITCompiler::emitStoreBool):
- (JSC::DFG::JITCompiler::emitStoreDouble):
- * dfg/DFGNode.h:
- * dfg/DFGOperations.cpp:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::generateProtoChainAccessStub):
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryBuildGetByIDList):
- (JSC::DFG::tryCachePutByID):
- * dfg/DFGSpeculativeJIT.cpp:
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueRecovery::inGPR):
- (JSC::DFG::ValueRecovery::inPair):
- (JSC::DFG::ValueRecovery::tagGPR):
- (JSC::DFG::ValueRecovery::payloadGPR):
- * dfg/DFGSpeculativeJIT32_64.cpp: Added.
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::ValueRecovery::dump):
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::OSRExit::dump):
- (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::convertToDouble):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::compileMovHint):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * runtime/JSValue.h:
-
-2011-09-23 Filip Pizlo <fpizlo@apple.com>
-
- wtf/BitVector.h has a variety of bugs which manifest when the
- vector grows beyond 63 bits
- https://bugs.webkit.org/show_bug.cgi?id=68746
-
- Reviewed by Oliver Hunt.
-
- Out-of-lined slow path code in BitVector so that not every user
- of CodeBlock ends up having to compile it. Fixed a variety of
- index computation and size computation bugs.
-
- I have not seen these issues manifest themselves, but they are
- blocking a patch that uses BitVector more aggressively.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/BitVector.cpp: Added.
- (BitVector::BitVector):
- (BitVector::operator=):
- (BitVector::resize):
- (BitVector::clearAll):
- (BitVector::OutOfLineBits::create):
- (BitVector::OutOfLineBits::destroy):
- (BitVector::resizeOutOfLine):
- * wtf/BitVector.h:
- (WTF::BitVector::ensureSize):
- (WTF::BitVector::get):
- (WTF::BitVector::set):
- (WTF::BitVector::clear):
- (WTF::BitVector::byteCount):
- (WTF::BitVector::OutOfLineBits::numWords):
- (WTF::BitVector::OutOfLineBits::bits):
- (WTF::BitVector::outOfLineBits):
- * wtf/CMakeLists.txt:
- * wtf/wtf.pri:
-
-2011-09-23 Adam Klein <adamk@chromium.org>
-
- Add ENABLE_MUTATION_OBSERVERS feature flag
- https://bugs.webkit.org/show_bug.cgi?id=68732
-
- Reviewed by Ojan Vafai.
-
- This flag will guard an implementation of the "Mutation Observers" proposed in
- http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- De-virtualize JSCell::getJSNumber
- https://bugs.webkit.org/show_bug.cgi?id=68651
-
- Reviewed by Oliver Hunt.
-
- Added a new JSType to check whether or not something is a
- NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not
- currently a better way to determine whether something is indeed a NumberObject.
- Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo
- for whether the object is a NumberObject or not. This patch is part of
- the larger process of de-virtualizing JSCell.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getJSNumber):
- * runtime/JSCell.h:
- (JSC::JSValue::getJSNumber):
- * runtime/JSType.h:
- * runtime/JSTypeInfo.h:
- (JSC::TypeInfo::isNumberObject):
- * runtime/JSValue.h:
- * runtime/NumberObject.cpp:
- (JSC::NumberObject::getJSNumber):
- * runtime/NumberObject.h:
- (JSC::NumberObject::createStructure):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::createStructure):
-
-2011-09-23 Filip Pizlo <fpizlo@apple.com>
-
- Resolve opcodes should have value profiling.
- https://bugs.webkit.org/show_bug.cgi?id=68723
-
- Reviewed by Oliver Hunt.
-
- This adds value profiling to all forms of op_resolve in the
- old JIT, and patches that information into the DFG along with
- performing the appropriate type propagation.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasIdentifier):
- (JSC::DFG::Node::resolveGlobalDataIndex):
- (JSC::DFG::Node::hasPrediction):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_resolve):
- (JSC::JIT::emit_op_resolve_base):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emit_op_resolve_global):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_resolve_with_this):
- (JSC::JIT::emitSlow_op_resolve_global_dynamic):
- * jit/JITStubCall.h:
- (JSC::JITStubCall::callWithValueProfiling):
-
-2011-09-23 Oliver Hunt <oliver@apple.com>
-
- Fix windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-23 Gavin Barraclough <barraclough@apple.com>
-
- Strict mode does not work in non-trivial nested functions.
- https://bugs.webkit.org/show_bug.cgi?id=68740
-
- Reviewed by Oliver Hunt.
-
- Function-info caching does not preserve all state that it should.
-
- * parser/JSParser.cpp:
- (JSC::JSParser::Scope::saveFunctionInfo):
- (JSC::JSParser::Scope::restoreFunctionInfo):
- (JSC::JSParser::parseFunctionInfo):
- * parser/SourceProviderCacheItem.h:
-
-2011-09-23 Filip Pizlo <fpizlo@apple.com>
-
- ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED
- https://bugs.webkit.org/show_bug.cgi?id=68724
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-09-23 Oliver Hunt <oliver@apple.com>
-
- Build fix.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-09-23 Filip Pizlo <fpizlo@apple.com>
-
- DFG implementation of PutScopedVar corrupts register allocation
- https://bugs.webkit.org/show_bug.cgi?id=68735
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-23 Oliver Hunt <oliver@apple.com>
-
- Make write barriers actually do something when enabled
- https://bugs.webkit.org/show_bug.cgi?id=68717
-
- Reviewed by Geoffrey Garen.
-
- Add a basic card marking style write barrier to JSC (currently
- turned off). This requires two scratch registers in the JIT
- so there was some register re-arranging to satisfy that requirement.
- Happily this produced a minor perf bump in sunspider (~0.5%).
-
- Turning the barriers on causes an overall regression of around 1.5%
-
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::store8):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movb_i8m):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownNotCell):
- (JSC::DFG::JITCodeGenerator::writeBarrier):
- (JSC::DFG::JITCodeGenerator::markCellCard):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCachePutByID):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * heap/CardSet.h: Added.
- (JSC::CardSet::CardSet):
- (JSC::::cardForAtom):
- (JSC::::cardMarkedForAtom):
- (JSC::::markCardForAtom):
- * heap/Heap.cpp:
- * heap/Heap.h:
- (JSC::Heap::addressOfCardFor):
- (JSC::Heap::writeBarrierFastCase):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::setDirtyObject):
- (JSC::MarkedBlock::addressOfCardFor):
- (JSC::MarkedBlock::offsetOfCards):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_put_global_var):
- (JSC::JIT::emitWriteBarrier):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emitSlow_op_put_by_id):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_put_global_var):
-
-2011-09-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=68077
- SH4 assemblers doesn't refer to executable memory handle.
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::branch8):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::executableCopy):
-
-2011-09-23 Oliver Hunt <oliver@apple.com>
-
- PutScopedVar nodes should report that it has a var number
- https://bugs.webkit.org/show_bug.cgi?id=68721
-
- Reviewed by Anders Carlsson.
-
- Another assertion fix.
-
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasVarNumber):
-
-2011-09-23 Oliver Hunt <oliver@apple.com>
-
- Add a bunch of unhandled node types to the propagator
- https://bugs.webkit.org/show_bug.cgi?id=68716
-
- Reviewed by Darin Adler.
-
- Remove the ASSERT_NOT_REACHED() default for debug builds in the
- prediction propagator, this way unhandled nodes will just cause
- compile time failures rather than failing at some point in the
- future.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add static version of JSCell::visitChildren
- https://bugs.webkit.org/show_bug.cgi?id=68404
-
- Reviewed by Darin Adler.
-
- In this patch we just extract the bodies of the virtual visitChildren methods
- throughout the JSCell inheritance hierarchy out into static methods, which are
- now called from the virtual methods. This is an intermediate step in trying to
- move the virtual-ness of visitChildren into our own custom vtable stored in
- ClassInfo. We need to convert the methods to static methods in order to be
- able to more easily store and refer to them in our custom vtable since normal
- member methods store some implicit information in their types, making it
- impossible to store them generically in ClassInfo.
-
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::visitChildrenVirtual):
- (JSC::JSCallbackObject::visitChildren):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::visitChildrenVirtual):
- (JSC::DebuggerActivation::visitChildren):
- * debugger/DebuggerActivation.h:
- * heap/MarkStack.cpp:
- (JSC::SlotVisitor::visitChildren):
- (JSC::SlotVisitor::drain):
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildrenVirtual):
- (JSC::Arguments::visitChildren):
- * runtime/Arguments.h:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::visitChildrenVirtual):
- (JSC::EvalExecutable::visitChildren):
- (JSC::ProgramExecutable::visitChildrenVirtual):
- (JSC::ProgramExecutable::visitChildren):
- (JSC::FunctionExecutable::visitChildrenVirtual):
- (JSC::FunctionExecutable::visitChildren):
- * runtime/Executable.h:
- * runtime/GetterSetter.cpp:
- (JSC::GetterSetter::visitChildrenVirtual):
- (JSC::GetterSetter::visitChildren):
- * runtime/GetterSetter.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildrenVirtual):
- (JSC::JSActivation::visitChildren):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildrenVirtual):
- (JSC::JSArray::visitChildren):
- * runtime/JSArray.h:
- * runtime/JSBoundFunction.cpp:
- (JSC::JSBoundFunction::visitChildrenVirtual):
- (JSC::JSBoundFunction::visitChildren):
- * runtime/JSBoundFunction.h:
- * runtime/JSCell.h:
- (JSC::JSCell::visitChildrenVirtual):
- (JSC::JSCell::visitChildren):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::visitChildrenVirtual):
- (JSC::JSFunction::visitChildren):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::visitChildrenVirtual):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildrenVirtual):
- (JSC::JSObject::visitChildren):
- * runtime/JSObject.h:
- (JSC::JSObject::visitChildrenDirect):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildrenVirtual):
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::visitChildrenVirtual):
- (JSC::JSStaticScopeObject::visitChildren):
- * runtime/JSStaticScopeObject.h:
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::visitChildrenVirtual):
- (JSC::JSWrapperObject::visitChildren):
- * runtime/JSWrapperObject.h:
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::visitChildrenVirtual):
- (JSC::NativeErrorConstructor::visitChildren):
- * runtime/NativeErrorConstructor.h:
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::visitChildrenVirtual):
- (JSC::RegExpObject::visitChildren):
- * runtime/RegExpObject.h:
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::visitChildrenVirtual):
- (JSC::ScopeChainNode::visitChildren):
- * runtime/ScopeChain.h:
- * runtime/Structure.cpp:
- (JSC::Structure::visitChildrenVirtual):
- (JSC::Structure::visitChildren):
- * runtime/Structure.h:
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::visitChildrenVirtual):
- (JSC::StructureChain::visitChildren):
- * runtime/StructureChain.h:
-
-2011-09-23 Oliver Hunt <oliver@apple.com>
-
- Node propagation doesn't handle PutScopedVar
- https://bugs.webkit.org/show_bug.cgi?id=68713
-
- Reviewed by Sam Weinig.
-
- This was causing assertion failures.
-
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-09-23 Anders Carlsson <andersca@apple.com>
-
- Make sure to define OVERRIDE and FINAL for older builds of clang.
-
- * wtf/Compiler.h:
-
-2011-09-23 Gavin Barraclough <barraclough@apple.com>
-
- Implement op_resolve_global in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=68704
-
- Reviewed by Oliver Hunt.
-
- This is performance neutral, but increases coverage.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasIdentifier):
- (JSC::DFG::Node::resolveInfoIndex):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-23 Mark Rowe <mrowe@apple.com>
-
- Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h.
-
- * wtf/Platform.h:
-
-2011-09-22 Anders Carlsson <andersca@apple.com>
-
- We should add support for OVERRIDE and FINAL annotations
- https://bugs.webkit.org/show_bug.cgi?id=68654
-
- Reviewed by David Hyatt.
-
- Add OVERRIDE and FINAL macros for compilers that support them.
-
- * wtf/Compiler.h:
-
-2011-09-22 Filip Pizlo <fpizlo@apple.com>
-
- GetScopedVar should have value profiling
- https://bugs.webkit.org/show_bug.cgi?id=68676
-
- Reviewed by Oliver Hunt.
-
- Added GetScopedVar value profiling and predictin propagation.
- Added GetScopeChain to CSE.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasPrediction):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::getScopeChainLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_get_scoped_var):
-
-2011-09-22 Filip Pizlo <fpizlo@apple.com>
-
- PPC build fix, part 3.
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-09-22 Filip Pizlo <fpizlo@apple.com>
-
- Another PPC build fix.
-
- * runtime/Executable.cpp:
- * runtime/Executable.h:
-
-2011-09-22 Dean Jackson <dino@apple.com>
-
- Add ENABLE_CSS_FILTERS
- https://bugs.webkit.org/show_bug.cgi?id=68652
-
- Reviewed by Simon Fraser.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-22 Gavin Barraclough <barraclough@apple.com>
-
- Incorrect this value passed to callbacks.
- https://bugs.webkit.org/show_bug.cgi?id=68668
-
- Reviewed by Oliver Hunt.
-
- From Array/String prototype function. Should be undefined, but
- global object is passed instead (this is visible for strict callbacks).
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- * runtime/JSArray.cpp:
- (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
- (JSC::JSArray::sort):
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncReplace):
-
-2011-09-22 Gavin Barraclough <barraclough@apple.com>
-
- Function.prototype.bind.length shoudl be 1.
-
- Rubber stamped by Olier Hunt.
-
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::addFunctionProperties):
-
-2011-09-22 Filip Pizlo <fpizlo@apple.com>
-
- PPC build fix.
-
- * bytecode/CodeBlock.h:
-
-2011-09-22 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix pt. 2
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-22 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix pt. 1
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not support to_primitive or strcat
- https://bugs.webkit.org/show_bug.cgi?id=68582
-
- Reviewed by Darin Adler.
-
- This adds functional support for to_primitive and strcat. It focuses
- on minimizing the amount of code emitted on to_primitive (if we know
- that it is a primitive or can speculate cheaply, then we omit the
- slow path) and on keeping the implementation of strcat simple while
- leveraging whatever optimizations we have already. In particular,
- unlike the Call and Construct nodes which require extending the size
- of the DFG's callee registers, StrCat takes advantage of the fact
- that no JS code can run while StrCat is in progress and uses a
- scratch buffer, rather than the register file, to store the list of
- values to concatenate. This was done mainly to keep the code simple,
- but there are probably other benefits to keeping call frame sizes
- down. Essentially, this patch ensures that the presence of an
- op_strcat does not mess up any other optimizations we might do while
- ensuring that if you do execute it, it'll work about as well as you'd
- expect.
-
- When combined with the previous patch for integer division, this is a
- 14% speed-up on Kraken. Without it, it would have been a 2% loss.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::callOperation):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- * dfg/DFGNode.h:
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::scratchBufferForSize):
-
-2011-09-22 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should support integer division
- https://bugs.webkit.org/show_bug.cgi?id=68597
-
- Reviewed by Darin Adler.
-
- This adds support for ArithDiv speculating integer, and speculating
- that the result is integer (i.e. remainder = 0).
-
- This is a 4% win on Kraken and a 1% loss on V8.
-
- * bytecode/CodeBlock.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeDivSafe):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasArithNodeFlags):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITArithmetic.cpp:
- (JSC::JIT::emit_op_div):
-
-2011-09-22 Oliver Hunt <oliver@apple.com>
-
- Implement put_scoped_var in the DFG jit
- https://bugs.webkit.org/show_bug.cgi?id=68653
-
- Reviewed by Gavin Barraclough.
-
- Naive implementation of put_scoped_var. Same story as the
- get_scoped_var implementation, although I've hoisted scope
- object acquisition into a separate dfg node. Ideally in the
- future we would reuse the resolved scope chain object, but
- for now we don't.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasScopeChainDepth):
- (JSC::DFG::Node::scopeChainDepth):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-22 Gavin Barraclough <barraclough@apple.com>
-
- Implement Function.prototype.bind
- https://bugs.webkit.org/show_bug.cgi?id=26382
-
- Reviewed by Sam Weinig.
-
- This patch provides a basic functional implementation
- for Function.bind. It should (hopefully!) be fully
- functionally correct, and the bound functions can be
- called to quickly (since they are a subclass of
- JSFunction, not InternalFunction), but we'll probably
- want to follow up with some optimization work to keep
- bound calls in JIT code.
-
- * JavaScriptCore.JSVALUE32_64only.exp:
- * JavaScriptCore.JSVALUE64only.exp:
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
- * jit/JITStubs.h:
- * jsc.cpp:
- (GlobalObject::addFunction):
- * runtime/CommonIdentifiers.h:
- * runtime/ConstructData.h:
- * runtime/Executable.h:
- (JSC::NativeExecutable::NativeExecutable):
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::addFunctionProperties):
- (JSC::functionProtoFuncBind):
- * runtime/FunctionPrototype.h:
- * runtime/JSBoundFunction.cpp: Added.
- (JSC::boundFunctionCall):
- (JSC::boundFunctionConstruct):
- (JSC::JSBoundFunction::create):
- (JSC::JSBoundFunction::hasInstance):
- (JSC::JSBoundFunction::getOwnPropertySlot):
- (JSC::JSBoundFunction::getOwnPropertyDescriptor):
- (JSC::JSBoundFunction::JSBoundFunction):
- (JSC::JSBoundFunction::finishCreation):
- * runtime/JSBoundFunction.h: Added.
- (JSC::JSBoundFunction::targetFunction):
- (JSC::JSBoundFunction::boundThis):
- (JSC::JSBoundFunction::boundArgs):
- (JSC::JSBoundFunction::createStructure):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::create):
- (JSC::JSFunction::finishCreation):
- (JSC::createDescriptorForThrowingProperty):
- (JSC::JSFunction::getOwnPropertySlot):
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::getHostFunction):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::boundFunctionStructure):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
-
-2011-09-22 Oliver Hunt <oliver@apple.com>
-
- Implement get_scoped_var in the DFG
- https://bugs.webkit.org/show_bug.cgi?id=68640
-
- Reviewed by Gavin Barraclough.
-
- Naive implementation of get_scoped_var in the DFG. Essentially this
- is the bare minimum required to get correct behaviour, so there's no
- load/store coalescing or type profiling involved, even though these
- would be wins. No impact on SunSpider or V8.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasVarNumber):
- (JSC::DFG::Node::hasScopeChainDepth):
- (JSC::DFG::Node::scopeChainDepth):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-22 Adam Roben <aroben@apple.com>
-
- Remove FindSafari from all our .sln files
-
- It isn't used anymore, so there's no point in building it.
-
- Part of <http://webkit.org/b/68628> Remove FindSafari
-
- Reviewed by Steve Falkenburg.
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln:
-
-2011-09-22 Filip Pizlo <fpizlo@apple.com>
-
- 32-bit call code clobbers the function cell tag
- https://bugs.webkit.org/show_bug.cgi?id=68606
-
- Reviewed by Csaba Osztrogonác.
-
- This is a minimalistic fix: it simply emits code to restore the
- cell tag on the slow path, if we know that we failed due to
- emitCallIfNotType.
-
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCallVarargsSlowCase):
- (JSC::JIT::compileOpCallSlowCase):
-
-2011-09-21 Gavin Barraclough <barraclough@apple.com>
-
- Add missing addPtr->add32 mapping for X86.
-
- Rubber stamped by Sam Weinig.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::addPtr):
-
-2011-09-21 Gavin Barraclough <barraclough@apple.com>
-
- Add missing addDouble for AbsoluteAddress to X86
-
- Rubber stamped by Geoff Garen.
-
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::addDouble):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::addsd_mr):
- (JSC::X86Assembler::cvtsi2sd_rr):
- (JSC::X86Assembler::cvtsi2sd_mr):
-
-2011-09-21 Gavin Barraclough <barraclough@apple.com>
-
- Build fix following fix for bug #68586.
-
- * jit/JIT.cpp:
- * jit/JITInlineMethods.h:
-
-2011-09-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should be able to compile op_throw
- https://bugs.webkit.org/show_bug.cgi?id=68571
-
- Reviewed by Geoffrey Garen.
-
- This compiles op_throw in the simplest way possible: it's an OSR
- point back to the old JIT. This is a good step towards increasing
- coverage, particularly on Kraken, but it's neutral because the
- same functions that do throw also use some other unsupported
- opcodes.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG should support continuous optimization
- https://bugs.webkit.org/show_bug.cgi?id=68329
-
- Reviewed by Geoffrey Garen.
-
- This adds the ability to reoptimize a code block if speculation
- failures happen frequently. 6% speed-up on Kraken, 1% slow-down
- on V8, neutral on SunSpider.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
- (JSC::ProgramCodeBlock::jettison):
- (JSC::EvalCodeBlock::jettison):
- (JSC::FunctionCodeBlock::jettison):
- (JSC::CodeBlock::shouldOptimizeNow):
- (JSC::CodeBlock::dumpValueProfiles):
- * bytecode/CodeBlock.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getStrongPrediction):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGOSREntry.h:
- (JSC::DFG::getOSREntryDataBytecodeIndex):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * heap/ConservativeRoots.cpp:
- (JSC::ConservativeRoots::ConservativeRoots):
- (JSC::ConservativeRoots::~ConservativeRoots):
- (JSC::DummyMarkHook::mark):
- (JSC::ConservativeRoots::genericAddPointer):
- (JSC::ConservativeRoots::genericAddSpan):
- (JSC::ConservativeRoots::add):
- * heap/ConservativeRoots.h:
- * heap/Heap.cpp:
- (JSC::Heap::addJettisonCodeBlock):
- (JSC::Heap::markRoots):
- * heap/Heap.h:
- * heap/JettisonedCodeBlocks.cpp: Added.
- (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks):
- (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks):
- (JSC::JettisonedCodeBlocks::addCodeBlock):
- (JSC::JettisonedCodeBlocks::clearMarks):
- (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks):
- (JSC::JettisonedCodeBlocks::traceCodeBlocks):
- * heap/JettisonedCodeBlocks.h: Added.
- (JSC::JettisonedCodeBlocks::mark):
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::gatherConservativeRoots):
- * interpreter/RegisterFile.h:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Executable.cpp:
- (JSC::jettisonCodeBlock):
- (JSC::EvalExecutable::jettisonOptimizedCode):
- (JSC::ProgramExecutable::jettisonOptimizedCode):
- (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
- (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
- * wtf/BitVector.h: Added.
- (WTF::BitVector::BitVector):
- (WTF::BitVector::~BitVector):
- (WTF::BitVector::operator=):
- (WTF::BitVector::size):
- (WTF::BitVector::ensureSize):
- (WTF::BitVector::resize):
- (WTF::BitVector::clearAll):
- (WTF::BitVector::get):
- (WTF::BitVector::set):
- (WTF::BitVector::clear):
- (WTF::BitVector::bitsInPointer):
- (WTF::BitVector::maxInlineBits):
- (WTF::BitVector::byteCount):
- (WTF::BitVector::makeInlineBits):
- (WTF::BitVector::OutOfLineBits::numBits):
- (WTF::BitVector::OutOfLineBits::numWords):
- (WTF::BitVector::OutOfLineBits::bits):
- (WTF::BitVector::OutOfLineBits::create):
- (WTF::BitVector::OutOfLineBits::destroy):
- (WTF::BitVector::OutOfLineBits::OutOfLineBits):
- (WTF::BitVector::isInline):
- (WTF::BitVector::outOfLineBits):
- (WTF::BitVector::resizeOutOfLine):
- (WTF::BitVector::bits):
-
-2011-09-21 Gavin Barraclough <barraclough@apple.com>
-
- Add X86 GPRInfo for DFG JIT.
- https://bugs.webkit.org/show_bug.cgi?id=68586
-
- Reviewed by Geoff Garen.
-
- * dfg/DFGGPRInfo.h:
- (JSC::DFG::GPRInfo::toRegister):
- (JSC::DFG::GPRInfo::toIndex):
- (JSC::DFG::GPRInfo::debugName):
-
-2011-09-21 Gavin Barraclough <barraclough@apple.com>
-
- Should support value profiling on CPU(X86)
- https://bugs.webkit.org/show_bug.cgi?id=68575
-
- Reviewed by Sam Weinig.
-
- Fix verbose profiling in ToT (SlowCaseProfile had been
- partially renamed to RareCaseProfile), add in-memory
- bucket counter for CPU(X86), move JIT::m_canBeOptimized
- out of the DFG_JIT ifdef.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::resetRareCaseProfiles):
- (JSC::CodeBlock::dumpValueProfiles):
- * bytecode/CodeBlock.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
-
-2011-09-21 Filip Pizlo <fpizlo@apple.com>
-
- DFG does not support compiling functions as constructors
- https://bugs.webkit.org/show_bug.cgi?id=68500
-
- Reviewed by Oliver Hunt.
-
- This adds support for compiling constructors to the DFG. It's a
- 1% speed-up on V8, mostly due to a 6% speed-up on early-boyer.
- It's also a 13% win on access-binary-trees, but it's neutral in
- the SunSpider and Kraken averages.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGCapabilities.h:
- (JSC::DFG::mightCompileFunctionForConstruct):
- (JSC::DFG::canCompileOpcode):
- * dfg/DFGNode.h:
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileOptimizedForConstruct):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::compileForConstruct):
- (JSC::FunctionExecutable::compileFor):
- (JSC::FunctionExecutable::compileOptimizedFor):
-
-2011-09-21 Gavin Barraclough <barraclough@apple.com>
-
- Replace jsFunctionVPtr compares with a type check on the Structure.
- https://bugs.webkit.org/show_bug.cgi?id=68557
-
- Reviewed by Oliver Hunt.
-
- This will permit calls to still optimize to subclasses of JSFunction
- that have the correct type (but a different C++ vptr).
-
- This patch stops passing the globalData into numerous functions.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::isFunctionConstant):
- (JSC::DFG::Graph::valueOfFunctionConstant):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::isFunctionConstant):
- (JSC::DFG::JITCompiler::valueOfFunctionConstant):
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.h:
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitJumpIfNotType):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Executable.h:
- (JSC::isHostFunction):
- * runtime/JSFunction.h:
- (JSC::JSFunction::createStructure):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC::JSObject::putWithAttributes):
- * runtime/JSObject.h:
- (JSC::getJSFunction):
- (JSC::JSObject::putDirect):
- (JSC::JSObject::putDirectWithoutTransition):
- * runtime/JSType.h:
-
-2011-09-21 Geoffrey Garen <ggaren@apple.com>
-
- Removed WTFTHREADDATA_MULTITHREADED, making it always true
- https://bugs.webkit.org/show_bug.cgi?id=68549
-
- Reviewed by Darin Adler.
-
- Another part of making threads exist in WebKit.
-
- * wtf/WTFThreadData.cpp:
- * wtf/WTFThreadData.h:
- (WTF::wtfThreadData):
-
-2011-09-21 Dan Bernstein <mitz@apple.com>
-
- JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes
- https://bugs.webkit.org/show_bug.cgi?id=68451
-
- Reviewed by Darin Adler.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes
- check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS".
-
-2011-09-20 Gavin Barraclough <barraclough@apple.com>
-
- MacroAssembler fixes.
- https://bugs.webkit.org/show_bug.cgi?id=68494
-
- Reviewed by Sam Weinig.
-
- Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::orPtr):
- (JSC::MacroAssembler::loadPtr):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::or32):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::or32):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::or32):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::or32):
- (JSC::MacroAssemblerSH4::load32):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::load32):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::load32):
-
-2011-09-20 Geoffrey Garen <ggaren@apple.com>
-
- Some Heap cleanup.
-
- Reviewed by Beth Dakin.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath()
- because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock()
- since there is only one now.
-
- * heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused.
- Updated mark bit overhead calculation. Deployed atomsPerBlock in one
- place where we were recalculating it.
-
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::addBlock): Updated for rename.
-
-2011-09-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT always speculates integer on modulo
- https://bugs.webkit.org/show_bug.cgi?id=68485
-
- Reviewed by Oliver Hunt.
-
- Added support for double modulo, which is a call to fmod().
- Also added support for recording the old JIT's statistics
- on op_mod and propagating them along the graph. Finally,
- fixed a goof in the ArithNodeFlags propagation logic that
- was made obvious when I started testing ArithMod.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasArithNodeFlags):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::fixupNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-20 ChangSeok Oh <shivamidow@gmail.com>
-
- [GTK] requestAnimationFrame support for gtk port
- https://bugs.webkit.org/show_bug.cgi?id=66280
-
- Reviewed by Martin Robinson.
-
- Let GTK port use REQUEST_ANIMATION_FRAME_TIMER.
-
- * wtf/Platform.h:
-
-2011-09-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT performs too many negative zero checks, and too many
- overflow checks
- https://bugs.webkit.org/show_bug.cgi?id=68430
-
- Reviewed by Oliver Hunt.
-
- This adds comprehensive support for deciding how to perform an
- arithmetic operations based on a combination of overflow profiling,
- negative zero profiling, value profiling, and a static analysis of
- how the results of these operations get used.
-
- This is a 72% speed-up on stanford-crypto-sha256-iterative, and a
- 2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8
- geomean, and neutral on SunSpider. It's also an 8.5% speed-up on
- V8-crypto, because apparenty everything we do speeds up crypto.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::toInt32):
- (JSC::DFG::ByteCodeParser::toNumber):
- (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
- (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
- (JSC::DFG::ByteCodeParser::weaklyPredictInt32):
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::handleMinMax):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
- * dfg/DFGNode.h:
- (JSC::DFG::nodeUsedAsNumber):
- (JSC::DFG::nodeCanTruncateInteger):
- (JSC::DFG::nodeCanIgnoreNegativeZero):
- (JSC::DFG::nodeCanSpeculateInteger):
- (JSC::DFG::arithNodeFlagsAsString):
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::hasArithNodeFlags):
- (JSC::DFG::Node::rawArithNodeFlags):
- (JSC::DFG::Node::arithNodeFlags):
- (JSC::DFG::Node::arithNodeFlagsForCompare):
- (JSC::DFG::Node::setArithNodeFlag):
- (JSC::DFG::Node::mergeArithNodeFlags):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::isNotNegZero):
- (JSC::DFG::Propagator::isNotZero):
- (JSC::DFG::Propagator::propagateArithNodeFlags):
- (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
- (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
- (JSC::DFG::Propagator::propagateNodePredictions):
- (JSC::DFG::Propagator::propagatePredictionsForward):
- (JSC::DFG::Propagator::propagatePredictionsBackward):
- (JSC::DFG::Propagator::toDouble):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::fixup):
- (JSC::DFG::Propagator::startIndexForChildren):
- (JSC::DFG::Propagator::endIndexForPureCSE):
- (JSC::DFG::Propagator::pureCSE):
- (JSC::DFG::Propagator::clobbersWorld):
- (JSC::DFG::Propagator::setReplacement):
- (JSC::DFG::Propagator::performNodeCSE):
- (JSC::DFG::Propagator::localCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Refactor Heap allocation logic into separate AllocationSpace class
- https://bugs.webkit.org/show_bug.cgi?id=68409
-
- Reviewed by Gavin Barraclough.
-
- This patch hoists direct manipulation of the MarkedSpace and related
- data out of Heap and into a separate class. This will allow us to
- have multiple allocation spaces in future, so easing the way towards
- having GC'd backing stores for objects.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/Debugger.cpp:
- (JSC::Debugger::recompileAllJSFunctions):
- * heap/AllocationSpace.cpp: Added.
- (JSC::AllocationSpace::tryAllocate):
- (JSC::AllocationSpace::allocateSlowCase):
- (JSC::AllocationSpace::allocateBlock):
- (JSC::AllocationSpace::freeBlocks):
- (JSC::TakeIfEmpty::TakeIfEmpty):
- (JSC::TakeIfEmpty::operator()):
- (JSC::TakeIfEmpty::returnValue):
- (JSC::AllocationSpace::shrink):
- * heap/AllocationSpace.h: Added.
- (JSC::AllocationSpace::AllocationSpace):
- (JSC::AllocationSpace::blocks):
- (JSC::AllocationSpace::sizeClassFor):
- (JSC::AllocationSpace::setHighWaterMark):
- (JSC::AllocationSpace::highWaterMark):
- (JSC::AllocationSpace::canonicalizeBlocks):
- (JSC::AllocationSpace::resetAllocator):
- (JSC::AllocationSpace::forEachCell):
- (JSC::AllocationSpace::forEachBlock):
- (JSC::AllocationSpace::allocate):
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::reportExtraMemoryCostSlowCase):
- (JSC::Heap::getConservativeRegisterRoots):
- (JSC::Heap::markRoots):
- (JSC::Heap::clearMarks):
- (JSC::Heap::sweep):
- (JSC::Heap::objectCount):
- (JSC::Heap::size):
- (JSC::Heap::capacity):
- (JSC::Heap::globalObjectCount):
- (JSC::Heap::objectTypeCounts):
- (JSC::Heap::collect):
- (JSC::Heap::canonicalizeBlocks):
- (JSC::Heap::resetAllocator):
- (JSC::Heap::freeBlocks):
- (JSC::Heap::shrink):
- * heap/Heap.h:
- (JSC::Heap::objectSpace):
- (JSC::Heap::sizeClassForObject):
- (JSC::Heap::allocate):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicJSObject):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::recompileAllJSFunctions):
- (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-09-19 Geoffrey Garen <ggaren@apple.com>
-
- Removed BREWMP* platform #ifdefs
- https://bugs.webkit.org/show_bug.cgi?id=68425
-
- BREWMP* has no maintainer, and this is dead code.
-
- Reviewed by Darin Adler.
-
- * heap/MarkStack.h:
- (JSC::::shrinkAllocation):
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::cacheFlush):
- * runtime/TimeoutChecker.cpp:
- (JSC::getCPUTime):
- * wtf/Assertions.cpp:
- * wtf/Assertions.h:
- * wtf/CurrentTime.cpp:
- * wtf/DateMath.cpp:
- (WTF::calculateUTCOffset):
- * wtf/FastMalloc.cpp:
- (WTF::fastMalloc):
- (WTF::fastCalloc):
- (WTF::fastMallocSize):
- * wtf/FastMalloc.h:
- * wtf/MainThread.cpp:
- * wtf/MathExtras.h:
- * wtf/OwnPtrCommon.h:
- * wtf/Platform.h:
- * wtf/RandomNumber.cpp:
- (WTF::randomNumber):
- * wtf/RandomNumberSeed.h:
- (WTF::initializeRandomNumberGenerator):
- * wtf/text/WTFString.h:
- * wtf/unicode/Unicode.h:
-
-2011-09-20 Adam Roben <aroben@apple.com>
-
- Windows build fix after r95523
-
- * wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined.
-
-2011-09-18 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not speculate aggressively enough on GetById
- https://bugs.webkit.org/show_bug.cgi?id=68320
-
- Reviewed by Oliver Hunt.
-
- This adds the ability to access properties directly, by offset.
- This optimization kicks in when at the time of DFG compilation,
- it appears that the given get_by_id is self-cached by the old JIT.
- Two new opcodes get introduced: CheckStructure and GetByOffset.
- CheckStructure performs a speculation check on the object's
- structure, and returns the storage pointer. GetByOffset performs
- a direct read of the field from the storage pointer. Both
- CheckStructure and GetByOffset can be CSE'd, so that we can
- eliminate redundant structure checks, and redundant reads of the
- same field.
-
- This is a 4% speed-up on V8, a 2% slow-down on Kraken, and
- neutral on SunSpider.
-
- * bytecode/PredictedType.cpp:
- (JSC::predictionFromClassInfo):
- (JSC::predictionFromStructure):
- (JSC::predictionFromCell):
- * bytecode/PredictedType.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::dataFormatToString):
- (JSC::DFG::needDataFormatConversion):
- (JSC::DFG::GenerationInfo::initStorage):
- (JSC::DFG::GenerationInfo::spill):
- (JSC::DFG::GenerationInfo::fillStorage):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::getPrediction):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::fillStorage):
- (JSC::DFG::GPRTemporary::GPRTemporary):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentSpillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::spill):
- (JSC::DFG::JITCodeGenerator::storageResult):
- (JSC::DFG::StorageOperand::StorageOperand):
- (JSC::DFG::StorageOperand::~StorageOperand):
- (JSC::DFG::StorageOperand::index):
- (JSC::DFG::StorageOperand::gpr):
- (JSC::DFG::StorageOperand::use):
- * dfg/DFGNode.h:
- (JSC::DFG::OpInfo::OpInfo):
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::hasPrediction):
- (JSC::DFG::Node::hasStructure):
- (JSC::DFG::Node::structure):
- (JSC::DFG::Node::hasStorageAccessData):
- (JSC::DFG::Node::storageAccessDataIndex):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNode):
- (JSC::DFG::Propagator::globalVarLoadElimination):
- (JSC::DFG::Propagator::getMethodLoadElimination):
- (JSC::DFG::Propagator::checkStructureLoadElimination):
- (JSC::DFG::Propagator::getByOffsetLoadElimination):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compile):
- * wtf/StdLibExtras.h:
- (WTF::safeCast):
-
-2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove toPrimitive from JSCell
- https://bugs.webkit.org/show_bug.cgi?id=67875
-
- Reviewed by Darin Adler.
-
- Part of the refactoring process to un-virtualize JSCell. We move
- all of the implicit functionality provided by the virtual toPrimitive method
- in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
- also de-virtualizing JSCell::toPrimitive.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- (JSC::JSCell::toPrimitive):
- * runtime/JSCell.h:
-
- We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
- JSObject. This pushes the virtual method further down, enabling us to get rid
- of the virtual call in JSCell. Eventually we'll probably have to deal with this
- again, but we'll cross that bridge when we come to it.
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::defaultValue):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
-
-2011-09-19 Geoffrey Garen <ggaren@apple.com>
-
- Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs
- https://bugs.webkit.org/show_bug.cgi?id=68424
-
- As discussed on webkit-dev. All ports build with threads enabled in JSC now.
-
- This may break WinCE and other ports that have not built and tested with
- this configuration. I've filed bugs for port maintainers. It's time for
- WebKit to move forward.
-
- Reviewed by Mark Rowe.
-
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::~Heap):
- (JSC::Heap::destroy):
- (JSC::Heap::blockFreeingThreadMain):
- (JSC::Heap::allocateBlock):
- (JSC::Heap::freeBlocks):
- (JSC::Heap::releaseFreeBlocks):
- * heap/Heap.h:
- * wtf/Platform.h:
-
-2011-09-19 Geoffrey Garen <ggaren@apple.com>
-
- Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs
- https://bugs.webkit.org/show_bug.cgi?id=68423
-
- As discussed on webkit-dev. All ports build with threads enabled in WTF now.
-
- This may break WinCE and other ports that have not built and tested with
- this configuration. I've filed bugs for port maintainers. It's time for
- WebKit to move forward.
-
- Reviewed by Mark Rowe.
-
- * wtf/CryptographicallyRandomNumber.cpp:
- (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
- (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
- * wtf/FastMalloc.cpp:
- * wtf/Platform.h:
- * wtf/RandomNumber.cpp:
- (WTF::randomNumber):
- * wtf/RefCountedLeakCounter.cpp:
- (WTF::RefCountedLeakCounter::increment):
- (WTF::RefCountedLeakCounter::decrement):
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading):
- * wtf/ThreadingWin.cpp:
- (WTF::initializeThreading):
- * wtf/dtoa.cpp:
- (WTF::pow5mult):
- * wtf/gtk/ThreadingGtk.cpp:
- (WTF::initializeThreading):
- * wtf/qt/ThreadingQt.cpp:
- (WTF::initializeThreading):
-
-2011-09-19 Geoffrey Garen <ggaren@apple.com>
-
- Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs.
- https://bugs.webkit.org/show_bug.cgi?id=68422
-
- As discussed on webkit-dev. All ports build with threads enabled in JSC now.
-
- This may break WinCE and other ports that have not built and tested with
- this configuration. I've filed bugs for port maintainers. It's time for
- WebKit to move forward.
-
- Reviewed by Sam Weinig.
-
- * API/APIShims.h:
- (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
- * API/JSContextRef.cpp:
- * heap/MachineStackMarker.cpp:
- (JSC::MachineThreads::MachineThreads):
- (JSC::MachineThreads::~MachineThreads):
- (JSC::MachineThreads::gatherConservativeRoots):
- * heap/MachineStackMarker.h:
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- (JSC::initializeThreading):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::sharedInstance):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::makeUsableFromMultipleThreads):
- * runtime/JSLock.cpp:
- * runtime/Structure.cpp:
- * wtf/Platform.h:
-
-2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r95493 and r95496.
- http://trac.webkit.org/changeset/95493
- http://trac.webkit.org/changeset/95496
- https://bugs.webkit.org/show_bug.cgi?id=68418
-
- Broke Windows build (Requested by rniwa on #webkit).
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/Debugger.cpp:
- (JSC::Debugger::recompileAllJSFunctions):
- * heap/AllocationSpace.cpp: Removed.
- * heap/AllocationSpace.h: Removed.
- * heap/Heap.cpp:
- (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
- (JSC::CountFunctor::TakeIfEmpty::operator()):
- (JSC::CountFunctor::TakeIfEmpty::returnValue):
- (JSC::Heap::Heap):
- (JSC::Heap::reportExtraMemoryCostSlowCase):
- (JSC::Heap::tryAllocate):
- (JSC::Heap::allocateSlowCase):
- (JSC::Heap::getConservativeRegisterRoots):
- (JSC::Heap::markRoots):
- (JSC::Heap::clearMarks):
- (JSC::Heap::sweep):
- (JSC::Heap::objectCount):
- (JSC::Heap::size):
- (JSC::Heap::capacity):
- (JSC::Heap::globalObjectCount):
- (JSC::Heap::objectTypeCounts):
- (JSC::Heap::collect):
- (JSC::Heap::canonicalizeBlocks):
- (JSC::Heap::resetAllocator):
- (JSC::Heap::allocateBlock):
- (JSC::Heap::freeBlocks):
- (JSC::Heap::shrink):
- * heap/Heap.h:
- (JSC::Heap::markedSpace):
- (JSC::Heap::forEachCell):
- (JSC::Heap::forEachBlock):
- (JSC::Heap::sizeClassFor):
- (JSC::Heap::allocate):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicJSObject):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::recompileAllJSFunctions):
- (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-09-19 Gavin Barraclough <barraclough@apple.com>
-
- Errrk, missed stylebot comments in last commit.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncSplit):
-
-2011-09-19 Gavin Barraclough <barraclough@apple.com>
-
- String#split is buggy
- https://bugs.webkit.org/show_bug.cgi?id=68348
-
- Reviewed by Sam Weinig.
-
- * runtime/StringPrototype.cpp:
- (JSC::jsStringWithReuse):
- - added helper function to reuse original JSString value.
- (JSC::stringProtoFuncSplit):
- - Rewritten from the spec.
- * tests/mozilla/ecma/String/15.5.4.8-2.js:
- (getTestCases):
- - This test is not ES5 compliant.
-
-2011-09-19 Geoffrey Garen <ggaren@apple.com>
-
- Removed lots of friend declarations from JSCell, so we can more
- effectively make use of private and protected.
-
- Reviewed by Sam Weinig.
-
- * runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of
- confusion for not much safety.
- (JSC::JSCell::operator new): Made this public because it is used by a
- few clients, and not really dangerous.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC::JSObject::deleteProperty):
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::defineSetter):
- (JSC::JSObject::getPropertySpecificValue):
- (JSC::JSObject::getOwnPropertyNames):
- (JSC::JSObject::seal):
- (JSC::JSObject::freeze):
- (JSC::JSObject::preventExtensions):
- (JSC::JSObject::removeDirect):
- (JSC::JSObject::createInheritorID):
- (JSC::JSObject::allocatePropertyStorage):
- (JSC::JSObject::getOwnPropertyDescriptor):
- * runtime/JSObject.h:
- (JSC::JSObject::getDirect):
- (JSC::JSObject::getDirectLocation):
- (JSC::JSObject::hasCustomProperties):
- (JSC::JSObject::hasGetterSetterProperties):
- (JSC::JSObject::isSealed):
- (JSC::JSObject::isFrozen):
- (JSC::JSObject::isExtensible):
- (JSC::JSObject::flattenDictionaryObject):
- (JSC::JSObject::finishCreation):
- (JSC::JSObject::prototype):
- (JSC::JSObject::setPrototype):
- (JSC::JSObject::inlineGetOwnPropertySlot):
- (JSC::JSCell::fastGetOwnProperty):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putDirectWithoutTransition):
- (JSC::JSObject::transitionTo):
- (JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to
- structure() / setStructure(), so we don't have to be a friend of JSCell.
-
- * runtime/Structure.h:
- (JSC::JSCell::setStructure): Added, to avoid direct access by JSObject
- to JSCell::m_structure.
-
-2011-09-19 Adam Barth <abarth@webkit.org>
-
- Always enable ENABLE(EVENTSOURCE)
- https://bugs.webkit.org/show_bug.cgi?id=68414
-
- Reviewed by Eric Seidel.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-19 Eli Fidler <efidler@rim.com>
-
- Enable JSC_MULTIPLE_THREADS for OS(QNX).
- https://bugs.webkit.org/show_bug.cgi?id=68047
-
- Reviewed by Daniel Bates.
-
- SA_RESTART was required for SIGUSR2-based debugging, but is not
- present on QNX. This debugging doesn't seem critical to
- JSC_MULTIPLE_THREADS, so allow it to proceed.
-
- * heap/MachineStackMarker.cpp:
- (JSC::MachineThreads::Thread::Thread):
- (JSC::getPlatformThreadRegisters):
- (JSC::otherThreadStackPointer):
- (JSC::freePlatformThreadRegisters):
- * wtf/Platform.h: enable PTHREADS for OS(QNX)
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Refactor Heap allocation logic into separate AllocationSpace class
- https://bugs.webkit.org/show_bug.cgi?id=68409
-
- Reviewed by Gavin Barraclough.
-
- This patch hoists direct manipulation of the MarkedSpace and related
- data out of Heap and into a separate class. This will allow us to
- have multiple allocation spaces in future, so easing the way towards
- having GC'd backing stores for objects.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/Debugger.cpp:
- (JSC::Debugger::recompileAllJSFunctions):
- * heap/AllocationSpace.cpp: Added.
- (JSC::AllocationSpace::tryAllocate):
- (JSC::AllocationSpace::allocateSlowCase):
- (JSC::AllocationSpace::allocateBlock):
- (JSC::AllocationSpace::freeBlocks):
- (JSC::TakeIfEmpty::TakeIfEmpty):
- (JSC::TakeIfEmpty::operator()):
- (JSC::TakeIfEmpty::returnValue):
- (JSC::AllocationSpace::shrink):
- * heap/AllocationSpace.h: Added.
- (JSC::AllocationSpace::AllocationSpace):
- (JSC::AllocationSpace::blocks):
- (JSC::AllocationSpace::sizeClassFor):
- (JSC::AllocationSpace::setHighWaterMark):
- (JSC::AllocationSpace::highWaterMark):
- (JSC::AllocationSpace::canonicalizeBlocks):
- (JSC::AllocationSpace::resetAllocator):
- (JSC::AllocationSpace::forEachCell):
- (JSC::AllocationSpace::forEachBlock):
- (JSC::AllocationSpace::allocate):
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::reportExtraMemoryCostSlowCase):
- (JSC::Heap::getConservativeRegisterRoots):
- (JSC::Heap::markRoots):
- (JSC::Heap::clearMarks):
- (JSC::Heap::sweep):
- (JSC::Heap::objectCount):
- (JSC::Heap::size):
- (JSC::Heap::capacity):
- (JSC::Heap::globalObjectCount):
- (JSC::Heap::objectTypeCounts):
- (JSC::Heap::collect):
- (JSC::Heap::canonicalizeBlocks):
- (JSC::Heap::resetAllocator):
- (JSC::Heap::freeBlocks):
- (JSC::Heap::shrink):
- * heap/Heap.h:
- (JSC::Heap::objectSpace):
- (JSC::Heap::sizeClassForObject):
- (JSC::Heap::allocate):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicJSObject):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::recompileAllJSFunctions):
- (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-09-19 Adam Roben <aroben@apple.com>
-
- Windows build fix after r95310
-
- * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added
- include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found.
-
-2011-09-19 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculation failures should act as additional value profiles
- https://bugs.webkit.org/show_bug.cgi?id=68335
-
- Reviewed by Oliver Hunt.
-
- This adds slow-case counters to the old JIT. It also ensures that
- negative zero in multiply is handled carefully. The old JIT
- previously took slow path if the result of a multiply was zero,
- which, without any changes, would cause the DFG to think that
- every such multiply produced a double result.
-
- This also fixes a bug in the old JIT's handling of decrements. It
- would take the slow path if the result was zero, but not if it
- underflowed.
-
- By itself, this would be a 1% slow-down on V8 and Kraken. But then
- I wrote optimizations in the DFG that take advantage of this new
- information. It's no longer the case that every multiply needs to
- do a check for negative zero; it only happens if the negative
- zero is ignored.
-
- This results in a 12% speed-up on v8-crypto, for a 1.4% geomean
- speed-up in V8. It's mostly neutral on Kraken. I can see an
- 0.5% slow-down and it appears to be significant.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::resetRareCaseProfiles):
- (JSC::CodeBlock::dumpValueProfiles):
- * bytecode/CodeBlock.h:
- * bytecode/ValueProfile.h:
- (JSC::RareCaseProfile::RareCaseProfile):
- (JSC::getRareCaseProfileBytecodeOffset):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::toInt32):
- (JSC::DFG::ByteCodeParser::makeSafe):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::GPRTemporary::GPRTemporary):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNode):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::clobbersWorld):
- (JSC::DFG::Propagator::performNodeCSE):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- * jit/JIT.h:
- (JSC::JIT::linkDummySlowCase):
- * jit/JITArithmetic.cpp:
- (JSC::JIT::emit_op_post_dec):
- (JSC::JIT::emit_op_pre_dec):
- (JSC::JIT::compileBinaryArithOp):
- (JSC::JIT::emit_op_add):
- (JSC::JIT::emitSlow_op_add):
- * jit/JITInlineMethods.h:
- (JSC::JIT::addSlowCase):
-
-2011-09-19 Adam Roben <aroben@apple.com>
-
- Windows build fix after r94575
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp
- now builds just before FindSafari.
-
-2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r95466.
- http://trac.webkit.org/changeset/95466
- https://bugs.webkit.org/show_bug.cgi?id=68389
-
- Incorrect version of the patch. (Requested by mhahnenberg on
- #webkit).
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- (JSC::JSCell::toPrimitive):
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::toPrimitive):
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::toPrimitive):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
-
-2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove toPrimitive from JSCell
- https://bugs.webkit.org/show_bug.cgi?id=67875
-
- Reviewed by Geoffrey Garen.
-
- Part of the refactoring process to un-virtualize JSCell. We move
- all of the implicit functionality provided by the virtual toPrimitive method
- in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
- also de-virtualizing JSCell::toPrimitive.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- (JSC::JSCell::toPrimitive):
- * runtime/JSCell.h:
-
- We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
- JSObject. This pushes the virtual method further down, enabling us to get rid
- of the virtual call in JSCell. Eventually we'll probably have to deal with this
- again, but we'll cross that bridge when we come to it.
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::defaultValue):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
- (JSC::JSValue::toPrimitive):
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Build fix.
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::compileGetDirectOffset):
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp}
- https://bugs.webkit.org/show_bug.cgi?id=68376
-
- Reviewed by Gavin Barraclough.
-
- Renamed the the MarkedSpace files to match new name, and
- updated the relevant references.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/Heap.h:
- * heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp.
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::addBlock):
- (JSC::MarkedSpace::removeBlock):
- (JSC::MarkedSpace::resetAllocator):
- (JSC::MarkedSpace::canonicalizeBlocks):
- * heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h.
- (JSC::MarkedSpace::waterMark):
- (JSC::MarkedSpace::highWaterMark):
- (JSC::MarkedSpace::setHighWaterMark):
- (JSC::MarkedSpace::sizeClassFor):
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::forEachBlock):
- (JSC::MarkedSpace::SizeClass::SizeClass):
- (JSC::MarkedSpace::SizeClass::resetAllocator):
- (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
- * runtime/JSCell.h:
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Rename NewSpace to MarkedSpace
- https://bugs.webkit.org/show_bug.cgi?id=68375
-
- Reviewed by Gavin Barraclough.
-
- Rename NewSpace to a more accurate name, and update all uses.
- This patch doesn't rename the files themselves as that will
- just make the patch appear bigger than it is.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * heap/Heap.cpp:
- (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
- (JSC::CountFunctor::TakeIfEmpty::operator()):
- (JSC::Heap::Heap):
- (JSC::Heap::reportExtraMemoryCostSlowCase):
- (JSC::Heap::tryAllocate):
- (JSC::Heap::allocateSlowCase):
- (JSC::Heap::collect):
- (JSC::Heap::canonicalizeBlocks):
- (JSC::Heap::resetAllocator):
- (JSC::Heap::isValidAllocation):
- (JSC::Heap::shrink):
- * heap/Heap.h:
- (JSC::Heap::markedSpace):
- (JSC::Heap::sizeClassFor):
- (JSC::Heap::allocate):
- * heap/NewSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::addBlock):
- (JSC::MarkedSpace::removeBlock):
- (JSC::MarkedSpace::resetAllocator):
- (JSC::MarkedSpace::canonicalizeBlocks):
- * heap/NewSpace.h:
- (JSC::MarkedSpace::waterMark):
- (JSC::MarkedSpace::highWaterMark):
- (JSC::MarkedSpace::setHighWaterMark):
- (JSC::MarkedSpace::sizeClassFor):
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::forEachBlock):
- (JSC::MarkedSpace::SizeClass::SizeClass):
- (JSC::MarkedSpace::SizeClass::resetAllocator):
- (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicJSObject):
-
-2011-09-19 Peter Rybin <peter.rybin@gmail.com>
-
- TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes
- https://bugs.webkit.org/show_bug.cgi?id=63541
-
- Reviewed by Adam Barth.
-
- * parser/SourceProvider.h:
- (JSC::SourceProvider::startPosition):
- * wtf/text/TextPosition.h:
- (WTF::OrdinalNumber::fromZeroBasedInt):
- (WTF::OrdinalNumber::fromOneBasedInt):
- (WTF::OrdinalNumber::OrdinalNumber):
- (WTF::OrdinalNumber::zeroBasedInt):
- (WTF::OrdinalNumber::oneBasedInt):
- (WTF::OrdinalNumber::operator==):
- (WTF::OrdinalNumber::operator!=):
- (WTF::OrdinalNumber::first):
- (WTF::OrdinalNumber::beforeFirst):
- (WTF::TextPosition::TextPosition):
- (WTF::TextPosition::minimumPosition):
- (WTF::TextPosition::belowRangePosition):
-
-2011-09-19 Dan Bernstein <mitz@apple.com>
-
- JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes
- https://bugs.webkit.org/show_bug.cgi?id=68323
-
- Reviewed by Sam Weinig.
-
- Renamed WTFMainThreadCaller to JSWTFMainThreadCaller.
-
- * wtf/mac/MainThreadMac.mm:
- (WTF::initializeMainThreadPlatform):
- (WTF::initializeMainThreadToProcessMainThreadPlatform):
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Remove direct property slot pointers from the instruction stream
- https://bugs.webkit.org/show_bug.cgi?id=68373
-
- Reviewed by Gavin Barraclough.
-
- Use an indirect load to access prototype properties rather than directly
- storing the property address in the instruction stream. This should allow
- further optimisations in future, and also provides a 0.5% win to sunspider.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::generateProtoChainAccessStub):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::compileGetDirectOffset):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::compileGetDirectOffset):
- * runtime/JSObject.h:
- (JSC::JSObject::addressOfPropertyStorage):
-
-2011-09-19 Oliver Hunt <oliver@apple.com>
-
- Remove bump allocator
- https://bugs.webkit.org/show_bug.cgi?id=68370
-
- Reviewed by Sam Weinig.
-
- Can't do anything with this allocator currently, and it's
- increasing the complexity of the GC code. Slight progression
- on SunSpider, slight regression (undoing the original progression)
- in V8.
-
- * heap/Heap.cpp:
- (JSC::Heap::collect):
- * heap/Heap.h:
- * heap/NewSpace.cpp:
- (JSC::NewSpace::NewSpace):
- * heap/NewSpace.h:
- (JSC::NewSpace::allocate):
- * runtime/JSObject.cpp:
- (JSC::JSObject::allocatePropertyStorage):
- * runtime/JSObject.h:
- (JSC::JSObject::~JSObject):
- (JSC::JSObject::visitChildrenDirect):
- * runtime/StorageBarrier.h:
- (JSC::StorageBarrier::set):
-
-2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Fix distcheck build
- https://bugs.webkit.org/show_bug.cgi?id=68346
-
- Reviewed by Philippe Normand.
-
- * GNUmakefile.list.am:
-
-2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Fix distcheck build
- https://bugs.webkit.org/show_bug.cgi?id=68241
-
- Reviewed by Martin Robinson.
-
- * GNUmakefile.list.am:
-
-2011-09-18 Dan Bernstein <mitz@apple.com>
-
- Removed ProfilerServer.
-
- Reviewed by Mark Rowe.
-
- * JavaScriptCore.gypi:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * profiler/ProfilerServer.h: Removed.
- * profiler/ProfilerServer.mm: Removed.
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * wscript:
-
-2011-09-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should inline Math.min, Math.max, and Math.sqrt
- https://bugs.webkit.org/show_bug.cgi?id=68318
-
- Reviewed by Gavin Barraclough.
-
- Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for
- a function to have an intrinsic but not a thunk generator. This is
- a 7% speed-up on access-nbody, and neutral elsewhere, mainly because
- we're still not DFG compiling the bulk of the hot code in Kraken audio
- benchmarks.
-
- * create_hash_table:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::handleMinMax):
- (JSC::DFG::ByteCodeParser::handleIntrinsic):
- * dfg/DFGIntrinsic.h:
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNode):
- (JSC::DFG::Propagator::fixupNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
-
-2011-09-18 Nico Weber <thakis@chromium.org>
-
- Remove two files from JavaScriptCore.gypi that were removed in r95240
- https://bugs.webkit.org/show_bug.cgi?id=68327
-
- Unreviewed, build warning fix.
-
- * JavaScriptCore.gypi:
-
-2011-09-17 Oliver Hunt <oliver@apple.com>
-
- Remove special case handling of inline storage from the JIT
- https://bugs.webkit.org/show_bug.cgi?id=68319
-
- Reviewed by Gavin Barraclough.
-
- Simplify logic used for reading and writing to property storage
- by removing the special cases for inline storage. This has no
- perf impact.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::generateProtoChainAccessStub):
- (JSC::DFG::tryBuildGetByIDList):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::compilePutDirectOffset):
- (JSC::JIT::compileGetDirectOffset):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompileGetByIdSelfList):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::compilePutDirectOffset):
- (JSC::JIT::compileGetDirectOffset):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompileGetByIdSelfList):
-
-2011-09-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not have full block-local CSE
- https://bugs.webkit.org/show_bug.cgi?id=68316
-
- Reviewed by Oliver Hunt.
-
- This adds block-local CSE to the DFG. CSE runs in the propagator just after
- type propagation. It is part of the propagator itself because it needs to
- use the propagator's internal data structures to determine which operations
- may have side effects. Because it changes the live-ranges of nodes, the
- virtual register allocator had to be moved into the propagator so that it
- runs after CSE. To ensure that the back-end knows to keep the inputs to
- any eliminated node alive for OSR, a new node type, Phantom, was introduced.
- It is a no-op but prolonges the live-range of its inputs.
-
- This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on
- Kraken.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGAliasTracker.h: Removed.
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::MethodCheckData::operator==):
- (JSC::DFG::MethodCheckData::operator!=):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasVirtualRegister):
- (JSC::DFG::Node::setRefCount):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::Propagator):
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::propagateNode):
- (JSC::DFG::Propagator::canonicalize):
- (JSC::DFG::Propagator::computeStartIndex):
- (JSC::DFG::Propagator::startIndex):
- (JSC::DFG::Propagator::pureCSE):
- (JSC::DFG::Propagator::globalVarLoadElimination):
- (JSC::DFG::Propagator::getByValLoadElimination):
- (JSC::DFG::Propagator::getMethodLoadElimination):
- (JSC::DFG::Propagator::performSubstitution):
- (JSC::DFG::Propagator::setReplacement):
- (JSC::DFG::Propagator::performNodeCSE):
- (JSC::DFG::Propagator::performBlockCSE):
- (JSC::DFG::Propagator::localCSE):
- (JSC::DFG::Propagator::allocateVirtualRegisters):
- (JSC::DFG::propagate):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-16 Filip Pizlo <fpizlo@apple.com>
-
- method_check should repatch itself if it finds that the new structure(s)
- are the result of transitions from the old structure(s)
- https://bugs.webkit.org/show_bug.cgi?id=68294
-
- Reviewed by Gavin Barraclough.
-
- Previously a patched method_check would slow-path to get_by_id. Now it
- slow-paths to method_check_update, which attempts to correct the
- method_check due to structure transitions before bailing to get_by_id.
-
- This is a 1-2% speed-up on some benchmarks and is not a slow-down
- anywhere, leading to a 0.6% speed-up on the Kraken geomean.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::patchMethodCallProto):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
- * runtime/Structure.h:
- (JSC::Structure::transitivelyTransitionedFrom):
-
-2011-09-16 Ryosuke Niwa <rniwa@webkit.org>
-
- Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests).
-
- * wtf/Platform.h:
-
-2011-09-16 Sam Weinig <sam@webkit.org>
-
- Rename APIValueWrapper type to APIValueWrapperType for consistency
- https://bugs.webkit.org/show_bug.cgi?id=68306
-
- Reviewed by Anders Carlsson.
-
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- Update name.
-
- * runtime/JSType.h:
- Update name and un-indent.
-
- * runtime/Structure.h:
- (JSC::JSCell::isAPIValueWrapper):
- Update name.
-
-2011-09-16 Sam Weinig <sam@webkit.org>
-
- Remove unused isStrictModeFunction function
- https://bugs.webkit.org/show_bug.cgi?id=68305
-
- Reviewed by Anders Carlsson.
-
- * runtime/JSObject.h:
- (JSC::JSObject::isStrictModeFunction):
-
-2011-09-16 Sam Weinig <sam@webkit.org>
-
- Cleanup JSTypeInfo a bit
- https://bugs.webkit.org/show_bug.cgi?id=68289
-
- Reviewed by Anders Carlsson.
-
- * dfg/DFGOperations.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- Replace direct access to flags() with predicate.
-
- * runtime/JSObject.h:
- (JSC::JSFinalObject::createStructure):
- Pass FinalObjectType instead of using special IsJSFinalObject.
-
- * runtime/JSTypeInfo.h:
- (JSC::TypeInfo::TypeInfo):
- Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set.
-
- (JSC::TypeInfo::isFinalObject):
- Added.
-
- (JSC::TypeInfo::masqueradesAsUndefined):
- (JSC::TypeInfo::implementsHasInstance):
- (JSC::TypeInfo::isEnvironmentRecord):
- (JSC::TypeInfo::overridesHasInstance):
- (JSC::TypeInfo::implementsDefaultHasInstance):
- (JSC::TypeInfo::overridesGetOwnPropertySlot):
- (JSC::TypeInfo::overridesVisitChildren):
- (JSC::TypeInfo::overridesGetPropertyNames):
- (JSC::TypeInfo::prohibitsPropertyCaching):
- (JSC::TypeInfo::isSetOnFlags1):
- (JSC::TypeInfo::isSetOnFlags2):
- Replace direct bit twiddling with helper functions.
-
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- Use new isFinalObject() predicate.
-
-2011-09-16 Gavin Barraclough <barraclough@apple.com>
-
- Unsigned bit shift fails under certain conditions in 32 bit builds
- https://bugs.webkit.org/show_bug.cgi?id=68166
-
- Reviewed by Geoff Garen.
-
- The major bug here is that the slow case (which handles shifts of
- doubles) doesn't check for negative results from an unsigned shift
- (which should be unsigned, and as such can't be represented by a
- signed integer immediate). The implementation is also flawed for
- shifts by negative shift amounts (treats as shift by zero).
-
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emitRightShift):
- (JSC::JIT::emitRightShiftSlowCase):
-
-2011-09-16 Geoffrey Garen <ggaren@apple.com>
-
- Removed undetectable style.filter.
-
- Reviewed by Sam Weinig.
-
- This feature was added in http://trac.webkit.org/changeset/15557 to
- support housingmaps.com. But housingmaps.com no longer needs this hack,
- we don't know of other websites that need it, and we don't know of
- any other browsers that have implemented this feature.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/JSTypeInfo.h:
- * runtime/StringObjectThatMasqueradesAsUndefined.h: Removed.
-
-2011-09-15 Sam Weinig <sam@webkit.org>
-
- Prepare JSTypes for more Object subtypes
- https://bugs.webkit.org/show_bug.cgi?id=68200
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::branchIfNotObject):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitJumpIfNotObject):
- * runtime/JSGlobalObject.h:
- (JSC::Structure::prototypeForLookup):
- * runtime/JSObject.h:
- (JSC::JSObject::finishCreation):
- * runtime/JSType.h:
- * runtime/JSTypeInfo.h:
- (JSC::TypeInfo::type):
- (JSC::TypeInfo::isObject):
- (JSC::TypeInfo::isFinal):
- (JSC::TypeInfo::prohibitsPropertyCaching):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::finishCreation):
- * runtime/Operations.cpp:
- (JSC::jsIsObjectType):
- * runtime/Structure.cpp:
- (JSC::Structure::addPropertyTransitionToExistingStructure):
- (JSC::Structure::addPropertyTransition):
- * runtime/Structure.h:
- (JSC::Structure::isObject):
- (JSC::JSCell::isObject):
-
-2011-09-16 Geoffrey Garen <ggaren@apple.com>
-
- Rolled back in r95201 with test failure fixed.
-
- I missed two cases of jumpSlowToHot in rshift -- these cases need to be
- sure to initialize regT1 to the int tag, since it will otherwise hold
- the top 32 bits of a double.
-
- * jit/JIT.h:
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_lshift):
- (JSC::JIT::emitRightShift):
- (JSC::JIT::emitRightShiftSlowCase):
- (JSC::JIT::emit_op_bitand):
- (JSC::JIT::emit_op_bitor):
- (JSC::JIT::emit_op_bitxor):
- (JSC::JIT::emit_op_bitnot):
- (JSC::JIT::emit_op_post_inc):
- (JSC::JIT::emit_op_post_dec):
- (JSC::JIT::emit_op_pre_inc):
- (JSC::JIT::emit_op_pre_dec):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitStoreAndMapInt32):
-
-2011-09-16 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed Windows build fix after 95318.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-16 Adam Roben <aroben@apple.com>
-
- Windows build fix after r95310
-
- * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the
- include path so DFGIntrinsic.h can be found.
-
-2011-09-16 Gavin Barraclough <barraclough@apple.com>
-
- Rationalize JSObject::putDirect* methods
- https://bugs.webkit.org/show_bug.cgi?id=68274
-
- Reviewed by Sam Weinig.
-
- Delete the *Function variants. These are overall inefficient,
- in the way they get the name back from the function rather
- than just passing it in.
-
- * JavaScriptCore.exp:
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (GlobalObject::addFunction):
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::addFunctionProperties):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC::JSObject::putWithAttributes):
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::defineSetter):
- * runtime/JSObject.h:
- (JSC::JSObject::putDirect):
- (JSC::JSObject::putDirectWithoutTransition):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- * runtime/Lookup.h:
- (JSC::lookupPut):
-
-2011-09-16 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for Windows.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2011-09-16 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for non-DFG builds.
-
- * runtime/Executable.h:
- (JSC::NativeExecutable::finishCreation):
-
-2011-09-16 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should inline Math.abs
- https://bugs.webkit.org/show_bug.cgi?id=68227
-
- Reviewed by Oliver Hunt.
-
- This adds the ability to track intrinsic functions throughout the
- host function infrastructure, so that the DFG can easily query
- whether or not a call's target is intrinsic, and if so, which
- intrinsic it is.
-
- On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs)
- is transformed into ValueToNumber<-ArithAbs nodes. These nodes
- then get optimized using the usual tricks.
-
- Also had to make a completely unrelated change to
- DateInstanceCache.h in order to fix a preexisting alphabetical
- sorting problem in JSGlobalData.h
-
- This results in a big win in imaging-gaussian-blur: 61% faster
- than before. The net win on Kraken is around 13%.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * create_hash_table:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::isFunctionConstant):
- (JSC::DFG::Graph::valueOfFunctionConstant):
- * dfg/DFGIntrinsic.h: Added.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::isFunctionConstant):
- (JSC::DFG::JITCodeGenerator::valueOfFunctionConstant):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::isFunctionConstant):
- (JSC::DFG::JITCompiler::valueOfFunctionConstant):
- * dfg/DFGNode.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
- * jit/JITStubs.h:
- * runtime/DateInstanceCache.h:
- * runtime/Executable.cpp:
- (JSC::ExecutableBase::intrinsic):
- (JSC::NativeExecutable::intrinsic):
- * runtime/Executable.h:
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::finishCreation):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::getHostFunction):
- * runtime/JSGlobalData.h:
- * runtime/Lookup.cpp:
- (JSC::HashTable::createTable):
- (JSC::setUpStaticFunctionSlot):
- * runtime/Lookup.h:
- (JSC::HashEntry::initialize):
- (JSC::HashEntry::intrinsic):
-
-2011-09-16 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences
- using Domino's online ordering
- https://bugs.webkit.org/show_bug.cgi?id=68220
-
- Reviewed by Oliver Hunt.
-
- Weak handle processing can result in new objects being marked, which
- results in new WeakReferencesHarvesters being added. But weak
- reference harvesters are only processed before weak handle processing,
- so there's the risk that a weak reference harvester will persist
- until the next collection, by which time it may have been deleted.
-
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
-
-2011-09-16 Csaba Osztrogonác <ossy@webkit.org>
-
- REGRESSION(r95201): It made two tests fail
- https://bugs.webkit.org/show_bug.cgi?id=68230
-
- Unreviewed rolling out r95201.
-
- * jit/JIT.h:
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_lshift):
- (JSC::JIT::emitRightShift):
- (JSC::JIT::emit_op_bitand):
- (JSC::JIT::emit_op_bitor):
- (JSC::JIT::emit_op_bitxor):
- (JSC::JIT::emit_op_bitnot):
- (JSC::JIT::emit_op_post_inc):
- (JSC::JIT::emit_op_post_dec):
- (JSC::JIT::emit_op_pre_inc):
- (JSC::JIT::emit_op_pre_dec):
- * jit/JITInlineMethods.h:
-
-2011-09-15 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not optimize method_check
- https://bugs.webkit.org/show_bug.cgi?id=68215
-
- Reviewed by Oliver Hunt.
-
- MethodCallLinkInfo and StructureStubInfo are now searchable by
- bytecodeIndex, so that DFG::ByteCodeParser can use that information
- to determine how to optimize GetMethod.
-
- A new node op has been added to DFG: CheckMethod. This is a variant
- of GetMethod that has been optimized for the case that GetMethod
- always takes the fast path. CheckMethod results in only a very
- small amount of code (two loads and two branches in the worst case,
- one load and one branch in the best case). CheckMethod behaves as
- if it were a constant.
-
- Introduced the notion that a DFG node that is not JSConstant
- behaves as a constant. CheckMethod uses this functionality.
-
- This is a 3% speed-up on Kraken, and a small speed-up on V8.
- Appears to be neutral on SunSpider.
-
- * bytecode/CodeBlock.h:
- (JSC::getStructureStubInfoBytecodeIndex):
- (JSC::getMethodCallLinkInfoBytecodeIndex):
- * bytecode/PredictedType.cpp:
- (JSC::predictionFromCell):
- (JSC::predictionFromValue):
- * bytecode/PredictedType.h:
- * bytecode/StructureStubInfo.h:
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::recordGetMethod):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::getMethodCheckPrediction):
- (JSC::DFG::Graph::getPrediction):
- (JSC::DFG::Graph::isConstant):
- (JSC::DFG::Graph::isJSConstant):
- (JSC::DFG::Graph::valueOfJSConstant):
- (JSC::DFG::Graph::valueOfInt32Constant):
- (JSC::DFG::Graph::valueOfNumberConstant):
- (JSC::DFG::Graph::valueOfBooleanConstant):
- (JSC::DFG::Graph::valueOfJSConstantNode):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
- (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentSpillFPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::fillInt32ToInteger):
- (JSC::DFG::JITCompiler::fillToJS):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasConstant):
- (JSC::DFG::Node::hasIdentifier):
- (JSC::DFG::Node::hasMethodCheckData):
- (JSC::DFG::Node::methodCheckDataIndex):
- (JSC::DFG::Node::valueOfJSConstant):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
- (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::structureAddress):
-
-2011-09-15 Adam Barth <abarth@webkit.org>
-
- Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE)
- https://bugs.webkit.org/show_bug.cgi?id=68205
-
- Reviewed by Eric Seidel.
-
- * Configurations/FeatureDefines.xcconfig:
- * wtf/Platform.h:
-
-2011-09-15 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (7/7)
- https://bugs.webkit.org/show_bug.cgi?id=68122
-
- Reviewed by Geoffrey Garen.
-
- Completed the seventh and final level of the refactoring to add finishCreation()
- methods to all classes within the JSCell hierarchy with non-trivial
- constructor bodies.
-
- JSCallbackObject was missed in previous patches due to the fact that
- it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so
- this is just a bit of retroactive cleanup.
-
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::create):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::JSCallbackObject):
-
-2011-09-15 Filip Pizlo <fpizlo@apple.com>
-
- The DFG non-speculative JIT is no longer used and should be removed.
- https://bugs.webkit.org/show_bug.cgi?id=68177
-
- Reviewed by Geoffrey Garen.
-
- This removes the non-speculative JIT and everything that relied on it,
- including the ability to turn on DFG but not tiered compilation the,
- ability to perform speculation failure into non-speculative JIT code,
- and the ability to statically terminate speculation.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.pro:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitLoopHint):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::getStrongPrediction):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGGenerationInfo.h:
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGJITCodeGenerator.cpp:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkOSRExits):
- (JSC::DFG::JITCompiler::compileBody):
- * dfg/DFGJITCompiler.h:
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp: Removed.
- * dfg/DFGNonSpeculativeJIT.h: Removed.
- * dfg/DFGOSREntry.cpp:
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGPropagator.cpp:
- * dfg/DFGPropagator.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::osrExits):
- (JSC::DFG::SpeculativeJIT::speculationRecovery):
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * jit/JITCode.h:
- (JSC::JITCode::bottomTierJIT):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- * runtime/JSGlobalData.h:
- * wtf/Platform.h:
-
-2011-09-15 Eric Seidel <eric@webkit.org>
-
- Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default
- https://bugs.webkit.org/show_bug.cgi?id=68182
-
- Reviewed by Adam Barth.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-15 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT sometimes asserts that a value is not a number
- even when it doesn't know anything about the number
- https://bugs.webkit.org/show_bug.cgi?id=68189
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::isUnknownJS):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
-
-2011-09-15 Filip Pizlo <fpizlo@apple.com>
-
- All of the functionality in the non-speculative JIT should be
- available to the speculative JIT via helper methods
- https://bugs.webkit.org/show_bug.cgi?id=68186
-
- Reviewed by Oliver Hunt.
-
- Stole all of the goodness from NonSpeculativeJIT and placed it
- in JITCodeGenerator. Left all of the badness (i.e. subtle code
- duplication with SpeculativeJIT, etc). This is in preparation
- for removing the NonSpeculativeJIT entirely, but having its
- goodness available for reuse in the SpeculativeJIT if necessary.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
-
-2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r95167.
- http://trac.webkit.org/changeset/95167
- https://bugs.webkit.org/show_bug.cgi?id=68191
-
- Patch needs further work. (Requested by mhahnenberg on
- #webkit).
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- (JSC::JSCell::toBoolean):
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::toBoolean):
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::toBoolean):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean):
-
-2011-09-15 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for platforms that expect a linkable symbol
- for primitive static const's.
-
- * bytecode/CodeBlock.h:
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
-
-2011-09-15 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for assertion on existence of alternative
- CodeBlock.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- Value profiles collect no information for global variables
- https://bugs.webkit.org/show_bug.cgi?id=68143
-
- Reviewed by Geoffrey Garen.
-
- 17% speed-up on string-fasta. Neutral elsewhere.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getStrongPrediction):
- (JSC::DFG::ByteCodeParser::stronglyPredict):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_get_global_var):
-
-2011-09-15 Eric Seidel <eric@webkit.org>
-
- Remove ENABLE_SVG_ANIMATION as all major ports have it on by default
- https://bugs.webkit.org/show_bug.cgi?id=68022
-
- Reviewed by Ryosuke Niwa.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-15 Gavin Barraclough <barraclough@apple.com>
-
- Ooops, revert accidentally commited unreviewed changes.
-
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_jfalse):
- (JSC::JIT::emit_op_jtrue):
- * jit/JSInterfaceJIT.h:
- * runtime/JSValue.h:
-
-2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r95163.
- http://trac.webkit.org/changeset/95163
- https://bugs.webkit.org/show_bug.cgi?id=68180
-
- [Qt] The QT_GCC_X variables were removed in Qt5 by accident.
- (Requested by darktears on #webkit).
-
- * JavaScriptCore.pro:
-
-2011-09-15 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix p1.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_jfalse):
- (JSC::JIT::emit_op_jtrue):
- * jit/JSInterfaceJIT.h:
- * runtime/JSValue.h:
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- Tiered compilation should be enabled by default on platforms
- that support the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=68136
-
- Reviewed by Sam Weinig.
-
- Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on
- Kraken. Large progressions on some benchmarks, including
- 3x on imaging-desaturate.
-
- * wtf/Platform.h:
-
-2011-09-15 Gavin Barraclough <barraclough@apple.com>
-
- devirtualize preventExtensions
- https://bugs.webkit.org/show_bug.cgi?id=68176
-
- Reviewed by Oliver Hunt.
-
- This is virtual due to problems in JSFunction putting the prototype
- property, but we can fix this problem a different way, just setting
- the checkReadOnly flag to false in the put.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertySlot):
- * runtime/JSFunction.h:
- * runtime/JSObject.h:
-
-2011-09-15 Geoffrey Garen <ggaren@apple.com>
-
- Value chaining for JSValue32_64 bitops.
-
- Reviewed by Sam Weinig.
-
- SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto).
-
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores
- that can chain their results, which is the common case.
-
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_lshift):
- (JSC::JIT::emitRightShift):
- (JSC::JIT::emit_op_bitand):
- (JSC::JIT::emit_op_bitor):
- (JSC::JIT::emit_op_bitxor):
- (JSC::JIT::emit_op_bitnot):
- (JSC::JIT::emit_op_pre_inc):
- (JSC::JIT::emit_op_pre_dec): Deployed new function.
- (JSC::JIT::emit_op_post_inc):
- (JSC::JIT::emit_op_post_dec): Had to reorder these functions so they
- computed their result values last, to make them elligible for chaining.
-
-2011-09-15 Adam Roben <aroben@apple.com>
-
- Clang build fix after r95172
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
- Added parentheses to make precendence clear.
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG does not speculate aggressively enough on comparisons
- https://bugs.webkit.org/show_bug.cgi?id=68138
-
- Reviewed by Oliver Hunt.
-
- This is a 75% speed-up on Kraken/ai-astar. It's a 1% win on
- V8 and an 8.5% win on Kraken. Neutral on SunSpider.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- (JSC::DFG::SpeculativeJIT::compileObjectEquality):
- (JSC::DFG::SpeculativeJIT::compare):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not leverage integer speculations on branches
- https://bugs.webkit.org/show_bug.cgi?id=68140
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isStrictInt32):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-14 Gavin Barraclough <barraclough@apple.com>
-
- [n]stricteq code is bogus in JSValue32_64 JIT
- https://bugs.webkit.org/show_bug.cgi?id=68141
-
- Reviewed by Sam Weinig.
-
- The code tries to check for both ints or cells, but this check also
- catches cases where values that are undefined, null, etc (probably
- was incorrectly assuming cell was the 2nd highest tag?).
-
- Also, there is no need not to handle int on the fast path.
- stricteq is just a case of comparing the payloads, if we:
- * handle cases of differing tags on a slow path
- * handle doubles a slow path
- * handle both-are-string on a slow path
-
+ (JSC::JIT::emit_op_get_argument_by_val):
* jit/JITOpcodes32_64.cpp:
- (JSC::JIT::compileOpStrictEq):
- (JSC::JIT::emitSlow_op_stricteq):
- (JSC::JIT::emitSlow_op_nstricteq):
-
-2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Make JSCell::toBoolean non-virtual
- https://bugs.webkit.org/show_bug.cgi?id=67727
-
- Reviewed by Sam Weinig.
-
- JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
- before it was simply virtual and would crash if its implementation was called).
- Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
- explicitly covers all cases of toBoolean, so having a virtual implementation of
- JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSNotAnObject.cpp:
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.h:
- * runtime/JSString.h:
- (JSC::JSCell::toBoolean):
- (JSC::JSValue::toBoolean):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
-
-2011-09-14 Alexis Menard <alexis.menard@openbossa.org>
-
- [Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore.
- https://bugs.webkit.org/show_bug.cgi?id=68114
-
- Reviewed by Kenneth Rohde Christiansen.
-
- Use the new GCC_X variables defined in WebKit.pri to replace
- the usage of QT_GCC_X.
-
- * JavaScriptCore.pro:
-
-2011-09-14 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r95145.
- http://trac.webkit.org/changeset/95145
- https://bugs.webkit.org/show_bug.cgi?id=68139
-
- The GTK+ build is working now, so revert this trial build fix.
- (Requested by mrobinson on #webkit).
-
- * GNUmakefile.list.am:
-
-2011-09-14 Patrick Gansterer <paroga@webkit.org>
-
- Port MachineStackMarker to Windows ARM and MIPS
- https://bugs.webkit.org/show_bug.cgi?id=68068
-
- Reviewed by Geoffrey Garen.
-
- Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS).
- Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for
- CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for
- CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS).
-
- * heap/MachineStackMarker.cpp:
- (JSC::getPlatformThreadRegisters):
- (JSC::otherThreadStackPointer):
-
-2011-09-12 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT always speculates that ValueAdd is a numeric addition
- https://bugs.webkit.org/show_bug.cgi?id=67956
-
- Reviewed by Geoffrey Garen.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
-
-2011-09-14 Anders Carlsson <andersca@apple.com>
-
- Stop building BinarySemaphore to see if that's what's breaking the GTK+ build.
-
- * GNUmakefile.list.am:
-
-2011-09-14 Anders Carlsson <andersca@apple.com>
-
- This is getting old. Yet another build fix attempt.
-
- * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-
-2011-09-14 Anders Carlsson <andersca@apple.com>
-
- Yet another build fix attempt.
-
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-
-2011-09-14 Anders Carlsson <andersca@apple.com>
-
- How I &quot;love&quot; Visual Studio...
-
- Try to fix build again.
-
- * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-
-2011-09-14 Anders Carlsson <andersca@apple.com>
-
- Try to fix Windows build.
-
- * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-
-2011-09-14 Anders Carlsson <andersca@apple.com>
-
- Add BinarySemaphore class from WebKit2 to WTF
- https://bugs.webkit.org/show_bug.cgi?id=68132
-
- Reviewed by Sam Weinig.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- Update build systems.
-
- * wtf/threads: Added.
- * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp.
- * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h.
- * wtf/threads/win: Added.
- * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp.
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for Interpreter.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
-
-2011-09-14 Anders Carlsson <andersca@apple.com>
-
- Add wtf/threads and wtf/threads/win, so we can be sure that the EWS
- bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132
-
- Rubber-stamped by Sam Weinig.
-
- * wtf/threads: Added.
- * wtf/threads/win: Added.
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT should not speculate integer if the value is always going to be
- used as a double anyway
- https://bugs.webkit.org/show_bug.cgi?id=68127
-
- Reviewed by Oliver Hunt.
-
- Added a ValueToDouble node, which is a variant of ValueToNumber that
- hints that it will only be used as a double and never as an integer.
- Thus, it turns off integer speculation even if the value profiler
- told us that the value source is an int. The logic for converting a
- ValueToNumber into a ValueToDouble is found in Propagator.
-
- This appears to be a 22% speed-up in imaging-darkroom.
-
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::toDouble):
- (JSC::DFG::Propagator::fixupNode):
- (JSC::DFG::Propagator::fixup):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- Tiered compilation heuristics do not account for value profile fullness
- https://bugs.webkit.org/show_bug.cgi?id=68116
-
- Reviewed by Oliver Hunt.
-
- Tiered compilation avoids invoking the DFG JIT if it finds that value
- profiles contain insufficient information. Instead, it produces a
- prediction from the current value profile, and then clears the value
- profile. This allows the value profile to heat up from scratch for
- some number of additional executions. The new profiles will then be
- merged with the previous prediction. Once the amount of information
- in predictions is enough according to heuristics in CodeBlock.cpp,
- DFG optimization is allowed to proceed.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::~CodeBlock):
- (JSC::CodeBlock::visitAggregate):
- (JSC::CodeBlock::visitWeakReferences):
- (JSC::CodeBlock::shouldOptimizeNow):
- (JSC::CodeBlock::dumpValueProfiles):
- * bytecode/CodeBlock.h:
- * bytecode/PredictedType.cpp:
- (JSC::predictionToString):
- * bytecode/PredictedType.h:
- * bytecode/ValueProfile.cpp: Added.
- (JSC::ValueProfile::computeStatistics):
- (JSC::ValueProfile::computeUpdatedPrediction):
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::ValueProfile):
- (JSC::ValueProfile::classInfo):
- (JSC::ValueProfile::numberOfSamples):
- (JSC::ValueProfile::totalNumberOfSamples):
- (JSC::ValueProfile::isLive):
- (JSC::ValueProfile::numberOfInt32s):
- (JSC::ValueProfile::numberOfDoubles):
- (JSC::ValueProfile::numberOfBooleans):
- (JSC::ValueProfile::dump):
- (JSC::getValueProfileBytecodeOffset):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::stronglyPredict):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG should not speculate that the child of LogicalNot is a boolean if
- predictions tell us otherwise
- https://bugs.webkit.org/show_bug.cgi?id=68118
-
- Reviewed by Geoffrey Garen.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-14 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix. Turn off tiered compilation.
-
- * wtf/Platform.h:
-
-2011-09-13 Filip Pizlo <fpizlo@apple.com>
-
- Prediction tracking is not precise enough
- https://bugs.webkit.org/show_bug.cgi?id=67993
-
- Reviewed by Oliver Hunt.
-
- Added a richer set of type predictions, including JSFinalObject, JSString,
- object that is not a JSFinalObject or JSArray (ObjectOther), some object
- but we don't or care know what kind (SomeObject), definitely an object,
- cell that is not an object or JSString, an value that is none of the above
- (so either Undefined or Null). Made the propagator and value profiler work
- with the new types.
-
- Performance is neutral, because the DFG JIT does not take advantage of this
- new knowledge yet.
-
- In the process of writing predictionToString() (which is now considerably
- more complex) I decided to finally add a BoundsCheckedPointer, which
- should come in handy in other places, like at least the OSR scratch buffer
- and the CompactJITCodeMap. It's great for cases where you want to
- do pointer arithmetic, you want to have assertions about the
- pointer not going out of bounds, but you don't want to write those
- assertions yourself.
-
- This also required refactoring inherits(), since the ValueProfiler may
- want to do the equivalent of inherits() but given two ClassInfo's.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/PredictedType.cpp: Added.
- (JSC::predictionToString):
- (JSC::makePrediction):
- (JSC::predictionFromValue):
- * bytecode/PredictedType.h:
- (JSC::isCellPrediction):
- (JSC::isObjectPrediction):
- (JSC::isFinalObjectPrediction):
- (JSC::isStringPrediction):
- (JSC::mergePredictions):
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::numberOfObjects):
- (JSC::ValueProfile::numberOfFinalObjects):
- (JSC::ValueProfile::numberOfStrings):
- (JSC::ValueProfile::probabilityOfObject):
- (JSC::ValueProfile::probabilityOfFinalObject):
- (JSC::ValueProfile::probabilityOfString):
- (JSC::ValueProfile::dump):
- (JSC::ValueProfile::Statistics::Statistics):
- (JSC::ValueProfile::computeStatistics):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::stronglyPredict):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::predict):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::propagateNode):
- * runtime/ClassInfo.h:
- (JSC::ClassInfo::isSubClassOf):
- * runtime/JSObject.h:
- (JSC::JSCell::inherits):
- * wtf/BoundsCheckedPointer.h: Added.
- (WTF::BoundsCheckedPointer::BoundsCheckedPointer):
- (WTF::BoundsCheckedPointer::operator=):
- (WTF::BoundsCheckedPointer::operator+=):
- (WTF::BoundsCheckedPointer::operator-=):
- (WTF::BoundsCheckedPointer::operator+):
- (WTF::BoundsCheckedPointer::operator-):
- (WTF::BoundsCheckedPointer::operator++):
- (WTF::BoundsCheckedPointer::operator--):
- (WTF::BoundsCheckedPointer::operator<):
- (WTF::BoundsCheckedPointer::operator<=):
- (WTF::BoundsCheckedPointer::operator>):
- (WTF::BoundsCheckedPointer::operator>=):
- (WTF::BoundsCheckedPointer::operator==):
- (WTF::BoundsCheckedPointer::operator!=):
- (WTF::BoundsCheckedPointer::operator!):
- (WTF::BoundsCheckedPointer::get):
- (WTF::BoundsCheckedPointer::operator*):
- (WTF::BoundsCheckedPointer::operator[]):
- (WTF::BoundsCheckedPointer::strcat):
- (WTF::BoundsCheckedPointer::validate):
- * wtf/CMakeLists.txt:
-
-2011-09-14 Csaba Osztrogonác <ossy@webkit.org>
-
- [Qt] Win32 builds with threads turned off
- https://bugs.webkit.org/show_bug.cgi?id=67864
-
- Reviewed by Geoffrey Garen.
-
- * JavaScriptCore.pri: Link pthread library on Windows platform.
- * wtf/Platform.h: Enable multiple threads.
-
-2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (6/7)
- https://bugs.webkit.org/show_bug.cgi?id=67692
-
- Reviewed by Geoffrey Garen.
-
- Completed the sixth level of the refactoring to add finishCreation()
- methods to all classes within the JSCell hierarchy with non-trivial
- constructor bodies.
-
- This primarily consists of pushing the calls to finishCreation() down
- into the constructors of the subclasses of the fifth level of the hierarchy
- as well as pulling the finishCreation() calls out into the class's corresponding
- create() method if it has one. Doing both simultaneously allows us to
- maintain the invariant that the finishCreation() method chain is called exactly
- once during the creation of an object, since calling it any other number of
- times (0, 2, or more) will cause an assertion failure.
-
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::JSCallbackFunction):
- * API/JSCallbackFunction.h:
- (JSC::JSCallbackFunction::create):
- * jsc.cpp:
- (GlobalObject::create):
- (GlobalObject::GlobalObject):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- * runtime/ArrayConstructor.h:
- (JSC::ArrayConstructor::create):
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::BooleanConstructor):
- * runtime/BooleanConstructor.h:
- (JSC::BooleanConstructor::create):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- * runtime/BooleanPrototype.h:
- (JSC::BooleanPrototype::create):
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- * runtime/DateConstructor.h:
- (JSC::DateConstructor::create):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::DatePrototype):
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::create):
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- (JSC::StrictModeTypeErrorFunction::create):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::ErrorConstructor):
- * runtime/ErrorConstructor.h:
- (JSC::ErrorConstructor::create):
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::FunctionConstructor):
- * runtime/FunctionConstructor.h:
- (JSC::FunctionConstructor::create):
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::FunctionPrototype):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::create):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::create):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- (JSC::NativeErrorPrototype::finishCreation):
- * runtime/NativeErrorPrototype.h:
- (JSC::NativeErrorPrototype::create):
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::NumberConstructor):
- * runtime/NumberConstructor.h:
- (JSC::NumberConstructor::create):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::create):
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::ObjectConstructor):
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::create):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::RegExpConstructor):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::create):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- * runtime/RegExpPrototype.h:
- (JSC::RegExpPrototype::create):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- * runtime/StringConstructor.h:
- (JSC::StringConstructor::create):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::create):
- (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::create):
-
-2011-09-13 Eric Seidel <eric@webkit.org>
-
- Remove ENABLE_SVG_USE as <use> is required by HTML5
- https://bugs.webkit.org/show_bug.cgi?id=68019
-
- Reviewed by Ryosuke Niwa.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-14 Iain Merrick <husky@google.com>
-
- HashTraits.h should include template specialization for WTF::String
- https://bugs.webkit.org/show_bug.cgi?id=67851
-
- Ensure that the template specialization for HashTraits<String> is always
- picked up. (Previously it was possible to include HashSet and String but
- not the correct HashTraits, so you would get an inefficient template
- instantiation.)
-
- Reviewed by Darin Adler.
-
- * wtf/HashTraits.h:
- * wtf/text/StringHash.h:
-
-2011-09-13 Filip Pizlo <fpizlo@apple.com>
-
- SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should
- return false if either node can be double
- https://bugs.webkit.org/show_bug.cgi?id=67985
-
- Reviewed by Geoffrey Garen.
-
- This is a 17% speed-up on 3d-cube.
-
- This required allowing us to check if a constant is double but not
- integer, and making the shouldSpeculateInteger() check test for
- any hints of doubly-ness in its operands. This also required
- changing some terminology: previously "isDouble" often meant
- "isDouble or isInt32". Now "isDouble" means exactly what the name
- suggests, and "isNumber" means "isDouble or isInt32".
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::toNumber):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::isJSFormat):
- (JSC::DFG::isJSInteger):
- (JSC::DFG::isJSDouble):
- (JSC::DFG::isJSCell):
- (JSC::DFG::isJSBoolean):
- (JSC::DFG::GenerationInfo::isJSFormat):
- (JSC::DFG::GenerationInfo::isJSInteger):
- (JSC::DFG::GenerationInfo::isJSDouble):
- (JSC::DFG::GenerationInfo::isJSCell):
- (JSC::DFG::GenerationInfo::isJSBoolean):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::isNumberConstant):
- (JSC::DFG::Graph::valueOfNumberConstant):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::isKnownInteger):
- (JSC::DFG::JITCodeGenerator::isKnownNumeric):
- (JSC::DFG::JITCodeGenerator::isKnownCell):
- (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
- (JSC::DFG::JITCodeGenerator::isKnownBoolean):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::JITCodeGenerator::isNumberConstant):
- (JSC::DFG::JITCodeGenerator::valueOfNumberConstant):
- (JSC::DFG::JITCodeGenerator::initConstantInfo):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::fillToJS):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::isNumberConstant):
- (JSC::DFG::JITCompiler::valueOfNumberConstant):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::isDoubleConstant):
- (JSC::DFG::Node::isNumberConstant):
- (JSC::DFG::Node::valueOfNumberConstant):
- (JSC::DFG::Node::hasNumberResult):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isInteger):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-
-2011-09-13 Anders Carlsson <andersca@apple.com>
-
- Disable C++ exceptions when building with clang
- https://bugs.webkit.org/show_bug.cgi?id=68031
- <rdar://problem/9556880>
-
- Reviewed by Mark Rowe.
-
- * Configurations/Base.xcconfig:
-
-2011-09-13 Eric Seidel <eric@webkit.org>
-
- Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5
- https://bugs.webkit.org/show_bug.cgi?id=68018
-
- Reviewed by Ryosuke Niwa.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-09-13 Sam Weinig <sam@webkit.org>
-
- Object.getPrototypeOf should use JSValue::get()
- https://bugs.webkit.org/show_bug.cgi?id=67973
-
- Reviewed by Darin Adler.
-
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorGetPrototypeOf):
- Pipe through JSValue::get() to allow overrides.
+ (JSC::JIT::emit_op_get_argument_by_val):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
-2011-09-12 Filip Pizlo <fpizlo@apple.com>
+2012-05-07 Filip Pizlo <fpizlo@apple.com>
- JavaScriptCore does not have baseline->speculative OSR
- https://bugs.webkit.org/show_bug.cgi?id=67920
+ DFG should support op_tear_off_arguments
+ https://bugs.webkit.org/show_bug.cgi?id=85847
- Reviewed by Oliver Hunt.
-
- This adds the ability to on-stack-replace (OSR) from code that is
- running hot in the old JIT to code compiled by the new JIT. This
- ensures that long-running loops benefit from DFG optimization.
- It also ensures that if code experiences a speculation failure
- in DFG code, it has an opportunity to reenter the DFG once every
- 1,000 loop iterations or so.
+ Reviewed by Michael Saboff.
- This results in a 2.88x speed-up on Kraken/imaging-desaturate,
- and is a pure win on the main three benchmark suites (SunSpider,
- V8, Kraken), when tiered compilation is enabled.
+ Merged r116378 from dfgopt.
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::CodeBlock):
- (JSC::ProgramCodeBlock::compileOptimized):
- (JSC::EvalCodeBlock::compileOptimized):
- (JSC::FunctionCodeBlock::compileOptimized):
- * bytecode/CodeBlock.h:
- * bytecode/Opcode.h:
- * bytecode/PredictedType.h: Added.
- (JSC::isCellPrediction):
- (JSC::isArrayPrediction):
- (JSC::isInt32Prediction):
- (JSC::isDoublePrediction):
- (JSC::isNumberPrediction):
- (JSC::isBooleanPrediction):
- (JSC::isStrongPrediction):
- (JSC::predictionToString):
- (JSC::mergePredictions):
- (JSC::mergePrediction):
- (JSC::makePrediction):
- * bytecode/PredictionTracker.h: Added.
- (JSC::operandIsArgument):
- (JSC::PredictionSlot::PredictionSlot):
- (JSC::PredictionTracker::PredictionTracker):
- (JSC::PredictionTracker::initializeSimilarTo):
- (JSC::PredictionTracker::copyLocalsFrom):
- (JSC::PredictionTracker::numberOfArguments):
- (JSC::PredictionTracker::numberOfVariables):
- (JSC::PredictionTracker::argumentOffsetForOperand):
- (JSC::PredictionTracker::predictArgument):
- (JSC::PredictionTracker::predict):
- (JSC::PredictionTracker::predictGlobalVar):
- (JSC::PredictionTracker::getArgumentPrediction):
- (JSC::PredictionTracker::getPrediction):
- (JSC::PredictionTracker::getGlobalVarPrediction):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitLoopHint):
- * bytecompiler/BytecodeGenerator.h:
- * bytecompiler/NodesCodegen.cpp:
- (JSC::DoWhileNode::emitBytecode):
- (JSC::WhileNode::emitBytecode):
- (JSC::ForNode::emitBytecode):
- (JSC::ForInNode::emitBytecode):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
- * dfg/DFGDriver.cpp:
- (JSC::DFG::compile):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::BasicBlock::BasicBlock):
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::getPrediction):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::noticeOSREntry):
- * dfg/DFGNode.h:
- * dfg/DFGOSREntry.cpp: Added.
- (JSC::DFG::predictionIsValid):
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGOSREntry.h: Added.
- (JSC::DFG::prepareOSREntry):
- * dfg/DFGPredictionTracker.h: Removed.
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::mergeUse):
- (JSC::DFG::Propagator::mergePrediction):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/CompactJITCodeMap.h:
- (JSC::CompactJITCodeMap::numberOfEntries):
- (JSC::CompactJITCodeMap::decode):
- (JSC::CompactJITCodeMap::Decoder::Decoder):
- (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining):
- (JSC::CompactJITCodeMap::Decoder::read):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
- (JSC::JIT::emitTimeoutCheck):
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- (JSC::JIT::emit_op_loop_hint):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-09-12 Sam Weinig <sam@webkit.org>
-
- Don't allow setting __proto__ to be a getter or setter
- https://bugs.webkit.org/show_bug.cgi?id=67982
-
- Reviewed by Gavin Barraclough.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::defineSetter):
- Disallow setting a getter or setter on __proto__.
-
-2011-09-12 James Robinson <jamesr@chromium.org>
-
- Unreviewed build fix for chromium.
-
- Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which
- is currently only compiled in by ports that use JavaScriptCore. This code is currently unreachable in builds so
- no change in functionality.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::CharAccess::CharAccess):
-
-2011-09-09 Filip Pizlo <fpizlo@apple.com>
-
- JavaScriptCore does not have speculative->baseline OSR
- https://bugs.webkit.org/show_bug.cgi?id=67826
-
- Reviewed by Oliver Hunt.
-
- This adds the ability to bail out of DFG speculative JIT execution by
- performing an on-stack replacement (OSR) that results in the control
- flow going to the equivalent code generated by the old JIT.
-
- This required a number of new features, as well as taking advantage of
- some features that happened to already be present:
-
- We already had a policy of storing the bytecode index for which a DFG
- node was generated inside the DFG::Node class. This was previously
- called exceptionInfo. It's now renamed to codeOrigin to reflect that
- it's used for more than just excpetions. OSR uses this to figure out
- which bytecode index to use to look up the machine code location in
- the code generated by the old JIT that we should be jumping to.
-
- CodeBlock now stores a mapping between bytecode indices and machine
- code offsets for code generated by the old JIT. This is implemented
- by CompactJITCodeMap, which tries to compress this data a bit. The
- OSR compiler decodes this and uses it to find the machine code
- locations it should be jumping to.
-
- We already had a mechanism that emitted SetLocal nodes in the DFG graph
- that told us the time at which the old JIT would have stored something
- into its register file, and the DFG::Node that corresponds to the value
- that it would have stored. These SetLocal's were mostly dead-code-
- eliminated, but our DCE leaves the nodes intact except for making them
- have 0 as the ref count. This allows the OSR compiler to construct a
- mapping between the state as it would have been seen by the old JIT
- and the state as the DFG JIT sees it. The OSR compiler uses this to
- generate code that reshapes the call frame so that it is like what the
- old JIT would expect.
-
- Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION)
- we no longer emit the non-speculative path.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::currentCodeOrigin):
- (JSC::DFG::ByteCodeParser::addToGraph):
- * dfg/DFGGPRInfo.h:
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::alive):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
- (JSC::DFG::JITCompiler::linkOSRExits):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::CallRecord::CallRecord):
- (JSC::DFG::JITCompiler::notifyCall):
- (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
- (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
- (JSC::DFG::JITCompiler::addJSCall):
- (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
- * dfg/DFGNode.h:
- (JSC::DFG::CodeOrigin::CodeOrigin):
- (JSC::DFG::CodeOrigin::isSet):
- (JSC::DFG::CodeOrigin::bytecodeIndex):
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::child1Unchecked):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::ValueSource::dump):
- (JSC::DFG::ValueRecovery::dump):
- (JSC::DFG::OSRExit::OSRExit):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::compileMovHint):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::ValueSource::ValueSource):
- (JSC::DFG::ValueSource::isSet):
- (JSC::DFG::ValueSource::nodeIndex):
- (JSC::DFG::ValueRecovery::ValueRecovery):
- (JSC::DFG::ValueRecovery::alreadyInRegisterFile):
- (JSC::DFG::ValueRecovery::inGPR):
- (JSC::DFG::ValueRecovery::inFPR):
- (JSC::DFG::ValueRecovery::displacedInRegisterFile):
- (JSC::DFG::ValueRecovery::constant):
- (JSC::DFG::ValueRecovery::technique):
- (JSC::DFG::ValueRecovery::gpr):
- (JSC::DFG::ValueRecovery::fpr):
- (JSC::DFG::ValueRecovery::virtualRegister):
- (JSC::DFG::OSRExit::numberOfRecoveries):
- (JSC::DFG::OSRExit::valueRecovery):
- (JSC::DFG::OSRExit::isArgument):
- (JSC::DFG::OSRExit::argumentForIndex):
- (JSC::DFG::OSRExit::variableForIndex):
- (JSC::DFG::OSRExit::operandForIndex):
- (JSC::DFG::SpeculativeJIT::osrExits):
- (JSC::DFG::SpeculativeJIT::speculationCheck):
- (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
- (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
- (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
- (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
- (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- * jit/CompactJITCodeMap.h: Added.
- (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset):
- (JSC::BytecodeAndMachineOffset::getBytecodeIndex):
- (JSC::BytecodeAndMachineOffset::getMachineCodeOffset):
- (JSC::CompactJITCodeMap::~CompactJITCodeMap):
- (JSC::CompactJITCodeMap::decode):
- (JSC::CompactJITCodeMap::CompactJITCodeMap):
- (JSC::CompactJITCodeMap::at):
- (JSC::CompactJITCodeMap::decodeNumber):
- (JSC::CompactJITCodeMap::Encoder::Encoder):
- (JSC::CompactJITCodeMap::Encoder::~Encoder):
- (JSC::CompactJITCodeMap::Encoder::append):
- (JSC::CompactJITCodeMap::Encoder::finish):
- (JSC::CompactJITCodeMap::Encoder::appendByte):
- (JSC::CompactJITCodeMap::Encoder::encodeNumber):
- (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::osrScratchBufferForSize):
- * runtime/JSValue.cpp:
- (JSC::JSValue::description):
-
-2011-09-12 Geoffrey Garen <ggaren@apple.com>
-
- Re-enabled ENABLE(LAZY_BLOCK_FREEING).
-
- Reviewed by Stephanie Lewis.
-
- I accidentally disabled this in r94890, causing a big performance regression.
-
- * wtf/Platform.h:
-
-2011-09-12 Michael Saboff <msaboff@apple.com>
-
- Broken Build for ARM - lshift32() needs TrustedImm32 arg
- https://bugs.webkit.org/show_bug.cgi?id=67965
-
- Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1);
-
- Reviewed by Anders Carlsson.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::branch16):
-
-2011-09-12 Michael Saboff <msaboff@apple.com>
-
- Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h
- https://bugs.webkit.org/show_bug.cgi?id=67961
-
- Added missing semicolon.
-
- Reviewed by Ryosuke Niwa.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::branch16):
-
-2011-09-12 Michael Saboff <msaboff@apple.com>
-
- Update RegExp and related classes to use 8 bit strings when available
- https://bugs.webkit.org/show_bug.cgi?id=67337
-
- Modified both the Yarr interpreter and JIT to handle 8 bit subject strings.
- The code paths are triggered by the UString::is8bit() method which currently
- returns false. Implemented JIT changes for all current architectures.
- Tested X86_64 and ARM v7.
-
- This includes some code that will likely change as we complete the
- 8 bit string changes. This includes the way the raw buffer pointers
- are accessed as well as replacing the CharAccess class with a
- string interator returned from UString.
-
- Fixed build breakage in testRegExp.cpp due to globalObject construction
- changes.
-
- Reviewed by Gavin Barraclough.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * testRegExp.cpp:
- (GlobalObject::finishCreation):
- (GlobalObject::GlobalObject):
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::baseIndexTransfer32):
- * assembler/ARMAssembler.h:
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::ubfx):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::load8):
- (JSC::MacroAssemblerARM::branch8):
- (JSC::MacroAssemblerARM::branch16):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::load8):
- (JSC::MacroAssemblerARMv7::branch16):
- (JSC::MacroAssemblerARMv7::branch8):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::load8):
- (JSC::MacroAssemblerMIPS::branch8):
- (JSC::MacroAssemblerMIPS::branch16):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::load8):
- (JSC::MacroAssemblerSH4::branch8):
- (JSC::MacroAssemblerSH4::branch16):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::load8):
- (JSC::MacroAssemblerX86Common::branch16):
- (JSC::MacroAssemblerX86Common::branch8):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::extub):
- (JSC::SH4Assembler::printInstr):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::cmpw_ir):
- (JSC::X86Assembler::movzbl_mr):
- * runtime/RegExp.cpp:
- (JSC::RegExp::compile):
- (JSC::RegExp::compileIfNecessary):
- (JSC::RegExp::match):
- (JSC::RegExp::matchCompareWithInterpreter):
- * runtime/RegExp.h:
- * runtime/UString.h:
- (JSC::UString::is8Bit):
- * yarr/Yarr.h:
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::CharAccess::CharAccess):
- (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
- (JSC::Yarr::Interpreter::CharAccess::operator[]):
- (JSC::Yarr::Interpreter::InputStream::InputStream):
- (JSC::Yarr::Interpreter::Interpreter):
- (JSC::Yarr::interpret):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
- (JSC::Yarr::YarrGenerator::readCharacter):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
- (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
- (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
- (JSC::Yarr::YarrGenerator::YarrGenerator):
- (JSC::Yarr::YarrGenerator::compile):
- (JSC::Yarr::jitCompile):
- (JSC::Yarr::execute):
- * yarr/YarrJIT.h:
- (JSC::Yarr::YarrCodeBlock::has8BitCode):
- (JSC::Yarr::YarrCodeBlock::has16BitCode):
- (JSC::Yarr::YarrCodeBlock::set8BitCode):
- (JSC::Yarr::YarrCodeBlock::set16BitCode):
- (JSC::Yarr::YarrCodeBlock::execute):
- * yarr/YarrParser.h:
- (JSC::Yarr::Parser::Parser):
-
-2011-09-12 Andras Becsi <andras.becsi@nokia.com>
-
- [Qt] Build fails after r94920 with strict compiler
- https://bugs.webkit.org/show_bug.cgi?id=67928
-
- Reviewed by Csaba Osztrogonác.
-
- * wtf/RedBlackTree.h:
- (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot.
-
-2011-09-12 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed build fix after r94871.
-
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- * wtf/FastMalloc.cpp:
- * wtf/RefCountedLeakCounter.h:
-
-2011-09-11 Filip Pizlo <fpizlo@apple.com>
-
- DFGNode.h has macros that indicate the enabling of a feature, but
- they do not use the ENABLE() idiom.
- https://bugs.webkit.org/show_bug.cgi?id=67907
-
- Reviewed by Oliver Hunt.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::stronglyPredict):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGJITCodeGenerator.cpp:
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillInt32ToInteger):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::propagateNode):
- (JSC::DFG::Propagator::propagateForward):
- (JSC::DFG::Propagator::propagateBackward):
- (JSC::DFG::propagate):
- * dfg/DFGScoreBoard.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
-
-2011-09-11 Fumitoshi Ukai <ukai@chromium.org>
-
- Unreviewed build fix for chromium/mac & clang.
-
- Fix the macro redefinition error by r94927, because chromium set
- ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
- it is not PLATFORM(QT).
- ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
- #define ENABLE_JSC_MULTIPLE_THREADS 1
- <command line>:43:9: note: previous definition is here
- #define ENABLE_JSC_MULTIPLE_THREADS 0
- 1 error generated.
-
- * wtf/Platform.h:
-
-2011-09-11 Sam Weinig <sam@webkit.org>
-
- Remove JSCell::isPropertyNameIterator(), it is unused
- https://bugs.webkit.org/show_bug.cgi?id=67911
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSCell.h:
- * runtime/JSPropertyNameIterator.h:
-
-2011-09-11 Sam Weinig <sam@webkit.org>
-
- De-virtualize JSCell::isAPIValueWrapper
- https://bugs.webkit.org/show_bug.cgi?id=67909
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- Set the correct type on structure creation.
-
- * runtime/JSCell.h:
- Remove virtual keyword and default implementation.
-
- * runtime/JSType.h:
- Add type for APIValueWrapper. It must come after CompoundType since
- the APIValueWrapper has children in need of marking.
-
- * runtime/Structure.h:
- (JSC::JSCell::isAPIValueWrapper):
- Implement predicate using type info.
-
-2011-09-10 Sam Weinig <sam@webkit.org>
-
- De-virtualize JSCell::isGetterSetter, type information is available for it
- https://bugs.webkit.org/show_bug.cgi?id=67902
-
- Reviewed by Dan Bernstein.
-
- * runtime/GetterSetter.cpp:
- * runtime/GetterSetter.h:
- Remove override of isGetterSetter.
-
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- De-virtualize and remove silly base implementation.
-
- * runtime/Structure.h:
- (JSC::JSCell::isGetterSetter):
- Use type info to determine getter-setter-hood.
-
-2011-09-09 Oliver Hunt <oliver@apple.com>
-
- Remove support for anonymous storage from jsobjects
- https://bugs.webkit.org/show_bug.cgi?id=67881
-
- Reviewed by Sam Weinig.
-
- Remove all use of anonymous slots, essentially a mechanical change
- in JavaScriptCore
-
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::createStructure):
- * API/JSCallbackFunction.h:
- (JSC::JSCallbackFunction::createStructure):
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::createStructure):
- * JavaScriptCore.exp:
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::createStructure):
- * heap/MarkStack.cpp:
- (JSC::MarkStack::validateValue):
- * heap/MarkStack.h:
- * runtime/Arguments.h:
- (JSC::Arguments::createStructure):
- * runtime/ArrayConstructor.h:
- (JSC::ArrayConstructor::createStructure):
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::finishCreation):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::createStructure):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::createStructure):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- * runtime/BooleanPrototype.h:
- (JSC::BooleanPrototype::createStructure):
- * runtime/DateConstructor.h:
- (JSC::DateConstructor::createStructure):
- * runtime/DateInstance.h:
- (JSC::DateInstance::createStructure):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::DatePrototype):
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::createStructure):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::createStructure):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::finishCreation):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::createStructure):
- * runtime/ExceptionHelpers.h:
- (JSC::InterruptedExecutionError::createStructure):
- (JSC::TerminatedExecutionError::createStructure):
- * runtime/Executable.h:
- (JSC::ExecutableBase::createStructure):
- (JSC::NativeExecutable::createStructure):
- (JSC::EvalExecutable::createStructure):
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::createStructure):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::createStructure):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::createStructure):
- * runtime/InternalFunction.h:
- (JSC::InternalFunction::createStructure):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- * runtime/JSActivation.h:
- (JSC::JSActivation::createStructure):
- * runtime/JSArray.h:
- (JSC::JSArray::createStructure):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::createStructure):
- * runtime/JSCell.h:
- * runtime/JSFunction.h:
- (JSC::JSFunction::createStructure):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::finishCreation):
- (JSC::JSGlobalObject::createStructure):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::createStructure):
- * runtime/JSONObject.h:
- (JSC::JSONObject::createStructure):
- * runtime/JSObject.h:
- (JSC::JSObject::createStructure):
- (JSC::JSNonFinalObject::createStructure):
- (JSC::JSFinalObject::createStructure):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::create):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::createStructure):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::createStructure):
- * runtime/JSString.h:
- (JSC::RopeBuilder::createStructure):
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::createStructure):
- * runtime/JSWrapperObject.h:
- (JSC::JSWrapperObject::createStructure):
- * runtime/MathObject.h:
- (JSC::MathObject::createStructure):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::createStructure):
- * runtime/NumberConstructor.h:
- (JSC::NumberConstructor::createStructure):
- * runtime/NumberObject.h:
- (JSC::NumberObject::createStructure):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::createStructure):
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::createStructure):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::finishCreation):
- * runtime/ObjectPrototype.h:
- (JSC::ObjectPrototype::createStructure):
- * runtime/RegExp.h:
- (JSC::RegExp::createStructure):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::createStructure):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::createStructure):
- * runtime/RegExpPrototype.h:
- (JSC::RegExpPrototype::createStructure):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::createStructure):
- * runtime/StrictEvalActivation.h:
- (JSC::StrictEvalActivation::createStructure):
- * runtime/StringConstructor.h:
- (JSC::StringConstructor::createStructure):
- * runtime/StringObject.h:
- (JSC::StringObject::createStructure):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::createStructure):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::materializePropertyMap):
- (JSC::Structure::addPropertyTransitionToExistingStructure):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::removePropertyTransition):
- (JSC::Structure::changePrototypeTransition):
- (JSC::Structure::despecifyFunctionTransition):
- (JSC::Structure::getterSetterTransition):
- (JSC::Structure::toDictionaryTransition):
- (JSC::Structure::preventExtensionsTransition):
- (JSC::Structure::flattenDictionaryStructure):
- (JSC::Structure::addPropertyWithoutTransition):
- (JSC::Structure::removePropertyWithoutTransition):
- (JSC::Structure::get):
- (JSC::Structure::putSpecificValue):
- (JSC::Structure::remove):
- (JSC::Structure::checkConsistency):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::Structure::propertyStorageSize):
- (JSC::Structure::get):
- * runtime/StructureChain.h:
- (JSC::StructureChain::createStructure):
-
-2011-09-11 Jarred Nicholls <jarred@sencha.com>
-
- [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
- https://bugs.webkit.org/show_bug.cgi?id=67864
-
- Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
-
- Reviewed by Csaba Osztrogonác.
-
- * wtf/Platform.h:
-
-2011-09-11 Filip Pizlo <fpizlo@apple.com>
-
- ARM and MIPS assemblers still refer to executable pools.
- https://bugs.webkit.org/show_bug.cgi?id=67903
-
- Reviewed by Csaba Osztrogonác.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::executableCopy):
- * assembler/ARMAssembler.h:
- * assembler/AssemblerBufferWithConstantPool.h:
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::executableCopy):
-
-2011-09-08 Filip Pizlo <fpizlo@apple.com>
-
- The executable allocator makes it difficult to free individual
- chunks of executable memory
- https://bugs.webkit.org/show_bug.cgi?id=66363
-
- Reviewed by Oliver Hunt.
-
- Introduced a best-fit, balanced-tree based allocator. The allocator
- required a balanced tree that does not allocate memory and that
- permits the removal of individual nodes directly (as opposed to by
- key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
- Changed all references to executable code to use a reference counted
- handle.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::executableCopy):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::LinkBuffer):
- (JSC::LinkBuffer::finalizeCode):
- (JSC::LinkBuffer::linkCode):
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
- (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
- (JSC::MacroAssemblerCodeRef::executableMemory):
- (JSC::MacroAssemblerCodeRef::code):
- (JSC::MacroAssemblerCodeRef::size):
- (JSC::MacroAssemblerCodeRef::operator!):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::executableCopy):
- (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
- * bytecode/CodeBlock.h:
- * bytecode/Instruction.h:
- * bytecode/StructureStubInfo.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compile):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::generateProtoChainAccessStub):
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryBuildGetByIDList):
- (JSC::DFG::tryBuildGetByIDProtoList):
- (JSC::DFG::tryCachePutByID):
- * jit/ExecutableAllocator.cpp:
- (JSC::ExecutableAllocator::initializeAllocator):
- (JSC::ExecutableAllocator::ExecutableAllocator):
- (JSC::ExecutableAllocator::allocate):
- (JSC::ExecutableAllocator::committedByteCount):
- (JSC::ExecutableAllocator::dumpProfile):
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::dumpProfile):
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::ExecutableAllocator::initializeAllocator):
- (JSC::ExecutableAllocator::ExecutableAllocator):
- (JSC::ExecutableAllocator::isValid):
- (JSC::ExecutableAllocator::underMemoryPressure):
- (JSC::ExecutableAllocator::allocate):
- (JSC::ExecutableAllocator::committedByteCount):
- (JSC::ExecutableAllocator::dumpProfile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JSC::JIT::compileCTIMachineTrampolines):
- (JSC::JIT::compileCTINativeCall):
- * jit/JITCode.h:
- (JSC::JITCode::operator !):
- (JSC::JITCode::addressForCall):
- (JSC::JITCode::offsetOf):
- (JSC::JITCode::execute):
- (JSC::JITCode::start):
- (JSC::JITCode::size):
- (JSC::JITCode::getExecutableMemory):
- (JSC::JITCode::HostFunction):
- (JSC::JITCode::JITCode):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::JITThunks):
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::getPolymorphicAccessStructureListSlot):
- (JSC::JITThunks::ctiStub):
- (JSC::JITThunks::hostFunctionStub):
- * jit/JITStubs.h:
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
- (JSC::SpecializedThunkJIT::finalize):
- * jit/ThunkGenerators.cpp:
- (JSC::charCodeAtThunkGenerator):
- (JSC::charAtThunkGenerator):
- (JSC::fromCharCodeThunkGenerator):
- (JSC::sqrtThunkGenerator):
- (JSC::floorThunkGenerator):
- (JSC::ceilThunkGenerator):
- (JSC::roundThunkGenerator):
- (JSC::expThunkGenerator):
- (JSC::logThunkGenerator):
- (JSC::absThunkGenerator):
- (JSC::powThunkGenerator):
- * jit/ThunkGenerators.h:
- * runtime/Executable.h:
- (JSC::NativeExecutable::create):
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::dumpSampleData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::getCTIStub):
- * wtf/CMakeLists.txt:
- * wtf/MetaAllocator.cpp: Added.
- (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
- (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
- (WTF::MetaAllocatorHandle::shrink):
- (WTF::MetaAllocator::MetaAllocator):
- (WTF::MetaAllocator::allocate):
- (WTF::MetaAllocator::currentStatistics):
- (WTF::MetaAllocator::findAndRemoveFreeSpace):
- (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
- (WTF::MetaAllocator::addFreshFreeSpace):
- (WTF::MetaAllocator::debugFreeSpaceSize):
- (WTF::MetaAllocator::addFreeSpace):
- (WTF::MetaAllocator::incrementPageOccupancy):
- (WTF::MetaAllocator::decrementPageOccupancy):
- (WTF::MetaAllocator::roundUp):
- (WTF::MetaAllocator::allocFreeSpaceNode):
- (WTF::MetaAllocator::freeFreeSpaceNode):
- (WTF::MetaAllocator::dumpProfile):
- * wtf/MetaAllocator.h: Added.
- (WTF::MetaAllocator::bytesAllocated):
- (WTF::MetaAllocator::bytesReserved):
- (WTF::MetaAllocator::bytesCommitted):
- (WTF::MetaAllocator::dumpProfile):
- (WTF::MetaAllocator::~MetaAllocator):
- * wtf/MetaAllocatorHandle.h: Added.
- * wtf/RedBlackTree.h: Added.
- (WTF::RedBlackTree::Node::Node):
- (WTF::RedBlackTree::Node::successor):
- (WTF::RedBlackTree::Node::predecessor):
- (WTF::RedBlackTree::Node::reset):
- (WTF::RedBlackTree::Node::parent):
- (WTF::RedBlackTree::Node::setParent):
- (WTF::RedBlackTree::Node::left):
- (WTF::RedBlackTree::Node::setLeft):
- (WTF::RedBlackTree::Node::right):
- (WTF::RedBlackTree::Node::setRight):
- (WTF::RedBlackTree::Node::color):
- (WTF::RedBlackTree::Node::setColor):
- (WTF::RedBlackTree::RedBlackTree):
- (WTF::RedBlackTree::insert):
- (WTF::RedBlackTree::remove):
- (WTF::RedBlackTree::findExact):
- (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
- (WTF::RedBlackTree::findGreatestLessThanOrEqual):
- (WTF::RedBlackTree::first):
- (WTF::RedBlackTree::last):
- (WTF::RedBlackTree::size):
- (WTF::RedBlackTree::isEmpty):
- (WTF::RedBlackTree::treeMinimum):
- (WTF::RedBlackTree::treeMaximum):
- (WTF::RedBlackTree::treeInsert):
- (WTF::RedBlackTree::leftRotate):
- (WTF::RedBlackTree::rightRotate):
- (WTF::RedBlackTree::removeFixup):
- * wtf/wtf.pri:
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::compile):
- * yarr/YarrJIT.h:
- (JSC::Yarr::YarrCodeBlock::execute):
- (JSC::Yarr::YarrCodeBlock::getAddr):
-
-2011-09-10 Sam Weinig <sam@webkit.org>
-
- Remove JSC::isZombie() function, it did nothing and was called by no-one.
- https://bugs.webkit.org/show_bug.cgi?id=67901
-
- Reviewed by Andy Estes.
-
- * JavaScriptCore.exp:
- * runtime/JSCell.cpp:
- * runtime/JSValue.h:
-
-2011-09-10 Sam Weinig <sam@webkit.org>
-
- Add isInterruptedExecutionException and isTerminatedExecutionException predicates
- https://bugs.webkit.org/show_bug.cgi?id=67892
-
- Reviewed by Andy "First Time Reviewer" Estes.
-
- * JavaScriptCore.exp:
- Add symbols.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
- Use new predicates.
-
- * runtime/ExceptionHelpers.cpp:
- (JSC::createInterruptedExecutionException):
- (JSC::isInterruptedExecutionException):
- (JSC::createTerminatedExecutionException):
- (JSC::isTerminatedExecutionException):
- * runtime/ExceptionHelpers.h:
- (JSC::InterruptedExecutionError::InterruptedExecutionError):
- Add predicates.
-
-2011-09-10 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT completely undoes speculative compilation even in the case of
- a partial static speculation failure
- https://bugs.webkit.org/show_bug.cgi?id=67798
-
- Reviewed by Geoffrey Garen.
-
- This is a regression with static speculation, so it is turned off by
- default. But it is a necessary prerequisite for further work on
- dynamic speculation.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2011-09-09 Chris Marrin <cmarrin@apple.com>
-
- requestAnimationFrame doesn't throttle on Mac
- https://bugs.webkit.org/show_bug.cgi?id=67171
-
- Reviewed by Simon Fraser.
-
- Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
- requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
- Currently only enabled for PLATFORM(MAC)
-
- * wtf/Platform.h:
-
-2011-09-09 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Dan Bernstein.
-
- Removed ENABLE(SINGLE_THREADED) support, since it is always false
- https://bugs.webkit.org/show_bug.cgi?id=67862
-
- Next step toward making the baseline platform assumption that threads exist.
-
- * wtf/wtf.pri:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
- ThreadingNone.cpp, which was only compiled in single-threaded mode.
-
- * wtf/Platform.h:
- * wtf/ThreadSpecific.h:
- (WTF::::destroy):
- * wtf/qt/ThreadingQt.cpp: Removed now-dead code.
-
- * wtf/ThreadingNone.cpp: Removed.
-
-2011-09-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (5/7)
- https://bugs.webkit.org/show_bug.cgi?id=67420
-
- Reviewed by Geoffrey Garen.
-
- Completed the fifth level of the refactoring to add finishCreation()
- methods to all classes within the JSCell hierarchy with non-trivial
- constructor bodies.
-
- This primarily consists of pushing the calls to finishCreation() down
- into the constructors of the subclasses of the second level of the hierarchy
- as well as pulling the finishCreation() calls out into the class's corresponding
- create() method if it has one. Doing both simultaneously allows us to
- maintain the invariant that the finishCreation() method chain is called exactly
- once during the creation of an object, since calling it any other number of
- times (0, 2, or more) will cause an assertion failure.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::JSCallbackConstructor):
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::create):
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::JSCallbackFunction):
- (JSC::JSCallbackFunction::finishCreation):
- * API/JSCallbackFunction.h:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::JSCallbackObject):
- (JSC::::finishCreation):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::create):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (GlobalObject::GlobalObject):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- (JSC::ArrayConstructor::finishCreation):
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::ArrayPrototype):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::create):
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::BooleanConstructor):
- (JSC::BooleanConstructor::finishCreation):
- * runtime/BooleanConstructor.h:
- * runtime/BooleanObject.cpp:
- (JSC::BooleanObject::BooleanObject):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::create):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- (JSC::BooleanPrototype::finishCreation):
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- (JSC::DateConstructor::finishCreation):
- * runtime/DateConstructor.h:
- * runtime/DateInstance.cpp:
- (JSC::DateInstance::DateInstance):
- * runtime/DateInstance.h:
- (JSC::DateInstance::create):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::DatePrototype):
- (JSC::DatePrototype::finishCreation):
- * runtime/DatePrototype.h:
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::ErrorConstructor):
- (JSC::ErrorConstructor::finishCreation):
- * runtime/ErrorConstructor.h:
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::create):
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::FunctionConstructor):
- (JSC::FunctionConstructor::finishCreation):
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::FunctionPrototype):
- (JSC::FunctionPrototype::finishCreation):
- * runtime/FunctionPrototype.h:
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::InternalFunction):
- * runtime/InternalFunction.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- * runtime/JSActivation.h:
- (JSC::JSActivation::create):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::create):
- (JSC::JSGlobalObject::JSGlobalObject):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::JSONObject):
- * runtime/JSONObject.h:
- (JSC::JSONObject::create):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::create):
- (JSC::JSStaticScopeObject::JSStaticScopeObject):
- * runtime/JSString.cpp:
- (JSC::StringObject::create):
- * runtime/MathObject.cpp:
- (JSC::MathObject::MathObject):
- * runtime/MathObject.h:
- (JSC::MathObject::create):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::finishCreation):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- (JSC::NativeErrorPrototype::finishCreation):
- * runtime/NativeErrorPrototype.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::NumberConstructor):
- (JSC::NumberConstructor::finishCreation):
- * runtime/NumberConstructor.h:
- * runtime/NumberObject.cpp:
- (JSC::NumberObject::NumberObject):
- * runtime/NumberObject.h:
- (JSC::NumberObject::create):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- (JSC::NumberPrototype::finishCreation):
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::ObjectConstructor):
- (JSC::ObjectConstructor::finishCreation):
- * runtime/ObjectConstructor.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::RegExpConstructor):
- (JSC::RegExpConstructor::finishCreation):
- (JSC::RegExpMatchesArray::RegExpMatchesArray):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::create):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::create):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- (JSC::StringConstructor::finishCreation):
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::StringObject):
- * runtime/StringObject.h:
- (JSC::StringObject::create):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- (JSC::StringPrototype::finishCreation):
- * runtime/StringPrototype.h:
-
-2011-09-09 Geoffrey Garen <ggaren@apple.com>
-
- Build fix: Guard against double-#define for something already #defined
- by the build system.
-
- * wtf/Platform.h:
-
-2011-09-09 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Dan Bernstein.
-
- Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
- !ENABLE_WTF_MULTIPLE_THREADS
- https://bugs.webkit.org/show_bug.cgi?id=67860
-
- First step toward making the baseline platform assumption that threads
- exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
- or !ENABLE_WTF_MULTIPLE_THREADS.
-
- * wtf/Platform.h:
-
-2011-09-09 Laszlo Gombos <laszlo.1.gombos@nokia.com>
-
- [Qt] Remove common.pri
- https://bugs.webkit.org/show_bug.cgi?id=67814
-
- Reviewed by Andreas Kling.
-
- * JavaScriptCore.pri:
-
-2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
-
- REGRESSION(r94811): Assertion failure in 2 worker tests
- https://bugs.webkit.org/show_bug.cgi?id=67829
-
- Reviewed by Sam Weinig.
-
- Fixing a couple tests that were broken due to the wrong values being
- set in the parent class pointers in the ClassInfo structs for
- TerminatedExecutionError and InterruptedExecutionError.
-
- * runtime/ExceptionHelpers.cpp:
-
-2011-09-08 Oliver Hunt <oliver@apple.com>
-
- Use bump allocator for initial property storage
- https://bugs.webkit.org/show_bug.cgi?id=67494
-
- Reviewed by Geoffrey Garen.
-
- Use a bump allocator for initial allocation of property storage,
- and promote to fastMalloc memory only if it survives a GC pass.
-
- Comes out as a 1% win on v8, and is a useful step on the way to
- GC allocation of all property storage.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/Heap.cpp:
- (JSC::Heap::collect):
- * heap/Heap.h:
- (JSC::Heap::allocatePropertyStorage):
- (JSC::Heap::inPropertyStorageNursery):
- * heap/MarkedBlock.h:
- * heap/NewSpace.cpp:
- (JSC::NewSpace::NewSpace):
- * heap/NewSpace.h:
- (JSC::NewSpace::resetPropertyStorageNursery):
- (JSC::NewSpace::allocatePropertyStorage):
- (JSC::NewSpace::inPropertyStorageNursery):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSObject.cpp:
- (JSC::JSObject::allocatePropertyStorage):
- * runtime/JSObject.h:
- (JSC::JSObject::isUsingInlineStorage):
- (JSC::JSObject::JSObject):
- (JSC::JSObject::propertyStorage):
- (JSC::JSObject::~JSObject):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putDirectWithoutTransition):
- (JSC::JSObject::putDirectFunctionWithoutTransition):
- (JSC::JSObject::transitionTo):
- (JSC::JSObject::visitChildrenDirect):
- * runtime/StorageBarrier.h: Added.
- (JSC::StorageBarrier::StorageBarrier):
- (JSC::StorageBarrier::set):
- (JSC::StorageBarrier::operator->):
- (JSC::StorageBarrier::operator*):
- (JSC::StorageBarrier::operator[]):
- (JSC::StorageBarrier::get):
-
-2011-09-08 Sam Weinig <sam@webkit.org>
-
- Remove the Completion object from JSC, I have never liked it
- https://bugs.webkit.org/show_bug.cgi?id=67755
-
- Reviewed by Gavin Barraclough.
-
- - Removes the Completion object and replaces its use with out parameter exceptions.
- - Remove ComplType and virtual exceptionType() function on JSObject. Replace with
- ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
-
- * API/JSBase.cpp:
- (JSEvaluateScript):
- (JSCheckScriptSyntax):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::throwException):
- * jsc.cpp:
- (functionLoad):
- (functionCheckSyntax):
- (runWithScripts):
- (runInteractive):
- * runtime/Completion.cpp:
- (JSC::checkSyntax):
- (JSC::evaluate):
- * runtime/Completion.h:
- * runtime/ExceptionHelpers.cpp:
- (JSC::InterruptedExecutionError::toString):
- (JSC::TerminatedExecutionError::toString):
- (JSC::createInterruptedExecutionException):
- * runtime/ExceptionHelpers.h:
- (JSC::InterruptedExecutionError::InterruptedExecutionError):
- (JSC::InterruptedExecutionError::create):
- (JSC::InterruptedExecutionError::createStructure):
- (JSC::TerminatedExecutionError::TerminatedExecutionError):
- (JSC::TerminatedExecutionError::create):
- (JSC::TerminatedExecutionError::createStructure):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSObject.h:
-
-2011-09-08 Ryosuke Niwa <rniwa@webkit.org>
-
- Build fix.
-
- * dfg/DFGCapabilities.cpp:
-
-2011-09-08 Filip Pizlo <fpizlo@apple.com>
-
- Value profling and execution count profiling is performed even for
- code that cannot be optimized
- https://bugs.webkit.org/show_bug.cgi?id=67694
-
- Reviewed by Gavin Barraclough.
-
- This is a 2% speed-up on V8 when tiered compilation is enabled.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::ProgramCodeBlock::canCompileWithDFG):
- (JSC::EvalCodeBlock::canCompileWithDFG):
- (JSC::FunctionCodeBlock::canCompileWithDFG):
- * bytecode/CodeBlock.h:
- * dfg/DFGCapabilities.cpp: Added.
- (JSC::DFG::canCompileOpcodes):
- * dfg/DFGCapabilities.h: Added.
- (JSC::DFG::mightCompileEval):
- (JSC::DFG::mightCompileProgram):
- (JSC::DFG::mightCompileFunctionForCall):
- (JSC::DFG::mightCompileFunctionForConstruct):
- (JSC::DFG::canCompileOpcode):
- (JSC::DFG::canCompileEval):
- (JSC::DFG::canCompileProgram):
- (JSC::DFG::canCompileFunctionForCall):
- (JSC::DFG::canCompileFunctionForConstruct):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JSC::JIT::shouldEmitProfiling):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
-
-2011-09-08 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
- https://bugs.webkit.org/show_bug.cgi?id=67840
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
-
-2011-09-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=67771
-
- Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
- and patchOffsetGetByIdSlowCaseCall
- and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
-
- Reviewed by Gavin Barraclough.
-
- * jit/JIT.h:
- * wtf/dtoa/utils.h:
-
-2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove getUInt32 from JSCell
- https://bugs.webkit.org/show_bug.cgi?id=67691
-
- Reviewed by Oliver Hunt.
-
- We don't use JSCell::getUInt32 anymore, so it has been removed.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
-
-2011-09-07 Filip Pizlo <fpizlo@apple.com>
-
- PPC build fix.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::~CodeBlock):
-
-2011-09-07 Oliver Hunt <oliver@apple.com>
-
- Release mode build fix.
-
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::create):
-
-2011-09-06 Oliver Hunt <oliver@apple.com>
-
- Remove JSObjectWithGlobalObject
- https://bugs.webkit.org/show_bug.cgi?id=67689
-
- Reviewed by Geoff Garen.
-
- Remove JSObjectWithGlobalObject, and update code to stop using anonymous
- storage to access the global object that a JSObject comes from. Largely
- mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::JSCallbackConstructor):
- (JSC::JSCallbackConstructor::finishCreation):
- * API/JSCallbackConstructor.h:
- * API/JSCallbackObject.cpp:
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::create):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::JSCallbackObject):
- (JSC::::finishCreation):
- (JSC::::staticFunctionGetter):
- * API/JSClassRef.cpp:
- (OpaqueJSClass::prototype):
- * API/JSObjectRef.cpp:
- (JSObjectMake):
- (JSObjectGetPrivate):
- (JSObjectSetPrivate):
- (JSObjectGetPrivateProperty):
- (JSObjectSetPrivateProperty):
- (JSObjectDeletePrivateProperty):
- * API/JSValueRef.cpp:
- (JSValueIsObjectOfClass):
- * API/JSWeakObjectMapRefPrivate.cpp:
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchGetMethodFast):
- (JSC::DFG::tryCacheGetMethod):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateJSFunction):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::patchMethodCallProto):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/DatePrototype.cpp:
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::InternalFunction):
- (JSC::InternalFunction::finishCreation):
- * runtime/InternalFunction.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::finishCreation):
- * runtime/JSFunction.h:
- (JSC::JSFunction::create):
- (JSC::JSFunction::createStructure):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::JSONObject):
- (JSC::JSONObject::finishCreation):
- * runtime/JSONObject.h:
- * runtime/JSObject.h:
- (JSC::JSObject::globalObject):
- * runtime/JSObjectWithGlobalObject.cpp: Removed.
- * runtime/JSObjectWithGlobalObject.h: Removed.
- * runtime/JSValue.cpp:
- (JSC::JSValue::isValidCallee):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- * runtime/Lookup.h:
- * runtime/MathObject.cpp:
- (JSC::MathObject::MathObject):
- (JSC::MathObject::finishCreation):
- * runtime/MathObject.h:
- * runtime/NumberPrototype.cpp:
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- (JSC::RegExpObject::finishCreation):
- * runtime/RegExpObject.h:
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::Structure::globalObject):
-
-2011-09-07 Gavin Barraclough <barraclough@apple.com>
-
- Refactor JIT checks for ObjectType into helper functions.
-
- Rubber stamped by Sam Weinig.
-
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::branchIfNotObject):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.h:
- * jit/JITCall32_64.cpp:
- (JSC::JIT::emit_op_ret_object_or_this):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitJumpIfNotObject):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_instanceof):
- (JSC::JIT::emit_op_ret_object_or_this):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_create_this):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_instanceof):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_create_this):
-
-2011-09-07 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r94627 and r94632.
- http://trac.webkit.org/changeset/94627
- http://trac.webkit.org/changeset/94632
- https://bugs.webkit.org/show_bug.cgi?id=67698
-
- It broke tests on GTK and Qt (Requested by Ossy on #webkit).
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::JSCallbackConstructor):
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::create):
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::JSCallbackFunction):
- * API/JSCallbackFunction.h:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::create):
- * debugger/DebuggerActivation.h:
- * jsc.cpp:
- (GlobalObject::constructorBody):
- (GlobalObject::GlobalObject):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::ArrayPrototype):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::create):
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::BooleanConstructor):
- * runtime/BooleanConstructor.h:
- * runtime/BooleanObject.cpp:
- (JSC::BooleanObject::BooleanObject):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::create):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- * runtime/DateConstructor.h:
- * runtime/DateInstance.cpp:
- (JSC::DateInstance::DateInstance):
- * runtime/DateInstance.h:
- (JSC::DateInstance::create):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::DatePrototype):
- * runtime/DatePrototype.h:
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::ErrorConstructor):
- * runtime/ErrorConstructor.h:
- (JSC::ErrorConstructor::create):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::create):
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::FunctionConstructor):
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::FunctionPrototype):
- * runtime/FunctionPrototype.h:
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::InternalFunction):
- * runtime/InternalFunction.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- * runtime/JSActivation.h:
- (JSC::JSActivation::create):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::create):
- (JSC::JSGlobalObject::JSGlobalObject):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::JSONObject):
- * runtime/JSONObject.h:
- (JSC::JSONObject::create):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::create):
- (JSC::JSStaticScopeObject::JSStaticScopeObject):
- * runtime/JSString.cpp:
- (JSC::StringObject::create):
- * runtime/MathObject.cpp:
- (JSC::MathObject::MathObject):
- * runtime/MathObject.h:
- (JSC::MathObject::create):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::constructorBody):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- (JSC::NativeErrorPrototype::constructorBody):
- * runtime/NativeErrorPrototype.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::NumberConstructor):
- * runtime/NumberConstructor.h:
- * runtime/NumberObject.cpp:
- (JSC::NumberObject::NumberObject):
- * runtime/NumberObject.h:
- (JSC::NumberObject::create):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::ObjectConstructor):
- * runtime/ObjectConstructor.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::RegExpConstructor):
- (JSC::RegExpMatchesArray::RegExpMatchesArray):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::create):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::create):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::StringObject):
- * runtime/StringObject.h:
- (JSC::StringObject::create):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- * runtime/StringPrototype.h:
-
-2011-09-06 Xianzhu Wang <wangxianzhu@chromium.org>
-
- Replace usages of Vector<UChar> with existing StringBuilder
- https://bugs.webkit.org/show_bug.cgi?id=67079
-
- Reviewed by Gavin Barraclough.
-
- This is part of work to support 8-bit string buffers.
- Adds StringBuilder::characters() because the original Vector<UChar>::data()
- is widely used.
- Sets the minimum size of buffer to 16 to prevent possible performance
- regression. Further performance investigation should be done in
- https://bugs.webkit.org/show_bug.cgi?id=67084.
-
- * wtf/Forward.h:
- * wtf/text/StringBuilder.cpp:
- (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::operator[]):
- (WTF::StringBuilder::characters): Added.
-
-2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fix broken snow leopard build
- https://bugs.webkit.org/show_bug.cgi?id=67693
-
- Reviewed by Daniel Bates.
-
- Removed unnecessary symbol export.
-
- * JavaScriptCore.exp:
-
-2011-09-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not optimize booleans
- https://bugs.webkit.org/show_bug.cgi?id=67670
-
- Reviewed by Gavin Barraclough.
-
- This adds boolean value profiling, boolean prediction in the DFG,
- boolean forward flow propagation in the DFGPropagator, boolean
- data format in DFG generation info, and comprehensive optimizations
- based on both boolean prediction and boolean generation info.
- This is brings the speed-up on v8-richards to 12%, and gives slight
- speed-ups elsewhere as well.
-
- Making this work right required navigating some subtleties in
- value profiling. Some functions get compiled with insufficient
- information because some important path of the function never
- executed. In these cases, we wish to fall back on static
- speculation. But to do so, we need to ensure that predictions that
- are inherent in the code (like that GetById almost certainly takes
- a cell operand) are reflected in predictions that we make in
- DFGPropagator. Thus, DFGPropagator now does both backward and
- forward flow, using a both forward and backward fixpoint.
-
- The backward flow in DFGPropagator is a separate static analysis,
- and needs to keep a set of backward flow abstract values for
- variables, arguments, and globals. To make this easy, this patch
- factors out DFGGraph's prediction tracking capability into
- DFGPredictionTracker, which now gets used by both DFGGraph (for
- forward flow predictions) and DFGPropagator (for backward flow
- predictions). Backward flow predictions eventually get merged
- into forward flow ones, but the two are not equivalent: a forward
- flow prediction is a superset of the backward flow prediction.
-
- Debugging these prediction issues required a better understanding
- of where we fail speculation, and what our value predictions look
- like. This patch also adds optional verbose speculation failure
- (so an informative printf fires whenever speculation failure occurs)
- and slight improvements to the verbosity in other places.
-
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::numberOfBooleans):
- (JSC::ValueProfile::probabilityOfBoolean):
- (JSC::ValueProfile::dump):
- (JSC::ValueProfile::computeStatistics):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::stronglyPredict):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::dataFormatToString):
- (JSC::DFG::needDataFormatConversion):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::Graph):
- (JSC::DFG::Graph::predictions):
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::predictGlobalVar):
- (JSC::DFG::Graph::getPrediction):
- (JSC::DFG::Graph::getGlobalVarPrediction):
- (JSC::DFG::Graph::isBooleanConstant):
- (JSC::DFG::Graph::valueOfBooleanConstant):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
- (JSC::DFG::JITCodeGenerator::isKnownBoolean):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::emitBranch):
- (JSC::DFG::JITCodeGenerator::speculationCheck):
- (JSC::DFG::GPRTemporary::GPRTemporary):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::isBooleanConstant):
- (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::debugCall):
- (JSC::DFG::JITCompiler::isBooleanConstant):
- (JSC::DFG::JITCompiler::valueOfBooleanConstant):
- * dfg/DFGNode.h:
- (JSC::DFG::isBooleanPrediction):
- (JSC::DFG::predictionToString):
- (JSC::DFG::mergePredictions):
- (JSC::DFG::makePrediction):
- (JSC::DFG::Node::isBooleanConstant):
- (JSC::DFG::Node::valueOfBooleanConstant):
- (JSC::DFG::Node::hasBooleanResult):
- (JSC::DFG::Node::hasNumericResult):
- (JSC::DFG::Node::predict):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGPredictionTracker.h: Added.
- (JSC::DFG::operandIsArgument):
- (JSC::DFG::PredictionSlot::PredictionSlot):
- (JSC::DFG::PredictionTracker::PredictionTracker):
- (JSC::DFG::PredictionTracker::initializeSimilarTo):
- (JSC::DFG::PredictionTracker::numberOfArguments):
- (JSC::DFG::PredictionTracker::numberOfVariables):
- (JSC::DFG::PredictionTracker::argumentOffsetForOperand):
- (JSC::DFG::PredictionTracker::predictArgument):
- (JSC::DFG::PredictionTracker::predict):
- (JSC::DFG::PredictionTracker::predictGlobalVar):
- (JSC::DFG::PredictionTracker::getArgumentPrediction):
- (JSC::DFG::PredictionTracker::getPrediction):
- (JSC::DFG::PredictionTracker::getGlobalVarPrediction):
- * dfg/DFGPropagator.cpp:
- (JSC::DFG::Propagator::Propagator):
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::setPrediction):
- (JSC::DFG::Propagator::mergeUse):
- (JSC::DFG::Propagator::mergePrediction):
- (JSC::DFG::Propagator::propagateNode):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
- (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
- (JSC::DFG::SpeculateBooleanOperand::index):
- (JSC::DFG::SpeculateBooleanOperand::gpr):
- (JSC::DFG::SpeculateBooleanOperand::use):
- * runtime/JSGlobalData.h:
- * runtime/JSValue.cpp:
- (JSC::JSValue::description):
-
-2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (5/7)
- https://bugs.webkit.org/show_bug.cgi?id=67420
-
- Reviewed by Geoffrey Garen.
-
- Completed the fifth level of the refactoring to add finishCreation()
- methods to all classes within the JSCell hierarchy with non-trivial
- constructor bodies.
-
- This primarily consists of pushing the calls to finishCreation() down
- into the constructors of the subclasses of the second level of the hierarchy
- as well as pulling the finishCreation() calls out into the class's corresponding
- create() method if it has one. Doing both simultaneously allows us to
- maintain the invariant that the finishCreation() method chain is called exactly
- once during the creation of an object, since calling it any other number of
- times (0, 2, or more) will cause an assertion failure.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::JSCallbackConstructor):
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::create):
- * API/JSCallbackFunction.cpp:
- (JSC::JSCallbackFunction::JSCallbackFunction):
- (JSC::JSCallbackFunction::finishCreation):
- * API/JSCallbackFunction.h:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::create):
- * jsc.cpp:
- (GlobalObject::finishCreation):
- (GlobalObject::GlobalObject):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- (JSC::ArrayConstructor::finishCreation):
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::ArrayPrototype):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::create):
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::BooleanConstructor):
- (JSC::BooleanConstructor::finishCreation):
- * runtime/BooleanConstructor.h:
- * runtime/BooleanObject.cpp:
- (JSC::BooleanObject::BooleanObject):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::create):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- (JSC::BooleanPrototype::finishCreation):
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- (JSC::DateConstructor::finishCreation):
- * runtime/DateConstructor.h:
- * runtime/DateInstance.cpp:
- (JSC::DateInstance::DateInstance):
- * runtime/DateInstance.h:
- (JSC::DateInstance::create):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::DatePrototype):
- (JSC::DatePrototype::finishCreation):
- * runtime/DatePrototype.h:
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::ErrorConstructor):
- (JSC::ErrorConstructor::finishCreation):
- * runtime/ErrorConstructor.h:
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::create):
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::FunctionConstructor):
- (JSC::FunctionConstructor::finishCreation):
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::FunctionPrototype):
- (JSC::FunctionPrototype::finishCreation):
- * runtime/FunctionPrototype.h:
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::InternalFunction):
- * runtime/InternalFunction.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- * runtime/JSActivation.h:
- (JSC::JSActivation::create):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::create):
- (JSC::JSGlobalObject::JSGlobalObject):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::JSONObject):
- * runtime/JSONObject.h:
- (JSC::JSONObject::create):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::create):
- (JSC::JSStaticScopeObject::JSStaticScopeObject):
- * runtime/JSString.cpp:
- (JSC::StringObject::create):
- * runtime/MathObject.cpp:
- (JSC::MathObject::MathObject):
- * runtime/MathObject.h:
- (JSC::MathObject::create):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::finishCreation):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- (JSC::NativeErrorPrototype::finishCreation):
- * runtime/NativeErrorPrototype.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::NumberConstructor):
- (JSC::NumberConstructor::finishCreation):
- * runtime/NumberConstructor.h:
- * runtime/NumberObject.cpp:
- (JSC::NumberObject::NumberObject):
- * runtime/NumberObject.h:
- (JSC::NumberObject::create):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- (JSC::NumberPrototype::finishCreation):
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::ObjectConstructor):
- (JSC::ObjectConstructor::finishCreation):
- * runtime/ObjectConstructor.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::RegExpConstructor):
- (JSC::RegExpConstructor::finishCreation):
- (JSC::RegExpMatchesArray::RegExpMatchesArray):
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::create):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::create):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- (JSC::StringConstructor::finishCreation):
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::StringObject):
- * runtime/StringObject.h:
- (JSC::StringObject::create):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- (JSC::StringPrototype::finishCreation):
- * runtime/StringPrototype.h:
-
-2011-09-06 Filip Pizlo <fpizlo@apple.com>
-
- Accessibility tests crashing in BasicRawSentinelNode code
- https://bugs.webkit.org/show_bug.cgi?id=67682
-
- Reviewed by Geoffrey Garen.
-
- A CodeBlock should ensure that no other CodeBlocks have references to it after
- it is destroyed.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::~CodeBlock):
-
-2011-09-06 Yong Li <yoli@rim.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=67486
- This reverts r65993 which gives wrong results for rshift
- in some corner cases (see the test).
-
- Reviewed by Gavin Barraclough.
-
- New test: fast/js/floating-point-truncate-rshift.html
-
- * assembler/ARMAssembler.h:
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
- (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
-
-2011-09-06 Filip Pizlo <fpizlo@apple.com>
-
- Unreviewed build fix for r94559.
-
- Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
- new out-of-line JIT-specific method definitions with !ENABLE(JIT).
-
- * bytecode/CodeBlock.cpp:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
-
-2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fix broken PPC build due to new dtoa library
- https://bugs.webkit.org/show_bug.cgi?id=67654
-
- Reviewed by Dan Bernstein.
-
- Added condition for PPC in the new dtoa compatibility check so that
- building won't fail.
-
- * wtf/dtoa/utils.h:
-
-2011-09-05 Oliver Hunt <oliver@apple.com>
-
- An object's structure should reference the global object responsible for its creation
- https://bugs.webkit.org/show_bug.cgi?id=67624
-
- Reviewed by Gavin Barraclough.
-
- Add a reference to a GlobalObject to Structure, and update all calls to
- Structure::create() to pass the global object that is the origin for that
- structure. For objects where the appropriate global object isn't available
- at construction time (global object prototypes, etc), or objects that
- logically don't have a global object (strings, etc) we just pass null.
-
- This change is largely mechanical (passing a new globalObject parameter
- around).
-
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::createStructure):
- * API/JSCallbackFunction.h:
- (JSC::JSCallbackFunction::createStructure):
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::createStructure):
- * API/JSContextRef.cpp:
- * JavaScriptCore.exp:
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::createStructure):
- * runtime/Arguments.h:
- (JSC::Arguments::createStructure):
- * runtime/ArrayConstructor.h:
- (JSC::ArrayConstructor::createStructure):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::createStructure):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::createStructure):
- * runtime/BooleanPrototype.h:
- (JSC::BooleanPrototype::createStructure):
- * runtime/DateConstructor.h:
- (JSC::DateConstructor::createStructure):
- * runtime/DateInstance.h:
- (JSC::DateInstance::createStructure):
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::createStructure):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::createStructure):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::createStructure):
- * runtime/Executable.h:
- (JSC::ExecutableBase::createStructure):
- (JSC::NativeExecutable::createStructure):
- (JSC::EvalExecutable::createStructure):
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::createStructure):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::createStructure):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::createStructure):
- * runtime/InternalFunction.h:
- (JSC::InternalFunction::createStructure):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- * runtime/JSActivation.h:
- (JSC::JSActivation::createStructure):
- * runtime/JSArray.h:
- (JSC::JSArray::createStructure):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::createStructure):
- * runtime/JSByteArray.h:
- * runtime/JSFunction.h:
- (JSC::JSFunction::createStructure):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::finishCreation):
- (JSC::JSGlobalObject::createStructure):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::createStructure):
- * runtime/JSONObject.h:
- (JSC::JSONObject::createStructure):
- * runtime/JSObject.cpp:
- (JSC::JSObject::createInheritorID):
- * runtime/JSObject.h:
- (JSC::JSObject::createStructure):
- (JSC::JSNonFinalObject::createStructure):
- (JSC::JSFinalObject::createStructure):
- (JSC::createEmptyObjectStructure):
- * runtime/JSObjectWithGlobalObject.h:
- (JSC::JSObjectWithGlobalObject::createStructure):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::createStructure):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::createStructure):
- * runtime/JSString.h:
- (JSC::RopeBuilder::createStructure):
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::createStructure):
- * runtime/JSWrapperObject.h:
- (JSC::JSWrapperObject::createStructure):
- * runtime/MathObject.h:
- (JSC::MathObject::createStructure):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::createStructure):
- (JSC::NativeErrorConstructor::constructorBody):
- * runtime/NumberConstructor.h:
- (JSC::NumberConstructor::createStructure):
- * runtime/NumberObject.h:
- (JSC::NumberObject::createStructure):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::createStructure):
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::createStructure):
- * runtime/ObjectPrototype.h:
- (JSC::ObjectPrototype::createStructure):
- * runtime/RegExp.h:
- (JSC::RegExp::createStructure):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::createStructure):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::createStructure):
- * runtime/RegExpPrototype.h:
- (JSC::RegExpPrototype::createStructure):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::createStructure):
- * runtime/StrictEvalActivation.h:
- (JSC::StrictEvalActivation::createStructure):
- * runtime/StringConstructor.h:
- (JSC::StringConstructor::createStructure):
- * runtime/StringObject.h:
- (JSC::StringObject::createStructure):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::create):
- (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::createStructure):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::visitChildren):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::Structure::globalObject):
- (JSC::Structure::setGlobalObject):
- * runtime/StructureChain.h:
- (JSC::StructureChain::createStructure):
-
-2011-09-06 Michael Saboff <msaboff@apple.com>
-
- Add windows changes for JSC:RegExp functional tests
- https://bugs.webkit.org/show_bug.cgi?id=67521
-
- Windows build changes for regular expression functional test.
-
- Rubber-stamped by Gavin Barraclough.
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/testRegExp: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
-
-2011-09-06 Filip Pizlo <fpizlo@apple.com>
-
- JavaScriptCore does not have tiered compilation
- https://bugs.webkit.org/show_bug.cgi?id=67176
-
- Reviewed by Gavin Barraclough.
-
- This adds the ability to have multiple CodeBlocks associated with
- a particular role in an Executable. These are stored in
- descending order of compiler tier. CodeBlocks are optimized when
- a counter (m_executeCounter) that is incremented in loops and
- epilogues becomes positive. Optimizing means that all calls to
- the old CodeBlock are unlinked.
-
- The DFG can now pull in predictions from ValueProfiles, and
- propagate them along the graph. To support the new phase while
- maintaing some level of abstraction, a DFGDriver was introduced
- that encapsulates how to run the DFG compiler.
-
- This is turned off by default because it's not yet a performance
- win on all benchmarks. It speeds up crypto and richards by
- 10% and 6% respectively, but still does not do as good of a job
- as it could. Notably, the DFG backend has not changed, and
- is largely oblivious to the new information being made available
- to it.
-
- When turned off (the default), this patch is performance neutral.
-
- * CMakeLists.txt:
- * GNUmakefile.am:
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::branchAdd32):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::branchAdd32):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::CodeBlock):
- (JSC::CodeBlock::~CodeBlock):
- (JSC::CodeBlock::visitAggregate):
- (JSC::CallLinkInfo::unlink):
- (JSC::CodeBlock::unlinkCalls):
- (JSC::CodeBlock::unlinkIncomingCalls):
- (JSC::CodeBlock::clearEvalCache):
- (JSC::replaceExistingEntries):
- (JSC::CodeBlock::copyDataFromAlternative):
- (JSC::ProgramCodeBlock::replacement):
- (JSC::EvalCodeBlock::replacement):
- (JSC::FunctionCodeBlock::replacement):
- (JSC::ProgramCodeBlock::compileOptimized):
- (JSC::EvalCodeBlock::compileOptimized):
- (JSC::FunctionCodeBlock::compileOptimized):
- * bytecode/CodeBlock.h:
- (JSC::GlobalCodeBlock::GlobalCodeBlock):
- (JSC::ProgramCodeBlock::ProgramCodeBlock):
- (JSC::EvalCodeBlock::EvalCodeBlock):
- (JSC::FunctionCodeBlock::FunctionCodeBlock):
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::dump):
- (JSC::ValueProfile::computeStatistics):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * bytecompiler/BytecodeGenerator.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::dynamicallyPredict):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::parse):
- * dfg/DFGDriver.cpp: Added.
- (JSC::DFG::compile):
- (JSC::DFG::tryCompile):
- (JSC::DFG::tryCompileFunction):
- * dfg/DFGDriver.h: Added.
- (JSC::DFG::tryCompile):
- (JSC::DFG::tryCompileFunction):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::predictGlobalVar):
- (JSC::DFG::Graph::isConstant):
- (JSC::DFG::Graph::isJSConstant):
- (JSC::DFG::Graph::isInt32Constant):
- (JSC::DFG::Graph::isDoubleConstant):
- (JSC::DFG::Graph::valueOfJSConstant):
- (JSC::DFG::Graph::valueOfInt32Constant):
- (JSC::DFG::Graph::valueOfDoubleConstant):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::isConstant):
- (JSC::DFG::JITCompiler::isJSConstant):
- (JSC::DFG::JITCompiler::isInt32Constant):
- (JSC::DFG::JITCompiler::isDoubleConstant):
- (JSC::DFG::JITCompiler::valueOfJSConstant):
- (JSC::DFG::JITCompiler::valueOfInt32Constant):
- (JSC::DFG::JITCompiler::valueOfDoubleConstant):
- * dfg/DFGNode.h:
- (JSC::DFG::isCellPrediction):
- (JSC::DFG::isNumberPrediction):
- (JSC::DFG::predictionToString):
- (JSC::DFG::mergePrediction):
- (JSC::DFG::makePrediction):
- (JSC::DFG::Node::valueOfJSConstant):
- (JSC::DFG::Node::isInt32Constant):
- (JSC::DFG::Node::isDoubleConstant):
- (JSC::DFG::Node::valueOfInt32Constant):
- (JSC::DFG::Node::valueOfDoubleConstant):
- (JSC::DFG::Node::predict):
- * dfg/DFGPropagation.cpp: Added.
- (JSC::DFG::Propagator::Propagator):
- (JSC::DFG::Propagator::fixpoint):
- (JSC::DFG::Propagator::setPrediction):
- (JSC::DFG::Propagator::mergePrediction):
- (JSC::DFG::Propagator::propagateNode):
- (JSC::DFG::Propagator::propagateForward):
- (JSC::DFG::Propagator::propagateBackward):
- (JSC::DFG::propagate):
- * dfg/DFGPropagation.h: Added.
- (JSC::DFG::propagate):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgLinkFor):
- * heap/HandleHeap.h:
- (JSC::HandleHeap::Node::Node):
- * jit/JIT.cpp:
- (JSC::JIT::emitOptimizationCheck):
- (JSC::JIT::emitTimeoutCheck):
- (JSC::JIT::privateCompile):
- (JSC::JIT::linkFor):
- * jit/JIT.h:
- (JSC::JIT::emitOptimizationCheck):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::emit_op_ret):
- (JSC::JIT::emit_op_ret_object_or_this):
- * jit/JITCode.h:
- (JSC::JITCode::JITCode):
- (JSC::JITCode::bottomTierJIT):
- (JSC::JITCode::topTierJIT):
- (JSC::JITCode::nextTierJIT):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_ret):
- (JSC::JIT::emit_op_ret_object_or_this):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileOptimized):
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileOptimized):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileOptimizedForCall):
- (JSC::FunctionExecutable::compileOptimizedForConstruct):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/Executable.h:
- (JSC::EvalExecutable::compile):
- (JSC::ProgramExecutable::compile):
- (JSC::FunctionExecutable::compileForCall):
- (JSC::FunctionExecutable::compileForConstruct):
- (JSC::FunctionExecutable::compileOptimizedFor):
- * wtf/Platform.h:
- * wtf/SentinelLinkedList.h:
- (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
- (WTF::BasicRawSentinelNode::setPrev):
- (WTF::BasicRawSentinelNode::setNext):
- (WTF::BasicRawSentinelNode::prev):
- (WTF::BasicRawSentinelNode::next):
- (WTF::BasicRawSentinelNode::isOnList):
- (WTF::::remove):
- (WTF::::SentinelLinkedList):
- (WTF::::begin):
- (WTF::::end):
- (WTF::::push):
-
-2011-09-05 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r94445 and r94448.
- http://trac.webkit.org/changeset/94445
- http://trac.webkit.org/changeset/94448
- https://bugs.webkit.org/show_bug.cgi?id=67595
-
- It broke everything (Requested by ossy on #webkit).
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * heap/Heap.cpp:
- (JSC::Heap::collect):
- * heap/Heap.h:
- * heap/NewSpace.cpp:
- (JSC::NewSpace::NewSpace):
- * heap/NewSpace.h:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSObject.cpp:
- (JSC::JSObject::allocatePropertyStorage):
- * runtime/JSObject.h:
- (JSC::JSObject::~JSObject):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putDirectWithoutTransition):
- (JSC::JSObject::putDirectFunctionWithoutTransition):
- (JSC::JSObject::transitionTo):
- (JSC::JSObject::visitChildrenDirect):
-
-2011-09-05 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed build fix for r94452.
-
- Add config.h as the first header to the cc files as required by the coding style.
- Reuse macros from Assertions.h instead of adding addional #ifdefs.
-
- * wtf/dtoa/bignum-dtoa.cc:
- * wtf/dtoa/bignum.cc:
- * wtf/dtoa/cached-powers.cc:
- * wtf/dtoa/diy-fp.cc:
- * wtf/dtoa/double-conversion.cc:
- * wtf/dtoa/fast-dtoa.cc:
- * wtf/dtoa/fixed-dtoa.cc:
- * wtf/dtoa/strtod.cc:
- * wtf/dtoa/utils.h:
-
-2011-09-05 Andras Becsi <andras.becsi@nokia.com>
-
- [Qt][WK2] Fix the build
-
- Rubber-stamped by Csaba Osztrogonác.
-
- * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
- The variable fractional_part is only set but never used.
-
-2011-09-04 Mark Hahnenberg <mhahnenberg@apple.com>
-
- REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
- https://bugs.webkit.org/show_bug.cgi?id=67562
-
- Reviewed by Darin Adler.
-
- Fixing the build (again which was broken by the dtoa patch. Needed
- to make sure WTF::double_conversion::initialize() is called for Qt
- as well as adding a check for WinCE in dtoa/utils.h
-
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- * wtf/dtoa/cached-powers.cc:
- * wtf/dtoa/utils.h:
-
-2011-09-03 Filip Pizlo <fpizlo@apple.com>
-
- ThunkGenerators does not convert positive double zero into integer zero
- https://bugs.webkit.org/show_bug.cgi?id=67553
-
- Reviewed by Gavin Barraclough.
-
- This is an 0.5% speed-up on V8 and neutral elsewhere.
-
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::returnDouble):
-
-2011-09-03 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
-
- * wscript:
-
-2011-09-03 Filip Pizlo <fpizlo@apple.com>
-
- DFG variable predictions only work for local variables, not temporaries
- https://bugs.webkit.org/show_bug.cgi?id=67554
-
- Reviewed by Gavin Barraclough.
-
- This appears to be a slight speed-up in Kraken (0.3% but significant)
- and neutral elsewhere.
-
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
-
-2011-09-02 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT speculation failure does recovery of additions in reverse and
- doesn't rebox
- https://bugs.webkit.org/show_bug.cgi?id=67551
-
- Reviewed by Sam Weinig.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-09-02 Filip Pizlo <fpizlo@apple.com>
-
- ValueProfile does not make it safe to introspect cell values
- after garbage collection
- https://bugs.webkit.org/show_bug.cgi?id=67354
-
- Reviewed by Gavin Barraclough.
-
- ValueProfile buckets are now weak references, implemented using a
- light-weight weak reference mechanism that this patch also adds (the
- WeakReferenceHarvester). If a cell stored in a ValueProfile bucket
- is not marked, then the bucket is transformed into a Structure
- pointer. If the Structure is not marked either, then it is turned
- into a ClassInfo pointer.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::~CodeBlock):
- (JSC::CodeBlock::visitAggregate):
- (JSC::CodeBlock::visitWeakReferences):
- * bytecode/CodeBlock.h:
- * bytecode/ValueProfile.h:
- (JSC::ValueProfile::ValueProfile):
- (JSC::ValueProfile::classInfo):
- (JSC::ValueProfile::numberOfInt32s):
- (JSC::ValueProfile::numberOfDoubles):
- (JSC::ValueProfile::numberOfCells):
- (JSC::ValueProfile::numberOfArrays):
- (JSC::ValueProfile::probabilityOfArray):
- (JSC::ValueProfile::WeakBucket::WeakBucket):
- (JSC::ValueProfile::WeakBucket::operator!):
- (JSC::ValueProfile::WeakBucket::isEmpty):
- (JSC::ValueProfile::WeakBucket::isClassInfo):
- (JSC::ValueProfile::WeakBucket::isStructure):
- (JSC::ValueProfile::WeakBucket::asStructure):
- (JSC::ValueProfile::WeakBucket::asClassInfo):
- (JSC::ValueProfile::WeakBucket::getClassInfo):
- * heap/Heap.cpp:
- (JSC::Heap::harvestWeakReferences):
- (JSC::Heap::markRoots):
- * heap/Heap.h:
- * heap/MarkStack.cpp:
- (JSC::SlotVisitor::drain):
- (JSC::SlotVisitor::harvestWeakReferences):
- * heap/MarkStack.h:
- (JSC::MarkStack::addWeakReferenceHarvester):
- (JSC::MarkStack::MarkStack):
- (JSC::MarkStack::appendUnbarrieredPointer):
- * heap/SlotVisitor.h:
- * heap/WeakReferenceHarvester.h: Added.
- (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
- (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
-
-2011-09-02 Michael Saboff <msaboff@apple.com>
-
- Replace local implementation of string equals() methods with UString versions
- https://bugs.webkit.org/show_bug.cgi?id=67342
-
- In preparation to allowing StringImpl to be backed by 8 bit
- characters when appropriate, we need to eliminate or change the
- usage of StringImpl::characters(). Change the uses of characters()
- that are used to implement redundant equals() methods.
-
- Reviewed by Gavin Barraclough.
-
- * runtime/Identifier.cpp:
- (JSC::Identifier::equal):
- * runtime/Identifier.h:
- (JSC::Identifier::equal):
- * wtf/text/AtomicString.cpp:
- (WTF::CStringTranslator::equal): Moved an optimized method to here.
- (WTF::operator==):
- * wtf/text/StringImpl.cpp:
- (WTF::equal):
- * wtf/text/StringImpl.h:
-
-2011-09-02 Michael Saboff <msaboff@apple.com>
-
- Add JSC:RegExp functional tests
- https://bugs.webkit.org/show_bug.cgi?id=67339
-
- Added new test driver program (testRegExp) and corresponding data file
- along with build scripts changes.
-
- Reviewed by Gavin Barraclough.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * testRegExp.cpp: Added.
- (Options::Options):
- (StopWatch::start):
- (StopWatch::stop):
- (StopWatch::getElapsedMS):
- (RegExpTest::RegExpTest):
- (GlobalObject::create):
- (GlobalObject::className):
- (GlobalObject::GlobalObject):
- (main):
- (cleanupGlobalData):
- (testOneRegExp):
- (scanString):
- (parseRegExpLine):
- (parseTestLine):
- (runFromFiles):
- (printUsageStatement):
- (parseArguments):
- (realMain):
- * tests/regexp: Added.
- * tests/regexp/RegExpTest.data: Added.
-
-2011-09-02 Michael Saboff <msaboff@apple.com>
-
- Add JSC:RegExp functional test data generator
- https://bugs.webkit.org/show_bug.cgi?id=67519
-
- Add a data generator for regular expressions. To enable, change the
- #undef REGEXP_FUNC_TEST_DATA_GEN to #define. Then compile and use
- regular expressions. The resulting data will be in /tmp/RegExpTestsData.
-
- Reviewed by Gavin Barraclough.
-
- * runtime/RegExp.cpp:
- (JSC::regExpFlags):
- (JSC::RegExpFunctionalTestCollector::clearRegExp):
- (JSC::RegExpFunctionalTestCollector::get):
- (JSC::RegExpFunctionalTestCollector::outputOneTest):
- (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
- (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
- (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
- (JSC::RegExp::~RegExp):
- (JSC::RegExp::compile):
- (JSC::RegExp::match):
- (JSC::RegExp::matchCompareWithInterpreter):
-
-2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fix the broken build due to dtoa patch
- https://bugs.webkit.org/show_bug.cgi?id=67534
-
- Reviewed by Oliver Hunt.
-
- Fixing the build.
-
- * GNUmakefile.list.am:
- * wtf/dtoa/bignum.cc:
- * wtf/dtoa/fast-dtoa.cc:
- * wtf/dtoa/utils.h:
-
-2011-09-02 Oliver Hunt <oliver@apple.com>
-
- Remove OldSpace classes
- https://bugs.webkit.org/show_bug.cgi?id=67533
-
- Reviewed by Gavin Barraclough.
-
- Remove the unused OldSpace classes
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/Heap.cpp:
- (JSC::Heap::writeBarrierSlowCase):
- * heap/MarkedBlock.h:
- * heap/OldSpace.cpp: Removed.
- * heap/OldSpace.h: Removed.
-
-2011-09-02 James Robinson <jamesr@chromium.org>
-
- Compile fix for mac build.
-
- * wtf/CheckedArithmetic.h:
- (WTF::operator+):
- (WTF::operator-):
- (WTF::operator*):
-
-2011-08-30 Matthew Delaney <mdelaney@apple.com>
-
- Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
- https://bugs.webkit.org/show_bug.cgi?id=65352
-
- Reviewed by Simon Fraser.
-
- New test: fast/canvas/canvas-getImageData-large-crash.html
-
- This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
- calls that specify widths and heights that end up overflowing the ints that we store those values in
- as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
- arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
- is just to add a new helper method described below.
-
- * wtf/MathExtras.h:
- (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
-
-2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Incorporate newer, faster dtoa library
- https://bugs.webkit.org/show_bug.cgi?id=66346
-
- Reviewed by Oliver Hunt.
-
- Added new dtoa library at http://code.google.com/p/double-conversion/.
- Replaced old call to dtoa. The new library is much faster than the old one.
- We still use the old dtoa for some stuff in WebCore as well as the old strtod,
- but we can phase these out eventually as well.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/InitializeThreading.cpp:
- * runtime/NumberPrototype.cpp:
- (JSC::numberProtoFuncToExponential):
- (JSC::numberProtoFuncToFixed):
- (JSC::numberProtoFuncToPrecision):
- * runtime/UString.cpp:
- (JSC::UString::number):
- * wtf/CMakeLists.txt:
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading):
- * wtf/ThreadingWin.cpp:
- (WTF::initializeThreading):
- * wtf/dtoa.cpp:
- (WTF::dtoa):
- * wtf/dtoa.h:
- * wtf/dtoa/COPYING: Added.
- * wtf/dtoa/LICENSE: Added.
- * wtf/dtoa/README: Added.
- * wtf/dtoa/bignum-dtoa.cc: Added.
- * wtf/dtoa/bignum-dtoa.h: Added.
- * wtf/dtoa/bignum.cc: Added.
- * wtf/dtoa/bignum.h: Added.
- (WTF::double_conversion::Bignum::Times10):
- (WTF::double_conversion::Bignum::Equal):
- (WTF::double_conversion::Bignum::LessEqual):
- (WTF::double_conversion::Bignum::Less):
- (WTF::double_conversion::Bignum::PlusEqual):
- (WTF::double_conversion::Bignum::PlusLessEqual):
- (WTF::double_conversion::Bignum::PlusLess):
- (WTF::double_conversion::Bignum::EnsureCapacity):
- (WTF::double_conversion::Bignum::BigitLength):
- * wtf/dtoa/cached-powers.cc: Added.
- * wtf/dtoa/cached-powers.h: Added.
- * wtf/dtoa/diy-fp.cc: Added.
- * wtf/dtoa/diy-fp.h: Added.
- (WTF::double_conversion::DiyFp::DiyFp):
- (WTF::double_conversion::DiyFp::Subtract):
- (WTF::double_conversion::DiyFp::Minus):
- (WTF::double_conversion::DiyFp::Times):
- (WTF::double_conversion::DiyFp::Normalize):
- (WTF::double_conversion::DiyFp::f):
- (WTF::double_conversion::DiyFp::e):
- (WTF::double_conversion::DiyFp::set_f):
- (WTF::double_conversion::DiyFp::set_e):
- * wtf/dtoa/double-conversion.cc: Added.
- * wtf/dtoa/double-conversion.h: Added.
- (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
- (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
- * wtf/dtoa/double.h: Added.
- (WTF::double_conversion::double_to_uint64):
- (WTF::double_conversion::uint64_to_double):
- (WTF::double_conversion::Double::Double):
- (WTF::double_conversion::Double::AsDiyFp):
- (WTF::double_conversion::Double::AsNormalizedDiyFp):
- (WTF::double_conversion::Double::AsUint64):
- (WTF::double_conversion::Double::NextDouble):
- (WTF::double_conversion::Double::Exponent):
- (WTF::double_conversion::Double::Significand):
- (WTF::double_conversion::Double::IsDenormal):
- (WTF::double_conversion::Double::IsSpecial):
- (WTF::double_conversion::Double::IsNan):
- (WTF::double_conversion::Double::IsInfinite):
- (WTF::double_conversion::Double::Sign):
- (WTF::double_conversion::Double::UpperBoundary):
- (WTF::double_conversion::Double::NormalizedBoundaries):
- (WTF::double_conversion::Double::value):
- (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
- (WTF::double_conversion::Double::Infinity):
- (WTF::double_conversion::Double::NaN):
- (WTF::double_conversion::Double::DiyFpToUint64):
- * wtf/dtoa/fast-dtoa.cc: Added.
- * wtf/dtoa/fast-dtoa.h: Added.
- * wtf/dtoa/fixed-dtoa.cc: Added.
- * wtf/dtoa/fixed-dtoa.h: Added.
- * wtf/dtoa/strtod.cc: Added.
- * wtf/dtoa/strtod.h: Added.
- * wtf/dtoa/utils.h: Added.
- (WTF::double_conversion::Max):
- (WTF::double_conversion::Min):
- (WTF::double_conversion::StrLength):
- (WTF::double_conversion::Vector::Vector):
- (WTF::double_conversion::Vector::SubVector):
- (WTF::double_conversion::Vector::length):
- (WTF::double_conversion::Vector::is_empty):
- (WTF::double_conversion::Vector::start):
- (WTF::double_conversion::Vector::operator[]):
- (WTF::double_conversion::Vector::first):
- (WTF::double_conversion::Vector::last):
- (WTF::double_conversion::StringBuilder::StringBuilder):
- (WTF::double_conversion::StringBuilder::~StringBuilder):
- (WTF::double_conversion::StringBuilder::size):
- (WTF::double_conversion::StringBuilder::position):
- (WTF::double_conversion::StringBuilder::Reset):
- (WTF::double_conversion::StringBuilder::AddCharacter):
- (WTF::double_conversion::StringBuilder::AddString):
- (WTF::double_conversion::StringBuilder::AddSubstring):
- (WTF::double_conversion::StringBuilder::AddPadding):
- (WTF::double_conversion::StringBuilder::Finalize):
- (WTF::double_conversion::StringBuilder::is_finalized):
- (WTF::double_conversion::BitCast):
- * wtf/wtf.pri:
-
-2011-09-02 Filip Pizlo <fpizlo@apple.com>
-
- DFG graph has no way of distinguishing or reconciling between static
- and dynamic predictions
- https://bugs.webkit.org/show_bug.cgi?id=67343
-
- Reviewed by Gavin Barraclough.
-
- PredictedType now stores the source of the prediction. Merging predictions,
- which was previously done with a bitwise or, is now done via the
- mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
- functions, which correctly handle combinations of static and dynamic.
-
- This is performance-neutral, since all predictions are currently static and
- so the code has no visible effects.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::staticallyPredictArray):
- (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::predictGlobalVar):
- * dfg/DFGNode.h:
- (JSC::DFG::isArrayPrediction):
- (JSC::DFG::isInt32Prediction):
- (JSC::DFG::isDoublePrediction):
- (JSC::DFG::isDynamicPrediction):
- (JSC::DFG::mergePredictions):
- (JSC::DFG::mergePrediction):
- (JSC::DFG::makePrediction):
- (JSC::DFG::Node::predict):
-
-2011-09-02 Oliver Hunt <oliver@apple.com>
-
- Fix 32bit build.
-
- * heap/NewSpace.h:
- (JSC::NewSpace::allocatePropertyStorage):
- (JSC::NewSpace::inPropertyStorageNursery):
-
-2011-09-02 Oliver Hunt <oliver@apple.com>
-
- Use bump allocator for initial property storage
- https://bugs.webkit.org/show_bug.cgi?id=67494
-
- Reviewed by Gavin Barraclough.
-
- Switch to a bump allocator for the initial out of line
- property storage. This gives us slightly faster allocation
- for short lived objects that need out of line storage at
- the cost of an additional memcpy when the object survives
- a GC pass.
-
- No performance impact.
-
- * JavaScriptCore.exp:
- * heap/Heap.cpp:
- (JSC::Heap::collect):
- * heap/Heap.h:
- (JSC::Heap::allocatePropertyStorage):
- (JSC::Heap::inPropertyStorageNursary):
- * heap/NewSpace.cpp:
- (JSC::NewSpace::NewSpace):
- * heap/NewSpace.h:
- (JSC::NewSpace::resetPropertyStorageNursary):
- (JSC::NewSpace::allocatePropertyStorage):
- (JSC::NewSpace::inPropertyStorageNursary):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSObject.cpp:
- (JSC::JSObject::allocatePropertyStorage):
- * runtime/JSObject.h:
- (JSC::JSObject::~JSObject):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putDirectWithoutTransition):
- (JSC::JSObject::putDirectFunctionWithoutTransition):
- (JSC::JSObject::transitionTo):
- (JSC::JSObject::visitChildrenDirect):
-
-2011-09-01 Mark Rowe <mrowe@apple.com>
-
- Fix the build.
-
- * JavaScriptCore.JSVALUE32_64only.exp:
- * JavaScriptCore.JSVALUE64only.exp:
- * JavaScriptCore.exp:
-
-2011-09-01 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (4/7)
- https://bugs.webkit.org/show_bug.cgi?id=67174
-
- Reviewed by Oliver Hunt.
-
- Completed the fourth level of the refactoring to add finishCreation()
- methods to all classes within the JSCell hierarchy with non-trivial
- constructor bodies.
-
- This primarily consists of pushing the calls to finishCreation() down
- into the constructors of the subclasses of the second level of the hierarchy
- as well as pulling the finishCreation() calls out into the class's corresponding
- create() method if it has one. Doing both simultaneously allows us to
- maintain the invariant that the finishCreation() method chain is called exactly
- once during the creation of an object, since calling it any other number of
- times (0, 2, or more) will cause an assertion failure.
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::JSCallbackConstructor):
- (JSC::JSCallbackConstructor::finishCreation):
- * API/JSCallbackConstructor.h:
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::create):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::JSCallbackObject):
- (JSC::::finishCreation):
- * JavaScriptCore.JSVALUE64only.exp:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::DebuggerActivation):
- (JSC::DebuggerActivation::create):
- * debugger/DebuggerActivation.h:
- * runtime/Arguments.h:
- (JSC::Arguments::create):
- (JSC::Arguments::createNoParameters):
- (JSC::Arguments::Arguments):
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::ArrayPrototype):
- (JSC::ArrayPrototype::finishCreation):
- * runtime/ArrayPrototype.h:
- * runtime/BooleanObject.cpp:
- (JSC::BooleanObject::BooleanObject):
- (JSC::BooleanObject::finishCreation):
- * runtime/BooleanObject.h:
- * runtime/DateInstance.cpp:
- (JSC::DateInstance::DateInstance):
- (JSC::DateInstance::finishCreation):
- * runtime/DateInstance.h:
- * runtime/ErrorInstance.cpp:
- (JSC::ErrorInstance::ErrorInstance):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::create):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- (JSC::ErrorPrototype::finishCreation):
- * runtime/ErrorPrototype.h:
- * runtime/ExceptionHelpers.cpp:
- (JSC::InterruptedExecutionError::InterruptedExecutionError):
- (JSC::InterruptedExecutionError::create):
- (JSC::TerminatedExecutionError::TerminatedExecutionError):
- (JSC::TerminatedExecutionError::create):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::EvalExecutable):
- (JSC::ProgramExecutable::ProgramExecutable):
- (JSC::FunctionExecutable::FunctionExecutable):
- * runtime/Executable.h:
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::NativeExecutable):
- (JSC::EvalExecutable::create):
- (JSC::ProgramExecutable::create):
- (JSC::FunctionExecutable::create):
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::InternalFunction):
- (JSC::InternalFunction::finishCreation):
- * runtime/InternalFunction.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- (JSC::JSActivation::finishCreation):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::JSArray):
- * runtime/JSArray.h:
- (JSC::JSArray::create):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::JSByteArray):
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::create):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::finishCreation):
- * runtime/JSFunction.h:
- (JSC::JSFunction::create):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::JSGlobalObject):
- (JSC::JSGlobalObject::finishCreation):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::JSNotAnObject):
- (JSC::JSNotAnObject::create):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::JSONObject):
- (JSC::JSONObject::finishCreation):
- * runtime/JSONObject.h:
- * runtime/JSObjectWithGlobalObject.cpp:
- (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
- * runtime/JSObjectWithGlobalObject.h:
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::create):
- (JSC::JSStaticScopeObject::finishCreation):
- (JSC::JSStaticScopeObject::JSStaticScopeObject):
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::JSVariableObject):
- * runtime/JSWrapperObject.h:
- (JSC::JSWrapperObject::JSWrapperObject):
- * runtime/MathObject.cpp:
- (JSC::MathObject::MathObject):
- (JSC::MathObject::finishCreation):
- * runtime/MathObject.h:
- * runtime/NumberObject.cpp:
- (JSC::NumberObject::NumberObject):
- (JSC::NumberObject::finishCreation):
- * runtime/NumberObject.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::ObjectPrototype):
- * runtime/ObjectPrototype.h:
- (JSC::ObjectPrototype::create):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpMatchesArray::RegExpMatchesArray):
- (JSC::RegExpMatchesArray::finishCreation):
- * runtime/RegExpMatchesArray.h:
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- (JSC::RegExpObject::finishCreation):
- * runtime/RegExpObject.h:
- * runtime/StrictEvalActivation.cpp:
- (JSC::StrictEvalActivation::StrictEvalActivation):
- * runtime/StrictEvalActivation.h:
- (JSC::StrictEvalActivation::create):
- * runtime/StringObject.cpp:
- (JSC::StringObject::StringObject):
- (JSC::StringObject::finishCreation):
- * runtime/StringObject.h:
-
-2011-09-01 Daniel Bates <dbates@rim.com>
-
- QNX GCC distribution doesn't support vasprintf()
- https://bugs.webkit.org/show_bug.cgi?id=67423
-
- Reviewed by Antonio Gomes.
-
- * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
-
-2011-09-01 Michael Saboff <msaboff@apple.com>
-
- Remove simple usage of UString::characters() from JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=67340
-
- In preparation to allowing StringImpl to be backed by 8 bit
- characters when appropriate, we need to eliminate or change the
- usage of StringImpl::characters(). Most of the changes below
- change s->characters()[0] to s[0].
-
- Reviewed by Geoffrey Garen.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::keyForCharacterSwitch):
- * bytecompiler/NodesCodegen.cpp:
- (JSC::processClauseList):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Identifier.cpp:
- (JSC::Identifier::addSlowCase):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::jsToNumber):
- (JSC::parseFloat):
- * runtime/JSString.cpp:
- (JSC::JSString::substringFromRope):
- * runtime/JSString.h:
- (JSC::jsSingleCharacterSubstring):
- (JSC::jsString):
- (JSC::jsSubstring):
- (JSC::jsOwnedString):
- * runtime/RegExp.cpp:
- (JSC::regExpFlags):
- * wtf/text/StringBuilder.h:
- (WTF::StringBuilder::operator[]):
-
-2011-09-01 Ada Chan <adachan@apple.com>
-
- Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
-
- Reviewed by Darin Adler.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-01 Hao Zheng <zhenghao@chromium.org>
-
- Define PTHREAD_KEYS_MAX to fix Android port build.
- https://bugs.webkit.org/show_bug.cgi?id=67362
-
- Reviewed by Adam Barth.
-
- PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
-
- * wtf/ThreadIdentifierDataPthreads.cpp:
-
-2011-08-31 Oliver Hunt <oliver@apple.com>
-
- Fix build.
-
- * wtf/CheckedArithmetic.h:
- (WTF::Checked::Checked):
- (WTF::Checked::operator=):
-
-2011-08-31 Oliver Hunt <oliver@apple.com>
-
- fast/regex/overflow.html asserts in debug builds
- https://bugs.webkit.org/show_bug.cgi?id=67326
-
- Reviewed by Gavin Barraclough.
-
- The deliberate overflows in these expressions don't interact nicely
- with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
- intermediate calculations.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
- (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
-
-2011-08-31 Jeff Miller <jeffm@apple.com>
-
- REGRESSION(92210): AVFoundation media engine is disabled on OS X
- https://bugs.webkit.org/show_bug.cgi?id=67316
-
- Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
- since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
- changes that were made in r92210.
-
- Reviewed by Darin Adler.
-
- * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
-
-2011-08-31 Peter Beverloo <peter@chromium.org>
-
- Add Android's platform specification and the right atomic functions.
- https://bugs.webkit.org/show_bug.cgi?id=66687
-
- Reviewed by Adam Barth.
-
- * wtf/Atomics.h:
- (WTF::atomicIncrement):
- (WTF::atomicDecrement):
- * wtf/Platform.h:
-
-2011-08-30 Oliver Hunt <oliver@apple.com>
-
- Add support for checked arithmetic
- https://bugs.webkit.org/show_bug.cgi?id=67095
-
- Reviewed by Sam Weinig.
-
- Add a checked arithmetic class Checked<T> that provides overflow-safe
- arithmetic over all integral types. Checked<T> supports addition, subtraction
- and multiplication, along with "bool" conversions and equality operators.
-
- Checked<> can be used in either CRASH() on overflow or delayed failure modes,
- although the default is to CRASH().
-
- To ensure the code is actually in use (rather than checking in dead code) I've
- made a couple of properties in YARR use Checked<int> and Checked<unsigned>
- instead of raw value arithmetic. This has resulted in a moderate set of changes,
- to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
- to unsigned for some uses of sizeof, as Checked<> currently does not support
- mixed signed-ness of types wider that 32 bits.
-
- Happily the increased type safety of Checked<> means that it's not possible to
- accidentally assign away precision, nor accidentally call integer overload of
- a function instead of the bool version.
-
- No measurable regression in performance, and SunSpider claims this patch to be
- a progression of 0.3%.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CheckedArithmetic.h: Added.
- (WTF::CrashOnOverflow::overflowed):
- (WTF::CrashOnOverflow::clearOverflow):
- (WTF::CrashOnOverflow::hasOverflowed):
- (WTF::RecordOverflow::RecordOverflow):
- (WTF::RecordOverflow::overflowed):
- (WTF::RecordOverflow::clearOverflow):
- (WTF::RecordOverflow::hasOverflowed):
- (WTF::isInBounds):
- (WTF::safeAdd):
- (WTF::safeSub):
- (WTF::safeMultiply):
- (WTF::safeEquals):
- (WTF::workAroundClangBug):
- (WTF::Checked::Checked):
- (WTF::Checked::operator=):
- (WTF::Checked::operator++):
- (WTF::Checked::operator--):
- (WTF::Checked::operator!):
- (WTF::Checked::operator UnspecifiedBoolType*):
- (WTF::Checked::get):
- (WTF::Checked::operator+=):
- (WTF::Checked::operator-=):
- (WTF::Checked::operator*=):
- (WTF::Checked::operator==):
- (WTF::Checked::operator!=):
- (WTF::operator+):
- (WTF::operator-):
- (WTF::operator*):
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::ByteCompiler::atomPatternCharacter):
- (JSC::Yarr::ByteCompiler::atomCharacterClass):
- (JSC::Yarr::ByteCompiler::atomBackReference):
- (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
- (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
- (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
- (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
- * yarr/YarrInterpreter.h:
- (JSC::Yarr::ByteTerm::ByteTerm):
- (JSC::Yarr::ByteTerm::CheckInput):
- (JSC::Yarr::ByteTerm::UncheckInput):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generateAssertionEOL):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
- (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
- (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
- (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
- (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
- * yarr/YarrPattern.h:
-
-2011-08-31 Andrei Popescu <andreip@google.com>
-
- Investigate current uses of OS(ANDROID)
- https://bugs.webkit.org/show_bug.cgi?id=66761
-
- Unreviewed, build fix for ARM platforms.
-
- * wtf/Platform.h:
-
-2011-08-31 Andrei Popescu <andreip@google.com>
-
- Investigate current uses of OS(ANDROID)
- https://bugs.webkit.org/show_bug.cgi?id=66761
-
- Reviewed by Darin Adler.
-
- Remove the last legacy Android code.
-
- No new tests needed as the code wasn't tested in the first place.
-
- * wtf/Atomics.h:
- * wtf/Platform.h:
- * wtf/ThreadingPthreads.cpp:
- (WTF::createThreadInternal):
-
-2011-08-30 Aaron Colwell <acolwell@chromium.org>
-
- Add MediaSource API to HTMLMediaElement
- https://bugs.webkit.org/show_bug.cgi?id=64731
-
- Reviewed by Eric Carlson.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-08-30 Oliver Hunt <oliver@apple.com>
-
- TypedArrays don't ensure that denormalised values are normalised
- https://bugs.webkit.org/show_bug.cgi?id=67178
-
- Reviewed by Gavin Barraclough.
-
- Add a couple of assertions to jsNumber() to ensure that
- we block signaling NaNs
-
- * runtime/JSValue.h:
- (JSC::jsDoubleNumber):
- (JSC::jsNumber):
-
-2011-08-30 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
-
- [Qt] Do not unconditionally use pkg-config in .pro files
- https://bugs.webkit.org/show_bug.cgi?id=67055
-
- Reviewed by Andreas Kling.
-
- Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
-
- Using the first pkg-config in PATH is prone to errors when cross
- compiling inside the Qt repository (using Qt's build-system).
-
- This patch protect calls for pkg-config with
- !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
- QT_CONFIG by Qt's 'configure' when cross-compiling on systems
- without pkg-config.
-
- The respective change in Qt's configure has been submited already.
-
- No new tests as this is just a build change.
-
- * wtf/wtf.pri: protect pkg-config calls
-
-2011-08-29 Daniel Bates <dbates@webkit.org>
-
- Add HAVE(VASPRINTF) macro to test for vasprintf() support
- https://bugs.webkit.org/show_bug.cgi?id=67156
-
- Reviewed by Darin Adler.
-
- Encapsulate testing of vasprintf() support in a HAVE macro
- instead of hardcoding the list of supported/unsupported
- compilers at the call site.
-
- * wtf/Platform.h:
-
-2011-08-29 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (3/7)
- https://bugs.webkit.org/show_bug.cgi?id=67064
-
- Reviewed by Darin Adler.
-
- Completed the third level of the refactoring to add finishCreation()
- methods to all classes within the JSCell hierarchy with non-trivial
- constructor bodies.
-
- This primarily consists of pushing the calls to finishCreation() down
- into the constructors of the subclasses of the second level of the hierarchy
- as well as pulling the finishCreation() calls out into the class's corresponding
- create() method if it has one. Doing both simultaneously allows us to
- maintain the invariant that the finishCreation() method chain is called exactly
- once during the creation of an object, since calling it any other number of
- times (0, 2, or more) will cause an assertion failure.
-
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::DebuggerActivation):
- (JSC::DebuggerActivation::finishCreation):
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::create):
- * runtime/Arguments.h:
- (JSC::Arguments::create):
- (JSC::Arguments::createNoParameters):
- (JSC::Arguments::Arguments):
- (JSC::Arguments::finishCreation):
- * runtime/ErrorInstance.cpp:
- (JSC::ErrorInstance::ErrorInstance):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::finishCreation):
- * runtime/ExceptionHelpers.cpp:
- (JSC::InterruptedExecutionError::InterruptedExecutionError):
- (JSC::TerminatedExecutionError::TerminatedExecutionError):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::EvalExecutable):
- (JSC::ProgramExecutable::ProgramExecutable):
- (JSC::FunctionExecutable::FunctionExecutable):
- Moved the assignment of m_firstLine and m_lastLine into the
- FunctionExecutable::finishCreation() method in Executable.h
- * runtime/Executable.h:
- (JSC::ScriptExecutable::ScriptExecutable):
- (JSC::EvalExecutable::create):
- (JSC::ProgramExecutable::create):
- (JSC::FunctionExecutable::create):
- (JSC::FunctionExecutable::finishCreation):
- * runtime/JSArray.cpp:
- (JSC::JSArray::JSArray):
- (JSC::JSArray::finishCreation):
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::JSByteArray):
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::finishCreation):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::JSNotAnObject):
- * runtime/JSObject.h:
- (JSC::JSNonFinalObject::JSNonFinalObject):
- * runtime/JSObjectWithGlobalObject.cpp:
- (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
- (JSC::JSObjectWithGlobalObject::finishCreation):
- * runtime/JSObjectWithGlobalObject.h:
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::JSVariableObject):
- (JSC::JSVariableObject::finishCreation):
- * runtime/JSWrapperObject.h:
- (JSC::JSWrapperObject::JSWrapperObject):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::ObjectPrototype):
- (JSC::ObjectPrototype::finishCreation):
- * runtime/ObjectPrototype.h:
- * runtime/StrictEvalActivation.cpp:
- (JSC::StrictEvalActivation::StrictEvalActivation):
-
-2011-08-29 Andreas Kling <kling@webkit.org>
-
- Unreviewed build fix after r93990.
-
- * wtf/HashTable.h:
-
-2011-08-29 Andreas Kling <kling@webkit.org>
-
- Viewing a post on reddit.com wastes a lot of memory on event listeners.
- https://bugs.webkit.org/show_bug.cgi?id=67133
-
- Reviewed by Darin Adler.
-
- Add a minimum table size to the HashTraits, instead of having it hard coded.
- The default value remains at 64, but can now be specialized.
-
- * runtime/StructureTransitionTable.h:
- * wtf/HashTable.h:
- (WTF::HashTable::shouldShrink):
- (WTF::::expand):
- (WTF::::checkTableConsistencyExceptSize):
- * wtf/HashTraits.h:
-
-2011-08-28 Jonathan Liu <net147@gmail.com>
-
- Fix build error when compiling with MinGW-w64 by disabling JIT
- on Windows 64-bit
- https://bugs.webkit.org/show_bug.cgi?id=61235
-
- Reviewed by Gavin Barraclough.
-
- The fixed mmap executable allocator for JIT on x86_64 requires
- sys/mman.h which is not available on Windows.
-
- * wtf/Platform.h:
-
-2011-08-27 Filip Pizlo <fpizlo@apple.com>
-
- JSC::Executable is inconsistent about using weak handle finalizers
- and destructors for releasing memory
- https://bugs.webkit.org/show_bug.cgi?id=67072
-
- Reviewed by Darin Adler.
-
- Moved more of the destruction of Executable state into the finalizer,
- which also resulted in an opportunity to mostly combine this with
- discardCode(). This also means that the finalizer is now enabled even
- when the JIT is turned off. This is performance neutral on SunSpider,
- V8, and Kraken.
-
- * runtime/Executable.cpp:
- (JSC::ExecutableBase::clearCode):
- (JSC::ExecutableFinalizer::finalize):
- (JSC::EvalExecutable::clearCode):
- (JSC::ProgramExecutable::clearCode):
- (JSC::FunctionExecutable::discardCode):
- (JSC::FunctionExecutable::clearCode):
- * runtime/Executable.h:
- (JSC::ExecutableBase::finishCreation):
-
-2011-08-26 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT - ArithMod may clobber operands.
- https://bugs.webkit.org/show_bug.cgi?id=67085
-
- Reviewed by Sam Weinig.
-
- unboxDouble must be called on a temporary.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::boxDouble):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-08-26 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (2/7)
- https://bugs.webkit.org/show_bug.cgi?id=66957
-
- Reviewed by Darin Adler.
-
- Completed the second level of the refactoring to add finishCreation()
- methods to all classes within the JSCell hierarchy with non-trivial
- constructor bodies.
-
- * runtime/Executable.h:
- (JSC::ExecutableBase::ExecutableBase):
- (JSC::ExecutableBase::create):
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::finishCreation):
- (JSC::NativeExecutable::NativeExecutable):
- (JSC::ScriptExecutable::ScriptExecutable):
- (JSC::ScriptExecutable::finishCreation):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::GetterSetter):
- (JSC::GetterSetter::create):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::create):
- (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
- * runtime/JSObject.h:
- (JSC::JSNonFinalObject::JSNonFinalObject):
- (JSC::JSNonFinalObject::finishCreation):
- (JSC::JSFinalObject::create):
- (JSC::JSFinalObject::finishCreation):
- (JSC::JSFinalObject::JSFinalObject):
- (JSC::JSObject::JSObject):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
- (JSC::JSPropertyNameIterator::create):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::create):
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp):
- (JSC::RegExp::createWithoutCaching):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- (JSC::ScopeChainNode::create):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::Structure::finishCreation):
- (JSC::Structure::createStructure):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::StructureChain):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
-
-2011-08-26 Filip Pizlo <fpizlo@apple.com>
-
- The GC does not have a facility for profiling the kinds of objects
- that occupy the heap
- https://bugs.webkit.org/show_bug.cgi?id=66849
-
- Reviewed by Geoffrey Garen.
-
- Destructor calls and object scans are now optionally counted, per
- vtable. When the heap is destroyed and profiling is enabled, the
- counts are dumped, with care taken to print the names of classes
- (modulo C++ mangling) sorted in descending commonality.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/Heap.cpp:
- (JSC::Heap::destroy):
- * heap/Heap.h:
- * heap/MarkStack.cpp:
- (JSC::SlotVisitor::visitChildren):
- (JSC::SlotVisitor::drain):
- * heap/MarkStack.h:
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::callDestructor):
- * heap/MarkedBlock.h:
- * heap/VTableSpectrum.cpp: Added.
- (JSC::VTableSpectrum::VTableSpectrum):
- (JSC::VTableSpectrum::~VTableSpectrum):
- (JSC::VTableSpectrum::countVPtr):
- (JSC::VTableSpectrum::count):
- (JSC::VTableAndCount::VTableAndCount):
- (JSC::VTableAndCount::operator<):
- (JSC::VTableSpectrum::dump):
- * heap/VTableSpectrum.h: Added.
- * wtf/Platform.h:
-
-2011-08-26 Juan C. Montemayor <jmont@apple.com>
-
- Update topCallFrame when calling host functions in the JIT
- https://bugs.webkit.org/show_bug.cgi?id=67010
-
- Reviewed by Oliver Hunt.
-
- The topCallFrame is not being updated when a host function is
- called by the JIT. This causes problems when trying to create a
- stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
-
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
-
-2011-08-26 Alexey Proskuryakov <ap@apple.com>
-
- Get rid of frame life support timer
- https://bugs.webkit.org/show_bug.cgi?id=66874
-
- Reviewed by Geoff Garen.
-
- * runtime/JSGlobalObject.h:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
-
-2011-08-26 Chao-ying Fu <fu@mips.com>
-
- Fix MIPS patchOffsetGetByIdSlowCaseCall
- https://bugs.webkit.org/show_bug.cgi?id=67046
-
- Reviewed by Gavin Barraclough.
-
- * jit/JIT.h:
-
-2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Fixing broken build due to unused variables in release mode
- https://bugs.webkit.org/show_bug.cgi?id=67004
-
- Unreviewed, release build fix.
-
- Fixing broken build due to unused variables in ASSERTs in release build.
-
- * runtime/JSObject.h:
- (JSC::JSObject::finishCreation):
- * runtime/JSString.h:
- (JSC::RopeBuilder::finishCreation):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::finishCreation):
-
-2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Unzip initialization lists and constructors in JSCell hierarchy (1/7)
- https://bugs.webkit.org/show_bug.cgi?id=66827
-
- Reviewed by Geoffrey Garen.
-
- Added finishCreation() methods to all immediately subclasses of JSCell with
- non-empty constructors. Part of a larger refactoring to "unzip" initialization
- lists and constructor bodies. Also renamed JSCell's constructorBody() method
- to finishCreation().
-
- * runtime/Executable.h:
- (JSC::ExecutableBase::ExecutableBase):
- (JSC::ExecutableBase::constructorBody):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::GetterSetter):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::constructorBody):
- (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::JSCell):
- (JSC::JSCell::JSCell::constructorBody):
- * runtime/JSObject.h:
- (JSC::JSObject::constructorBody):
- (JSC::JSObject::JSObject):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::constructorBody):
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::constructorBody):
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp):
- (JSC::RegExp::constructorBody):
- * runtime/RegExp.h:
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- (JSC::ScopeChainNode::constructorBody):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::StructureChain):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
- (JSC::StructureChain::constructorBody):
-
-2011-08-25 Gabor Loki <loki@webkit.org>
-
- REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
- https://bugs.webkit.org/show_bug.cgi?id=66956
-
- Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
-
- Reviewed by Oliver Hunt.
-
- * jit/JIT.h:
-
-2011-08-24 Juan C. Montemayor <jmont@apple.com>
-
- Keep track of topCallFrame for Stack traces
- https://bugs.webkit.org/show_bug.cgi?id=66571
-
- Reviewed by Geoffrey Garen.
-
- This patch adds a TopCallFrame to JSC in order to have that information
- when an error is thrown to create a stack trace. The TopCallFrame is
- updated throughout select points in the Interpreter and the JSC.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::unwindCallFrame):
- (JSC::Interpreter::throwException):
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct):
- (JSC::Interpreter::privateExecute):
- * interpreter/Interpreter.h:
- (JSC::TopCallFrameSetter::TopCallFrameSetter):
- (JSC::TopCallFrameSetter::~TopCallFrameSetter):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::updateTopCallFrame):
- * jit/JITStubCall.h:
- (JSC::JITStubCall::call):
- * jit/JITStubs.cpp:
- (JSC::throwExceptionFromOpCall):
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::arityCheckFor):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
-
-2011-08-24 Filip Pizlo <fpizlo@apple.com>
-
- ErrorInstance::create sometimes has two heap object constructions
- in flight at once
- https://bugs.webkit.org/show_bug.cgi?id=66845
-
- Reviewed by Darin Adler.
-
- The fix is simple since there is already a second create() method
- that takes a UString.
-
- * runtime/ErrorInstance.cpp:
- (JSC::ErrorInstance::create):
-
-2011-08-24 Filip Pizlo <fpizlo@apple.com>
-
- There is no facility for profiling how the write barrier is used
- https://bugs.webkit.org/show_bug.cgi?id=66747
-
- Reviewed by Geoffrey Garen.
-
- Added facilities for the JIT to specify the kind of write barrier
- being executed. Added code for profiling the number of each kind
- of barrier encountered.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::writeBarrier):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::emitCount):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::emitCount):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCachePutByID):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * heap/Heap.h:
- (JSC::Heap::writeBarrier):
- * heap/WriteBarrierSupport.cpp: Added.
- (JSC::WriteBarrierCounters::initialize):
- * heap/WriteBarrierSupport.h: Added.
- (JSC::WriteBarrierCounters::WriteBarrierCounters):
- (JSC::WriteBarrierCounters::jitCounterFor):
- (JSC::WriteBarrierCounters::countWriteBarrier):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_put_global_var):
- (JSC::JIT::emitWriteBarrier):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_put_global_var):
- (JSC::JIT::emitWriteBarrier):
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- * runtime/WriteBarrier.h:
- (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-
-2011-08-23 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add checks to ensure allocation does not take place during initialization of GC-managed objects
- https://bugs.webkit.org/show_bug.cgi?id=65288
-
- Reviewed by Darin Adler.
-
- Adding the new validation functionality. In its current state, it will performs checks,
- but they don't fail unless you do allocation in the arguments to the parent constructor in the
- initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
- allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
- allowed in constructor bodies while other refactoring efforts continue.
-
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::constructorBody):
- (JSC::JSCell::JSCell::JSCell):
- (JSC::JSCell::allocateCell):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::isInitializingObject):
- (JSC::JSGlobalData::setInitializingObject):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::create):
-
-2011-08-23 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=55347
- "name" and "message" enumerable on *Error.prototype
-
- Reviewed by Sam Weinig.
-
- The default value of a NativeErrorPrototype's message
- property is "", not the name of the error.
-
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::create):
- (JSC::NativeErrorConstructor::constructorBody):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- (JSC::NativeErrorPrototype::constructorBody):
- * runtime/NativeErrorPrototype.h:
- (JSC::NativeErrorPrototype::create):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::create):
-
-2011-08-23 Steve Block <steveblock@google.com>
-
- Remove last occurrences of PLATFORM(ANDROID)
- https://bugs.webkit.org/show_bug.cgi?id=66763
-
- Reviewed by Tony Gentilcore.
-
- * wtf/Platform.h:
-
-2011-08-23 Steve Block <steveblock@google.com>
-
- Remove all mention of removed Android files from build scripts
- https://bugs.webkit.org/show_bug.cgi?id=66755
-
- Reviewed by Tony Gentilcore.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
-
-2011-08-23 Adam Barth <abarth@webkit.org>
-
- Remove WebCore/editing/android and other Android-specific directories
- https://bugs.webkit.org/show_bug.cgi?id=66739
-
- Reviewed by Steve Block.
-
- Now that Android shares more code with Chromium, we don't need these
- Android-specific files.
-
- * wtf/android: Removed.
- * wtf/android/AndroidThreading.h: Removed.
- * wtf/android/MainThreadAndroid.cpp: Removed.
-
-2011-08-23 Ilya Tikhonovsky <loislo@chromium.org>
-
- Unreviewed build fix for compile error on Windows for r93560.
-
- * runtime/SamplingCounter.h:
-
-2011-08-22 Filip Pizlo <fpizlo@apple.com>
-
- Sampling counter support is in the bytecode directory
- https://bugs.webkit.org/show_bug.cgi?id=66724
-
- Reviewed by Darin Adler.
-
- Moved SamplingCounter to a separate header in runtime/.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/SamplingTool.cpp:
- * bytecode/SamplingTool.h:
- * runtime/SamplingCounter.cpp: Added.
- (JSC::AbstractSamplingCounter::dump):
- * runtime/SamplingCounter.h: Added.
- (JSC::AbstractSamplingCounter::count):
- (JSC::AbstractSamplingCounter::addressOfCounter):
- (JSC::AbstractSamplingCounter::init):
- (JSC::SamplingCounter::SamplingCounter):
- (JSC::GlobalSamplingCounter::name):
- (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
- (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
-
-2011-08-21 Martin Robinson <mrobinson@igalia.com>
-
- Fix 'make dist' for WebKitGTK+.
-
- * GNUmakefile.list.am: Add a missing header to the sources list.
-
-2011-08-20 Filip Pizlo <fpizlo@apple.com>
-
- JavaScriptCore bytecompiler does not compute scope depth correctly
- in the case of constant declarations
- https://bugs.webkit.org/show_bug.cgi?id=66572
-
- Reviewed by Oliver Hunt.
-
- Changed the handling of const to add the dynamic scope depth.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ConstDeclNode::emitCodeSingle):
-
-2011-08-19 Daniel Bates <dbates@webkit.org>
-
- Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
- https://bugs.webkit.org/show_bug.cgi?id=66617
-
- Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
- But we cause a compile error if the platform doesn't support SA_RESTART regardless of
- whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
- SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
-
- Reviewed by Antonio Gomes.
-
- * heap/MachineStackMarker.cpp:
-
-2011-08-19 Filip Pizlo <fpizlo@apple.com>
-
- The JSC JIT currently has no facility to profile and report
- the types of values
- https://bugs.webkit.org/show_bug.cgi?id=65901
-
- Reviewed by Gavin Barraclough.
-
- Added the ability to profile the values seen at function calls (both
- arguments and results) and heap loads. This is done with emphasis
- on performance. A value profiling site consists of: add, and,
- move, and store; no branching is necessary. Each value profiling
- site (called a ValueProfile) has a ring buffer of 8 recently-seen
- values. ValueProfiles are stored in the CodeBlock; there will be
- one for each argument (excluding this) and each heap load or callsite.
- Each time a value profiling site executes, it stores the value into
- a pseudo-random element in the ValueProfile buffer. The point is
- that for frequently executed code, we will have 8 somewhat recent
- values in the buffer and will be able to not only figure out what
- type it is, but also to be able to reason about the actual values
- if we wish to do so.
-
- This feature is currently disabled by default. When enabled, it
- results in a 3.7% slow-down on SunSpider.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::~CodeBlock):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addValueProfile):
- (JSC::CodeBlock::numberOfValueProfiles):
- (JSC::CodeBlock::valueProfile):
- (JSC::CodeBlock::valueProfileForBytecodeOffset):
- * bytecode/ValueProfile.h: Added.
- (JSC::ValueProfile::ValueProfile):
- (JSC::ValueProfile::numberOfSamples):
- (JSC::ValueProfile::computeProbability):
- (JSC::ValueProfile::numberOfInt32s):
- (JSC::ValueProfile::numberOfDoubles):
- (JSC::ValueProfile::numberOfCells):
- (JSC::ValueProfile::probabilityOfInt32):
- (JSC::ValueProfile::probabilityOfDouble):
- (JSC::ValueProfile::probabilityOfCell):
- (JSC::getValueProfileBytecodeOffset):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITCall.cpp:
- (JSC::JIT::emit_op_call_put_result):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitValueProfilingSite):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emitSlow_op_get_by_id):
- * jit/JSInterfaceJIT.h:
- * wtf/Platform.h:
- * wtf/StdLibExtras.h:
- (WTF::binarySearch):
- (WTF::genericBinarySearch):
-
-2011-08-19 Daniel Bates <dbates@webkit.org>
-
- Don't include DisallowCType.h when building on QNX
- https://bugs.webkit.org/show_bug.cgi?id=66616
-
- Reviewed by Antonio Gomes.
-
- * config.h:
-
-2011-08-19 Daniel Bates <dbates@webkit.org>
-
- Implement ExecutableAllocator::cacheFlush() for QNX
- https://bugs.webkit.org/show_bug.cgi?id=66611
-
- Reviewed by Antonio Gomes.
-
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::cacheFlush):
-
-2011-08-19 Daniel Bates <dbates@webkit.org>
-
- Implement WTF::atomic{Increment, Decrement}() for QNX
- https://bugs.webkit.org/show_bug.cgi?id=66605
-
- Reviewed by Darin Adler.
-
- * wtf/Atomics.h:
- (WTF::atomicIncrement):
- (WTF::atomicDecrement):
-
-2011-08-19 Beth Dakin <bdakin@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=66590
- Re-name scrollbar painter types
-
- Reviewed by Sam Weinig.
-
- WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer
- applies.
- * wtf/Platform.h:
-
-2011-08-18 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Move allocation in constructors into separate constructorBody() methods
- https://bugs.webkit.org/show_bug.cgi?id=66265
-
- Reviewed by Oliver Hunt.
-
- Refactoring to put all allocations that need to be done after the object's
- initialization list has executed but before the object is ready for use
- into a separate constructorBody() method. This method is still called by the constructor,
- so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * jsc.cpp:
- (GlobalObject::constructorBody):
- (GlobalObject::GlobalObject):
- * runtime/ErrorInstance.cpp:
- (JSC::ErrorInstance::ErrorInstance):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::constructorBody):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- (JSC::ErrorPrototype::constructorBody):
- * runtime/ErrorPrototype.h:
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::FunctionExecutable):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::constructorBody):
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::InternalFunction):
- * runtime/InternalFunction.h:
- (JSC::InternalFunction::constructorBody):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::JSByteArray):
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::constructorBody):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::constructorBody):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::JSGlobalObject):
- (JSC::JSGlobalObject::constructorBody):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::constructorBody):
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::constructorBody):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::constructorBody):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- (JSC::NativeErrorPrototype::constructorBody):
- * runtime/NativeErrorPrototype.h:
- * runtime/StringObject.cpp:
- * runtime/StringObject.h:
- (JSC::StringObject::create):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::create):
- (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::create):
-
-2011-08-10 Filip Pizlo <fpizlo@apple.com>
-
- DFG non-speculative JIT does not inline the double case of ValueAdd
- https://bugs.webkit.org/show_bug.cgi?id=66025
-
- Reviewed by Gavin Barraclough.
-
- This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
- benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
- stanford-crypto-sha256-iterative). It looks like it might have
- a speed-up in SunSpider (though not statistically significant or
- particularly reproducible) and a slight slow-down in V8 (0.14%,
- not statistically significant). It does slow down v8-crypto by
- 1.5%.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownInteger):
- (JSC::DFG::JITCodeGenerator::isKnownNumeric):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
- * dfg/DFGOperations.cpp:
-
-2011-08-18 Filip Pizlo <fpizlo@apple.com>
-
- [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
- https://bugs.webkit.org/show_bug.cgi?id=66426
-
- Reviewed by Oliver Hunt.
-
- Changed the branchTestPtr to branchTest32.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-08-17 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=66379
- implements load32WithCompactAddressOffsetPatch function
- and fixes store32 and moveWithPatch functions for SH4 platforms.
-
- Reviewed by Gavin Barraclough.
-
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::rshift32):
- (JSC::MacroAssemblerSH4::store32):
- (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
- (JSC::MacroAssemblerSH4::moveWithPatch):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::movlMemRegCompact):
- (JSC::SH4Assembler::readPointer):
- (JSC::SH4Assembler::repatchCompact):
- * jit/JIT.h:
-
-2011-08-17 Filip Pizlo <fpizlo@apple.com>
-
- JSC verbose debugging output sometimes doesn't work as expected.
- https://bugs.webkit.org/show_bug.cgi?id=66107
-
- Reviewed by Gavin Barraclough.
-
- Hardened the CodeBlock::dump() code so that it no longer crashes. Improved
- the DFG verbose code so that it prints slightly more useful information.
-
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::debugSize):
- * bytecode/CodeBlock.cpp:
- (JSC::valueToSourceString):
- (JSC::CodeBlock::dump):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::numberOfRegExps):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::link):
-
-2011-08-16 Michael Saboff <msaboff@apple.com>
-
- Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
- https://bugs.webkit.org/show_bug.cgi?id=66351
-
- JIT::privateCompilePutByIdTransition expects that regT0 and regT1
- have the basePayload and baseTag respectively. In some cases,
- we may get to this generated code with one or both of these
- registers trash. One know case is that regT0 on ARM may be
- trashed as regT0 (r0) is also arg0 and can be overrun with sp due
- to calls to JIT::restoreReturnAddress(). This patch uses the
- values on the stack. A longer term solution is to work out all
- cases so that the register entry assumptions can assured.
-
- While fixing this, also determined that the additional stack offset
- of sizeof(void*) is not needed for ARM.
-
- Reviewed by Gavin Barraclough.
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
-
-2011-08-15 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=66263
- DFG JIT does not always zero extend boolean result of DFG operations
-
- Reviewed by Sam Weinig.
-
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- - Change bool return values to a 64-bit type.
-
-2011-08-15 Gavin Barraclough <barraclough@apple.com>
-
- Crash accessing static property on sealed object
- https://bugs.webkit.org/show_bug.cgi?id=66242
-
- Reviewed by Sam Weinig.
-
- * runtime/JSObject.h:
- (JSC::JSObject::putDirectInternal):
- - should only check isExtensible if checkReadOnly.
-
-2011-08-15 Sam Weinig <sam@webkit.org>
-
- Fix release build when building with Clang.
-
- Reviewed by Anders Carlsson.
-
- * runtime/Identifier.cpp:
- (JSC::Identifier::checkCurrentIdentifierTable):
- Add NO_RETURN_DUE_TO_CRASH.
-
-2011-08-15 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
-
- Reviewed by Nikolas Zimmermann.
-
- Speed up SVGSMILElement::findInstanceTime.
- https://bugs.webkit.org/show_bug.cgi?id=61025
-
- Add a new parameter to StdlibExtras.h::binarySerarch function
- to also handle cases when the array does not contain the key value.
- This is needed for an svg function.
-
- * wtf/StdLibExtras.h:
- (WTF::binarySearch):
-
-2011-08-13 Sam Weinig <sam@webkit.org>
-
- Add back 0xbbadbeef to CRASH to allow for old habits
- https://bugs.webkit.org/show_bug.cgi?id=66190
-
- Reviewed by David Kilzer.
-
- * wtf/Assertions.h:
- Add back the assignment to the memory address 0xbbadbeef in the CRASH
- macro, as it does not cause issue in the clang static analyzer and many
- people use its presence in crash reports to easily identify ASSERTs.
-
-2011-08-13 Sam Weinig <sam@webkit.org>
-
- Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=66182
-
- Reviewed by Dan Bernstein.
-
- Fixes 10 warnings in JavaScriptCore and 2 in testapi.
-
- * API/tests/testapi.c:
- (main):
- Remove dead variables.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- Initialize hasPrinted and silence an unused warning by casting to void (Ok here
- since it is debug code and I want to keep it clear that if other cases are added,
- the hasPrinted flag would be needed).
-
- * wtf/dtoa.cpp:
- (WTF::d2b):
- The variable "de" in the else block is always zero, so there is no reason to
- use it.
-
-2011-08-12 Sam Weinig <sam@webkit.org>
-
- Use __builtin_trap() for CRASH when building with clang
- https://bugs.webkit.org/show_bug.cgi?id=66152
-
- Reviewed by Anders Carlsson.
-
- * wtf/Assertions.h:
- Add Clang specific CRASH macro that calls __builtin_trap() instead
- of silly techniques to crash. This allows the static analyzer to understand
- that we are intentionally crashing. As a result, we need to mark some functions
- as not returning.
-
- Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
-
- * wtf/Compiler.h:
- Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
-
- * wtf/FastMalloc.cpp:
- (WTF::Internal::fastMallocMatchFailed):
- Add NO_RETURN_DUE_TO_CRASH.
-
- * yarr/YarrParser.h:
- (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
- (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
- Add NO_RETURN_DUE_TO_ASSERT.
-
-2011-08-12 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT has inconsistent use of boxDouble and unboxDouble,
- inconsistent use of assertions regarding doubles, and those
- assertions are not turned on in debug builds
- https://bugs.webkit.org/show_bug.cgi?id=66160
-
- Reviewed by Gavin Barraclough.
-
- JIT assertions are now turned on in debug builds. JIT
- assertions are now used for boxing and unboxing doubles, and boxing
- and unboxing no longer involves code duplication.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::boxDouble):
- (JSC::DFG::JITCodeGenerator::unboxDouble):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::GeneralizedRegister::moveTo):
- (JSC::DFG::GeneralizedRegister::swapWith):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::boxDouble):
- (JSC::DFG::JITCompiler::unboxDouble):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::convertToDouble):
-
-2011-08-12 Mark Rowe <mrowe@apple.com>
-
- Be more forward-looking in the choice of compiler.
-
- Rubber-stamped by Jon Honeycutt.
-
- * Configurations/CompilerVersion.xcconfig:
-
-2011-08-12 Kalev Lember <kalevlember@gmail.com>
-
- [GTK] Fix non-pthreads build after r91906.
- https://bugs.webkit.org/show_bug.cgi?id=66151
-
- Reviewed by David Levin.
-
- r91906 broke the non-pthreads GTK+ build by including a header which
- doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
-
- * wtf/gtk/ThreadingGtk.cpp:
-
-2011-08-12 Mark Rowe <mrowe@apple.com>
-
- Update some configuration settings that were missed back in r92432.
-
- * Configurations/CompilerVersion.xcconfig:
-
-2011-08-12 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
- Matrix3D.invert)
- https://bugs.webkit.org/show_bug.cgi?id=66038
-
- Reviewed by Gavin Barraclough.
-
- Simplest and lowest-impact fix for the case where the spilled format
- of a DFG node differs from the register format: if the format is
- converted then indicate that the spilled value is no longer valid
- ("kill the spill").
-
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::killSpilled):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-08-12 Sam Weinig <sam@webkit.org>
-
- Move compiler specific macros to their own header
- https://bugs.webkit.org/show_bug.cgi?id=66119
-
- Reviewed by Anders Carlsson.
-
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- Add Compiler.h
-
- * wtf/AlwaysInline.h:
- Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
- Compiler.h. We can remove this file in a later commit.
-
- * wtf/Compiler.h: Added.
- Put all compiler specific checks and features in this file.
-
- * wtf/Platform.h:
- Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
- to Compiler.h. Include Compiler.h since it is necessary.
-
-2011-08-11 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT-specific structure stub info code offset fields are signed
- 8-bit, but it is possible for the offsets to be greater than 127
- https://bugs.webkit.org/show_bug.cgi?id=66122
-
- Reviewed by Gavin Barraclough.
-
- * bytecode/StructureStubInfo.h:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
-
-2011-08-11 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT speculation failure code sometimes picks the wrong register
- as a scratch register.
- https://bugs.webkit.org/show_bug.cgi?id=66104
-
- Reviewed by Gavin Barraclough.
-
- Hardened the code with more assertions and fixed the bug. Now a
- spilled register is only used for scratch if it also isn't being
- used for shuffling.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-08-11 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r92880.
- http://trac.webkit.org/changeset/92880
- https://bugs.webkit.org/show_bug.cgi?id=66123
-
- Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
-
- * wtf/PassRefPtr.h:
-
-2011-08-11 Mark Rowe <mrowe@apple.com>
-
- Don't conditionalize the use of -fomit-frame-pointer on compiler version as
- all of our supported compilers are now new enough to have the same, sane behavior.
-
- Rubber-stamped by Sam Weinig.
-
- * Configurations/JavaScriptCore.xcconfig:
-
-2011-08-11 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT verbose mode does not report the generated types of nodes
- https://bugs.webkit.org/show_bug.cgi?id=65830
-
- Reviewed by Sam Weinig.
-
- Added code that prints the type selected for each node's result.
-
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::dataFormatToString):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-08-11 James Robinson <jamesr@chromium.org>
-
- nullptr can't be used for PassRefPtr
- https://bugs.webkit.org/show_bug.cgi?id=66024
-
- Reviewed by Anders Carlsson.
-
- * wtf/PassRefPtr.h:
- (WTF::PassRefPtr::PassRefPtr):
-
-2011-08-11 Daniel Bates <dbates@rim.com>
-
- Removed unused variable in StackBounds::initialize() to resolve
- compiler warning when building on QNX.
- https://bugs.webkit.org/show_bug.cgi?id=66072
-
- Reviewed by Antonio Gomes.
-
- * wtf/StackBounds.cpp:
- (WTF::StackBounds::initialize):
-
-2011-08-11 Devdatta Deshpande <pwjd73@motorola.com>
-
- Implementation of monotonically increasing clock on GTK
- https://bugs.webkit.org/show_bug.cgi?id=62175
-
- Reviewed by Martin Robinson.
-
- * wtf/CurrentTime.cpp:
- (WTF::monotonicallyIncreasingTime):
- The default implementation of monotonicallyIncreasingTime only
- guarantees the result to be non-decreasing.
- If the system time is changed to past then default implementation will
- still fail and WebCore timers will not fire.
-
-2011-08-10 Geoffrey Garen <ggaren@apple.com>
-
- Removed some incorrect code that was dead.
-
- Reviewed by Oliver Hunt.
-
- clearSingleTransition() wasn't resetting m_data. Luckily,
- no one cares, because its caller was unused. Removed both.
-
- * runtime/Structure.cpp:
- * runtime/StructureTransitionTable.h:
- (JSC::StructureTransitionTable::~StructureTransitionTable):
-
-2011-08-10 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
- https://bugs.webkit.org/show_bug.cgi?id=66010
-
- Reviewed by Oliver Hunt.
-
- Made sure that Construct calls use() on the this argument.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-08-10 Mark Hahnenberg <mhahnenberg@apple.com>
-
- JSC should always throw when function arg list is too long
- https://bugs.webkit.org/show_bug.cgi?id=65869
-
- Reviewed by Oliver Hunt.
-
- Changed the behavior of the interpreter and JIT to throw an exception
- when too many arguments are passed rather than truncating the list. Added
- a new method to create a "Too many arguments." exception used by this
- new functionality.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ExceptionHelpers.cpp:
- (JSC::createTooManyParamsError):
- * runtime/ExceptionHelpers.h:
-
-2011-08-10 Oliver Hunt <oliver@apple.com>
-
- Make GC checks more aggressive in release builds
- https://bugs.webkit.org/show_bug.cgi?id=66001
-
- Reviewed by Gavin Barraclough.
-
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::visitStrongHandles):
- (JSC::HandleHeap::visitWeakHandles):
- (JSC::HandleHeap::finalizeWeakHandles):
- (JSC::HandleHeap::writeBarrier):
- (JSC::HandleHeap::isLiveNode):
- (JSC::HandleHeap::isValidWeakNode):
- Increase handle heap validation logic, and make some of
- the crashes trigger in release builds as well as debug.
- * heap/HandleHeap.h:
- (JSC::HandleHeap::allocate):
- (JSC::HandleHeap::makeWeak):
- Ditto
- * runtime/JSGlobalData.cpp:
- (WTF::Recompiler::operator()):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::visitChildren):
- Fix GC bugs found while testing this patch
-
-2011-08-10 Oliver Hunt <oliver@apple.com>
-
- JSEvaluteScript does not return the correct object when given JSONP data
- https://bugs.webkit.org/show_bug.cgi?id=66003
-
- Reviewed by Gavin Barraclough.
-
- Make sure we propagate the result of the function call rather than the
- argument.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
-
-2011-08-10 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT heap prediction causes regressions when combined with
- aggressive integer prediction
- https://bugs.webkit.org/show_bug.cgi?id=65954
-
- Reviewed by Gavin Barraclough.
-
- Disabled heap prediction, but did not remove the capability.
- This improves V8 crypto performance by 20%.
-
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
-
-2011-08-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not speculative integers as aggressively as it should
- https://bugs.webkit.org/show_bug.cgi?id=65949
-
- Reviewed by Gavin Barraclough.
-
- Added a tree walk to propagate integer predictions through arithmetic
- expressions.
-
- This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
- translates to a 19% speed-up on Kraken overall. It's neutral on
- other benchmarks.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::predictInt32):
-
-2011-08-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT has no way of propagating predictions to loads and calls
- https://bugs.webkit.org/show_bug.cgi?id=65883
-
- Reviewed by Gavin Barraclough.
-
- This introduces the capability to store predictions on graph
- nodes. To save space while being somewhat consistent, the
- prediction is always stored in the second OpInfo slot (since
- a GetById will use the first one for the identifier). This
- change is a natural extension of r92593 (global variable
- prediction).
-
- This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
- win on V8 in the geometric mean. It is neutral on SunSpider
- and Kraken. Interestingly, on V8 it regresses crypto by 3%
- while progressing deltablue and richards by 2.6% and 4.3%,
- respectively.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addToGraph):
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::getPrediction):
- * dfg/DFGNode.h:
- (JSC::DFG::isCellPrediction):
- (JSC::DFG::isArrayPrediction):
- (JSC::DFG::isInt32Prediction):
- (JSC::DFG::isDoublePrediction):
- (JSC::DFG::isNumberPrediction):
- (JSC::DFG::predictionToString):
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::hasPrediction):
- (JSC::DFG::Node::getPrediction):
- (JSC::DFG::Node::predict):
-
-2011-08-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT passes the this argument to constructors even though
- it's not necessary
- https://bugs.webkit.org/show_bug.cgi?id=65943
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-08-09 Chao-ying Fu <fu@mips.com>
-
- Fix one MIPS instruction to call JITStubThunked_##op
- https://bugs.webkit.org/show_bug.cgi?id=65942
-
- Reviewed by Gavin Barraclough.
-
- Changed "bal" to "jalr" for a possible processor mode change from
- MIPS32 to MIPS16.
-
- * jit/JITStubs.cpp:
-
-2011-08-09 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT failure loading web site
- https://bugs.webkit.org/show_bug.cgi?id=65930
-
- Reviewed by Oliver Hunt.
-
- Put the use() call after the fpr()/gpr() calls, since doing otherwise
- breaks the register allocator.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-08-09 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Add ParentClass typedef in all JSC classes
- https://bugs.webkit.org/show_bug.cgi?id=65731
-
- Reviewed by Oliver Hunt.
-
- Just added the Base typedefs in all the classes that are a subclass of JSCell
- to point at their parent classes. This is a change to support future changes to the way
- constructors and destructors are implemented in JS objects, among other things.
-
- * API/JSCallbackConstructor.h:
- * API/JSCallbackFunction.h:
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::createStructure):
- (JSC::JSCallbackObject::visitChildren):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::asCallbackObject):
- (JSC::::JSCallbackObject):
- (JSC::::init):
- (JSC::::className):
- (JSC::::getOwnPropertySlot):
- (JSC::::getOwnPropertyDescriptor):
- (JSC::::put):
- (JSC::::deleteProperty):
- (JSC::::getConstructData):
- (JSC::::construct):
- (JSC::::hasInstance):
- (JSC::::getCallData):
- (JSC::::call):
- (JSC::::getOwnPropertyNames):
- (JSC::::toNumber):
- (JSC::::toString):
- (JSC::::setPrivate):
- (JSC::::getPrivate):
- (JSC::::inherits):
- (JSC::::getStaticValue):
- (JSC::::staticFunctionGetter):
- (JSC::::callbackGetter):
- * debugger/DebuggerActivation.h:
- * jsc.cpp:
- * runtime/Arguments.h:
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.h:
- * runtime/BooleanConstructor.h:
- * runtime/BooleanObject.h:
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.h:
- * runtime/DateInstance.h:
- * runtime/DatePrototype.h:
- * runtime/Error.cpp:
- * runtime/ErrorConstructor.h:
- * runtime/ErrorInstance.h:
- * runtime/ErrorPrototype.h:
- * runtime/ExceptionHelpers.cpp:
- * runtime/Executable.h:
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.h:
- * runtime/GetterSetter.h:
- * runtime/InternalFunction.h:
- * runtime/JSAPIValueWrapper.h:
- * runtime/JSActivation.h:
- * runtime/JSArray.h:
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.h:
- * runtime/JSObject.h:
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSString.h:
- * runtime/JSVariableObject.h:
- * runtime/JSWrapperObject.h:
- * runtime/MathObject.h:
- * runtime/NativeErrorConstructor.h:
- * runtime/NativeErrorPrototype.h:
- * runtime/NumberConstructor.h:
- * runtime/NumberObject.h:
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.h:
- * runtime/ObjectPrototype.h:
- * runtime/RegExp.h:
- * runtime/RegExpConstructor.h:
- * runtime/RegExpMatchesArray.h:
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::create):
- * runtime/RegExpPrototype.h:
- * runtime/ScopeChain.h:
- * runtime/StrictEvalActivation.h:
- * runtime/StringConstructor.h:
- * runtime/StringObject.h:
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- * runtime/StringPrototype.h:
- * runtime/Structure.h:
- * runtime/StructureChain.h:
-
-2011-08-08 Oliver Hunt <oliver@apple.com>
-
- Using mprotect to create guard pages breaks our use of madvise to release executable memory
- https://bugs.webkit.org/show_bug.cgi?id=65870
-
- Reviewed by Gavin Barraclough.
-
- Use mmap rather than mprotect to clear guard page permissions.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
-
-2011-08-08 Oliver Hunt <oliver@apple.com>
-
- Non-extensibility does not prevent mutating [[Prototype]]
- https://bugs.webkit.org/show_bug.cgi?id=65832
-
- Reviewed by Gavin Barraclough.
-
- Disallow mutation of __proto__ on objects that are not extensible.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
-
-2011-08-08 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not track speculation decisions for global variables
- https://bugs.webkit.org/show_bug.cgi?id=65825
-
- Reviewed by Gavin Barraclough.
-
- Added the capability to track predictions for global variables, and
- ensured that code can abstract over the source of prediction (local
- versus global variable) wherever it is appropriate to do so. Also
- cleaned up the code in SpeculativeJIT that decides how to speculate
- based on recorded predictions (for example instead of using isInteger,
- which makes sense for local predictions where the GetLocal would
- return an integer value, we now tend to use shouldSpeculateInteger,
- which checks if the value is either already an integer or should be
- speculated to be an integer).
-
- This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
- win on controlflow-recursive. It's also a 4.8% win on v8-crypto.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::predictArray):
- (JSC::DFG::ByteCodeParser::predictInt32):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::predictGlobalVar):
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::getGlobalVarPrediction):
- (JSC::DFG::Graph::getPrediction):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
-
-2011-08-07 Martin Robinson <mrobinson@igalia.com>
-
- Distribution fix for GTK+.
-
- * GNUmakefile.list.am: Strip removed files from the source list.
-
-2011-08-06 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=65821
- Don't form identifiers the first time a string is used as a property name.
-
- Reviewed by Oliver Hunt.
-
- This is a 1% win on SunSpider.
-
- * dfg/DFGOperations.cpp:
- - Use fastGetOwnProperty.
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- - Use fastGetOwnProperty.
- * runtime/JSCell.h:
- * runtime/JSObject.h:
- (JSC::JSCell::fastGetOwnProperty):
- - Fast call to get a property without creating an identifier the first time.
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyTable::find):
- (JSC::PropertyTable::findWithString):
- - Add interface to look up by either strinsg or identifiers.
- * runtime/Structure.h:
- (JSC::Structure::get):
- - Add a get() call that takes a UString, not an Identifier.
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::hasHash):
- - Add a call to check if the has has been set (to detect the first use as a property name).
-
-2011-08-06 Aron Rosenberg <arosenberg@logitech.com>
-
- Reviewed by Benjamin Poulain.
-
- [Qt] Fix build with Intel compiler on Windows
- https://bugs.webkit.org/show_bug.cgi?id=65088
-
- Intel compiler needs .lib suffixes instead of .a
- Intel compiler doesn't support nullptr
- Intel compiler supports unsized arrays
-
- * JavaScriptCore.pri:
- * jsc.cpp:
- * wtf/ByteArray.h:
- * wtf/NullPtr.h:
-
-2011-08-05 Gavin Barraclough <barraclough@apple.com>
-
- String replace with the empty string means string removal
- https://bugs.webkit.org/show_bug.cgi?id=65799
-
- Reviewed by Sam Weinig.
-
- Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
-
- * runtime/StringPrototype.cpp:
- (JSC::jsSpliceSubstrings):
- (JSC::stringProtoFuncReplace):
-
-2011-08-05 Noel Gordon <noel.gordon@gmail.com>
-
- [Chromium] Remove JSZombie references from gyp project files.
- https://bugs.webkit.org/show_bug.cgi?id=65798
-
- JSC runtime/JSZombie.{cpp,h} were removed in r92046. Remove references to these
- file names from the gyp projects.
-
- Reviewed by Darin Adler.
-
- * JavaScriptCore.gypi: zombies be gone.
-
-2011-08-05 Mark Rowe <mrowe@apple.com>
-
- <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
- is tied to a particular dispatch queue
-
- A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
- with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
- to ensure that all operations are performed on the given dispatch queue.
-
- Reviewed by Anders Carlsson.
-
- * wtf/RefCounted.h:
- (WTF::RefCountedBase::setDispatchQueueForVerifier):
- * wtf/ThreadRestrictionVerifier.h:
- (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
- (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
- (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
- (WTF::ThreadRestrictionVerifier::setShared):
- (WTF::ThreadRestrictionVerifier::isSafeToUse):
-
-2011-08-05 Oliver Hunt <oliver@apple.com>
-
- Inline allocation of function objects
- https://bugs.webkit.org/show_bug.cgi?id=65779
-
- Reviewed by Gavin Barraclough.
-
- Inline allocation and initilisation of function objects
- in generated code. This ended up being a 60-70% improvement
- in function allocation performance. This improvement shows
- up as a ~2% improvement in 32bit sunspider and V8, but is a
- wash on 64-bit.
-
- We currently don't inline the allocation of named function
- expressions, as that requires being able to gc allocate a
- variable object.
-
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- * jit/JIT.h:
- (JSC::JIT::emitStoreCell):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateBasicJSObject):
- (JSC::JIT::emitAllocateJSFinalObject):
- (JSC::JIT::emitAllocateJSFunction):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_func):
- (JSC::JIT::emitSlow_op_new_func):
- (JSC::JIT::emit_op_new_func_exp):
- (JSC::JIT::emitSlow_op_new_func_exp):
- * jit/JITOpcodes32_64.cpp:
- Removed duplicate implementation of op_new_func and op_new_func_exp
- * runtime/JSFunction.h:
- (JSC::JSFunction::offsetOfScopeChain):
- (JSC::JSFunction::offsetOfExecutable):
-
-2011-08-04 David Levin <levin@chromium.org>
-
- CStringBuffer should have thread safety checks turned on.
- https://bugs.webkit.org/show_bug.cgi?id=58093
-
- Reviewed by Dmitry Titov.
-
- * wtf/text/CString.h:
- (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
- turned this off for Chromium.
-
-2011-08-04 Mark Rowe <mrowe@apple.com>
-
- Future-proof Xcode configuration settings.
-
- * Configurations/Base.xcconfig:
- * Configurations/DebugRelease.xcconfig:
- * Configurations/JavaScriptCore.xcconfig:
- * Configurations/Version.xcconfig:
-
-2011-08-04 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Interpreter can potentially GC in the middle of initializing a structure chain
- https://bugs.webkit.org/show_bug.cgi?id=65638
-
- Reviewed by Oliver Hunt.
-
- Moved the allocation of a prototype StructureChain before the initialization of
- the structure chain within the interpreter that was causing intermittent GC crashes.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::tryCachePutByID):
- * wtf/Platform.h:
-
-2011-08-04 Filip Pizlo <fpizlo@apple.com>
-
- Eval handling attempts literal parsing even when the eval
- string is in the cache
- https://bugs.webkit.org/show_bug.cgi?id=65675
-
- Reviewed by Oliver Hunt.
-
- This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
- in SunSpider. It's neutral on V8.
-
- * bytecode/EvalCodeCache.h:
- (JSC::EvalCodeCache::tryGet):
- (JSC::EvalCodeCache::getSlow):
- (JSC::EvalCodeCache::get):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
-
-2011-08-03 Mark Rowe <mrowe@apple.com>
-
- Bring some order to FeatureDefines.xcconfig to make it easier to follow.
-
- Reviewed by Sam Weinig.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-08-03 Mark Rowe <mrowe@apple.com>
-
- Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
-
- Reviewed by Dave Kilzer.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-08-03 Filip Pizlo <fpizlo@apple.com>
-
- JSC GC heap size improvement breaks build on some platforms due to
- unused parameter
- https://bugs.webkit.org/show_bug.cgi?id=65641
-
- Reviewed by Darin Adler.
-
- Fix build on non-x86 platforms, by ensuring that the relevant
- parameter always appears to be used even when it isn't.
-
- * heap/Heap.cpp:
-
-2011-08-03 Carlos Garcia Campos <cgarcia@igalia.com>
-
- [GTK] Reorganize pkg-config files
- https://bugs.webkit.org/show_bug.cgi?id=65548
-
- Reviewed by Martin Robinson.
-
- * GNUmakefile.am:
- * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
-
-2011-08-01 David Levin <levin@chromium.org>
-
- Add asserts to RefCounted to make sure ref/deref happens on the right thread.
- https://bugs.webkit.org/show_bug.cgi?id=31639
-
- Reviewed by Dmitry Titov.
-
- * GNUmakefile.list.am: Added new files to the build.
- * JavaScriptCore.gypi: Ditto.
- * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
- * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
- * jit/ExecutableAllocator.h:
- (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
- due to not being able to figure out what was guarding it (bug 58091).
- * parser/SourceProvider.h:
- (JSC::SourceProvider::SourceProvider): Ditto.
- * wtf/CMakeLists.txt: Added new files to the build.
- * wtf/ThreadRestrictionVerifier.h: Added.
- Everything is done in the header to avoid the issue with exports
- that are only useful in debug but still needing to export them.
- * wtf/RefCounted.h:
- (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
- and filed bug 58171 about making it stricter.
- (WTF::RefCountedBase::hasOneRef): Ditto.
- (WTF::RefCountedBase::refCount): Ditto.
- (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
- on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
- (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
- Filed bug 58174 to remove this method.
- (WTF::RefCountedBase::derefBase):
- * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
- * wtf/text/CString.h:
- (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
- done in Chromium (bug 58093).
-
-2011-08-02 Filip Pizlo <fpizlo@apple.com>
-
- JSC GC may not be able to reuse partially-free blocks after a
- full collection
- https://bugs.webkit.org/show_bug.cgi?id=65585
-
- Reviewed by Darin Adler.
-
- This fixes the linked list management bug. This fix is performance
- neutral on SunSpider.
-
- * heap/NewSpace.cpp:
- (JSC::NewSpace::removeBlock):
-
-2011-07-30 Oliver Hunt <oliver@apple.com>
-
- Simplify JSFunction creation for functions written in JS
- https://bugs.webkit.org/show_bug.cgi?id=65422
-
- Reviewed by Gavin Barraclough.
-
- Remove hash lookups used to write name property and transition
- function structure by caching the resultant structure and property
- offset in JSGlobalObject. This doesn't impact performance, but
- we can use this change to make other improvements later.
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::FunctionExecutable):
- * runtime/Executable.h:
- (JSC::ScriptExecutable::ScriptExecutable):
- (JSC::FunctionExecutable::jsName):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::namedFunctionStructure):
- (JSC::JSGlobalObject::functionNameOffset):
-
-2011-08-02 Filip Pizlo <fpizlo@apple.com>
-
- JSC GC uses dummy cells to avoid having to remember which cells
- it has already destroyed
- https://bugs.webkit.org/show_bug.cgi?id=65556
-
- Reviewed by Oliver Hunt.
-
- This gets rid of dummy cells, and ensures that it's not necessary
- to invoke a destructor on cells that have already been swept. In
- the common case, a block knows that either all of its free cells
- still need to have destructors called, or none of them do, which
- minimizes the amount of branching that needs to happen per cell
- when performing a sweep.
-
- This is performance neutral on SunSpider and V8. It is meant as
- a stepping stone to simplify the implementation of more
- sophisticated sweeping algorithms.
-
- * heap/Heap.cpp:
- (JSC::CountFunctor::ClearMarks::operator()):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::initForCellSize):
- (JSC::MarkedBlock::callDestructor):
- (JSC::MarkedBlock::specializedReset):
- (JSC::MarkedBlock::reset):
- (JSC::MarkedBlock::specializedSweep):
- (JSC::MarkedBlock::sweep):
- (JSC::MarkedBlock::produceFreeList):
- (JSC::MarkedBlock::lazySweep):
- (JSC::MarkedBlock::blessNewBlockForFastPath):
- (JSC::MarkedBlock::blessNewBlockForSlowPath):
- (JSC::MarkedBlock::canonicalizeBlock):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::FreeCell::setNoObject):
- (JSC::MarkedBlock::setDestructorState):
- (JSC::MarkedBlock::destructorState):
- (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::JSCell):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::clearBuiltinStructures):
- * runtime/JSGlobalData.h:
- * runtime/Structure.h:
-
-2011-08-01 Michael Saboff <msaboff@apple.com>
-
- Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
- https://bugs.webkit.org/show_bug.cgi?id=65502
-
- Reviewed by Anders Carlsson.
-
- With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
- added an assert to the return code of madvise to catch any regressions.
-
- * wtf/TCSystemAlloc.cpp:
- (TCMalloc_SystemRelease):
-
-2011-08-02 Anders Carlsson <andersca@apple.com>
-
- Fix Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-08-02 Anders Carlsson <andersca@apple.com>
-
- Fix a Windows build error.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-08-02 Filip Pizlo <fpizlo@apple.com>
-
- JSC GC is far too conservative about growing the heap size, particularly
- on desktop platforms
- https://bugs.webkit.org/show_bug.cgi?id=65438
-
- Reviewed by Oliver Hunt.
-
- The minimum heap size is now 16MB instead of 512KB, provided all of the
- following are true:
- a) ENABLE(LARGE_HEAP) is set, which currently only happens on
- x86 targets, but could reasonably happen on any platform that is
- known to have a decent amount of RAM.
- b) JSGlobalData is initialized with HeapSize = LargeHeap, which
- currently only happens when it's the JSDOMWindowBase in WebCore or
- in the jsc command-line tool.
-
- This is a 4.1% speed-up on SunSpider.
-
- * JavaScriptCore.exp:
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::collect):
- * heap/Heap.h:
- * jsc.cpp:
- (main):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::createContextGroup):
- (JSC::JSGlobalData::create):
- (JSC::JSGlobalData::createLeaked):
- (JSC::JSGlobalData::sharedInstance):
- * runtime/JSGlobalData.h:
- * wtf/Platform.h:
-
-2011-08-02 Filip Pizlo <fpizlo@apple.com>
-
- JSC does a GC even when the heap still has free pages
- https://bugs.webkit.org/show_bug.cgi?id=65445
-
- Reviewed by Oliver Hunt.
-
- If the high watermark is not reached, then we allocate new blocks as
- before. If the current watermark does reach (or exceed) the high
- watermark, then we check if there is a block on the free block pool.
- If there is, we simply allocation from it. If there isn't, we
- invoke a collectin as before. This effectively couples the elastic
- scavenging to the collector's decision function. That is, if an
- application rapidly varies its heap usage (sometimes using more and
- sometimes less) then the collector will not thrash as it used to.
- But if heap usage drops and stays low then the scavenger thread and
- the GC will eventually reach a kind of consensus: the GC will set
- the watermark low because of low heap usage, and the scavenger thread
- will steadily eliminate pages from the free page pool, until the size
- of the free pool is below the high watermark.
-
- On command-line, this is neutral on SunSpider and Kraken and a 3% win
- on V8. In browser, this is a 1% win on V8 and neutral on the other
- two.
-
- * heap/Heap.cpp:
- (JSC::Heap::allocateSlowCase):
- (JSC::Heap::allocateBlock):
- * heap/Heap.h:
-
-2011-08-02 Jeff Miller <jeffm@apple.com>
-
- Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
- https://bugs.webkit.org/show_bug.cgi?id=65552
-
- Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
-
- Reviewed by Adam Roben.
-
- * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
-
-2011-08-01 Jean-luc Brouillet <jeanluc@chromium.org>
-
- Removing old source files in gyp files that slow build
- https://bugs.webkit.org/show_bug.cgi?id=65503
-
- Reviewed by Adam Barth.
-
- A number of stale files are listed in the gyp files. These slow the
- build on Visual Studio 2010. Removing them.
-
- * JavaScriptCore.gypi:
-
-2011-07-14 David Levin <levin@chromium.org>
-
- currentThread is too slow!
- https://bugs.webkit.org/show_bug.cgi?id=64577
-
- Reviewed by Darin Adler and Dmitry Titov.
-
- The problem is that currentThread results in a pthread_once call which always takes a lock.
- With this change, currentThread is 10% faster than isMainThread in release mode and only
- 5% slower than isMainThread in debug.
-
- * wtf/ThreadIdentifierDataPthreads.cpp:
- (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
- which is no longer needed because this is called from initializeThreading().
- (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
- intialization of the pthread key should already be done.
- (WTF::ThreadIdentifierData::initialize): Ditto.
- * wtf/ThreadIdentifierDataPthreads.h:
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading): Acquire the pthread key here.
-
-2011-08-01 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT sometimes creates speculation check data structures that have
- invalid information about the format of a register
- https://bugs.webkit.org/show_bug.cgi?id=65490
-
- Reviewed by Gavin Barraclough.
-
- The code now makes sure to (1) always have correct and up-to-date
- information about register format at the time that a speculation
- check is emitted, (2) assert that speculation data is correct
- inside the speculation check implementation, and (3) avoid creating
- speculation data altogether if compilation has already failed, since
- at that point the format data is almost guaranteed to be bogus.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::EntryLocation::EntryLocation):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculationCheck::SpeculationCheck):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::speculationCheck):
-
-2011-08-01 Filip Pizlo <fpizlo@apple.com>
-
- REGRESSION(r92092): Build fails on 64 bit
- https://bugs.webkit.org/show_bug.cgi?id=65458
-
- Reviewed by Oliver Hunt.
-
- The build was broken because some compilers were smart enough to see
- an array index out of bounds due to the decision fuction for when to
- go from precise size classes to imprecise size classes being broken:
- it would assume that sizes in the range 97..128 belonged to a precise
- size class when in fact they belonged to an imprecise one.
-
- In fact, the code would have run correctly, by way of a fluke, because
- though the 4th precise size class (for 97..128) didn't exist, the next
- array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
- its first entry would have been a size class that is appropriate for
- allocations in the range 97..128. However, this relies on specific
- ordering of fields in NewSpace, so it's still a bug.
-
- This fixes the bug by ensuring that allocations larger than 96 use
- the imprecise size classes.
-
- * heap/NewSpace.h:
- (JSC::NewSpace::sizeClassFor):
-
-2011-07-31 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64679
- Fix bugs in Array.prototype this handling.
-
- Unreviewed - rolling out r91290.
-
- Looks like the wild wild web isn't ready for this yet.
-
- This change broke http://slides.html5rocks.com/#landing-slide.
- Interestingly, this might only be due to our lack of bind support -
- it looks like this site is calling Array.prototype.slice as a part
- of its bind implementation.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncJoin):
- (JSC::arrayProtoFuncConcat):
- (JSC::arrayProtoFuncPop):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- (JSC::arrayProtoFuncIndexOf):
- (JSC::arrayProtoFuncLastIndexOf):
-
-2011-07-31 Filip Pizlo <fpizlo@apple.com>
-
- JSC GC lays out size classes under wrong assumptions about expected
- object size.
- https://bugs.webkit.org/show_bug.cgi?id=65437
-
- Reviewed by Oliver Hunt.
-
- Changed the atom size - which is both the smallest allocation size and
- the smallest possible stepping unit for size class spacing - from
- 8 bytes to 4 pointer-size words. This is a 1% win on SunSpider.
-
- * heap/MarkedBlock.h:
-
-2011-07-31 Filip Pizlo <fpizlo@apple.com>
-
- DFG non-speculative JIT does not optimize PutByVal
- https://bugs.webkit.org/show_bug.cgi?id=65424
-
- Reviewed by Gavin Barraclough.
-
- Added code to emit PutByVal inline fast path.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-07-31 Filip Pizlo <fpizlo@apple.com>
-
- The JSC garbage collector returns memory to the operating system too
- eagerly.
- https://bugs.webkit.org/show_bug.cgi?id=65382
-
- Reviewed by Oliver Hunt.
-
- This introduces a memory reuse model similar to the one in FastMalloc.
- A periodic scavenger thread runs in the background and returns half the
- free memory to the OS on each timer fire. New block allocations first
- attempt to get the memory from the collector's internal pool, reverting
- to OS allocation only when this pool is empty.
-
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::~Heap):
- (JSC::Heap::destroy):
- (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
- (JSC::Heap::waitForRelativeTime):
- (JSC::Heap::blockFreeingThreadStartFunc):
- (JSC::Heap::blockFreeingThreadMain):
- (JSC::Heap::allocateBlock):
- (JSC::Heap::freeBlocks):
- (JSC::Heap::releaseFreeBlocks):
- * heap/Heap.h:
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::destroy):
- (JSC::MarkedBlock::MarkedBlock):
- (JSC::MarkedBlock::initForCellSize):
- (JSC::MarkedBlock::reset):
- * heap/MarkedBlock.h:
- * wtf/Platform.h:
-
-2011-07-30 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT speculation failure pass sometimes forgets to emit code to
- move certain registers.
- https://bugs.webkit.org/show_bug.cgi?id=65421
-
- Reviewed by Oliver Hunt.
-
- Restructured the offending loops (for gprs and fprs). It's once again
- possible to use spreadsheets on docs.google.com.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-07-30 Patrick Gansterer <paroga@webkit.org>
-
- Remove inclusion of MainThread.h from Threading.h
- https://bugs.webkit.org/show_bug.cgi?id=65081
-
- Reviewed by Darin Adler.
-
- Add missing and remove unneeded include statements for MainThread.
-
- * wtf/CryptographicallyRandomNumber.cpp:
- * wtf/Threading.h:
- * wtf/ThreadingPthreads.cpp:
- * wtf/text/StringStatics.cpp:
-
-2011-07-30 Oliver Hunt <oliver@apple.com>
-
- Reduce the size of JSGlobalObject slightly
- https://bugs.webkit.org/show_bug.cgi?id=65417
-
- Reviewed by Dan Bernstein.
-
- Push a few members that either aren't commonly used,
- or aren't frequently accessed into a separate struct.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::init):
- (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
- (JSC::JSGlobalObject::createRareDataIfNeeded):
- (JSC::JSGlobalObject::setProfileGroup):
- (JSC::JSGlobalObject::profileGroup):
- (JSC::JSGlobalObject::registerWeakMap):
- (JSC::JSGlobalObject::deregisterWeakMap):
-
-2011-07-30 Balazs Kelemen <kbalazs@webkit.org>
-
- MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
- https://bugs.webkit.org/show_bug.cgi?id=65263
-
- Reviewed by Dmitry Titov.
-
- * wtf/Deque.h:
- (WTF::::operator): Don't check the validity of an iterator
- that will be reassigned right now.
- * wtf/MessageQueue.h:
- (WTF::::removeIf): Revert r51198 as I beleave this is the better
- solution for the problem that was solved by that.
-
-2011-07-29 Filip Pizlo <fpizlo@apple.com>
-
- JSC GC zombie support no longer works, and is likely no longer needed.
- https://bugs.webkit.org/show_bug.cgi?id=65404
-
- Reviewed by Darin Adler.
-
- This removes zombies, because they no longer work, are not tested, are
- probably not needed, and are getting in the way of GC optimization
- work.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/Handle.h:
- (JSC::HandleConverter::operator->):
- (JSC::HandleConverter::operator*):
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::isValidWeakNode):
- * heap/Heap.cpp:
- (JSC::Heap::destroy):
- (JSC::Heap::collect):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::sweep):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::clearMarks):
- * interpreter/Register.h:
- (JSC::Register::Register):
- (JSC::Register::operator=):
- * runtime/ArgList.h:
- (JSC::MarkedArgumentBuffer::append):
- (JSC::ArgList::ArgList):
- * runtime/JSCell.cpp:
- (JSC::isZombie):
- * runtime/JSCell.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::clearBuiltinStructures):
- * runtime/JSGlobalData.h:
- * runtime/JSValue.h:
- * runtime/JSValueInlineMethods.h:
- (JSC::JSValue::JSValue):
- * runtime/JSZombie.cpp: Removed.
- * runtime/JSZombie.h: Removed.
- * runtime/WriteBarrier.h:
- (JSC::WriteBarrierBase::setEarlyValue):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::setWithoutWriteBarrier):
- * wtf/Platform.h:
-
-2011-07-29 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT verbose mode provides no details about predictions
- https://bugs.webkit.org/show_bug.cgi?id=65389
-
- Reviewed by Darin Adler.
-
- Added a print-out of the predictions to the IR dump, with names as follows:
- "p-bottom" = the parser made no predictions
- "p-int32" = the parser predicted int32
- ... (same for array, cell, double, number)
- "p-top" = the parser made conflicting predictions which will be ignored.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::predictionToString):
-
-2011-07-29 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not have any way of undoing double speculation.
- https://bugs.webkit.org/show_bug.cgi?id=65334
-
- Reviewed by Gavin Barraclough.
-
- This adds code to do a branchConvertDoubleToInt on specualtion failure.
- This is performance-neutral on most benchmarks but does result in
- a slight improvement in Kraken.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::GeneralizedRegister::moveTo):
- (JSC::DFG::GeneralizedRegister::swapWith):
- (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
- (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-07-29 Filip Pizlo <fpizlo@apple.com>
-
- Crash when opening docs.google.com
- https://bugs.webkit.org/show_bug.cgi?id=65327
-
- Reviewed by Gavin Barraclough.
-
- The speculative JIT was only checking whether a value is an array when
- we had already checked that it was, rather then when we hadn't.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-28 Oliver Hunt <oliver@apple.com>
-
- *_list instructions are only used in one place, where the code is wrong.
- https://bugs.webkit.org/show_bug.cgi?id=65348
-
- Reviewed by Darin Adler.
-
- Simply remove the instructions and all users. Speeds up the interpreter
- slightly due to code motion, but otherwise has no effect (because none
- of the _list instructions are ever used).
-
- * bytecode/CodeBlock.cpp:
- (JSC::isPropertyAccess):
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::visitStructures):
- * bytecode/Instruction.h:
- * bytecode/Opcode.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
-
-2011-07-28 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=65325
- Performance tweak to parseInt
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncParseInt):
- - This change may an existing optimization redundant,
- cleanup from Darin's comments, plus fix existing bugs.
-
-2011-07-28 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=65325
- Performance tweak to parseInt
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncParseInt):
- - parseInt applied to small positive numbers = floor.
-
-2011-07-28 Dan Bernstein <mitz@apple.com>
-
- Build fix.
-
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::compileForCallInternal):
-
-2011-07-28 Kent Tamura <tkent@chromium.org>
-
- Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
- https://bugs.webkit.org/show_bug.cgi?id=65300
-
- Reviewed by Darin Adler.
-
- r91837 had performance regression of StringImpl::stripWhiteSpace()
- and simplifyWhiteSpace(). This changes the code so that compilers
- generates code equivalent to r91836 or piror.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::stripMatchedCharacters):
- A template member function for stripWhiteSpace(). This function takes a functor.
- (WTF::UCharPredicate):
- A functor for generic predicate for single UChar argument.
- (WTF::SpaceOrNewlinePredicate):
- A special functor for isSpaceOrNewline().
- (WTF::StringImpl::stripWhiteSpace):
- Use stripmatchedCharacters().
- (WTF::StringImpl::simplifyMatchedCharactersToSpace):
- A template member function for simplifyWhiteSpace().
- (WTF::StringImpl::simplifyWhiteSpace):
- Use simplifyMatchedCharactersToSpace().
- * wtf/text/StringImpl.h:
-
-2011-07-27 Dmitry Lomov <dslomov@google.com>
-
- [chromium] Turn on WTF_MULTIPLE_THREADS.
- https://bugs.webkit.org/show_bug.cgi?id=61017
- The patch turns on WTF_MULTIPLE_THREADS in chromium and
- pushes some relevant initializations from JSC::initializeThreading
- to WTF::initializeThreading.
-
- Reviewed by David Levin.
-
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- * wtf/FastMalloc.cpp:
- (WTF::isForbidden):
- (WTF::fastMallocForbid):
- (WTF::fastMallocAllow):
- * wtf/Platform.h:
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading):
- * wtf/ThreadingWin.cpp:
- (WTF::initializeThreading):
- * wtf/gtk/ThreadingGtk.cpp:
- (WTF::initializeThreading):
- * wtf/qt/ThreadingQt.cpp:
- (WTF::initializeThreading):
-
-2011-07-27 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Remove operator new from JSCell
- https://bugs.webkit.org/show_bug.cgi?id=64999
-
- Reviewed by Oliver Hunt.
-
- Removed the implementation of operator new in JSCell, so any further uses
- will not successfully link. Also removed any remaining uses of operator new.
-
- * API/JSContextRef.cpp:
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::create):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::createExceptionScope):
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSCell.h:
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::create):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::create):
- (JSC::JSStaticScopeObject::JSStaticScopeObject):
- * runtime/StrictEvalActivation.h:
- (JSC::StrictEvalActivation::create):
-
-2011-07-27 Filip Pizlo <fpizlo@apple.com>
-
- DFG graph has no notion of double prediction.
- https://bugs.webkit.org/show_bug.cgi?id=65234
-
- Reviewed by Gavin Barraclough.
-
- Added the notion of PredictDouble, and PredictNumber, which is the least
- upper bound of PredictInt32 and PredictDouble. Least upper bound is
- defined as the bitwise-or of two predictions. Bottom is defined as 0,
- and Top is defined as all bits being set. Added the ability to explicitly
- distinguish between a node having had a prediction associated with it,
- and that prediction still being valid (i.e. no conflicting predictions
- have also been added). Used this to guard the speculative JIT from
- speculating Int32 in cases where the graph knows that the value is
- double, which currently only happens for GetLocal nodes on arguments
- which were double at compile-time.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- * dfg/DFGGraph.h:
- (JSC::DFG::isCellPrediction):
- (JSC::DFG::isArrayPrediction):
- (JSC::DFG::isInt32Prediction):
- (JSC::DFG::isDoublePrediction):
- (JSC::DFG::isNumberPrediction):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
-
-2011-07-27 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=65294
- DFG JIT - may speculate based on wrong arguments.
-
- Reviewed by Oliver Hunt
-
- In the case of a DFG compiled function calling to and compiling a second function that
- also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
- we call compileFor passing the caller functions exec state, rather than the callee's.
- This may lead to mis-optimization, since the DFG compiler will example the exec state's
- arguments on the assumption that these will be passed to the callee - it is wanting the
- callee exec state, not the caller's exec state.
-
- Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
- function is compiled, & the structure of the calls in the Interpreter::execute methods.
- Only fix for compilation from the JIT, in other calls don't speculate based on arguments
- for now.
-
- * dfg/DFGOperations.cpp:
- * runtime/Executable.cpp:
- (JSC::tryDFGCompile):
- (JSC::tryDFGCompileFunction):
- (JSC::FunctionExecutable::compileForCallInternal):
- * runtime/Executable.h:
- (JSC::FunctionExecutable::compileForCall):
- (JSC::FunctionExecutable::compileFor):
-
-2011-07-27 Oliver Hunt <oliver@apple.com>
-
- Handle callback oriented JSONP
- https://bugs.webkit.org/show_bug.cgi?id=65271
-
- Reviewed by Gavin Barraclough.
-
- Handle the callback oriented versions of JSONP. The Literal parser
- now handles <Identifier> (. <Identifier>)* (jsonData).
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::tryJSONPParse):
- (JSC::LiteralParser::Lexer::lex):
- * runtime/LiteralParser.h:
-
-2011-07-27 Stephanie Lewis <slewis@apple.com>
-
- Revert http://trac.webkit.org/changeset/90415.
- Caused a 5% sunspider regression in-browser.
-
- Unreviewed rollout.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * heap/Heap.cpp:
- (JSC::Heap::collectAllGarbage):
- * heap/MarkStack.h:
- (JSC::MarkStack::MarkStack):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::releaseExecutableMemory):
- * runtime/RegExp.cpp:
- (JSC::RegExp::compile):
- (JSC::RegExp::invalidateCode):
- * runtime/RegExp.h:
-
-2011-07-27 Shinya Kawanaka <shinyak@google.com>
-
- Added an interface to take IsWhiteSpaceFunctionPtr.
- https://bugs.webkit.org/show_bug.cgi?id=57746
-
- Reviewed by Kent Tamura.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::stripWhiteSpace):
- Added an interface to take IsWhiteSpaceFunctionPtr.
- (WTF::StringImpl::simplifyWhiteSpace): ditto.
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.cpp:
- (WTF::String::stripWhiteSpace): ditto.
- (WTF::String::simplifyWhiteSpace): ditto.
- * wtf/text/WTFString.h:
-
-2011-07-27 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT speculation failure code performs incorrect conversions in
- the case where two registers need to be swapped.
- https://bugs.webkit.org/show_bug.cgi?id=65233
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::GeneralizedRegister::swapWith):
-
-2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
-
- reduce and reduceRight bind callback's this to null rather than undefined
- https://bugs.webkit.org/show_bug.cgi?id=62264
-
- Reviewed by Oliver Hunt.
-
- Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
- when calling the callback function without an argument for this, which means it should
- be undefined according to ES 15.4.4.21 and 15.4.4.22.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
-
-2011-07-26 Filip Pizlo <fpizlo@apple.com>
-
- JSC command-line tool does not come with any facility for
- measuring time precisely.
- https://bugs.webkit.org/show_bug.cgi?id=65223
-
- Reviewed by Gavin Barraclough.
-
- Exposed WTF::currentTime() as currentTimePrecise().
-
- * jsc.cpp:
- (GlobalObject::GlobalObject):
- (functionPreciseTime):
-
-2011-07-26 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT never emits inline double comparisons, even when it
- would be obvious more efficient to do so.
- https://bugs.webkit.org/show_bug.cgi?id=65212
-
- Reviewed by Gavin Barraclough.
-
- This handles the obvious case of inlining double comparisons: it only addresses
- the speculative JIT, and only for fused compare/branch sequences. But it does
- handle the case where both operands are double (and there is no slow path),
- or where one operand is double and the other is unknown type (in which case it
- attempts to unbox the double, otherwise taking slow path). This is an 0.8%
- speed-up on SunSpider.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::convertToDouble):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
- (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-
-2011-07-26 Filip Pizlo <fpizlo@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64969
- DFG JIT generates inefficient code for speculation failures.
-
- Reviewed by Gavin Barraclough.
-
- This implements a speculation failure strategy where (1) values spilled on
- non-speculative but not spilled on speculative are spilled, (2) values that
- are in registers on both paths are rearranged without ever touching memory,
- and (3) values spilled on speculative but not spilled on non-speculative are
- filled.
-
- The register shuffling is the most interesting part of this patch. It
- constructs a permutation graph for registers. Each node represents a
- register, and each directed edge corresponds to the register's value having
- to be moved to a different register as part of the shuffling. This is a
- directed graph where each node may only have 0 or 1 incoming edges, and
- 0 or 1 outgoing edges. The algorithm then first finds maximal non-cyclic
- subgraphs where all nodes in the subgraph are reachable from a start node.
- Such subgraphs always resemble linked lists, and correspond to simply
- moving the value in the second-to-last register into the last register, and
- then moving the value in the third-to-last register into the second-to-last
- register, and so on. Once these subgraphs are taken care of, the remaining
- subgraphs are cycles, and are handled using either (a) conversion or no-op
- if the cycle involves one node, (b) swap if it involves two nodes, or (c)
- a cyclic shuffle involving a scratch register if there are three or more
- nodes.
-
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::needDataFormatConversion):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
- (JSC::DFG::GeneralizedRegister::createGPR):
- (JSC::DFG::GeneralizedRegister::createFPR):
- (JSC::DFG::GeneralizedRegister::dump):
- (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
- (JSC::DFG::GeneralizedRegister::findInEntryLocation):
- (JSC::DFG::GeneralizedRegister::previousDataFormat):
- (JSC::DFG::GeneralizedRegister::nextDataFormat):
- (JSC::DFG::GeneralizedRegister::convert):
- (JSC::DFG::GeneralizedRegister::moveTo):
- (JSC::DFG::GeneralizedRegister::swapWith):
- (JSC::DFG::ShuffledRegister::ShuffledRegister):
- (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
- (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
- (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
- (JSC::DFG::ShuffledRegister::lookup):
- (JSC::DFG::lookupForRegister):
- (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
- (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
- (JSC::DFG::NodeToRegisterMap::set):
- (JSC::DFG::NodeToRegisterMap::end):
- (JSC::DFG::NodeToRegisterMap::find):
- (JSC::DFG::NodeToRegisterMap::clear):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- (JSC::DFG::JITCompiler::linkSpeculationChecks):
- * dfg/DFGJITCompiler.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::EntryLocation::EntryLocation):
- * dfg/DFGNonSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculationCheck::SpeculationCheck):
- * dfg/DFGSpeculativeJIT.h:
-
-2011-07-26 Oliver Hunt <oliver@apple.com>
-
- Buffer overflow creating error messages for JSON.parse
- https://bugs.webkit.org/show_bug.cgi?id=65211
-
- Reviewed by Darin Adler.
-
- Parse string length to the UString constructor.
-
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::parse):
-
-2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Refactor automatically generated JS DOM bindings to replace operator new with static create methods
- https://bugs.webkit.org/show_bug.cgi?id=64732
-
- Reviewed by Oliver Hunt.
-
- Replacing the public constructors in the automatically generated JS DOM bindings with static
- create methods. JSByteArray is used by several of these bindings in WebCore.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::create):
- * runtime/JSByteArray.h:
-
-2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
-
- Unreviewed build fix for Qt/Linux.
-
- On platforms with no glib and gstreamer we should not build javascriptcore
- with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
-
- * wtf/wtf.pri:
-
-2011-07-26 Juan C. Montemayor <jmont@apple.com>
-
- JSON errors should be informative
- https://bugs.webkit.org/show_bug.cgi?id=63339
-
- Added error messages to the JSON Parser.
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSONObject.cpp:
- (JSC::JSONProtoFuncParse):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::Lexer::lex):
- (JSC::LiteralParser::Lexer::lexString):
- (JSC::LiteralParser::Lexer::lexNumber):
- (JSC::LiteralParser::parse):
- * runtime/LiteralParser.h:
- (JSC::LiteralParser::getErrorMessage):
- (JSC::LiteralParser::Lexer::sawError):
- (JSC::LiteralParser::Lexer::getErrorMessage):
-
-2011-07-26 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r91746.
- http://trac.webkit.org/changeset/91746
- https://bugs.webkit.org/show_bug.cgi?id=65180
-
- It broke SL build (Requested by Ossy on #webkit).
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::stripWhiteSpace):
- (WTF::StringImpl::simplifyWhiteSpace):
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.cpp:
- * wtf/text/WTFString.h:
-
-2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
-
- Reviewed by Andreas Kling.
-
- [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
- https://bugs.webkit.org/show_bug.cgi?id=63472
-
- Enable the bits needed for GStreamer only when QtMultimedia is not used.
-
- * wtf/wtf.pri:
-
-2011-07-26 Shinya Kawanaka <shinyak@google.com>
-
- Added an interface to take IsWhiteSpaceFunctionPtr.
- https://bugs.webkit.org/show_bug.cgi?id=57746
-
- Reviewed by Kent Tamura.
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::stripWhiteSpace):
- Added an interface to take IsWhiteSpaceFunctionPtr.
- (WTF::StringImpl::simplifyWhiteSpace): ditto.
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.cpp:
- (WTF::String::stripWhiteSpace): ditto.
- (WTF::String::simplifyWhiteSpace): ditto.
- * wtf/text/WTFString.h:
-
-2011-07-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG non-speculative JIT emits inefficient code for arithmetic
- involving two registers
- https://bugs.webkit.org/show_bug.cgi?id=65160
-
- Reviewed by Gavin Barraclough.
-
- The non-speculative JIT now emits inline code for double arithmetic, but
- still attempts integer arithmetic first. This is a speed-up on SunSpider
- (albeit a small one), and a large speed-up on Kraken.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-
-2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
-
- [EFL] Build break with --debug after r89153.
- https://bugs.webkit.org/show_bug.cgi?id=65150
-
- Unreviewed build fix.
-
- * wtf/CMakeListsEfl.txt: Add missing libraries.
-
-2011-07-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG non-speculative JIT emits obviously inefficient code for arithmetic
- where one operand is a constant.
- https://bugs.webkit.org/show_bug.cgi?id=65146
-
- Reviewed by Gavin Barraclough.
-
- Changed the code to emit double arithmetic inline.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-
-2011-07-25 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT bytecode parser misuses pointers into objects allocated as part of a
- WTF::Vector.
- https://bugs.webkit.org/show_bug.cgi?id=65128
-
- Reviewed by Gavin Barraclough.
-
- The bytecode parser code seems to be right to have a DFGNode& phiNode reference
- into the graph, since this makes the code greatly more readable. This patch
- thus makes the minimal change necessary to make the code right: it uses a
- pointer (to disambiguate between reloading the pointer and performing a
- copy from one location of the vector to another) and reloads it after the
- calls to addToGraph().
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::processPhiStack):
-
-2011-07-25 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r91686.
- http://trac.webkit.org/changeset/91686
- https://bugs.webkit.org/show_bug.cgi?id=65144
-
- 1.5% regression in JSC (Requested by jmontemayor on #webkit).
-
- * runtime/JSONObject.cpp:
- (JSC::JSONProtoFuncParse):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::Lexer::lex):
- (JSC::LiteralParser::Lexer::lexString):
- (JSC::LiteralParser::Lexer::lexNumber):
- (JSC::LiteralParser::parse):
- * runtime/LiteralParser.h:
-
-2011-07-25 Jon Lee <jonlee@apple.com>
-
- Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
- https://bugs.webkit.org/show_bug.cgi?id=65132
- <rdar://problem/9836297>
-
- Reviewed by Oliver Hunt.
-
- Make sure the JIT is available to use before running the following calls:
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
-
-2011-07-25 Juan C. Montemayor <jmont@apple.com>
-
- JSON errors should be informative
- https://bugs.webkit.org/show_bug.cgi?id=63339
-
- Added error messages to the JSON Parser.
-
- Reviewed by Oliver Hunt.
-
- * runtime/JSONObject.cpp:
- (JSC::JSONProtoFuncParse):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::Lexer::lex):
- (JSC::LiteralParser::Lexer::lexString):
- (JSC::LiteralParser::Lexer::lexNumber):
- (JSC::LiteralParser::parse):
- * runtime/LiteralParser.h:
- (JSC::LiteralParser::getErrorMessage):
- (JSC::LiteralParser::Lexer::sawError):
- (JSC::LiteralParser::Lexer::getErrorMessage):
-
-2011-07-25 Filip Pizlo <fpizlo@apple.com>
-
- X86-64 assembler emits three instructions instead of two for certain
- loads and stores.
- https://bugs.webkit.org/show_bug.cgi?id=65095
-
- Reviewed by Gavin Barraclough.
-
- Simply made these four methods in the assembler use the scratch register,
- which they were previously avoiding. It still optimizes for the case where
- an absolute address memory accesses is using EAX. This results in a slight
- performance improvement.
-
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::load32):
- (JSC::MacroAssemblerX86_64::store32):
- (JSC::MacroAssemblerX86_64::loadPtr):
- (JSC::MacroAssemblerX86_64::storePtr):
-
-2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
-
- [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
- https://bugs.webkit.org/show_bug.cgi?id=64354
-
- Use ecore_time_unix_get which returns unix time as double type for currentTime
- and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
-
- Reviewed by Kent Tamura.
-
- * wtf/CurrentTime.cpp:
- (WTF::currentTime):
- (WTF::monotonicallyIncreasingTime):
-
-2011-07-22 Sommer Panage <panage@apple.com>
-
- Reviewed by Oliver Hunt.
-
- export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
- https://bugs.webkit.org/show_bug.cgi?id=64981
-
- UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
- Currently, the C API does not provide the tools to do this. However, the private API
- does expose the necessary functionality to get a backtrace
- (via Interpreter::retrieveLastCaller). We recognize this information may result in
- failure in the cases of programs run by 'eval', stack frames beneath host function
- call frames, and in programs run from other programs. Thus, we propose exporting our
- JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
- we need while not advertising an API that isn't really ready for full use.
-
- * API/JSContextRef.cpp:
- * API/JSContextRefPrivate.h:
- * JavaScriptCore.exp:
-
-
-2011-07-22 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=65051
- DFG JIT - Enable by default for mac platform on x86-64.
-
- Rubber Stamped by Geoff Garen.
-
- This is now a performance progression.
-
- * wtf/Platform.h:
- - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
-
-2011-07-22 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=65047
- DFG JIT - Add support for op_resolve/op_resolve_base
-
- Reviewed by Sam Weinig.
-
- These are necessary for any significant eval code coverage
- (and as such increase LayoutTest coverage).
-
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::recordResolve):
- - Conservatively blow aliasing optimizations for now.
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- - Add support for op_resolve/op_resolve_base.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::callOperation):
- - Add call with exec, identifer aguments.
- * dfg/DFGNode.h:
- - Add new node types.
- (JSC::DFG::Node::hasIdentifier):
- - Resolve nodes have identifiers, too!
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- - Add generation for new Nodes.
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- - Added new operations.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - Add generation for new Nodes.
-
-2011-07-22 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=65036
- Messing with the register allocation within flow control = badness.
-
- Reviewed by Sam Weinig.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- - Fix register allocation.
-
-2011-07-22 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
- https://bugs.webkit.org/show_bug.cgi?id=63986
-
- Reviewed by Geoffrey Garen.
-
- Changed the implementation of Date.prototype.toISOString() to use the extended year
- format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
-
- * runtime/DatePrototype.cpp:
- (JSC::dateProtoFuncToISOString):
-
-2011-07-21 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-07-21 Ryosuke Niwa <rniwa@webkit.org>
-
- Build fix after r91555.
-
- * JavaScriptCore.exp:
-
-2011-07-21 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=19271
- eliminate PIC branches by changing NaN handling in JSValue::toNumber
-
- Reviewed by Sam Weinig.
-
- Moving the non-numeric cases out of line seems to be a consistent
- win on SunSpider for me, to the order of about 0.5%.
-
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::toNumber):
- - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
- * runtime/JSValue.cpp:
- (JSC::JSValue::toNumberSlowCase):
- - Added toNumberSlowCase, handling non-numeric cases.
- * runtime/JSValue.h:
- - Add declaration of toNumberSlowCase.
-
-2011-07-21 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64875
- Use of `yield` keyword is broken
-
- Reviewed by Sam Weinig.
-
- * parser/Lexer.cpp:
- (JSC::Lexer::parseIdentifier):
- - The bug here is that a successful match of a RESERVED_IF_STRICT token from
- parseKeyword is being nullified back to IDENT. The problem is that in the
- case of IDENT matches parseKeyword should not move the lexer's input
- position, but in the case of RESERVED_IF_STRICT it has done so.
-
-2011-07-21 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64900
- Function.prototype.apply should accept an array-like object as its second argument
-
- Reviewed by Sam Weinig.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/FunctionPrototype.cpp:
- (JSC::functionProtoFuncApply):
- - Remove the type error if object is not an array.
-
-2011-07-21 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64964
- DFG JIT - Enable support for eval code
-
- Reviewed by Sam Weinig.
-
- This is basically the same as program code, to the JIT!
-
- * bytecode/Opcode.cpp:
- * bytecode/Opcode.h:
- - Enable opcodeNames in !NDEBUG builds.
- * dfg/DFGOperations.cpp:
- - Fix a bug exposed by eval support, throw correct type error for new.
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- - Enable DFG JIT for eval code.
-
-2011-07-20 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r91380.
- http://trac.webkit.org/changeset/91380
- https://bugs.webkit.org/show_bug.cgi?id=64924
-
- Caused assertion failures in Chromium's IndexedDB tests
- (Requested by rniwa on #webkit).
-
- * wtf/ThreadIdentifierDataPthreads.cpp:
- (WTF::ThreadIdentifierData::identifier):
- (WTF::ThreadIdentifierData::initialize):
- (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
- (WTF::ThreadIdentifierData::initializeKeyOnce):
- * wtf/ThreadIdentifierDataPthreads.h:
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading):
-
-2011-07-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG non-speculative JIT does not use() the aliased GetByVal,
- resulting in bloated use counts.
- https://bugs.webkit.org/show_bug.cgi?id=64911
-
- Reviewed by Gavin Barraclough.
-
- Inserted a call to use() for the aliased GetByVal.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-07-20 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64909
- DFG JIT - Missing ToInt32 conversions for double constants.
-
- Reviewed by Sam Weinig.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::toInt32):
- - We cannot trivially omit ToInt32 conversions on double constants.
-
-2011-07-20 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT sometimes claims to use compare operands twice, leading to
- use count corruption.
- https://bugs.webkit.org/show_bug.cgi?id=64903
-
- Reviewed by Gavin Barraclough.
-
- Move the calls to use() in SpeculativeJIT::compare() so that they only happen
- if the JITCodeGenerator's helper method (which also calls use()) is not called.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
-
-2011-07-20 Oliver Hunt <oliver@apple.com>
-
- Don't throw away code when JSGarbageCollect API is called
- https://bugs.webkit.org/show_bug.cgi?id=64894
-
- Reviewed by Sam Weinig.
-
- Just call collectAllGarbage. That will clean up all unneeded
- code without causing any pathological recompilation problems.
-
- * API/JSBase.cpp:
- (JSGarbageCollect):
-
-2011-07-20 Oliver Hunt <oliver@apple.com>
-
- Codeblock doesn't visit cached structures in global resolve instructions
- https://bugs.webkit.org/show_bug.cgi?id=64889
-
- Reviewed by Sam Weinig.
-
- Visit the global resolve instructions. This fixes a couple
- of random crashes seen in the jquery tests when using the
- interpreter.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
-
-2011-07-20 James Robinson <jamesr@chromium.org>
-
- Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
- https://bugs.webkit.org/show_bug.cgi?id=64841
-
- Reviewed by Mark Rowe.
-
- http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
- monotonic clock instead of WTF::currentTime(). This broke many plugin tests on WebKit2 for reasons that are
- unclear. This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
-
- * wtf/ThreadingPthreads.cpp:
- (WTF::ThreadCondition::timedWait):
- * wtf/ThreadingWin.cpp:
- (WTF::absoluteTimeToWaitTimeoutInterval):
- * wtf/gtk/ThreadingGtk.cpp:
- (WTF::ThreadCondition::timedWait):
- * wtf/qt/ThreadingQt.cpp:
- (WTF::ThreadCondition::timedWait):
-
-2011-07-14 David Levin <levin@chromium.org>
-
- currentThread is too slow!
- https://bugs.webkit.org/show_bug.cgi?id=64577
-
- Reviewed by Darin Adler and Dmitry Titov.
-
- The problem is that currentThread results in a pthread_once call which always takes a lock.
- With this change, currentThread is 10% faster than isMainThread in release mode and only
- 5% slower than isMainThread in debug.
-
- * wtf/ThreadIdentifierDataPthreads.cpp:
- (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
- which is no longer needed because this is called from initializeThreading().
- (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
- intialization of the pthread key should already be done.
- (WTF::ThreadIdentifierData::initialize): Ditto.
- * wtf/ThreadIdentifierDataPthreads.h:
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading): Acquire the pthread key here.
-
-2011-07-20 Mark Rowe <mrowe@apple.com>
-
- Fix the 32-bit build.
-
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncToString):
-
-2011-07-19 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64678
- Fix bugs in Object.prototype this handling.
-
- Reviewed by Darin Adler.
-
- Fix ES5.1 correctness issues identified by Mads Ager.
-
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncToString):
- - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
-
-2011-07-19 Mark Hahnenberg <mhahnenberg@apple.com>
-
- [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
- https://bugs.webkit.org/show_bug.cgi?id=63918
-
- Reviewed by Darin Adler.
-
- When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
- method due to additional string copying within several of the constructors when dealing with
- UStrings. This has been added to the UString version of the appendStringInConstruct method
- within the JSString class.
-
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::appendStringInConstruct):
-
-2011-07-19 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64679
- Fix bugs in Array.prototype this handling.
-
- Reviewed by Oliver Hunt.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncJoin):
- (JSC::arrayProtoFuncConcat):
- (JSC::arrayProtoFuncPop):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- (JSC::arrayProtoFuncIndexOf):
- (JSC::arrayProtoFuncLastIndexOf):
- - These methods should throw if this value is undefined.
-
-2011-07-19 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64677
- Fix bugs in String.prototype this handling.
-
- Reviewed by Oliver Hunt.
-
- undefined/null this values should throw TypeErrors, not convert to
- the global object, and primitive values should not be converted via
- object types.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncReplace):
- (JSC::stringProtoFuncCharAt):
- (JSC::stringProtoFuncCharCodeAt):
- (JSC::stringProtoFuncIndexOf):
- (JSC::stringProtoFuncLastIndexOf):
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- (JSC::stringProtoFuncSlice):
- (JSC::stringProtoFuncSplit):
- (JSC::stringProtoFuncSubstr):
- (JSC::stringProtoFuncSubstring):
- (JSC::stringProtoFuncToLowerCase):
- (JSC::stringProtoFuncToUpperCase):
- (JSC::stringProtoFuncLocaleCompare):
- (JSC::stringProtoFuncBig):
- (JSC::stringProtoFuncSmall):
- (JSC::stringProtoFuncBlink):
- (JSC::stringProtoFuncBold):
- (JSC::stringProtoFuncFixed):
- (JSC::stringProtoFuncItalics):
- (JSC::stringProtoFuncStrike):
- (JSC::stringProtoFuncSub):
- (JSC::stringProtoFuncSup):
- (JSC::stringProtoFuncFontcolor):
- (JSC::stringProtoFuncFontsize):
- (JSC::stringProtoFuncAnchor):
- (JSC::stringProtoFuncLink):
- (JSC::trimString):
- - These methods should throw if this value is undefined,
- convert ToString directly, not via ToObject.
-
-2011-07-19 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT sometimes emits spill code even when the respective values
- are never needed.
- https://bugs.webkit.org/show_bug.cgi?id=64774
-
- Reviewed by Gavin Barraclough.
-
- The main high-level change is that it is now easier to call use() on a
- virtual register. JSValueOperand and its other-typed relatives now have
- a handy use() method, and jsValueResult() and friends now make it easier to
- pass UseChildrenCalledExplicitly.
-
- The rest of this patch hoists the call to use() as high as possible for
- all of those cases where either flushRegisters() or silentSpillAllRegisters()
- may be called.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedGetMethod):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
- (JSC::DFG::JITCodeGenerator::emitBranch):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::use):
- (JSC::DFG::JITCodeGenerator::integerResult):
- (JSC::DFG::JITCodeGenerator::jsValueResult):
- (JSC::DFG::IntegerOperand::use):
- (JSC::DFG::DoubleOperand::use):
- (JSC::DFG::JSValueOperand::use):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::valueToNumber):
- (JSC::DFG::NonSpeculativeJIT::valueToInt32):
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculateStrictInt32Operand::use):
- (JSC::DFG::SpeculateCellOperand::use):
-
-2011-07-19 Xan Lopez <xlopez@igalia.com>
-
- ARMv7 backend broken, lacks 3 parameter rshift32 method
- https://bugs.webkit.org/show_bug.cgi?id=64571
-
- Reviewed by Zoltan Herczeg.
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
-
-2011-07-18 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not optimize strict equality as effectively as the old JIT does.
- https://bugs.webkit.org/show_bug.cgi?id=64759
-
- Reviewed by Gavin Barraclough.
-
- This adds a more complete set of strict equality optimizations. If either
- operand is known numeric, then the code reverts to the old style of optimizing
- (first try integer comparison). Otherwise it uses the old JIT's trick of
- first simultaneously checking if both operands are either numbers or cells;
- if not then a fast path is taken.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-18 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64760
- DFG JIT - Should be able to compile program code.
-
- Reviewed by Geoff Garen.
-
- Add support for op_end, hooks to compile program code in Executable.cpp.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- - Add support for op_end
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileEntry):
- (JSC::DFG::JITCompiler::compileBody):
- (JSC::DFG::JITCompiler::link):
- - Added, separate out steps of compileFunction.
- (JSC::DFG::JITCompiler::compile):
- - Added, compile program code.
- (JSC::DFG::JITCompiler::compileFunction):
- - Sections separated out to helper functions.
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::JITCompiler):
- - Added m_exceptionCheckCount.
- * runtime/Executable.cpp:
- (JSC::tryDFGCompile):
- (JSC::tryDFGCompileFunction):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
-
-2011-07-18 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64678
- Fix bugs in Object.prototype this handling.
-
- Reviewed by Oliver Hunt.
-
- undefined/null this values should throw TypeErrors, not convert to the global object,
- also, to toLocaleString should be calling the ToObject & invoking the object's toString
- function, even for values that are already strings.
-
- * runtime/ObjectPrototype.cpp:
- (JSC::objectProtoFuncValueOf):
- (JSC::objectProtoFuncHasOwnProperty):
- (JSC::objectProtoFuncIsPrototypeOf):
- (JSC::objectProtoFuncPropertyIsEnumerable):
- (JSC::objectProtoFuncToLocaleString):
- (JSC::objectProtoFuncToString):
-
-2011-07-18 Filip Pizlo <fpizlo@apple.com>
-
- JSC GC lazy sweep does not inline the common cases of cell destruction.
- https://bugs.webkit.org/show_bug.cgi?id=64745
-
- Reviewed by Oliver Hunt.
-
- This inlines the case of JSFinalObject destruction.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::lazySweep):
-
-2011-07-18 Oliver Hunt <oliver@apple.com>
-
- Interpreter build-fix
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
-
-2011-07-18 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not optimize equal-null comparisons and branches.
- https://bugs.webkit.org/show_bug.cgi?id=64659
-
- Reviewed by Gavin Barraclough.
-
- Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
- which is used by both the speculative and non-speculative JIT. Through
- the use of the new isNullConstant helper, the two JITs invoke the
- nonSpecualtiveCompareNull() helper instead of their regular comparison
- helpers when compiling CompareEq. Through the use of the new isKnownCell
- helper, the compare-null code will skip the is-a-cell check if the
- speculative JIT had been speculating cell.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownCell):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::isNullConstant):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-18 James Robinson <jamesr@chromium.org>
-
- Timer scheduling should be based off the monotonic clock
- https://bugs.webkit.org/show_bug.cgi?id=64544
-
- Reviewed by Darin Adler.
-
- Switches ThreadCondition::timedWait and related utility functions from currentTime() to
- monotonicallyIncreasingTime().
-
- Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/ThreadingPthreads.cpp:
- (WTF::ThreadCondition::timedWait):
- * wtf/ThreadingWin.cpp:
- (WTF::absoluteTimeToWaitTimeoutInterval):
- * wtf/gtk/ThreadingGtk.cpp:
- (WTF::ThreadCondition::timedWait):
- * wtf/qt/ThreadingQt.cpp:
- (WTF::ThreadCondition::timedWait):
-
-2011-07-18 Filip Pizlo <fpizlo@apple.com>
-
- JSC JIT does not inline GC allocation fast paths
- https://bugs.webkit.org/show_bug.cgi?id=64582
-
- Reviewed by Oliver Hunt.
-
- This addresses inlining allocation for the easiest-to-allocate cases:
- op_new_object and op_create_this. Inlining GC allocation fast paths
- required three changes. First, the JSGlobalData now saves the vtable
- pointer of JSFinalObject, since that's what op_new_object and
- op_create_this allocate. Second, the Heap exposes a reference to
- the appropriate SizeClass, so that the JIT may inline accesses
- directly to the SizeClass for JSFinalObject allocations. And third,
- the JIT is extended with code to emit inline fast paths for GC
- allocation. A stub call is emitted in the case where the inline fast
- path fails.
-
- * heap/Heap.h:
- (JSC::Heap::sizeClassFor):
- (JSC::Heap::allocate):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitAllocateJSFinalObject):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_object):
- (JSC::JIT::emitSlow_op_new_object):
- (JSC::JIT::emit_op_create_this):
- (JSC::JIT::emitSlow_op_create_this):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_new_object):
- (JSC::JIT::emitSlow_op_new_object):
- (JSC::JIT::emit_op_create_this):
- (JSC::JIT::emitSlow_op_create_this):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs):
- * runtime/JSGlobalData.h:
- * runtime/JSObject.h:
- (JSC::JSFinalObject::JSFinalObject):
- (JSC::JSObject::offsetOfInheritorID):
-
-2011-07-18 Mark Hahnenberg <mhahnenberg@apple.com>
-
- Refactor JSC to replace JSCell::operator new with static create method
- https://bugs.webkit.org/show_bug.cgi?id=64466
-
- Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
-
- First step in a longer refactoring process to remove the use of
- operator new overloading in order to allocate GC objects and to replace
- this method with static create methods for each individual type of heap-allocated
- JS object. This particular patch only deals with replacing uses of
- operator new within JSC proper. Future patches will remove it from the
- parts that interface with the DOM. Due to the DOM's continued dependence
- on it, operator new has not actually been removed from JSCell.
-
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::create):
- * API/JSCallbackFunction.h:
- (JSC::JSCallbackFunction::create):
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::operator new):
- (JSC::JSCallbackObject::create):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::staticFunctionGetter):
- * API/JSClassRef.cpp:
- (OpaqueJSClass::prototype):
- * API/JSContextRef.cpp:
- * API/JSObjectRef.cpp:
- (JSObjectMake):
- (JSObjectMakeFunctionWithCallback):
- (JSObjectMakeConstructor):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::createActivation):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * bytecompiler/BytecodeGenerator.h:
- (JSC::BytecodeGenerator::makeFunction):
- * bytecompiler/NodesCodegen.cpp:
- (JSC::RegExpNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- (JSC::Interpreter::retrieveArguments):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jsc.cpp:
- (GlobalObject::create):
- (GlobalObject::GlobalObject):
- (functionRun):
- (jscmain):
- * runtime/Arguments.h:
- (JSC::Arguments::create):
- (JSC::Arguments::createNoParameters):
- * runtime/ArrayConstructor.cpp:
- (JSC::constructArrayWithSizeQuirk):
- * runtime/ArrayConstructor.h:
- (JSC::ArrayConstructor::create):
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncSplice):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::create):
- * runtime/BooleanConstructor.cpp:
- (JSC::constructBoolean):
- (JSC::constructBooleanFromImmediateBoolean):
- * runtime/BooleanConstructor.h:
- (JSC::BooleanConstructor::create):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::create):
- * runtime/BooleanPrototype.h:
- (JSC::BooleanPrototype::create):
- * runtime/DateConstructor.cpp:
- (JSC::constructDate):
- * runtime/DateConstructor.h:
- (JSC::DateConstructor::create):
- * runtime/DateInstance.h:
- (JSC::DateInstance::create):
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::create):
- * runtime/Error.cpp:
- (JSC::createError):
- (JSC::createEvalError):
- (JSC::createRangeError):
- (JSC::createReferenceError):
- (JSC::createSyntaxError):
- (JSC::createTypeError):
- (JSC::createURIError):
- (JSC::StrictModeTypeErrorFunction::create):
- (JSC::createTypeErrorFunction):
- * runtime/ErrorConstructor.h:
- (JSC::ErrorConstructor::create):
- * runtime/ErrorInstance.cpp:
- (JSC::ErrorInstance::ErrorInstance):
- (JSC::ErrorInstance::create):
- * runtime/ErrorInstance.h:
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::create):
- * runtime/ExceptionHelpers.cpp:
- (JSC::InterruptedExecutionError::InterruptedExecutionError):
- (JSC::InterruptedExecutionError::create):
- (JSC::createInterruptedExecutionException):
- (JSC::TerminatedExecutionError::TerminatedExecutionError):
- (JSC::TerminatedExecutionError::create):
- (JSC::createTerminatedExecutionException):
- * runtime/Executable.cpp:
- (JSC::FunctionExecutable::FunctionExecutable):
- (JSC::FunctionExecutable::fromGlobalCode):
- * runtime/Executable.h:
- (JSC::ExecutableBase::create):
- (JSC::NativeExecutable::create):
- (JSC::ScriptExecutable::ScriptExecutable):
- (JSC::EvalExecutable::create):
- (JSC::ProgramExecutable::create):
- (JSC::FunctionExecutable::create):
- (JSC::FunctionExecutable::make):
- * runtime/FunctionConstructor.cpp:
- (JSC::constructFunctionSkippingEvalEnabledCheck):
- * runtime/FunctionConstructor.h:
- (JSC::FunctionConstructor::create):
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::addFunctionProperties):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::create):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::create):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::create):
- (JSC::jsAPIValueWrapper):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::argumentsGetter):
- * runtime/JSActivation.h:
- (JSC::JSActivation::create):
- * runtime/JSArray.h:
- (JSC::JSArray::create):
- * runtime/JSCell.h:
- (JSC::JSCell::allocateCell):
- * runtime/JSFunction.h:
- (JSC::JSFunction::create):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::init):
- (JSC::JSGlobalObject::reset):
- * runtime/JSGlobalObject.h:
- (JSC::constructEmptyArray):
- (JSC::constructArray):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::create):
- * runtime/JSONObject.h:
- (JSC::JSONObject::create):
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::defineSetter):
- (JSC::putDescriptor):
- * runtime/JSObject.h:
- (JSC::JSFinalObject::create):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::create):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::create):
- * runtime/JSString.cpp:
- (JSC::JSString::substringFromRope):
- (JSC::JSString::replaceCharacter):
- (JSC::StringObject::create):
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::create):
- (JSC::RopeBuilder::createHasOtherOwner):
- (JSC::jsSingleCharacterString):
- (JSC::jsSingleCharacterSubstring):
- (JSC::jsNontrivialString):
- (JSC::jsString):
- (JSC::jsSubstring):
- (JSC::jsOwnedString):
- * runtime/JSValue.cpp:
- (JSC::JSValue::toObjectSlowCase):
- (JSC::JSValue::synthesizeObject):
- (JSC::JSValue::synthesizePrototype):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- * runtime/MathObject.h:
- (JSC::MathObject::create):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::create):
- * runtime/NativeErrorPrototype.h:
- (JSC::NativeErrorPrototype::create):
- * runtime/NumberConstructor.cpp:
- (JSC::constructWithNumberConstructor):
- * runtime/NumberConstructor.h:
- (JSC::NumberConstructor::create):
- * runtime/NumberObject.cpp:
- (JSC::constructNumber):
- * runtime/NumberObject.h:
- (JSC::NumberObject::create):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::create):
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::create):
- * runtime/ObjectPrototype.h:
- (JSC::ObjectPrototype::create):
- * runtime/Operations.h:
- (JSC::jsString):
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp):
- (JSC::RegExp::createWithoutCaching):
- (JSC::RegExp::create):
- * runtime/RegExp.h:
- * runtime/RegExpCache.cpp:
- (JSC::RegExpCache::lookupOrCreate):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::arrayOfMatches):
- (JSC::constructRegExp):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::create):
- * runtime/RegExpMatchesArray.h:
- (JSC::RegExpMatchesArray::create):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::create):
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncCompile):
- * runtime/RegExpPrototype.h:
- (JSC::RegExpPrototype::create):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::create):
- (JSC::ScopeChainNode::push):
- * runtime/SmallStrings.cpp:
- (JSC::SmallStrings::createEmptyString):
- (JSC::SmallStrings::createSingleCharacterString):
- * runtime/StringConstructor.cpp:
- (JSC::constructWithStringConstructor):
- * runtime/StringConstructor.h:
- (JSC::StringConstructor::create):
- * runtime/StringObject.h:
- (JSC::StringObject::create):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::create):
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::create):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::Structure::createStructure):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
-
-2011-07-17 Ryuan Choi <ryuan.choi@samsung.com>
-
- [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
- https://bugs.webkit.org/show_bug.cgi?id=64337
-
- Replace ecore_timer_add to Ecore_Pipe.
- This is needed because ecore_timer should not be called in a child thread,
- but in the main thread.
-
- Reviewed by Antonio Gomes.
-
- * wtf/efl/MainThreadEfl.cpp:
- (WTF::pipeObject):
- (WTF::monitorDispatchFunctions):
- (WTF::initializeMainThreadPlatform):
- (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2011-07-17 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
- https://bugs.webkit.org/show_bug.cgi?id=64637
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGOperations.cpp:
-
-2011-07-16 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64657
- Converted this value not preserved when accessed via direct eval.
-
- Reviewed by Oliver Hunt.
-
- Upon entry into a non-strict function, primitive this values should be boxed as Object types
- (or substituted with the global object) - which is done by op_convert_this. However we only
- do so where this is used lexically within the function (we omit the conversion op if not).
- The problem comes if a direct eval (running within the function's scope) accesses the this
- value.
-
- We are safe in the case of a single eval, since the this object will be converted within
- callEval, however the converted value is not preserved, and a new wrapper object is allocated
- each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
- object will be lost between eval statements.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- - If a function uses eval, we always need to convert this.
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- - Don't convert primitive values here - this is too late!
- (JSC::Interpreter::privateExecute):
- - Changed op_convert_this to call new isPrimitive method.
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- - Changed op_convert_this to call new isPrimitive method.
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::isPrimitive):
- - Added JSValue::isPrimitive.
- * runtime/JSValue.h:
- - Added JSValue::isPrimitive.
-
-2011-07-16 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT compare/branch code emits is-integer tests even when a value is
- definitely not an integer.
- https://bugs.webkit.org/show_bug.cgi?id=64654
-
- Reviewed by Gavin Barraclough.
-
- Added the isKnownNotInteger() method, which returns true if a node is
- definitely not an integer and will always fail any is-integer test. Then
- modified the compare and branch code to use this method; if it returns
- true then is-int tests are omitted and the compiler always emits a slow
- call.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
-
-2011-07-16 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT has dead code for slow calls for branches.
- https://bugs.webkit.org/show_bug.cgi?id=64653
-
- Reviewed by Gavin Barraclough.
-
- Removed SpeculativeJIT::compilePeepHoleCall.
-
- * dfg/DFGSpeculativeJIT.cpp:
- * dfg/DFGSpeculativeJIT.h:
-
-2011-07-15 Mark Rowe <mrowe@apple.com>
-
- Fix the build.
-
- * dfg/DFGGraph.h:
-
-2011-07-15 Gavin Barraclough <barraclough@apple.com>
-
- NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
- https://bugs.webkit.org/show_bug.cgi?id=55346
-
- Reviewed by Sam Weinig.
-
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- - Switch to putDirect since we're not the only ones tranitioning this Structure now.
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- * runtime/NativeErrorPrototype.h:
- - Switch base class to ErrorPrototype.
-
-2011-07-15 Gavin Barraclough <barraclough@apple.com>
-
- DFG JIT - Where arguments passed are integers, speculate this.
- https://bugs.webkit.org/show_bug.cgi?id=64630
-
- Reviewed by Sam Weinig.
-
- Presently the DFG JIT is overly aggressively predicting double.
- Use a bit of dynamic information, and curtail this a little.
-
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::predictArgumentTypes):
- - Check for integer arguments.
- * dfg/DFGGraph.h:
- - Function declaration.
- * runtime/Executable.cpp:
- (JSC::tryDFGCompile):
- (JSC::FunctionExecutable::compileForCallInternal):
- - Add call to predictArgumentTypes.
-
-2011-07-15 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT is inconsistent about fusing branches and speculating
- integer comparisons for branches.
- https://bugs.webkit.org/show_bug.cgi?id=64573
-
- Reviewed by Gavin Barraclough.
-
- This patch moves some of NonSpeculativeJIT's functionality up into the
- JITCodeGenerator superclass so that it can be used from both JITs. Now,
- in cases where the speculative JIT doesn't want to speculate but still
- wants to emit good code, it can reliably emit the same code sequence as
- the non-speculative JIT. This patch also extends the non-speculative
- JIT's compare optimizations to include compare/branch fusing, and
- extends the speculative JIT's compare optimizations to cover StrictEqual.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::isKnownInteger):
- (JSC::DFG::JITCodeGenerator::isKnownNumeric):
- (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
- (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
- * dfg/DFGOperations.cpp:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- * wtf/Platform.h:
-
-2011-07-14 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64250
- Global strict mode function leaking global object as "this".
-
- Reviewed by Oliver Hunt.
-
- The root problem here is that we pass the wrong values into
- calls, and then try to fix them up in the callee. Correct
- behaviour per the spec is to pass in the value undefined,
- as this unless either (1) the function call is based on an
- explicit property access or (2) the base of the call comes
- directly from a 'with'.
-
- This change does away with the need for this conversion of
- objects (non strict code should only box primitives), and
- does away with all this conversion for strict functions.
-
- This patch may have web compatibility ramifications, and may
- require some advocacy.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * bytecode/Opcode.h:
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- (JSC::BytecodeGenerator::emitResolveWithThis):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * bytecompiler/BytecodeGenerator.h:
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * bytecompiler/NodesCodegen.cpp:
- (JSC::EvalFunctionCallNode::emitBytecode):
- (JSC::FunctionCallResolveNode::emitBytecode):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - Change NeedsThisConversion check to test for JSString's vptr
- (objects no longer need conversion).
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::resolveThisAndProperty):
- - Based on resolveBaseAndProperty, but produce correct this value.
- (JSC::Interpreter::privateExecute):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * interpreter/Interpreter.h:
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * jit/JIT.h:
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_resolve_with_this):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- (JSC::JIT::emit_op_convert_this):
- (JSC::JIT::emitSlow_op_convert_this):
- - Change NeedsThisConversion check to test for JSString's vptr
- (objects no longer need conversion).
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_resolve_with_this):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- (JSC::JIT::emit_op_convert_this):
- (JSC::JIT::emitSlow_op_convert_this):
- - Change NeedsThisConversion check to test for JSString's vptr
- (objects no longer need conversion).
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * jit/JITStubs.h:
- - Removed op_convert_this_strict, added op_resolve_with_this.
- * runtime/JSActivation.h:
- - removed NeedsThisConversion flag, added IsEnvironmentRecord.
- * runtime/JSStaticScopeObject.h:
- - removed NeedsThisConversion flag, added IsEnvironmentRecord.
- * runtime/JSString.h:
- (JSC::RopeBuilder::createStructure):
- - removed NeedsThisConversion.
- * runtime/JSTypeInfo.h:
- (JSC::TypeInfo::isEnvironmentRecord):
- (JSC::TypeInfo::overridesHasInstance):
- - removed NeedsThisConversion flag, added IsEnvironmentRecord.
- * runtime/JSValue.h:
- - removed NeedsThisConversion.
- * runtime/JSVariableObject.h:
- - Corrected StructureFlags inheritance.
- * runtime/StrictEvalActivation.h:
- (JSC::StrictEvalActivation::createStructure):
- - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
- * runtime/Structure.h:
- - removed NeedsThisConversion.
- * tests/mozilla/ecma/String/15.5.4.6-2.js:
- (getTestCases):
- - Removed invalid test case.
-
-2011-07-15 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r91082, r91087, and r91089.
- http://trac.webkit.org/changeset/91082
- http://trac.webkit.org/changeset/91087
- http://trac.webkit.org/changeset/91089
- https://bugs.webkit.org/show_bug.cgi?id=64616
-
- gtk tests are failing a lot after this change. (Requested by
- dave_levin on #webkit).
-
- * wtf/ThreadIdentifierDataPthreads.cpp:
- (WTF::ThreadIdentifierData::identifier):
- (WTF::ThreadIdentifierData::initialize):
- (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
- (WTF::ThreadIdentifierData::initializeKeyOnce):
- * wtf/ThreadIdentifierDataPthreads.h:
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading):
-
-2011-07-15 David Levin <levin@chromium.org>
-
- Another attempted build fix.
-
- * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
- up the definition of PTHREAD_KEYS_MAX.
-
-2011-07-15 David Levin <levin@chromium.org>
-
- Chromium build fix.
-
- * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
- up the definition of PTHREAD_KEYS_MAX.
-
-2011-07-14 David Levin <levin@chromium.org>
-
- currentThread is too slow!
- https://bugs.webkit.org/show_bug.cgi?id=64577
-
- Reviewed by Darin Adler and Dmitry Titov.
-
- The problem is that currentThread results in a pthread_once call which always takes a lock.
- With this change, currentThread is 10% faster than isMainThread in release mode and only
- 5% slower than isMainThread in debug.
-
- * wtf/ThreadIdentifierDataPthreads.cpp:
- (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
- which is no longer needed because this is called from initializeThreading().
- (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
- intialization of the pthread key should already be done.
- (WTF::ThreadIdentifierData::initialize): Ditto.
- * wtf/ThreadIdentifierDataPthreads.h:
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeThreading): Acquire the pthread key here.
-
-2011-07-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not optimize Branch as well as it could.
- https://bugs.webkit.org/show_bug.cgi?id=64574
-
- Reviewed by Gavin Barraclough.
-
- This creates a common code path for emitting unfused branches, which does
- no speculation, and only performs a slow call if absolutely necessary.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitBranch):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-14 Filip Pizlo <fpizlo@apple.com>
-
- GC allocation fast path has too many operations.
- https://bugs.webkit.org/show_bug.cgi?id=64493
-
- Reviewed by Darin Adler.
-
- Changed the timing of the lazy sweep so that it occurs when we land on
- a previously-unsweeped block, rather than whenever we land on an unsweeped
- cell. After the per-block lazy sweep occurs, the block is turned into a
- singly linked list of free cells. The allocation fast path is now just a
- load-branch-store to remove a cell from the head of the list.
-
- Additionally, this changes the way new blocks are allocated. Previously,
- they would be populated with dummy cells. With this patch, they are
- turned into a free list, which means that there will never be destructor
- calls for allocations in fresh blocks.
-
- These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
- SunSpider. There are no observed statistically significant slow-downs
- on any individual benchmark.
-
- * JavaScriptCore.exp:
- * heap/Heap.cpp:
- (JSC::Heap::allocateSlowCase):
- (JSC::Heap::collect):
- (JSC::Heap::canonicalizeBlocks):
- (JSC::Heap::resetAllocator):
- * heap/Heap.h:
- (JSC::Heap::forEachProtectedCell):
- (JSC::Heap::forEachCell):
- (JSC::Heap::forEachBlock):
- (JSC::Heap::allocate):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- (JSC::MarkedBlock::lazySweep):
- (JSC::MarkedBlock::blessNewBlockForFastPath):
- (JSC::MarkedBlock::blessNewBlockForSlowPath):
- (JSC::MarkedBlock::canonicalizeBlock):
- * heap/MarkedBlock.h:
- * heap/NewSpace.cpp:
- (JSC::NewSpace::addBlock):
- (JSC::NewSpace::canonicalizeBlocks):
- * heap/NewSpace.h:
- (JSC::NewSpace::allocate):
- (JSC::NewSpace::SizeClass::SizeClass):
- (JSC::NewSpace::SizeClass::canonicalizeBlock):
- * heap/OldSpace.cpp:
- (JSC::OldSpace::addBlock):
-
-2011-07-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT crashes on host constructor calls in debug mode.
- https://bugs.webkit.org/show_bug.cgi?id=64562
-
- Reviewed by Gavin Barraclough.
-
- Fixed the relevant ASSERT.
-
- * dfg/DFGOperations.cpp:
-
-2011-07-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT contains a FIXME for rewinding speculative code generation that
- has already been fixed.
- https://bugs.webkit.org/show_bug.cgi?id=64022
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2011-07-14 Ryuan Choi <ryuan.choi@samsung.com>
-
- [EFL] Add OwnPtr specialization for Ecore_Pipe.
- https://bugs.webkit.org/show_bug.cgi?id=64515
-
- Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
-
- Reviewed by Xan Lopez.
-
- * wtf/OwnPtrCommon.h:
- * wtf/efl/OwnPtrEfl.cpp:
- (WTF::deleteOwnedPtr):
-
-2011-07-14 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT unnecessarily boxes and unboxes values during silent spilling.
- https://bugs.webkit.org/show_bug.cgi?id=64068
-
- Reviewed by Gavin Barraclough.
-
- Silent spilling and filling of registers is done during slow-path C
- function calls. The silent spill/fill logic does not affect register
- allocation on paths that don't involve the C function call.
-
- This changes the silent spilling code to spill in unboxed form. The
- silent fill will refill in whatever form the register was spilled in.
- For example, the silent spill code may choose not to spill the register
- because it was already spilled previously, which would imply that it
- was spilled in boxed form. The filling code detects this and either
- unboxes, or not, depending on what is appropriate.
-
- This change also results in a simplification of the silent spill/fill
- API: silent spilling no longer needs to know about the set of registers
- that cannot be trampled, since it never does boxing and hence does not
- need a temporary register.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentSpillGPR):
- (JSC::DFG::JITCodeGenerator::silentSpillFPR):
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::valueToNumber):
- (JSC::DFG::NonSpeculativeJIT::valueToInt32):
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
- (JSC::DFG::NonSpeculativeJIT::compare):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-13 Michael Saboff <msaboff@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64202
- Enh: Improve handling of RegExp in the form of /.*blah.*/
-
- Reviewed by Gavin Barraclough.
-
- Added code to both the Yarr interpreter and JIT to handle
- these expressions a little differently. First off, the terms
- in between the leading and trailing .*'s cannot capture and
- also this enhancement is limited to single alternative expressions.
- If an expression is of the right form with the aforementioned
- restrictions, we process the inner terms and then look for the
- beginning of the string and end of the string. There is handling
- for multiline expressions to allow the beginning and end to be
- right after and right before newlines.
-
- This enhancement speeds up expressions of this type 12x on
- a MacBookPro.
-
- Cleaned up 'case' statement indentation.
-
- A new set of tests was added as LayoutTests/fast/regex/dotstar.html
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::InputStream::end):
- (JSC::Yarr::Interpreter::matchDotStarEnclosure):
- (JSC::Yarr::Interpreter::matchDisjunction):
- (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
- (JSC::Yarr::ByteCompiler::emitDisjunction):
- * yarr/YarrInterpreter.h:
- (JSC::Yarr::ByteTerm::DotStarEnclosure):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
- (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
- (JSC::Yarr::YarrGenerator::generateTerm):
- (JSC::Yarr::YarrGenerator::backtrackTerm):
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
- (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
- (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
- (JSC::Yarr::YarrPattern::compile):
- * yarr/YarrPattern.h:
- (JSC::Yarr::PatternTerm::PatternTerm):
-
-2011-07-13 Xan Lopez <xlopez@igalia.com>
-
- [GTK] Fix distcheck
-
- Reviewed by Martin Robinson.
-
- * GNUmakefile.list.am: add missing files.
-
-2011-07-13 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not implement prototype chain or list caching for get_by_id.
- https://bugs.webkit.org/show_bug.cgi?id=64147
-
- Reviewed by Gavin Barraclough.
-
- This implements unified support for prototype caching, prototype chain
- caching, and polymorphic (i.e. list) prototype and prototype chain
- caching. This is done by creating common code for emitting prototype
- or chain access stubs, and having it factored out into
- generateProtoChainAccessStub(). This function is called by
- tryCacheGetByID once the latter determines that some form of prototype
- access caching is necessary (i.e. the slot being accessed is not on the
- base value but on some other object).
-
- Direct prototype list, and prototype chain list, caching is implemented by
- linking the slow path to operationGetByIdProtoBuildList(), which uses the
- same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
-
- This change required ensuring that the value in the scratchGPR field in
- StructureStubInfo is preserved even after the stub info is in the
- chain, or proto_list, states. Hence scratchGPR was moved out of the union
- and into the top-level of StructureStubInfo.
-
- * bytecode/StructureStubInfo.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::emitRestoreScratch):
- (JSC::DFG::linkRestoreScratch):
- (JSC::DFG::generateProtoChainAccessStub):
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryBuildGetByIDProtoList):
- (JSC::DFG::dfgBuildGetByIDProtoList):
- (JSC::DFG::tryCachePutByID):
- * dfg/DFGRepatch.h:
-
-2011-07-12 Brent Fulgham <bfulgham@webkit.org>
-
- Standardize WinCairo conditionalized code under PLATFORM macro.
- https://bugs.webkit.org/show_bug.cgi?id=64377
-
- Reviewed by Maciej Stachowiak.
-
- * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
-
-2011-07-13 David Levin <levin@chromium.org>
-
- Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
- https://bugs.webkit.org/show_bug.cgi?id=64465
-
- Reviewed by Dmitry Titov.
-
- There isn't a good way to test this as it is very highly unlikely to occur.
-
- * wtf/ThreadIdentifierDataPthreads.cpp:
- (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
- isn't thread-safe, change the initialization to be global.
-
-2011-07-12 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64424
- Our direct eval behaviour deviates slightly from the spec.
-
- Reviewed by Oliver Hunt.
-
- The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
- behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
- or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
- may be introduced into the caller's environment.
-
- ES5 direct calls are any call where the callee function is provided by a reference, a base
- of that Reference is an EnvironmentRecord (this corresponds to all productions
- "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
- of the reference is "eval". This means any expression of the form "eval(...)", and that
- calls the standard built in eval method from on the Global Object, is considered to be
- direct.
-
- In JavaScriptCore we are currently overly restrictive. We also check that the
- EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
- at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
- that hits a var eval in a nested scope is not considered to be direct. This behaviour does
- not emanate from the spec, and is incorrect.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- - Fixed direct eval check in op_call_eval.
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- - Fixed direct eval check in op_call_eval.
- * runtime/Executable.h:
- (JSC::isHostFunction):
- - Added check for host function with specific NativeFunction.
-
-2011-07-13 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
-
- Reviewed by Andreas Kling.
-
- Broken build on QNX
- https://bugs.webkit.org/show_bug.cgi?id=63717
-
- QNX doesn't support pthread's SA_RESTART (required by
- JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
- few minor compilation errors here and there.
-
- Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
- tested by him on QNX v6.5 (x86)
-
- * wtf/DateMath.cpp: fix usage of abs/labs
- * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
- * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
-
-2011-07-12 Anders Carlsson <andersca@apple.com>
-
- If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
- https://bugs.webkit.org/show_bug.cgi?id=64429
-
- Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
-
- * wtf/NullPtr.h:
-
-2011-07-13 MORITA Hajime <morrita@google.com>
-
- Refactoring: Ignored ExceptionCode value should be less annoying.
- https://bugs.webkit.org/show_bug.cgi?id=63688
-
- Added ASSERT_AT macro.
-
- Reviewed by Darin Adler.
-
- * wtf/Assertions.h:
-
-2011-07-12 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not implement op_construct.
- https://bugs.webkit.org/show_bug.cgi?id=64066
-
- Reviewed by Gavin Barraclough.
-
- This is a fixed implementation of op_construct. Constructor calls are implemented
- by reusing almost all of the code for Call, with care taken to make sure that
- where the are differences (like selecting different code blocks), those differences
- are respected. The two fixes over the last patch are: (1) make sure the
- CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
- make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
- (either CodeForCall or CodeForConstruct) when invoking the compiler.
-
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::recordConstruct):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgLinkFor):
- * dfg/DFGRepatch.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/CodeBlock.cpp:
- (JSC::CodeBlock::unlinkCalls):
-
-2011-07-12 Oliver Hunt <oliver@apple.com>
-
- Overzealous type validation in method_check
- https://bugs.webkit.org/show_bug.cgi?id=64415
-
- Reviewed by Gavin Barraclough.
-
- method_check is essentially just a value look up
- optimisation, but it internally stores the value
- as a JSFunction, even though it never relies on
- this fact. Under GC validation however we end up
- trying to enforce that assumption. The fix is
- simply to store the value as a correct supertype.
-
- * bytecode/CodeBlock.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchGetMethodFast):
- (JSC::DFG::tryCacheGetMethod):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::patchMethodCallProto):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
-
-2011-07-12 Filip Pizlo <fpizlo@apple.com>
-
- COLLECT_ON_EVERY_ALLOCATION no longer works.
- https://bugs.webkit.org/show_bug.cgi?id=64388
-
- Reviewed by Oliver Hunt.
-
- Added a flag to Heap that determines if it's safe to collect (which for now means that
- JSGlobalObject has actually been initialized, but it should work for other things, too).
- This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
- GCing it just grows the heap, if necessary.
-
- Then changed Heap::allocate() to not recurse ad infinitum when
- COLLECT_ON_EVERY_ALLOCATION is set. This also makes the allocator generally more
- resilient against bugs; this change allowed me to put in handy assertions, such as that
- an allocation must succeed after either a collection or after a new block was added.
-
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::tryAllocate):
- (JSC::Heap::allocate):
- (JSC::Heap::collectAllGarbage):
- (JSC::Heap::collect):
- * heap/Heap.h:
- (JSC::Heap::notifyIsSafeToCollect):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
-
-2011-07-12 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT put_by_id transition caching does not inform the GC about the structure and
- prototype chain that it is referencing.
- https://bugs.webkit.org/show_bug.cgi?id=64387
-
- Reviewed by Gavin Barraclough.
-
- Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCachePutByID):
-
-2011-07-12 Adam Roben <aroben@apple.com>
-
- Ensure no intermediate WTF::Strings are created when concatenating with string literals
-
- Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
- operator+ is suboptimal
-
- Reviewed by Darin Adler.
-
- * wtf/text/StringConcatenate.h:
- (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
- many WTF::Strings get copied while evaluating an operator+ expression.
-
- * wtf/text/StringOperators.h:
- (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
- side, since operator+ is left-associative. Having the StringAppend on the right-hand side
- was causing us to make intermediate WTF::Strings when evaluating expressions that contained
- multiple calls to operator+. Added some more overloads for that take a left-hand side of
- const char* to resolve overload ambiguity for certain expressions. Added overloads that take
- a left-hand side of const UChar* (matching the const char* overloads) so that wide string
- literals don't first have to be converted to a WTF::String in operator+ expressions.
-
-2011-07-12 Adam Roben <aroben@apple.com>
-
- Unreviewed, rolling out r90811.
- http://trac.webkit.org/changeset/90811
- https://bugs.webkit.org/show_bug.cgi?id=61025
-
- Several svg tests failing assertions beneath
- SVGSMILElement::findInstanceTime
-
- * wtf/StdLibExtras.h:
- (WTF::binarySearch):
-
-2011-07-12 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
-
- Reviewed by Nikolas Zimmermann.
-
- Speed up SVGSMILElement::findInstanceTime.
- https://bugs.webkit.org/show_bug.cgi?id=61025
-
- Add a new parameter to StdlibExtras.h::binarySerarch function
- to also handle cases when the array does not contain the key value.
- This is needed for an svg function.
-
- * wtf/StdLibExtras.h:
- (WTF::binarySearch):
-
-2011-07-11 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT does not guard itself against floating point speculation
- failures on non-floating-point constants.
- https://bugs.webkit.org/show_bug.cgi?id=64330
-
- Reviewed by Gavin Barraclough.
-
- Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
- soon as it notices that it's speculating on something that is a non-numeric
- JSConstant.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-07-11 Filip Pizlo <fpizlo@apple.com>
-
- DFG Speculative JIT does not always insert speculation checks when speculating
- arrays.
- https://bugs.webkit.org/show_bug.cgi?id=64254
-
- Reviewed by Gavin Barraclough.
-
- Changed the SetLocal instruction to always validate that the value being stored
- into the local variable is an array, if that variable was marked PredictArray.
- This is necessary since uses of arrays assume that if a PredictArray value is
- in a local variable then the speculation check validating that the value is an
- array was already performed.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-11 Gabor Loki <loki@webkit.org>
-
- Fix the condition of the optimized code in doubleTransfer
- https://bugs.webkit.org/show_bug.cgi?id=64261
-
- Reviewed by Zoltan Herczeg.
-
- The condition of the optimized code in doubleTransfer is wrong. The
- data transfer should be executed with four bytes aligned address.
- VFP cannot perform unaligned memory access.
-
- Reported by Jacob Bramley.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::doubleTransfer):
-
-2011-07-11 Gabor Loki <loki@webkit.org>
-
- Signed arithmetic bug in dataTransfer32.
- https://bugs.webkit.org/show_bug.cgi?id=64257
-
- Reviewed by Zoltan Herczeg.
-
- An arithmetic bug is fixed. If the offset of dataTransfer is half of the
- addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
- a load instruction is emitted with a wrong zero offset.
-
- Inspired by Jacob Bramley's patch from JaegerMonkey.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::dataTransfer32):
-
-2011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com>
-
- Fix unaligned userspace access for SH4 platforms.
- https://bugs.webkit.org/show_bug.cgi?id=62993
-
- * wtf/Platform.h:
-
-2011-07-09 Chao-ying Fu <fu@mips.com>
-
- Fix MIPS build due to readInt32 and readPointer
- https://bugs.webkit.org/show_bug.cgi?id=63962
-
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::readInt32):
- (JSC::MIPSAssembler::readPointer):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::rshift32):
-
-2011-07-08 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=64181
- REGRESSION (r90602): Gmail doesn't load
-
- Rolling out r90601, r90602.
-
- * dfg/DFGAliasTracker.h:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addVarArgChild):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::dfgLinkCall):
- * dfg/DFGRepatch.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * runtime/JSObject.h:
- (JSC::JSObject::isUsingInlineStorage):
-
-2011-07-08 Kalev Lember <kalev@smartlink.ee>
-
- Reviewed by Adam Roben.
-
- Add missing _WIN32_WINNT and WINVER definitions
- https://bugs.webkit.org/show_bug.cgi?id=59702
-
- Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
- available for all source files.
-
- In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
- DeleteTimerQueueTimer which are both guarded by
- #if (_WIN32_WINNT >= 0x0500)
- in MinGW headers.
-
- * config.h:
- * wtf/Assertions.cpp:
-
-2011-07-08 Chang Shu <cshu@webkit.org>
-
- Rename "makeSecure" to "fill" and remove the support for displaying last character
- to avoid layering violatation.
- https://bugs.webkit.org/show_bug.cgi?id=59114
-
- Reviewed by Alexey Proskuryakov.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.order:
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::fill):
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.h:
- (WTF::String::fill):
-
-2011-07-08 Benjamin Poulain <benjamin@webkit.org>
-
- [WK2] Do not forward touch events to the web process when it does not need them
- https://bugs.webkit.org/show_bug.cgi?id=64164
-
- Reviewed by Kenneth Rohde Christiansen.
-
- Add a convenience function to obtain a reference to the last element of a Deque.
-
- * wtf/Deque.h:
- (WTF::Deque::last):
-
-2011-07-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not implement op_construct.
- https://bugs.webkit.org/show_bug.cgi?id=64066
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::recordConstruct):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::addCall):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgLinkFor):
- * dfg/DFGRepatch.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not implement get_by_id prototype caching.
- https://bugs.webkit.org/show_bug.cgi?id=64077
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::emitRestoreScratch):
- (JSC::DFG::linkRestoreScratch):
- (JSC::DFG::tryCacheGetByID):
- * runtime/JSObject.h:
- (JSC::JSObject::addressOfPropertyAtOffset):
-
-2011-07-07 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT method_check implementation does not link to optimized get_by_id
- slow path.
- https://bugs.webkit.org/show_bug.cgi?id=64073
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchGetMethodFast):
-
-2011-07-07 Oliver Hunt <oliver@apple.com>
-
- Encode jump and link sizes into the appropriate enums
- https://bugs.webkit.org/show_bug.cgi?id=64123
-
- Reviewed by Sam Weinig.
-
- Finally kill off the out of line jump and link size arrays,
- so we can avoid icky loads and constant fold the linking arithmetic.
-
- * assembler/ARMv7Assembler.cpp:
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::jumpSizeDelta):
- (JSC::ARMv7Assembler::computeJumpType):
-
-2011-07-06 Juan C. Montemayor <jmont@apple.com>
-
- ASSERT_NOT_REACHED running test 262
- https://bugs.webkit.org/show_bug.cgi?id=63951
-
- Added a case to the switch statement where the code was failing. Fixed
- some logic as well that gave faulty error messages.
-
- Reviewed by Gavin Barraclough.
-
- * parser/JSParser.cpp:
- (JSC::JSParser::getTokenName):
- (JSC::JSParser::updateErrorMessageSpecialCase):
- (JSC::JSParser::updateErrorMessage):
-
-2011-07-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT implementation of op_call results in regressions on sunspider
- controlflow-recursive.
- https://bugs.webkit.org/show_bug.cgi?id=64039
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isInteger):
-
-2011-07-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not support method_check
- https://bugs.webkit.org/show_bug.cgi?id=63972
-
- Reviewed by Gavin Barraclough.
-
- * assembler/CodeLocation.h:
- (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeBlock.h:
- (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
- (JSC::MethodCallLinkInfo::seenOnce):
- (JSC::MethodCallLinkInfo::setSeen):
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::recordGetMethod):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedGetMethod):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addMethodGet):
- (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasIdentifier):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchGetMethodFast):
- (JSC::DFG::tryCacheGetMethod):
- (JSC::DFG::dfgRepatchGetMethod):
- * dfg/DFGRepatch.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITWriteBarrier.h:
- (JSC::JITWriteBarrier::set):
-
-2011-07-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT op_call implementation will flush registers even when those registers are dead
- https://bugs.webkit.org/show_bug.cgi?id=64023
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::integerResult):
- (JSC::DFG::JITCodeGenerator::noResult):
- (JSC::DFG::JITCodeGenerator::cellResult):
- (JSC::DFG::JITCodeGenerator::jsValueResult):
- (JSC::DFG::JITCodeGenerator::doubleResult):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-06 Filip Pizlo <fpizlo@apple.com>
-
- DFG speculative JIT may crash when speculating int on a non-int JSConstant.
- https://bugs.webkit.org/show_bug.cgi?id=64017
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-06 Dmitriy Vyukov <dvyukov@google.com>
-
- Reviewed by David Levin.
-
- Allow substitution of dynamic annotations and prevent identical code folding by the linker.
- https://bugs.webkit.org/show_bug.cgi?id=62443
-
- * wtf/DynamicAnnotations.cpp:
- (WTFAnnotateBenignRaceSized):
- (WTFAnnotateHappensBefore):
- (WTFAnnotateHappensAfter):
-
-2011-07-06 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
-
- Calls on 32 bit machines are failed after r90423
- https://bugs.webkit.org/show_bug.cgi?id=63980
-
- Reviewed by Gavin Barraclough.
-
- Copy the necessary lines from JITCall.cpp.
-
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCall):
-
-2011-07-05 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT virtual call implementation is inefficient.
- https://bugs.webkit.org/show_bug.cgi?id=63974
-
- Reviewed by Gavin Barraclough.
-
- * dfg/DFGOperations.cpp:
- * runtime/Executable.h:
- (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
- (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
- (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
- (JSC::ExecutableBase::hasJITCodeForCall):
- (JSC::ExecutableBase::hasJITCodeForConstruct):
- (JSC::ExecutableBase::hasJITCodeFor):
- * runtime/JSFunction.h:
- (JSC::JSFunction::scopeUnchecked):
-
-2011-07-05 Oliver Hunt <oliver@apple.com>
-
- Force inlining of simple functions that show up as not being inlined
- https://bugs.webkit.org/show_bug.cgi?id=63964
-
- Reviewed by Gavin Barraclough.
-
- Looking at profile data indicates the gcc is failing to inline a
- number of trivial functions. This patch hits the ones that show
- up in profiles with the ALWAYS_INLINE hammer.
-
- We also replace the memcpy() call in linking with a manual loop.
- Apparently memcpy() is almost never faster than an inlined loop.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::add):
- (JSC::ARMv7Assembler::add_S):
- (JSC::ARMv7Assembler::ARM_and):
- (JSC::ARMv7Assembler::asr):
- (JSC::ARMv7Assembler::b):
- (JSC::ARMv7Assembler::blx):
- (JSC::ARMv7Assembler::bx):
- (JSC::ARMv7Assembler::clz):
- (JSC::ARMv7Assembler::cmn):
- (JSC::ARMv7Assembler::cmp):
- (JSC::ARMv7Assembler::eor):
- (JSC::ARMv7Assembler::it):
- (JSC::ARMv7Assembler::ldr):
- (JSC::ARMv7Assembler::ldrCompact):
- (JSC::ARMv7Assembler::ldrh):
- (JSC::ARMv7Assembler::ldrb):
- (JSC::ARMv7Assembler::lsl):
- (JSC::ARMv7Assembler::lsr):
- (JSC::ARMv7Assembler::movT3):
- (JSC::ARMv7Assembler::mov):
- (JSC::ARMv7Assembler::movt):
- (JSC::ARMv7Assembler::mvn):
- (JSC::ARMv7Assembler::neg):
- (JSC::ARMv7Assembler::orr):
- (JSC::ARMv7Assembler::orr_S):
- (JSC::ARMv7Assembler::ror):
- (JSC::ARMv7Assembler::smull):
- (JSC::ARMv7Assembler::str):
- (JSC::ARMv7Assembler::sub):
- (JSC::ARMv7Assembler::sub_S):
- (JSC::ARMv7Assembler::tst):
- (JSC::ARMv7Assembler::linkRecordSourceComparator):
- (JSC::ARMv7Assembler::link):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::linkCode):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::nearCall):
- (JSC::MacroAssemblerARMv7::call):
- (JSC::MacroAssemblerARMv7::ret):
- (JSC::MacroAssemblerARMv7::moveWithPatch):
- (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
- (JSC::MacroAssemblerARMv7::storePtrWithPatch):
- (JSC::MacroAssemblerARMv7::tailRecursiveCall):
- (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
- (JSC::MacroAssemblerARMv7::jump):
- (JSC::MacroAssemblerARMv7::makeBranch):
-
-2011-07-05 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
-
- Make "Add optimised paths for a few maths functions" work on Qt
- https://bugs.webkit.org/show_bug.cgi?id=63893
-
- Reviewed by Oliver Hunt.
-
- Move the generated code to the .text section instead of .data section.
- Fix alignment for the 32 bit thunk code.
-
- * jit/ThunkGenerators.cpp:
-
-2011-07-05 Filip Pizlo <fpizlo@apple.com>
-
- DFG JIT does not implement op_call.
- https://bugs.webkit.org/show_bug.cgi?id=63858
-
- Reviewed by Gavin Barraclough.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::unlinkCalls):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::setNumberOfCallLinkInfos):
- (JSC::CodeBlock::numberOfCallLinkInfos):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitConstruct):
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::lookupGetByVal):
- (JSC::DFG::AliasTracker::recordCall):
- (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::toInt32):
- (JSC::DFG::ByteCodeParser::addToGraph):
- (JSC::DFG::ByteCodeParser::addVarArgChild):
- (JSC::DFG::ByteCodeParser::predictInt32):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::opName):
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::refChildren):
- * dfg/DFGGraph.h:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::useChildren):
- (JSC::DFG::JITCodeGenerator::emitCall):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::addressOfCallData):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::CallRecord::CallRecord):
- (JSC::DFG::JITCompiler::notifyCall):
- (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
- (JSC::DFG::JITCompiler::addJSCall):
- (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
- (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::child1):
- (JSC::DFG::Node::child2):
- (JSC::DFG::Node::child3):
- (JSC::DFG::Node::firstChild):
- (JSC::DFG::Node::numChildren):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
- (JSC::DFG::NonSpeculativeJIT::compare):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgLinkCall):
- * dfg/DFGRepatch.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
- * interpreter/CallFrame.h:
- (JSC::ExecState::calleeAsValue):
- * jit/JIT.cpp:
- (JSC::JIT::JIT):
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- (JSC::JIT::linkCall):
- (JSC::JIT::linkConstruct):
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITCode.h:
- (JSC::JITCode::JITCode):
- (JSC::JITCode::jitType):
- (JSC::JITCode::HostFunction):
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.h:
-
-2011-07-05 Oliver Hunt <oliver@apple.com>
-
- Initialize new MarkStack member
-
- * heap/MarkStack.h:
- (JSC::MarkStack::MarkStack):
-
-2011-07-05 Oliver Hunt <oliver@apple.com>
-
- Don't throw out compiled code repeatedly
- https://bugs.webkit.org/show_bug.cgi?id=63960
-
- Reviewed by Gavin Barraclough.
-
- Stop throwing away all compiled code every time
- we're told to do a full GC. Instead unlink all
- callsites during such GC passes to maximise the
- number of collectable functions, but otherwise
- leave compiled functions alone.
-
- * API/JSBase.cpp:
- (JSGarbageCollect):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * heap/Heap.cpp:
- (JSC::Heap::collectAllGarbage):
- * heap/MarkStack.h:
- (JSC::MarkStack::shouldUnlinkCalls):
- (JSC::MarkStack::setShouldUnlinkCalls):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::recompileAllJSFunctions):
- (JSC::JSGlobalData::releaseExecutableMemory):
- * runtime/RegExp.cpp:
- (JSC::RegExp::compile):
- (JSC::RegExp::invalidateCode):
- * runtime/RegExp.h:
-
-2011-07-05 Filip Pizlo <fpizlo@apple.com>
-
- JSC JIT has code duplication for the handling of call and construct
- https://bugs.webkit.org/show_bug.cgi?id=63957
-
- Reviewed by Gavin Barraclough.
-
- * jit/JIT.cpp:
- (JSC::JIT::linkFor):
- * jit/JIT.h:
- * jit/JITStubs.cpp:
- (JSC::jitCompileFor):
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::arityCheckFor):
- (JSC::lazyLinkFor):
- * runtime/Executable.h:
- (JSC::ExecutableBase::generatedJITCodeFor):
- (JSC::FunctionExecutable::compileFor):
- (JSC::FunctionExecutable::isGeneratedFor):
- (JSC::FunctionExecutable::generatedBytecodeFor):
- (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
-
-2011-07-05 Gavin Barraclough <barraclough@apple.com>
-
- Build fix following last patch.
-
- * runtime/JSFunction.cpp:
- (JSC::createPrototypeProperty):
-
-2011-07-05 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=63947
- ASSERT running Object.preventExtensions(Math.sin)
-
- Reviewed by Oliver Hunt.
-
- This is due to calling scope() on a hostFunction as a part of
- calling createPrototypeProperty to reify the prototype property.
- But host functions don't have a prototype property anyway!
-
- Prevent callling createPrototypeProperty on a host function.
-
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::createPrototypeProperty):
- (JSC::JSFunction::preventExtensions):
-
-2011-07-04 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=63880
- Evaluation order of conversions of operands to >, >= incorrect.
-
- Reviewed by Sam Weinig.
-
- Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
- spec. This allows these methods to be reused to perform >, >= relational compares
- with correct ordering of type conversions.
-
- * dfg/DFGOperations.cpp:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Operations.h:
- (JSC::jsLess):
- (JSC::jsLessEq):
-
-2011-07-04 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=16652
- Firefox and JavaScriptCore differ in Number.toString(integer)
-
- Our arbitrary radix (2..36) toString conversion is inaccurate.
- This is partly because it uses doubles to perform math that requires
- higher accuracy, and partly becasue it does not attempt to correctly
- detect where to terminate, instead relying on a simple 'epsilon'.
-
- * runtime/NumberPrototype.cpp:
- (JSC::decomposeDouble):
- - helper function to extract sign, exponent, mantissa from IEEE doubles.
- (JSC::Uint16WithFraction::Uint16WithFraction):
- - helper class, u16int with infinite precision fraction, used to convert
- the fractional part of the number to a string.
- (JSC::Uint16WithFraction::operator*=):
- - Multiply by a uint16.
- (JSC::Uint16WithFraction::operator<):
- - Compare two Uint16WithFractions.
- (JSC::Uint16WithFraction::floorAndSubtract):
- - Extract the integer portion of the number, and subtract it (clears the integer portion).
- (JSC::Uint16WithFraction::comparePoint5):
- - Compare to 0.5.
- (JSC::Uint16WithFraction::sumGreaterThanOne):
- - Passed a second Uint16WithFraction, returns true if the result of adding
- the two values would be greater than one.
- (JSC::Uint16WithFraction::isNormalized):
- - Used by ASSERTs to consistency check internal representation.
- (JSC::BigInteger::BigInteger):
- - helper class, unbounded integer value, used to convert the integer part
- of the number to a string.
- (JSC::BigInteger::divide):
- - Divide this value through by a uint32.
- (JSC::BigInteger::operator!):
- - test for zero.
- (JSC::toStringWithRadix):
- - Performs number to string conversion, with the given radix (2..36).
- (JSC::numberProtoFuncToString):
- - Changed to use toStringWithRadix.
-
-2011-07-04 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=63881
- Need separate bytecodes for handling >, >= comparisons.
-
- Reviewed by Oliver Hunt.
-
- This clears the way to fix Bug#63880. We currently handle greater-than comparisons
- as being using the corresponding op_less, etc opcodes. This is incorrect with
- respect to evaluation ordering of the implicit conversions performed on operands -
- we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
- but instead convert RHS then LHS.
-
- This patch adds opcodes for greater-than comparisons mirroring existing ones used
- for less-than.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/Opcode.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitJumpIfTrue):
- (JSC::BytecodeGenerator::emitJumpIfFalse):
- * bytecompiler/NodesCodegen.cpp:
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compare):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compare):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- * jit/JIT.h:
- (JSC::JIT::emit_op_loop_if_greater):
- (JSC::JIT::emitSlow_op_loop_if_greater):
- (JSC::JIT::emit_op_loop_if_greatereq):
- (JSC::JIT::emitSlow_op_loop_if_greatereq):
- * jit/JITArithmetic.cpp:
- (JSC::JIT::emit_op_jgreater):
- (JSC::JIT::emit_op_jgreatereq):
- (JSC::JIT::emit_op_jngreater):
- (JSC::JIT::emit_op_jngreatereq):
- (JSC::JIT::emitSlow_op_jgreater):
- (JSC::JIT::emitSlow_op_jgreatereq):
- (JSC::JIT::emitSlow_op_jngreater):
- (JSC::JIT::emitSlow_op_jngreatereq):
- (JSC::JIT::emit_compareAndJumpSlow):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emitBinaryDoubleOp):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
- * parser/NodeConstructors.h:
- (JSC::GreaterNode::GreaterNode):
- (JSC::GreaterEqNode::GreaterEqNode):
- * parser/Nodes.h:
-
-2011-07-03 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=63879
- Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
-
- Reviewed by Sam Weinig.
-
- There is a lot of copy & paste code here; we can reduce duplication by making
- a shared implementation.
-
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::branch32):
- (JSC::MacroAssembler::commute):
- - Make these function platform agnostic.
- * assembler/MacroAssemblerX86Common.h:
- - Moved branch32/commute up to MacroAssembler.
- * jit/JIT.h:
- (JSC::JIT::emit_op_loop_if_lesseq):
- (JSC::JIT::emitSlow_op_loop_if_lesseq):
- - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
- * jit/JITArithmetic.cpp:
- (JSC::JIT::emit_op_jless):
- (JSC::JIT::emit_op_jlesseq):
- (JSC::JIT::emit_op_jnless):
- (JSC::JIT::emit_op_jnlesseq):
- (JSC::JIT::emitSlow_op_jless):
- (JSC::JIT::emitSlow_op_jlesseq):
- (JSC::JIT::emitSlow_op_jnless):
- (JSC::JIT::emitSlow_op_jnlesseq):
- - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
- (JSC::JIT::emit_compareAndJump):
- (JSC::JIT::emit_compareAndJumpSlow):
- - Internal implmementation of jless etc for JSVALUE64.
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_compareAndJump):
- (JSC::JIT::emit_compareAndJumpSlow):
- - Internal implmementation of jless etc for JSVALUE32_64.
- * jit/JITOpcodes.cpp:
- * jit/JITOpcodes32_64.cpp:
- * jit/JITStubs.cpp:
- * jit/JITStubs.h:
- - Remove old implementation of emit_op_loop_if_lesseq.
-
-2011-07-03 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r90347.
- http://trac.webkit.org/changeset/90347
- https://bugs.webkit.org/show_bug.cgi?id=63886
-
- Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
- (Requested by tkent on #webkit).
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/BigInteger.h: Removed.
- * runtime/NumberPrototype.cpp:
- (JSC::numberProtoFuncToPrecision):
- (JSC::numberProtoFuncToString):
- * runtime/Uint16WithFraction.h: Removed.
- * wtf/MathExtras.h:
-
-2011-06-30 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=16652
- Firefox and JavaScriptCore differ in Number.toString(integer)
-
- Our arbitrary radix (2..36) toString conversion is inaccurate.
- This is partly because it uses doubles to perform math that requires
- higher accuracy, and partly becasue it does not attempt to correctly
- detect where to terminate, instead relying on a simple 'epsilon'.
-
- * runtime/NumberPrototype.cpp:
- (JSC::decomposeDouble):
- - helper function to extract sign, exponent, mantissa from IEEE doubles.
- (JSC::Uint16WithFraction::Uint16WithFraction):
- - helper class, u16int with infinite precision fraction, used to convert
- the fractional part of the number to a string.
- (JSC::Uint16WithFraction::operator*=):
- - Multiply by a uint16.
- (JSC::Uint16WithFraction::operator<):
- - Compare two Uint16WithFractions.
- (JSC::Uint16WithFraction::floorAndSubtract):
- - Extract the integer portion of the number, and subtract it (clears the integer portion).
- (JSC::Uint16WithFraction::comparePoint5):
- - Compare to 0.5.
- (JSC::Uint16WithFraction::sumGreaterThanOne):
- - Passed a second Uint16WithFraction, returns true if the result of adding
- the two values would be greater than one.
- (JSC::Uint16WithFraction::isNormalized):
- - Used by ASSERTs to consistency check internal representation.
- (JSC::BigInteger::BigInteger):
- - helper class, unbounded integer value, used to convert the integer part
- of the number to a string.
- (JSC::BigInteger::divide):
- - Divide this value through by a uint32.
- (JSC::BigInteger::operator!):
- - test for zero.
- (JSC::toStringWithRadix):
- - Performs number to string conversion, with the given radix (2..36).
- (JSC::numberProtoFuncToString):
- - Changed to use toStringWithRadix.
-
-2011-07-02 Gavin Barraclough <barraclough@apple.com>
-
- https://bugs.webkit.org/show_bug.cgi?id=63866
- DFG JIT - implement instanceof
-
- Reviewed by Sam Weinig.
-
- Add ops CheckHasInstance & InstanceOf to implement bytecodes
- op_check_has_instance & op_instanceof. This is an initial
- functional implementation, performance is a wash. We can
- follow up with changes to fuse the InstanceOf node with
- a subsequant branch, as we do with other comparisons.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::jitAssertIsCell):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::jitAssertIsCell):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-01 Oliver Hunt <oliver@apple.com>
-
- IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
- https://bugs.webkit.org/show_bug.cgi?id=63732
-
- Reviewed by Gavin Barraclough.
-
- Initialise the memory at the head of the new storage so that
- GC is safe if triggered by reportExtraMemoryCost.
-
- * runtime/JSArray.cpp:
- (JSC::JSArray::increaseVectorPrefixLength):
-
-2011-07-01 Oliver Hunt <oliver@apple.com>
-
- GC sweep can occur before an object is completely initialised
- https://bugs.webkit.org/show_bug.cgi?id=63836
-
- Reviewed by Gavin Barraclough.
-
- In rare cases it's possible for a GC sweep to occur while a
- live, but not completely initialised object is on the stack.
- In such a case we may incorrectly choose to mark it, even
- though it has no children that need marking.
-
- We resolve this by always zeroing out the structure of any
- value returned from JSCell::operator new(), and making the
- markstack tolerant of a null structure.
-
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::~JSCell):
- (JSC::JSCell::JSCell::operator new):
- * runtime/Structure.h:
- (JSC::MarkStack::internalAppend):
-
-2011-07-01 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG non-speculative JIT always performs slow C calls for div and mod.
- https://bugs.webkit.org/show_bug.cgi?id=63684
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-07-01 Juan C. Montemayor <jmont@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Lexer error messages are currently appalling
- https://bugs.webkit.org/show_bug.cgi?id=63340
-
- Added error messages for the Lexer. These messages will be displayed
- instead of the lexer error messages from the parser that are currently
- shown.
-
- * parser/Lexer.cpp:
- (JSC::Lexer::getInvalidCharMessage):
- (JSC::Lexer::setCode):
- (JSC::Lexer::parseString):
- (JSC::Lexer::lex):
- (JSC::Lexer::clear):
- * parser/Lexer.h:
- (JSC::Lexer::getErrorMessage):
- (JSC::Lexer::setOffset):
- * parser/Parser.cpp:
- (JSC::Parser::parse):
-
-2011-07-01 Jungshik Shin <jshin@chromium.org>
-
- Reviewed by Alexey Proskuryakov.
-
- Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
- build files for ports not using ICU.
- Add icu/unicode/uscript.h for ports using ICU. It's taken from
- ICU 3.6 (the version used on Mac OS 10.5)
-
- http://bugs.webkit.org/show_bug.cgi?id=20797
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * icu/unicode/uscript.h: Added for UScriptCode enum.
- * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
- * wtf/unicode/icu/UnicodeIcu.h:
- * wtf/unicode/brew/UnicodeBrew.h:
- * wtf/unicode/glib/UnicodeGLib.h:
- * wtf/unicode/qt4/UnicodeQt4.h:
- * wtf/unicode/wince/UnicodeWinCE.h:
-
-2011-07-01 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=63819
- Escaping of forwardslashes in strings incorrect if multiple exist.
-
- The bug is in the parameters passed to a substring - should be
- start & length, but we're passing start & end indices!
-
- * runtime/RegExpObject.cpp:
- (JSC::regExpObjectSource):
-
-2011-07-01 Adam Roben <aroben@apple.com>
-
- Roll out r90194
- http://trac.webkit.org/changeset/90194
- https://bugs.webkit.org/show_bug.cgi?id=63778
-
- Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
- assertions in WriteBarrierBase<JSC::Structure>::get
-
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::~JSCell):
-
-2011-06-30 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Add optimised paths for a few maths functions
- https://bugs.webkit.org/show_bug.cgi?id=63757
-
- Relanding as a Mac only patch.
-
- This adds specialised thunks for Math.abs, Math.round, Math.ceil,
- Math.floor, Math.log, and Math.exp as they are apparently more
- important in real web content than we thought, which is somewhat
- mind-boggling. On average doubles the performance of the common
- cases (eg. actually passing numbers in). They're not as efficient
- as they could be, but this way gives them the most portability.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::supportsDoubleBitops):
- (JSC::MacroAssemblerARM::andnotDouble):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
- (JSC::MacroAssemblerARMv7::andnotDouble):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::andnotDouble):
- (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::supportsDoubleBitops):
- (JSC::MacroAssemblerSH4::andnotDouble):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::supportsDoubleBitops):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::andnotDouble):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::andnpd_rr):
- * create_hash_table:
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::finalize):
- (JSC::SpecializedThunkJIT::callDoubleToDouble):
- * jit/ThunkGenerators.cpp:
- (JSC::floorThunkGenerator):
- (JSC::ceilThunkGenerator):
- (JSC::roundThunkGenerator):
- (JSC::expThunkGenerator):
- (JSC::logThunkGenerator):
- (JSC::absThunkGenerator):
- * jit/ThunkGenerators.h:
-
-2011-07-01 David Kilzer <ddkilzer@apple.com>
-
- <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
-
- Fixes the following build error in clang:
-
- JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
- map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
- ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
- JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
- map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
- ^
- ( )
- fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
- fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
- JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
- map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
- ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 1 error generated.
-
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
- tertiary expression evaluate first.
-
-2011-07-01 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r90177 and r90179.
- http://trac.webkit.org/changeset/90177
- http://trac.webkit.org/changeset/90179
- https://bugs.webkit.org/show_bug.cgi?id=63790
-
- It caused crashes on Qt in debug mode (Requested by Ossy on
- #webkit).
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::rshift32):
- (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARM::sqrtDouble):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
- (JSC::MacroAssemblerARMv7::sqrtDouble):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::sqrtDouble):
- (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::sqrtDouble):
- * assembler/MacroAssemblerX86.h:
- * assembler/MacroAssemblerX86Common.h:
- * assembler/MacroAssemblerX86_64.h:
- * assembler/X86Assembler.h:
- * create_hash_table:
- * jit/JSInterfaceJIT.h:
- (JSC::JSInterfaceJIT::emitLoadDouble):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::finalize):
- * jit/ThunkGenerators.cpp:
- * jit/ThunkGenerators.h:
-
-2011-06-30 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Beth Dakin.
-
- Make GC validation clear cell structure on destruction
- https://bugs.webkit.org/show_bug.cgi?id=63778
-
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::~JSCell):
-
-2011-06-30 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Added write barrier that was missing from put_by_id_transition
- https://bugs.webkit.org/show_bug.cgi?id=63775
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
- MacroAssembler& argument so our patching functions could use it.
-
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
-
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCachePutByID): Missing barrier!
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
- * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
- because its meaning isn't clear -- maybe in the future we'll have a
- clear way to pass all stores through a common function that guarantees
- a write barrier, but that's not the case right now.
-
-2011-06-30 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG non-speculative JIT does not reuse registers when compiling comparisons.
- https://bugs.webkit.org/show_bug.cgi?id=63565
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
- (JSC::DFG::NonSpeculativeJIT::compare):
-
-2011-06-30 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Added empty write barrier stubs in all the right places in the DFG JIT
- https://bugs.webkit.org/show_bug.cgi?id=63764
-
- SunSpider thinks this might be a 0.5% speedup. Meh.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
-
- (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
- for the case where base == scratch, since we now require base and scratch
- to be not equal, for the sake of the write barrier.
-
- * dfg/DFGJITCodeGenerator.h: Le stub.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
- as the scratch register, since that's incompatible with the write barrier,
- which needs a distinct base and scratch.
-
- Do put the global object into a register before loading its var storage,
- since it needs to be in a register for the write barrier to operate on it.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
- places.
-
- (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
- is a little more than meaningless.
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
- places.
-
- (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
- is a little more than meaningless.
-
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
- we put the global object in a register and only then load its var storage
- by offset.
-
- (JSC::JIT::emitWriteBarrier):
-
-2011-06-30 Oliver Hunt <oliver@apple.com>
-
- Fix ARMv6 build
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::rshift32):
-
-2011-06-30 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Add optimised paths for a few maths functions
- https://bugs.webkit.org/show_bug.cgi?id=63757
-
- This adds specialised thunks for Math.abs, Math.round, Math.ceil,
- Math.floor, Math.log, and Math.exp as they are apparently more
- important in real web content than we thought, which is somewhat
- mind-boggling. On average doubles the performance of the common
- cases (eg. actually passing numbers in). They're not as efficient
- as they could be, but this way gives them the most portability.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::supportsDoubleBitops):
- (JSC::MacroAssemblerARM::andnotDouble):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
- (JSC::MacroAssemblerARMv7::andnotDouble):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::andnotDouble):
- (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::supportsDoubleBitops):
- (JSC::MacroAssemblerSH4::andnotDouble):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::supportsDoubleBitops):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::andnotDouble):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::andnpd_rr):
- * create_hash_table:
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::finalize):
- (JSC::SpecializedThunkJIT::callDoubleToDouble):
- * jit/ThunkGenerators.cpp:
- (JSC::floorThunkGenerator):
- (JSC::ceilThunkGenerator):
- (JSC::roundThunkGenerator):
- (JSC::expThunkGenerator):
- (JSC::logThunkGenerator):
- (JSC::absThunkGenerator):
- * jit/ThunkGenerators.h:
-
-2011-06-30 Cary Clark <caryclark@google.com>
-
- Reviewed by James Robinson.
-
- Use Skia if Skia on Mac Chrome is enabled
- https://bugs.webkit.org/show_bug.cgi?id=62999
-
- * wtf/Platform.h:
- Add switch to use Skia if, externally,
- Skia has been enabled by a gyp define.
-
-2011-06-30 Juan C. Montemayor <jmont@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Web Inspector fails to display source for eval with syntax error
- https://bugs.webkit.org/show_bug.cgi?id=63583
-
- Web Inspector now displays a link to an eval statement that contains
- a syntax error.
-
- * parser/Parser.h:
- (JSC::isEvalNode):
- (JSC::EvalNode):
- (JSC::Parser::parse):
-
-2011-06-30 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- X86Assembler does not encode byte registers in 64-bit mode correctly.
- https://bugs.webkit.org/show_bug.cgi?id=63665
-
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::testb_rr):
- (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
-
-2011-06-30 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r90102.
- http://trac.webkit.org/changeset/90102
- https://bugs.webkit.org/show_bug.cgi?id=63714
-
- Lots of tests asserting beneath
- SVGSMILElement::findInstanceTime (Requested by aroben on
- #webkit).
-
- * wtf/StdLibExtras.h:
- (WTF::binarySearch):
-
-2011-06-30 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
-
- Reviewed by Nikolas Zimmermann.
-
- Speed up SVGSMILElement::findInstanceTime.
- https://bugs.webkit.org/show_bug.cgi?id=61025
-
- Add a new parameter to StdlibExtras.h::binarySerarch function
- to also handle cases when the array does not contain the key value.
- This is needed for an svg function.
-
- * wtf/StdLibExtras.h:
- (WTF::binarySearch):
-
-2011-06-29 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- https://bugs.webkit.org/show_bug.cgi?id=63669
- DFG JIT - fix spectral-norm regression
-
- The problem is a mis-speculation leading to us falling off the speculative path.
- Make the speculation logic slightly smarter, don't predict int if one of the
- operands is already loaded as a double (we use this logic already for compares).
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-
-2011-06-29 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG JIT does not do put_by_id transition caching.
- https://bugs.webkit.org/show_bug.cgi?id=63662
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addPropertyAccess):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::testPrototype):
- (JSC::DFG::tryCachePutByID):
-
-2011-06-29 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Added a dummy write barrier emitting function in all the right places in the old JIT
- https://bugs.webkit.org/show_bug.cgi?id=63667
-
- SunSpider reports no change.
-
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emit_op_put_scoped_var): Do it.
-
- (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
- for the sake of the write barrier.
-
- (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emit_op_put_scoped_var): Do it.
-
- (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
- for the sake of the write barrier.
-
- (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
-
-2011-06-29 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG JIT does not perform get_by_id self list caching.
- https://bugs.webkit.org/show_bug.cgi?id=63605
-
- * bytecode/StructureStubInfo.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::tryBuildGetByIDList):
- (JSC::DFG::dfgBuildGetByIDList):
- * dfg/DFGRepatch.h:
-
-2011-06-28 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG JIT lacks array.length caching.
- https://bugs.webkit.org/show_bug.cgi?id=63505
-
- * bytecode/StructureStubInfo.h:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::tryAllocate):
- (JSC::DFG::JITCodeGenerator::selectScratchGPR):
- (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addPropertyAccess):
- (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
- * dfg/DFGRegisterBank.h:
- (JSC::DFG::RegisterBank::tryAllocate):
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::tryCacheGetByID):
-
-2011-06-28 Pierre Rossi <pierre.rossi@gmail.com>
-
- Reviewed by Eric Seidel.
-
- Warnings in JSC's JIT on 32 bit
- https://bugs.webkit.org/show_bug.cgi?id=63259
-
- Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
-
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
-
-2011-06-28 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r89968.
- http://trac.webkit.org/changeset/89968
- https://bugs.webkit.org/show_bug.cgi?id=63581
-
- Broke chromium windows compile (Requested by jamesr on
- #webkit).
-
- * wtf/Platform.h:
-
-2011-06-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Fix sampling build
- https://bugs.webkit.org/show_bug.cgi?id=63579
-
- Gets opcode sampling building again, doesn't seem to work alas
-
- * bytecode/SamplingTool.cpp:
- (JSC::SamplingTool::notifyOfScope):
- * bytecode/SamplingTool.h:
- (JSC::SamplingTool::SamplingTool):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::enableSampler):
- * runtime/Executable.h:
- (JSC::ScriptExecutable::ScriptExecutable):
-
-2011-06-28 Cary Clark <caryclark@google.com>
-
- Reviewed by James Robinson.
-
- Use Skia if Skia on Mac Chrome is enabled
- https://bugs.webkit.org/show_bug.cgi?id=62999
-
- * wtf/Platform.h:
- Add switch to use Skia if, externally,
- Skia has been enabled by a gyp define.
-
-2011-06-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- ASSERT when launching debug builds with interpreter and jit enabled
- https://bugs.webkit.org/show_bug.cgi?id=63566
-
- Add appropriate guards to the various Executable's memory reporting
- logic.
-
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-06-28 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=63563
- DFG JIT - add support for double arith to speculative path
-
- Add integer support for div & mod, add double support for div, mod,
- add, sub & mul, dynamically selecting based on operand types.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::FPRTemporary::FPRTemporary):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::assembler):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
- (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
- (JSC::DFG::SpeculateDoubleOperand::index):
- (JSC::DFG::SpeculateDoubleOperand::fpr):
-
-2011-06-28 Oliver Hunt <oliver@apple.com>
-
- Fix interpreter build.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
-
-2011-06-28 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=63561
- DFG JIT - don't always assume integer in relational compare
-
- If neither operand is known integer, or either is in double representation,
- then at least use a function call (don't bail off the speculative path).
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
- (JSC::DFG::SpeculativeJIT::compareIsInteger):
-
-2011-06-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make constant array optimisation less strict about what constitutes a constant
- https://bugs.webkit.org/show_bug.cgi?id=63554
-
- Now allow string constants in array literals to actually be considered constant,
- and so avoid codegen in array literals with strings in them.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addConstantBuffer):
- (JSC::CodeBlock::constantBuffer):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addConstantBuffer):
- (JSC::BytecodeGenerator::addStringConstant):
- (JSC::BytecodeGenerator::emitNewArray):
- * bytecompiler/BytecodeGenerator.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
-
-2011-06-28 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=63560
- DFG_JIT allow allocation of specific machine registers
-
- This allow us to allocate the registers necessary to perform x86
- idiv instructions for div/mod, and may be useful for shifts, too.
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::GPRTemporary::GPRTemporary):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::allocate):
- (JSC::DFG::GPRResult::GPRResult):
- * dfg/DFGRegisterBank.h:
- (JSC::DFG::RegisterBank::allocateSpecific):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isInteger):
-
-2011-06-28 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=55040
- RegExp constructor returns the argument regexp instead of a new object
-
- Per 15.10.3.1, our current behaviour is correct if called as a function,
- but incorrect when called as a constructor.
-
- * runtime/RegExpConstructor.cpp:
- (JSC::constructRegExp):
- (JSC::constructWithRegExpConstructor):
- * runtime/RegExpConstructor.h:
-
-2011-06-28 Luke Macpherson <macpherson@chromium.org>
-
- Reviewed by Darin Adler.
-
- Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
- https://bugs.webkit.org/show_bug.cgi?id=63469
-
- * wtf/MathExtras.h:
- (defaultMinimumForClamp):
- Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
- (defaultMaximumForClamp):
- Symmetric alias for std::numeric_limits::max()
- (clampTo):
- New templated clamping function that supports arbitrary output types.
- (clampToInteger):
- Use new clampTo template.
- (clampToFloat):
- Use new clampTo template.
- (clampToPositiveInteger):
- Use new clampTo template.
-
-2011-06-28 Adam Roben <aroben@apple.com>
-
- Windows Debug build fix after r89885
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
- JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
-
-2011-06-28 Shinya Kawanaka <shinyak@google.com>
-
- Reviewed by Kent Tamura.
-
- Add const to show() method in WTFString and AtomicString.
- https://bugs.webkit.org/show_bug.cgi?id=63515
-
- The lack of const in show() method is painful when
- doing something like printf-debug.
-
- * wtf/text/AtomicString.cpp:
- (WTF::AtomicString::show):
- * wtf/text/AtomicString.h:
- * wtf/text/WTFString.cpp:
- (String::show):
- * wtf/text/WTFString.h:
-
-2011-06-27 Ryosuke Niwa <rniwa@webkit.org>
-
- Build fix attempt after r89885.
-
- * JavaScriptCore.exp:
- * jsc.cpp:
-
-2011-06-27 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Support throwing away non-running code even while other code is running
- https://bugs.webkit.org/show_bug.cgi?id=63485
-
- Add a function to CodeBlock to support unlinking direct linked callsites,
- and then with that in place add logic to discard code from any function
- that is not currently on the stack.
-
- The unlinking completely reverts any optimized call sites, such that they
- may be relinked again in future.
-
- * JavaScriptCore.exp:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::unlinkCalls):
- (JSC::CodeBlock::clearEvalCache):
- * bytecode/CodeBlock.h:
- (JSC::CallLinkInfo::CallLinkInfo):
- (JSC::CallLinkInfo::unlink):
- * bytecode/EvalCodeCache.h:
- (JSC::EvalCodeCache::clear):
- * heap/Heap.cpp:
- (JSC::Heap::getConservativeRegisterRoots):
- * heap/Heap.h:
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCall):
- * jit/JITWriteBarrier.h:
- (JSC::JITWriteBarrierBase::clear):
- * jsc.cpp:
- (GlobalObject::GlobalObject):
- (functionReleaseExecutableMemory):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::unlinkCalls):
- (JSC::ProgramExecutable::unlinkCalls):
- (JSC::FunctionExecutable::discardCode):
- (JSC::FunctionExecutable::unlinkCalls):
- * runtime/Executable.h:
- * runtime/JSGlobalData.cpp:
- (JSC::SafeRecompiler::returnValue):
- (JSC::SafeRecompiler::operator()):
- (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-06-27 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Darin Adler & Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=50554
- RegExp.prototype.toString does not escape slashes
-
- The problem here is that we don't escape forwards slashes when converting
- a RegExp to a string. This means that RegExp("/").toString() is "///",
- which is not a valid RegExp literal. Also, we return an invalid literal
- for RegExp.prototype.toString() ("//", which is an empty single-line comment).
-
- From ES5:
- "NOTE: The returned String has the form of a RegularExpressionLiteral that
- evaluates to another RegExp object with the same behaviour as this object."
-
- * runtime/RegExpObject.cpp:
- (JSC::regExpObjectSource):
- - Escape forward slashes when getting the source of a RegExp.
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncToString):
- - Remove unnecessary and erroneous hack to return "//" as the string
- representation of RegExp.prototype. This is not a valid RegExp literal
- (it is an empty single-line comment).
-
-2011-06-27 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=63497
- Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-27 Juan C. Montemayor <jmont@apple.com>
-
- Reviewed by Mark Rowe.
-
- Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
- https://bugs.webkit.org/show_bug.cgi?id=63392
-
- When both TextPosition.h and XPathGrammar.h are included a compile-error
- is caused, since XPathGrammar.h defines a macro called NUMBER and
- TextPosition has a typedef named NUMBER.
-
- * wtf/text/TextPosition.h:
- (WTF::TextPosition::TextPosition):
- (WTF::TextPosition::minimumPosition):
- (WTF::TextPosition::belowRangePosition):
-
-2011-06-27 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG JIT does not perform put_by_id caching.
- https://bugs.webkit.org/show_bug.cgi?id=63409
-
- * bytecode/StructureStubInfo.h:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedPutById):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::addPropertyAccess):
- (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGOperations.cpp:
- * dfg/DFGOperations.h:
- * dfg/DFGRepatch.cpp:
- (JSC::DFG::dfgRepatchByIdSelfAccess):
- (JSC::DFG::tryCacheGetByID):
- (JSC::DFG::appropriatePutByIdFunction):
- (JSC::DFG::tryCachePutByID):
- (JSC::DFG::dfgRepatchPutByID):
- * dfg/DFGRepatch.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-27 Gustavo Noronha Silva <gns@gnome.org>
-
- Unreviewed build fix. One more filed missing during distcheck, for
- the MIPS build.
-
- * GNUmakefile.list.am:
-
-2011-06-26 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
- https://bugs.webkit.org/show_bug.cgi?id=63347
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- - Changed arithmetic operations to speculate in favor of integers.
- (JSC::DFG::NonSpeculativeJIT::valueToNumber):
- (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
- (JSC::DFG::NonSpeculativeJIT::basicArithOp):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
+ (JSC::DFG::canInlineOpcode):
+ * dfg/DFGNodeType.h:
+ (DFG):
* dfg/DFGOperations.cpp:
- - Added slow-path routines for arithmetic that perform no speculation; the
- non-speculative JIT will generate calls to these in cases where its
- speculation fails.
* dfg/DFGOperations.h:
-
-2011-06-24 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Reviewed by Rob Buis.
-
- Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
- https://bugs.webkit.org/show_bug.cgi?id=59085
-
- * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
-
-2011-06-24 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
- https://bugs.webkit.org/show_bug.cgi?id=63345
-
- The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
- return 9 and 10 bit quantities, therefore changed their return type from
- uint8_t to uint16_t. Also casted the places where they are used as they
- are currently shifted and used as 7 or 8 bit values.
-
- These methods are currently used for literals for stack offsets,
- including creating and destroying stack frames. The prior truncation of
- the upper bits caused stack frames to be too small, thus allowing a
- JIT'ed function to access and overwrite stack space outside of the
- incorrectly sized stack frame.
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMThumbImmediate::getUInt9):
- (JSC::ARMThumbImmediate::getUInt10):
- (JSC::ARMv7Assembler::add):
- (JSC::ARMv7Assembler::ldr):
- (JSC::ARMv7Assembler::str):
- (JSC::ARMv7Assembler::sub):
- (JSC::ARMv7Assembler::sub_S):
-
-2011-06-24 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
- https://bugs.webkit.org/show_bug.cgi?id=63015
-
- Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
- min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList(). These
- adjustments are a bug. These need to reflect the pages that are released
- in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
- Made ReleaseFreeList a member of TCMalloc_PageHeap in the process. Updated
- Check() and helper method CheckList() to check the number of actual free pages
- with free_committed_pages_.
-
- The symptom of the problem of the existing code is that the scavenger may
- run unneccesarily without any real work to do, i.e. pages on the free lists.
- The scanvenger would also end up freeing too many pages, that is going below
- the current 528 target free pages.
-
- Note that the style of the changes was kept consistent with the
- existing style.
-
- * wtf/FastMalloc.cpp:
- (WTF::TCMalloc_PageHeap::Check):
- (WTF::TCMalloc_PageHeap::CheckList):
- (WTF::TCMalloc_PageHeap::ReleaseFreeList):
-
-2011-06-24 Abhishek Arya <inferno@chromium.org>
-
- Reviewed by Darin Adler.
-
- Match other clampTo* functions in style with clampToInteger(float)
- function.
- https://bugs.webkit.org/show_bug.cgi?id=53449
-
- * wtf/MathExtras.h:
- (clampToInteger):
- (clampToFloat):
- (clampToPositiveInteger):
-
-2011-06-24 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r89594.
- http://trac.webkit.org/changeset/89594
- https://bugs.webkit.org/show_bug.cgi?id=63316
-
- It broke 5 tests on the Qt bot (Requested by Ossy_DC on
- #webkit).
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * icu/unicode/uscript.h: Removed.
- * wtf/unicode/ScriptCodesFromICU.h: Removed.
- * wtf/unicode/brew/UnicodeBrew.h:
- * wtf/unicode/glib/UnicodeGLib.h:
- * wtf/unicode/icu/UnicodeIcu.h:
- * wtf/unicode/qt4/UnicodeQt4.h:
- * wtf/unicode/wince/UnicodeWinCE.h:
-
-2011-06-23 Filip Pizlo <fpizlo@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
- https://bugs.webkit.org/show_bug.cgi?id=63173
-
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::cachedGetById):
- * dfg/DFGJITCodeGenerator.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-23 Oliver Hunt <oliver@apple.com>
-
- Fix Qt again.
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::readPointer):
-
-2011-06-23 Oliver Hunt <oliver@apple.com>
-
- Fix Qt Build
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::readPointer):
-
-2011-06-23 Stephanie Lewis <slewis@apple.com>
-
- Reviewed by Darin Adler.
-
- https://bugs.webkit.org/show_bug.cgi?id=63298
- Replace Malloc with FastMalloc to match the rest of wtf.
-
- * wtf/BlockStack.h:
- (WTF::::~BlockStack):
- (WTF::::grow):
- (WTF::::shrink):
-
-2011-06-23 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Add the ability to dynamically modify linked call sites
- https://bugs.webkit.org/show_bug.cgi?id=63291
-
- Add JITWriteBarrier as a writebarrier class that allows
- reading and writing directly into the code stream.
-
- This required adding logic to all the assemblers to allow
- us to read values back out of the instruction stream.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::readPointer):
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::readPointer):
- (JSC::ARMv7Assembler::readInt32):
- (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
- (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::readPointer):
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::readInt32):
- (JSC::MIPSAssembler::readPointer):
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::MacroAssemblerCodePtr::operator!):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::readPCrelativeAddress):
- (JSC::SH4Assembler::readPointer):
- (JSC::SH4Assembler::readInt32):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::readPointer):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeBlock.h:
- (JSC::MethodCallLinkInfo::seenOnce):
- (JSC::MethodCallLinkInfo::setSeen):
- * heap/MarkStack.h:
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- (JSC::JIT::linkCall):
- (JSC::JIT::linkConstruct):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::patchMethodCallProto):
- * jit/JITPropertyAccess32_64.cpp:
- * jit/JITWriteBarrier.h: Added.
- (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
- (JSC::JITWriteBarrierBase::operator!):
- (JSC::JITWriteBarrierBase::setFlagOnBarrier):
- (JSC::JITWriteBarrierBase::isFlagged):
- (JSC::JITWriteBarrierBase::setLocation):
- (JSC::JITWriteBarrierBase::location):
- (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
- (JSC::JITWriteBarrierBase::set):
- (JSC::JITWriteBarrierBase::get):
- (JSC::JITWriteBarrier::JITWriteBarrier):
- (JSC::JITWriteBarrier::set):
- (JSC::JITWriteBarrier::get):
- (JSC::MarkStack::append):
-
-2011-06-23 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=61585
- Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
-
- This is due to use of int instead of unsigned, bad math around
- the 2^31 boundary.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::ByteCompiler::emitDisjunction):
- - Change some uses of int to unsigned, refactor compare logic to
- restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::generate):
- (JSC::Yarr::YarrGenerator::backtrack):
- - Ditto.
-
-2011-06-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=63218
- DFG JIT - remove machine type guarantees from graph
-
- The DFG JIT currently makes assumptions about the types of machine registers
- that certain nodes will be loaded into. This will be broken as we generate
- nodes to produce both integer and double code paths. Remove int<->double
- conversions nodes. This design decision also gave rise to multiple types of
- constant nodes, requiring separate handling for each type. Merge these back
- into JSConstant.
-
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getToInt32):
- (JSC::DFG::ByteCodeParser::getToNumber):
- (JSC::DFG::ByteCodeParser::toInt32):
- (JSC::DFG::ByteCodeParser::toNumber):
- (JSC::DFG::ByteCodeParser::isInt32Constant):
- (JSC::DFG::ByteCodeParser::isDoubleConstant):
- (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
- (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
- (JSC::DFG::ByteCodeParser::one):
- (JSC::DFG::ByteCodeParser::predictInt32):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::JITCodeGenerator::isJSConstant):
- (JSC::DFG::JITCodeGenerator::isDoubleConstant):
- (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::fillInt32ToInteger):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::isJSConstant):
- (JSC::DFG::JITCompiler::isInt32Constant):
- (JSC::DFG::JITCompiler::isDoubleConstant):
- (JSC::DFG::JITCompiler::valueOfJSConstant):
- (JSC::DFG::JITCompiler::valueOfInt32Constant):
- (JSC::DFG::JITCompiler::valueOfDoubleConstant):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::isConstant):
- (JSC::DFG::Node::notTakenBytecodeOffset):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
- (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-23 Jungshik Shin <jshin@chromium.org>
-
- Reviewed by Alexey Proskuryakov.
-
- Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
- build files for ports not using ICU.
- Add icu/unicode/uscript.h for ports using ICU. It's taken from
- ICU 3.6 (the version used on Mac OS 10.5)
-
- http://bugs.webkit.org/show_bug.cgi?id=20797
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * icu/unicode/uscript.h: Added for UScriptCode enum.
- * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
- * wtf/unicode/icu/UnicodeIcu.h:
- * wtf/unicode/brew/UnicodeBrew.h:
- * wtf/unicode/glib/UnicodeGLib.h:
- * wtf/unicode/qt4/UnicodeQt4.h:
- * wtf/unicode/wince/UnicodeWinCE.h:
-
-2011-06-23 Ryuan Choi <ryuan.choi@samsung.com>
-
- Reviewed by Andreas Kling.
-
- [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
- https://bugs.webkit.org/show_bug.cgi?id=63228
-
- * wtf/Platform.h: Add PLATFORM(EFL) guard.
-
-2011-06-23 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r89547.
- http://trac.webkit.org/changeset/89547
- https://bugs.webkit.org/show_bug.cgi?id=63252
-
- "Chrmium crash on start" (Requested by yurys on #webkit).
-
- * wtf/DynamicAnnotations.cpp:
- (WTFAnnotateBenignRaceSized):
- (WTFAnnotateHappensBefore):
- (WTFAnnotateHappensAfter):
- * wtf/DynamicAnnotations.h:
-
-2011-06-23 Timur Iskhodzhanov <timurrrr@google.com>
-
- Reviewed by David Levin.
-
- Make dynamic annotations weak symbols and prevent identical code folding by the linker
- https://bugs.webkit.org/show_bug.cgi?id=62443
-
- * wtf/DynamicAnnotations.cpp:
- (WTFAnnotateBenignRaceSized):
- (WTFAnnotateHappensBefore):
- (WTFAnnotateHappensAfter):
- * wtf/DynamicAnnotations.h:
-
-2011-06-22 Yael Aharon <yael.aharon@nokia.com>
-
- Reviewed by Andreas Kling.
-
- [Qt] Add a build flag for building with libxml2 and libxslt.
- https://bugs.webkit.org/show_bug.cgi?id=63113
-
- * wtf/Platform.h:
-
-2011-06-22 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r89489.
- http://trac.webkit.org/changeset/89489
- https://bugs.webkit.org/show_bug.cgi?id=63203
-
- Broke chromium mac build on build.webkit.org (Requested by
- abarth on #webkit).
-
- * wtf/Platform.h:
-
-2011-06-22 Cary Clark <caryclark@google.com>
-
- Reviewed by Darin Fisher.
-
- Use Skia if Skia on Mac Chrome is enabled
- https://bugs.webkit.org/show_bug.cgi?id=62999
-
- * wtf/Platform.h:
- Add switch to use Skia if, externally,
- Skia has been enabled by a gyp define.
-
-2011-06-22 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
-
-2011-06-22 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed the conceit that global variables are local variables when running global code
- https://bugs.webkit.org/show_bug.cgi?id=63106
-
- This is required for write barrier correctness.
-
- SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
- I was able to reduce the regression with a tiny peephole optimization in
- the bytecompiler, but not eliminate it. I'm committing this assuming
- that turning on generational GC will win back at least 0.5%.
-
- (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
- the global object's var storage. I considered doing the same kind of
- optimization in the existing JIT, but it seemed like moving in the wrong
- direction.)
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addGlobalVar):
- (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
- negative indices, since they're no longer negatively offset from the
- current stack frame.
-
- Do give global variables monotonically increasing positive indices, since
- that's much easier to work with.
-
- Don't limit the number of optimizable global variables, since it's no
- longer limited by the register file, since they're no longer stored in
- the register file.
-
- (JSC::BytecodeGenerator::registerFor): Global code never has any local
- registers because a var in global code is actually a property of the
- global object.
-
- (JSC::BytecodeGenerator::constRegisterFor): Ditto.
-
- (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
- propagation and dead code elimination to speed up our compiles and
- reduce WTFs / minute.
-
- * bytecompiler/BytecodeGenerator.h:
- (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
-
- (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
- global code, since there are none.
-
- (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
- in global code (i.e., global vars), since there are some.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- (JSC::Interpreter::Interpreter):
- (JSC::Interpreter::dumpRegisters):
- (JSC::Interpreter::execute):
- * interpreter/Interpreter.h: Updated for deleted / renamed code.
-
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::gatherConservativeRoots):
- (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
- data members.
-
- * interpreter/RegisterFile.h:
- (JSC::RegisterFile::begin):
- (JSC::RegisterFile::size):
- (JSC::RegisterFile::RegisterFile):
- (JSC::RegisterFile::shrink): Removed all code and comments dealing with
- global variables stored in the register file.
-
- (JSC::RegisterFile::grow): Updated for same.
-
- Also, a slight correctness fix: Test the VM commit end, and not just the
- in-use end, when checking for stack overflow. In theory, it's invalid to
- commit past the end of your allocation, even if you never touch that
- memory. This makes the usable size of the stack slightly smaller. No test
- because we don't know of any case in practice where this crashes.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::resizeRegisters):
- (JSC::JSGlobalObject::addStaticGlobals):
- * runtime/JSGlobalObject.h: Simplified globals to have monotonically
- increasing indexes, always located in our external storage.
-
-2011-06-21 MORITA Hajime <morrita@google.com>
-
- Unreviewed, rolling out r89401 and r89403.
- http://trac.webkit.org/changeset/89401
- http://trac.webkit.org/changeset/89403
- https://bugs.webkit.org/show_bug.cgi?id=62970
-
- Breaks mac build and mistakenly enables the spellcheck API
-
- * Configurations/FeatureDefines.xcconfig:
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-21 Kent Tamura <tkent@chromium.org>
-
- [Mac] Sort Xcode project files.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-20 MORITA Hajime <morrita@google.com>
-
- Reviewed by Kent Tamura.
-
- Spellcheck API should be build-able.
- https://bugs.webkit.org/show_bug.cgi?id=62970
-
- No new tests, changing only build related files
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-06-21 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Moved 'const' off the global-variable-as-local-variable crack pipe
- https://bugs.webkit.org/show_bug.cgi?id=63105
-
- This is necessary for moving the rest of the code off of same.
-
- Many problems remain in our handling of const. I have fixed none of them.
-
- * bytecompiler/BytecodeGenerator.h:
- (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
- const to directly implement its unique scoping rules.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
- for writing, so we don't overwrite const variables.
-
- (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
- variables are available as local variables, since this won't be the case
- once global variables are not available as local variables. Instead, use
- put_scoped_var in the case where there is no local variable. Like a local
- variable, put_scoped_var succeeds even though const properties are
- read-only, since put_scoped_var skips read-only checks. (Yay?)
-
-2011-06-21 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Alexey Proskuryakov.
-
- REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
- https://bugs.webkit.org/show_bug.cgi?id=63052
-
- Release mode only failure, the stack overflow guards were getting there error
- handling inlined, so that they were essentially causing their own demise.
-
- * parser/JSParser.cpp:
- (JSC::JSParser::updateErrorMessage):
- (JSC::JSParser::updateErrorWithNameAndMessage):
-
-2011-06-20 Kenneth Russell <kbr@google.com>
-
- Unreviewed.
-
- Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
- https://bugs.webkit.org/show_bug.cgi?id=63022
-
- * wtf/Platform.h:
-
-2011-06-18 Anders Carlsson <andersca@apple.com>
-
- Reviewed by Darin Adler.
-
- Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
- https://bugs.webkit.org/show_bug.cgi?id=62940
-
- Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
-
- * wtf/PassOwnArrayPtr.h:
- (WTF::PassOwnArrayPtr::operator=):
- * wtf/PassOwnPtr.h:
- (WTF::PassOwnPtr::operator=):
- * wtf/PassRefPtr.h:
- (WTF::PassRefPtr::operator=):
- (WTF::NonNullPassRefPtr::operator=):
-
-2011-06-20 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Darin Adler.
-
- REGRESSION (r79060): Searching for a flight at united.com fails
- https://bugs.webkit.org/show_bug.cgi?id=63003
-
- This original change also broke Twitter, and we attempted to refine the fix to
- address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
- we need to revert the change until we understand the problem better.
-
- * wtf/DateMath.cpp:
- (WTF::parseDateFromNullTerminatedCharacters):
-
-2011-06-20 Juan C. Montemayor <jmont@apple.com>
-
- Reviewed by Oliver Hunt.
-
- No context for javascript parse errors.
- https://bugs.webkit.org/show_bug.cgi?id=62613
-
- Parse errors now show more details like:
- "Unexpected token: ]"
- or
- "Expected token: while"
-
- For reserved names, numbers, indentifiers, strings, lexer errors,
- and EOFs, the following error messages are printed:
-
- "Use of reserved word: super"
- "Unexpected number: 42"
- "Unexpected identifier: "
- "Unexpected string: "foobar""
- "Invalid token character sequence: \u4023"
- "Unexpected EOF"
-
- * parser/JSParser.cpp:
- (JSC::JSParser::consume):
- (JSC::JSParser::getToken):
- (JSC::JSParser::getTokenName):
- (JSC::JSParser::updateErrorMessageSpecialCase):
- (JSC::JSParser::updateErrorMessage):
- (JSC::JSParser::updateErrorWithNameAndMessage):
- (JSC::jsParse):
- (JSC::JSParser::JSParser):
- (JSC::JSParser::parseProgram):
- (JSC::JSParser::parseVarDeclarationList):
- (JSC::JSParser::parseForStatement):
- (JSC::JSParser::parseBreakStatement):
- (JSC::JSParser::parseContinueStatement):
- (JSC::JSParser::parseWithStatement):
- (JSC::JSParser::parseTryStatement):
- (JSC::JSParser::parseStatement):
- (JSC::JSParser::parseFormalParameters):
- (JSC::JSParser::parseFunctionInfo):
- (JSC::JSParser::parseAssignmentExpression):
- (JSC::JSParser::parsePrimaryExpression):
- (JSC::JSParser::parseMemberExpression):
- (JSC::JSParser::parseUnaryExpression):
- * parser/JSParser.h:
- * parser/Lexer.cpp:
- (JSC::Lexer::lex):
- * parser/Parser.cpp:
- (JSC::Parser::parse):
-
-2011-06-20 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Reviewed by Rob Buis.
-
- Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
- https://bugs.webkit.org/show_bug.cgi?id=59085
-
- * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
-
-2011-06-19 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Sam Weinig.
-
- Correct logic for putting errors on the correct line when handling JSONP
- https://bugs.webkit.org/show_bug.cgi?id=62962
-
- Minor fix for the minor fix. *sigh*
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
-
-2011-06-19 Oliver Hunt <oliver@apple.com>
-
- Minor fix to correct layout test results.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
-
-2011-06-17 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- JSONP is unnecessarily slow
- https://bugs.webkit.org/show_bug.cgi?id=62920
-
- JSONP has unfortunately become a fairly common idiom online, yet
- it triggers very poor performance in JSC as we end up doing codegen
- for a large number of property accesses that will
- * only be run once, so the vast amount of logic we dump to handle
- caching of accesses is unnecessary.
- * We are doing codegen that is directly proportional to just
- creating the object in the first place.
-
- This patch extends the use of the literal parser to JSONP-like structures
- in global code, handling a number of different forms I have seen online.
- In an extreme case this improves performance of JSONP by more than 2x
- due to removal of code generation and execution time, and a few optimisations
- that I made to the parser itself.
-
- * API/JSValueRef.cpp:
- (JSValueMakeFromJSONString):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- (JSC::Interpreter::execute):
- * parser/Lexer.cpp:
- (JSC::Lexer::isKeyword):
- * parser/Lexer.h:
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncEval):
- * runtime/JSONObject.cpp:
- (JSC::JSONProtoFuncParse):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::tryJSONPParse):
- (JSC::LiteralParser::makeIdentifier):
- (JSC::LiteralParser::Lexer::lex):
- (JSC::LiteralParser::Lexer::next):
- (JSC::isSafeStringCharacter):
- (JSC::LiteralParser::Lexer::lexString):
- (JSC::LiteralParser::Lexer::lexNumber):
- (JSC::LiteralParser::parse):
- * runtime/LiteralParser.h:
- (JSC::LiteralParser::LiteralParser):
- (JSC::LiteralParser::tryLiteralParse):
- (JSC::LiteralParser::Lexer::Lexer):
-
-2011-06-18 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r89184.
- http://trac.webkit.org/changeset/89184
- https://bugs.webkit.org/show_bug.cgi?id=62927
-
- It broke 22 tests on all bot (Requested by Ossy_weekend on
- #webkit).
-
- * API/JSValueRef.cpp:
- (JSValueMakeFromJSONString):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- (JSC::Interpreter::execute):
- * parser/Lexer.cpp:
- * parser/Lexer.h:
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncEval):
- * runtime/JSONObject.cpp:
- (JSC::JSONProtoFuncParse):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::Lexer::lex):
- (JSC::isSafeStringCharacter):
- (JSC::LiteralParser::Lexer::lexString):
- (JSC::LiteralParser::Lexer::lexNumber):
- (JSC::LiteralParser::parse):
- * runtime/LiteralParser.h:
- (JSC::LiteralParser::LiteralParser):
- (JSC::LiteralParser::tryLiteralParse):
- (JSC::LiteralParser::Lexer::Lexer):
- (JSC::LiteralParser::Lexer::next):
-
-2011-06-17 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- JSONP is unnecessarily slow
- https://bugs.webkit.org/show_bug.cgi?id=62920
-
- JSONP has unfortunately become a fairly common idiom online, yet
- it triggers very poor performance in JSC as we end up doing codegen
- for a large number of property accesses that will
- * only be run once, so the vast amount of logic we dump to handle
- caching of accesses is unnecessary.
- * We are doing codegen that is directly proportional to just
- creating the object in the first place.
-
- This patch extends the use of the literal parser to JSONP-like structures
- in global code, handling a number of different forms I have seen online.
- In an extreme case this improves performance of JSONP by more than 2x
- due to removal of code generation and execution time, and a few optimisations
- that I made to the parser itself.
-
- * API/JSValueRef.cpp:
- (JSValueMakeFromJSONString):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- (JSC::Interpreter::execute):
- * parser/Lexer.cpp:
- (JSC::Lexer::isKeyword):
- * parser/Lexer.h:
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncEval):
- * runtime/JSONObject.cpp:
- (JSC::JSONProtoFuncParse):
- * runtime/LiteralParser.cpp:
- (JSC::LiteralParser::tryJSONPParse):
- (JSC::LiteralParser::makeIdentifier):
- (JSC::LiteralParser::Lexer::lex):
- (JSC::LiteralParser::Lexer::next):
- (JSC::isSafeStringCharacter):
- (JSC::LiteralParser::Lexer::lexString):
- (JSC::LiteralParser::Lexer::lexNumber):
- (JSC::LiteralParser::parse):
- * runtime/LiteralParser.h:
- (JSC::LiteralParser::LiteralParser):
- (JSC::LiteralParser::tryLiteralParse):
- (JSC::LiteralParser::Lexer::Lexer):
-
-2011-06-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Moved some property access JIT code into property access JIT files
- https://bugs.webkit.org/show_bug.cgi?id=62906
-
- * jit/JITOpcodes.cpp:
- * jit/JITOpcodes32_64.cpp:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emitSlow_op_put_by_val):
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_get_global_var):
- (JSC::JIT::emit_op_put_global_var):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_get_global_var):
- (JSC::JIT::emit_op_put_global_var):
-
-2011-06-17 Anders Carlsson <andersca@apple.com>
-
- Build fix.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-17 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the Leopard build?
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-16 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Added some write barrier action, compiled out by default
- https://bugs.webkit.org/show_bug.cgi?id=62844
-
- * JavaScriptCore.exp: Build!
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
- issue with Heap.cpp.
-
- * heap/Heap.cpp:
- (JSC::Heap::writeBarrierSlowCase):
- * heap/Heap.h:
- (JSC::Heap::writeBarrier):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::isAtomAligned):
- (JSC::MarkedBlock::blockFor):
- (JSC::MarkedBlock::atomNumber):
- (JSC::MarkedBlock::ownerSetNumber):
- (JSC::MarkedBlock::addOldSpaceOwner):
- (JSC::MarkedBlock::OwnerSet::OwnerSet):
- (JSC::MarkedBlock::OwnerSet::add):
- (JSC::MarkedBlock::OwnerSet::clear):
- (JSC::MarkedBlock::OwnerSet::size):
- (JSC::MarkedBlock::OwnerSet::didOverflow):
- (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
- tracks owners for regions within blocks. Currently unused.
-
-2011-06-17 Raphael Kubo da Costa <kubo@profusion.mobi>
-
- Reviewed by Eric Seidel.
-
- [EFL] Add some OwnPtr specializations for EFL types.
- For now there are specializations for Ecore_Evas and Evas_Object.
- https://bugs.webkit.org/show_bug.cgi?id=62877
-
- * wtf/CMakeListsEfl.txt:
- * wtf/OwnPtrCommon.h:
- * wtf/efl/OwnPtrEfl.cpp: Added.
- (WTF::deleteOwnedPtr):
-
-2011-06-17 Joone Hur <joone.hur@collabora.co.uk>
-
- Reviewed by Martin Robinson.
-
- [GTK] Replace GdkRectangle by cairo_rectangle_int_t
- https://bugs.webkit.org/show_bug.cgi?id=60687
-
- Replace GdkRectangle by cairo_rectangle_int_t.
-
- * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
-
-2011-06-16 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=53014
- ES5 strict mode keyword restrictions aren't implemented
-
- The following are future restricted words is strict mode code:
- implements, interface, let, package, private, protected, public, static, yield
-
- * parser/JSParser.h:
- - Add RESERVED_IF_STRICT token.
- * parser/Keywords.table:
- - Add new future restricted words.
- * parser/Lexer.cpp:
- (JSC::Lexer::parseIdentifier):
- - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
- (JSC::Lexer::lex):
- - Pass strictMode flag to parseIdentifier.
- * parser/Lexer.h:
- - parseIdentifier needs a strictMode flag.
- * runtime/CommonIdentifiers.h:
- - Add identifiers for new reserved words.
-
-2011-06-16 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=23611
- Multiline Javascript comments cause incorrect parsing of following script.
-
- From the spec:
- "A MultiLineComment [is] simply discarded if it contains no line terminator,
- but if a MultiLineComment contains one or more line terminators, then it is
- replaced with a single line terminator, which becomes part of the stream of
- inputs for the syntactic grammar."
-
- This may result in behavioural changes, due to automatic semicolon insertion.
-
- * parser/Lexer.cpp:
- (JSC::Lexer::parseMultilineComment):
- - Set m_terminator is we see a line terminator in a multiline comment.
-
-2011-06-16 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=62824
- DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
-
- CompareEq of non-integer values is the most common cause of speculation failure.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- - Support Equals.
- (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
- - new! - peephole optimized Eq of JSValues.
- (JSC::DFG::SpeculativeJIT::compile):
- - Add peephole optimization for CompareEq.
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
- - Add support for dead nodes between compare & branch.
- (JSC::DFG::SpeculativeJIT::isInteger):
- - Added to determine which form of peephole to do in CompareEq.
-
-2011-06-16 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
- symbol.
-
- * bytecode/EvalCodeCache.h:
- * heap/HandleHeap.h:
- * heap/HeapRootVisitor.h:
- * heap/NewSpace.h:
- * runtime/ArgList.h:
- * runtime/ScopeChain.h:
- * runtime/SmallStrings.h:
- * runtime/Structure.h: Stop forward-declaring things that don't really
- exist anymore.
-
-2011-06-16 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
- project while crossing my fingers and facing west.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-16 Geoffrey Garen <ggaren@apple.com>
-
- Build fix: Removed an incorrect symbol on Windows.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-06-16 Geoffrey Garen <ggaren@apple.com>
-
- Build fix: Removed an accidental commit from the future.
-
- * CMakeLists.txt:
-
-2011-06-16 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Introduced SlotVisitor into the project
- https://bugs.webkit.org/show_bug.cgi?id=62820
-
- This resolves a class vs typedef forward declaration issue, and gives all
- exported symbols the correct names.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.xcodeproj/project.pbxproj: Build!
-
- * bytecode/EvalCodeCache.h:
- * heap/HandleHeap.h:
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::markRoots):
- * heap/Heap.h:
- * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
- clients operate on a MarkStack.
-
- * heap/MarkStack.cpp:
- (JSC::SlotVisitor::visitChildren):
- (JSC::SlotVisitor::drain):
- * heap/SlotVisitor.h: Added.
- (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
- inheritance to give SlotVisitor all the attributes of MarkStack without
- making this change giant. Over time, we will move more behavior into
- SlotVisitor and its subclasses.
-
- * heap/MarkStack.h:
- * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
- clients operate on a MarkStack.
-
- * runtime/ArgList.h:
- * runtime/JSCell.h:
- * runtime/JSObject.h:
- * runtime/ScopeChain.h:
- * runtime/SmallStrings.h:
- * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
- clients operate on a MarkStack.
-
-2011-06-15 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Reduce memory usage of resolve_global
- https://bugs.webkit.org/show_bug.cgi?id=62765
-
- If we have a large number of resolve_globals in a single
- block start planting plain resolve instructions instead
- whenever we aren't in a loop. This allows us to reduce
- the code size for extremely large functions without
- losing the performance benefits of op_resolve_global.
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::globalResolveInfoCount):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- * bytecompiler/BytecodeGenerator.h:
-
-2011-06-16 Qi Zhang <qi.2.zhang@nokia.com>
-
- Reviewed by Laszlo Gombos.
-
- [Qt] Fix building with CONFIG(use_system_icu)
- https://bugs.webkit.org/show_bug.cgi?id=62744
-
- Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
-
- * wtf/Platform.h:
-
-2011-06-15 Darin Adler <darin@apple.com>
-
- Reviewed by Adam Barth.
-
- Remove obsolete LOOSE_OWN_PTR code
- https://bugs.webkit.org/show_bug.cgi?id=59909
-
- The internal Apple dependency on this is gone now.
-
- * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
- set function that takes a raw pointer.
-
- * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
- set functino that takes a raw pointer.
-
- * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
- and assignment operator that takes a nullptr unconditional.
- Made constructor that takes a raw pointer private and explicit,
- and removed assignment operator that takes a raw pointer.
-
- * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
- unconditional. Made constructor that takes a raw pointer private
- and explicit, and removed assignment operator that takes a raw pointer.
-
-2011-06-15 Sam Weinig <sam@webkit.org>
-
- Reviewed by Geoffrey Garen and Gavin Barraclough.
-
- Make access-nseive ~9x faster on the non-speculative path by
- adding special casing for doubles that can lossless-ly be converted
- to a uint32_t in getByVal and putByVal. This avoids calls to stringification
- and the hash lookup. Long term, we should try and get property of a getByVal
- and putByVal to be an integer immediate even in the non-speculative path.
-
- * dfg/DFGOperations.cpp:
- (JSC::DFG::putByVal):
- (JSC::DFG::operationPutByValInternal):
-
-2011-06-15 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Darin Adler.
-
- REGRESSION (r88719): 5by5.tv schedule is not visible
- https://bugs.webkit.org/show_bug.cgi?id=62720
-
- Problem here is that the lexer wasn't considering '$' to be
- a valid character in an identifier.
-
- * parser/Lexer.h:
- (JSC::Lexer::lexExpectIdentifier):
-
-2011-06-15 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Sam Weinig.
-
- Reduce the size of global_resolve
- https://bugs.webkit.org/show_bug.cgi?id=62738
-
- Reduce the code size of global_resolve in the JIT by replacing
- multiple pointer loads with a single pointer move + two offset
- loads.
-
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_resolve_global):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_resolve_global):
-
-2011-06-14 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Dan Bernstein.
-
- Fixed an inavlid ASSERT I found while investigating
- <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
- https://bugs.webkit.org/show_bug.cgi?id=62699
-
- No test since we don't know of a way to get WebCore to deallocate the
- next-to-finalize handle, which is also the last handle in the list,
- while finalizing the second-to-last handle in the list.
-
- * heap/HandleHeap.h:
- (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
- non-0 next() after updating it, since it is valid to update m_nextToFinalize
- to point to the tail sentinel.
-
- Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
- since it is not valid to update m_nextToFinalize to point past the tail
- sentinel.
-
- Also, use m_nextToFinalize consistently for clarity.
-
-2011-06-14 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=43841
- SegmentedVector::operator== typo
-
- * wtf/SegmentedVector.h:
- (WTF::SegmentedVectorIterator::operator==):
- (WTF::SegmentedVectorIterator::operator!=):
-
-2011-06-14 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Constant array literals result in unnecessarily large amounts of code
- https://bugs.webkit.org/show_bug.cgi?id=62658
-
- Add a new version of op_new_array that simply copies values from a buffer
- we hang off of the CodeBlock, rather than generating code to place each
- entry into the registerfile, and then copying it from the registerfile into
- the array. This is a slight improvement on some sunspider tests, but no
- measurable overall change. That's okay though as our goal was to reduce
- code size without hurting performance.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addImmediateBuffer):
- (JSC::CodeBlock::immediateBuffer):
- * bytecode/Opcode.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addImmediateBuffer):
- (JSC::BytecodeGenerator::emitNewArray):
- * bytecompiler/BytecodeGenerator.h:
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ArrayNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_array):
- (JSC::JIT::emit_op_new_array_buffer):
- * jit/JITOpcodes32_64.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
-
-2011-06-14 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r88841.
- http://trac.webkit.org/changeset/88841
- https://bugs.webkit.org/show_bug.cgi?id=62672
-
- Caused many tests to crash (Requested by rniwa on #webkit).
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/CodeBlock.h:
- * bytecode/Opcode.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitNewArray):
- * bytecompiler/BytecodeGenerator.h:
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ArrayNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_array):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_new_array):
- * jit/JITStubs.cpp:
- * jit/JITStubs.h:
-
-2011-06-14 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Constant array literals result in unnecessarily large amounts of code
- https://bugs.webkit.org/show_bug.cgi?id=62658
-
- Add a new version of op_new_array that simply copies values from a buffer
- we hang off of the CodeBlock, rather than generating code to place each
- entry into the registerfile, and then copying it from the registerfile into
- the array. This is a slight improvement on some sunspider tests, but no
- measurable overall change. That's okay though as our goal was to reduce
- code size without hurting performance.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addImmediateBuffer):
- (JSC::CodeBlock::immediateBuffer):
- * bytecode/Opcode.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addImmediateBuffer):
- (JSC::BytecodeGenerator::emitNewArray):
- * bytecompiler/BytecodeGenerator.h:
- * bytecompiler/NodesCodegen.cpp:
- (JSC::ArrayNode::emitBytecode):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_new_array):
- (JSC::JIT::emit_op_new_array_buffer):
- * jit/JITOpcodes32_64.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
-
-2011-06-14 Stephanie Lewis <slewis@apple.com>
-
- Rubber stamped by Oliver Hunt.
-
- <rdar://problem/9511169>
- Update order files.
-
- * JavaScriptCore.order:
-
-2011-06-14 Sam Weinig <sam@webkit.org>
-
- Reviewed by Geoffrey Garen.
-
- Fix dumping of constants to have the correct constant number.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
-
-2011-06-14 Benjamin Poulain <benjamin@webkit.org>
-
- Reviewed by Eric Seidel.
-
- KeywordLookupGenerator's Trie does not work with Python 3
- https://bugs.webkit.org/show_bug.cgi?id=62635
-
- With Python 3, dict.items() return an iterator. Since the iterator
- protocol changed between Python 2 and 3, the easiest way to get the
- values is to have something that use the iterator implicitely, like a
- for() loop.
-
- * KeywordLookupGenerator.py:
-
-2011-06-13 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Fix llocp and lvalp names in the lexer to something more meaningful
- https://bugs.webkit.org/show_bug.cgi?id=62605
-
- A simple rename
-
- * parser/Lexer.cpp:
- (JSC::Lexer::parseIdentifier):
- (JSC::Lexer::parseString):
- (JSC::Lexer::lex):
- * parser/Lexer.h:
- (JSC::Lexer::lexExpectIdentifier):
-
-2011-06-13 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make it possible to inline the common case of identifier lexing
- https://bugs.webkit.org/show_bug.cgi?id=62600
-
- Add a lexing function that expects to lex an "normal" alpha numeric
- identifier (that ignores keywords) so it's possible to inline the
- common parsing cases. This comes out as a reasonable parsing speed
- boost.
-
- * parser/JSParser.cpp:
- (JSC::JSParser::nextExpectIdentifier):
- (JSC::JSParser::parseProperty):
- (JSC::JSParser::parseMemberExpression):
- * parser/Lexer.cpp:
- * parser/Lexer.h:
- (JSC::Lexer::makeIdentifier):
- (JSC::Lexer::lexExpectIdentifier):
-
-2011-06-13 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Martin Robinson.
-
- Distcheck fixes.
-
- * GNUmakefile.am:
- * GNUmakefile.list.am:
-
-2011-06-13 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Simon Fraser.
-
- Make it possible to inline Identifier::equal
- https://bugs.webkit.org/show_bug.cgi?id=62584
-
- Move Identifier::equal to the Identifier header file.
-
- * runtime/Identifier.cpp:
- * runtime/Identifier.h:
- (JSC::Identifier::equal):
-
-2011-06-13 Tony Chang <tony@chromium.org>
-
- Reviewed by Dimitri Glazkov.
-
- rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
- https://bugs.webkit.org/show_bug.cgi?id=62578
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-06-13 Tony Chang <tony@chromium.org>
-
- Reviewed by Adam Barth.
-
- rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
- https://bugs.webkit.org/show_bug.cgi?id=62545
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-06-12 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for !ENABLE(JIT) after r88604.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
-
-2011-06-11 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Darin Adler.
-
- https://bugs.webkit.org/show_bug.cgi?id=16777
-
- Remove #define NaN per Darin's comments.
-
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::parseIntOverflow):
- (JSC::parseInt):
- (JSC::jsStrDecimalLiteral):
- (JSC::jsToNumber):
- (JSC::parseFloat):
- * wtf/DateMath.cpp:
- (WTF::equivalentYearForDST):
- (WTF::parseES5DateFromNullTerminatedCharacters):
- (WTF::parseDateFromNullTerminatedCharacters):
- (WTF::timeClip):
- (JSC::parseDateFromNullTerminatedCharacters):
-
-2011-06-11 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Geoff Garen.
-
- https://bugs.webkit.org/show_bug.cgi?id=62503
- Remove JIT_OPTIMIZE_* switches
-
- The alternative code paths are untested, and not well maintained.
- These were useful when there was more churn in the JIT, but now
- are a maintenance overhead. Time to move on, removing.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- (JSC::JIT::linkConstruct):
- * jit/JIT.h:
- * jit/JITCall.cpp:
- * jit/JITCall32_64.cpp:
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::softModulo):
- * jit/JITPropertyAccess.cpp:
- * jit/JITPropertyAccess32_64.cpp:
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- * runtime/Lookup.h:
- * wtf/Platform.h:
-
-2011-06-10 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=16777
- Eliminate JSC::NaN and JSC::Inf
-
- There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
- The ones in std::numeric_limits are perfectly good.
- Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::::toNumber):
- * API/JSValueRef.cpp:
- (JSValueMakeNumber):
- (JSValueToNumber):
- * JavaScriptCore.exp:
- * runtime/CachedTranscendentalFunction.h:
- (JSC::CachedTranscendentalFunction::initialize):
- * runtime/DateConstructor.cpp:
- (JSC::constructDate):
- * runtime/DateInstanceCache.h:
- (JSC::DateInstanceData::DateInstanceData):
- (JSC::DateInstanceCache::reset):
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::getPrimitiveNumber):
- (JSC::JSCell::JSValue::toNumber):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::resetDateCache):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncParseInt):
- (JSC::globalFuncIsFinite):
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::toNumber):
- * runtime/JSValue.cpp:
- * runtime/JSValue.h:
- * runtime/JSValueInlineMethods.h:
- (JSC::jsNaN):
- * runtime/MathObject.cpp:
- (JSC::mathProtoFuncMax):
- (JSC::mathProtoFuncMin):
- * runtime/NumberConstructor.cpp:
- (JSC::numberConstructorNegInfinity):
- (JSC::numberConstructorPosInfinity):
- * runtime/NumberPrototype.cpp:
- (JSC::numberProtoFuncToExponential):
- (JSC::numberProtoFuncToFixed):
- (JSC::numberProtoFuncToPrecision):
- (JSC::numberProtoFuncToString):
- * runtime/UString.cpp:
- * wtf/DecimalNumber.h:
- (WTF::DecimalNumber::DecimalNumber):
- * wtf/dtoa.cpp:
- (WTF::dtoa):
-
-2011-06-10 Tony Chang <tony@chromium.org>
-
- Reviewed by Ojan Vafai.
-
- add a compile guard ENABLE(FLEXBOX)
- https://bugs.webkit.org/show_bug.cgi?id=62049
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-06-10 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=55347
- "name" and "message" enumerable on *Error.prototype
-
- This arises from chapter 15 of the spec:
- "Every other property described in this clause has the attributes
- { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
- unless otherwise specified."
- Standardized properties are not enumerable.
-
- * runtime/ErrorInstance.cpp:
- (JSC::ErrorInstance::ErrorInstance):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
-
-2011-06-09 Geoffrey Garen <ggaren@apple.com>
-
- Build fix: Corrected header spelling.
-
- * heap/OldSpace.h:
-
-2011-06-09 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Added OldSpace to the project
- https://bugs.webkit.org/show_bug.cgi?id=62417
-
- Currently unused.
-
- Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
- per-block flag for testing whether you're in NewSpace vs OldSpace.
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj: Build!
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::inNewSpace):
- (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
- write barrier.
-
- * heap/NewSpace.cpp:
- (JSC::NewSpace::addBlock):
- (JSC::NewSpace::removeBlock):
- * heap/NewSpace.h:
- (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
- NewSpace-specific operations.
-
- * heap/OldSpace.cpp: Added.
- (JSC::OldSpace::OldSpace):
- (JSC::OldSpace::addBlock):
- (JSC::OldSpace::removeBlock):
- * heap/OldSpace.h: Added.
- (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
- Not in use yet.
-
-2011-06-09 Hyowon Kim <hw1008.kim@samsung.com>
-
- Reviewed by Antonio Gomes.
-
- [EFL] Make accelerated compositing build in Webkit-EFL
- https://bugs.webkit.org/show_bug.cgi?id=62361
-
- Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
-
- * wtf/Platform.h:
-
-2011-06-09 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- Bug 62405 - Fix integer overflow in Array.prototype.push
-
- Fix geoff's review comments re static_cast.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncPush):
-
-2011-06-09 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Factored MarkedBlock set management into a helper class with a fast case Bloom filter
- https://bugs.webkit.org/show_bug.cgi?id=62413
-
- SunSpider reports a small speedup.
-
- This is in preparation for having ConservativeSet operate on arbitrary
- sets of MarkedBlocks, and in preparation for conservative scanning
- becoming proportionally more important than other GC activities.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
-
- * heap/ConservativeRoots.cpp:
- (JSC::ConservativeRoots::add):
- * heap/ConservativeRoots.h:
- (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
- directly, instead of a Heap, so we can operate on subsets of the Heap
- instead.
-
- Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
- is particularly important since we expect not to find our subject pointer
- in the MarkedBlock hash, and hash misses are more expensive than typical
- hash lookups because they have high collision rates.
-
- No need for single-pointer add() to be public anymore, since nobody uses it.
-
- * heap/Heap.cpp:
- (JSC::Heap::markRoots):
- * heap/Heap.h:
- (JSC::Heap::forEachCell):
- (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
- ConservativeRoots relies on.
-
- Nixed contains(), since nobody uses it anymore.
-
- * heap/MarkedBlock.h:
- (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
- the VM layout properties of MarkedBlocks.
-
- * heap/MarkedBlockSet.h: Added.
- (JSC::MarkedBlockSet::add):
- (JSC::MarkedBlockSet::remove):
- (JSC::MarkedBlockSet::recomputeFilter):
- (JSC::MarkedBlockSet::filter):
- (JSC::MarkedBlockSet::set):
- * heap/TinyBloomFilter.h: Added.
- (JSC::TinyBloomFilter::TinyBloomFilter):
- (JSC::TinyBloomFilter::add):
- (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
-
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
- exclude values by tag -- the tiny bloom filter is already a register-register
- compare, so adding another "rule out" factor just slows things down.
-
-2011-06-09 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 62405 - Fix integer overflow in Array.prototype.push
-
- There are three integer overflows here, leading to safe (not a security risk)
- but incorrect (non-spec-compliant) behaviour.
-
- Two overflows occur when calculating the new length after pushing (one in the
- fast version of push in JSArray, one in the generic version in ArrayPrototype).
- The other occurs calculating indices to write to when multiple items are pushed.
-
- These errors result in three test-262 failures.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncPush):
- * runtime/JSArray.cpp:
- (JSC::JSArray::put):
- (JSC::JSArray::push):
-
-2011-06-09 Dan Bernstein <mitz@apple.com>
-
- Reviewed by Anders Carlsson.
-
- Add Vector::reverse()
- https://bugs.webkit.org/show_bug.cgi?id=62393
-
- * wtf/Vector.h:
- (WTF::Vector::reverse): Added
-
-2011-06-08 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Factored a bunch of Heap functionality into stand-alone functors
- https://bugs.webkit.org/show_bug.cgi?id=62337
-
- This is in preparation for making these functors operate on arbitrary
- sets of MarkedBlocks.
-
- * JavaScriptCore.exp: This file is a small tragedy.
-
- * debugger/Debugger.cpp:
- (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
-
- * heap/HandleHeap.h:
- (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
- strong handles, so we can play along in the functor game.
-
- * heap/Heap.cpp:
- (JSC::CountFunctor::CountFunctor::CountFunctor):
- (JSC::CountFunctor::CountFunctor::count):
- (JSC::CountFunctor::CountFunctor::returnValue):
- (JSC::CountFunctor::ClearMarks::operator()):
- (JSC::CountFunctor::ResetAllocator::operator()):
- (JSC::CountFunctor::Sweep::operator()):
- (JSC::CountFunctor::MarkCount::operator()):
- (JSC::CountFunctor::Size::operator()):
- (JSC::CountFunctor::Capacity::operator()):
- (JSC::CountFunctor::Count::operator()):
- (JSC::CountFunctor::CountIfGlobalObject::operator()):
- (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
- (JSC::CountFunctor::TakeIfEmpty::operator()):
- (JSC::CountFunctor::TakeIfEmpty::returnValue):
- (JSC::CountFunctor::RecordType::RecordType):
- (JSC::CountFunctor::RecordType::typeName):
- (JSC::CountFunctor::RecordType::operator()):
- (JSC::CountFunctor::RecordType::returnValue): These functors factor out
- behavior that used to be in the functions below.
-
- (JSC::Heap::clearMarks):
- (JSC::Heap::sweep):
- (JSC::Heap::objectCount):
- (JSC::Heap::size):
- (JSC::Heap::capacity):
- (JSC::Heap::protectedGlobalObjectCount):
- (JSC::Heap::protectedObjectCount):
- (JSC::Heap::protectedObjectTypeCounts):
- (JSC::Heap::objectTypeCounts):
- (JSC::Heap::resetAllocator):
- (JSC::Heap::freeBlocks):
- (JSC::Heap::shrink): Factored out behavior into the functors above.
-
- * heap/Heap.h:
- (JSC::Heap::forEachProtectedCell):
- (JSC::Heap::forEachCell):
- (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
- functor-based templates instead of plain iterators because they're simpler
- to implement in this case and they require a lot less code at the call site.
-
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
- trivial functors.
-
- (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
- we have a few different kind of "for each" now.
-
- * runtime/JSGlobalData.cpp:
- (WTF::Recompile::operator()):
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
-
- * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
-
-2011-06-08 Mikołaj Małecki <m.malecki@samsung.com>
-
- Reviewed by Pavel Feldman.
-
- Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
- https://bugs.webkit.org/show_bug.cgi?id=52791
-
- No new tests. The problem can be reproduced by trying to create InspectorValue
- from 1.0e-100 and call ->toJSONString() on this.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- export 2 functions DecimalNumber::bufferLengthForStringExponential and
- DecimalNumber::toStringExponential.
-
-2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r88404.
- http://trac.webkit.org/changeset/88404
- https://bugs.webkit.org/show_bug.cgi?id=62342
-
- broke win and mac build (Requested by tony^work on #webkit).
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-08 Evan Martin <evan@chromium.org>
-
- Reviewed by Adam Barth.
-
- [chromium] use gyp 'settings' type for settings target
- https://bugs.webkit.org/show_bug.cgi?id=62323
-
- The 'settings' gyp target type is for targets that exist solely
- for their settings (no build rules). The comment above this target
- says it's for this, but it incorrectly uses 'none'.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-08 Sailesh Agrawal <sail@chromium.org>
-
- Reviewed by Mihai Parparita.
-
- Chromium Mac: Enable overlay scrollbars
- https://bugs.webkit.org/show_bug.cgi?id=59756
-
- Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
-
- * wtf/Platform.h:
-
-2011-06-08 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Add faster lookup cache for multi character identifiers
- https://bugs.webkit.org/show_bug.cgi?id=62327
-
- Add a non-hash lookup for mutiple character identifiers. This saves us from
- adding repeated identifiers to the ParserArena's identifier list as people
- tend to not start all their variables and properties with the same character
- and happily identifier locality works in our favour.
-
- * parser/ParserArena.h:
- (JSC::IdentifierArena::isEmpty):
- (JSC::IdentifierArena::clear):
- (JSC::IdentifierArena::makeIdentifier):
-
-2011-06-08 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Took some responsibilities away from NewSpace
- https://bugs.webkit.org/show_bug.cgi?id=62325
-
- NewSpace is basically just an allocator now.
-
- Heap acts as a controller, responsible for managing the set of all
- MarkedBlocks.
-
- This is in preparation for moving parts of the controller logic into
- separate helper classes that can act on arbitrary sets of MarkedBlocks
- that may or may not be in NewSpace.
-
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::destroy):
- (JSC::Heap::allocate):
- (JSC::Heap::markRoots):
- (JSC::Heap::clearMarks):
- (JSC::Heap::sweep):
- (JSC::Heap::objectCount):
- (JSC::Heap::size):
- (JSC::Heap::capacity):
- (JSC::Heap::collect):
- (JSC::Heap::resetAllocator):
- (JSC::Heap::allocateBlock):
- (JSC::Heap::freeBlocks):
- (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
- along with all functions that operate on the set of MarkedBlocks. Also
- moved responsibility for deciding whether to allocate a new MarkedBlock,
- and for allocating it.
-
- * heap/Heap.h:
- (JSC::Heap::contains):
- (JSC::Heap::forEach): Ditto.
-
- * heap/NewSpace.cpp:
- (JSC::NewSpace::addBlock):
- (JSC::NewSpace::removeBlock):
- (JSC::NewSpace::resetAllocator):
- * heap/NewSpace.h:
- (JSC::NewSpace::waterMark):
- (JSC::NewSpace::allocate): Ditto.
-
-2011-06-08 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Some more MarkedSpace => NewSpace renaming
- https://bugs.webkit.org/show_bug.cgi?id=62305
-
- * JavaScriptCore.exp:
- * JavaScriptCore.order:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * heap/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::destroy):
- (JSC::Heap::reportExtraMemoryCostSlowCase):
- (JSC::Heap::allocate):
- (JSC::Heap::markRoots):
- (JSC::Heap::objectCount):
- (JSC::Heap::size):
- (JSC::Heap::capacity):
- (JSC::Heap::collect):
- (JSC::Heap::isValidAllocation):
- * heap/Heap.h:
- (JSC::Heap::markedSpace):
- (JSC::Heap::contains):
- (JSC::Heap::forEach):
- (JSC::Heap::allocate):
- * runtime/JSCell.h:
-
-2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Eric Seidel.
-
- Add export macros to profiler headers.
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * profiler/Profiler.h:
-
-2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Eric Seidel.
-
- Add export symbols to parser headers.
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * parser/SourceProviderCache.h:
-
-2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Eric Seidel.
-
- Add export symbols to interpreter headers.
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * interpreter/Interpreter.h:
-
-2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Eric Seidel.
-
- Add export symbols to debugger headers.
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * debugger/Debugger.h:
- * debugger/DebuggerCallFrame.h:
-
-2011-06-08 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
- https://bugs.webkit.org/show_bug.cgi?id=62268
-
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/Heap.h:
- * heap/MarkedBlock.h:
- * heap/MarkedSpace.cpp: Removed.
- * heap/MarkedSpace.h: Removed.
- * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
- * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
-
-2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r88365.
- http://trac.webkit.org/changeset/88365
- https://bugs.webkit.org/show_bug.cgi?id=62301
-
- windows bots broken (Requested by loislo_ on #webkit).
-
- * JavaScriptCore.exp:
-
-2011-06-08 Ryan Sleevi <rsleevi@chromium.org>
-
- Reviewed by Tony Chang.
-
- Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
-
- Compiling Chromium port under GCC 4.6 produces warnings about nullptr
- https://bugs.webkit.org/show_bug.cgi?id=62242
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-08 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
-
- Reviewed by Andreas Kling.
-
- Webkit on SPARC Solaris has wrong endian
- https://bugs.webkit.org/show_bug.cgi?id=29407
-
- Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
- there are more ocurrences of the same code pattern in webkit.
-
- This patch includes the check on these other parts of the code.
-
- This is a speculative fix, I don't have a sparc machine to test and
- don't know which kind of test would trigger a crash (but it's quite
- obvious that it's the same code duplicated in different files).
-
- * runtime/UString.h:
- (JSC::UStringHash::equal):
- * wtf/text/StringHash.h:
- (WTF::StringHash::equal):
-
-2011-06-08 Yael Aharon <yael.aharon@nokia.com>
-
- Reviewed by Andreas Kling.
-
- [Qt] Build fix for building QtWebKit inside of Qt.
- https://bugs.webkit.org/show_bug.cgi?id=62280
-
- Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
- into QtWebKit.prl.
-
- No new tests, as this is just a build fix.
-
- * JavaScriptCore.pri:
-
-2011-06-07 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Split 'reset' into 'collect' and 'resetAllocator'
- https://bugs.webkit.org/show_bug.cgi?id=62267
-
- * heap/Heap.cpp:
- (JSC::Heap::allocate):
- (JSC::Heap::collectAllGarbage):
- (JSC::Heap::collect):
- * heap/Heap.h:
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::resetAllocator):
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::resetAllocator):
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::SizeClass::resetAllocator):
-
-2011-06-07 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Renamed some more marks to visits
- https://bugs.webkit.org/show_bug.cgi?id=62254
-
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::visitStrongHandles):
- (JSC::HandleHeap::visitWeakHandles):
- * heap/HandleHeap.h:
- * heap/HandleStack.cpp:
- (JSC::HandleStack::visit):
- * heap/HandleStack.h:
- * heap/Heap.cpp:
- (JSC::Heap::markProtectedObjects):
- (JSC::Heap::markTempSortVectors):
- (JSC::Heap::markRoots):
- * heap/HeapRootVisitor.h:
- (JSC::HeapRootVisitor::visit):
- * runtime/ArgList.cpp:
- (JSC::MarkedArgumentBuffer::markLists):
-
-2011-06-07 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig
-
- https://bugs.webkit.org/show_bug.cgi?id=55537
- Functions claim to have 'callee' which they actually don't (and shouldn't)
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::getOwnPropertyNames):
-
-2011-06-07 Juan C. Montemayor <jmont@apple.com>
-
- Reviewed by Darin Adler.
-
- Make JSStaticFunction and JSStaticValue less "const"
- https://bugs.webkit.org/show_bug.cgi?id=62222
-
- * API/JSObjectRef.h:
- * API/tests/testapi.c:
- (checkConstnessInJSObjectNames):
- (main):
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-07 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=62240
- DFG JIT - add support for for-loop array initialization.
-
- Support put by val beyond vector length.
- Add a operationPutByValBeyondArrayBounds operation, make
- PutValVal call this if the vector length check fails.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentSpillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
- (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
- (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
- (JSC::DFG::JITCodeGenerator::isIntegerConstant):
- (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
- * dfg/DFGOperations.cpp:
- (JSC::DFG::operationPutByValInternal):
- * dfg/DFGOperations.h:
- * dfg/DFGSpeculativeJIT.cpp:
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
-
-2011-06-06 James Simonsen <simonjam@chromium.org>
-
- Reviewed by James Robinson.
-
- Add monotonicallyIncreasingTime() to get monotonically increasing time
- https://bugs.webkit.org/show_bug.cgi?id=37743
-
- * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
- (WTF::monotonicallyIncreasingTime):
- * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
-
-2011-06-06 Alexandru Chiculita <achicu@adobe.com>
-
- Reviewed by Kent Tamura.
-
- Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
- https://bugs.webkit.org/show_bug.cgi?id=61628
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-06-06 Mihnea Ovidenie <mihnea@adobe.com>
-
- Reviewed by Kent Tamura.
-
- Add ENABLE(CSS_REGIONS) guard for CSS Regions support
- https://bugs.webkit.org/show_bug.cgi?id=61631
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-06-06 Carlos Garcia Campos <cgarcia@igalia.com>
-
- Unreviewed. Fix the GTK+ build.
-
- * GNUmakefile.am: Add javascriptcore_cflags variable.
-
-2011-06-04 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
- to build on Mac.
-
- * wtf/Platform.h:
-
-2011-06-04 Gustavo Noronha Silva <gns@gnome.org>
-
- Unreviewed, MIPS build fix.
-
- WebKitGTK+ tarball fails to build on MIPS.
- https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
-
- * GNUmakefile.list.am: Add missing MIPS-related file to the list
- of files that are added to the tarball on make dist, and fix
- sorting.
-
-2011-06-04 Sam Weinig <sam@webkit.org>
-
- Reviewed by Darin Adler.
-
- Fix formatting of the output generated by KeywordLookupGenerator.py
- https://bugs.webkit.org/show_bug.cgi?id=62083
-
- - Uses correct year for copyright.
- - Puts ending brace on same line as "else if"
- - Puts starting brace of function on its own line.
- - Adds some tasteful whitespace.
- - Adds comments to make clear that scopes are ending
- - Make macros actually split on two lines.
-
- * KeywordLookupGenerator.py:
-
-2011-06-04 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- KeywordLookupGenerator.py spams stdout in Chromium Linux build
- https://bugs.webkit.org/show_bug.cgi?id=62087
-
- This action does not appear to be needed.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-03 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Maciej Stachowiak.
-
- Lexer needs to provide Identifier for reserved words
- https://bugs.webkit.org/show_bug.cgi?id=62086
-
- Alas it is necessary to provide an Identifier reference for keywords
- so that we can do the right thing when they're used in object literals.
- We now keep Identifiers for all reserved words in the CommonIdentifiers
- structure so that we can access them without a hash lookup.
-
- * KeywordLookupGenerator.py:
- * parser/Lexer.cpp:
- (JSC::Lexer::parseIdentifier):
- * parser/Lexer.h:
- * runtime/CommonIdentifiers.cpp:
- (JSC::CommonIdentifiers::CommonIdentifiers):
- * runtime/CommonIdentifiers.h:
-
-2011-06-03 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Add debug code to break on speculation failures.
-
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGNode.h:
-
-2011-06-03 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=62082
- DFG JIT - bug passing arguments that need swap
-
- This is really just a typo.
- When setting up the arguments for a call out to a C operation, we'll
- fail to swap arguments where this is necessary. For example, in the
- case of 2 arg calls, where the first argument is in %rdx & the second
- is in %rsi we should swap (exec will be passed in %rdi), but we don't.
-
- This can also affect function calls passing three arguments.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
- - Call swap with the correct arguments.
-
-2011-06-03 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Force inlining of some hot lexer functions
- https://bugs.webkit.org/show_bug.cgi?id=62079
-
- Fix more GCC stupidity
-
- * parser/Lexer.h:
- (JSC::Lexer::isWhiteSpace):
- (JSC::Lexer::isLineTerminator):
-
-2011-06-03 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- GCC not inlining some functions that it really should be
- https://bugs.webkit.org/show_bug.cgi?id=62075
-
- Add ALWAYS_INLINE to a number of parsing and lexing functions
- that should always be inlined. This gets us ~1.4% on my ad hoc
- parser test.
-
- * KeywordLookupGenerator.py:
- * parser/JSParser.cpp:
- (JSC::JSParser::next):
- (JSC::JSParser::nextTokenIsColon):
- (JSC::JSParser::consume):
- (JSC::JSParser::match):
- (JSC::JSParser::tokenStart):
- (JSC::JSParser::tokenLine):
- (JSC::JSParser::tokenEnd):
- * parser/Lexer.cpp:
- (JSC::isIdentPart):
-
-2011-06-03 Oliver Hunt <oliver@apple.com>
-
- Whoops, fix last minute bug.
-
- * parser/Lexer.cpp:
- (JSC::Lexer::parseIdentifier):
-
-2011-06-03 Martin Robinson <mrobinson@igalia.com>
-
- Try to fix the GTK+ build.
-
- * GNUmakefile.am: Clean up some spaces that should be tabs.
- * GNUmakefile.list.am: Add KeywordLookup.h to the source list
- and clean up some spaces that should be tabs.
-
-2011-06-03 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Improve keyword lookup
- https://bugs.webkit.org/show_bug.cgi?id=61913
-
- Rather than doing multiple hash lookups as we currently
- do when trying to identify keywords we now use an
- automatically generated decision tree (essentially it's
- a hard coded patricia trie). We still use the regular
- lookup table for the last few characters of an input as
- this allows us to completely skip all bounds checks.
-
- * CMakeLists.txt:
- * DerivedSources.make:
- * DerivedSources.pro:
- * GNUmakefile.am:
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * KeywordLookupGenerator.py: Added.
- * make-generated-sources.sh:
- * parser/Lexer.cpp:
- (JSC::Lexer::internalShift):
- (JSC::Lexer::shift):
- (JSC::Lexer::parseIdentifier):
- * parser/Lexer.h:
-
-2011-06-03 Siddharth Mathur <siddharth.mathur@nokia.com>
-
- Reviewed by Benjamin Poulain.
-
- [Qt] Build flag for experimental ICU library support
- https://bugs.webkit.org/show_bug.cgi?id=60786
-
- Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental
- ICU powered Unicode support.
-
- * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
- * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE).
-
-2011-06-03 Alexis Menard <alexis.menard@openbossa.org>
-
- Reviewed by Benjamin Poulain.
-
- [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
- https://bugs.webkit.org/show_bug.cgi?id=61957
-
- When building inside the Qt source tree, qmake always append the mkspecs
- defines after ours. We have to workaround and make sure that we append
- our flags after the qmake variable used inside Qt. This workaround was provided
- by our qmake folks. We need to append in both case because qmake behave differently
- when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
-
- * JavaScriptCore.pro:
-
-2011-06-02 Jay Civelli <jcivelli@chromium.org>
-
- Reviewed by Adam Barth.
-
- Added a method to generate RFC 2822 compliant date strings.
- https://bugs.webkit.org/show_bug.cgi?id=7169
-
- * wtf/DateMath.cpp:
- (WTF::twoDigitStringFromNumber):
- (WTF::makeRFC2822DateString):
- * wtf/DateMath.h:
-
-2011-06-02 Alexis Menard <alexis.menard@openbossa.org>
-
- Reviewed by Andreas Kling.
-
- [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
- https://bugs.webkit.org/show_bug.cgi?id=61957
-
- When building inside the Qt source tree, qmake always append the mkspecs
- defines after ours. We have to workaround and make sure that we append
- our flags after the qmake variable used inside Qt. This workaround was provided
- by our qmake folks.
-
- * JavaScriptCore.pro:
-
-2011-06-01 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Add single character lookup cache to IdentifierArena
- https://bugs.webkit.org/show_bug.cgi?id=61879
-
- Add a simple lookup cache for single ascii character
- identifiers. Produces around a 2% improvement in parse
- time for my adhoc parser test.
-
- * parser/ParserArena.h:
- (JSC::IdentifierArena::IdentifierArena):
- (JSC::IdentifierArena::clear):
- (JSC::IdentifierArena::makeIdentifier):
-
-2011-05-31 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Freezing a function and its prototype causes browser to crash.
- https://bugs.webkit.org/show_bug.cgi?id=61758
-
- Make JSObject::preventExtensions virtual so that we can override it
- and instantiate all lazy
-
- * JavaScriptCore.exp:
- * runtime/JSFunction.cpp:
- (JSC::createPrototypeProperty):
- (JSC::JSFunction::preventExtensions):
- (JSC::JSFunction::getOwnPropertySlot):
- * runtime/JSFunction.h:
- * runtime/JSObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::seal):
- (JSC::JSObject::seal):
-
-2011-06-01 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r87788.
- http://trac.webkit.org/changeset/87788
- https://bugs.webkit.org/show_bug.cgi?id=61856
-
- breaks windows chromium canary (Requested by jknotten on
- #webkit).
-
- * wtf/DateMath.cpp:
- (WTF::timeClip):
- * wtf/DateMath.h:
-
-2011-06-01 Jay Civelli <jcivelli@chromium.org>
-
- Reviewed by Adam Barth.
-
- Added a method to generate RFC 2822 compliant date strings.
- https://bugs.webkit.org/show_bug.cgi?id=7169
-
- * wtf/DateMath.cpp:
- (WTF::twoDigitStringFromNumber):
- (WTF::makeRFC2822DateString):
- * wtf/DateMath.h:
-
-2011-05-31 Yong Li <yoli@rim.com>
-
- Reviewed by Eric Seidel.
-
- https://bugs.webkit.org/show_bug.cgi?id=54807
- We have been assuming plain bitfields (like "int a : 31") are always signed integers.
- However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
- bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
- http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
- Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
- always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
- rule we should have in order to make our code independent from compilers and compiler flags.
-
- No new test added because this change is not known to fix any issue.
-
- * bytecode/StructureStubInfo.h:
-
-2011-05-30 Hojong Han <hojong.han@samsung.com>
-
- Reviewed by Geoffrey Garen.
-
- [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
- https://bugs.webkit.org/show_bug.cgi?id=61416
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::branch32):
- * tests/mozilla/ecma/Expressions/11.12-1.js:
- (getTestCases):
-
-2011-05-29 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Some heap refactoring
- https://bugs.webkit.org/show_bug.cgi?id=61704
-
- SunSpider says no change.
-
- * JavaScriptCore.exp: Export!
-
- * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
-
- (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
-
- (JSC::Heap::allocate): Changed inline allocation code to only select the
- size class, since this can be optimized out at compile time -- everything
- else is now inlined into this out-of-line function.
-
- No need to duplicate ASSERTs made in our caller.
-
- * heap/Heap.h:
- (JSC::Heap::heap):
- (JSC::Heap::isMarked):
- (JSC::Heap::testAndSetMarked):
- (JSC::Heap::testAndClearMarked):
- (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
- a layer of indirection through MarkedSpace.
-
- (JSC::Heap::allocate): See above.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::create):
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
-
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::allocateBlock):
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::allocate): Updated to match changes above.
-
-2011-05-28 David Kilzer <ddkilzer@apple.com>
-
- BUILD FIX when building only the interpreter
-
- Fixes the following compiler warning:
-
- JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
- void releaseExecutableMemory(JSGlobalData& globalData)
- ^
-
- * jit/ExecutableAllocator.h: Moved declaration of
- JSC::releaseExecutableMemory().
-
-2011-05-28 David Kilzer <ddkilzer@apple.com>
-
- BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)
-
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::linkCode): Added missing argument.
-
-2011-05-27 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- JS API is too aggressive about throwing exceptions for NULL get or set operations
- https://bugs.webkit.org/show_bug.cgi?id=61678
-
- * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
- function that returns a JSValue, so it can fail and still forward to
- normal property lookup.
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
- access a static property -- just forward the access. This allows objects
- to observe get/set operations but still let the JS object manage lifetime.
-
- (JSC::::put): Ditto.
-
- (JSC::::getStaticValue): Same as JSCallbackObject.h.
-
- * API/tests/testapi.c:
- (MyObject_set_nullGetForwardSet):
- * API/tests/testapi.js: Updated tests to reflect slightly less strict
- behavior, which matches headerdoc claims.
-
-2011-05-27 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Property caching is too aggressive for API objects
- https://bugs.webkit.org/show_bug.cgi?id=61677
-
- * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
- callback APIs allow the client to change its mind about our propertis at
- any time.
-
- * API/tests/testapi.c:
- (PropertyCatchalls_getProperty):
- (PropertyCatchalls_setProperty):
- (PropertyCatchalls_getPropertyNames):
- (PropertyCatchalls_class):
- (main):
- * API/tests/testapi.js: Some tests for dynamic API objects.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::tryCachePutByID):
- (JSC::Interpreter::tryCacheGetByID):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::tryCachePutByID):
- (JSC::JITThunks::tryCacheGetByID):
- (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
- requires it.
-
- * runtime/JSTypeInfo.h:
- (JSC::TypeInfo::TypeInfo):
- (JSC::TypeInfo::isFinal):
- (JSC::TypeInfo::prohibitsPropertyCaching):
- (JSC::TypeInfo::flags): Added a flag to track opting out of property
- caching. Fixed an "&&" vs "&" typo that was previously harmless, but
- is now harmful since m_flags2 can have more than one bit set.
-
-2011-05-27 Stephanie Lewis <slewis@apple.com>
-
- Unreviewed.
-
- Fix a typo in the order_file flag.
-
- * Configurations/Base.xcconfig:
-
-2011-05-27 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
-
- * runtime/JSGlobalData.cpp:
- (JSGlobalData::JSGlobalData):
-
-2011-05-27 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Add a few validity assertions to JSCallbackObject
- https://bugs.webkit.org/show_bug.cgi?id=61659
-
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::visitChildren):
-
-2011-05-27 Oliver Hunt <oliver@apple.com>
-
- Build fix
-
- * runtime/RegExpCache.cpp:
- (JSC::RegExpCache::invalidateCode):
-
-2011-05-27 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Try to release unused executable memory when the FixedVMPool allocator is under pressure
- https://bugs.webkit.org/show_bug.cgi?id=61651
-
- Rather than crashing when full the FixedVMPool allocator now returns a null
- allocation. We replace the code that used to CRASH() on null allocations
- with logic that asks the provided globalData to release any executable memory
- that it can. Currently this just means throwing away all regexp code, but
- in future we'll try to be more aggressive.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::executableCopy):
- * assembler/ARMAssembler.h:
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::executableCopy):
- * assembler/AssemblerBufferWithConstantPool.h:
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::LinkBuffer):
- (JSC::LinkBuffer::linkCode):
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::executableCopy):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::executableCopy):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::executableCopy):
- (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * jit/ExecutableAllocator.h:
- (JSC::ExecutablePool::create):
- (JSC::ExecutablePool::alloc):
- (JSC::ExecutableAllocator::ExecutableAllocator):
- (JSC::ExecutableAllocator::poolForSize):
- (JSC::ExecutablePool::ExecutablePool):
- (JSC::ExecutablePool::poolAllocate):
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::FixedVMPoolAllocator::alloc):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::finalize):
- * jit/ThunkGenerators.cpp:
- (JSC::charCodeAtThunkGenerator):
- (JSC::charAtThunkGenerator):
- (JSC::fromCharCodeThunkGenerator):
- (JSC::sqrtThunkGenerator):
- (JSC::powThunkGenerator):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::releaseExecutableMemory):
- (JSC::releaseExecutableMemory):
- * runtime/JSGlobalData.h:
- * runtime/RegExpCache.cpp:
- (JSC::RegExpCache::invalidateCode):
- * runtime/RegExpCache.h:
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::compile):
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Optimized ConservativeSet to avoid double-visiting objects
- https://bugs.webkit.org/show_bug.cgi?id=61592
-
- SunSpider thinks this might be a 1% speedup
-
- * heap/ConservativeRoots.h:
- (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting
- an object.
-
- * heap/Heap.h:
- (JSC::Heap::isMarked):
- (JSC::Heap::testAndSetMarked):
- (JSC::Heap::testAndClearMarked):
- (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type
- to void*, since clients want to ask questions about arbitrary pointers
- into the heap, even when they aren't known to be JSCells.
-
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::testAndClearMarked):
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::isMarked):
- (JSC::MarkedSpace::testAndSetMarked):
- (JSC::MarkedSpace::testAndClearMarked):
- (JSC::MarkedSpace::setMarked):
- (JSC::MarkedSpace::contains): Ditto.
-
- * wtf/Bitmap.h:
- (WTF::::testAndClear): New function for ConservativeRoots's inverted
- marking pass.
-
-2011-05-27 Stephanie Lewis <slewis@apple.com>
-
- Rubber Stamped by Adam Roben.
-
- Update Order Files. Use -order_file flag since it can order more of the binary.
-
- * Configurations/Base.xcconfig:
- * JavaScriptCore.order:
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Renamed heapRootMarker to heapRootVisitor to match its class name
- https://bugs.webkit.org/show_bug.cgi?id=61584
-
- * heap/Heap.cpp:
- (JSC::Heap::markProtectedObjects):
- (JSC::Heap::markTempSortVectors):
- (JSC::Heap::markRoots):
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed some interdependency between Heap and SmallStrings by simplifying
- the SmallStrings lifetime model
- https://bugs.webkit.org/show_bug.cgi?id=61579
-
- SunSpider reports no change.
-
- Using Weak<T> could accomplish this too, but we're not sure it will give
- us the performance we need. This is a first step, and it accomplishes
- most of the value of using Weak<T>.
-
- * heap/Heap.cpp:
- (JSC::Heap::destroy):
- (JSC::Heap::markRoots):
- (JSC::Heap::reset): Finalize small strings just like other weak handles.
-
- * runtime/SmallStrings.cpp:
- (JSC::finalize):
- (JSC::SmallStrings::finalizeSmallStrings):
- * runtime/SmallStrings.h: Make all small strings trivially weak, instead
- of having an "all for one, one for all" memory model.
-
-2011-05-26 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make RegExpCache a weak map
- https://bugs.webkit.org/show_bug.cgi?id=61554
-
- Switch to a weak map for the regexp cache, and hide that
- behaviour behind RegExp::create.
-
- When a RegExp is compiled it attempts to add itself to
- the "strong" cache. This cache is a simple round-robin
- buffer as was the old strong cache. Happily this can
- be smaller than the old strong cache as RegExps are only
- added when they're compiled so it is under less pressure
- to evict.
-
- * bytecompiler/NodesCodegen.cpp:
- (JSC::RegExpNode::emitBytecode):
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp):
- (JSC::RegExp::create):
- (JSC::RegExp::match):
- * runtime/RegExp.h:
- (JSC::RegExp::gcShouldInvalidateCode):
- (JSC::RegExp::hasCode):
- (JSC::RegExp::key):
- * runtime/RegExpCache.cpp:
- (JSC::RegExpCache::lookupOrCreate):
- (JSC::RegExpCache::RegExpCache):
- (JSC::RegExpCache::isReachableFromOpaqueRoots):
- (JSC::RegExpCache::finalize):
- * runtime/RegExpCache.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::constructRegExp):
- * runtime/RegExpPrototype.cpp:
- (JSC::regExpProtoFuncCompile):
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Moved Heap-related functions out of JSCell.h and into respective header files
- https://bugs.webkit.org/show_bug.cgi?id=61567
-
- * heap/Heap.h:
- (JSC::Heap::allocate):
- (JSC::Heap::heap):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::allocate):
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::sizeClassFor):
- (JSC::MarkedSpace::allocate):
- * runtime/JSCell.h:
- (JSC::JSCell::destructor):
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-26 Ryosuke Niwa <rniwa@webkit.org>
-
- Reviewed by Eric Seidel.
-
- [debug feature] WTFString should have show() method
- https://bugs.webkit.org/show_bug.cgi?id=61149
-
- Added String::show and AtomicString::show in NDEBUG.
-
- * wtf/text/AtomicString.cpp:
- (WTF::AtomicString::show):
- * wtf/text/AtomicString.h:
- * wtf/text/WTFString.cpp:
- (String::show):
- * wtf/text/WTFString.h:
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Factored out some Heap ASSERTs
- https://bugs.webkit.org/show_bug.cgi?id=61565
-
- * JavaScriptCore.exp:
- * heap/Heap.cpp:
- (JSC::isValidSharedInstanceThreadState):
- (JSC::isValidThreadState):
- (JSC::Heap::markRoots):
- (JSC::Heap::isValidAllocation):
- * heap/Heap.h:
- * runtime/JSCell.h:
- (JSC::JSCell::Heap::allocate):
-
-2011-05-26 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- https://bugs.webkit.org/show_bug.cgi?id=61508
- DFG JIT - Add support for get by id self caching.
-
- Change the call out to be an unexpected call (using silent spill/fill functions),
- add a structure check & compact load to the JIT code, and add repatching mechanisms.
- Since DFGOperations may want to be be implemented in asm, make these symbols be extern
- "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation,
- so that it can look up its StructureStubInfo.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Added new files.
- * bytecode/StructureStubInfo.h:
- - Added 'unset' entries to union.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
- - Return the call, we need this to populate the StructureStubInfo.
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- - Populate the CodebBlock's StructureStubInfo Vector.
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
- - Return the call, we need this to populate the StructureStubInfo.
- (JSC::DFG::JITCompiler::addPropertyAccess):
- (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
- - Add structures to record property access info during compilation.
- * dfg/DFGOperations.cpp:
- - Made all external methods extern "C".
- (JSC::DFG::operationPutByValInternal):
- - Moved outside of the extern "C" block.
- * dfg/DFGOperations.h:
- - Made all external methods extern "C".
- * dfg/DFGRepatch.cpp: Added.
- (JSC::DFG::dfgRepatchCall):
- - repatch a call to link to a new callee function.
- (JSC::DFG::dfgRepatchGetByIdSelf):
- - Modify the JIT code to optimize self accesses.
- (JSC::DFG::tryCacheGetByID):
- - Internal implementation of dfgRepatchGetByID (factor out failing cases).
- (JSC::DFG::dfgRepatchGetByID):
- - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses!
- * dfg/DFGRepatch.h: Added.
- - Expose dfgRepatchGetByID.
- * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- - Changed implementation of GetById ops.
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedBlock.h:
- * wtf/DoublyLinkedList.h:
- (WTF::::DoublyLinkedListNode):
- (WTF::::setPrev):
- (WTF::::setNext):
- (WTF::::prev):
- (WTF::::next):
- (WTF::::DoublyLinkedList):
- (WTF::::isEmpty):
- (WTF::::size):
- (WTF::::clear):
- (WTF::::head):
- (WTF::::append):
- (WTF::::remove):
- (WTF::::removeHead):
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Rolled out http://trac.webkit.org/changeset/87408 because it broke the
- Windows build.
-
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedBlock.h:
- (JSC::MarkedBlock::setPrev):
- (JSC::MarkedBlock::setNext):
- (JSC::MarkedBlock::prev):
- (JSC::MarkedBlock::next):
- * wtf/DoublyLinkedList.h:
- (WTF::::DoublyLinkedList):
- (WTF::::isEmpty):
- (WTF::::head):
- (WTF::::append):
- (WTF::::remove):
-
-2011-05-26 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Provide a real owner when copying a property table, for the sake of
- write barriers.
- https://bugs.webkit.org/show_bug.cgi?id=61547
-
- No test because we can't enable the writeBarrier() ASSERT just yet.
-
- * runtime/Structure.cpp:
- (JSC::Structure::addPropertyTransition):
-
-2011-05-26 Adam Roben <aroben@apple.com>
-
- Windows build fix after r87346
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match
- reality.
-
-2011-05-26 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Adam Barth.
-
- ASSERT(isMainThread()) when using single threaded jsc executable
- https://bugs.webkit.org/show_bug.cgi?id=60846
-
- Remove the ASSERT since we do not have the concept of MainThread in JSC.
- * wtf/CryptographicallyRandomNumber.cpp:
- (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
- (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
+2012-05-22 Mark Hahnenberg <mhahnenberg@apple.com>
-2011-05-25 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=61506
-
- Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator
- so that they are available to the SpeculativeJIT.
-
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::silentSpillGPR):
- (JSC::DFG::JITCodeGenerator::silentSpillFPR):
- (JSC::DFG::JITCodeGenerator::silentFillGPR):
- (JSC::DFG::JITCodeGenerator::silentFillFPR):
- (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
- (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
- * dfg/DFGNonSpeculativeJIT.h:
-
-2011-05-25 Ryosuke Niwa <rniwa@webkit.org>
-
- An attempt to revive Windows bots.
-
- * runtime/RegExp.cpp:
- * runtime/RegExp.h:
-
-2011-05-25 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT
-
- This data structure, used at runtime by the JIT, is currently unnecessarily populated
- with default entries during byte compilation.
-
- Aside from meaning that there is JIT specific code in the bytecompiler, this also ties
- us to one entry per corresponding bytecode op, which may be undesirable. Instead,
- populate this array from the JIT.
-
- The type StructureStubInfo has two unused states, one for gets & one for puts. Unify
- these, so that the class can have a default constructor (and to simply switch statements
- in code walking over the table).
-
- This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure
- to check for functions containing property access. Instead do so in the DFGByteCodeParser.
-
- * bytecode/CodeBlock.cpp:
- (JSC::printStructureStubInfo):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::setNumberOfStructureStubInfos):
- (JSC::CodeBlock::numberOfStructureStubInfos):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
- (JSC::StructureStubInfo::visitAggregate):
- * bytecode/StructureStubInfo.h:
- (JSC::StructureStubInfo::StructureStubInfo):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitPutById):
- (JSC::BytecodeGenerator::emitDirectPutById):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parseBlock):
- * jit/JIT.cpp:
- (JSC::JIT::JIT):
- (JSC::JIT::privateCompileMainPass):
- (JSC::JIT::privateCompileSlowCases):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::compileGetByIdSlowCase):
- (JSC::JIT::emitSlow_op_put_by_id):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emitSlow_op_get_by_id):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emitSlow_op_put_by_id):
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::compileGetByIdSlowCase):
- * runtime/Executable.cpp:
- (JSC::tryDFGCompile):
-
-2011-05-25 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::Call::Call):
- (JSC::AbstractMacroAssembler::Call::fromTailJump):
- (JSC::AbstractMacroAssembler::Jump::Jump):
- (JSC::AbstractMacroAssembler::Jump::link):
- (JSC::AbstractMacroAssembler::Jump::linkTo):
- (JSC::AbstractMacroAssembler::Jump::isSet):
- (JSC::AbstractMacroAssembler::differenceBetween):
- (JSC::AbstractMacroAssembler::linkJump):
- (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::link):
- (JSC::LinkBuffer::locationOf):
- (JSC::LinkBuffer::locationOfNearCall):
- (JSC::LinkBuffer::returnAddressOffset):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::linkCall):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::linkCall):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::linkCall):
- * assembler/MacroAssemblerSH4.cpp:
- (JSC::MacroAssemblerSH4::linkCall):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::linkCall):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::linkCall):
-
-2011-05-25 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=61500
- Add JSObject::offsetOfPropertyStorage
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::compileGetDirectOffset):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::compilePutDirectOffset):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::compilePutDirectOffset):
- (JSC::JIT::compileGetDirectOffset):
- * runtime/JSObject.h:
- (JSC::JSObject::offsetOfPropertyStorage):
-
-2011-05-25 Oliver Hunt <oliver@apple.com>
+ CopiedSpace::contains doesn't check for oversize blocks
+ https://bugs.webkit.org/show_bug.cgi?id=87180
Reviewed by Geoffrey Garen.
- Make RegExp GC allocated
- https://bugs.webkit.org/show_bug.cgi?id=61490
-
- Make RegExp GC allocated. Basically mechanical change to replace
- most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
- where actual ownership happens.
-
- Made the RegExpCache use Strong<> references currently to avoid any
- changes in behaviour.
-
- * JavaScriptCore.exp:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addRegExp):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addRegExp):
- (JSC::BytecodeGenerator::emitNewRegExp):
- * bytecompiler/BytecodeGenerator.h:
- * runtime/JSCell.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::clearBuiltinStructures):
- (JSC::JSGlobalData::addRegExpToTrace):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp):
- (JSC::RegExp::create):
- (JSC::RegExp::invalidateCode):
- * runtime/RegExp.h:
- (JSC::RegExp::createStructure):
- * runtime/RegExpCache.cpp:
- (JSC::RegExpCache::lookupOrCreate):
- (JSC::RegExpCache::create):
- * runtime/RegExpCache.h:
- * runtime/RegExpConstructor.cpp:
- (JSC::constructRegExp):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- (JSC::RegExpObject::visitChildren):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::setRegExp):
- (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- (JSC::regExpProtoFuncCompile):
- * runtime/RegExpPrototype.h:
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
-
-2011-05-25 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Generate regexp code lazily
- https://bugs.webkit.org/show_bug.cgi?id=61476
-
- RegExp construction now simply validates the RegExp, it does
- not perform actual codegen.
-
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp):
- (JSC::RegExp::recompile):
- (JSC::RegExp::compile):
- (JSC::RegExp::match):
- * runtime/RegExp.h:
- (JSC::RegExp::recompileIfNecessary):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::performMatch):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::match):
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncReplace):
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- (JSC::stringProtoFuncSplit):
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Removed MarkSetProperties because it was unused
- https://bugs.webkit.org/show_bug.cgi?id=61418
-
- * heap/MarkStack.h:
- (JSC::MarkSet::MarkSet):
- (JSC::MarkStack::append):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- * runtime/JSArray.h:
- (JSC::JSArray::visitChildrenDirect):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/WriteBarrier.h:
- (JSC::MarkStack::appendValues):
-
-2011-05-25 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make allocations with guard pages ensure that the allocation succeeded
- https://bugs.webkit.org/show_bug.cgi?id=61453
-
- Add null checks, and make PageBlock's operator bool() use
- the realbase, rather than the start of usable memory.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
- * wtf/PageBlock.h:
- (WTF::PageBlock::operator bool):
- (WTF::PageBlock::PageBlock):
-
-2011-04-10 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Eric Seidel.
-
- Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers.
-
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * bytecompiler/BytecodeGenerator.h:
-
-2011-05-24 Keishi Hattori <keishi@webkit.org>
-
- Reviewed by Kent Tamura.
-
- Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer.
- https://bugs.webkit.org/show_bug.cgi?id=61273
-
- * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag.
-
-2011-05-24 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Eric Seidel.
-
- Add export macros to WTFString.h.
-
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * wtf/text/WTFString.h:
- (WTF::String::String):
- (WTF::String::findIgnoringCase):
- (WTF::String::isHashTableDeletedValue):
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Maybe fix the Mac build now?
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Maybe fix the Mac build?
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Split HeapRootVisitor into its own class
- https://bugs.webkit.org/show_bug.cgi?id=61399
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/HandleHeap.cpp:
- * heap/HandleStack.cpp:
- * heap/Heap.cpp:
- * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h.
- * heap/MarkStack.h:
- * runtime/ArgList.cpp:
- * runtime/SmallStrings.cpp:
-
-2011-05-24 Jay Civelli <jcivelli@chromium.org>
-
- Rubberstamped by David Kilzer.
-
- Updated some files that I forgot in my previous MHTML CL.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Fix the Mac build: Yes, please do remove these files, svn.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Let's just have one way to get the system page size, bokay?
- https://bugs.webkit.org/show_bug.cgi?id=61384
-
- * CMakeListsEfl.txt:
- * CMakeListsWinCE.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
- is gone completely now, since it only existed to provide a duplicate way
- to access the system page size.
-
- * heap/MarkStack.cpp:
- (JSC::MarkStack::reset):
- * heap/MarkStack.h:
- (JSC::::MarkStackArray):
- (JSC::::shrinkAllocation): Use WTF::pageSize.
-
- * heap/MarkStackPosix.cpp:
- * heap/MarkStackSymbian.cpp:
- * heap/MarkStackWin.cpp: Removed now-empty files.
-
- * jit/ExecutableAllocator.cpp:
- (JSC::ExecutableAllocator::reprotectRegion):
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::ExecutableAllocator):
- (JSC::ExecutablePool::ExecutablePool):
- (JSC::ExecutablePool::poolAllocate):
- * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
-
- * wscript: Removed now-empty files.
-
- * wtf/PageBlock.cpp:
- (WTF::systemPageSize): Integrated questionable Symbian page size rule
- from ExecutableAllocator, because that seems like what the original
- author should have done.
-
-2011-05-24 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
- https://bugs.webkit.org/show_bug.cgi?id=61385
-
- The interpreter uses the structure slot of get_by_id and put_by_id to hold
- the initial structure it encountered so that it can identify whether a
- given access is stable.
-
- When marking though we only visit the slot when we've decided to cache, and
- so this value could die. This was "safe" as the value was only used for a
- pointer compare, but it was incorrect. We now just mark the slot like we
- should have been doing already.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitStructures):
-
-2011-05-24 Adam Roben <aroben@apple.com>
-
- Windows build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions.
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Windows build fix: update the #if OS(WINDOWS) section to match my last patch.
-
- * heap/MarkStack.h:
- (JSC::::shrinkAllocation):
-
-2011-05-24 Geoffrey Garen <ggaren@apple.com>
-
- Rubber-stamped by Oliver Hunt.
-
- Split out function definitions and class definitions from class
- declarations in MarkStack.h, for readability.
-
- * heap/MarkStack.h:
- (JSC::MarkStack::MarkStack):
- (JSC::MarkStack::~MarkStack):
- (JSC::MarkStack::addOpaqueRoot):
- (JSC::MarkStack::containsOpaqueRoot):
- (JSC::MarkStack::opaqueRootCount):
- (JSC::MarkSet::MarkSet):
- (JSC::MarkStack::allocateStack):
- (JSC::MarkStack::releaseStack):
- (JSC::MarkStack::pageSize):
- (JSC::::MarkStackArray):
- (JSC::::~MarkStackArray):
- (JSC::::expand):
- (JSC::::append):
- (JSC::::removeLast):
- (JSC::::last):
- (JSC::::isEmpty):
- (JSC::::size):
- (JSC::::shrinkAllocation):
-
-2011-05-24 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Avoid creating unnecessary identifiers and strings in the syntax checker
- https://bugs.webkit.org/show_bug.cgi?id=61378
-
- Selectively tell the lexer that there are some places it does not need to
- do the real work of creating Identifiers for IDENT and STRING tokens.
-
- Make parseString and parseIdentifier templatized on whether they should
- do real work, or merely validate the tokens.
-
- SunSpider --parse-only reports ~5-8% win depending on hardware.
-
- * parser/ASTBuilder.h:
- (JSC::ASTBuilder::createDotAccess):
- * parser/JSParser.cpp:
- (JSC::JSParser::next):
- (JSC::JSParser::consume):
- (JSC::JSParser::parseVarDeclarationList):
- (JSC::JSParser::parseConstDeclarationList):
- (JSC::JSParser::parseExpression):
- (JSC::JSParser::parseAssignmentExpression):
- (JSC::JSParser::parseConditionalExpression):
- (JSC::JSParser::parseBinaryExpression):
- (JSC::JSParser::parseProperty):
- (JSC::JSParser::parseObjectLiteral):
- (JSC::JSParser::parseArrayLiteral):
- (JSC::JSParser::parseArguments):
- (JSC::JSParser::parseMemberExpression):
- * parser/Lexer.cpp:
- (JSC::Lexer::parseIdentifier):
- (JSC::Lexer::parseString):
- (JSC::Lexer::lex):
- * parser/Lexer.h:
- * parser/SyntaxChecker.h:
- (JSC::SyntaxChecker::createDotAccess):
- (JSC::SyntaxChecker::createProperty):
-
-2011-05-23 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Mark Rowe.
-
- Safari often freezes when clicking "Return free memory" in Caches dialog
- https://bugs.webkit.org/show_bug.cgi?id=61325
-
- There are two fixes and improvement in instrumentation code used to find
- one of the problems.
- Changed ReleaseFreeList() to set the "decommitted" bit when releasing
- pages to the system and moving Spans from the normal list to the returned
- list.
- Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
- to eliminate an infinite loop if we can't meet the pagesToRelease target.
- Added a check for the decommitted bit being set properly in
- TCMalloc_PageHeap::CheckList.
-
- * wtf/FastMalloc.cpp:
- (WTF::TCMalloc_PageHeap::scavenge):
- (WTF::TCMalloc_PageHeap::Check):
- (WTF::TCMalloc_PageHeap::CheckList):
- (WTF::ReleaseFreeList):
-
-2011-05-23 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- https://bugs.webkit.org/show_bug.cgi?id=61306
-
- The begin characters optimization currently has issues (#61129),
- and does not appear to still be a performance win. The prudent
- next step seems to be to disable while we ascertain whether this
- is still a useful performance optimization.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::matchDisjunction):
- (JSC::Yarr::Interpreter::interpret):
- * yarr/YarrInterpreter.h:
- (JSC::Yarr::BytecodePattern::BytecodePattern):
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
- (JSC::Yarr::YarrPattern::compile):
- (JSC::Yarr::YarrPattern::YarrPattern):
- * yarr/YarrPattern.h:
- (JSC::Yarr::YarrPattern::reset):
-
-2011-05-23 Matthew Delaney <mdelaney@apple.com>
-
- Reviewed by Simon Fraser.
-
- Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
- https://bugs.webkit.org/show_bug.cgi?id=58216
-
- * wtf/MathExtras.h:
- (clampToInteger):
- (clampToPositiveInteger):
-
-2011-05-23 Ruben <chromium@hybridsource.org>
-
- Reviewed by Tony Chang.
-
- Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
- https://bugs.webkit.org/show_bug.cgi?id=61219
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-05-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Gavin Barraclough.
-
- [SH4] AssemblerLabel does not name a type
- https://bugs.webkit.org/show_bug.cgi?id=59927
-
- SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.
-
- * assembler/MacroAssemblerSH4.h:
-
-2011-05-23 Ryuan Choi <ryuan.choi@samsung.com>
-
- Rubber stamped by Eric Seidel.
-
- [CMAKE] Refactoring wtf related code.
- https://bugs.webkit.org/show_bug.cgi?id=60146
-
- Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.
-
- * CMakeLists.txt:
- * CMakeListsEfl.txt:
- * wtf/CMakeLists.txt:
- * wtf/CMakeListsEfl.txt:
-
-2011-05-22 Adam Barth <abarth@webkit.org>
-
- Enable strict PassOwnPtr for everyone. I expect this patch will need
- some followups to make the GTK and EFL bots green again.
-
- * wtf/PassOwnPtr.h:
-
-2011-05-20 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Reduce size of inline cache path of get_by_id on ARMv7
- https://bugs.webkit.org/show_bug.cgi?id=61221
-
- This reduces the code size of get_by_id by 20 bytes
-
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::ldrCompact):
- (JSC::ARMv7Assembler::repatchCompact):
- (JSC::ARMv7Assembler::setUInt7ForLoad):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
- * jit/JIT.h:
-
-2011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
-
- Reviewed by Oliver Hunt.
-
- Zombies should "live" forever
- https://bugs.webkit.org/show_bug.cgi?id=61170
-
- Reusing zombie cells could still hide garbage
- collected cell related bugs.
-
- * JavaScriptCore.pro:
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::clearMarks):
- * heap/MarkedBlock.h:
- * heap/MarkedSpace.cpp:
- (JSC::MarkedSpace::destroy):
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::isZombie):
- * runtime/JSZombie.h:
- (JSC::JSZombie::~JSZombie):
- * runtime/WriteBarrier.h:
- (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-
-2011-05-20 Brady Eidson <beidson@apple.com>
-
- Reviewed by Sam Weinig.
-
- <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
- Horrendous bug in callOnMainThreadAndWait
-
- * wtf/MainThread.cpp:
- (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
- syncFlag condition, reacquire the mutex first.
-
-2011-05-20 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Sam Weinig.
-
- Remove unnecessary double->int conversion at the end of op_div
- https://bugs.webkit.org/show_bug.cgi?id=61198
-
- We don't attempt this conversion on 64bit, removing it actually speeds
- up sunspider and v8 slightly, and it reduces code size.
-
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_div):
-
-2011-05-19 Evan Martin <evan@chromium.org>
-
- Reviewed by Tony Chang.
+ When doing a conservative scan we use CopiedSpace::contains to determine if a particular
+ address points into the CopiedSpace. Currently contains() only checks if the address
+ points to a block in to-space, which means that pointers to oversize blocks may not get scanned.
- [chromium] remove <(library) variable
- https://bugs.webkit.org/show_bug.cgi?id=61158
-
- This was for a build experiment; we can just use the correct value now.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-05-20 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Sam Weinig.
-
- Interpreter uses wrong bytecode offset for determining exception handler
- https://bugs.webkit.org/show_bug.cgi?id=61191
-
- The bytecode offset given for the returnPC from the JIT is
- actually the offset for the start of the instruction triggering
- the call, whereas in the interpreter it is the actual return
- VPC. This means if the next instruction following a call was
- in an exception region we would incorrectly redirect to its
- handler. Long term we want to completely redo how exceptions
- are handled anyway so the simplest and lowest risk fix here is
- to simply subtract one from the return vPC so that we have an
- offset in the triggering instruction.
-
- It turns out this is caught by a couple of tests already.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::unwindCallFrame):
-
-2011-05-20 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Oliver Hunt.
-
- JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
- https://bugs.webkit.org/show_bug.cgi?id=42756
-
- Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
- check of the available memory. This should give us an
- overcommit-like behavior in most systems, which is what we want.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.
-
-2011-05-19 Gabor Loki <loki@webkit.org>
-
- Fix ARM build after r86919
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::nop):
-
-2011-05-19 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Randomise code starting location a little
- https://bugs.webkit.org/show_bug.cgi?id=61161
-
- Add a nop() function to the Assemblers so that we
- can randomise code offsets slightly at no real cost.
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::nop):
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::nop):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::nop):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::nop):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::nop):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::nop):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::nop):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::nop):
- * jit/JIT.cpp:
- (JSC::JIT::JIT):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * runtime/WeakRandom.h:
- (JSC::WeakRandom::getUint32):
-
-2011-05-19 Oliver Hunt <oliver@apple.com>
-
- Fix windows build.
-
- * wtf/OSAllocatorWin.cpp:
- (WTF::OSAllocator::reserveUncommitted):
- (WTF::OSAllocator::reserveAndCommit):
-
-2011-05-19 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Add guard pages to each end of the memory region used by the fixedvm allocator
- https://bugs.webkit.org/show_bug.cgi?id=61150
-
- Add mechanism to notify the OSAllocator that pages at either end of an
- allocation should be considered guard pages. Update PageReservation,
- PageAllocation, etc to handle this.
-
- * JavaScriptCore.exp:
- * jit/ExecutableAllocatorFixedVMPool.cpp:
- (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
- * wtf/OSAllocator.h:
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveUncommitted):
- (WTF::OSAllocator::reserveAndCommit):
- * wtf/PageAllocation.h:
- (WTF::PageAllocation::PageAllocation):
- * wtf/PageAllocationAligned.h:
- (WTF::PageAllocationAligned::PageAllocationAligned):
- * wtf/PageBlock.h:
- (WTF::PageBlock::PageBlock):
- * wtf/PageReservation.h:
- (WTF::PageReservation::reserve):
- (WTF::PageReservation::reserveWithGuardPages):
- Add a new function to make a reservation that will add guard
- pages to the ends of an allocation.
- (WTF::PageReservation::PageReservation):
-
-2011-05-19 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make Executables release their JIT code as soon as they become dead
- https://bugs.webkit.org/show_bug.cgi?id=61134
-
- Add an ability to clear an Executable's jit code without requiring
- it to be destroyed, and then call that from a finalizer.
-
- * heap/Weak.h:
- (JSC::Weak::Weak):
- (JSC::Weak::leak):
- * jit/JITCode.h:
- (JSC::JITCode::clear):
- * runtime/Executable.cpp:
- (JSC::ExecutableFinalizer::finalize):
- (JSC::ExecutableBase::executableFinalizer):
- * runtime/Executable.h:
- (JSC::ExecutableBase::ExecutableBase):
- (JSC::ExecutableBase::clearExecutableCode):
-
-2011-05-19 Adam Roben <aroben@apple.com>
-
- Remove a redundant and broken data export
-
- Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
- JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
- to a linker warning about multiple definitions.)
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
-
-2011-05-18 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
- https://bugs.webkit.org/show_bug.cgi?id=61064
-
- Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
- for its inline storage. This resolves the problem of GC occurring before
- a subclass has initialised its anonymous storage.
-
- * runtime/JSObject.h:
-
-2011-05-18 Adam Barth <abarth@webkit.org>
-
- Reviewed by Sam Weinig.
-
- Delete WTFURL
- https://bugs.webkit.org/show_bug.cgi?id=61084
-
- It's been a year and we've failed to complete this project. It's time
- to throw in the towel.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/url: Removed.
- * wtf/url/api: Removed.
- * wtf/url/api/ParsedURL.cpp: Removed.
- * wtf/url/api/ParsedURL.h: Removed.
- * wtf/url/api/URLString.h: Removed.
- * wtf/url/src: Removed.
- * wtf/url/src/RawURLBuffer.h: Removed.
- * wtf/url/src/URLBuffer.h: Removed.
- * wtf/url/src/URLCharacterTypes.cpp: Removed.
- * wtf/url/src/URLCharacterTypes.h: Removed.
- * wtf/url/src/URLComponent.h: Removed.
- * wtf/url/src/URLEscape.cpp: Removed.
- * wtf/url/src/URLEscape.h: Removed.
- * wtf/url/src/URLParser.h: Removed.
- * wtf/url/src/URLQueryCanonicalizer.h: Removed.
- * wtf/url/src/URLSegments.cpp: Removed.
- * wtf/url/src/URLSegments.h: Removed.
- * wtf/url/wtfurl.gyp: Removed.
-
-2011-05-18 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Sam Weinig.
-
- JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
- https://bugs.webkit.org/show_bug.cgi?id=61090
-
- Remove the Structure-free JSGlobalObject constructor and instead always
- pass the structure into the JSGlobalObject constructor.
- Stop DebuggerActivation creating a new structure every time, and simply
- use a single shared structure held by the GlobalData.
-
- * API/JSContextRef.cpp:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::DebuggerActivation):
- * jsc.cpp:
- (GlobalObject::GlobalObject):
- (functionRun):
- (jscmain):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::clearBuiltinStructures):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.h:
-
-2011-05-18 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Adam Roben.
-
- Disable gc validation in release builds
- https://bugs.webkit.org/show_bug.cgi?id=60680
-
- Add back the NDEBUG check
-
- * wtf/Platform.h:
-
-2011-05-17 Geoffrey Garen <ggaren@apple.com>
-
- Rolled out attempts to fix EFL build because they're not enough -- the
- build script needs to be fixed.
-
- * runtime/BooleanPrototype.cpp:
- * runtime/DateConstructor.cpp:
- * runtime/ErrorPrototype.cpp:
-
-2011-05-17 Geoffrey Garen <ggaren@apple.com>
-
- More attempts to work around the EFL build system being borken.
-
- * runtime/DateConstructor.cpp:
- * runtime/ErrorPrototype.cpp:
-
-2011-05-17 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the EFL build.
-
- * runtime/BooleanPrototype.cpp:
-
-2011-05-16 Geoffrey Garen <ggaren@apple.com>
-
- Rolling back in r86653 with build fixed.
-
- Reviewed by Gavin Barraclough and Oliver Hunt.
-
- Global object initialization is expensive
- https://bugs.webkit.org/show_bug.cgi?id=60933
-
- Changed a bunch of globals to allocate their properties lazily, and changed
- the global object to allocate a bunch of its globals lazily.
-
- This reduces the footprint of a global object from 287 objects with 58
- functions for 24K to 173 objects with 20 functions for 15K.
-
- Large patch, but it's all mechanical.
-
- * DerivedSources.make:
- * JavaScriptCore.exp: Build!
-
- * create_hash_table: Added a special case for fromCharCode, since it uses
- a custom "thunk generator".
-
- * heap/Heap.cpp:
- (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
- overcount objects that were owned through more than one mechanism because
- it was getting in the way of counting the results for this patch.
-
- * interpreter/CallFrame.h:
- (JSC::ExecState::arrayConstructorTable):
- (JSC::ExecState::arrayPrototypeTable):
- (JSC::ExecState::booleanPrototypeTable):
- (JSC::ExecState::dateConstructorTable):
- (JSC::ExecState::errorPrototypeTable):
- (JSC::ExecState::globalObjectTable):
- (JSC::ExecState::numberConstructorTable):
- (JSC::ExecState::numberPrototypeTable):
- (JSC::ExecState::objectPrototypeTable):
- (JSC::ExecState::regExpPrototypeTable):
- (JSC::ExecState::stringConstructorTable): Added new tables.
-
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- (JSC::ArrayConstructor::getOwnPropertySlot):
- (JSC::ArrayConstructor::getOwnPropertyDescriptor):
- * runtime/ArrayConstructor.h:
- (JSC::ArrayConstructor::createStructure):
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertySlot):
- (JSC::ArrayPrototype::getOwnPropertyDescriptor):
- * runtime/ArrayPrototype.h:
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- (JSC::BooleanPrototype::getOwnPropertySlot):
- (JSC::BooleanPrototype::getOwnPropertyDescriptor):
- * runtime/BooleanPrototype.h:
- (JSC::BooleanPrototype::createStructure):
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- (JSC::DateConstructor::getOwnPropertySlot):
- (JSC::DateConstructor::getOwnPropertyDescriptor):
- * runtime/DateConstructor.h:
- (JSC::DateConstructor::createStructure):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- (JSC::ErrorPrototype::getOwnPropertySlot):
- (JSC::ErrorPrototype::getOwnPropertyDescriptor):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::createStructure): Standardized these objects
- to use static tables for function properties.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- * runtime/JSGlobalData.h: Added new tables.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::addStaticGlobals):
- (JSC::JSGlobalObject::getOwnPropertySlot):
- (JSC::JSGlobalObject::getOwnPropertyDescriptor):
- * runtime/JSGlobalObject.h:
- * runtime/JSGlobalObjectFunctions.cpp:
- * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
- static table for its global functions. This required uninlining some
- things to avoid a circular header dependency. However, those things
- probably shouldn't have been inlined in the first place.
-
- Even more global object properties can be made lazy, but that requires
- more in-depth changes.
-
- * runtime/MathObject.cpp:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getOwnPropertySlot):
- (JSC::NumberConstructor::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- (JSC::NumberPrototype::getOwnPropertySlot):
- (JSC::NumberPrototype::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::createStructure):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::ObjectPrototype):
- (JSC::ObjectPrototype::put):
- (JSC::ObjectPrototype::getOwnPropertySlot):
- (JSC::ObjectPrototype::getOwnPropertyDescriptor):
- * runtime/ObjectPrototype.h:
- (JSC::ObjectPrototype::createStructure):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- (JSC::RegExpPrototype::getOwnPropertySlot):
- (JSC::RegExpPrototype::getOwnPropertyDescriptor):
- * runtime/RegExpPrototype.h:
- (JSC::RegExpPrototype::createStructure):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- (JSC::StringConstructor::getOwnPropertySlot):
- (JSC::StringConstructor::getOwnPropertyDescriptor):
- * runtime/StringConstructor.h:
- (JSC::StringConstructor::createStructure): Standardized these objects
- to use static tables for function properties.
-
-2011-05-17 Sam Weinig <sam@webkit.org>
-
- Reviewed by Oliver Hunt.
-
- JSGlobalContextRelease should not trigger a synchronous garbage collection
- https://bugs.webkit.org/show_bug.cgi?id=60990
-
- * API/JSContextRef.cpp:
- Change synchronous call to collectAllGarbage to a call to trigger the
- activityCallback.
-
-2011-05-16 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Reduce code size for inline cache
- https://bugs.webkit.org/show_bug.cgi?id=60942
-
- This patch introduces the concept of a "compact" address that
- allows individual architectures to control the maximum offset
- used for the inline path of get_by_id. This reduces the code
- size of get_by_id by 3 bytes on x86 and x86_64 and slightly
- improves performance on v8 tests.
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::repatchCompact):
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::repatchCompact):
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
- (JSC::AbstractMacroAssembler::differenceBetween):
- (JSC::AbstractMacroAssembler::repatchCompact):
- * assembler/CodeLocation.h:
- (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
- (JSC::CodeLocationCommon::dataLabelCompactAtOffset):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::locationOf):
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::repatchCompact):
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::repatchCompact):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
- * assembler/RepatchBuffer.h:
- (JSC::RepatchBuffer::repatch):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::repatchCompact):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::movl_mr_disp8):
- (JSC::X86Assembler::movq_mr_disp8):
- (JSC::X86Assembler::repatchCompact):
- (JSC::X86Assembler::setInt8):
- (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
- (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
- (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::patchGetByIdSelf):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::patchGetByIdSelf):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::tryCacheGetByID):
-
-2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r86653.
- http://trac.webkit.org/changeset/86653
- https://bugs.webkit.org/show_bug.cgi?id=60944
-
- "Caused regressions on Windows, OSX and EFL" (Requested by
- yutak on #webkit).
-
- * DerivedSources.make:
- * DerivedSources.pro:
- * GNUmakefile.am:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * create_hash_table:
- * heap/Heap.cpp:
- (JSC::TypeCounter::operator()):
- * interpreter/CallFrame.h:
- (JSC::ExecState::arrayTable):
- (JSC::ExecState::numberTable):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertySlot):
- (JSC::ArrayPrototype::getOwnPropertyDescriptor):
- * runtime/ArrayPrototype.h:
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- * runtime/DateConstructor.h:
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- * runtime/ErrorPrototype.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::addStaticGlobals):
- (JSC::JSGlobalObject::getOwnPropertySlot):
- (JSC::JSGlobalObject::getOwnPropertyDescriptor):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncJSCPrint):
- * runtime/JSGlobalObjectFunctions.h:
- * runtime/MathObject.cpp:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getOwnPropertySlot):
- (JSC::NumberConstructor::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- * runtime/NumberPrototype.h:
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::ObjectPrototype):
- (JSC::ObjectPrototype::put):
- (JSC::ObjectPrototype::getOwnPropertySlot):
- * runtime/ObjectPrototype.h:
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- * runtime/RegExpPrototype.h:
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- * runtime/StringConstructor.h:
-
-2011-05-16 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Global object initialization is expensive
- https://bugs.webkit.org/show_bug.cgi?id=60933
-
- Changed a bunch of globals to allocate their properties lazily, and changed
- the global object to allocate a bunch of its globals lazily.
-
- This reduces the footprint of a global object from 287 objects with 58
- functions for 24K to 173 objects with 20 functions for 15K.
-
- Large patch, but it's all mechanical.
-
- * DerivedSources.make:
- * JavaScriptCore.exp: Build!
-
- * create_hash_table: Added a special case for fromCharCode, since it uses
- a custom "thunk generator".
-
- * heap/Heap.cpp:
- (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
- overcount objects that were owned through more than one mechanism because
- it was getting in the way of counting the results for this patch.
-
- * interpreter/CallFrame.h:
- (JSC::ExecState::arrayConstructorTable):
- (JSC::ExecState::arrayPrototypeTable):
- (JSC::ExecState::booleanPrototypeTable):
- (JSC::ExecState::dateConstructorTable):
- (JSC::ExecState::errorPrototypeTable):
- (JSC::ExecState::globalObjectTable):
- (JSC::ExecState::numberConstructorTable):
- (JSC::ExecState::numberPrototypeTable):
- (JSC::ExecState::objectPrototypeTable):
- (JSC::ExecState::regExpPrototypeTable):
- (JSC::ExecState::stringConstructorTable): Added new tables.
-
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- (JSC::ArrayConstructor::getOwnPropertySlot):
- (JSC::ArrayConstructor::getOwnPropertyDescriptor):
- * runtime/ArrayConstructor.h:
- (JSC::ArrayConstructor::createStructure):
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::getOwnPropertySlot):
- (JSC::ArrayPrototype::getOwnPropertyDescriptor):
- * runtime/ArrayPrototype.h:
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- (JSC::BooleanPrototype::getOwnPropertySlot):
- (JSC::BooleanPrototype::getOwnPropertyDescriptor):
- * runtime/BooleanPrototype.h:
- (JSC::BooleanPrototype::createStructure):
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- (JSC::DateConstructor::getOwnPropertySlot):
- (JSC::DateConstructor::getOwnPropertyDescriptor):
- * runtime/DateConstructor.h:
- (JSC::DateConstructor::createStructure):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- (JSC::ErrorPrototype::getOwnPropertySlot):
- (JSC::ErrorPrototype::getOwnPropertyDescriptor):
- * runtime/ErrorPrototype.h:
- (JSC::ErrorPrototype::createStructure): Standardized these objects
- to use static tables for function properties.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- * runtime/JSGlobalData.h: Added new tables.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::addStaticGlobals):
- (JSC::JSGlobalObject::getOwnPropertySlot):
- (JSC::JSGlobalObject::getOwnPropertyDescriptor):
- * runtime/JSGlobalObject.h:
- * runtime/JSGlobalObjectFunctions.cpp:
- * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
- static table for its global functions. This required uninlining some
- things to avoid a circular header dependency. However, those things
- probably shouldn't have been inlined in the first place.
-
- Even more global object properties can be made lazy, but that requires
- more in-depth changes.
-
- * runtime/MathObject.cpp:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::getOwnPropertySlot):
- (JSC::NumberConstructor::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- (JSC::NumberPrototype::getOwnPropertySlot):
- (JSC::NumberPrototype::getOwnPropertyDescriptor):
- * runtime/NumberPrototype.h:
- (JSC::NumberPrototype::createStructure):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::ObjectPrototype):
- (JSC::ObjectPrototype::put):
- (JSC::ObjectPrototype::getOwnPropertySlot):
- (JSC::ObjectPrototype::getOwnPropertyDescriptor):
- * runtime/ObjectPrototype.h:
- (JSC::ObjectPrototype::createStructure):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- (JSC::RegExpPrototype::getOwnPropertySlot):
- (JSC::RegExpPrototype::getOwnPropertyDescriptor):
- * runtime/RegExpPrototype.h:
- (JSC::RegExpPrototype::createStructure):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- (JSC::StringConstructor::getOwnPropertySlot):
- (JSC::StringConstructor::getOwnPropertyDescriptor):
- * runtime/StringConstructor.h:
- (JSC::StringConstructor::createStructure): Standardized these objects
- to use static tables for function properties.
-
-2011-05-16 David Kilzer <ddkilzer@apple.com>
-
- <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
- <rdar://problem/9446430>
-
- Reviewed by Mark Rowe.
-
- * Configurations/Base.xcconfig: Fixed typo.
-
-2011-05-16 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- JSWeakObjectMap finalisation may occur while gc is in inconsistent state
- https://bugs.webkit.org/show_bug.cgi?id=60908
- <rdar://problem/9409491>
-
- We need to ensure that we have called all the weak map finalizers while
- the global object (and hence global context) is still in a consistent
- state. The best way to achieve this is to simply use a weak handle and
- finalizer on the global object.
-
- * JavaScriptCore.exp:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::registerWeakMap):
-
-2011-05-16 Siddharth Mathur <siddharth.mathur@nokia.com>
-
- Reviewed by Laszlo Gombos.
-
- [Qt][WK2][Symbian] Shared memory implementation for Symbian
- https://bugs.webkit.org/show_bug.cgi?id=55875
-
- * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users
-
-2011-05-16 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Geoff Garen.
-
- https://bugs.webkit.org/show_bug.cgi?id=60866
- Evaluation order broken for empty alternatives in subpatterns
-
- Reverting https://bugs.webkit.org/show_bug.cgi?id=51395
-
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
-
-2011-05-15 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen & Michael Saboff.
-
- https://bugs.webkit.org/show_bug.cgi?id=60860
- Simplify backtracking in YARR JIT
-
- YARR JIT currently performs a single pass of code generation over the pattern,
- with special handling to allow the code generation for some backtracking code
- out of line. We can simplify things by moving to a common mechanism whereby all
- forwards matching code is generated in one pass, and all backtracking code is
- generated in another. Backtracking code can be generated in reverse order, to
- optimized the common fall-through case.
-
- To make it easier to walk over the pattern, we can first convert to a more
- byte-code like format before JIT generating. In time we should unify this with
- the YARR interpreter to more closely unify the two.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
- (JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
- (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
- (JSC::Yarr::YarrGenerator::BacktrackingState::append):
- (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
- (JSC::Yarr::YarrGenerator::BacktrackingState::link):
- (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
- (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
- (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
- (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
- (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
- (JSC::Yarr::YarrGenerator::generateAssertionBOL):
- (JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
- (JSC::Yarr::YarrGenerator::generateAssertionEOL):
- (JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
- (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
- (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
- (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
- (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
- (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
- (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
- (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
- (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
- (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
- (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
- (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
- (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
- (JSC::Yarr::YarrGenerator::generateTerm):
- (JSC::Yarr::YarrGenerator::backtrackTerm):
- (JSC::Yarr::YarrGenerator::generate):
- (JSC::Yarr::YarrGenerator::backtrack):
- (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
- (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
- (JSC::Yarr::YarrGenerator::opCompileAlternative):
- (JSC::Yarr::YarrGenerator::opCompileBody):
- (JSC::Yarr::YarrGenerator::YarrGenerator):
- (JSC::Yarr::YarrGenerator::compile):
-
-2011-05-15 Adam Barth <abarth@webkit.org>
-
- Enable strict PassOwnPtr on Qt. (Build fixes to follow.)
-
- * wtf/PassOwnPtr.h:
-
-2011-05-15 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Maciej Stachowiak.
-
- Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
- in browser than on command line
-
- This patch fixes a few issues in generated code that could unreasonably
- prolong object lifetimes.
-
- * heap/Heap.cpp:
- (JSC::Heap::collectAllGarbage): Throw away all function code before doing
- a major collection. We want to clear polymorphic caches, since they can
- keep alive large object graphs that have gone "stale". For the same reason,
- but to a lesser extent, we also want to clear linked functions and other
- one-off caches.
-
- This has the side-benefit of reducing memory footprint from run-once
- functions, and of allowing predictions and caches that have failed to
- re-specialize.
-
- Eventually, if compilation costs rise far enough, we may want a more
- limited strategy for de-specializing code without throwing it away
- completely, but this works for now, and it's the simplest solution.
-
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
- * jit/JITStubs.h:
- * runtime/JSFunction.cpp: Made the host function stub cache weak --
- otherwise it's effectively a memory leak that can seriously fragment the
- GC and JIT heaps.
-
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::visitChildren): Cleared up some comments that confused
- me when working with this code.
-
-2011-05-13 Oliver Hunt <oliver@apple.com>
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::tryAllocateOversize):
+ (JSC::CopiedSpace::tryReallocateOversize):
+ (JSC::CopiedSpace::doneFillingBlock):
+ (JSC::CopiedSpace::doneCopying):
+ * heap/CopiedSpace.h: Refactored CopiedSpace so that all blocks (oversize and to-space) are
+ in a single hash set and bloom filter for membership testing.
+ (CopiedSpace):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::contains): We check for the normal block first. Since the oversize blocks are
+ only page aligned, rather than block aligned, we have to re-mask the ptr to check if it's in
+ CopiedSpace. Also added a helper function of the same name that takes a CopiedBlock* and checks
+ if it's in CopiedSpace so that check isn't typed out twice.
+ (JSC):
+ (JSC::CopiedSpace::startedCopying):
+ (JSC::CopiedSpace::addNewBlock):
- Reviewed by Geoffrey Garen.
+2012-05-22 Geoffrey Garen <ggaren@apple.com>
- Make GC validation more aggressive
- https://bugs.webkit.org/show_bug.cgi?id=60802
+ CopiedBlock and MarkedBlock should have proper value semantics (i.e., destructors)
+ https://bugs.webkit.org/show_bug.cgi?id=87172
- This patch makes the checks performed under GC_VALIDATION
- much more aggressive, and adds the checks to more places
- in order to allow us to catch GC bugs much closer to the
- point of failure.
+ Reviewed by Oliver Hunt and Phil Pizlo.
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::visitChildren):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedSpace.cpp:
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildren):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::visitChildren):
- (JSC::ProgramExecutable::visitChildren):
- (JSC::FunctionExecutable::visitChildren):
- * runtime/Executable.h:
- * runtime/GetterSetter.cpp:
- (JSC::GetterSetter::visitChildren):
- * runtime/GetterSetter.h:
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildren):
- * runtime/JSCell.cpp:
- (JSC::slowValidateCell):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::unvalidatedStructure):
- (JSC::JSCell::JSCell::JSCell):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::visitChildren):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::visitChildren):
- (JSC::slowValidateCell):
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::visitChildren):
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::visitChildren):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::visitChildren):
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyMapEntry::PropertyMapEntry):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::visitChildren):
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::visitChildren):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::visitChildren):
- * runtime/Structure.h:
- (JSC::JSCell::classInfo):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::visitChildren):
- * runtime/StructureChain.h:
- * runtime/WriteBarrier.h:
- (JSC::validateCell):
- (JSC::JSCell):
- (JSC::JSGlobalObject):
- (JSC::WriteBarrierBase::set):
- (JSC::WriteBarrierBase::setMayBeNull):
- (JSC::WriteBarrierBase::setEarlyValue):
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::operator->):
- (JSC::WriteBarrierBase::unvalidatedGet):
- (JSC::WriteBarrier::WriteBarrier):
- * wtf/Assertions.h:
+ This enables MarkedBlock to own non-trivial sub-objects that require
+ destruction. It also fixes a FIXME about casting a CopiedBlock to a
+ MarkedBlock at destroy time.
-2011-05-13 Oliver Hunt <oliver@apple.com>
+ CopiedBlock and MarkedBlock now accept an allocation chunk at create
+ time and return it at destroy time. Their client is expected to
+ allocate, recycle, and destroy these chunks.
- Reviewed by Geoffrey Garen.
+ * heap/BlockAllocator.cpp:
+ (JSC::BlockAllocator::releaseFreeBlocks):
+ (JSC::BlockAllocator::blockFreeingThreadMain): Don't call MarkedBlock::destroy
+ because we expect that to be called before a block is put on our free
+ list now. Do manually deallocate our allocation chunk because that's
+ our job now.
- Make GC validation more aggressive
- https://bugs.webkit.org/show_bug.cgi?id=60802
+ * heap/BlockAllocator.h:
+ (BlockAllocator):
+ (JSC::BlockAllocator::allocate): Allocate never fails now. This is a
+ cleaner abstraction because only one object does all the VM allocation
+ and deallocation. Caching is an implementation detail.
- This patch makes the checks performed under GC_VALIDATION
- much more aggressive, and adds the checks to more places
- in order to allow us to catch GC bugs much closer to the
- point of failure.
+ (JSC::BlockAllocator::deallocate): We take an allocation chunk argument
+ instead of a block because we now expect the block to have been destroyed
+ before we recycle its memory. For convenience, we still use the HeapBlock
+ class as our linked list node. This is OK because HeapBlock is a POD type.
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::visitChildren):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedSpace.cpp:
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildren):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::visitChildren):
- (JSC::ProgramExecutable::visitChildren):
- (JSC::FunctionExecutable::visitChildren):
- * runtime/Executable.h:
- * runtime/GetterSetter.cpp:
- (JSC::GetterSetter::visitChildren):
- * runtime/GetterSetter.h:
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildren):
- * runtime/JSCell.cpp:
- (JSC::slowValidateCell):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::unvalidatedStructure):
- (JSC::JSCell::JSCell::JSCell):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::visitChildren):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::visitChildren):
- (JSC::slowValidateCell):
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::visitChildren):
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::visitChildren):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::visitChildren):
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyMapEntry::PropertyMapEntry):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::visitChildren):
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::visitChildren):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::visitChildren):
- * runtime/Structure.h:
- (JSC::JSCell::classInfo):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::visitChildren):
- * runtime/StructureChain.h:
- * runtime/WriteBarrier.h:
- (JSC::validateCell):
- (JSC::JSCell):
- (JSC::JSGlobalObject):
- (JSC::WriteBarrierBase::set):
- (JSC::WriteBarrierBase::setMayBeNull):
- (JSC::WriteBarrierBase::setEarlyValue):
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::operator->):
- (JSC::WriteBarrierBase::unvalidatedGet):
- (JSC::WriteBarrier::WriteBarrier):
- * wtf/Assertions.h:
+ * heap/CopiedBlock.h:
+ (CopiedBlock):
+ (JSC::CopiedBlock::create):
+ (JSC::CopiedBlock::destroy):
+ (JSC::CopiedBlock::CopiedBlock): Added proper create and destroy functions,
+ to match MarkedBlock.
-2011-05-14 Csaba Osztrogonác <ossy@webkit.org>
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::tryAllocateOversize):
+ (JSC::CopiedSpace::tryReallocateOversize):
+ (JSC::CopiedSpace::doneCopying):
+ (JSC::CopiedSpace::getFreshBlock):
+ (JSC::CopiedSpace::freeAllBlocks):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::recycleBlock): Make sure to call destroy before
+ returning a block to the BlockAllocator. Otherwise, our destructors
+ won't run. (If we get this wrong now, we'll get a compile error.)
- Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
+ * heap/HeapBlock.h:
+ (JSC::HeapBlock::HeapBlock): const!
- Make GC validation more aggressive
- https://bugs.webkit.org/show_bug.cgi?id=60802
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::allocateBlock): No need to distinguish between
+ create and recycle -- MarkedBlock always accepts memory allocated by
+ its client now.
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedSpace.cpp:
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildren):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::visitChildren):
- (JSC::ProgramExecutable::visitChildren):
- (JSC::FunctionExecutable::visitChildren):
- * runtime/Executable.h:
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::createStructure):
- * runtime/GetterSetter.cpp:
- (JSC::GetterSetter::visitChildren):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::createStructure):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildren):
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::JSCell):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::visitChildren):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSONObject.h:
- (JSC::JSONObject::createStructure):
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::visitChildren):
- * runtime/JSString.h:
- (JSC::RopeBuilder::createStructure):
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::visitChildren):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::visitChildren):
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyMapEntry::PropertyMapEntry):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::visitChildren):
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::visitChildren):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::visitChildren):
- * runtime/Structure.h:
- (JSC::Structure::createStructure):
- (JSC::JSCell::classInfo):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::visitChildren):
- * runtime/StructureChain.h:
- * runtime/WriteBarrier.h:
- (JSC::WriteBarrierBase::set):
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::operator->):
- (JSC::WriteBarrier::WriteBarrier):
- * wtf/Assertions.h:
-
-2011-05-13 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
+ (JSC::MarkedBlock::create): Don't allocate memory -- we assume that we're
+ passed already-allocated memory, to clarify the responsibility for VM
+ recycling.
- Make GC validation more aggressive
- https://bugs.webkit.org/show_bug.cgi?id=60802
+ (JSC::MarkedBlock::destroy): Do run our destructor before giving back
+ our VM -- that is the whole point of this patch.
- This patch makes the checks performed under GC_VALIDATION
- much more aggressive, and adds the checks to more places
- in order to allow us to catch GC bugs much closer to the
- point of failure.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::visitChildren):
- * heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
- * heap/MarkedSpace.cpp:
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildren):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::visitChildren):
- (JSC::ProgramExecutable::visitChildren):
- (JSC::FunctionExecutable::visitChildren):
- * runtime/Executable.h:
- * runtime/GetterSetter.cpp:
- (JSC::GetterSetter::visitChildren):
- * runtime/GetterSetter.h:
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildren):
- * runtime/JSCell.cpp:
- (JSC::slowValidateCell):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::unvalidatedStructure):
- (JSC::JSCell::JSCell::JSCell):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::visitChildren):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::visitChildren):
- (JSC::slowValidateCell):
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::visitChildren):
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::visitChildren):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::visitChildren):
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyMapEntry::PropertyMapEntry):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::visitChildren):
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::visitChildren):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::visitChildren):
- * runtime/Structure.h:
- (JSC::JSCell::classInfo):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::visitChildren):
- * runtime/StructureChain.h:
- * runtime/WriteBarrier.h:
- (JSC::validateCell):
- (JSC::JSCell):
- (JSC::JSGlobalObject):
- (JSC::WriteBarrierBase::set):
- (JSC::WriteBarrierBase::setMayBeNull):
- (JSC::WriteBarrierBase::setEarlyValue):
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::operator->):
- (JSC::WriteBarrierBase::unvalidatedGet):
- (JSC::WriteBarrier::WriteBarrier):
- * wtf/Assertions.h:
-
-2011-05-01 Holger Hans Peter Freyther <holger@moiji-mobile.com>
-
- Reviewed by Steve Block.
-
- [android] OS(ANDROID) does not imply PLATFORM(ANDROID)
- https://bugs.webkit.org/show_bug.cgi?id=59888
-
- It is possible to build QtWebKit and others for OS(ANDROID). Let
- the buildsystem decide which platform is to be build.
-
- * wtf/Platform.h:
-
-2011-05-12 Maciej Stachowiak <mjs@apple.com>
-
- Reviewed by Darin Adler.
-
- XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
- https://bugs.webkit.org/show_bug.cgi?id=59394
-
- This portion of the change introduces a PassTraits template, which
- is used to enable takeFirst() to work for a Deque holding OwnPtrs,
- and optimize it for a Deque holding RefPtrs. In the future it can
- be deployed elsewhere to make our data structures work better with
- our smart pointers.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- * wtf/Deque.h:
- (WTF::::takeFirst):
- * wtf/PassTraits.h: Added.
- (WTF::PassTraits::transfer):
-
-2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Not reviewed.
-
- Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Not reviewed.
-
- String operator+ reallocates unnecessarily when concatting > 2 strings
- https://bugs.webkit.org/show_bug.cgi?id=58420
-
- Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Reviewed by Darin Adler.
-
- String operator+ reallocates unnecessarily when concatting > 2 strings
- https://bugs.webkit.org/show_bug.cgi?id=58420
-
- Provide a faster String append operator.
- Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
- object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
- N strings using operator+, this leads to N-1 reallocations.
-
- Replace this with a flexible operator+ implementation, that avoids these reallocations.
- When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
- a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
- creation of the final string, until operator String() is invoked.
-
- template<typename T>
- StringAppend<String, T> operator+(const String& string1, T string2)
- {
- return StringAppend<String, T>(string1, string2);
- }
-
- template<typename U, typename V, typename W>
- StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
- {
- return StringAppend<U, StringAppend<V, W> >(string1, string2);
- }
-
- When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
- first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
- Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
- a StringAppend<String, StringAppend<String, String> > object.
- Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
- final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
- against too big string allocations, etc.
-
- Note that the second template, defines a recursive way to concat an arbitary number of strings
- into a single String with just one allocation.
-
- * GNUmakefile.list.am: Add StringOperators.h to build.
- * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
- * JavaScriptCore.gypi: Add StringOperators.h to build.
- * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
- * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
- * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
- * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
- * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
- (WTF::StringAppend::StringAppend):
- (WTF::StringAppend::operator String):
- (WTF::StringAppend::operator AtomicString):
- (WTF::StringAppend::writeTo):
- (WTF::StringAppend::length):
- (WTF::operator+):
- * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append().
- (WTF::emptyString): Add new shared empty string free function.
- * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
-
-2011-05-12 Philippe Normand <pnormand@igalia.com>
-
- Unreviewed, GTK build fix.
-
- * wtf/Platform.h:
-
-2011-05-12 Keith Kyzivat <keith.kyzivat@nokia.com>
-
- Reviewed by Csaba Osztrogonác.
-
- [Qt] Arm debug build failing on ARMAssembler::debugOffset()
- https://bugs.webkit.org/show_bug.cgi?id=60688
-
- Related to svn rev 85523
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::debugOffset):
-
-2011-05-11 Igor Oliveira <igor.oliveira@openbossa.org>
-
- Reviewed by Eric Seidel.
-
- WebKit does not build with GCCE
- https://bugs.webkit.org/show_bug.cgi?id=60667
-
- Allow compile WebKit with GCCE
-
- * wtf/Alignment.h:
- * wtf/Platform.h:
-
-2011-05-11 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Enable strict PassOwnPtr on Mac
- https://bugs.webkit.org/show_bug.cgi?id=60684
-
- This should build cleanly now.
-
- * wtf/PassOwnPtr.h:
-
-2011-05-11 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Darin Adler.
-
- Protect JSC from WebCore executing JS during JS wrapper finalization
- https://bugs.webkit.org/show_bug.cgi?id=60672
- <rdar://problem/9350997>
-
- Detect when we're trying to execute JS during GC and prevent the
- execution from happening. We also assert that this isn't happening
- as it implies incorrect behaviour of an object's destructor.
-
- * JavaScriptCore.exp:
- * heap/Heap.cpp:
- * heap/Heap.h:
- (JSC::Heap::isBusy):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::isCollectorBusy):
-
-2011-05-11 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Enable gc mark validation in temporarily in release builds
- https://bugs.webkit.org/show_bug.cgi?id=60678
-
- Make it easier to turn the gc mark validation on and off, and
- temporarily turn it on for all builds.
-
- * heap/MarkStack.cpp:
- * heap/MarkStack.h:
- (JSC::MarkStack::append):
- (JSC::MarkStack::internalAppend):
- * runtime/WriteBarrier.h:
- (JSC::MarkStack::appendValues):
- * wtf/Platform.h:
-
-2011-05-11 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
-
- SunSpider reports no change.
-
- This bug was caused by changing Structure and Executable to being GC
- objects, and by a long-standing bug that would thrash the global object
- between dictionary and non-dictionary states.
-
- * runtime/BatchedTransitionOptimizer.h:
- (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
- eagerly transition to dictionary -- this can cause pathological dictionary
- churn, and it's not necessary, since objects know how to automatically
- transition to dictionary when necessary.
-
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
- extra cost from compilation, because it can be quite high. This is especially
- important for program code, since DOM timers can repeatedly allocate
- program code without allocating any other objects.
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::removeDirect): Don't transition to the uncacheable state
- if the thing we're trying to remove doesn't exist. This can happen during
- compilation, since the compiler needs to ensure that no pre-existing
- conflicting definitions exist for certain declarations.
-
-2011-05-11 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make mark stack validation functions do something useful in a release build
- https://bugs.webkit.org/show_bug.cgi?id=60645
-
- Turn ASSERTs into actual if(...) CRASH(); statements.
-
- * heap/MarkStack.cpp:
- (JSC::MarkStack::validateValue):
-
-2011-05-11 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Martin Robinson.
-
- Fix copy&paste error in comment.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator): the value is stored in
- regT2, not regT1.
-
-2011-05-11 Adam Roben <aroben@apple.com>
-
- WinCE build fixes for strict PassOwnPtr
-
- * wtf/unicode/CollatorDefault.cpp:
- (WTF::Collator::userDefault): Use adoptPtr.
-
-2011-05-11 Holger Hans Peter Freyther <holger@moiji-mobile.com>
-
- Unreviewed build fix.
-
- [MIPS] Fix compilation of the MIPS JIT
-
- Include the MIPSAssembler.h first to indirectly include
- AssemblerBuffer.h before the AbstractMacroAssembler.h. This
- order is used for the ARM and X86 MacroAssembler*.h
-
- * assembler/MacroAssemblerMIPS.h:
-
-2011-05-11 Adam Roben <aroben@apple.com>
-
- Turn on strict PassOwnPtr on Windows
-
- Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled
-
- Reviewed by Adam Barth.
-
- * wtf/PassOwnPtr.h:
-
-2011-05-10 Stephanie Lewis <slewis@apple.com>
-
- Unreviewed.
-
- Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130
-
- * Configurations/JavaScriptCore.xcconfig:
-
-2011-05-10 Adam Barth <abarth@webkit.org>
-
- Reviewed by David Levin.
-
- Enable strict PassOwnPtr on Chromium
- https://bugs.webkit.org/show_bug.cgi?id=60502
-
- Other platforms to follow.
-
- * wtf/PassOwnPtr.h:
-
-2011-05-10 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
- https://bugs.webkit.org/show_bug.cgi?id=60532
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.xcodeproj/project.pbxproj: Build!
-
- * heap/Handle.h: Moved HandleTypes to its own header because that's the
- WebKit style, and it was necessary to resolve a circular dependency
- between Handle.h and WriteBarrier.h.
-
- * heap/Heap.h:
- (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
- verify that all the code is in the right place.
-
- * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
- resolve a circular dependency.
-
- * runtime/ArgList.h:
- * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
- free anymore.
-
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
- function, now that it exists.
-
- * runtime/SmallStrings.h: Removed a stray #include to resolve a circular
- dependency.
-
- * runtime/WriteBarrier.h:
- (JSC::WriteBarrierBase::set):
- (JSC::MarkStack::append):
- (JSC::MarkStack::appendValues): Updated to match the changes above.
-
-2011-05-10 Oliver Hunt <oliver@apple.com>
-
- Build fix.
-
- * heap/MarkStack.cpp:
- (JSC::MarkStack::validateValue):
-
-2011-05-10 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Add some aggressive GC validation to debug builds.
- https://bugs.webkit.org/show_bug.cgi?id=60601
-
- When assertions are enabled we now do some validity checking
- of objects being added to the mark stack.
-
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
- (JSC::PolymorphicAccessStructureList::visitAggregate):
- * heap/MarkStack.cpp:
- (JSC::MarkStack::validateSet):
- (JSC::MarkStack::validateValue):
- * heap/MarkStack.h:
- (JSC::MarkStack::appendValues):
- (JSC::MarkStack::append):
- (JSC::MarkStack::internalAppend):
-
-2011-05-09 Darin Adler <darin@apple.com>
-
- Reviewed by Oliver Hunt.
-
- http://bugs.webkit.org/show_bug.cgi?id=60509
- Wrong type used for return value from strlen
-
- * wtf/FastMalloc.cpp:
- (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
- fastMalloc won't return if it fails.
-
-2011-05-09 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- CSP should block Function constructor
- https://bugs.webkit.org/show_bug.cgi?id=60240
-
- When eval is disabled, we need to block the use of the function
- constructor. However, the WebCore JSC bindings call the function
- constructor directly to create inline event listeners. To support that
- use, this patch adds an entrypoint that bypasses the check for whether
- eval is enabled.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/FunctionConstructor.cpp:
- (JSC::constructFunction):
- (JSC::constructFunctionSkippingEvalEnabledCheck):
- * runtime/FunctionConstructor.h:
-
-2011-05-09 Adam Roben <aroben@apple.com>
-
- Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes
-
- Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
- WebKit1 IDL file changes to avoid build errors
-
- Reviewed by Tim Hatcher.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
- Updated for script rename.
-
- * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
- * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
- from react-to-vsprops-changes.py.
- (top level): Moved a constant here from main.
- (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
- react_to_webkit1_interface_changes function.
- (react_to_vsprops_changes): Moved code here from main. Updated to use the
- TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
- and touch_if_older_than.
- (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
- file has changed.
- (mtime_of_newest_file_matching_glob): Added. Code came from main.
- (touch_if_older_than): Added. Code came from main.
-
-2011-05-08 Jessie Berlin <jberlin@apple.com>
-
- Reviewed by Dan Bernstein.
-
- Make JSRetainPtr work with JSGlobalContextRefs.
- https://bugs.webkit.org/show_bug.cgi?id=60452
-
- Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.
-
- * API/JSRetainPtr.h:
- (JSRetain):
- (JSRelease):
-
-2011-05-07 Dawit Alemayehu <adawit@kde.org>
-
- Reviewed by Daniel Bates.
-
- Fix compile with GCC 4.6.0
- https://bugs.webkit.org/show_bug.cgi?id=60380
-
- Remove unused local variable from code.
-
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
-
-2011-05-06 Alexis Menard <alexis.menard@openbossa.org>
-
- Unreviewed build fix with gcc 4.6.0 on linux and c++0x support.
-
- std::tr1::has_trivial_constructor is in <tr1/memory>.
-
- * wtf/TypeTraits.h:
-
-2011-05-05 Jay Civelli <jcivelli@chromium.org>
-
- Reviewed by Adam Barth.
-
- Added convenience methods to convert from a byte to hex ASCII digit
- characters and vice-versa.
- https://bugs.webkit.org/show_bug.cgi?id=59834
-
- * wtf/ASCIICType.h:
- (WTF::toASCIIHexValue):
- (WTF::lowerNibbleToASCIIHexDigit):
- (WTF::upperNibbleToASCIIHexDigit):
-
-2011-05-05 Alexis Menard <alexis.menard@openbossa.org>
-
- Reviewed by Benjamin Poulain.
-
- [Qt] Make QtWebKit build when using gcc 4.6.0
- https://bugs.webkit.org/show_bug.cgi?id=60265
-
- If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate
- the c++0x support because it works.
-
- * JavaScriptCore.pro:
-
-2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
-
- Reviewed by Geoffrey Garen.
-
- Port MachineStackMarker.cpp to Windows x64
- https://bugs.webkit.org/show_bug.cgi?id=60216
-
- * heap/MachineStackMarker.cpp:
- (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also
- on 64-bit Windows.
- (JSC::otherThreadStackPointer): return the Rsp register on Windows x64.
-
-2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
-
- Reviewed by Martin Robinson.
-
- Link libjavascriptcoregtk on Windows with winmm.dll
- https://bugs.webkit.org/show_bug.cgi?id=60215
-
- * GNUmakefile.am:
-
-2011-05-04 Tao Bai <michaelbai@chromium.org>
-
- Reviewed by David Kilzer.
-
- Populate touch-icon url to FrameLoaderClient
- https://bugs.webkit.org/show_bug.cgi?id=59143
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-05-03 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
- code that accidentally survived the conversion to a switch statement,
- causing a lot of important code not to run most of the time.
-
- Since this is not a trivial finger-picking mistake, I will not call it a
- typo.
-
-2011-05-04 Adam Roben <aroben@apple.com>
-
- Another attempted build fix
-
- * wtf/OwnPtr.h:
- (WTF::OwnPtr::operator==):
- (WTF::OwnPtr::operator!=):
- * wtf/PassOwnPtr.h:
- (WTF::PassOwnPtr::operator==):
- (WTF::PassOwnPtr::operator!=):
- Added a return statement. And made a tweak based on a suggestion from Anders Carlsson.
-
-2011-05-04 Adam Roben <aroben@apple.com>
-
- Try to fix Leopard, Qt, and probably others
-
- * wtf/OwnPtr.h:
- (WTF::OwnPtr::operator==):
- (WTF::OwnPtr::operator!=):
- * wtf/PassOwnPtr.h:
- (WTF::PassOwnPtr::operator==):
- (WTF::PassOwnPtr::operator!=):
- Try to get the compiler not to instantiate these function templates unnecessarily.
-
-2011-05-03 Adam Roben <aroben@apple.com>
-
- Disallow equality comparisons between [Pass]OwnPtrs
-
- If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something
- really sneaky, in which case you should stop!)
-
- Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error
-
- Reviewed by Anders Carlsson and Antti Koivisto.
-
- * wtf/OwnPtr.h:
- (WTF::OwnPtr::operator==):
- (WTF::OwnPtr::operator!=):
- * wtf/PassOwnPtr.h:
- (WTF::PassOwnPtr::operator==):
- (WTF::PassOwnPtr::operator!=):
- Added private equality operators that fail to compile when used. (When not used, the
- compiler will skip over them because they are function templates.)
-
-2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
-
- Reviewed by Gavin Barraclough.
-
- JITArithmetic.cpp produces a warning on a unused variable.
- https://bugs.webkit.org/show_bug.cgi?id=60060
-
- Just properly use what we already have converted.
-
- * jit/JITArithmetic.cpp:
- (JSC::JIT::emitSlow_op_add):
- (JSC::JIT::emitSlow_op_mul):
-
-2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
-
- Reviewed by Geoffrey Garen.
-
- JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0.
- https://bugs.webkit.org/show_bug.cgi?id=60050
-
- This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable
- in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated
- as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED
- which copy the idea of ASSERT_UNUSED.
-
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::emit_op_put_by_id):
- * wtf/Assertions.h:
- (assertWithMessageUnused):
-
-2011-04-29 Jer Noble <jer.noble@apple.com>
-
- Reviewed by Eric Seidel.
-
- Implement FULLSCREEN_API on Windows, Part 4: Enable it
- https://bugs.webkit.org/show_bug.cgi?id=59798
-
- * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win.
-
-2011-05-03 Alexis Menard <alexis.menard@openbossa.org>
-
- Reviewed by Eric Seidel.
-
- Unused but set variable warning in MacroAssemberX86_64
- https://bugs.webkit.org/show_bug.cgi?id=59482
-
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::call):
- (JSC::MacroAssemblerX86_64::tailRecursiveCall):
- (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
-
-2011-05-03 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make malloc validation useful
- https://bugs.webkit.org/show_bug.cgi?id=57502
-
- Reland this patch (rolled out in 82905) without
- turning it on by default.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/FastMalloc.cpp:
- (WTF::tryFastMalloc):
- (WTF::fastMalloc):
- (WTF::tryFastCalloc):
- (WTF::fastCalloc):
- (WTF::fastFree):
- (WTF::tryFastRealloc):
- (WTF::fastRealloc):
- (WTF::fastMallocSize):
- (WTF::TCMalloc_PageHeap::isScavengerSuspended):
- (WTF::TCMalloc_PageHeap::scheduleScavenger):
- (WTF::TCMalloc_PageHeap::suspendScavenger):
- (WTF::TCMalloc_PageHeap::signalScavenger):
- (WTF::TCMallocStats::malloc):
- (WTF::TCMallocStats::free):
- (WTF::TCMallocStats::fastCalloc):
- (WTF::TCMallocStats::tryFastCalloc):
- (WTF::TCMallocStats::calloc):
- (WTF::TCMallocStats::fastRealloc):
- (WTF::TCMallocStats::tryFastRealloc):
- (WTF::TCMallocStats::realloc):
- (WTF::TCMallocStats::fastMallocSize):
- * wtf/FastMalloc.h:
- (WTF::Internal::fastMallocValidationHeader):
- (WTF::Internal::fastMallocValidationSuffix):
- (WTF::Internal::fastMallocMatchValidationType):
- (WTF::Internal::setFastMallocMatchValidationType):
- (WTF::fastMallocMatchValidateFree):
- (WTF::fastMallocValidate):
-
-2011-05-03 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Anders Carlsson.
-
- Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield
- https://bugs.webkit.org/show_bug.cgi?id=59261
-
- Use unary '+' to force proper type detection in template arguments
- with GCC 4.6.0. See bug report for more details.
-
- * runtime/Structure.cpp:
- (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection.
- (JSC::StructureTransitionTable::add): ditto.
- * runtime/Structure.h:
- (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto.
-
-2011-05-03 Jessie Berlin <jberlin@apple.com>
-
- Rubber-stamped by Adam Roben.
-
- Revert r85550 and r85575.
-
- Variables cannot be exported via the .def file. Instead, they should be annotated with
- JS_EXPORTDATA.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/Structure.cpp:
- (JSC::Structure::materializePropertyMap):
- * runtime/Structure.h:
- (JSC::Structure::typeInfo):
- (JSC::Structure::previousID):
- (JSC::Structure::propertyStorageCapacity):
- (JSC::Structure::propertyStorageSize):
- (JSC::Structure::get):
- (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-05-02 Adam Roben <aroben@apple.com>
-
- Allow implicit conversion from nullptr_t to PassOwnPtr
-
- This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in
- strict PassOwnPtr mode.
-
- Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr
- doesn't work, but should
-
- Reviewed by Adam Barth.
-
- * wtf/PassOwnPtr.h:
- (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t.
-
- * wtf/MessageQueue.h:
- (WTF::::waitForMessageFilteredWithTimeout):
- (WTF::::tryGetMessage):
- Use the new implicit conversion.
-
-2011-05-02 Jessie Berlin <jberlin@apple.com>
-
- Rubber-stamped by Oliver Hunt.
-
- Remove an assertion that Windows was hitting on launch.
-
- * runtime/Structure.cpp:
- (JSC::Structure::materializePropertyMap):
- * runtime/Structure.h:
- (JSC::Structure::typeInfo):
- (JSC::Structure::previousID):
- (JSC::Structure::propertyStorageCapacity):
- (JSC::Structure::propertyStorageSize):
- (JSC::Structure::get):
- (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-05-02 Mark Rowe <mrowe@apple.com>
-
- Reviewed by Geoff Garen.
-
- <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2
-
- * Configurations/CompilerVersion.xcconfig:
-
-2011-05-02 Gavin Barraclough <barraclough@apple.com>
-
- ARMv7 build fix.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::Jump::link):
- (JSC::AbstractMacroAssembler::Jump::linkTo):
-
-2011-05-02 Oliver Hunt <oliver@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-02 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- crash in JSC::RegExp::match
- https://bugs.webkit.org/show_bug.cgi?id=58922
-
- Cleared chained backtrack data label when linking label even if that
- label doesn't chain itself. This is needed so that subsequent
- backtrack data labels point to the next outer paren and not within
- the current paren.
-
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
-
-2011-05-02 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Tiny bit of heap cleanup.
-
* heap/MarkedBlock.h:
- (JSC::MarkedBlock::contains): Tightened up an assertion and a comment.
-
- * heap/MarkedSpace.h:
- (JSC::MarkedSpace::globalData):
- (JSC::MarkedSpace::highWaterMark):
- (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class
- definition, for better clarity.
-
-2011-05-02 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Correct marking of interpreter data in mixed mode builds
- https://bugs.webkit.org/show_bug.cgi?id=59962
-
- We had a few places in mixed mode builds where we would not
- track data used by the interpreter for marking. This patch
- corrects the problem and adds a number of assertions to catch
- live Structures being collected.
-
- * JavaScriptCore.exp:
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addPropertyAccessInstruction):
- (JSC::CodeBlock::addGlobalResolveInstruction):
- (JSC::CodeBlock::addStructureStubInfo):
- (JSC::CodeBlock::addGlobalResolveInfo):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitPutById):
- (JSC::BytecodeGenerator::emitDirectPutById):
- * runtime/Structure.cpp:
- (JSC::Structure::materializePropertyMap):
- * runtime/Structure.h:
- (JSC::Structure::typeInfo):
- (JSC::Structure::previousID):
- (JSC::Structure::propertyStorageCapacity):
- (JSC::Structure::propertyStorageSize):
- (JSC::Structure::get):
- (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-05-02 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Alexey Proskuryakov.
-
- Use native NullPtr when using GCC 4.6.0 and C++0x
- https://bugs.webkit.org/show_bug.cgi?id=59252
-
- GCC 4.6.0 has nullptr support, use it when possible.
-
- * wtf/NullPtr.cpp: include config.h to pull in Platform.h before
- NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition.
- * wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to
- use native nullptr.
-
-2011-05-02 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=59950
- Clean up AssemblerBuffer to use a Vector internally.
-
- AssemblerBuffer handles reallocing a byte array itself - stop that.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::executableCopy):
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerLabel::AssemblerLabel):
- (JSC::AssemblerLabel::labelAtOffset):
- (JSC::AssemblerBuffer::AssemblerBuffer):
- (JSC::AssemblerBuffer::~AssemblerBuffer):
- (JSC::AssemblerBuffer::isAvailable):
- (JSC::AssemblerBuffer::ensureSpace):
- (JSC::AssemblerBuffer::isAligned):
- (JSC::AssemblerBuffer::putIntegral):
- (JSC::AssemblerBuffer::putIntegralUnchecked):
- (JSC::AssemblerBuffer::putByteUnchecked):
- (JSC::AssemblerBuffer::putByte):
- (JSC::AssemblerBuffer::putShortUnchecked):
- (JSC::AssemblerBuffer::putShort):
- (JSC::AssemblerBuffer::putIntUnchecked):
- (JSC::AssemblerBuffer::putInt):
- (JSC::AssemblerBuffer::putInt64Unchecked):
- (JSC::AssemblerBuffer::putInt64):
- (JSC::AssemblerBuffer::codeSize):
- (JSC::AssemblerBuffer::label):
- (JSC::AssemblerBuffer::executableCopy):
- (JSC::AssemblerBuffer::rewindToLabel):
- (JSC::AssemblerBuffer::debugOffset):
- (JSC::AssemblerBuffer::append):
- (JSC::AssemblerBuffer::grow):
- * assembler/AssemblerBufferWithConstantPool.h:
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::linkCall):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
-
-2011-05-02 Jeff Miller <jeffm@apple.com>
-
- Reviewed by Alexy Proskuryakov.
-
- Avoid potential buffer overflow in WTFLog() and WTFLogVerbose()
- https://bugs.webkit.org/show_bug.cgi?id=59949
-
- * wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose().
-
-2011-05-02 Adam Barth <abarth@webkit.org>
-
- Reviewed by Alexey Proskuryakov.
-
- StringImpl::endsWith has some insane code
- https://bugs.webkit.org/show_bug.cgi?id=59900
-
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::endsWith):
- - m_data shadows a member variable of the same name.
-
-2011-05-02 Gabor Loki <loki@webkit.org>
-
- Buildfix for ARM after r85448
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::loadBranchTarget):
-
-2011-05-01 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Strict-mode only reserved words not reserved
- https://bugs.webkit.org/show_bug.cgi?id=55342
-
- Fix line number tracking when we rollback the lexer.
-
- * parser/JSParser.cpp:
- (JSC::JSParser::parseSourceElements):
-
-2011-05-01 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- ES5 Strict mode does not allow getter and setter for same propId
- https://bugs.webkit.org/show_bug.cgi?id=57295
-
- Simplify and correct the logic for strict mode object literals.
-
- * parser/JSParser.cpp:
- (JSC::JSParser::parseStrictObjectLiteral):
-
-2011-05-01 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Assigning to function identifier under strict should throw
- https://bugs.webkit.org/show_bug.cgi?id=59289
-
- Add logic to StaticScopeObject to ensure we don't silently consume
- writes to constant properties.
-
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::put):
-
-2011-05-01 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=59903
- Use AssemblerLabel throughout Assembler classes, AssemblerBuffer
-
- Creating a lable() into the AssemblerBuffer should return an AssemblerLabel,
- not an unsigned int.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::executableCopy):
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::blx):
- (JSC::ARMAssembler::label):
- (JSC::ARMAssembler::loadBranchTarget):
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::b):
- (JSC::ARMv7Assembler::blx):
- (JSC::ARMv7Assembler::bx):
- (JSC::ARMv7Assembler::label):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::label):
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::label):
- * assembler/AssemblerBufferWithConstantPool.h:
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::label):
- (JSC::MIPSAssembler::relocateJumps):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::loadConstant):
- (JSC::SH4Assembler::loadConstantUnReusable):
- (JSC::SH4Assembler::call):
- (JSC::SH4Assembler::jmp):
- (JSC::SH4Assembler::jne):
- (JSC::SH4Assembler::je):
- (JSC::SH4Assembler::label):
- (JSC::SH4Assembler::oneShortOp):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::call):
- (JSC::X86Assembler::jmp_r):
- (JSC::X86Assembler::label):
- (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
- (JSC::X86Assembler::X86InstructionFormatter::label):
-
-2011-05-01 Adam Barth <abarth@webkit.org>
-
- Reviewed by David Levin.
-
- Enable strict mode for OwnPtr and PassOwnPtr
- https://bugs.webkit.org/show_bug.cgi?id=59428
-
- * wtf/OwnPtr.h:
-
-2011-05-01 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Adam Barth.
-
- Enable strict OwnPtr for PLATFORM(WIN)
- https://bugs.webkit.org/show_bug.cgi?id=59881
-
- * wtf/OwnPtr.h:
-
-2011-05-01 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- https://bugs.webkit.org/show_bug.cgi?id=59896
- Remove JmpSrc/JmpDst types.
-
- The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these
- object be per-assembler in unhelpful, causes unnecessary code duplication,
- and prevents the AssemblerBuffer from providing a richer type for labels.
- The limited semantic meaning that they did convey is undermined by the manner
- in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst
- for data labels).
-
- Jumps on ARMv7 have had additional information added to the object via the
- ARMv7 JmpSrc. This data should probably be in the instruction stream. This
- patch does not fix the problem, and moves the data (ifdefed) to
- AbstractMacroAssembler::Jump (which is effectively where it was before!).
- This at least closes the hole such that no further data may be added to JmpSrc,
- but this is unfortunate, and should be cleaned up.
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::blx):
- (JSC::ARMAssembler::label):
- (JSC::ARMAssembler::align):
- (JSC::ARMAssembler::loadBranchTarget):
- (JSC::ARMAssembler::jmp):
- (JSC::ARMAssembler::linkPointer):
- (JSC::ARMAssembler::linkJump):
- (JSC::ARMAssembler::linkCall):
- (JSC::ARMAssembler::getRelocatedAddress):
- (JSC::ARMAssembler::getDifferenceBetweenLabels):
- (JSC::ARMAssembler::getCallReturnOffset):
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::b):
- (JSC::ARMv7Assembler::blx):
- (JSC::ARMv7Assembler::bx):
- (JSC::ARMv7Assembler::label):
- (JSC::ARMv7Assembler::align):
- (JSC::ARMv7Assembler::getRelocatedAddress):
- (JSC::ARMv7Assembler::getDifferenceBetweenLabels):
- (JSC::ARMv7Assembler::getCallReturnOffset):
- (JSC::ARMv7Assembler::linkJump):
- (JSC::ARMv7Assembler::linkCall):
- (JSC::ARMv7Assembler::linkPointer):
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::Label::isSet):
- (JSC::AbstractMacroAssembler::Call::Call):
- (JSC::AbstractMacroAssembler::Jump::Jump):
- (JSC::AbstractMacroAssembler::Jump::link):
- (JSC::AbstractMacroAssembler::Jump::linkTo):
- (JSC::AbstractMacroAssembler::linkPointer):
- (JSC::AbstractMacroAssembler::getLinkerAddress):
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerLabel::AssemblerLabel):
- (JSC::AssemblerLabel::isSet):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::patch):
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::label):
- (JSC::MIPSAssembler::align):
- (JSC::MIPSAssembler::getRelocatedAddress):
- (JSC::MIPSAssembler::getDifferenceBetweenLabels):
- (JSC::MIPSAssembler::getCallReturnOffset):
- (JSC::MIPSAssembler::linkJump):
- (JSC::MIPSAssembler::linkCall):
- (JSC::MIPSAssembler::linkPointer):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::branchDouble):
- (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN):
- (JSC::MacroAssemblerARMv7::jump):
- (JSC::MacroAssemblerARMv7::nearCall):
- (JSC::MacroAssemblerARMv7::call):
- (JSC::MacroAssemblerARMv7::ret):
- (JSC::MacroAssemblerARMv7::tailRecursiveCall):
- (JSC::MacroAssemblerARMv7::makeBranch):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::nearCall):
- (JSC::MacroAssemblerMIPS::call):
- (JSC::MacroAssemblerMIPS::tailRecursiveCall):
- (JSC::MacroAssemblerMIPS::branchTrue):
- (JSC::MacroAssemblerMIPS::branchFalse):
- (JSC::MacroAssemblerMIPS::branchEqual):
- (JSC::MacroAssemblerMIPS::branchNotEqual):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::call):
- (JSC::SH4Assembler::jmp):
- (JSC::SH4Assembler::jne):
- (JSC::SH4Assembler::je):
- (JSC::SH4Assembler::label):
- (JSC::SH4Assembler::align):
- (JSC::SH4Assembler::linkJump):
- (JSC::SH4Assembler::linkCall):
- (JSC::SH4Assembler::linkPointer):
- (JSC::SH4Assembler::getCallReturnOffset):
- (JSC::SH4Assembler::getRelocatedAddress):
- (JSC::SH4Assembler::getDifferenceBetweenLabels):
- (JSC::SH4Assembler::patchPointer):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::call):
- (JSC::X86Assembler::jmp):
- (JSC::X86Assembler::jmp_r):
- (JSC::X86Assembler::jne):
- (JSC::X86Assembler::jnz):
- (JSC::X86Assembler::je):
- (JSC::X86Assembler::jz):
- (JSC::X86Assembler::jl):
- (JSC::X86Assembler::jb):
- (JSC::X86Assembler::jle):
- (JSC::X86Assembler::jbe):
- (JSC::X86Assembler::jge):
- (JSC::X86Assembler::jg):
- (JSC::X86Assembler::ja):
- (JSC::X86Assembler::jae):
- (JSC::X86Assembler::jo):
- (JSC::X86Assembler::jp):
- (JSC::X86Assembler::js):
- (JSC::X86Assembler::jCC):
- (JSC::X86Assembler::label):
- (JSC::X86Assembler::labelFor):
- (JSC::X86Assembler::align):
- (JSC::X86Assembler::linkJump):
- (JSC::X86Assembler::linkCall):
- (JSC::X86Assembler::linkPointer):
- (JSC::X86Assembler::getCallReturnOffset):
- (JSC::X86Assembler::getRelocatedAddress):
- (JSC::X86Assembler::getDifferenceBetweenLabels):
- (JSC::X86Assembler::rewindToLabel):
- (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
- (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompileMainPass):
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::atJumpTarget):
- (JSC::JIT::emitGetVirtualRegister):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_jmp):
- (JSC::JIT::emit_op_jfalse):
- (JSC::JIT::emit_op_jeq_null):
- (JSC::JIT::emit_op_jneq_null):
- (JSC::JIT::emit_op_jneq_ptr):
- (JSC::JIT::emit_op_jsr):
- (JSC::JIT::emit_op_jtrue):
- (JSC::JIT::emit_op_jmp_scopes):
-
-2011-05-01 Chao-ying Fu <fu@mips.com>
-
- Reviewed by Eric Seidel.
-
- Fix MIPS build due to the split of "Condition" enum
- https://bugs.webkit.org/show_bug.cgi?id=59407
-
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::debugOffset):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::branch32):
- (JSC::MacroAssemblerMIPS::compare32):
-
-2011-04-30 Adam Barth <abarth@webkit.org>
-
- Reviewed by Adam Barth.
-
- Enable strict OwnPtr for GTK
- https://bugs.webkit.org/show_bug.cgi?id=59861
-
- * wtf/OwnPtr.h:
-
-2011-04-30 Gavin Barraclough <barraclough@apple.com>
-
- ARMv7 build fix.
-
- * assembler/AssemblerBufferWithConstantPool.h:
-
-2011-04-30 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 59869 - AssemblerBuffer cleanup - disambiguate size()
-
- The method size() is called on the AssemblerBuffer both to acquire
- the complete size of the code, and to get a position to use as a
- label into the code. Instead, add an explicit 'label' method.
-
- * assembler/ARMAssembler.cpp:
- (JSC::ARMAssembler::executableCopy):
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::blx):
- (JSC::ARMAssembler::codeSize):
- (JSC::ARMAssembler::label):
- (JSC::ARMAssembler::loadBranchTarget):
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::b):
- (JSC::ARMv7Assembler::blx):
- (JSC::ARMv7Assembler::bx):
- (JSC::ARMv7Assembler::label):
- (JSC::ARMv7Assembler::codeSize):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize):
- (JSC::ARMv7Assembler::ARMInstructionFormatter::data):
- * assembler/AbstractMacroAssembler.h:
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::codeSize):
- (JSC::AssemblerBuffer::label):
- * assembler/AssemblerBufferWithConstantPool.h:
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::LinkBuffer):
- (JSC::LinkBuffer::linkCode):
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::newJmpSrc):
- (JSC::MIPSAssembler::appendJump):
- (JSC::MIPSAssembler::label):
- (JSC::MIPSAssembler::codeSize):
- (JSC::MIPSAssembler::relocateJumps):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::loadConstant):
- (JSC::SH4Assembler::loadConstantUnReusable):
- (JSC::SH4Assembler::call):
- (JSC::SH4Assembler::jmp):
- (JSC::SH4Assembler::jne):
- (JSC::SH4Assembler::je):
- (JSC::SH4Assembler::label):
- (JSC::SH4Assembler::executableCopy):
- (JSC::SH4Assembler::oneShortOp):
- (JSC::SH4Assembler::codeSize):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::call):
- (JSC::X86Assembler::jmp_r):
- (JSC::X86Assembler::codeSize):
- (JSC::X86Assembler::label):
- (JSC::X86Assembler::executableCopy):
- (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
- (JSC::X86Assembler::X86InstructionFormatter::codeSize):
- (JSC::X86Assembler::X86InstructionFormatter::label):
- (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::compile):
-
-2011-04-29 Adam Barth <abarth@webkit.org>
-
- Attempt to fix the Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-04-29 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- CSP script-src should block eval
- https://bugs.webkit.org/show_bug.cgi?id=59850
-
- ggaren recommend a different approach to this patch, essentially
- installing a new function for function-eval and changing the AST
- representation of operator-eval to call function-eval. However, I'm
- not sure that approach is workable because the ASTBuilder doesn't know
- about global objects, and there is added complication due to the cache.
-
- This approach is more dynamic, adding a branch in EvalExecutable to
- detect whether eval is current disabled in the lexical scope. The spec
- is slightly unclear about whether we should return undefined or throw
- an exception. I've asked Brandon to clarify the spec, but throwing an
- exception seems natural.
-
- * JavaScriptCore.exp:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::disableEval):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::JSGlobalObject):
- (JSC::JSGlobalObject::isEvalEnabled):
-
-2011-04-29 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=59847
- Remove linkOffset from LinkBuffer
-
- This is redundant since removal of recompilation for exception info.
-
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::LinkBuffer):
- (JSC::LinkBuffer::linkCode):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * jit/JIT.cpp:
- (JSC::JIT::JIT):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- (JSC::JIT::compile):
- (JSC::JIT::compileCTIMachineTrampolines):
- (JSC::JIT::compileCTINativeCall):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::finalize):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::compile):
-
-2011-04-29 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt & Geoff Garen.
-
- https://bugs.webkit.org/show_bug.cgi?id=59221
- [RegexFuzz] Regression blocking testing
-
- Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion
- node, emitDisjunction recursively calls to itself to emit the nested disjunction
- the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into
- account the uncheck that has just taken place).
-
- Also, the special handling given to countToCheck in the case of parenthetical
- assertions is nonsense, delete it, along with the isParentheticalAssertion argument.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::ByteCompiler::emitDisjunction):
-
-2011-04-29 Csaba Osztrogonác <ossy@webkit.org>
-
- Reviewed by Adam Barth.
-
- Enable strict OwnPtr for Qt
- https://bugs.webkit.org/show_bug.cgi?id=59667
-
- * wtf/OwnPtr.h:
-
-2011-04-29 Dean Jackson <dino@apple.com>
-
- Reviewed by Simon Fraser.
-
- Add ENABLE macro for WebKitAnimation
- https://bugs.webkit.org/show_bug.cgi?id=59729
-
- Add new feature to toggle WebKit Animation API.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-28 Sam Weinig <sam@webkit.org>
-
- Reviewed by Mark Rowe.
-
- Install testapi.js along side testapi
- https://bugs.webkit.org/show_bug.cgi?id=59773
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- Add new build phase to copy testapi.js to install path of testapi
- on install.
-
-2011-04-28 David Levin <levin@chromium.org>
-
- Reviewed by Adam Barth.
-
- Remove IMAGE_RESIZER related code.
- https://bugs.webkit.org/show_bug.cgi?id=59735
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-28 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=59763
- DFG JIT - Unify FPRReg & FPRegisterID
-
- (Following on from GPRReg/RegisterID unification).
-
- * dfg/DFGFPRInfo.h:
- (JSC::DFG::FPRInfo::toRegister):
- (JSC::DFG::FPRInfo::debugName):
- * dfg/DFGGPRInfo.h:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::checkConsistency):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::boxDouble):
- (JSC::DFG::JITCodeGenerator::unboxDouble):
- (JSC::DFG::JITCodeGenerator::flushRegisters):
- (JSC::DFG::JITCodeGenerator::isFlushed):
- (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
- (JSC::DFG::JITCodeGenerator::setupStubArguments):
- (JSC::DFG::JITCodeGenerator::callOperation):
- (JSC::DFG::GPRResult::lockedResult):
- (JSC::DFG::FPRResult::lockedResult):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::EntryLocation::EntryLocation):
- (JSC::DFG::NonSpeculativeJIT::valueToNumber):
- (JSC::DFG::NonSpeculativeJIT::valueToInt32):
- (JSC::DFG::NonSpeculativeJIT::numberToInt32):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
- (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
- (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
- * dfg/DFGRegisterBank.h:
- (JSC::DFG::RegisterBank::iterator::regID):
- (JSC::DFG::RegisterBank::iterator::debugName):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculationCheck::SpeculationCheck):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
-
-2011-04-28 David Kilzer <ddkilzer@apple.com>
-
- Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called"
-
- This reverts commit r85195. It was crashing DumpRenderTree on Lion.
-
- * wtf/mac/MainThreadMac.mm:
- (WTF::postTimer):
-
-2011-04-28 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Remove WML
- https://bugs.webkit.org/show_bug.cgi?id=59678
-
- Remove the WML configuration option from the Mac build system.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-28 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r85233 and r85235.
- http://trac.webkit.org/changeset/85233
- http://trac.webkit.org/changeset/85235
- https://bugs.webkit.org/show_bug.cgi?id=59754
-
- Causes issues with jsc. (Requested by dave_levin on #webkit).
-
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * jit/ExecutableAllocator.h:
- (JSC::ExecutablePool::ExecutablePool):
- * parser/SourceProvider.h:
- (JSC::SourceProvider::SourceProvider):
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp):
- * wtf/CMakeLists.txt:
- * wtf/RefCounted.h:
- (WTF::RefCountedBase::ref):
- (WTF::RefCountedBase::hasOneRef):
- (WTF::RefCountedBase::refCount):
- (WTF::RefCountedBase::derefBase):
- * wtf/SizeLimits.cpp:
- * wtf/ThreadRestrictionVerifier.h: Removed.
- * wtf/text/CString.h:
- (WTF::CStringBuffer::CStringBuffer):
-
-2011-04-28 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 59740 - DFG JIT - Unify GPRReg & RegisterID
-
- Currently we use a mix of enum values throughout the DFG JIT to represent
- gpr registers - the RegisterID provided by the MacroAssembler, and the
- GPRReg enum giving the sequential register set over which the RegisterBank
- allocates. Unify the two.
-
- Patch to unify FPRReg in a similar fashion will follow.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * dfg/DFGFPRInfo.h: Added.
- (JSC::DFG::next):
- (JSC::DFG::FPRBankInfo::toRegister):
- (JSC::DFG::FPRBankInfo::toIndex):
- * dfg/DFGGPRInfo.h: Added.
- (JSC::DFG::GPRInfo::toRegister):
- (JSC::DFG::GPRInfo::toIndex):
- (JSC::DFG::GPRInfo::debugName):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::dump):
- (JSC::DFG::JITCodeGenerator::checkConsistency):
- (JSC::DFG::GPRTemporary::GPRTemporary):
- (JSC::DFG::FPRTemporary::FPRTemporary):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::boxDouble):
- (JSC::DFG::JITCodeGenerator::unboxDouble):
- (JSC::DFG::JITCodeGenerator::spill):
- (JSC::DFG::JITCodeGenerator::flushRegisters):
- (JSC::DFG::JITCodeGenerator::isFlushed):
- (JSC::DFG::JITCodeGenerator::bitOp):
- (JSC::DFG::JITCodeGenerator::shiftOp):
- (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
- (JSC::DFG::JITCodeGenerator::setupStubArguments):
- (JSC::DFG::JITCodeGenerator::callOperation):
- (JSC::DFG::IntegerOperand::gpr):
- (JSC::DFG::DoubleOperand::gpr):
- (JSC::DFG::GPRTemporary::gpr):
- (JSC::DFG::FPRTemporary::gpr):
- (JSC::DFG::GPRResult::lockedResult):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::fillInt32ToInteger):
- (JSC::DFG::JITCompiler::fillToJS):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- (JSC::DFG::JITCompiler::compileFunction):
- (JSC::DFG::JITCompiler::jitAssertIsInt32):
- (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
- (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
- (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::preserveReturnAddressAfterCall):
- (JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn):
- (JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr):
- (JSC::DFG::JITCompiler::emitPutToCallFrameHeader):
- (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
- (JSC::DFG::JITCompiler::addressForGlobalVar):
- (JSC::DFG::JITCompiler::addressFor):
- (JSC::DFG::JITCompiler::tagFor):
- (JSC::DFG::JITCompiler::payloadFor):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::EntryLocation::EntryLocation):
- (JSC::DFG::NonSpeculativeJIT::valueToNumber):
- (JSC::DFG::NonSpeculativeJIT::valueToInt32):
- (JSC::DFG::NonSpeculativeJIT::numberToInt32):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
- (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
- (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
- (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
- (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
- (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
- (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
- * dfg/DFGRegisterBank.h:
- (JSC::DFG::RegisterBank::allocate):
- (JSC::DFG::RegisterBank::retain):
- (JSC::DFG::RegisterBank::release):
- (JSC::DFG::RegisterBank::lock):
- (JSC::DFG::RegisterBank::unlock):
- (JSC::DFG::RegisterBank::isLocked):
- (JSC::DFG::RegisterBank::name):
- (JSC::DFG::RegisterBank::iterator::name):
- (JSC::DFG::RegisterBank::iterator::isLocked):
- (JSC::DFG::RegisterBank::iterator::release):
- (JSC::DFG::RegisterBank::iterator::gpr):
- (JSC::DFG::RegisterBank::iterator::debugName):
- (JSC::DFG::RegisterBank::iterator::operator++):
- (JSC::DFG::RegisterBank::iterator::operator!=):
- (JSC::DFG::RegisterBank::iterator::index):
- (JSC::DFG::RegisterBank::iterator::iterator):
- (JSC::DFG::RegisterBank::begin):
- (JSC::DFG::RegisterBank::end):
- (JSC::DFG::RegisterBank::isLockedAtIndex):
- (JSC::DFG::RegisterBank::nameAtIndex):
- (JSC::DFG::RegisterBank::releaseAtIndex):
- (JSC::DFG::RegisterBank::allocateInternal):
- (JSC::DFG::RegisterBank::MapEntry::MapEntry):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::~ScoreBoard):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculationCheck::SpeculationCheck):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculateIntegerOperand::gpr):
-
-2011-04-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Remove evil addressOfStructure() function
- https://bugs.webkit.org/show_bug.cgi?id=59739
-
- Remove the addressOfStructure function from JSCell, and update
- callsites to use the same logic as testPrototype()
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdProtoList):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdProtoList):
- * runtime/JSCell.h:
-
-2011-04-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Clean up testPrototype()
- https://bugs.webkit.org/show_bug.cgi?id=59734
-
- Remove direct pointer to the inside of a GC object and just do
- the indirect load manually. Doesn't effect sunspider but does
- clean up the code quite a bit, and simplifies the handling of
- GC values.
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::testPrototype):
-
-2011-04-28 David Levin <levin@chromium.org>
-
- Build fix.
-
- * wtf/RefCounted.h: Fix inverted ifdef.
-
-2011-04-07 David Levin <levin@chromium.org>
-
- Reviewed by Darin Adler.
-
- Add asserts to RefCounted to make sure ref/deref happens on the right thread.
- https://bugs.webkit.org/show_bug.cgi?id=31639
-
- * GNUmakefile.list.am: Added new files to the build.
- * JavaScriptCore.gypi: Ditto.
- * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
- * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
- * jit/ExecutableAllocator.h:
- (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
- due to not being able to figure out what was guarding it (bug 58091).
- * parser/SourceProvider.h:
- (JSC::SourceProvider::SourceProvider): Ditto.
- * runtime/RegExp.cpp:
- (JSC::RegExp::RegExp): Ditto.
- * wtf/CMakeLists.txt: Added new files to the build.
- * wtf/ThreadRestrictionVerifier.h: Added.
- Everything is done in the header to avoid the issue with exports
- that are only useful in debug but still needing to export them.
- * wtf/RefCounted.h:
- (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
- and filed bug 58171 about making it stricter.
- (WTF::RefCountedBase::hasOneRef): Ditto.
- (WTF::RefCountedBase::refCount): Ditto.
- (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
- on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
- (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
- Filed bug 58174 to remove this method.
- (WTF::RefCountedBase::derefBase):
- * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
- * wtf/text/CString.h:
- (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
- done in Chromium's test_shell (bug 58093).
-
-2011-04-28 Xan Lopez <xlopez@igalia.com>
-
- Unreviewed attempt to fix the build.
-
- * GNUmakefile.am: add -lpthread.
-
-2011-04-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Only need a single implementation of testPrototype
- https://bugs.webkit.org/show_bug.cgi?id=59724
-
- Remove excess copy of identical testPrototype() code
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::testPrototype):
- * jit/JITPropertyAccess32_64.cpp:
-
-2011-04-28 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Martin Robinson.
-
- [Gtk] Split JSC and WebCore builds
- https://bugs.webkit.org/show_bug.cgi?id=19428
-
- Build JavaScriptCore as a libtool shared library instead of a
- private convenience library.
-
- * GNUmakefile.am: define new jsc library and adapt to new name for
- javascriptcore target.
- * GNUmakefile.list.am: ditto.
-
-2011-04-28 David Kilzer <ddkilzer@apple.com>
-
- <http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called
-
- Reviewed by Simon Fraser.
-
- * wtf/mac/MainThreadMac.mm:
- (WTF::postTimer): Use RetainPtr to plug the leak.
-
-2011-04-27 Sam Weinig <sam@webkit.org>
-
- Reviewed by David Kilzer.
-
- Add way to install testapi in production builds
- https://bugs.webkit.org/show_bug.cgi?id=59674
-
- * Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig.
- Add configuration file for TestAPI. In addition to name, we now specify an install path
- and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig
- file.
-
-2011-04-27 Adam Barth <abarth@webkit.org>
-
- Reviewed by David Levin.
-
- Enable strict OwnPtrs for Chromium
- https://bugs.webkit.org/show_bug.cgi?id=59666
-
- * wtf/OwnPtr.h:
-
-2011-04-27 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Add ability to remove keys from weakmap API
- https://bugs.webkit.org/show_bug.cgi?id=59645
-
- Add JSWeakObjectMapRemove API
-
- * API/JSWeakObjectMapRefPrivate.cpp:
- * API/JSWeakObjectMapRefPrivate.h:
- * JavaScriptCore.exp:
-
-2011-04-27 Adam Barth <abarth@webkit.org>
-
- Reviewed by David Levin.
-
- Enable strict mode for OwnPtr
- https://bugs.webkit.org/show_bug.cgi?id=59428
-
- This patch enables strict mode for OwnPtr on PLATFORM(MAC) only.
-
- * wtf/OwnPtr.h:
-
-2011-04-27 Steve Block <steveblock@google.com>
-
- Reviewed by David Levin.
-
- Remove Android build system
- https://bugs.webkit.org/show_bug.cgi?id=48111
-
- This is to avoid the maintenance burden until the Android port is
- fully upstreamed.
-
- * Android.mk: Removed.
- * Android.v8.wtf.mk: Removed.
-
-2011-04-27 Mark Rowe <mrowe@apple.com>
-
- Fix 32-bit build after r85036.
-
- * wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit.
-
-2011-04-27 Csaba Osztrogonác <ossy@webkit.org>
-
- Unreviewed buildfix after r85036.
-
- Readd non-dead code.
-
- * wtf/OSAllocatorPosix.cpp:
- (WTF::OSAllocator::reserveAndCommit):
-
-2011-04-27 Adam Barth <abarth@webkit.org>
-
- Reviewed by Kenneth Russell.
-
- OwnPtr assignment operator should be private
- https://bugs.webkit.org/show_bug.cgi?id=59487
-
- Unfortunately we can't remove the copy constructor because of some
- detail about gcc. (The issue is documented in a comment already.)
-
- * wtf/OwnPtr.h:
-
-2011-04-26 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r84977.
- http://trac.webkit.org/changeset/84977
- https://bugs.webkit.org/show_bug.cgi?id=59568
-
- caused crashes on the SL WK2 bots (Requested by jessieberlin
- on #webkit).
-
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::call):
- (JSC::MacroAssemblerX86_64::tailRecursiveCall):
- (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
-
-2011-04-26 Kevin Ollivier <kevino@theolliviers.com>
-
- Rubberstamped by Eric Seidel.
-
- Enable waf to be used to build other ports
- https://bugs.webkit.org/show_bug.cgi?id=58213
-
- * wscript:
-
-2011-04-26 Sam Weinig <sam@webkit.org>
-
- Reviewed by David Hyatt.
-
- Remove Datagrid from the tree
- https://bugs.webkit.org/show_bug.cgi?id=59543
-
- * Configurations/FeatureDefines.xcconfig:
- Remove feature.
-
-2011-04-26 Adrienne Walker <enne@google.com>
-
- Reviewed by Geoffrey Garen.
-
- Fix incorrect use of OwnPtr<T*> in GCActivityCallback
- https://bugs.webkit.org/show_bug.cgi?id=59559
-
- * runtime/GCActivityCallback.h:
-
-2011-04-26 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Daniel Bates.
-
- Unused but set variable warning in MacroAssembelX86_64
- https://bugs.webkit.org/show_bug.cgi?id=59482
-
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::call): do not declare the label
- variable if we are not going to use it.
- (JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto.
- (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto.
-
-2011-04-26 Dan Bernstein <mitz@apple.com>
-
- Reviewed by Mark Rowe.
-
- Choose the compiler based on the Xcode version for Snow Leopard debug builds.
-
- * Configurations/Base.xcconfig:
- * Configurations/CompilerVersion.xcconfig: Added.
-
-2011-04-25 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Nixed special finalizer handling for WebCore strings
- https://bugs.webkit.org/show_bug.cgi?id=59425
-
- SunSpider reports no change.
-
- Not needed anymore, since weak handles have finalizers.
-
- * runtime/JSString.cpp:
- (JSC::JSString::resolveRope):
- (JSC::JSString::resolveRopeSlowCase):
- (JSC::JSString::outOfMemory):
- (JSC::JSString::substringFromRope):
- (JSC::JSString::replaceCharacter): Updated for removal of union.
-
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::~JSString):
- (JSC::RopeBuilder::appendStringInConstruct):
- (JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for
- union or special constructor anymore.
-
-2011-04-26 Gabor Loki <loki@webkit.org>
-
- Reviewed by Csaba Osztrogonác.
-
- Speeding up SVG filters with multicore (SMP) support
- https://bugs.webkit.org/show_bug.cgi?id=43903
-
- Some SVG filters execute a huge number of pixel manipulations, which
- cannot be sped up by graphics accelerators, since their algorithm is
- too complex. Using the power of Symmetric Multi Processing (SMP) we
- can split up a task to smaller (data independent) tasks, which can be
- executed independently.
-
- The ParallelJobs framework provides a simple way for distributed
- programming. The framework is based on WebKit's threading infrastructure,
- Open Multi-Processing's (OpenMP) API, and libdispatch API.
-
- * GNUmakefile.list.am:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- * wtf/ParallelJobs.h: Added.
- (WTF::ParallelJobs::ParallelJobs):
- (WTF::ParallelJobs::numberOfJobs):
- (WTF::ParallelJobs::parameterForJob):
- (WTF::ParallelJobs::executeJobs):
- * wtf/ParallelJobsGeneric.cpp: Added.
- (WTF::ParallelEnvironment::ThreadPrivate::tryLockFor):
- (WTF::ParallelEnvironment::ThreadPrivate::executeJob):
- (WTF::ParallelEnvironment::ThreadPrivate::waitForFinish):
- (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
- * wtf/ParallelJobsGeneric.h: Added.
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::numberOfJobs):
- (WTF::ParallelEnvironment::parameterForJob):
- (WTF::ParallelEnvironment::executeJobs):
- (WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate):
- (WTF::ParallelEnvironment::ThreadPrivate::create):
- * wtf/ParallelJobsLibdispatch.h: Added.
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::numberOfJobs):
- (WTF::ParallelEnvironment::parameterForJob):
- (WTF::ParallelEnvironment::executeJobs):
- * wtf/ParallelJobsOpenMP.h: Added.
- (WTF::ParallelEnvironment::ParallelEnvironment):
- (WTF::ParallelEnvironment::numberOfJobs):
- (WTF::ParallelEnvironment::parameterForJob):
- (WTF::ParallelEnvironment::executeJobs):
- * wtf/Platform.h:
- * wtf/wtf.pri:
-
-2011-04-26 Mihai Parparita <mihaip@chromium.org>
-
- Reviewed by Adam Barth.
-
- Turn off make built-in implicit rules for derived sources makefile
- https://bugs.webkit.org/show_bug.cgi?id=59418
-
- We don't use any of make's built-in implicit rules, turning them off
- speeds up parsing of the makefile.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * gyp/generate-derived-sources.sh:
-
-2011-04-25 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Custom prototypes on DOM objects don't persist after garbage collection
- https://bugs.webkit.org/show_bug.cgi?id=59412
-
- SunSpider reports no change.
-
- The hasCustomProperties() check didn't check for a custom prototype.
-
- * runtime/JSObject.h:
- (JSC::JSObject::hasCustomProperties): Changed to delegate to Structure
- because it is the "truth" about an object's pedigree.
-
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- * runtime/Structure.h:
- (JSC::Structure::didTransition): Track whether a Structure has ever
- transitioned for any reason. If so, we have to assume that the object
- holding it is custom in some way.
-
-2011-04-25 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- https://bugs.webkit.org/show_bug.cgi?id=59405
- DFG JIT - add type speculation for integer & array types, for vars & args.
-
- If a var or argument is used as the base for a GetByVal or PutByVal access
- we are speculating that it is of type Array (we only generate code on the
- speculative path to perform array accesses). By typing the var or args slot
- as Array, and checking on entry to the function (in the case of args), and
- each time the local is written to, we can avoid a type check at each point
- the array is accessed. This will typically hoist type checks out of loops.
-
- Similarly, any local that is incremented or decremented, or is the input or
- output or a bitwise operator, is likely to be an integer. By typing the
- local as int32 we can avoid speculation checks on access, and tagging when
- writing to the slot. All accesses can become 32bit instead of 64.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::predictArray):
- (JSC::DFG::ByteCodeParser::predictInt32):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.h:
- (JSC::DFG::PredictionSlot::PredictionSlot):
- (JSC::DFG::Graph::Graph):
- (JSC::DFG::Graph::predict):
- (JSC::DFG::Graph::getPrediction):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::tagFor):
- (JSC::DFG::JITCompiler::payloadFor):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
- * dfg/DFGSpeculativeJIT.h:
- * runtime/Executable.cpp:
- (JSC::tryDFGCompile):
-
-2011-04-25 David Levin <levin@chromium.org>
-
- Reviewed by James Robinson.
-
- Fix OwnPtr strict mode violation in MessageQueue.h
- https://bugs.webkit.org/show_bug.cgi?id=59400
-
- * wtf/MessageQueue.h:
- (WTF::::waitForMessage):
- (WTF::::waitForMessageFilteredWithTimeout):
- (WTF::::tryGetMessage):
-
-2011-04-25 Adam Barth <abarth@webkit.org>
-
- Reviewed by Darin Adler.
-
- JavaScriptCore should play nice strict OwnPtrs
- https://bugs.webkit.org/show_bug.cgi?id=59401
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parse):
- * heap/Heap.cpp:
- (JSC::TypeCounter::TypeCounter):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::JITThunks):
- * parser/JSParser.cpp:
- (JSC::JSParser::Scope::Scope):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
-
-2011-04-25 Mark Rowe <mrowe@apple.com>
-
- Build fix.
-
- * wtf/ListHashSet.h:
-
-2011-04-25 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 59370 - DFG JIT - fix leak of BlocksBlocks
- (put the blocks immediately into an OwnPtr).
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parse):
-
-2011-04-25 James Robinson <jamesr@chromium.org>
-
- Reviewed by David Levin.
-
- Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor
- https://bugs.webkit.org/show_bug.cgi?id=59353
-
- * wtf/ListHashSet.h:
- (WTF::::ListHashSet):
-
-2011-04-25 David Levin <levin@chromium.org>
-
- Reviewed by Adam Barth.
-
- Fix PassOwnPtr issues in Structure and JSGlobalData.cpp
- https://bugs.webkit.org/show_bug.cgi?id=59347
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/Structure.cpp:
- (JSC::Structure::copyPropertyTable):
- (JSC::Structure::createPropertyMap):
- * runtime/Structure.h:
-
-2011-04-25 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make ClassInfo required when creating a Structure
- https://bugs.webkit.org/show_bug.cgi?id=59340
-
- Add ClassInfo to all those types which currently don't
- have it, and add an assertion to Structure::create to
- ensure that the provided classInfo is not null.
-
- * runtime/Executable.h:
- (JSC::EvalExecutable::createStructure):
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::createStructure):
- * runtime/GetterSetter.cpp:
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::createStructure):
- * runtime/JSAPIValueWrapper.cpp:
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSString.cpp:
- * runtime/JSString.h:
- (JSC::RopeBuilder::createStructure):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::JSCell::createDummyStructure):
-
-2011-04-25 David Levin <levin@chromium.org>
-
- Reviewed by Adam Barth.
-
- PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr.
- https://bugs.webkit.org/show_bug.cgi?id=59342
-
- This patch is to prepare for the strict OwnPtr hack-a-thon.
-
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyTable::copy):
-
-2011-04-25 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Gavin Barraclough.
-
- Rationalize MacroAssembler branch methods
- https://bugs.webkit.org/show_bug.cgi?id=58950
-
- split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition'
- and apply related changes (only for SH4 platforms).
-
- * assembler/MacroAssemblerSH4.cpp:
- * assembler/MacroAssemblerSH4.h:
- (JSC::MacroAssemblerSH4::compare32):
- (JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerSH4::branchDouble):
- (JSC::MacroAssemblerSH4::branch32):
- (JSC::MacroAssemblerSH4::branchTest8):
- (JSC::MacroAssemblerSH4::branch8):
- (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
- (JSC::MacroAssemblerSH4::test8):
- (JSC::MacroAssemblerSH4::branch16):
- (JSC::MacroAssemblerSH4::branchTest32):
- (JSC::MacroAssemblerSH4::branchAdd32):
- (JSC::MacroAssemblerSH4::branchMul32):
- (JSC::MacroAssemblerSH4::branchSub32):
- (JSC::MacroAssemblerSH4::branchOr32):
- (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
- (JSC::MacroAssemblerSH4::branchPtrWithPatch):
- (JSC::MacroAssemblerSH4::SH4Condition):
- * assembler/SH4Assembler.h:
- (JSC::SH4Assembler::cmpEqImmR0):
-
-2011-04-25 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- PropertyMapHashTable should work with strict OwnPtr
- https://bugs.webkit.org/show_bug.cgi?id=59337
-
- This patch is in preparation for the strict OwnPtr hack-a-thon.
-
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyTable::PropertyTable):
- (JSC::PropertyTable::addDeletedOffset):
-
-2011-04-25 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Nixed MarkStack::deprecatedAppend, since it has no clients left.
-
- * heap/MarkStack.h:
-
-2011-04-23 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?:
-
- SetLocals to temporaries will only be generated if they are used within other
- blocks, due to the SSA based DCE.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::get):
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::getLocal):
- (JSC::DFG::ByteCodeParser::setLocal):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processPhiStack):
- (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.h:
- (JSC::DFG::BasicBlock::BasicBlock):
-
-2011-04-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig & Geoff Garen.
-
- Bug 59266 - DFG JIT - Add SSA style DCE
-
- This works by making GetLocal nodes reference SetLocal nodes from prior blocks,
- via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a
- matching child Phi, and add the Phi to a work queue to add references to prior
- definitions once we have the full CFG & can determine predecessors. This process
- is iterative, inserting new phis into predecessors as necessary.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getVariable):
- (JSC::DFG::ByteCodeParser::setVariable):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::setArgument):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::processWorkQueue):
- (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::refChildren):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::ref):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::ref):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::~ScoreBoard):
- (JSC::DFG::ScoreBoard::dump):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-22 Vitaly Repeshko <vitalyr@chromium.org>
-
- Reviewed by Adam Barth.
-
- Add missing default constructors for HashMap iterator specializations.
- https://bugs.webkit.org/show_bug.cgi?id=59250
-
- * wtf/HashIterators.h:
- * wtf/HashTable.h:
- (WTF::HashTableConstIterator::HashTableConstIterator): Added cast
- to help compiler find the function template.
-
-2011-04-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 59262 - DFG JIT - reduce size of VariableRecord
-
- We never need both the get & set node, only the most recent
- (which is always a set, if both exist).
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::getVariable):
- (JSC::DFG::ByteCodeParser::setVariable):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::setArgument):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.h:
- (JSC::DFG::VariableRecord::VariableRecord):
-
-2011-04-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks,
- such that this information is available for DCE. Also, since this enlarges the
- size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a
- vector of blocks.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::get):
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::getVariable):
- (JSC::DFG::ByteCodeParser::setVariable):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::setArgument):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::setupPredecessors):
- (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::VariableRecord::VariableRecord):
- (JSC::DFG::BasicBlock::BasicBlock):
- (JSC::DFG::BasicBlock::getBytecodeBegin):
- (JSC::DFG::Graph::blockIndexForBytecodeOffset):
- (JSC::DFG::Graph::blockForBytecodeOffset):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-
-2011-04-22 Gavin Barraclough <barraclough@apple.com>
-
- Errk, build fix.
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop,
- move out the call to checkConsistency().
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2011-04-21 Vitaly Repeshko <vitalyr@chromium.org>
-
- Reviewed by Adam Barth.
-
- Provide default constructors for HashMap iterators.
- https://bugs.webkit.org/show_bug.cgi?id=59151
-
- These will be used to implement an iterator over EventTarget's
- listeners.
-
- * wtf/HashTable.h:
- (WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter):
- (WTF::HashTableIteratorAdapter::HashTableIteratorAdapter):
-
-2011-04-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks
-
- These will be necessary for DCE support.
- Also factor allocateVirtualRegisters out into its own method.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::setupPredecessors):
- (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::blockForBytecodeOffset):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::isTerminal):
-
-2011-04-22 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Object.create creates uncachable objects
- https://bugs.webkit.org/show_bug.cgi?id=59164
-
- Use the prototype object's inheritorID, as we
- should always have done
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::nullPrototypeObjectStructure):
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorCreate):
-
-2011-04-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result
-
- We currently allocate virtual registers to nodes which have no result - these are
- clearly unused, and may result in us allocating a larger than necessary stack frame.
-
- Encapsulate Node::virtualRegister such that we can ASSERT this is only called on
- nodes that have results, and improve the quality of output from the consistency check.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::ref):
- (JSC::DFG::Graph::deref):
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- (JSC::DFG::JITCodeGenerator::dump):
- (JSC::DFG::JITCodeGenerator::checkConsistency):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::canReuse):
- (JSC::DFG::JITCodeGenerator::isFilled):
- (JSC::DFG::JITCodeGenerator::isFilledDouble):
- (JSC::DFG::JITCodeGenerator::use):
- (JSC::DFG::JITCodeGenerator::integerResult):
- (JSC::DFG::JITCodeGenerator::noResult):
- (JSC::DFG::JITCodeGenerator::cellResult):
- (JSC::DFG::JITCodeGenerator::jsValueResult):
- (JSC::DFG::JITCodeGenerator::doubleResult):
- (JSC::DFG::JITCodeGenerator::initConstantInfo):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::fillInt32ToInteger):
- (JSC::DFG::JITCompiler::fillToJS):
- (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::hasResult):
- (JSC::DFG::Node::virtualRegister):
- (JSC::DFG::Node::setVirtualRegister):
- (JSC::DFG::Node::refCount):
- (JSC::DFG::Node::ref):
- (JSC::DFG::Node::deref):
- (JSC::DFG::Node::adjustedRefCount):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
- (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::use):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-22 Sam Weinig <sam@webkit.org>
-
- Reviewed by Gavin Barraclough and Oliver Hunt.
-
- Arrays should participate in global object forwarding fun
- https://bugs.webkit.org/show_bug.cgi?id=59215
-
- * runtime/JSGlobalObject.h:
- (JSC::constructEmptyArray):
- (JSC::constructArray):
- Add variants of constructArray that take a global object.
-
-2011-04-22 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r84650 and r84654.
- http://trac.webkit.org/changeset/84650
- http://trac.webkit.org/changeset/84654
- https://bugs.webkit.org/show_bug.cgi?id=59218
-
- Broke Windows build (Requested by bweinstein on #webkit).
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::::init):
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * heap/Handle.h:
- (JSC::HandleBase::operator!):
- (JSC::HandleBase::operator UnspecifiedBoolType*):
- (JSC::HandleTypes::getFromSlot):
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::markStrongHandles):
- (JSC::HandleHeap::markWeakHandles):
- (JSC::HandleHeap::finalizeWeakHandles):
- (JSC::HandleHeap::writeBarrier):
- (JSC::HandleHeap::protectedGlobalObjectCount):
- (JSC::HandleHeap::isValidWeakNode):
- * heap/HandleHeap.h:
- (JSC::HandleHeap::copyWeak):
- (JSC::HandleHeap::makeWeak):
- (JSC::HandleHeap::Node::slot):
- * heap/HandleStack.cpp:
- (JSC::HandleStack::mark):
- (JSC::HandleStack::grow):
- * heap/HandleStack.h:
- (JSC::HandleStack::zapTo):
- (JSC::HandleStack::push):
- * heap/Heap.cpp:
- (JSC::HandleHeap::protectedObjectTypeCounts):
- * heap/Local.h:
- (JSC::::set):
- * heap/Strong.h:
- (JSC::Strong::set):
- * heap/Weak.h:
- (JSC::Weak::set):
- * runtime/StructureTransitionTable.h:
- (JSC::StructureTransitionTable::singleTransition):
- (JSC::StructureTransitionTable::setSingleTransition):
- * runtime/WeakGCMap.h:
- (JSC::WeakGCMap::add):
- (JSC::WeakGCMap::set):
- * runtime/WriteBarrier.h:
-
-2011-04-22 Brian Weinstein <bweinstein@apple.com>
-
- Part of Windows build fix from r84650.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-04-22 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make it harder to use HandleSlot incorrectly
- https://bugs.webkit.org/show_bug.cgi?id=59205
-
- Just add a little type fudging to make it harder to
- incorrectly assign through a HandleSlot.
-
- * API/JSCallbackObjectFunctions.h:
- (JSC::::init):
- * JavaScriptCore.exp:
- * heap/Handle.h:
- (JSC::HandleBase::operator!):
- (JSC::HandleBase::operator UnspecifiedBoolType*):
- (JSC::HandleTypes::getFromSlot):
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::markStrongHandles):
- (JSC::HandleHeap::markWeakHandles):
- (JSC::HandleHeap::finalizeWeakHandles):
- (JSC::HandleHeap::writeBarrier):
- (JSC::HandleHeap::protectedGlobalObjectCount):
- (JSC::HandleHeap::isValidWeakNode):
- * heap/HandleHeap.h:
- (JSC::HandleHeap::copyWeak):
- (JSC::HandleHeap::makeWeak):
- (JSC::HandleHeap::Node::slot):
- * heap/HandleStack.cpp:
- (JSC::HandleStack::mark):
- (JSC::HandleStack::grow):
- * heap/HandleStack.h:
- (JSC::HandleStack::zapTo):
- (JSC::HandleStack::push):
- * heap/Heap.cpp:
- (JSC::HandleHeap::protectedObjectTypeCounts):
- * heap/Local.h:
- (JSC::::set):
- * heap/Strong.h:
- (JSC::Strong::set):
- * heap/Weak.h:
- (JSC::Weak::set):
- * runtime/StructureTransitionTable.h:
- (JSC::StructureTransitionTable::singleTransition):
- (JSC::StructureTransitionTable::setSingleTransition):
- * runtime/WeakGCMap.h:
- (JSC::WeakGCMap::add):
- (JSC::WeakGCMap::set):
- * runtime/WriteBarrier.h:
- (JSC::OpaqueJSValue::toJSValue):
- (JSC::OpaqueJSValue::toJSValueRef):
- (JSC::OpaqueJSValue::fromJSValue):
-
-2011-04-22 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitAggregate):
-
-2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r84583.
- http://trac.webkit.org/changeset/84583
- https://bugs.webkit.org/show_bug.cgi?id=59173
-
- "broke
- http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js
- /Object-create.html" (Requested by ggaren on #webkit).
-
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorCreate):
-
-2011-04-21 Maciej Stachowiak <mjs@apple.com>
-
- Reviewed by Adam Roben.
-
- Add a feature define to allow <details> and <summary> to be disabled
- https://bugs.webkit.org/show_bug.cgi?id=59118
- <rdar://problem/9257045>
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-21 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Object.create creates uncachable objects
- https://bugs.webkit.org/show_bug.cgi?id=59164
-
- Use the prototype object's inheritorID, as we
- should always have done
-
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorCreate):
-
-2011-04-21 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Start moving to a general visitor pattern for GC traversal
- https://bugs.webkit.org/show_bug.cgi?id=59141
-
- This is just a rename:
- markChildren -> visitChildren
- markAggregate -> visitAggregate
- markStack -> visitor
- MarkStack -> typedef'd to SlotVisitor
-
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObjectData::visitChildren):
- (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
- (JSC::JSCallbackObject::visitChildren):
- * JavaScriptCore.exp:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::visitStructures):
- (JSC::EvalCodeCache::visitAggregate):
- (JSC::CodeBlock::visitAggregate):
- * bytecode/CodeBlock.h:
- * bytecode/EvalCodeCache.h:
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::visitAggregate):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::visitAggregate):
- * bytecode/StructureStubInfo.h:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::visitChildren):
- * debugger/DebuggerActivation.h:
- * heap/HandleHeap.cpp:
- (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
- (JSC::HandleHeap::markStrongHandles):
- (JSC::HandleHeap::markWeakHandles):
- * heap/HandleHeap.h:
- * heap/HandleStack.cpp:
- (JSC::HandleStack::mark):
- * heap/HandleStack.h:
- * heap/Heap.cpp:
- (JSC::Heap::markProtectedObjects):
- (JSC::Heap::markTempSortVectors):
- (JSC::Heap::markRoots):
- * heap/Heap.h:
- * heap/MarkStack.cpp:
- (JSC::MarkStack::visitChildren):
- (JSC::MarkStack::drain):
- * heap/MarkStack.h:
- (JSC::HeapRootVisitor::HeapRootVisitor):
- (JSC::HeapRootVisitor::mark):
- (JSC::HeapRootVisitor::visitor):
- * heap/MarkedSpace.h:
- * runtime/ArgList.cpp:
- (JSC::MarkedArgumentBuffer::markLists):
- * runtime/ArgList.h:
- * runtime/Arguments.cpp:
- (JSC::Arguments::visitChildren):
- * runtime/Arguments.h:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::visitChildren):
- (JSC::ProgramExecutable::visitChildren):
- (JSC::FunctionExecutable::visitChildren):
- * runtime/Executable.h:
- * runtime/GetterSetter.cpp:
- (JSC::GetterSetter::visitChildren):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::createStructure):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::visitChildren):
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- (JSC::JSArray::visitChildren):
- * runtime/JSArray.h:
- (JSC::JSArray::visitDirect):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::visitChildren):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::visitChildren):
- * runtime/JSFunction.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::visitIfNeeded):
- (JSC::JSGlobalObject::visitChildren):
- * runtime/JSGlobalObject.h:
- * runtime/JSONObject.cpp:
- * runtime/JSObject.cpp:
- (JSC::JSObject::visitChildren):
- * runtime/JSObject.h:
- (JSC::JSObject::visitDirect):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::visitChildren):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::createStructure):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::visitChildren):
- * runtime/JSStaticScopeObject.h:
- * runtime/JSTypeInfo.h:
- (JSC::TypeInfo::TypeInfo):
- (JSC::TypeInfo::overridesVisitChildren):
- * runtime/JSWrapperObject.cpp:
- (JSC::JSWrapperObject::visitChildren):
- * runtime/JSWrapperObject.h:
- * runtime/JSZombie.h:
- (JSC::JSZombie::visitChildren):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::visitChildren):
- * runtime/NativeErrorConstructor.h:
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::visitChildren):
- * runtime/RegExpObject.h:
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::visitChildren):
- * runtime/ScopeChain.h:
- * runtime/SmallStrings.cpp:
- (JSC::SmallStrings::visitChildren):
- * runtime/SmallStrings.h:
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- (JSC::Structure::visitChildren):
- * runtime/Structure.h:
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::visitChildren):
- * runtime/StructureChain.h:
- (JSC::StructureChain::createStructure):
-
-2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r84548.
- http://trac.webkit.org/changeset/84548
- https://bugs.webkit.org/show_bug.cgi?id=59144
-
- Broke chromium-win build (Requested by aklein on #webkit).
-
- * wtf/Platform.h:
-
-2011-04-21 Adam Klein <adamk@chromium.org>
-
- Reviewed by David Levin.
-
- [fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion
- https://bugs.webkit.org/show_bug.cgi?id=55728
-
- Enable WTF_MULTIPLE_THREADS for Chromium.
-
- * wtf/Platform.h:
-
-2011-04-20 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Geoff Garen.
-
- JSString::resolveRope inefficient for common 2 fiber case
- https://bugs.webkit.org/show_bug.cgi?id=58994
-
- Split JSString::resolveRope into three routines.
- resolveRope allocates the new buffer and handles the 1 or 2
- fiber case with single level fibers.
- resolveRopeSlowCase handles the general case.
- outOfMemory handles the rare out of memory exception case.
-
- * runtime/JSString.cpp:
- (JSC::JSString::resolveRope):
- (JSC::JSString::resolveRopeSlowCase):
- (JSC::JSString::outOfMemory):
- * runtime/JSString.h:
-
-2011-04-20 Adam Klein <adamk@chromium.org>
-
- Reviewed by David Levin.
-
- Rename all uses of JSC_MULTIPLE_THREADS under wtf/... to WTF_MULTIPLE_THREADS
- https://bugs.webkit.org/show_bug.cgi?id=59040
-
- This will be used to fix https://bugs.webkit.org/show_bug.cgi?id=55728
- by enabling WTF_MULTIPLE_THREADS for Chromium.
-
- * wtf/CryptographicallyRandomNumber.cpp:
- (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
- (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
- * wtf/FastMalloc.cpp:
- * wtf/Platform.h:
- Enable WTF_MULTIPLE_THREADS whenever JSC_MULTIPLE_THREADS is enabled.
- * wtf/RandomNumber.cpp:
- (WTF::randomNumber):
- * wtf/RefCountedLeakCounter.cpp:
- (WTF::RefCountedLeakCounter::increment):
- (WTF::RefCountedLeakCounter::decrement):
- * wtf/dtoa.cpp:
- (WTF::pow5mult):
-
-2011-04-20 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Geoff Garen
-
- Bug 59069 - DFG JIT - register allocate r8, r9, r10
-
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::gprToRegisterID):
-
-2011-04-20 Gavin Barraclough <barraclough@apple.com>
-
- Build fix - revert accidental change.
-
- * wtf/Platform.h:
-
-2011-04-20 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Add SAMPLING_FLAGS tool to DFG JIT.
-
- * bytecode/SamplingTool.h:
- (JSC::SamplingFlags::addressOfFlags):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::setSamplingFlag):
- (JSC::DFG::JITCompiler::clearSamplingFlag):
- * dfg/DFGJITCompiler.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::setSamplingFlag):
- (JSC::JIT::clearSamplingFlag):
- * wtf/Platform.h:
-
-2011-04-20 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 59022 - DFG JIT - Optimize branch-on-relational-compare
-
- If a relational compare (< or <=) is immediately followed by a branch,
- we can combine the two, avoiding generation of a boolean into a register.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::branch32):
- (JSC::MacroAssemblerX86Common::invert):
- (JSC::MacroAssemblerX86Common::commute):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::adjustedRefCount):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isJSConstantWithInt32Value):
- (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-
-2011-04-20 Gavin Barraclough <barraclough@apple.com>
-
- ARMv7 build fix II.
-
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::softModulo):
-
-2011-04-20 Gavin Barraclough <barraclough@apple.com>
-
- ARMv7 build fix.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::test8):
-
-2011-04-19 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Rationalize MacroAssembler branch methods
- https://bugs.webkit.org/show_bug.cgi?id=58950
-
- The MacroAssembler currently exposes x86's weird behaviour that the 'setcc'
- instruction only sets the low 8 bits of a register. Stop that.
-
- Having done so, to clarify remove the 'set32' prefix from test & compare
- instructions - these methods all now set a full 32/64 bit register (Ptr size).
- The size in the function name should indicate the amount of data being compared.
-
- Also split out the 'Condition' enum into 'RelationalCondition' and
- 'ResultCondition'. The former is used in binary comparison, the latter is a unary
- condition check on the result of an operation.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::branchPtr):
- (JSC::MacroAssembler::branch32):
- (JSC::MacroAssembler::branch16):
- (JSC::MacroAssembler::branchTestPtr):
- (JSC::MacroAssembler::comparePtr):
- (JSC::MacroAssembler::branchAddPtr):
- (JSC::MacroAssembler::branchSubPtr):
- (JSC::MacroAssembler::branchTest8):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::branch8):
- (JSC::MacroAssemblerARM::branch32):
- (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerARM::branch16):
- (JSC::MacroAssemblerARM::branchTest8):
- (JSC::MacroAssemblerARM::branchTest32):
- (JSC::MacroAssemblerARM::branchAdd32):
- (JSC::MacroAssemblerARM::branchMul32):
- (JSC::MacroAssemblerARM::branchSub32):
- (JSC::MacroAssemblerARM::branchNeg32):
- (JSC::MacroAssemblerARM::branchOr32):
- (JSC::MacroAssemblerARM::compare32):
- (JSC::MacroAssemblerARM::test32):
- (JSC::MacroAssemblerARM::test8):
- (JSC::MacroAssemblerARM::branchPtrWithPatch):
- (JSC::MacroAssemblerARM::ARMCondition):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::branch32):
- (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerARMv7::branch16):
- (JSC::MacroAssemblerARMv7::branch8):
- (JSC::MacroAssemblerARMv7::branchTest32):
- (JSC::MacroAssemblerARMv7::branchTest8):
- (JSC::MacroAssemblerARMv7::branchAdd32):
- (JSC::MacroAssemblerARMv7::branchMul32):
- (JSC::MacroAssemblerARMv7::branchOr32):
- (JSC::MacroAssemblerARMv7::branchSub32):
- (JSC::MacroAssemblerARMv7::compare32):
- (JSC::MacroAssemblerARMv7::test32):
- (JSC::MacroAssemblerARMv7::test8):
- (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
- (JSC::MacroAssemblerARMv7::makeBranch):
- (JSC::MacroAssemblerARMv7::armV7Condition):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::branch8):
- (JSC::MacroAssemblerMIPS::branch32):
- (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerMIPS::branch16):
- (JSC::MacroAssemblerMIPS::branchTest32):
- (JSC::MacroAssemblerMIPS::branchTest8):
- (JSC::MacroAssemblerMIPS::branchAdd32):
- (JSC::MacroAssemblerMIPS::branchMul32):
- (JSC::MacroAssemblerMIPS::branchSub32):
- (JSC::MacroAssemblerMIPS::branchOr32):
- (JSC::MacroAssemblerMIPS::compare32):
- (JSC::MacroAssemblerMIPS::test8):
- (JSC::MacroAssemblerMIPS::test32):
- (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::branch32):
- (JSC::MacroAssemblerX86::branchPtrWithPatch):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::branch8):
- (JSC::MacroAssemblerX86Common::branch32):
- (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerX86Common::branch16):
- (JSC::MacroAssemblerX86Common::branchTest32):
- (JSC::MacroAssemblerX86Common::branchTest8):
- (JSC::MacroAssemblerX86Common::branchAdd32):
- (JSC::MacroAssemblerX86Common::branchMul32):
- (JSC::MacroAssemblerX86Common::branchSub32):
- (JSC::MacroAssemblerX86Common::branchNeg32):
- (JSC::MacroAssemblerX86Common::branchOr32):
- (JSC::MacroAssemblerX86Common::compare32):
- (JSC::MacroAssemblerX86Common::test8):
- (JSC::MacroAssemblerX86Common::test32):
- (JSC::MacroAssemblerX86Common::x86Condition):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::comparePtr):
- (JSC::MacroAssemblerX86_64::branchPtr):
- (JSC::MacroAssemblerX86_64::branchTestPtr):
- (JSC::MacroAssemblerX86_64::branchAddPtr):
- (JSC::MacroAssemblerX86_64::branchSubPtr):
- (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
- (JSC::MacroAssemblerX86_64::branchTest8):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_eq):
- (JSC::JIT::emit_op_neq):
- (JSC::JIT::compileOpStrictEq):
- (JSC::JIT::emit_op_eq_null):
- (JSC::JIT::emit_op_neq_null):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_eq):
- (JSC::JIT::emit_op_neq):
- (JSC::JIT::compileOpStrictEq):
- (JSC::JIT::emit_op_eq_null):
- (JSC::JIT::emit_op_neq_null):
-
-2011-04-20 Balazs Kelemen <kbalazs@webkit.org>
-
- Reviewed by Csaba Osztrogonác.
-
- [Qt] Cleanup includepath adjustment for generated files
- https://bugs.webkit.org/show_bug.cgi?id=58869
-
- * JavaScriptCore.pri: Add the directory of generated files to the include
- path with absolute path to make it valid in the final build step.
-
-2011-04-19 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Remove unneeded deprecated methods from MarkStack
- https://bugs.webkit.org/show_bug.cgi?id=58853
-
- Remove deprecated methods
-
- * heap/MarkStack.h:
-
-2011-04-19 Mark Rowe <mrowe@apple.com>
-
- Things work best when the Xcode project refers to the file at a path that exists.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-04-19 Renata Hodovan <reni@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Move the alignment related macros in Vector.h to new Alignment.h.
- https://bugs.webkit.org/show_bug.cgi?id=56000
-
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/Alignment.h: Added.
- * wtf/CMakeLists.txt:
- * wtf/Vector.h:
-
-2011-04-19 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Remove DeprecatedPtr
- https://bugs.webkit.org/show_bug.cgi?id=58718
-
- Remove the class an all functions that still exist to support it.
-
- * heap/MarkStack.h:
- (JSC::MarkStack::append):
- * runtime/JSValue.h:
- * runtime/WriteBarrier.h:
-
-2011-04-19 Jungshik Shin <jshin@chromium.org>
-
- Reviewed by David Levin
-
- Add U+FEFF (Zero width no-break space) to CharacterNames.h.
- It's added to the list of characters to treat as zero-width
- in WebCore.
-
- https://bugs.webkit.org/show_bug.cgi?id=48860
-
- * wtf/unicode/CharacterNames.h:
-
-2011-04-19 Csaba Osztrogonác <ossy@webkit.org>
-
- [Qt] REGRESSION(84176): http/tests/xmlhttprequest/event-listener-gc.html fails
- https://bugs.webkit.org/show_bug.cgi?id=58871
-
- Unreviewed, rolling out r84176, r84178, r84186, r84212 and r84231.
- http://trac.webkit.org/changeset/84176 (original patch)
- http://trac.webkit.org/changeset/84178 (original patch - part 2)
- http://trac.webkit.org/changeset/84186 (build fix)
- http://trac.webkit.org/changeset/84212
- http://trac.webkit.org/changeset/84231 (skip failing test)
-
- original bugs:
- - https://bugs.webkit.org/show_bug.cgi?id=58718
- - https://bugs.webkit.org/show_bug.cgi?id=58853
-
- * heap/MarkStack.h:
- (JSC::MarkStack::deprecatedAppendValues):
- (JSC::MarkStack::append):
- (JSC::MarkStack::deprecatedAppend):
- * runtime/JSValue.h:
- * runtime/WriteBarrier.h:
- (JSC::DeprecatedPtr::DeprecatedPtr):
- (JSC::DeprecatedPtr::get):
- (JSC::DeprecatedPtr::operator*):
- (JSC::DeprecatedPtr::operator->):
- (JSC::DeprecatedPtr::slot):
- (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
- (JSC::DeprecatedPtr::operator!):
- (JSC::operator==):
-
-2011-04-18 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Remove unneeded deprecated methods from MarkStack
- https://bugs.webkit.org/show_bug.cgi?id=58853
-
- Remove deprecated methods
-
- * heap/MarkStack.h:
-
-2011-04-18 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Adam Roben.
-
- Off by one initialising repeat callframe
- https://bugs.webkit.org/show_bug.cgi?id=58838
- <rdar://problem/8756810>
-
- If the end of a callframe made for a repeat call landed on
- a page boundary the following page may not have been committed
- which means that the off by one could lead to a crash. However
- it could only happen in this case and only on windows which is
- why it was so hard to repro. Alas given the steps needed to
- reproduce are such that it's not really possible to make a
- testcase.
-
- This fix makes the code a little less squirrely by not trying
- to avoid the unnecessary initialisation of |this|.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::prepareForRepeatCall):
-
-2011-04-18 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- Bug 58829 - DFG JIT - Optimize add/sub immediate, multiply.
-
- Add code generation for add/subtract instruction with immediate operands
- (where a child is a constant), and don't bail to non-speculative if an
- integer multiple results in a +0 result (only if it should be generating -0).
-
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculativeJIT::isDoubleConstantWithInt32Value):
-
-2011-04-18 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- Bug 58817 - DFG JIT - if speculative compilation fails, throw away code.
-
- If we detect a logical conflict, throw away generated code,
- and only compile through the NonSpeculativeJIT.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::rewindToLabel):
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::rewindToOffset):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::branchAdd32):
- (JSC::MacroAssemblerX86Common::branchSub32):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::rewindToLabel):
- (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::linkSpeculationChecks):
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
-
-2011-04-18 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Remove DeprecatedPtr
- https://bugs.webkit.org/show_bug.cgi?id=58718
-
- As simple as it sounds.
-
- * runtime/JSValue.h:
- * runtime/WriteBarrier.h:
-
-2011-04-17 Cameron Zwarich <zwarich@apple.com>
-
- Reviewed by Dan Bernstein.
-
- JSC no longer builds with Clang due to -Woverloaded-virtual warning
- https://bugs.webkit.org/show_bug.cgi?id=58760
-
- Rename Structure's specificValue overload of put to putSpecificValue to avoid
- Clang's warning for overloading a virtual function.
-
- * runtime/Structure.cpp:
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::addPropertyWithoutTransition):
- (JSC::Structure::putSpecificValue):
- * runtime/Structure.h:
-
-2011-04-17 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Adam Barth.
-
- Remove WTF_PLATFORM_SGL
- https://bugs.webkit.org/show_bug.cgi?id=58743
-
- WTF_PLATFORM_SGL and PLATFORM(SGL) are not used in the code anywhere.
-
- * wtf/Platform.h:
-
-2011-04-17 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Adam Barth.
-
- Rename PLATFORM(CA) to USE(CA)
- https://bugs.webkit.org/show_bug.cgi?id=58742
-
- * wtf/Platform.h:
-
-2011-04-17 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Adam Barth.
-
- Rename PLATFORM(CG) to USE(CG)
- https://bugs.webkit.org/show_bug.cgi?id=58729
-
- * wtf/Platform.h:
-
-2011-04-16 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Rename PLATFORM(CAIRO) to USE(CAIRO)
- https://bugs.webkit.org/show_bug.cgi?id=55192
-
- * wtf/Platform.h:
- * wtf/gobject/GTypedefs.h:
-
-2011-04-15 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r84067.
- http://trac.webkit.org/changeset/84067
- https://bugs.webkit.org/show_bug.cgi?id=58724
-
- qt build are failing. (Requested by loislo2 on #webkit).
-
- * heap/MarkStack.h:
- (JSC::MarkStack::append):
- * runtime/JSValue.h:
- * runtime/WriteBarrier.h:
- (JSC::DeprecatedPtr::DeprecatedPtr):
- (JSC::DeprecatedPtr::get):
- (JSC::DeprecatedPtr::operator*):
- (JSC::DeprecatedPtr::operator->):
- (JSC::DeprecatedPtr::slot):
- (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
- (JSC::DeprecatedPtr::operator!):
- (JSC::operator==):
-
-2011-04-15 Shishir Agrawal <shishir@chromium.org>
-
- Reviewed by James Robinson.
-
- Add a flag to guard Page Visibility API changes.
- https://bugs.webkit.org/show_bug.cgi?id=58464
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-15 Gavin Barraclough <barraclough@apple.com>
-
- Errrk! - build fix from !x86-64.
-
- * dfg/DFGNode.h:
-
-2011-04-15 David Levin <levin@chromium.org>
-
- Revert of r83974.
-
- JavaScriptCore shouldn't depend on ../ThirdParty/gtest/xcode/gtest.xcodeproj
- https://bugs.webkit.org/show_bug.cgi?id=58716
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/tests/RunAllWtfTests.cpp: Removed.
- * wtf/tests/StringTests.cpp: Removed.
-
-2011-04-15 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Remove DeprecatedPtr
- https://bugs.webkit.org/show_bug.cgi?id=58718
-
- As simple as it sounds.
-
- * heap/MarkStack.h:
- (JSC::MarkStack::append):
- * runtime/JSValue.h:
- * runtime/WriteBarrier.h:
-
-2011-04-15 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Add a simple tool to gather statistics on whether functions
- are completed through the new or old JIT.
-
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
-
-2011-04-15 Oliver Hunt <oliver@apple.com>
-
- GC allocate Structure
- https://bugs.webkit.org/show_bug.cgi?id=58483
-
- Rolling r83894 r83827 r83810 r83809 r83808 back in with
- a workaround for the gcc bug seen by the gtk bots
-
- * API/JSCallbackConstructor.cpp:
- (JSC::JSCallbackConstructor::JSCallbackConstructor):
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::createStructure):
- * API/JSCallbackFunction.h:
- (JSC::JSCallbackFunction::createStructure):
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::createStructure):
- * API/JSCallbackObjectFunctions.h:
- (JSC::::JSCallbackObject):
- * API/JSContextRef.cpp:
- * JavaScriptCore.JSVALUE32_64only.exp:
- * JavaScriptCore.JSVALUE64only.exp:
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::~CodeBlock):
- (JSC::CodeBlock::markStructures):
- (JSC::CodeBlock::markAggregate):
- * bytecode/CodeBlock.h:
- (JSC::MethodCallLinkInfo::setSeen):
- (JSC::GlobalResolveInfo::GlobalResolveInfo):
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
- (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
- (JSC::PolymorphicAccessStructureList::markAggregate):
- (JSC::Instruction::Instruction):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
- (JSC::StructureStubInfo::markAggregate):
- * bytecode/StructureStubInfo.h:
- (JSC::StructureStubInfo::initGetByIdSelf):
- (JSC::StructureStubInfo::initGetByIdProto):
- (JSC::StructureStubInfo::initGetByIdChain):
- (JSC::StructureStubInfo::initPutByIdTransition):
- (JSC::StructureStubInfo::initPutByIdReplace):
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::DebuggerActivation):
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::createStructure):
- * heap/Handle.h:
- * heap/MarkStack.cpp:
- (JSC::MarkStack::markChildren):
- (JSC::MarkStack::drain):
- * heap/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- (JSC::MarkedBlock::sweep):
- * heap/Strong.h:
- (JSC::Strong::Strong):
- (JSC::Strong::set):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::resolveGlobal):
- (JSC::Interpreter::resolveGlobalDynamic):
- (JSC::Interpreter::tryCachePutByID):
- (JSC::Interpreter::uncachePutByID):
- (JSC::Interpreter::tryCacheGetByID):
- (JSC::Interpreter::uncacheGetByID):
- (JSC::Interpreter::privateExecute):
- * jit/JIT.h:
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::patchMethodCallProto):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::patchMethodCallProto):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::tryCachePutByID):
- (JSC::JITThunks::tryCacheGetByID):
- (JSC::DEFINE_STUB_FUNCTION):
- (JSC::getPolymorphicAccessStructureListSlot):
- * jit/JSInterfaceJIT.h:
- (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
- * jsc.cpp:
- (cleanupGlobalData):
- * runtime/Arguments.h:
- (JSC::Arguments::createStructure):
- (JSC::Arguments::Arguments):
- (JSC::JSActivation::copyRegisters):
- * runtime/ArrayConstructor.cpp:
- (JSC::ArrayConstructor::ArrayConstructor):
- (JSC::constructArrayWithSizeQuirk):
- * runtime/ArrayConstructor.h:
- * runtime/ArrayPrototype.cpp:
- (JSC::ArrayPrototype::ArrayPrototype):
- (JSC::arrayProtoFuncSplice):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::createStructure):
- * runtime/BatchedTransitionOptimizer.h:
- (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
- * runtime/BooleanConstructor.cpp:
- (JSC::BooleanConstructor::BooleanConstructor):
- * runtime/BooleanConstructor.h:
- * runtime/BooleanObject.cpp:
- (JSC::BooleanObject::BooleanObject):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::createStructure):
- * runtime/BooleanPrototype.cpp:
- (JSC::BooleanPrototype::BooleanPrototype):
- * runtime/BooleanPrototype.h:
- * runtime/DateConstructor.cpp:
- (JSC::DateConstructor::DateConstructor):
- * runtime/DateConstructor.h:
- * runtime/DateInstance.cpp:
- (JSC::DateInstance::DateInstance):
- * runtime/DateInstance.h:
- (JSC::DateInstance::createStructure):
- * runtime/DatePrototype.cpp:
- (JSC::DatePrototype::DatePrototype):
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::createStructure):
- * runtime/Error.cpp:
- (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
- * runtime/ErrorConstructor.cpp:
- (JSC::ErrorConstructor::ErrorConstructor):
- * runtime/ErrorConstructor.h:
- * runtime/ErrorInstance.cpp:
- (JSC::ErrorInstance::ErrorInstance):
- (JSC::ErrorInstance::create):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::createStructure):
- * runtime/ErrorPrototype.cpp:
- (JSC::ErrorPrototype::ErrorPrototype):
- * runtime/ErrorPrototype.h:
- * runtime/ExceptionHelpers.cpp:
- (JSC::InterruptedExecutionError::InterruptedExecutionError):
- (JSC::TerminatedExecutionError::TerminatedExecutionError):
- * runtime/Executable.cpp:
- * runtime/Executable.h:
- (JSC::ExecutableBase::ExecutableBase):
- (JSC::ExecutableBase::createStructure):
- (JSC::NativeExecutable::createStructure):
- (JSC::NativeExecutable::NativeExecutable):
- (JSC::ScriptExecutable::ScriptExecutable):
- (JSC::EvalExecutable::createStructure):
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::createStructure):
- * runtime/FunctionConstructor.cpp:
- (JSC::FunctionConstructor::FunctionConstructor):
- * runtime/FunctionConstructor.h:
- * runtime/FunctionPrototype.cpp:
- (JSC::FunctionPrototype::FunctionPrototype):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::createStructure):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::GetterSetter):
- (JSC::GetterSetter::createStructure):
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::InternalFunction):
- * runtime/InternalFunction.h:
- (JSC::InternalFunction::createStructure):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- * runtime/JSActivation.h:
- (JSC::JSActivation::createStructure):
- * runtime/JSArray.cpp:
- (JSC::JSArray::JSArray):
- * runtime/JSArray.h:
- (JSC::JSArray::createStructure):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::JSByteArray):
- (JSC::JSByteArray::createStructure):
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::JSByteArray):
- * runtime/JSCell.cpp:
- (JSC::isZombie):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::JSCell):
- (JSC::JSCell::JSCell::addressOfStructure):
- (JSC::JSCell::JSCell::structure):
- (JSC::JSCell::JSCell::markChildren):
- (JSC::JSCell::JSValue::isZombie):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- * runtime/JSFunction.h:
- (JSC::JSFunction::createStructure):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs):
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::clearBuiltinStructures):
- (JSC::JSGlobalData::createLeaked):
- * runtime/JSGlobalData.h:
- (JSC::allocateGlobalHandle):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::markChildren):
- (JSC::JSGlobalObject::copyGlobalsFrom):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::JSGlobalObject):
- (JSC::JSGlobalObject::createStructure):
- (JSC::Structure::prototypeChain):
- (JSC::Structure::isValid):
- (JSC::constructEmptyArray):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::JSNotAnObject):
- (JSC::JSNotAnObject::createStructure):
- * runtime/JSONObject.cpp:
- (JSC::JSONObject::JSONObject):
- * runtime/JSONObject.h:
- (JSC::JSONObject::createStructure):
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::defineSetter):
- (JSC::JSObject::seal):
- (JSC::JSObject::freeze):
- (JSC::JSObject::preventExtensions):
- (JSC::JSObject::removeDirect):
- (JSC::JSObject::createInheritorID):
- * runtime/JSObject.h:
- (JSC::JSObject::createStructure):
- (JSC::JSObject::JSObject):
- (JSC::JSNonFinalObject::createStructure):
- (JSC::JSNonFinalObject::JSNonFinalObject):
- (JSC::JSFinalObject::create):
- (JSC::JSFinalObject::createStructure):
- (JSC::JSFinalObject::JSFinalObject):
- (JSC::constructEmptyObject):
- (JSC::createEmptyObjectStructure):
- (JSC::JSObject::~JSObject):
- (JSC::JSObject::setPrototype):
- (JSC::JSObject::setStructure):
- (JSC::JSObject::inheritorID):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::transitionTo):
- (JSC::JSObject::markChildrenDirect):
- * runtime/JSObjectWithGlobalObject.cpp:
- (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
- * runtime/JSObjectWithGlobalObject.h:
- (JSC::JSObjectWithGlobalObject::createStructure):
- (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
- (JSC::JSPropertyNameIterator::create):
- (JSC::JSPropertyNameIterator::get):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::createStructure):
- (JSC::JSPropertyNameIterator::setCachedStructure):
- (JSC::Structure::setEnumerationCache):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::JSStaticScopeObject):
- (JSC::JSStaticScopeObject::createStructure):
- * runtime/JSString.h:
- (JSC::RopeBuilder::JSString):
- (JSC::RopeBuilder::createStructure):
- * runtime/JSType.h:
- * runtime/JSTypeInfo.h:
- (JSC::TypeInfo::TypeInfo):
- * runtime/JSValue.h:
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::createStructure):
- (JSC::JSVariableObject::JSVariableObject):
- (JSC::JSVariableObject::copyRegisterArray):
- * runtime/JSWrapperObject.h:
- (JSC::JSWrapperObject::createStructure):
- (JSC::JSWrapperObject::JSWrapperObject):
- * runtime/JSZombie.cpp:
- * runtime/JSZombie.h:
- (JSC::JSZombie::JSZombie):
- (JSC::JSZombie::createStructure):
- * runtime/MathObject.cpp:
- (JSC::MathObject::MathObject):
- * runtime/MathObject.h:
- (JSC::MathObject::createStructure):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- (JSC::NativeErrorConstructor::markChildren):
- (JSC::constructWithNativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::createStructure):
- * runtime/NativeErrorPrototype.cpp:
- (JSC::NativeErrorPrototype::NativeErrorPrototype):
- * runtime/NativeErrorPrototype.h:
- * runtime/NumberConstructor.cpp:
- (JSC::NumberConstructor::NumberConstructor):
- * runtime/NumberConstructor.h:
- (JSC::NumberConstructor::createStructure):
- * runtime/NumberObject.cpp:
- (JSC::NumberObject::NumberObject):
- * runtime/NumberObject.h:
- (JSC::NumberObject::createStructure):
- * runtime/NumberPrototype.cpp:
- (JSC::NumberPrototype::NumberPrototype):
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::ObjectConstructor):
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::createStructure):
- * runtime/ObjectPrototype.cpp:
- (JSC::ObjectPrototype::ObjectPrototype):
- * runtime/ObjectPrototype.h:
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyTable::PropertyTable):
- * runtime/RegExpConstructor.cpp:
- (JSC::RegExpConstructor::RegExpConstructor):
- (JSC::RegExpMatchesArray::RegExpMatchesArray):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::createStructure):
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::RegExpObject):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::createStructure):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- * runtime/RegExpPrototype.h:
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- (JSC::ScopeChainNode::createStructure):
- * runtime/StrictEvalActivation.cpp:
- (JSC::StrictEvalActivation::StrictEvalActivation):
- * runtime/StringConstructor.cpp:
- (JSC::StringConstructor::StringConstructor):
- * runtime/StringConstructor.h:
- * runtime/StringObject.cpp:
- (JSC::StringObject::StringObject):
- * runtime/StringObject.h:
- (JSC::StringObject::createStructure):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
- (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
- * runtime/StringPrototype.cpp:
- (JSC::StringPrototype::StringPrototype):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::createStructure):
- * runtime/Structure.cpp:
- (JSC::StructureTransitionTable::remove):
- (JSC::StructureTransitionTable::add):
- (JSC::Structure::Structure):
- (JSC::Structure::~Structure):
- (JSC::Structure::materializePropertyMap):
- (JSC::Structure::addPropertyTransitionToExistingStructure):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::removePropertyTransition):
- (JSC::Structure::changePrototypeTransition):
- (JSC::Structure::despecifyFunctionTransition):
- (JSC::Structure::getterSetterTransition):
- (JSC::Structure::toDictionaryTransition):
- (JSC::Structure::toCacheableDictionaryTransition):
- (JSC::Structure::toUncacheableDictionaryTransition):
- (JSC::Structure::sealTransition):
- (JSC::Structure::freezeTransition):
- (JSC::Structure::preventExtensionsTransition):
- (JSC::Structure::flattenDictionaryStructure):
- (JSC::Structure::copyPropertyTable):
- (JSC::Structure::put):
- (JSC::Structure::markChildren):
- * runtime/Structure.h:
- (JSC::Structure::create):
- (JSC::Structure::setPrototypeWithoutTransition):
- (JSC::Structure::createStructure):
- (JSC::JSCell::createDummyStructure):
- (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::StructureChain):
- (JSC::StructureChain::markChildren):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
- (JSC::StructureChain::head):
- (JSC::StructureChain::createStructure):
- * runtime/StructureTransitionTable.h:
- (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
- (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
- (JSC::StructureTransitionTable::~StructureTransitionTable):
- (JSC::StructureTransitionTable::slot):
- (JSC::StructureTransitionTable::setMap):
- (JSC::StructureTransitionTable::singleTransition):
- (JSC::StructureTransitionTable::clearSingleTransition):
- (JSC::StructureTransitionTable::setSingleTransition):
- * runtime/WeakGCMap.h:
- (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
- (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
- (JSC::WeakGCMap::contains):
- (JSC::WeakGCMap::find):
- (JSC::WeakGCMap::remove):
- (JSC::WeakGCMap::add):
- (JSC::WeakGCMap::set):
- (JSC::WeakGCMap::finalize):
- * runtime/WriteBarrier.h:
- (JSC::writeBarrier):
- (JSC::WriteBarrierBase::set):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::operator->):
- (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-
-2011-04-15 Fridrich Strba <fridrich.strba@bluewin.ch>
-
- Reviewed by Gavin Barraclough.
-
- Correctly prefix symbols. Since gcc 4.5.0, Windows x64 symbols
- are not prefixed by underscore anymore. This is consistent with
- what MSVC does.
- https://bugs.webkit.org/show_bug.cgi?id=58573
-
- * jit/JITStubs.cpp:
-
-2011-04-15 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- Bug 58705 - DFG JIT Add support for flow control (branch, jump).
-
- Add support for control flow by breaking the CodeBlock up into multiple
- basic blocks, generating code for each basic block in turn through the
- speculative JIT & then the non-speculative JIT.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::setTemporary):
- (JSC::DFG::ByteCodeParser::addToGraph):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- (JSC::DFG::BasicBlock::BasicBlock):
- (JSC::DFG::BasicBlock::getBytecodeOffset):
- (JSC::DFG::Graph::blockIndexForBytecodeOffset):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
- (JSC::DFG::JITCodeGenerator::addBranch):
- (JSC::DFG::JITCodeGenerator::linkBranches):
- (JSC::DFG::JITCodeGenerator::BranchRecord::BranchRecord):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::Node):
- (JSC::DFG::Node::isJump):
- (JSC::DFG::Node::isBranch):
- (JSC::DFG::Node::takenBytecodeOffset):
- (JSC::DFG::Node::notTakenBytecodeOffset):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
-
-2011-04-15 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
-
- Bug 58701 - DFG JIT - add GetLocal/SetLocal nodes
-
- Use these for both access to arguments & local variables, adds ability
- to set locals, such that values will persist between basic blocks.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::get):
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::getVariable):
- (JSC::DFG::ByteCodeParser::setVariable):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::setArgument):
- (JSC::DFG::ByteCodeParser::getThis):
- (JSC::DFG::ByteCodeParser::setThis):
- (JSC::DFG::ByteCodeParser::VariableRecord::VariableRecord):
- (JSC::DFG::ByteCodeParser::parseBlock):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- (JSC::DFG::Graph::derefChildren):
- * dfg/DFGGraph.h:
- (JSC::DFG::Graph::ref):
- (JSC::DFG::Graph::deref):
- * dfg/DFGNode.h:
- (JSC::DFG::Node::hasLocal):
- (JSC::DFG::Node::local):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-15 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 58696 - DFG JIT split handling of vars/temporaries
-
- Presently all callee registers are treated as having single block scope,
- since the DFG JIT can only compile single block functions. In order to
- expand the JIT to support control flow we will need to change to retaining
- locals (but not temporaries) across basic block boundaries.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::get):
- (JSC::DFG::ByteCodeParser::set):
- (JSC::DFG::ByteCodeParser::getVariable):
- (JSC::DFG::ByteCodeParser::setVariable):
- (JSC::DFG::ByteCodeParser::getTemporary):
- (JSC::DFG::ByteCodeParser::setTemporary):
- (JSC::DFG::ByteCodeParser::getArgument):
- (JSC::DFG::ByteCodeParser::getInt32Constant):
- (JSC::DFG::ByteCodeParser::getDoubleConstant):
- (JSC::DFG::ByteCodeParser::getJSConstant):
- (JSC::DFG::ByteCodeParser::constantUndefined):
- (JSC::DFG::ByteCodeParser::constantNull):
- (JSC::DFG::ByteCodeParser::one):
- (JSC::DFG::ByteCodeParser::parseBlock):
- (JSC::DFG::ByteCodeParser::parse):
- (JSC::DFG::parse):
- * dfg/DFGNode.h:
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::ScoreBoard):
- (JSC::DFG::ScoreBoard::~ScoreBoard):
- (JSC::DFG::ScoreBoard::allocate):
- (JSC::DFG::ScoreBoard::use):
-
-2011-04-15 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Oliver Hunt.
-
- globalObject moved to JSObjectWithGlobalObject.cpp inhibits inlining
- https://bugs.webkit.org/show_bug.cgi?id=58677
-
- Moved JSObjectWithGlobalObject::globalObject() to
- runtime/JSObjectWithGlobalObject.h to allow the compiler to inline
- it for a performance benefit. An equivalent instance had been in
- a header file before r60057.
-
- * JavaScriptCore.exp:
- * runtime/JSObjectWithGlobalObject.cpp:
- * runtime/JSObjectWithGlobalObject.h:
- (JSC::JSObjectWithGlobalObject::globalObject):
-
-2011-04-14 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make JSNodeFilterCondition handle its lifetime correctly
- https://bugs.webkit.org/show_bug.cgi?id=58622
-
- Add export
-
- * JavaScriptCore.exp:
-
-2011-04-14 Alexey Proskuryakov <ap@apple.com>
-
- Reviewed by Dan Bernstein.
-
- WebKit2: Password field input does not switch to ASCII-compatible source
- https://bugs.webkit.org/show_bug.cgi?id=58583
- <rdar://problem/9059651>
-
- * wtf/Platform.h: Removed WTF_USE_CARBON_SECURE_INPUT_MODE. It's now only used by Chromium,
- and shouldn't be enabled on any other platforms, so there is no reason to make it
- configurable via Platform.h.
-
-2011-04-15 Dmitry Lomov <dslomov@google.com>
-
- Reviewed by David Levin.
-
- Add a sample test case for GTest framework
- https://bugs.webkit.org/show_bug.cgi?id=58509
-
- Add an example of GTest testcase, complete with a runner, to JavaScriptCore.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/tests/RunAllWtfTests.cpp: Added.
- (main):
- * wtf/tests/StringTests.cpp: Added.
-
-2011-04-15 Anna Cavender <annacc@chromium.org>
-
- Reviewed by Eric Carlson.
-
- Renaming TRACK feature define to VIDEO_TRACK
- https://bugs.webkit.org/show_bug.cgi?id=53556
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-14 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Geoffrey Garen.
-
- Hide DFG_JIT_RESTRICTIONS behind ARITHMETIC_OP() macro, and rename
- m_regressionGuard to m_parseFailed, such that it can be reused for
- other failure cases.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::parse):
-
-2011-04-14 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Bug 58620 - DFG JIT - loading of arguments should not be lazy
-
- This optimization is overly simplistic. It only works because we never
- write out definitions to arguments (since we currently only compile
- single block functions). Revert this for now, we may want to reintroduce
- something like this again in the future, but it will need to be aware
- how to schedule definitions to arguments versus lazy loads that have not
- yet been performed.
-
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::needsSpill):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillInteger):
- (JSC::DFG::JITCodeGenerator::fillDouble):
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::initConstantInfo):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::fillNumericToDouble):
- (JSC::DFG::JITCompiler::fillInt32ToInteger):
- (JSC::DFG::JITCompiler::fillToJS):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
- (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-14 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Bug 58600 - DFG JIT bugs in ValueToInt, PutByVal
-
- The bug in PutByVal is that an operand is in JSValueOperand - when this
- locks an integer into a register it will always retag the value without
- checking if the register is already locked. This is a problem where the
- value being stored by a PutByVal is the same as the subscript.
- The subscript is locked into a register first, as a strict integer.
- Locking the value results in the subscript being modified.
-
- The bug in ValueToInt related to the function of sillentFillAllRegisters.
- The problem is that this method will restore all register values from
- prior to the call, overwriting the result of the call out. Allow a
- register to be passed to specifically be excluded from being preserved.
-
- * assembler/ARMAssembler.h:
- (JSC::ARMAssembler::debugOffset):
- * assembler/ARMv7Assembler.h:
- (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::debugOffset):
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::debugOffset):
- * assembler/LinkBuffer.h:
- (JSC::LinkBuffer::debugAddress):
- * assembler/MIPSAssembler.h:
- (JSC::MIPSAssembler::debugOffset):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::orPtr):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::debugOffset):
- (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parse):
- * dfg/DFGGenerationInfo.h:
- * dfg/DFGJITCodeGenerator.cpp:
- (JSC::DFG::JITCodeGenerator::fillJSValue):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::isConstant):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::isConstant):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::valueToNumber):
- (JSC::DFG::NonSpeculativeJIT::valueToInt32):
- (JSC::DFG::NonSpeculativeJIT::numberToInt32):
- (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
- (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
- (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
- (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
- (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
- (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
- (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
- (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-14 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Drain the mark stack while marking weak handles, not after.
- https://bugs.webkit.org/show_bug.cgi?id=58574
-
- Otherwise, items that would have caused more weak handle marking are
- processed after all weak handle marking has finished, and referenced
- weak handles get recycled.
-
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::markWeakHandles): Removed looping from here, since we
- want Heap::markRoots to be responsible for draining the mark stack.
-
- * heap/Heap.cpp:
- (JSC::Heap::markRoots): Moved looping to here, as explained above.
-
- For efficiency's sake, drain the mark stack before starting to mark weak
- handles. Otherwise, items drained while marking weak handles may force
- an extra trip through the weak handle list.
-
- For correctness's sake, drain the mark stack each time through the weak
- handle list. Otherwise, opaque roots that would make weak handles reachable
- are not discovered until after weak handle marking is over.
-
-2011-04-14 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make protected object list in caches window reflect reality
- https://bugs.webkit.org/show_bug.cgi?id=58565
-
- Make sure the heap includes objects protected by Strong handles
- in its list of protected objects.
-
- * heap/HandleHeap.h:
- * heap/Heap.cpp:
- (JSC::HandleHeap::protectedObjectTypeCounts):
-
-2011-04-14 Satish Sampath <satish@chromium.org>
-
- Reviewed by Anders Carlsson.
-
- Don't emit RegExp tables for chromium where they are not used
- https://bugs.webkit.org/show_bug.cgi?id=58544
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * create_regex_tables: Added the "--notables" command line argument.
-
-2011-04-13 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix ASSERTs seen on Windows bots.
-
- * wtf/HashTable.h:
- (WTF::hashTableSwap): Force MSVC to use the right version of swap.
-
-2011-04-13 Ryuan Choi <ryuan.choi@samsung.com>
-
- Reviewed by Kenneth Rohde Christiansen.
-
- [CMAKE] Separate DerivedSources.
- https://bugs.webkit.org/show_bug.cgi?id=58427
-
- * CMakeLists.txt: Change DERIVED_SOURCES_DIR to DERIVED_SOURCES_JAVASCRIPTCORE_DIR.
-
-2011-04-13 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Switched DOM wrappers to use HashMap of Weak<T> instead of WeakGCMap<T>
- https://bugs.webkit.org/show_bug.cgi?id=58482
-
- This will allow wrappers to make individual decisions about their lifetimes.
-
- * heap/HandleHeap.h:
- (JSC::HandleHeap::copyWeak): New function for copying a weak handle.
- It's wasn't previously possible to perform this operation using HandleHeap
- API because the HandleHeap doesn't expose its underlying Node structure.
-
- * heap/Local.h:
- (JSC::::set):
- * heap/Strong.h:
- (JSC::Strong::set): Added ASSERTs to verify that dead objects are not
- resurrected by placement into handles.
-
- (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
- is efficient.
-
- * heap/Weak.h:
- (JSC::Weak::Weak): Fixed a bug where copying a weak pointer would not
- copy its weak callback and context.
-
- (JSC::Weak::operator=): Added an assignment operator, since the default
- C++ assignment operator did the wrong thing.
-
- (JSC::Weak::set): Added ASSERTs to verify that dead objects are not
- resurrected by placement into handles.
-
- (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
- is efficient, and can be done without copying, which is illegal during
- the handle finalization phase.
-
-2011-04-13 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make PropertyMapEntry use a WriteBarrier for specificValue
- https://bugs.webkit.org/show_bug.cgi?id=58407
-
- Make PropertyMapEntry use a WriteBarrier for specificValue, and then
- propagate the required JSGlobalData through all the methods it ends
- up being needed.
-
- * API/JSClassRef.cpp:
- (OpaqueJSClass::prototype):
- * API/JSContextRef.cpp:
- * API/JSObjectRef.cpp:
- (JSObjectMake):
- (JSObjectSetPrototype):
- * JavaScriptCore.exp:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * interpreter/Interpreter.cpp:
- (JSC::appendSourceToError):
- (JSC::Interpreter::tryCacheGetByID):
- (JSC::Interpreter::privateExecute):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::tryCacheGetByID):
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/BatchedTransitionOptimizer.h:
- (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
- * runtime/InternalFunction.cpp:
- (JSC::InternalFunction::name):
- (JSC::InternalFunction::displayName):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::getOwnPropertySlot):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::name):
- (JSC::JSFunction::displayName):
- (JSC::JSFunction::getOwnPropertySlot):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::putWithAttributes):
- (JSC::JSGlobalObject::reset):
- (JSC::JSGlobalObject::resetPrototype):
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::put):
- (JSC::JSObject::deleteProperty):
- (JSC::JSObject::defineGetter):
- (JSC::JSObject::defineSetter):
- (JSC::JSObject::lookupGetter):
- (JSC::JSObject::lookupSetter):
- (JSC::JSObject::getPropertySpecificValue):
- (JSC::JSObject::getOwnPropertyNames):
- (JSC::JSObject::seal):
- (JSC::JSObject::freeze):
- (JSC::JSObject::preventExtensions):
- (JSC::JSObject::removeDirect):
- (JSC::JSObject::getOwnPropertyDescriptor):
- (JSC::JSObject::defineOwnProperty):
- * runtime/JSObject.h:
- (JSC::JSObject::getDirect):
- (JSC::JSObject::getDirectLocation):
- (JSC::JSObject::isSealed):
- (JSC::JSObject::isFrozen):
- (JSC::JSObject::setPrototypeWithCycleCheck):
- (JSC::JSObject::setPrototype):
- (JSC::JSObject::inlineGetOwnPropertySlot):
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::putDirectWithoutTransition):
- (JSC::JSObject::putDirectFunctionWithoutTransition):
- * runtime/Lookup.cpp:
- (JSC::setUpStaticFunctionSlot):
- * runtime/ObjectConstructor.cpp:
- (JSC::objectConstructorCreate):
- (JSC::objectConstructorSeal):
- (JSC::objectConstructorFreeze):
- (JSC::objectConstructorPreventExtensions):
- (JSC::objectConstructorIsSealed):
- (JSC::objectConstructorIsFrozen):
- * runtime/Operations.h:
- (JSC::normalizePrototypeChain):
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyMapEntry::PropertyMapEntry):
- (JSC::PropertyTable::PropertyTable):
- (JSC::PropertyTable::copy):
- * runtime/Structure.cpp:
- (JSC::Structure::materializePropertyMap):
- (JSC::Structure::despecifyDictionaryFunction):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::removePropertyTransition):
- (JSC::Structure::changePrototypeTransition):
- (JSC::Structure::despecifyFunctionTransition):
- (JSC::Structure::getterSetterTransition):
- (JSC::Structure::toDictionaryTransition):
- (JSC::Structure::toCacheableDictionaryTransition):
- (JSC::Structure::toUncacheableDictionaryTransition):
- (JSC::Structure::sealTransition):
- (JSC::Structure::freezeTransition):
- (JSC::Structure::preventExtensionsTransition):
- (JSC::Structure::isSealed):
- (JSC::Structure::isFrozen):
- (JSC::Structure::addPropertyWithoutTransition):
- (JSC::Structure::removePropertyWithoutTransition):
- (JSC::Structure::copyPropertyTable):
- (JSC::Structure::get):
- (JSC::Structure::despecifyFunction):
- (JSC::Structure::despecifyAllFunctions):
- (JSC::Structure::put):
- (JSC::Structure::getPropertyNames):
- * runtime/Structure.h:
- (JSC::Structure::get):
- (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-04-13 Paul Knight <pknight@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- BACKTRACE() macro should check for Debug configuration in macro, not WTFReportBacktrace definition
- https://bugs.webkit.org/show_bug.cgi?id=58405
-
- The BACKTRACE() macro requires JavaScriptCore be built with a Debug
- configuration in order for it to be enabled. Move the NDEBUG check to
- the header so it will be enabled when the calling framework or
- application is built with a Debug configuration, similar to how
- ASSERT() and friends work.
-
- * wtf/Assertions.cpp:
- * wtf/Assertions.h:
-
-2011-04-12 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Alexey Proskuryakov.
-
- https://bugs.webkit.org/show_bug.cgi?id=58131
-
- Provide a workaround for an obscure Studio 12 compiler bug, which
- couldn't call src->~T() on a const T *src.
-
- * wtf/Vector.h:
-
-2011-04-12 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=58395
- Exceptions thrown from property getters called from Array prototype functions can be missed
-
- This is caught by an ASSERT in the top of Interpreter::executeCall.
- Check for exceptions after accessing properties that could be getters.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- - Add exception checks.
-
-2011-04-12 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make API callback objects use weak handles to run their finalizers
- https://bugs.webkit.org/show_bug.cgi?id=58389
-
- Make the API object's private data struct act as a finalizer for
- an api object if the callback object has a API defined finalizer.
-
- * API/JSCallbackObject.cpp:
- (JSC::JSCallbackObjectData::finalize):
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- (JSC::::init):
- * heap/Handle.h:
-
-2011-04-12 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Cleaned up hash traits, and added hash traits for handles
- https://bugs.webkit.org/show_bug.cgi?id=58381
-
- * heap/Handle.h:
- (JSC::HandleBase::swap):
- (JSC::Handle::Handle):
- (JSC::Handle::swap): Implemented swap, so we can rehash efficiently, and
- without creating new handles (which is not allowed during handle finalization).
-
- * heap/Strong.h:
- (JSC::Strong::swap): Use new SimpleClassHashTraits to avoid duplication.
-
- * heap/Weak.h:
- (JSC::Weak::isHashTableDeletedValue):
- (JSC::Weak::Weak):
- (JSC::Weak::swap):
- (JSC::Weak::hashTableDeletedValue): Ditto.
-
- * wtf/HashTraits.h:
- (WTF::SimpleClassHashTraits::constructDeletedValue):
- (WTF::SimpleClassHashTraits::isDeletedValue): Added SimpleClassHashTraits,
- which are analogous to SimpleClassVectorTraits, since they are used in a
- bunch of places.
-
- * wtf/RetainPtr.h: Use new SimpleClassHashTraits to avoid duplication.
-
- * wtf/text/StringHash.h: Use new SimpleClassHashTraits to avoid duplication.
-
-2011-04-12 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Cleaned up some Vector traits, and added missing Vector traits for handles
- https://bugs.webkit.org/show_bug.cgi?id=58372
-
- * heap/Local.h: Inherit from SimpleClassVectorTraits to avoid duplication.
-
- * heap/Strong.h: Ditto.
-
- * heap/Weak.h: Ditto.
-
- * parser/JSParser.cpp: Fixed a traits error. No test case because this
- particular trait is not currently exercised by the parser.
-
- * runtime/UString.h: No need to override canInitializeWithMemset, since
- our base class sets it to true.
-
- * wtf/VectorTraits.h: Inherit from VectorTraitsBase to avoid duplication.
-
- * wtf/text/WTFString.h: No need to override canInitializeWithMemset, since
- our base class sets it to true.
-
-2011-04-12 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Eric Seidel.
-
- [Qt] Enable JIT build for SH4 platforms.
- https://bugs.webkit.org/show_bug.cgi?id=58317
- enable JIT build for QT backend for SH4 platforms.
-
- * JavaScriptCore.pro:
- * wtf/Platform.h:
-
-2011-04-11 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Alexey Proskuryakov.
-
- https://bugs.webkit.org/show_bug.cgi?id=58289
-
- Fix compilation on Solaris/Studio 12 C++ in wtf/FastMalloc.cpp,
- WTF::TCMalloc_PageHeap::runScavengerThread(void*) expected to return a value.
-
- * wtf/FastMalloc.cpp:
- (WTF::TCMalloc_PageHeap::runScavengerThread):
-
-2011-04-11 Mark Rowe <mrowe@apple.com>
-
- Fix the build.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Headers used outside of JavaScriptCore need to be marked as private.
-
-2011-04-11 Anna Cavender <annacc@chromium.org>
-
- Reviewed by Eric Carlson.
-
- Setup ENABLE(TRACK) feature define
- https://bugs.webkit.org/show_bug.cgi?id=53556
-
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-11 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix a few builds.
-
- Updated a few more build configurations for file moves.
-
- * CMakeListsWinCE.txt:
-
-2011-04-11 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64
-
- The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload
- separately on JSVALUE64, even though EncodedValueDescriptor is not used in
- JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr
- on X86_64. Using the union allows us to remove a layer of makeImmediate()/
- immedaiteValue() methods.
-
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitTagAsBoolImmediate):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_not):
- (JSC::JIT::emit_op_jeq_null):
- (JSC::JIT::emit_op_jneq_null):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_eq_null):
- (JSC::JIT::emit_op_neq_null):
- (JSC::JIT::emitSlow_op_not):
- * runtime/JSCell.h:
- * runtime/JSValue.h:
- * runtime/JSValueInlineMethods.h:
- (JSC::JSValue::encode):
- (JSC::JSValue::decode):
- (JSC::JSValue::operator==):
- (JSC::JSValue::operator!=):
- (JSC::JSValue::JSValue):
- (JSC::JSValue::operator bool):
- (JSC::JSValue::asInt32):
- (JSC::JSValue::isUndefinedOrNull):
- (JSC::JSValue::isBoolean):
- (JSC::JSValue::isCell):
- (JSC::JSValue::isInt32):
- (JSC::JSValue::asDouble):
- (JSC::JSValue::isNumber):
- (JSC::JSValue::asCell):
-
-2011-04-11 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix a few builds.
-
- Updated a few more build configurations for file moves.
-
- * CMakeListsEfl.txt:
- * wscript:
-
-2011-04-11 Geoffrey Garen <ggaren@apple.com>
-
- Build fix: Updated a file name.
-
- * CMakeLists.txt:
-
-2011-04-11 Geoffrey Garen <ggaren@apple.com>
-
- Rubber-stamped by Sam Weinig.
-
- Moved remaining heap implementation files to the heap folder.
-
- * Android.mk:
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp.
- * heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h.
- * heap/Handle.h:
- * heap/Heap.cpp:
- * heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp.
- * heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h.
- * heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp.
- * heap/MarkStack.h: Copied from runtime/MarkStack.h.
- * heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp.
- * heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp.
- * heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp.
- * heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp.
- * heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h.
- * heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp.
- * heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h.
- * interpreter/RegisterFile.cpp:
- * runtime/ConservativeSet.cpp: Removed.
- * runtime/ConservativeSet.h: Removed.
- * runtime/MachineStackMarker.cpp: Removed.
- * runtime/MachineStackMarker.h: Removed.
- * runtime/MarkStack.cpp: Removed.
- * runtime/MarkStack.h: Removed.
- * runtime/MarkStackPosix.cpp: Removed.
- * runtime/MarkStackSymbian.cpp: Removed.
- * runtime/MarkStackWin.cpp: Removed.
- * runtime/MarkedBlock.cpp: Removed.
- * runtime/MarkedBlock.h: Removed.
- * runtime/MarkedSpace.cpp: Removed.
- * runtime/MarkedSpace.h: Removed.
-
-2011-04-11 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-04-09 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 58198 - Clean up JSValue implementation for JSVALUE64
-
- Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64
-
- JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64,
- which should not have been here. JSImmediate mostly contained uncalled methods,
- along with the internal implementation of the JSValue constructors split unnecessarily
- across a number of layers of function calls. These could largely be merged back
- together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified.
-
- The .cpp files were empty.
-
- Moving all these methods into JSValue.h seems to be a repro measurable regression, so
- I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag
- values as static const members of JSValue also measures as a repro regression, so I
- have made these #defines.
-
- * Android.mk:
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Removed JSImmediate.h, JSNumberCell.h.
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitLoad):
- - Removed class JSImmediate.
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- - Removed class JSImmediate.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - Removed class JSImmediate.
- * jit/JITArithmetic.cpp:
- (JSC::JIT::compileBinaryArithOpSlowCase):
- - Removed class JSImmediate.
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitJumpIfJSCell):
- (JSC::JIT::emitJumpIfNotJSCell):
- (JSC::JIT::emitJumpIfImmediateInteger):
- (JSC::JIT::emitJumpIfNotImmediateInteger):
- (JSC::JIT::emitFastArithDeTagImmediate):
- (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
- (JSC::JIT::emitFastArithReTagImmediate):
- (JSC::JIT::emitTagAsBoolImmediate):
- - Removed class JSImmediate.
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_not):
- (JSC::JIT::emit_op_jeq_null):
- (JSC::JIT::emit_op_jneq_null):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_eq_null):
- (JSC::JIT::emit_op_neq_null):
- (JSC::JIT::emitSlow_op_not):
- - Removed class JSImmediate.
- * jit/JSInterfaceJIT.h:
- - Removed class JSImmediate.
- * runtime/JSCell.h:
- - Removed JSImmediate.h, JSNumberCell.h.
- * runtime/JSImmediate.cpp: Removed.
- * runtime/JSImmediate.h: Removed.
- * runtime/JSNumberCell.cpp: Removed.
- * runtime/JSNumberCell.h: Removed.
- - Removed.
- * runtime/JSObject.h:
- - Removed JSImmediate.h, JSNumberCell.h.
- * runtime/JSString.h:
- - Removed JSImmediate.h, JSNumberCell.h.
- * runtime/JSValue.h:
- - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64.
- * runtime/JSValueInlineMethods.h: Added.
- (JSC::JSValue::toInt32):
- (JSC::JSValue::toUInt32):
- (JSC::JSValue::isUInt32):
- (JSC::JSValue::asUInt32):
- (JSC::JSValue::uncheckedGetNumber):
- (JSC::JSValue::toJSNumber):
- (JSC::jsNaN):
- (JSC::JSValue::getNumber):
- (JSC::JSValue::getBoolean):
- (JSC::JSValue::JSValue):
- (JSC::JSValue::encode):
- (JSC::JSValue::decode):
- (JSC::JSValue::operator bool):
- (JSC::JSValue::operator==):
- (JSC::JSValue::operator!=):
- (JSC::JSValue::isUndefined):
- (JSC::JSValue::isNull):
- (JSC::JSValue::isUndefinedOrNull):
- (JSC::JSValue::isCell):
- (JSC::JSValue::isInt32):
- (JSC::JSValue::isDouble):
- (JSC::JSValue::isTrue):
- (JSC::JSValue::isFalse):
- (JSC::JSValue::tag):
- (JSC::JSValue::payload):
- (JSC::JSValue::asInt32):
- (JSC::JSValue::asDouble):
- (JSC::JSValue::asCell):
- (JSC::JSValue::isNumber):
- (JSC::JSValue::isBoolean):
- (JSC::JSValue::makeImmediate):
- (JSC::JSValue::immediateValue):
- (JSC::reinterpretDoubleToIntptr):
- (JSC::reinterpretIntptrToDouble):
- - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h.
- * runtime/Operations.h:
- - Removed JSImmediate.h, JSNumberCell.h.
- * wtf/StdLibExtras.h:
- - Export bitwise_cast.
-
-2011-04-11 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Oliver Hunt.
-
- SH4 JIT SUPPORT.
- https://bugs.webkit.org/show_bug.cgi?id=44329
-
- Add JIT remaining part for SH4 platforms.
-
- * assembler/MacroAssemblerSH4.h:
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- * jit/JITOpcodes32_64.cpp:
- * jit/JITPropertyAccess32_64.cpp:
- * jit/JITStubs.cpp:
- * jit/JITStubs.h:
- * jit/JSInterfaceJIT.h:
-
-2011-04-10 Geoffrey Garen <ggaren@apple.com>
-
- Rubber-stamped by Beth Dakin.
-
- Moved Heap.h and Heap.cpp to the heap folder, because anything less
- would be uncivilized.
-
- * Android.mk:
- * CMakeLists.txt:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * heap/Heap.cpp: Copied from JavaScriptCore/runtime/Heap.cpp.
- * heap/Heap.h: Copied from JavaScriptCore/runtime/Heap.h.
- * runtime/Heap.cpp: Removed.
- * runtime/Heap.h: Removed.
-
-2011-04-10 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Darin Adler.
-
- Remove duplicated code from AtomicString::fromUTF8()
- https://bugs.webkit.org/show_bug.cgi?id=53711
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/text/AtomicString.cpp:
- (WTF::AtomicString::fromUTF8Internal):
- * wtf/text/AtomicString.h:
- (WTF::AtomicString::fromUTF8):
- * wtf/unicode/UTF8.cpp:
- (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
- * wtf/unicode/UTF8.h:
-
-2011-04-10 Maciej Stachowiak <mjs@apple.com>
-
- Not reviewed.
-
- Fix build (at least on Lion) by adding some newish header files to
- PrivateHeaders.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-04-09 Geoffrey Garen <ggaren@apple.com>
-
- Not reviewed.
-
- Try recommitting some things svn left out of its last commit.
-
- * heap/Handle.h:
- (JSC::HandleBase::operator!):
- (JSC::HandleBase::HandleBase):
- (JSC::HandleBase::slot):
- (JSC::HandleBase::setSlot):
- (JSC::Handle::Handle):
- * heap/HandleHeap.cpp:
- (JSC::HandleHeap::markWeakHandles):
- (JSC::HandleHeap::finalizeWeakHandles):
- (JSC::HandleHeap::isValidWeakNode):
- * heap/HandleHeap.h:
- (JSC::HandleHeap::globalData):
-
-2011-04-08 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- A few heap-related renames and file moves.
-
- WeakGCPtr<T> => Weak<T>
- Global<T> => Strong<T>
- collector/ => heap/
- collector/* => heap/*
- runtime/WeakGCPtr.h => heap/Weak.h
-
- (Eventually, even more files should move into the heap directory. Like
- Heap.h and Heap.cpp, for example.)
-
- * API/JSClassRef.h:
- * CMakeLists.txt:
- * GNUmakefile.am:
- * GNUmakefile.list.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pri:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
- * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/SamplingTool.h:
- * bytecompiler/BytecodeGenerator.h:
- * collector: Removed.
- * collector/handles: Removed.
- * collector/handles/Global.h: Removed.
- * collector/handles/Handle.h: Removed.
- * collector/handles/HandleHeap.cpp: Removed.
- * collector/handles/HandleHeap.h: Removed.
- * collector/handles/HandleStack.cpp: Removed.
- * collector/handles/HandleStack.h: Removed.
- * collector/handles/Local.h: Removed.
- * collector/handles/LocalScope.h: Removed.
- * heap: Copied from collector.
- * heap/Handle.h: Copied from collector/handles/Handle.h.
- * heap/HandleHeap.cpp: Copied from collector/handles/HandleHeap.cpp.
- * heap/HandleHeap.h: Copied from collector/handles/HandleHeap.h.
- * heap/HandleStack.cpp: Copied from collector/handles/HandleStack.cpp.
- * heap/HandleStack.h: Copied from collector/handles/HandleStack.h.
- * heap/Local.h: Copied from collector/handles/Local.h.
- * heap/LocalScope.h: Copied from collector/handles/LocalScope.h.
- * heap/Strong.h: Copied from collector/handles/Global.h.
- (JSC::Strong::Strong):
- (JSC::Strong::~Strong):
- (JSC::Strong::operator=):
- * heap/Weak.h: Copied from runtime/WeakGCPtr.h.
- (JSC::Weak::Weak):
- (JSC::Weak::~Weak):
- * heap/handles: Removed.
- * interpreter/RegisterFile.h:
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
- * jit/JITStubs.h:
- * runtime/Structure.h:
- * runtime/WeakGCPtr.h: Removed.
-
-2011-04-08 Alpha Lam <hclam@chromium.org>
-
- Unreviewed, rolling out r83335.
- http://trac.webkit.org/changeset/83335
- https://bugs.webkit.org/show_bug.cgi?id=53556
-
- GTK and QT bots are broken
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-08 Gavin Barraclough <barraclough@apple.com>
-
- Ooops, typo, build fix.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parse):
-
-2011-04-08 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 58154 - Add support for comparison operators to the DFG JIT.
-
- Add support for <, <=, ==, ===, and also !. Add support for all corresponding
- bytecode ops, including the not- and -null forms. Initially add functionally
- correct support, we'll revisit the performance.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::constantNull):
- (JSC::DFG::ByteCodeParser::parse):
- - Add support for parsing of bytecode opcodes,
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::callOperation):
- - Add new operation call types, return bool values.
- * dfg/DFGNode.h:
- - Add new node types.
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- - Add code generation for new nodes.
- * dfg/DFGOperations.cpp:
- (JSC::DFG::operationCompareLess):
- (JSC::DFG::operationCompareLessEq):
- (JSC::DFG::operationCompareEq):
- (JSC::DFG::operationCompareStrictEq):
- (JSC::DFG::dfgConvertJSValueToBoolean):
- * dfg/DFGOperations.h:
- - Add operation callbacks to implement new ops.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- - Add code generation for new nodes.
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompilePatchGetArrayLength):
- - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
- * runtime/JSImmediate.h:
- - Make tag values public, rather than relying on a friend - this matches JSVALUE32_64.
-
-2011-04-07 Anna Cavender <annacc@chromium.org>
-
- Reviewed by Eric Carlson.
-
- Setup ENABLE(TRACK) feature define
- https://bugs.webkit.org/show_bug.cgi?id=53556
-
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-07 Balazs Kelemen <kbalazs@webkit.org>
-
- Reviewed by Kenneth Rohde Christiansen.
-
- [WK2][Qt][GTK] Introduce common use flag for the shared UNIX domain socket IPC implementation
- https://bugs.webkit.org/show_bug.cgi?id=58030
-
- * wtf/Platform.h: Introduce USE(UNIX_DOMAIN_SOCKETS) for WebKit2.
-
-2011-04-08 Adam Roben <aroben@apple.com>
-
- Clean build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Don't try to delete directories that
- don't exist. Also switched from del /s to rmdir /s, which has the benefit of deleting the
- directory itself in addition to the files it contains.
-
-2011-04-07 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Maciej Stachowiak.
-
- Some Handle<T> cleanup
- https://bugs.webkit.org/show_bug.cgi?id=58109
-
- * bytecode/SamplingTool.h: Sorted alphabetically because that's the
- WebKit style. Added a Global.h #include that was previously missing
- but harmless.
-
- * collector/handles/Global.h:
- (JSC::Global::Global): Added a null constructor. No need for a special
- tag, and the tag is incompatible with some data structures.
-
- (JSC::Global::isHashTableDeletedValue):
- (JSC::Global::~Global):
- (JSC::Global::set):
- (JSC::Global::operator=):
- (JSC::Global::clear):
- (JSC::Global::hashTableDeletedValue): Reordered constructors to be near
- each other.
-
- (JSC::Global::setWithWriteBarrier): Renamed internalSet to
- setWithWriteBarrier for clarity, and funneled more code into using set
- and setWithWriteBarrier to reduce duplication.
-
- * collector/handles/Handle.h:
- (JSC::HandleBase::operator!):
- (JSC::HandleBase::HandleBase): Removed isEmpty(), since we already have
- boolean and ! operators.
-
- (JSC::HandleBase::slot):
- (JSC::HandleBase::setSlot):
- (JSC::Handle::Handle): Added general support for null Handles. This was
- previously outlawed by ASSERTs, but our code has grown to support and
- rely on null Handles.
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::markWeakHandles):
- (JSC::HandleHeap::finalizeWeakHandles):
- (JSC::HandleHeap::isValidWeakNode): Migrated from isValidWeakHandle,
- and beefed this up a bit.
-
- * collector/handles/HandleHeap.h:
- (JSC::HandleHeap::globalData): Added accessor, used by some new set functions.
-
- * collector/handles/Local.h: Moved hash traits to the bottom of the file,
- since this file is about the Local class, not the traits.
-
- (JSC::::Local): Updated for removal of invalidate().
-
- (JSC::::operator): Deployed "using" to avoid a lot of this->
- template funny business.
-
- (JSC::::setWithSlotCheck): Renamed from internalSet, more specific now.
-
- * interpreter/RegisterFile.h:
- (JSC::RegisterFile::RegisterFile): Updated to use null constructor.
-
- * jit/JITStubs.cpp:
- (JSC::JITThunks::hostFunctionStub):
-
- * runtime/JSPropertyNameIterator.h:
- (JSC::Structure::setEnumerationCache):
- * runtime/Structure.h: Removed clearEnumerationCache
- because it was an unused holdover from when the enumeration cache was
- not a handle.
-
- * runtime/WeakGCMap.h:
- (JSC::WeakGCMap::set): Finish initializing our handle before putting it
- in the table. This seemed more logical, and at one point was required
- to avoid triggering an ASSERT.
-
- * runtime/WeakGCPtr.h: Inherit from Handle instead of rolling our own
- handle-like behavior, to avoid duplication.
-
- (JSC::WeakGCPtr::WeakGCPtr):
- (JSC::WeakGCPtr::~WeakGCPtr):
- (JSC::WeakGCPtr::get):
- (JSC::WeakGCPtr::clear):
- (JSC::WeakGCPtr::set):
- (JSC::WeakGCPtr::setWithWriteBarrier): Removed duplicate code and
- standardized on Handle idioms.
-
-2011-04-07 Adam Barth <abarth@webkit.org>
-
- Reviewed by Martin Robinson.
-
- Refactor Gtk build system to separate list of files
- https://bugs.webkit.org/show_bug.cgi?id=58090
-
- This is the first step towards generating part of the GTK build system
- using GYP. In the first iteration, our plan is to just generate the
- list of files. This patch is the first step, which is to separate out
- the part of JavaScriptCore build system that we intend to generate from
- the rest of the build system.
-
- * GNUmakefile.am:
- * GNUmakefile.list.am: Added.
-
-2011-04-07 Zoltan Herczeg <zherczeg@webkit.org>
-
- Reviewed by Gavin Barraclough.
-
- Mapping booleans the same way as integers
- https://bugs.webkit.org/show_bug.cgi?id=56913
-
- Instead of having a seperate tag field for booleans,
- the logical values are stored in the payload field
- (for JSValue32_64 representation).
-
- 1.007x speedup on SunSpider.
-
- * jit/JIT.h:
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitStoreBool):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_instanceof):
- (JSC::JIT::emit_op_not):
- (JSC::JIT::emit_op_jfalse):
- (JSC::JIT::emitSlow_op_jfalse):
- (JSC::JIT::emit_op_jtrue):
- (JSC::JIT::emitSlow_op_jtrue):
- (JSC::JIT::emit_op_jeq_null):
- (JSC::JIT::emit_op_jneq_null):
- (JSC::JIT::emit_op_eq):
- (JSC::JIT::emitSlow_op_eq):
- (JSC::JIT::emit_op_neq):
- (JSC::JIT::emitSlow_op_neq):
- (JSC::JIT::compileOpStrictEq):
- (JSC::JIT::emit_op_eq_null):
- (JSC::JIT::emit_op_neq_null):
- * jit/JSInterfaceJIT.h:
- * runtime/JSValue.h:
- (JSC::JSValue::JSValue):
- (JSC::JSValue::isTrue):
- (JSC::JSValue::isFalse):
- (JSC::JSValue::getBoolean):
-
-2011-04-07 Eric Seidel <eric@webkit.org>
-
- Reviewed by Adam Barth.
-
- Add stub support for generating Gtk build system from gyp
- https://bugs.webkit.org/show_bug.cgi?id=58086
-
- This does not produce a buildable JavaScriptCore, but it
- does allow running gyp/configure --port=gtk and having
- it generate a gtk.Makefile which we can use for testing
- the rest of the plumbing.
-
- * gyp/gtk.gyp: Added.
-
-2011-04-07 Andrew Scherkus <scherkus@chromium.org>
-
- Revert ENABLE_TRACK patch due to compile failures.
-
- * Configurations/FeatureDefines.xcconfig:
-
-2011-04-07 Adam Barth <abarth@webkit.org>
-
- Fix whitespace in GNUmakefile.am.
-
- * GNUmakefile.am:
-
-2011-04-07 Gavin Barraclough <barraclough@apple.com>
-
- Fix a couple of typos in comments that Darin spotted.
-
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_not):
- * runtime/JSImmediate.h:
-
-2011-04-06 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoff Garen.
- Bug 58057 - Store boolean payload in low bit of JSImmediate
-
- And remove some uncalled functions from JSImmediate.h
-
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitTagAsBoolImmediate):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_not):
- * runtime/JSImmediate.h:
- (JSC::JSImmediate::makeInt):
- (JSC::JSImmediate::makeBool):
- (JSC::JSImmediate::intValue):
- (JSC::JSImmediate::boolValue):
- (JSC::JSImmediate::asInt32):
- (JSC::JSImmediate::toDouble):
- (JSC::JSValue::asInt32):
- (JSC::JSValue::isUInt32):
- (JSC::JSValue::asUInt32):
-
-2011-04-07 Liang Qi <liang.qi@nokia.com>
-
- Reviewed by Laszlo Gombos.
-
- [Qt][Symbian] Enable webkit build with GCCE on Symbian.
- https://bugs.webkit.org/show_bug.cgi?id=57841
-
- * wtf/MathExtras.h: GCCE compiler doesn't support those std static functions.
-
-2011-04-06 Dai Mikurube <dmikurube@chromium.org>
-
- Reviewed by David Levin.
-
- Add QUOTA build flag for unified quota API
- https://bugs.webkit.org/show_bug.cgi?id=57918
-
- * Configurations/FeatureDefines.xcconfig: Added QUOTA build flag
-
-2011-04-06 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Darin Adler.
-
- Make sure JS_EXPORT_PRIVATE is an empty define when we aren't using the export macros.
-
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * config.h:
-
-2011-04-06 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Stop JSObject::isUsingInlineStorage() from using the structure
- https://bugs.webkit.org/show_bug.cgi?id=57986
-
- Make the isUsingInlineStorage() implementation just look at
- whether the property storage is inside the object.
-
- * runtime/JSObject.h:
- (JSC::JSObject::isUsingInlineStorage):
- (JSC::JSObject::JSObject):
-
-2011-04-06 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Geoff Garen.
-
- Update comments documenting JSVALUE64/JSVALUE32_64 JSValue representations.
-
- * runtime/JSImmediate.h:
- * runtime/JSValue.h:
-
-2011-04-06 Lucas De Marchi <lucas.demarchi@profusion.mobi>
-
- cmake: Fix build for ARMv7
-
- * CMakeLists.txt: add missing file.
-
-2011-04-06 Liang Qi <liang.qi@nokia.com>
-
- Reviewed by Benjamin Poulain.
-
- Correct a include file name.
- https://bugs.webkit.org/show_bug.cgi?id=57839
-
- * wtf/PageAllocatorSymbian.h: It should be case sensitive. This fix
- builds on Unix hosts.
-
-2011-04-06 Adam Roben <aroben@apple.com>
-
- Build fix after r83056
-
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Added property svn:executable.
-
-2011-04-06 Adam Roben <aroben@apple.com>
-
- Move JavaScriptCoreGenerated's file-copying logic out to a new script
-
- Hopefully this will make it easier to modify this logic in the future. I also made the
- script much quieter than the old logic, since it didn't seem helpful to see long lists of
- filenames during the copying phase.
-
- If we like this new style, we could copy it for our other projects.
-
- Fixes <http://webkit.org/b/57950> JavaScriptCoreGenerated's file-copying logic is hard to
- modify and noisy
-
- Reviewed by Steve Falkenburg.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Moved logic to copy
- files from here...
- * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: ...to here. (Added.)
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added copy-files.cmd
- for convenience.
-
-2011-04-05 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix the Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Who likes export files? I do!
-
-2011-04-05 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Introduced the concept of opaque roots, in preparation for marking the DOM with them
- https://bugs.webkit.org/show_bug.cgi?id=57903
-
- * JavaScriptCore.exp: Who likes export files? I do!
-
- * collector/handles/HandleHeap.cpp:
- (JSC::isValidWeakHandle): Factored out a helper function for ASSERTs.
-
- (JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid
- weak linkage problems.
-
- (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback.
- Currently unused.
-
- (JSC::WeakHandleOwner::finalize): Switched from pure virtual to a
- default empty implementation, since not all clients necessarily want
- or need non-trivial finalizers.
-
- (JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two
- passes. The first pass marks all reachable weak handles. The second pass
- finalizes all unreachable weak handles. This must be two passes because
- we don't know the set of finalizable weak handles until we're done
- marking all weak handles.
-
- (JSC::HandleHeap::finalizeWeakHandles): Use new helper function.
-
- * collector/handles/HandleHeap.h: Ditto.
-
- * runtime/Heap.cpp:
- (JSC::Heap::destroy):
- (JSC::Heap::markRoots):
- (JSC::Heap::reset): Split out handle marking from handle finalization.
-
- * runtime/MarkStack.cpp:
- (JSC::MarkStack::reset):
- * runtime/MarkStack.h:
- (JSC::MarkStack::addOpaqueRoot):
- (JSC::MarkStack::containsOpaqueRoot):
- (JSC::MarkStack::opaqueRootCount):
- (JSC::HeapRootMarker::markStack): New helper functions for managing the
- set of opaque roots.
-
- * runtime/WeakGCMap.h:
- (JSC::WeakGCMap::finalize): Renamed to match parent class declaration.
-
-2011-04-05 Balazs Kelemen <kbalazs@webkit.org>
-
- Reviewed by Darin Adler.
-
- Build fix for YarrParser.h
- https://bugs.webkit.org/show_bug.cgi?id=57822
-
- * yarr/YarrParser.h:
- (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
-
-2011-04-05 Steve Falkenburg <sfalken@apple.com>
-
- Follow-up Windows build fix.
- Don't skip react-to-vsprops-changes.py for all production builds,
- only those initiated via JavaScriptCore.make.
-
- * JavaScriptCore.vcproj/JavaScriptCore.make:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2011-04-05 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Darin Adler.
-
- REGRESSION (r82849): 85,000+ JSC-related leaks seen on SnowLeopard Intel Leaks
- https://bugs.webkit.org/show_bug.cgi?id=57857
-
- Whoops, accidentally removed a deref().
-
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
-
-2011-04-05 Steve Falkenburg <sfalken@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add per-configuration vsprops files.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed inheritance from common.vsprops.
- Set production environment variable before calling make.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Added.
-
-2011-04-05 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make caches window show more info about non-jsobject GC values
- https://bugs.webkit.org/show_bug.cgi?id=57874
-
- Add ClassInfo to the various internal JS types that currently
- don't have any, and make the text for caches window show the
- classname for non-JSObject instances.
-
- * runtime/Executable.cpp:
- * runtime/Executable.h:
- (JSC::ExecutableBase::createStructure):
- (JSC::NativeExecutable::createStructure):
- (JSC::NativeExecutable::NativeExecutable):
- (JSC::EvalExecutable::createStructure):
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::createStructure):
- * runtime/Heap.cpp:
- (JSC::TypeCounter::typeName):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/ScopeChain.cpp:
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::createStructure):
- * runtime/StructureChain.cpp:
- * runtime/StructureChain.h:
- (JSC::StructureChain::createStructure):
-
-2011-04-05 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Reviewed by Andreas Kling.
-
- Cleanup StringConcatenate
- https://bugs.webkit.org/show_bug.cgi?id=57836
-
- Don't use PassRefPtr in local variables, properly store in RefPtrs and release on return.
- Add a makeString() variant taking 9 arguments, needed by a follow-up patch.
-
- * wtf/text/StringConcatenate.h:
- (WTF::tryMakeString):
- (WTF::makeString):
-
-2011-04-04 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r82876.
- http://trac.webkit.org/changeset/82876
- https://bugs.webkit.org/show_bug.cgi?id=57816
-
- Caused a lot of test crashes (Requested by tkent on #webkit).
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * wtf/FastMalloc.cpp:
- (WTF::tryFastMalloc):
- (WTF::fastMalloc):
- (WTF::tryFastCalloc):
- (WTF::fastCalloc):
- (WTF::fastFree):
- (WTF::tryFastRealloc):
- (WTF::fastRealloc):
- (WTF::fastMallocSize):
- (WTF::TCMalloc_PageHeap::isScavengerSuspended):
- (WTF::TCMalloc_PageHeap::scheduleScavenger):
- (WTF::TCMalloc_PageHeap::suspendScavenger):
- (WTF::TCMalloc_PageHeap::signalScavenger):
- (WTF::TCMallocStats::malloc):
- (WTF::TCMallocStats::free):
- (WTF::TCMallocStats::fastCalloc):
- (WTF::TCMallocStats::tryFastCalloc):
- (WTF::TCMallocStats::calloc):
- (WTF::TCMallocStats::fastRealloc):
- (WTF::TCMallocStats::tryFastRealloc):
- (WTF::TCMallocStats::realloc):
- (WTF::TCMallocStats::fastMallocSize):
- * wtf/FastMalloc.h:
- (WTF::Internal::fastMallocMatchValidationType):
- (WTF::Internal::fastMallocMatchValidationValue):
- (WTF::Internal::setFastMallocMatchValidationType):
- (WTF::fastMallocMatchValidateFree):
- * wtf/Platform.h:
-
-2011-04-04 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Antti Koivisto.
-
- Stop JSCell.h from including Structure.h
- https://bugs.webkit.org/show_bug.cgi?id=57809
-
- * runtime/GetterSetter.h:
- * runtime/JSAPIValueWrapper.h:
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::toThisObject):
- * runtime/JSString.h:
- * runtime/ScopeChain.h:
- * runtime/Structure.h:
- (JSC::JSCell::isObject):
- (JSC::JSCell::isString):
- (JSC::JSCell::classInfo):
- (JSC::JSCell::createDummyStructure):
- (JSC::JSValue::needsThisConversion):
- (JSC::MarkStack::internalAppend):
- * runtime/StructureChain.h:
-
-2011-04-04 Oliver Hunt <oliver@apple.com>
-
- Fix clang build.
-
- * wtf/FastMalloc.cpp:
- (WTF::fastMalloc):
- (WTF::fastCalloc):
- (WTF::fastRealloc):
-
-2011-04-04 Oliver Hunt <oliver@apple.com>
-
- Remove accidental change to Platform.h
-
- * wtf/Platform.h:
-
-2011-04-04 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Fixed a weak-handle-related leak in RegisterFile
- https://bugs.webkit.org/show_bug.cgi?id=57793
-
- * interpreter/RegisterFile.cpp: Nixed leaky GlobalObjectNotifier.
- * interpreter/RegisterFile.h:
- (JSC::RegisterFile::GlobalObjectOwner::finalize):
- (JSC::RegisterFile::RegisterFile): Replaced GlobalObjectNotifier with
- a per-RegisterFile weak handle owner, which does not leak.
-
- * runtime/WeakGCPtr.h:
- (JSC::WeakGCPtr::set): Allow set() to take a context argument, since
- RegisterFile now needs this. (Seems like it was an accidental omission
- all along.)
-
-2011-04-04 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make malloc validation useful
- https://bugs.webkit.org/show_bug.cgi?id=57502
-
- This patch changes FAST_MALLOC_MATCH_VALIDATION with a general
- corruption check that tags the beginning and end of all allocations
- to check for write overflows and overwrites the contents of
- memory on free in order to (hopefully) show up use-after-free issues
- sooner.
-
- We also turn it on by default for debug builds.
-
- * JavaScriptCore.exp:
- * wtf/FastMalloc.cpp:
- (WTF::tryFastMalloc):
- (WTF::fastMalloc):
- (WTF::tryFastCalloc):
- (WTF::fastCalloc):
- (WTF::fastFree):
- (WTF::tryFastRealloc):
- (WTF::fastRealloc):
- (WTF::TCMalloc_PageHeap::isScavengerSuspended):
- (WTF::TCMalloc_PageHeap::scheduleScavenger):
- (WTF::TCMalloc_PageHeap::suspendScavenger):
- (WTF::TCMalloc_PageHeap::signalScavenger):
- (WTF::TCMallocStats::malloc):
- (WTF::TCMallocStats::free):
- (WTF::TCMallocStats::fastCalloc):
- (WTF::TCMallocStats::tryFastCalloc):
- (WTF::TCMallocStats::calloc):
- (WTF::TCMallocStats::fastRealloc):
- (WTF::TCMallocStats::tryFastRealloc):
- (WTF::TCMallocStats::realloc):
- * wtf/FastMalloc.h:
- (WTF::Internal::fastMallocValidationHeader):
- (WTF::Internal::fastMallocValidationSuffix):
- (WTF::Internal::fastMallocMatchValidationType):
- (WTF::Internal::setFastMallocMatchValidationType):
- (WTF::fastMallocMatchValidateFree):
- (WTF::fastMallocValidate):
- * wtf/Platform.h:
-
-2011-04-04 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Renamed clearWeakPointers => updateWeakHandles and removed misleading comment
- https://bugs.webkit.org/show_bug.cgi?id=57790
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::updateWeakHandles): Updated for rename.
-
- * collector/handles/HandleHeap.h: Removed comment claiming that this
- function should only be called during teardown, because it's actually
- called after every GC pass.
-
- * runtime/Heap.cpp:
- (JSC::Heap::destroy):
- (JSC::Heap::markRoots): Updated for rename.
-
-2011-04-04 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Standardized handling of handles for immediate values
- https://bugs.webkit.org/show_bug.cgi?id=57788
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::clearWeakPointers): Don't check for null or non-cell
- values here, because our write barrier guarantees that such values are
- not in the weak list.
-
- (JSC::HandleHeap::writeBarrier): Standardized on checking for null before
- checking for cell, and on using early return instead of if/else.
-
- * collector/handles/HandleHeap.h:
- (JSC::HandleHeap::deallocate):
- (JSC::HandleHeap::makeWeak): Ditto.
-
-2011-04-04 Geoffrey Garen <ggaren@apple.com>
-
- Not reviewed.
-
- Removed a redundant variable from HandleHeap
- https://bugs.webkit.org/show_bug.cgi?id=57786
-
- Forgot to commit the file that actually removes the data member!
-
- * collector/handles/HandleHeap.h:
-
-2011-04-04 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed a redundant variable from HandleHeap
- https://bugs.webkit.org/show_bug.cgi?id=57786
-
- We don't need a specific variable to indicate that we're in the middle
- of the finalization phase, since m_nextToFinalize already does this.
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::HandleHeap):
- (JSC::HandleHeap::clearWeakPointers):
- (JSC::HandleHeap::writeBarrier):
-
-2011-04-04 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Renamed Finalizer => WeakHandleOwner (in preparation for adding a reachability callback)
- https://bugs.webkit.org/show_bug.cgi?id=57775
-
- Also renamed noFinalizer => emptyWeakOwner, since this is really an
- optimization for a weak owner with empty callbacks.
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::clearWeakPointers): Updated for renames. Removed
- redundant initialization of m_nextToFinalize. Moved deletion check inside
- weak owner check, since the weak owner can't delete the node if there is
- no weak owner!
-
- * collector/handles/HandleHeap.h:
- (JSC::WeakHandleOwner::~WeakHandleOwner):
- (JSC::HandleHeap::makeWeak): Updated for renames.
-
- (JSC::HandleHeap::hasWeakOwner): Changed getFinalizer to hasWeakOwner,
- to clarify this function's role in assertions.
-
- (JSC::HandleHeap::Node::Node):
- (JSC::HandleHeap::Node::makeWeak):
- (JSC::HandleHeap::Node::isWeak):
- (JSC::HandleHeap::Node::weakOwner):
- (JSC::HandleHeap::Node::weakOwnerContext):
- (JSC::HandleHeap::Node::emptyWeakOwner):
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::globalObjectCollectedNotifier):
- * interpreter/RegisterFile.h:
- * runtime/WeakGCMap.h:
- * runtime/WeakGCPtr.h:
- (JSC::WeakGCPtr::WeakGCPtr):
- (JSC::WeakGCPtr::set): Updated for renames.
-
-2011-04-04 Oliver Hunt <oliver@apple.com>
-
- Fix WinCE build.
-
- * bytecode/Instruction.h:
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::tryCachePutByID):
- (JSC::Interpreter::tryCacheGetByID):
-
-2011-04-04 Adam Roben <aroben@apple.com>
-
- Delete mt.dep files when doing a clean build due to .vsprops file changes
-
- Apparently this is yet another file that Visual Studio can't figure out it needs to rebuild.
-
- Fixes <http://webkit.org/b/57777> r82850 failed to build on Windows Debug (Build)
-
- Reviewed by Brian Weinstein.
-
- * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
- (main): Added dep to the list of extensions we look for when choosing files to delete.
-
-2011-04-01 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make StructureChain GC allocated
- https://bugs.webkit.org/show_bug.cgi?id=56695
-
- Make StructureChain GC allocated, and make the various owners
- mark it correctly.
-
- * JavaScriptCore.exp:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::derefStructures):
- (JSC::CodeBlock::refStructures):
- (JSC::CodeBlock::markAggregate):
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
- (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
- (JSC::PolymorphicAccessStructureList::derefStructures):
- (JSC::PolymorphicAccessStructureList::markAggregate):
- (JSC::Instruction::Instruction):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
- (JSC::StructureStubInfo::markAggregate):
- * bytecode/StructureStubInfo.h:
- (JSC::StructureStubInfo::initGetByIdChain):
- (JSC::StructureStubInfo::initPutByIdTransition):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
- * collector/handles/Handle.h:
- (JSC::HandleConverter::operator->):
- (JSC::HandleConverter::operator*):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_jneq_ptr):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_jneq_ptr):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::tryCachePutByID):
- (JSC::JITThunks::tryCacheGetByID):
- (JSC::getPolymorphicAccessStructureListSlot):
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSCell.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::markIfNeeded):
- * runtime/JSGlobalObject.h:
- (JSC::Structure::prototypeChain):
- * runtime/JSObject.h:
- (JSC::JSObject::putDirectInternal):
- (JSC::JSObject::markChildrenDirect):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::create):
- (JSC::JSPropertyNameIterator::get):
- (JSC::JSPropertyNameIterator::markChildren):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
- * runtime/JSZombie.cpp:
- (JSC::JSZombie::leakedZombieStructure):
- * runtime/JSZombie.h:
- * runtime/MarkStack.h:
- (JSC::MarkStack::append):
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::sweep):
- * runtime/Structure.cpp:
- (JSC::Structure::addPropertyTransition):
- * runtime/Structure.h:
- (JSC::Structure::markAggregate):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::StructureChain):
- (JSC::StructureChain::~StructureChain):
- (JSC::StructureChain::markChildren):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
- (JSC::StructureChain::createStructure):
- * runtime/WriteBarrier.h:
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::operator->):
-
-2011-04-01 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed some complexity from HandleHeap
- https://bugs.webkit.org/show_bug.cgi?id=57650
-
- Eliminated pointer-tagging flags.
-
- Tied being weak to having a finalizer (or at least a finalizer sentinel).
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::clearWeakPointers): Removed the special self-destroying
- flag. It was unused. If we bring it back, we'll probably use a shared
- autodeallocating finalizer instead.
-
- * collector/handles/HandleHeap.h:
- (JSC::HandleHeap::makeWeak): makeWeak and adding a finalizer are now
- a single, atomic operation -- this makes the relationship between
- finalizers and weak pointers clearer, and impossible to get wrong.
-
- (JSC::HandleHeap::Node::Node):
- (JSC::HandleHeap::Node::handleHeap): No more flags.
-
- (JSC::HandleHeap::Node::makeWeak):
- (JSC::HandleHeap::Node::isWeak): Ditto above. We use a special sentienl
- value in the finalizer slot to indicate that a handle is weak but doesn't
- require an external function call for finalization.
-
-2011-04-01 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed WeakGCMap::deprecatedRemove because it was deprecated and unused
- https://bugs.webkit.org/show_bug.cgi?id=57648
-
- * runtime/WeakGCMap.h:
-
-2011-04-01 Adam Roben <aroben@apple.com>
-
- Maintain the invariant that Lexer::m_current is set to -1 when at the end of the code buffer
-
- Covered by existing tests.
-
- Fixes <http://webkit.org/b/56699>.
-
- Reviewed by Oliver Hunt.
-
- * parser/Lexer.h:
- (JSC::Lexer::setOffset): Copied code from Lexer::shift to update m_current, because
- supposedly the idiom that function uses is fast.
-
-2011-03-31 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Oliver Hunt.
-
- SH4 JIT SUPPORT.
- https://bugs.webkit.org/show_bug.cgi?id=44329
-
- Add YARR support for SH4 platforms (disabled by default).
-
- * GNUmakefile.am:
- * assembler/MacroAssembler.h:
- * assembler/MacroAssemblerSH4.cpp: Added.
- * assembler/MacroAssemblerSH4.h: Added.
- * assembler/SH4Assembler.h: Added.
- * yarr/YarrJIT.cpp:
-
-2011-03-30 Adam Roben <aroben@apple.com>
-
- Clean build fix
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln: Serialized project dependencies so projects
- don't try to build in parallel (which doesn't mesh with our buildfailed mechanism).
-
-2011-03-30 Oliver Hunt <oliver@apple.com>
-
- Rollout r82500
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::derefStructures):
- (JSC::CodeBlock::refStructures):
- (JSC::CodeBlock::markAggregate):
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
- (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
- (JSC::PolymorphicAccessStructureList::derefStructures):
- (JSC::Instruction::Instruction):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
- * bytecode/StructureStubInfo.h:
- (JSC::StructureStubInfo::initGetByIdChain):
- (JSC::StructureStubInfo::initPutByIdTransition):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_jneq_ptr):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_jneq_ptr):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITStubs.cpp:
- (JSC::getPolymorphicAccessStructureListSlot):
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSCell.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::markIfNeeded):
- * runtime/JSGlobalObject.h:
- (JSC::Structure::prototypeChain):
- * runtime/JSObject.h:
- (JSC::JSObject::markChildrenDirect):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::create):
- (JSC::JSPropertyNameIterator::get):
- (JSC::JSPropertyNameIterator::markChildren):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
- * runtime/MarkStack.h:
- (JSC::MarkStack::append):
- * runtime/Structure.h:
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::StructureChain):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
-
-2011-03-29 Matthew Delaney <mdelaney@apple.com>
-
- Reviewed by Simon Fraser.
-
- Use the Accelerate vImage vectorized (un)premultiplyImageData functions for ImageBufferCG
-
- https://bugs.webkit.org/show_bug.cgi?id=53134
-
- * wtf/Platform.h: Added in WTF flag for using the Accelerate framework
-
-2011-03-30 Steve Falkenburg <sfalken@apple.com>
-
- Reviewed by Adam Roben.
-
- Share most vsprops between Release and Production builds in releaseproduction.vsprops
- https://bugs.webkit.org/show_bug.cgi?id=57508
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
- * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
- * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
- * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
- * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
-
-2011-03-30 Mark Rowe <mrowe@apple.com>
-
- Reviewed by Adam Roben.
-
- Explicitly prevent testapi and minidom from being installed rather than relying
- on Xcode's current behavior of not installing if INSTALL_PATH is not explicitly
- set at the target level.
-
- <rdar://problem/9206357>
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-03-30 Timur Iskhodzhanov <timurrrr@google.com>
-
- Reviewed by Alexey Proskuryakov.
-
- Add some dynamic annotations to JavaScriptCore/wtf
- https://bugs.webkit.org/show_bug.cgi?id=53747
-
- By using these annotations we can improve the precision of finding
- WebKit errors using dynamic analysis tools like ThreadSanitizer and Valgrind.
- These annotations don't affect the compiled binaries unless USE(DYNAMIC_ANNOTATIONS) is "1".
-
- These files don't add new functionality, so don't need extra tests.
-
- * GNUmakefile.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- * wtf/DynamicAnnotations.cpp: Added.
- (WTFAnnotateBenignRaceSized):
- (WTFAnnotateHappensBefore):
- (WTFAnnotateHappensAfter):
- * wtf/DynamicAnnotations.h: Added.
- * wtf/ThreadSafeRefCounted.h:
- (WTF::ThreadSafeRefCountedBase::derefBase):
- * wtf/text/StringStatics.cpp:
- (WTF::StringImpl::empty):
-
-2011-03-30 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make StructureChain GC allocated
- https://bugs.webkit.org/show_bug.cgi?id=56695
-
- Make StructureChain GC allocated, and make the various owners
- mark it correctly.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::derefStructures):
- (JSC::CodeBlock::refStructures):
- (JSC::CodeBlock::markAggregate):
- * bytecode/Instruction.h:
- (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
- (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
- (JSC::PolymorphicAccessStructureList::derefStructures):
- (JSC::PolymorphicAccessStructureList::markAggregate):
- (JSC::Instruction::Instruction):
- * bytecode/StructureStubInfo.cpp:
- (JSC::StructureStubInfo::deref):
- (JSC::StructureStubInfo::markAggregate):
- * bytecode/StructureStubInfo.h:
- (JSC::StructureStubInfo::initGetByIdChain):
- (JSC::StructureStubInfo::initPutByIdTransition):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_jneq_ptr):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_jneq_ptr):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::privateCompileGetByIdChainList):
- * jit/JITStubs.cpp:
- (JSC::getPolymorphicAccessStructureListSlot):
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/JSCell.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::markIfNeeded):
- * runtime/JSGlobalObject.h:
- (JSC::Structure::prototypeChain):
- * runtime/JSObject.h:
- (JSC::JSObject::markChildrenDirect):
- * runtime/JSPropertyNameIterator.cpp:
- (JSC::JSPropertyNameIterator::create):
- (JSC::JSPropertyNameIterator::get):
- (JSC::JSPropertyNameIterator::markChildren):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
- * runtime/MarkStack.h:
- (JSC::MarkStack::append):
- * runtime/Structure.h:
- (JSC::Structure::cachedPrototypeChainSlot):
- * runtime/StructureChain.cpp:
- (JSC::StructureChain::StructureChain):
- * runtime/StructureChain.h:
- (JSC::StructureChain::create):
- (JSC::StructureChain::createStructure):
-
-2011-03-30 Steve Falkenburg <sfalken@apple.com>
-
- Reviewed by Adam Roben.
-
- Update Windows production build logic for new production configurations
- https://bugs.webkit.org/show_bug.cgi?id=57494
-
- * JavaScriptCore.vcproj/JavaScriptCore.make:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
- * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
- * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
- * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
- * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
-
-2011-03-30 Steve Falkenburg <sfalken@apple.com>
-
- Reviewed by Adam Roben.
-
- Rename Windows configuration Release_LTCG to Production for clarity
- https://bugs.webkit.org/show_bug.cgi?id=57465
-
- * JavaScriptCore.vcproj/JavaScriptCore.sln:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Removed.
- * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops.
- * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Removed.
- * JavaScriptCore.vcproj/jsc/jsc.vcproj:
- * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops.
- * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Removed.
- * JavaScriptCore.vcproj/testapi/testapi.vcproj:
- * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops.
- * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Removed.
-
-2011-03-30 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
-
- Reviewed by Maciej Stachowiak.
-
- Add the NEXT_OPCODE() macro to the DFG-JIT parser
- https://bugs.webkit.org/show_bug.cgi?id=57322
-
- In JavaScriptCore we use macros to jump to the next opcode
- (both in interpreter and JIT). This macro is added to the
- DFG-JIT parser as well.
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::parse):
-
-2011-03-29 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- ~25% regression on v8-splay in the SunSpider harness
- https://bugs.webkit.org/show_bug.cgi?id=56128
-
- I'm not sure if this is the root cause of the regression Stephanie
- measured, but it seems to get us back to previous v8-splay times.
-
- SunSpider reports no change. v8-splay says 41% faster.
-
- * runtime/Heap.cpp:
- (JSC::Heap::reset): Make marking proportional to 1X the size of the heap,
- not .5X the size of the heap. When the heap is large, this makes a big
- difference. (Our old heap growth policy matched this. You can see by
- looking at resizeBlocks in revisions prior to r77699.)
-
-2011-03-29 Steve Falkenburg <sfalken@apple.com>
-
- Reviewed by Darin Adler.
-
- Use per-configuration vsprops in JavaScriptCore to avoid WebKitVSPropsRedirectionDir removal by MSVC IDE
- https://bugs.webkit.org/show_bug.cgi?id=57350
-
- Visual Studio's IDE was removing instances of $(WebKitVSPropsRedirectionDir) from
- InheritedPropertySheet rules in our vcproj files when the vcproj was edited from within
- the IDE. To avoid this, add a separate vsprops file for each project configuration that
- contains the required inherited property sheets.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Added.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Added.
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Added.
- * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Added.
- * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Added.
- * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Added.
- * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Added.
- * JavaScriptCore.vcproj/jsc/jsc.vcproj:
- * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Added.
- * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Added.
- * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Added.
- * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Added.
- * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Added.
- * JavaScriptCore.vcproj/testapi/testapi.vcproj:
- * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Added.
- * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Added.
- * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Added.
- * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Added.
- * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Added.
-
-2011-03-29 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Eric Seidel.
-
- REGRESSION(r82173): Causes assertion and test failures in run-javascriptcore-tests on Windows (Requested by aroben on #webkit).
- https://bugs.webkit.org/show_bug.cgi?id=57333
-
- constructDate now takes the global object explicitly as it may be called
- by functions other than the constructor itself.
-
- * API/JSObjectRef.cpp:
- (JSObjectMakeDate):
- * runtime/DateConstructor.cpp:
- (JSC::constructDate):
- (JSC::constructWithDateConstructor):
- * runtime/DateConstructor.h:
-
-2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Benjamin Poulain.
-
- https://bugs.webkit.org/show_bug.cgi?id=41953
-
- Fix compile error on Solaris 10/Sun Studio 12 CC emanating from MathExtras.h
-
- * wtf/MathExtras.h:
-
-2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Darin Adler.
-
- https://bugs.webkit.org/show_bug.cgi?id=57231
- Add conditional for SUNCC supporting alignment macros
-
- Compile fix for Solaris 10/Sun Studio 12 CC
-
- * wtf/Vector.h:
-
-2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Darin Adler.
-
- https://bugs.webkit.org/show_bug.cgi?id=57256
-
- Fix crash on misaligned reads on Solaris 10/Sparc
-
- * wtf/text/AtomicString.cpp:
- (WTF::equal):
-
-2011-03-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- instanceof Array test fails when using iframes
- https://bugs.webkit.org/show_bug.cgi?id=17250
-
- This is a problem with all built in constructors, the use of
- lexicalGlobalObject rather than the constructors own
- global object reference means that a builtin will always use
- the prototype from the lexical global object rather than that
- of the constructors origin.
-
- * API/JSObjectRef.cpp:
- (JSObjectMakeFunction):
- (JSObjectMakeRegExp):
- * JavaScriptCore.exp:
- * runtime/ArrayConstructor.cpp:
- (JSC::constructArrayWithSizeQuirk):
- * runtime/BooleanConstructor.cpp:
- (JSC::constructBoolean):
- (JSC::constructBooleanFromImmediateBoolean):
- * runtime/BooleanConstructor.h:
- * runtime/DateConstructor.cpp:
- (JSC::constructDate):
- * runtime/DateInstance.cpp:
- * runtime/DateInstance.h:
- * runtime/ErrorConstructor.cpp:
- (JSC::constructWithErrorConstructor):
- (JSC::callErrorConstructor):
- * runtime/FunctionConstructor.cpp:
- (JSC::constructWithFunctionConstructor):
- (JSC::callFunctionConstructor):
- (JSC::constructFunction):
- * runtime/FunctionConstructor.h:
- * runtime/JSCell.cpp:
- (JSC::JSCell::getOwnPropertySlot):
- (JSC::JSCell::put):
- (JSC::JSCell::deleteProperty):
- (JSC::JSCell::toThisObject):
- (JSC::JSCell::toObject):
- * runtime/JSCell.h:
- (JSC::JSCell::JSValue::toObject):
- * runtime/JSNotAnObject.cpp:
- (JSC::JSNotAnObject::toObject):
- * runtime/JSNotAnObject.h:
- * runtime/JSObject.cpp:
- (JSC::JSObject::toObject):
- * runtime/JSObject.h:
- * runtime/JSString.cpp:
- (JSC::StringObject::create):
- (JSC::JSString::toObject):
- (JSC::JSString::toThisObject):
- * runtime/JSString.h:
- * runtime/JSValue.cpp:
- (JSC::JSValue::toObjectSlowCase):
- (JSC::JSValue::toThisObjectSlowCase):
- (JSC::JSValue::synthesizeObject):
- * runtime/JSValue.h:
- * runtime/NumberConstructor.cpp:
- (JSC::constructWithNumberConstructor):
- * runtime/NumberObject.cpp:
- (JSC::constructNumber):
- * runtime/NumberObject.h:
- * runtime/ObjectConstructor.cpp:
- (JSC::constructObject):
- (JSC::constructWithObjectConstructor):
- (JSC::callObjectConstructor):
- * runtime/RegExpConstructor.cpp:
- (JSC::constructRegExp):
- (JSC::constructWithRegExpConstructor):
- (JSC::callRegExpConstructor):
- * runtime/RegExpConstructor.h:
- * runtime/StringConstructor.cpp:
- (JSC::constructWithStringConstructor):
- * runtime/StringObject.h:
-
-2011-03-28 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- REGRESSION [r78794-r79249] Allocation of memory is slow when number of active objects is large
- https://bugs.webkit.org/show_bug.cgi?id=56823
-
- Partial fix for most of the problem. (TOT still shows a regression, though.)
-
- * runtime/Heap.cpp:
- (JSC::Heap::reportExtraMemoryCostSlowCase): Use highWaterMark(), instead of
- capacity(), since capacity() is O(n) relative to the size of the heap.
-
- In limited circumstances, capacity() is also worse than highWaterMark()
- for measuring extra cost relative to heap size, since capacity() only
- measures the *current* capacity of the heap, but the heap will grow if
- necessary to attain highWaterMark().
-
-2011-03-28 Oliver Hunt <oliver@apple.com>
-
- REGRESSION(r82130): It made all tests crash (Requested by Ossy on #webkit).
- https://bugs.webkit.org/show_bug.cgi?id=57251
-
- Build fix, had remnant of another patch in r82130
-
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::privateCompileGetByIdChainList):
-
-2011-03-27 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Maciej Stachowiak.
-
- Add additional immediate types to allow us to distinguish the source of a JIT immediate
- https://bugs.webkit.org/show_bug.cgi?id=57190
-
- Allow us to distinguish whether a JIT immediate is a value that we
- control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled
- or influenced by code we are compiling. Currently we do nothing with this
- information -- this change is large and mechanical but would obscure any
- logic changes that we would have made.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
- (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
- (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
- (JSC::AbstractMacroAssembler::Imm32::Imm32):
- * assembler/MacroAssembler.h:
- (JSC::MacroAssembler::pop):
- (JSC::MacroAssembler::poke):
- (JSC::MacroAssembler::branchPtr):
- (JSC::MacroAssembler::branch32):
- (JSC::MacroAssembler::addPtr):
- (JSC::MacroAssembler::andPtr):
- (JSC::MacroAssembler::orPtr):
- (JSC::MacroAssembler::subPtr):
- (JSC::MacroAssembler::xorPtr):
- (JSC::MacroAssembler::setPtr):
- (JSC::MacroAssembler::storePtr):
- (JSC::MacroAssembler::branchTestPtr):
- (JSC::MacroAssembler::branchSubPtr):
- (JSC::MacroAssembler::branchTest8):
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::add32):
- (JSC::MacroAssemblerARM::and32):
- (JSC::MacroAssemblerARM::lshift32):
- (JSC::MacroAssemblerARM::mul32):
- (JSC::MacroAssemblerARM::or32):
- (JSC::MacroAssemblerARM::rshift32):
- (JSC::MacroAssemblerARM::urshift32):
- (JSC::MacroAssemblerARM::sub32):
- (JSC::MacroAssemblerARM::xor32):
- (JSC::MacroAssemblerARM::store32):
- (JSC::MacroAssemblerARM::push):
- (JSC::MacroAssemblerARM::move):
- (JSC::MacroAssemblerARM::branch8):
- (JSC::MacroAssemblerARM::branch32):
- (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerARM::branch16):
- (JSC::MacroAssemblerARM::branchTest8):
- (JSC::MacroAssemblerARM::branchTest32):
- (JSC::MacroAssemblerARM::branchAdd32):
- (JSC::MacroAssemblerARM::branchMul32):
- (JSC::MacroAssemblerARM::branchSub32):
- (JSC::MacroAssemblerARM::set32Compare32):
- (JSC::MacroAssemblerARM::set8Compare32):
- (JSC::MacroAssemblerARM::set32Test32):
- (JSC::MacroAssemblerARM::set32Test8):
- (JSC::MacroAssemblerARM::moveWithPatch):
- (JSC::MacroAssemblerARM::branchPtrWithPatch):
- (JSC::MacroAssemblerARM::storePtrWithPatch):
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::add32):
- (JSC::MacroAssemblerARMv7::and32):
- (JSC::MacroAssemblerARMv7::lshift32):
- (JSC::MacroAssemblerARMv7::mul32):
- (JSC::MacroAssemblerARMv7::or32):
- (JSC::MacroAssemblerARMv7::rshift32):
- (JSC::MacroAssemblerARMv7::urshift32):
- (JSC::MacroAssemblerARMv7::sub32):
- (JSC::MacroAssemblerARMv7::xor32):
- (JSC::MacroAssemblerARMv7::load32):
- (JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch):
- (JSC::MacroAssemblerARMv7::load16):
- (JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch):
- (JSC::MacroAssemblerARMv7::store32):
- (JSC::MacroAssemblerARMv7::loadDouble):
- (JSC::MacroAssemblerARMv7::storeDouble):
- (JSC::MacroAssemblerARMv7::push):
- (JSC::MacroAssemblerARMv7::move):
- (JSC::MacroAssemblerARMv7::compare32):
- (JSC::MacroAssemblerARMv7::test32):
- (JSC::MacroAssemblerARMv7::branch32):
- (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerARMv7::branch16):
- (JSC::MacroAssemblerARMv7::branch8):
- (JSC::MacroAssemblerARMv7::branchTest32):
- (JSC::MacroAssemblerARMv7::branchTest8):
- (JSC::MacroAssemblerARMv7::branchAdd32):
- (JSC::MacroAssemblerARMv7::branchMul32):
- (JSC::MacroAssemblerARMv7::branchSub32):
- (JSC::MacroAssemblerARMv7::nearCall):
- (JSC::MacroAssemblerARMv7::call):
- (JSC::MacroAssemblerARMv7::set32Compare32):
- (JSC::MacroAssemblerARMv7::set8Compare32):
- (JSC::MacroAssemblerARMv7::set32Test32):
- (JSC::MacroAssemblerARMv7::set32Test8):
- (JSC::MacroAssemblerARMv7::moveWithPatch):
- (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
- (JSC::MacroAssemblerARMv7::storePtrWithPatch):
- (JSC::MacroAssemblerARMv7::tailRecursiveCall):
- (JSC::MacroAssemblerARMv7::makeJump):
- (JSC::MacroAssemblerARMv7::makeBranch):
- (JSC::MacroAssemblerARMv7::setupArmAddress):
- (JSC::MacroAssemblerARMv7::makeBaseIndexBase):
- (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::add32):
- (JSC::MacroAssemblerMIPS::and32):
- (JSC::MacroAssemblerMIPS::lshift32):
- (JSC::MacroAssemblerMIPS::mul32):
- (JSC::MacroAssemblerMIPS::or32):
- (JSC::MacroAssemblerMIPS::rshift32):
- (JSC::MacroAssemblerMIPS::urshift32):
- (JSC::MacroAssemblerMIPS::sub32):
- (JSC::MacroAssemblerMIPS::xor32):
- (JSC::MacroAssemblerMIPS::load32):
- (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch):
- (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch):
- (JSC::MacroAssemblerMIPS::store32):
- (JSC::MacroAssemblerMIPS::push):
- (JSC::MacroAssemblerMIPS::move):
- (JSC::MacroAssemblerMIPS::branch8):
- (JSC::MacroAssemblerMIPS::branch32):
- (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerMIPS::branch16):
- (JSC::MacroAssemblerMIPS::branchTest32):
- (JSC::MacroAssemblerMIPS::branchTest8):
- (JSC::MacroAssemblerMIPS::branchAdd32):
- (JSC::MacroAssemblerMIPS::branchMul32):
- (JSC::MacroAssemblerMIPS::branchSub32):
- (JSC::MacroAssemblerMIPS::set8Compare32):
- (JSC::MacroAssemblerMIPS::set32Compare32):
- (JSC::MacroAssemblerMIPS::set32Test8):
- (JSC::MacroAssemblerMIPS::set32Test32):
- (JSC::MacroAssemblerMIPS::moveWithPatch):
- (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
- (JSC::MacroAssemblerMIPS::storePtrWithPatch):
- (JSC::MacroAssemblerMIPS::tailRecursiveCall):
- (JSC::MacroAssemblerMIPS::loadDouble):
- (JSC::MacroAssemblerMIPS::storeDouble):
- (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
- * assembler/MacroAssemblerX86.h:
- (JSC::MacroAssemblerX86::add32):
- (JSC::MacroAssemblerX86::addWithCarry32):
- (JSC::MacroAssemblerX86::and32):
- (JSC::MacroAssemblerX86::or32):
- (JSC::MacroAssemblerX86::sub32):
- (JSC::MacroAssemblerX86::store32):
- (JSC::MacroAssemblerX86::branch32):
- (JSC::MacroAssemblerX86::moveWithPatch):
- (JSC::MacroAssemblerX86::branchPtrWithPatch):
- (JSC::MacroAssemblerX86::storePtrWithPatch):
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::add32):
- (JSC::MacroAssemblerX86Common::and32):
- (JSC::MacroAssemblerX86Common::lshift32):
- (JSC::MacroAssemblerX86Common::mul32):
- (JSC::MacroAssemblerX86Common::or32):
- (JSC::MacroAssemblerX86Common::rshift32):
- (JSC::MacroAssemblerX86Common::urshift32):
- (JSC::MacroAssemblerX86Common::sub32):
- (JSC::MacroAssemblerX86Common::xor32):
- (JSC::MacroAssemblerX86Common::store32):
- (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
- (JSC::MacroAssemblerX86Common::push):
- (JSC::MacroAssemblerX86Common::move):
- (JSC::MacroAssemblerX86Common::branch8):
- (JSC::MacroAssemblerX86Common::branch32):
- (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
- (JSC::MacroAssemblerX86Common::branch16):
- (JSC::MacroAssemblerX86Common::branchTest32):
- (JSC::MacroAssemblerX86Common::branchTest8):
- (JSC::MacroAssemblerX86Common::branchAdd32):
- (JSC::MacroAssemblerX86Common::branchMul32):
- (JSC::MacroAssemblerX86Common::branchSub32):
- (JSC::MacroAssemblerX86Common::set8Compare32):
- (JSC::MacroAssemblerX86Common::set32Compare32):
- (JSC::MacroAssemblerX86Common::set32Test8):
- (JSC::MacroAssemblerX86Common::set32Test32):
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::add32):
- (JSC::MacroAssemblerX86_64::and32):
- (JSC::MacroAssemblerX86_64::or32):
- (JSC::MacroAssemblerX86_64::sub32):
- (JSC::MacroAssemblerX86_64::loadDouble):
- (JSC::MacroAssemblerX86_64::addDouble):
- (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
- (JSC::MacroAssemblerX86_64::store32):
- (JSC::MacroAssemblerX86_64::call):
- (JSC::MacroAssemblerX86_64::tailRecursiveCall):
- (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
- (JSC::MacroAssemblerX86_64::addPtr):
- (JSC::MacroAssemblerX86_64::andPtr):
- (JSC::MacroAssemblerX86_64::orPtr):
- (JSC::MacroAssemblerX86_64::subPtr):
- (JSC::MacroAssemblerX86_64::xorPtr):
- (JSC::MacroAssemblerX86_64::storePtr):
- (JSC::MacroAssemblerX86_64::setPtr):
- (JSC::MacroAssemblerX86_64::branchPtr):
- (JSC::MacroAssemblerX86_64::branchTestPtr):
- (JSC::MacroAssemblerX86_64::branchSubPtr):
- (JSC::MacroAssemblerX86_64::moveWithPatch):
- (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
- (JSC::MacroAssemblerX86_64::storePtrWithPatch):
- (JSC::MacroAssemblerX86_64::branchTest8):
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::callOperation):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::jitAssertIsInt32):
- (JSC::DFG::JITCompiler::emitCount):
- * dfg/DFGJITCompiler.h:
- (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
- (JSC::DFG::SpeculativeJIT::compile):
- * jit/JIT.cpp:
- (JSC::JIT::emitTimeoutCheck):
- (JSC::JIT::privateCompile):
- * jit/JIT.h:
- * jit/JITArithmetic.cpp:
- (JSC::JIT::emit_op_urshift):
- (JSC::JIT::emitSlow_op_urshift):
- (JSC::JIT::emit_op_post_inc):
- (JSC::JIT::emit_op_post_dec):
- (JSC::JIT::emit_op_pre_inc):
- (JSC::JIT::emit_op_pre_dec):
- (JSC::JIT::emit_op_mod):
- * jit/JITArithmetic32_64.cpp:
- (JSC::JIT::emit_op_negate):
- (JSC::JIT::emit_op_jnless):
- (JSC::JIT::emit_op_jless):
- (JSC::JIT::emit_op_jlesseq):
- (JSC::JIT::emit_op_lshift):
- (JSC::JIT::emitRightShift):
- (JSC::JIT::emitRightShiftSlowCase):
- (JSC::JIT::emit_op_bitand):
- (JSC::JIT::emit_op_bitor):
- (JSC::JIT::emit_op_bitxor):
- (JSC::JIT::emit_op_bitnot):
- (JSC::JIT::emit_op_post_inc):
- (JSC::JIT::emit_op_post_dec):
- (JSC::JIT::emitSlow_op_post_dec):
- (JSC::JIT::emit_op_pre_inc):
- (JSC::JIT::emit_op_pre_dec):
- (JSC::JIT::emit_op_add):
- (JSC::JIT::emitAdd32Constant):
- (JSC::JIT::emit_op_sub):
- (JSC::JIT::emitSub32Constant):
- (JSC::JIT::emitBinaryDoubleOp):
- (JSC::JIT::emit_op_mul):
- (JSC::JIT::emitSlow_op_mul):
- (JSC::JIT::emit_op_div):
- (JSC::JIT::emit_op_mod):
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCall):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::emit_op_ret_object_or_this):
- (JSC::JIT::compileOpCall):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitPutCellToCallFrameHeader):
- (JSC::JIT::emitPutIntToCallFrameHeader):
- (JSC::JIT::emitPutImmediateToCallFrameHeader):
- (JSC::JIT::emitLoadCharacterString):
- (JSC::JIT::restoreArgumentReferenceForTrampoline):
- (JSC::JIT::checkStructure):
- (JSC::JIT::setSamplingFlag):
- (JSC::JIT::clearSamplingFlag):
- (JSC::JIT::emitCount):
- (JSC::JIT::sampleInstruction):
- (JSC::JIT::sampleCodeBlock):
- (JSC::JIT::emitStoreInt32):
- (JSC::JIT::emitStoreCell):
- (JSC::JIT::emitStoreBool):
- (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
- (JSC::JIT::emitInitRegister):
- (JSC::JIT::emitJumpIfJSCell):
- (JSC::JIT::emitJumpIfNotJSCell):
- (JSC::JIT::emitJumpIfImmediateInteger):
- (JSC::JIT::emitJumpIfNotImmediateInteger):
- (JSC::JIT::emitFastArithDeTagImmediate):
- (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
- (JSC::JIT::emitFastArithReTagImmediate):
- (JSC::JIT::emitTagAsBoolImmediate):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_check_has_instance):
- (JSC::JIT::emit_op_instanceof):
- (JSC::JIT::emit_op_ret_object_or_this):
- (JSC::JIT::emit_op_resolve):
- (JSC::JIT::emit_op_to_primitive):
- (JSC::JIT::emit_op_resolve_base):
- (JSC::JIT::emit_op_ensure_property_exists):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emit_op_resolve_global):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_not):
- (JSC::JIT::emit_op_jfalse):
- (JSC::JIT::emit_op_jeq_null):
- (JSC::JIT::emit_op_jneq_null):
- (JSC::JIT::emit_op_jneq_ptr):
- (JSC::JIT::emit_op_jsr):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_new_func_exp):
- (JSC::JIT::emit_op_jtrue):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- (JSC::JIT::emit_op_to_jsnumber):
- (JSC::JIT::emit_op_push_new_scope):
- (JSC::JIT::emit_op_catch):
- (JSC::JIT::emit_op_eq_null):
- (JSC::JIT::emit_op_neq_null):
- (JSC::JIT::emit_op_init_lazy_reg):
- (JSC::JIT::emit_op_convert_this):
- (JSC::JIT::emit_op_convert_this_strict):
- (JSC::JIT::emitSlow_op_not):
- (JSC::JIT::emitSlow_op_neq):
- (JSC::JIT::emit_op_get_arguments_length):
- (JSC::JIT::emitSlow_op_get_arguments_length):
- (JSC::JIT::emit_op_get_argument_by_val):
- (JSC::JIT::emitSlow_op_resolve_global_dynamic):
- (JSC::JIT::emit_op_new_regexp):
- (JSC::JIT::emit_op_load_varargs):
- (JSC::JIT::emitSlow_op_load_varargs):
- (JSC::JIT::emit_op_new_func):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTIMachineTrampolines):
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_loop_if_lesseq):
- (JSC::JIT::emit_op_check_has_instance):
- (JSC::JIT::emit_op_instanceof):
- (JSC::JIT::emit_op_get_scoped_var):
- (JSC::JIT::emit_op_put_scoped_var):
- (JSC::JIT::emit_op_tear_off_activation):
- (JSC::JIT::emit_op_tear_off_arguments):
- (JSC::JIT::emit_op_resolve):
- (JSC::JIT::emit_op_to_primitive):
- (JSC::JIT::emit_op_resolve_base):
- (JSC::JIT::emit_op_ensure_property_exists):
- (JSC::JIT::emit_op_resolve_skip):
- (JSC::JIT::emit_op_resolve_global):
- (JSC::JIT::emitSlow_op_resolve_global):
- (JSC::JIT::emit_op_not):
- (JSC::JIT::emit_op_jfalse):
- (JSC::JIT::emit_op_jtrue):
- (JSC::JIT::emit_op_jeq_null):
- (JSC::JIT::emit_op_jneq_null):
- (JSC::JIT::emit_op_jneq_ptr):
- (JSC::JIT::emit_op_jsr):
- (JSC::JIT::emit_op_eq):
- (JSC::JIT::emitSlow_op_eq):
- (JSC::JIT::emit_op_neq):
- (JSC::JIT::emitSlow_op_neq):
- (JSC::JIT::compileOpStrictEq):
- (JSC::JIT::emit_op_eq_null):
- (JSC::JIT::emit_op_neq_null):
- (JSC::JIT::emit_op_resolve_with_base):
- (JSC::JIT::emit_op_new_func_exp):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- (JSC::JIT::emit_op_to_jsnumber):
- (JSC::JIT::emit_op_push_new_scope):
- (JSC::JIT::emit_op_catch):
- (JSC::JIT::emit_op_create_activation):
- (JSC::JIT::emit_op_create_arguments):
- (JSC::JIT::emit_op_convert_this):
- (JSC::JIT::emit_op_convert_this_strict):
- (JSC::JIT::emit_op_get_arguments_length):
- (JSC::JIT::emitSlow_op_get_arguments_length):
- (JSC::JIT::emit_op_get_argument_by_val):
- (JSC::JIT::softModulo):
- * jit/JITPropertyAccess.cpp:
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_get_by_pname):
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::emit_op_put_by_index):
- (JSC::JIT::emit_op_put_getter):
- (JSC::JIT::emit_op_put_setter):
- (JSC::JIT::emit_op_del_by_id):
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::compileGetByIdSlowCase):
- (JSC::JIT::emitSlow_op_put_by_id):
- (JSC::JIT::testPrototype):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_put_getter):
- (JSC::JIT::emit_op_put_setter):
- (JSC::JIT::emit_op_del_by_id):
- (JSC::JIT::emit_op_get_by_id):
- (JSC::JIT::emit_op_put_by_id):
- (JSC::JIT::emit_op_method_check):
- (JSC::JIT::stringGetByValStubGenerator):
- (JSC::JIT::emit_op_get_by_val):
- (JSC::JIT::emitSlow_op_get_by_val):
- (JSC::JIT::emit_op_put_by_val):
- (JSC::JIT::compileGetByIdHotPath):
- (JSC::JIT::compileGetByIdSlowCase):
- (JSC::JIT::emitSlow_op_put_by_id):
- (JSC::JIT::testPrototype):
- (JSC::JIT::privateCompilePutByIdTransition):
- (JSC::JIT::privateCompilePatchGetArrayLength):
- (JSC::JIT::privateCompileGetByIdProto):
- (JSC::JIT::privateCompileGetByIdSelfList):
- (JSC::JIT::privateCompileGetByIdProtoList):
- (JSC::JIT::privateCompileGetByIdChainList):
- (JSC::JIT::privateCompileGetByIdChain):
- (JSC::JIT::emit_op_get_by_pname):
- * jit/JITStubCall.h:
- (JSC::JITStubCall::addArgument):
- * jit/JITStubs.cpp:
- (JSC::getPolymorphicAccessStructureListSlot):
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JSInterfaceJIT.h:
- (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
- (JSC::JSInterfaceJIT::emitLoadInt32):
- (JSC::JSInterfaceJIT::emitLoadDouble):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
- (JSC::SpecializedThunkJIT::loadJSStringArgument):
- (JSC::SpecializedThunkJIT::tagReturnAsInt32):
- (JSC::SpecializedThunkJIT::tagReturnAsJSCell):
- * jit/ThunkGenerators.cpp:
- (JSC::charToString):
- (JSC::powThunkGenerator):
- * yarr/YarrJIT.cpp:
- (JSC::Yarr::YarrGenerator::matchCharacterClass):
- (JSC::Yarr::YarrGenerator::storeToFrame):
- (JSC::Yarr::YarrGenerator::storeToFrameWithPatch):
- (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
- (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
- (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
- (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
- (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
- (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
- (JSC::Yarr::YarrGenerator::generateDisjunction):
-
-2011-03-28 Andras Becsi <abecsi@webkit.org>
-
- Reviewed by Csaba Osztrogonác.
-
- [Qt] Fix the linking of jsc with MinGW after r81963.
-
- * jsc.pro: add -l and remove the lib suffix.
-
-2011-03-27 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Alexey Proskuryakov.
-
- https://bugs.webkit.org/show_bug.cgi?id=57170 Fix last elements
- in an enum to remove a trailing comma. Sun Studio 12 CC errors out.
-
- Compile fix only, no actual code change.
-
- * wtf/MessageQueue.h:
-
-2011-03-25 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Darin Adler.
-
- Allow defineOwnProperty to work on DOMObjects
- https://bugs.webkit.org/show_bug.cgi?id=57129
-
- Fix a couple of places where we uses getter()/setter() rather
- than [gs]etterPresent().
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineOwnProperty):
-
-2011-03-25 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Crash when paused at a breakpoint caused by inaccurate Activation records.
- https://bugs.webkit.org/show_bug.cgi?id=57120
-
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::symbolTableGet):
- (JSC::JSActivation::symbolTablePut):
- (JSC::JSActivation::getOwnPropertyNames):
- (JSC::JSActivation::symbolTablePutWithAttributes):
-
-2011-03-24 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Crash in debugger beneath MarkStack::drain @ me.com, ibm.com
- https://bugs.webkit.org/show_bug.cgi?id=57080
- <rdar://problem/8525907>
-
- The crash was caused by changes in the executable after recompilation.
-
- The fix is for the activation to copy the data it needs instead of
- relying on the data in the executable.
-
- SunSpider and v8 report no change.
-
- * runtime/Arguments.h:
- (JSC::JSActivation::copyRegisters): Use our own data members instead of
- reading data out of the executable.
-
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation): Initialize our data members.
-
- (JSC::JSActivation::markChildren):
- (JSC::JSActivation::symbolTableGet):
- (JSC::JSActivation::symbolTablePut):
- (JSC::JSActivation::getOwnPropertyNames):
- (JSC::JSActivation::symbolTablePutWithAttributes):
- (JSC::JSActivation::isDynamicScope):
- (JSC::JSActivation::argumentsGetter): Use our own data members instead of
- reading data out of the executable.
-
- * runtime/JSActivation.h: Added new data members to track data previously
- tracked by the executable. Since I've removed the executable pointer,
- on a 64bit system, I've only made activations bigger by an int.
-
-2011-03-25 David Kilzer <ddkilzer@apple.com>
-
- Remove duplicate entry from JavaScriptCore.exp
-
- JSC::createStackOverflowError(JSC::ExecState*) was originally
- exported in r60057, then duplicated in r60392.
-
- * JavaScriptCore.exp: Removed duplicate entry.
-
-2011-03-25 Jarred Nicholls <jarred@sencha.com>
-
- Reviewed by Ariya Hidayat.
-
- [Qt] MSVC Build Error - need to link advapi32.lib for jsc.exe
- https://bugs.webkit.org/show_bug.cgi?id=56098
-
- Need to link advapi32.lib for jsc.exe since wtf/OSRandomSource.cpp uses the Win32 Crypto API
-
- * jsc.pro:
-
-2011-03-24 Nikolas Zimmermann <nzimmermann@rim.com>
-
- Reviewed by Darin Adler.
-
- Introduce WTF HexNumber.h
- https://bugs.webkit.org/show_bug.cgi?id=56099
-
- Introduce a set of functions that ease converting from a bye or a number to a hex string,
- replacing several of these conversions and String::format("%x") usages all over WebCore.
-
- * GNUmakefile.am: Add HexNumber.h to build.
- * JavaScriptCore.exp: Export StringBuilder::reserveCapacity.
- * JavaScriptCore.gypi: Add HexNumber.h to build.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity.
- * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build.
- * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
- * wtf/CMakeLists.txt: Ditto.
- * wtf/HexNumber.h: Added.
- (WTF::Internal::hexDigitsForMode): Internal helper.
- (WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination.
- (WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..'
- (WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination.
-
-2011-03-24 Geoffrey Garen <ggaren@apple.com>
-
- Windows build fix take 2: Add new symobl.
-
- (I should have used the EWS bots for this!)
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-24 Geoffrey Garen <ggaren@apple.com>
-
- Windows build fix take 1: Removed old symobl.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-24 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Ensure that all compilation takes place within a dynamic global object scope
- https://bugs.webkit.org/show_bug.cgi?id=57054
- <rdar://problem/9083011>
-
- Otherwise, entry to the global object scope might throw away the code
- we just compiled, causing a crash.
-
- * JavaScriptCore.exp: Updated for signature change.
-
- * debugger/Debugger.cpp:
- (JSC::evaluateInGlobalCallFrame):
- * debugger/DebuggerCallFrame.cpp:
- (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls
- here because (a) they took place outside a dynamic global object scope
- and (b) they were redundant.
-
- * interpreter/CachedCall.h:
- (JSC::CachedCall::CachedCall): Updated for signature change.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct): Declare our dynamic global object
- scope earlier, to ensure that compilation takes place within it.
-
- * runtime/Completion.cpp:
- (JSC::evaluate): Removed explicit compilation calls here because (a)
- they took place outside a dynamic global object scope and (b) they were
- redundant.
-
- * runtime/Executable.h:
- (JSC::EvalExecutable::compile):
- (JSC::ProgramExecutable::compile):
- (JSC::FunctionExecutable::compileForCall):
- (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to
- verify our new invariant that all compilation takes place within a
- dynamic global object scope.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
- * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope
- to require a JSGlobalData instead of an ExecState* since it is often
- easier to provide the former, and the latter was not necessary.
-
-2011-03-24 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear
- https://bugs.webkit.org/show_bug.cgi?id=55671
-
- This is no longer necessary, and it seems that with the new weakmap
- model it's simply unsafe, so this reduces it to a no-op.
-
- * API/JSWeakObjectMapRefPrivate.cpp:
-
-2011-03-24 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Darin Adler.
-
- https://bugs.webkit.org/show_bug.cgi?id=20302
- Correct implementation of signbit on Solaris
-
- * wtf/MathExtras.h:
- (signbit):
-
-2011-03-23 Mark Rowe <mrowe@apple.com>
-
- Reviewed by Darin Adler.
-
- <rdar://problem/7959320> Threads that use APIs above the BSD layer must be registered with the Obj-C GC.
-
- * wtf/ThreadingPthreads.cpp:
- (WTF::initializeCurrentThreadInternal):
-
-2011-03-23 Mark Rowe <mrowe@apple.com>
-
- Stop setting OTHER_OPTIONS in JavaScriptCore's Makefile.
-
- It's not necessary to pass "-target All" as xcodebuild always builds the
- first target in the project unless otherwise specified. The presence of
- that option also breaks "make clean" since that results in both the
- -target and -alltargets options being passed to xcodebuild.
-
- * Makefile:
-
-2011-03-23 Pavel Feldman <pfeldman@chromium.org>
-
- Not reviewed: bring back Vector::contains that was removed as a part of roll back.
-
- * wtf/Vector.h:
- (WTF::::contains):
-
-2011-03-23 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r81686.
- http://trac.webkit.org/changeset/81686
- https://bugs.webkit.org/show_bug.cgi?id=56914
-
- Breaks webkit_tests in Chromium again. (Requested by pfeldman
- on #webkit).
-
- * wtf/Vector.h:
-
-2011-03-23 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- JavaScriptCore GYP build should work on a case-sensitive file system
- https://bugs.webkit.org/show_bug.cgi?id=56911
-
- The issue is that there are two UString.h headers, one named UString.h
- and one named ustring.h. This patch excludes ustring.h from the header
- map to avoid confusion. While I was editing this part of the GYP file,
- I cleaned up the exclude rules to be more modern.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-03-22 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Maciej Stachowiak.
-
- REGRESSION (r78382): No scripts appear in the Web Inspector's Scripts
- panel on Windows, and many inspector regression tests are failing
- https://bugs.webkit.org/show_bug.cgi?id=54490
-
- The bug was caused by two different classes using the same name (Recompiler).
-
- * debugger/Debugger.cpp:
- * runtime/JSGlobalData.cpp:
- (WTF::Recompiler::operator()): Put Recompiler in an anonymous namespace,
- so our two recompilers' inline functions don't stomp each other at
- link time.
-
-2011-03-22 Sam Weinig <sam@webkit.org>
-
- Reviewed by Mark Rowe.
-
- Remove USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
- <rdar://problem/8944718>
-
- * DerivedSources.make:
- Remove generation of USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
-
-2011-03-22 Gabor Loki <loki@webkit.org>
-
- Reviewed by Csaba Osztrogonác.
-
- [Qt] Add DFG module to build system (disabled by default).
- https://bugs.webkit.org/show_bug.cgi?id=56845
-
- * JavaScriptCore.pri:
- * JavaScriptCore.pro:
-
-2011-03-22 Eric Seidel <eric@webkit.org>
-
- Reviewed by Adam Barth.
-
- Add support to build-webkit for building with gyp-generated project files
- https://bugs.webkit.org/show_bug.cgi?id=56877
-
- Found a couple missing Private headers while trying to make WebCore build.
-
- * JavaScriptCore.gypi:
-
-2011-03-22 Eric Seidel <eric@webkit.org>
-
- Reviewed by Adam Barth.
-
- Make it possible to build JavaScriptCore and WebCore gyp builds outside of Source
- https://bugs.webkit.org/show_bug.cgi?id=56867
-
- This should make it possible to build the gyp-generated JavaScriptCore.xcodeproj
- from a JavaScriptCore directory outside of Source.
-
- * gyp/JavaScriptCore.gyp:
- * gyp/run-if-exists.sh: Added.
- * gyp/update-info-plist.sh: Added.
-
-2011-03-22 Eric Seidel <eric@webkit.org>
-
- Reviewed by Adam Barth.
-
- Add Profiling Configuration to JavaScriptCore gyp build
- https://bugs.webkit.org/show_bug.cgi?id=56862
-
- It appears this is identical to Release, but I suspect
- there is someone/thing who uses the Profiling target
- so we're adding it for completeness.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-03-22 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Remove os_win32_files variable from the GYP build
- https://bugs.webkit.org/show_bug.cgi?id=56804
-
- Now that our understanding of GYP is sufficiently advanced, we don't
- need os_win32_files any more. (Turns out Eric was right, as he always
- is.)
-
- * JavaScriptCore.gypi:
-
-2011-03-22 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- GYP build of JavaScriptCore should be able to link from an empty WebKitBuild directory
- https://bugs.webkit.org/show_bug.cgi?id=56803
-
- Previously, we thought we should generate the derived source files in
- the shared intermediate build products directory, but there are
- assumptions built into other parts of the Mac build system that the
- derived source files will be generated in a particular subdirectory of
- the build products directory.
-
- This patch is a partial revert of the change that moved the derived
- source files to the shared intermediate directory. After this patch,
- the GYP build can build JavaScriptCore without help from the main
- normal build system.
-
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
- * gyp/generate-derived-sources.sh:
- * gyp/generate-dtrace-header.sh:
-
-2011-03-22 Jay Civelli <jcivelli@chromium.org>
-
- Reviewed by David Levin.
-
- Adding a contains method to Vector.
- https://bugs.webkit.org/show_bug.cgi?id=55859
-
- * wtf/Vector.h:
- (WTF::Vector::contains):
-
-2011-03-22 Gabor Loki <loki@webkit.org>
-
- Reviewed by Alexey Proskuryakov.
-
- Fix a bunch of typos in DFG.
- https://bugs.webkit.org/show_bug.cgi?id=56813
-
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::parse):
- * dfg/DFGGenerationInfo.h:
- (JSC::DFG::GenerationInfo::setSpilled):
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- * dfg/DFGGraph.h:
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::setupStubArguments):
- * dfg/DFGJITCompiler.cpp:
- (JSC::DFG::JITCompiler::compileFunction):
- * dfg/DFGJITCompiler.h:
- * dfg/DFGNode.h:
- * dfg/DFGNonSpeculativeJIT.h:
- * dfg/DFGOperations.h:
- * dfg/DFGRegisterBank.h:
- (JSC::DFG::RegisterBank::allocate):
- * dfg/DFGScoreBoard.h:
- (JSC::DFG::ScoreBoard::~ScoreBoard):
- (JSC::DFG::ScoreBoard::allocate):
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
-
-2011-03-22 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Production configuration in GYP isn&apos;t set up correctly
- https://bugs.webkit.org/show_bug.cgi?id=56786
-
- Update JavaScriptCore.gyp with information mined from
- JavaScriptCore.xcodeproj.
-
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
-
-2011-03-22 Kent Tamura <tkent@chromium.org>
-
- Reviewed by Eric Seidel.
-
- REGRESSION(r80096): Number type input unexpectedly rounds fractional values
- https://bugs.webkit.org/show_bug.cgi?id=56367
-
- Introduce clampToInteger(unsigned).
-
- * wtf/MathExtras.h:
- (clampToInteger): Added.
-
-2011-03-21 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- GYP build should not have include paths that point within the source tree
- https://bugs.webkit.org/show_bug.cgi?id=56788
-
- Turns out we don't need these include paths anymore now that we have
- header maps working properly.
-
- * gyp/JavaScriptCore.gyp:
- - Also, remove jsc.cpp from the excluded list because it's not part
- of the jsc_files variable instead of the javascriptcore_files
- variable.
-
-2011-03-21 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Solve the Assertions.cpp / -Wno-missing-format-attribute mystery
- https://bugs.webkit.org/show_bug.cgi?id=56780
-
- The reason we couldn't resolve this warning in the GYP build was that
- the normal build disables this warning specifically for this file.
- This patch takes the same approach as the previous patch to
- WebCoreObjCExtras.mm in that it uses a pragma to suppress the warning
- (rather than a build system configuration).
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Remove the special-case for this file.
- * gyp/JavaScriptCore.gyp:
- - Remove the work-around for this issue.
- * wtf/Assertions.cpp:
- - Add a pragma disabling this warning for this file.
-
-2011-03-21 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- WebCore GYP build shouldn't crash on startup
- https://bugs.webkit.org/show_bug.cgi?id=56776
-
- Debug builds shouldn't define NDEBUG. This same logic exists in the
- project.pbxproj file.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-03-21 Robert Kroeger <rjkroege@chromium.org>
-
- Reviewed by Antonio Gomes.
-
- Flag to enable/disable a GestureReocognizer framework
-
- https://bugs.webkit.org/show_bug.cgi?id=49345
-
- * wtf/Platform.h:
-
-2011-03-21 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Add new files to JavaScriptCore.gypi
- https://bugs.webkit.org/show_bug.cgi?id=56766
-
- * JavaScriptCore.gypi:
-
-2011-03-21 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r81377.
- http://trac.webkit.org/changeset/81377
- https://bugs.webkit.org/show_bug.cgi?id=56765
-
- WebPageSerializerTest.MultipleFrames is broken (Requested by
- simonjam on #webkit).
-
- * wtf/Vector.h:
-
-2011-03-21 Gabor Loki <loki@webkit.org>
-
- Reviewed by Csaba Osztrogonác.
-
- Extend constant pool to be able to store 16 bit instructions with a constant
- https://bugs.webkit.org/show_bug.cgi?id=46796
-
- The putShortWithConstantInt function inserts a 16 bit instruction which
- refers a 32 bits constant or literal. This is a vital function for those
- target which loads a PC relative value with a 16 bit instruction (like
- Thumb-2 instruction set and SH4 architecture).
-
- * assembler/AssemblerBuffer.h:
- (JSC::AssemblerBuffer::putIntegral):
- (JSC::AssemblerBuffer::putIntegralUnchecked):
- * assembler/AssemblerBufferWithConstantPool.h:
-
-2011-03-21 Philippe Normand <pnormand@igalia.com>
-
- Unreviewed, GTK distcheck build fix.
-
- * GNUmakefile.am:
-
-2011-03-20 Bill Budge <bbudge@chromium.org>
-
- Reviewed by Adam Barth.
-
- Rename ThreadSafeShared to ThreadSafeRefCounted
- https://bugs.webkit.org/show_bug.cgi?id=56714
-
- No new tests. Exposes no new functionality.
-
- * API/JSClassRef.h:
- * API/OpaqueJSString.h:
- * GNUmakefile.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/Atomics.h:
- * wtf/CMakeLists.txt:
- * wtf/CrossThreadRefCounted.h:
- (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
- (WTF::::crossThreadCopy):
- * wtf/ThreadSafeRefCounted.h: Copied from wtf/ThreadSafeShared.h.
- (WTF::ThreadSafeRefCountedBase::ThreadSafeRefCountedBase):
- (WTF::ThreadSafeRefCountedBase::ref):
- (WTF::ThreadSafeRefCountedBase::refCount):
- (WTF::ThreadSafeRefCountedBase::derefBase):
- (WTF::ThreadSafeRefCounted::ThreadSafeRefCounted):
- * wtf/ThreadSafeShared.h: Removed.
- * wtf/Threading.h:
-
-2011-03-19 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Darin Adler.
-
- Remove StringImpl::computeHash()
- https://bugs.webkit.org/show_bug.cgi?id=49894
-
- Replace remainig StringImpl::computeHash with StringImpl::computeHashStringHasher.
-
- * wtf/text/AtomicString.cpp:
- (WTF::CStringTranslator::hash):
- (WTF::UCharBufferTranslator::hash):
- (WTF::HashAndCharactersTranslator::hash):
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::setHash):
- (WTF::StringImpl::hash):
-
-2011-03-19 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Darin Adler.
-
- Rename WTF::StringHasher methods
- https://bugs.webkit.org/show_bug.cgi?id=53532
-
- Rename createHash to computeHash and createBlobHash to hashMemory.
- Also add a using WTF::StringHasher in the header file.
-
- * profiler/CallIdentifier.h:
- (JSC::CallIdentifier::Hash::hash):
- * runtime/Identifier.cpp:
- (JSC::IdentifierCStringTranslator::hash):
- (JSC::IdentifierUCharBufferTranslator::hash):
- * wtf/StringHasher.h:
- (WTF::StringHasher::computeHash):
- (WTF::StringHasher::hashMemory):
- * wtf/text/StringHash.h:
- (WTF::CaseFoldingHash::hash):
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::computeHash):
- * wtf/unicode/UTF8.cpp:
- (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
-
-2011-03-18 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- [GTK] JSC crashes in 32bit Release bots after r80743
- https://bugs.webkit.org/show_bug.cgi?id=56180
-
- The crash was caused by referencing GC memory from a GC destructor. This
- is not safe because destruction time / order is not guaranteed.
-
- * profiler/ProfileGenerator.cpp:
- (JSC::ProfileGenerator::create):
- (JSC::ProfileGenerator::ProfileGenerator):
- (JSC::ProfileGenerator::willExecute):
- (JSC::ProfileGenerator::didExecute):
- * profiler/ProfileGenerator.h:
- (JSC::ProfileGenerator::origin): Made ExecState* the first argument,
- to match the rest of this class and JSC.
-
- Use a JSGlobalObject* instead of an ExecState* with an indirect reference
- to a JSGlobalObject* to track our origin. This is simpler and more
- efficient, and it removes the destruction order dependency that was causing
- our crash.
-
- * profiler/Profiler.cpp:
- (JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*.
- (JSC::Profiler::stopProfiling): New function for stopping all profiles
- for a given global object. This is more straight-forward than multiplexing
- through the old function.
-
- (JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*.
- * profiler/Profiler.h: Ditto.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::~JSGlobalObject): Ditto.
-
-2011-03-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- 1 Structure leaked beneath JSGlobalData::storeVPtrs()
- https://bugs.webkit.org/show_bug.cgi?id=56595
-
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::EvalExecutable):
- (JSC::ProgramExecutable::ProgramExecutable):
- (JSC::FunctionExecutable::FunctionExecutable):
- * runtime/Executable.h:
- (JSC::ExecutableBase::ExecutableBase):
- (JSC::NativeExecutable::NativeExecutable):
- (JSC::VPtrHackExecutable::VPtrHackExecutable):
- (JSC::ScriptExecutable::ScriptExecutable): Use a raw pointer instead of
- PassRefPtr, like JSString does, since JSGlobalData owns the singleton
- exectuable structure.
-
-2011-03-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Mark Rowe.
-
- Fixed some string leaks seen on the buildbot
- https://bugs.webkit.org/show_bug.cgi?id=56619
-
- * runtime/PropertyMapHashTable.h:
- (JSC::PropertyTable::~PropertyTable): DEref!
-
-2011-03-17 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Crash in JSC::MarkStack::drain Under Stress
- https://bugs.webkit.org/show_bug.cgi?id=56470
-
- We perform a number of gc allocations while when
- we are setting up new globals in a piece of global
- code. We do this by adding new properties to the
- symbol table, and then expanding the storage to fit
- at the end.
-
- If a GC happens during this time we will report an
- incorrect size for the global object's symbol table
- storage.
-
- This patch corrects this by growing the storage size
- before we starting adding entries to the symbol table.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::resizeRegisters):
-
-2011-03-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- 1 Structure leaked beneath JSGlobalData::storeVPtrs()
- https://bugs.webkit.org/show_bug.cgi?id=56595
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs): Take local ownership of the Structure
- we're using, since the Executable is not designed to own the Structure.
-
-2011-03-17 Gavin Barraclough <barraclough@apple.com>
-
- Rubber Stamped by Sam Weinig.
-
- Add missing register-register branchTest8 to MacroAssemblerX86Common/X86Assembler.
-
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::branchTest8):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::testb_rr):
-
-2011-03-17 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 56603 - DFG JIT related cleanup
- Move node generation out to separate function, move binarySearch algorithm out
- to StdLibExtras, fix Graph::dump() to print comma between non-node children,
- even if there are no node children.
-
- * bytecode/CodeBlock.h:
- (JSC::getCallReturnOffset):
- (JSC::CodeBlock::getStubInfo):
- (JSC::CodeBlock::getCallLinkInfo):
- (JSC::CodeBlock::getMethodCallLinkInfo):
- (JSC::CodeBlock::bytecodeOffset):
- - Move binaryChop to binarySearch in StdLibExtras
- * dfg/DFGByteCodeParser.cpp:
- (JSC::DFG::ByteCodeParser::ByteCodeParser):
- (JSC::DFG::ByteCodeParser::parse):
- (JSC::DFG::parse):
- - Make m_noArithmetic a member, initialize m_currentIndex in the constructor.
- * dfg/DFGByteCodeParser.h:
- - Change parse() to not take a start index (always 0).
- * dfg/DFGGraph.cpp:
- (JSC::DFG::Graph::dump):
- - Fix Graph::dump() to print comma between non-node children, even if there are no node children.
- * dfg/DFGJITCodeGenerator.h:
- (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
- - Initialize m_compileIndex in constructor.
- * dfg/DFGNonSpeculativeJIT.cpp:
- (JSC::DFG::NonSpeculativeJIT::compile):
- * dfg/DFGNonSpeculativeJIT.h:
- - Spilt out compilation of individual node.
- * dfg/DFGOperations.cpp:
- (JSC::DFG::operationConvertThis):
- * dfg/DFGOperations.h:
- - Cleanup parameter name.
- * dfg/DFGSpeculativeJIT.cpp:
- (JSC::DFG::SpeculativeJIT::compile):
- * dfg/DFGSpeculativeJIT.h:
- - Spilt out compilation of individual node.
- * runtime/Executable.cpp:
- (JSC::tryDFGCompile):
- - Change parse() to not take a start index (always 0).
- * wtf/StdLibExtras.h:
- (WTF::binarySearch):
- - Move binaryChop to binarySearch in StdLibExtras
-
-2011-03-17 Anders Carlsson <andersca@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Fix clang build.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs):
-
-2011-03-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- 1 Structure leaked beneath JSGlobalData::storeVPtrs()
- https://bugs.webkit.org/show_bug.cgi?id=56595
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs): Now that we have an executable, we need
- to explicitly run its destructor.
-
-2011-03-17 Jeff Miller <jeffm@apple.com>
-
- Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically:
-
- *.mode*
- *.pbxuser
- *.perspective*
- project.xcworkspace
- xcuserdata
-
- * JavaScriptCore.xcodeproj: Modified property svn:ignore.
-
-2011-03-17 Gavin Barraclough <barraclough@apple.com>
-
- Reverting r81197, breaks JIT + INTERPRETER build.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
- (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addPropertyAccessInstruction):
- (JSC::CodeBlock::addGlobalResolveInstruction):
- (JSC::CodeBlock::addStructureStubInfo):
- * bytecode/Opcode.h:
- * bytecode/StructureStubInfo.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitPutById):
- (JSC::BytecodeGenerator::emitDirectPutById):
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitConstruct):
- (JSC::BytecodeGenerator::emitCatch):
-
-2011-03-17 Ben Taylor <bentaylor.solx86@gmail.com>
-
- Reviewed by Alexey Proskuryakov.
-
- Add a COMPILER(SUNCC) define for Sun Studio 12.
- https://bugs.webkit.org/show_bug.cgi?56444
- derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932
-
- * wtf/Platform.h:
-
-2011-03-17 Jay Civelli <jcivelli@chromium.org>
-
- Reviewed by David Levin.
-
- Adding a contains method to Vector.
- https://bugs.webkit.org/show_bug.cgi?id=55859
-
- * wtf/Vector.h:
- (WTF::::operator):
- (WTF::::contains):
-
-2011-03-17 Patrick Gansterer <paroga@webkit.org>
-
- Fix the interpreter build.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute): Added globalData to inheritorID().
-
-2011-03-16 Sam Weinig <sam@webkit.org>
-
- Fix the interpreter build.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::resolve):
- (JSC::Interpreter::resolveSkip):
- (JSC::Interpreter::resolveGlobal):
- (JSC::Interpreter::resolveGlobalDynamic):
- (JSC::Interpreter::resolveBaseAndProperty):
- (JSC::Interpreter::privateExecute):
- Remove .get()s.
-
-2011-03-16 Adam Barth <abarth@webkit.org>
-
- Reviewed by James Robinson.
-
- Remove USE(BUILTIN_UTF8_CODEC)
- https://bugs.webkit.org/show_bug.cgi?id=56508
-
- We added this recently when we were unsure about the stability of the
- built-in UTF-8 codec. However, the codec seems to be stable, so we
- don't need the macro.
-
- * wtf/Platform.h:
-
-2011-03-16 Daniel Bates <dbates@rim.com>
-
- Reviewed by Darin Adler.
-
- Make JIT build for ARM Thumb-2 with RVCT
- https://bugs.webkit.org/show_bug.cgi?id=56440
-
- Derived from a patch by Dave Tapuska.
-
- Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment.
-
- * jit/JITStubs.cpp:
-
-2011-03-16 Chao-ying Fu <fu@mips.com>
-
- Reviewed by Darin Adler.
-
- Fix MIPS build with const *void
- https://bugs.webkit.org/show_bug.cgi?id=56513
-
- * assembler/MacroAssemblerMIPS.h:
- (JSC::MacroAssemblerMIPS::load32):
- (JSC::MacroAssemblerMIPS::store32):
-
-2011-03-16 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Darin Adler.
-
- Remove unnecessary caller tracking shenanigans from CodeBlock
- https://bugs.webkit.org/show_bug.cgi?id=56483
-
- This removes some leftover cruft from when we made CodeBlock
- mark its callees. Removing it gives us a 0.7% progression,
- reducing the overall regression to ~1.3%.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::shrinkToFit):
- * bytecode/CodeBlock.h:
- (JSC::CallLinkInfo::CallLinkInfo):
- * jit/JIT.cpp:
- (JSC::JIT::linkCall):
- (JSC::JIT::linkConstruct):
-
-2011-03-15 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make Structure creation require a JSGlobalData
- https://bugs.webkit.org/show_bug.cgi?id=56438
-
- Mechanical change to make Structure::create require JSGlobalData&, and
- require all users to provide the globalData.
-
- * API/JSCallbackConstructor.h:
- (JSC::JSCallbackConstructor::createStructure):
- * API/JSCallbackFunction.h:
- (JSC::JSCallbackFunction::createStructure):
- * API/JSCallbackObject.h:
- (JSC::JSCallbackObject::createStructure):
- * API/JSContextRef.cpp:
- * JavaScriptCore.exp:
- * debugger/DebuggerActivation.cpp:
- (JSC::DebuggerActivation::DebuggerActivation):
- * debugger/DebuggerActivation.h:
- (JSC::DebuggerActivation::createStructure):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jsc.cpp:
- (GlobalObject::GlobalObject):
- (functionRun):
- (jscmain):
- * runtime/Arguments.h:
- (JSC::Arguments::createStructure):
- * runtime/ArrayPrototype.h:
- (JSC::ArrayPrototype::createStructure):
- * runtime/BooleanObject.h:
- (JSC::BooleanObject::createStructure):
- * runtime/DateInstance.h:
- (JSC::DateInstance::createStructure):
- * runtime/DatePrototype.h:
- (JSC::DatePrototype::createStructure):
- * runtime/ErrorInstance.h:
- (JSC::ErrorInstance::createStructure):
- * runtime/Executable.h:
- (JSC::ExecutableBase::createStructure):
- (JSC::EvalExecutable::createStructure):
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::createStructure):
- * runtime/FunctionPrototype.h:
- (JSC::FunctionPrototype::createStructure):
- * runtime/GetterSetter.h:
- (JSC::GetterSetter::createStructure):
- * runtime/InternalFunction.h:
- (JSC::InternalFunction::createStructure):
- * runtime/JSAPIValueWrapper.h:
- (JSC::JSAPIValueWrapper::createStructure):
- * runtime/JSActivation.h:
- (JSC::JSActivation::createStructure):
- * runtime/JSArray.cpp:
- (JSC::JSArray::JSArray):
- * runtime/JSArray.h:
- (JSC::JSArray::createStructure):
- * runtime/JSByteArray.cpp:
- (JSC::JSByteArray::createStructure):
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::JSByteArray):
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::createDummyStructure):
- * runtime/JSFunction.h:
- (JSC::JSFunction::createStructure):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs):
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::JSGlobalObject):
- (JSC::JSGlobalObject::createStructure):
- * runtime/JSNotAnObject.h:
- (JSC::JSNotAnObject::createStructure):
- * runtime/JSONObject.h:
- (JSC::JSONObject::createStructure):
- * runtime/JSObject.cpp:
- (JSC::JSObject::createInheritorID):
- * runtime/JSObject.h:
- (JSC::JSObject::createStructure):
- (JSC::JSNonFinalObject::createStructure):
- (JSC::JSFinalObject::createStructure):
- (JSC::createEmptyObjectStructure):
- (JSC::JSObject::inheritorID):
- * runtime/JSObjectWithGlobalObject.h:
- (JSC::JSObjectWithGlobalObject::createStructure):
- * runtime/JSPropertyNameIterator.h:
- (JSC::JSPropertyNameIterator::createStructure):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::createStructure):
- * runtime/JSString.h:
- (JSC::RopeBuilder::createStructure):
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::createStructure):
- * runtime/JSWrapperObject.h:
- (JSC::JSWrapperObject::createStructure):
- * runtime/JSZombie.h:
- (JSC::JSZombie::createStructure):
- * runtime/MathObject.h:
- (JSC::MathObject::createStructure):
- * runtime/NativeErrorConstructor.cpp:
- (JSC::NativeErrorConstructor::NativeErrorConstructor):
- * runtime/NativeErrorConstructor.h:
- (JSC::NativeErrorConstructor::createStructure):
- * runtime/NumberConstructor.h:
- (JSC::NumberConstructor::createStructure):
- * runtime/NumberObject.h:
- (JSC::NumberObject::createStructure):
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::createStructure):
- * runtime/RegExpConstructor.h:
- (JSC::RegExpConstructor::createStructure):
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::createStructure):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::createStructure):
- * runtime/StringObject.h:
- (JSC::StringObject::createStructure):
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
- * runtime/StringPrototype.h:
- (JSC::StringPrototype::createStructure):
- * runtime/Structure.h:
- (JSC::Structure::create):
-
-2011-03-16 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Some conservative root gathering cleanup
- https://bugs.webkit.org/show_bug.cgi?id=56447
-
- SunSpider says 0.5% - 1.8% faster.
-
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::gatherConservativeRoots):
- * interpreter/RegisterFile.h: New helper function for doing the
- conservative gathering of the register file. It's still conservative,
- since the register file may contain uninitialized values, but it's
- moving-safe, because it only visits values tagged as pointers, so there's
- no risk of mistaking an integer for a pointer and accidentally changing it.
-
- * runtime/ConservativeSet.cpp:
- (JSC::ConservativeRoots::add):
- * runtime/ConservativeSet.h: Added a single-value add function, used above.
-
- * runtime/Heap.cpp:
- (JSC::Heap::markRoots): Separated machine stack conservative roots from
- register file conservative roots because machine stack roots must be
- pinned, but register file roots need not be pinned.
-
- Adopted new interface for passing the current stack extent to the machine
- stack root gathering routine. This allows us to exclude marking-related
- data structures on the stack, and thus avoid double-marking the set of
- machine roots.
-
- * runtime/MachineStackMarker.cpp:
- (JSC::MachineThreads::gatherFromCurrentThread):
- (JSC::MachineThreads::gatherConservativeRoots):
- * runtime/MachineStackMarker.h: Added new interface, described above.
-
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::firstAtom):
- * wtf/StdLibExtras.h:
- (WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used
- by MachineStacks.
-
-2011-03-16 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- A little bit of MarkStack cleanup
- https://bugs.webkit.org/show_bug.cgi?id=56443
-
- Moved MarkStack functions into MarkStack.h/.cpp.
-
- SunSpider reports no change.
-
- * runtime/JSArray.h:
- * runtime/JSCell.h: Moved from here...
- * runtime/MarkStack.cpp:
- (JSC::MarkStack::markChildren):
- (JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's
- a huge function, and not called many times.
-
- * runtime/MarkStack.h:
- (JSC::MarkStack::~MarkStack): Moved near constructor, per style guide.
- (JSC::MarkStack::append):
- (JSC::MarkStack::deprecatedAppend):
- (JSC::MarkStack::internalAppend): Moved to here.
-
-2011-03-15 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed another deprecatedAppend
- https://bugs.webkit.org/show_bug.cgi?id=56429
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::markStrongHandles):
- * collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are
- marked directly by the Heap.
-
- * runtime/Heap.cpp:
- (JSC::Heap::markRoots): Ditto.
-
-2011-03-15 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed some more deprecated / unsafe append
- https://bugs.webkit.org/show_bug.cgi?id=56428
-
- * collector/handles/HandleStack.cpp:
- (JSC::HandleStack::mark):
- * collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot
- marker, since it's a heap root.
-
- * runtime/ArgList.cpp:
- (JSC::MarkedArgumentBuffer::markLists):
- (JSC::MarkedArgumentBuffer::slowAppend):
- * runtime/ArgList.h: Ditto.
-
- * runtime/Heap.cpp:
- (JSC::Heap::markRoots): Added a mark call for marking the handle stack.
- It seems like Oliver forgot this in his last patch. (!)
-
- * runtime/MarkStack.h: Removed appendSlots, since it would allow an
- object to embed JSValues directly instead of using WriteBarrier.
-
- (JSC::MarkStack::append): Added a private append for a list of values.
-
- (JSC::HeapRootMarker::mark): Access to the above.
-
-2011-03-15 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed a few more deprecatedAppends, and removed HeapRoot<T>
- https://bugs.webkit.org/show_bug.cgi?id=56422
-
- Added HeapRootMarker, a privileged class for marking direct heap roots
- that are iterated during each garbage collection. This is easier to use
- and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>.
-
- * debugger/Debugger.cpp:
- (JSC::evaluateInGlobalCallFrame):
- * debugger/DebuggerCallFrame.cpp:
- (JSC::DebuggerCallFrame::evaluate):
- * interpreter/CallFrame.h:
- (JSC::ExecState::exception):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/Completion.cpp:
- (JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to
- call .get() on it.
-
- * runtime/Heap.cpp:
- (JSC::Heap::markProtectedObjects):
- (JSC::Heap::markTempSortVectors):
- (JSC::Heap::markRoots):
- * runtime/Heap.h: Updated to use HeapRootMarker.
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkStack::append): Added private functions for
- HeapRootMarker to use.
-
- * runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>.
-
- * runtime/MarkStack.h:
- (JSC::HeapRootMarker::HeapRootMarker):
- (JSC::HeapRootMarker::mark): Added private functions for
- HeapRootMarker to use.
-
- * runtime/SmallStrings.cpp:
- (JSC::SmallStrings::markChildren): Updated to use HeapRootMarker.
-
- * runtime/SmallStrings.h:
- (JSC::SmallStrings::emptyString):
- (JSC::SmallStrings::singleCharacterString):
- (JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker.
-
- * runtime/WriteBarrier.h: Removed HeapRoot<T>.
-
-2011-03-14 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Made the global object moving-GC-safe
- https://bugs.webkit.org/show_bug.cgi?id=56348
-
- SunSpider reports no change.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
- suggested we do not need to visit all our references during GC, since
- that is not true in a moving GC.
-
- Re-sorted data members by type, removed one duplicate, and added back
- the one missing mark I found.
-
- * runtime/JSGlobalObject.h: Re-sorted data members by type.
-
-2011-03-15 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Introduce Local<T> to allow us to start moving to precise marking of locals
- https://bugs.webkit.org/show_bug.cgi?id=56394
-
- Introduce a new handle type, Local<T> and a scoping mechanism
- LocalScope to allow us to start moving towards precise marking
- of temporaries and local variables.
-
- We also start to use the new Local<> type in the JSON stringifier
- so that we can have some coverage of their behaviour in the initial
- checkin.
-
- * GNUmakefile.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.pro:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * collector/handles/Handle.h:
- (JSC::::asObject):
- * collector/handles/HandleStack.cpp: Added.
- (JSC::HandleStack::HandleStack):
- (JSC::HandleStack::mark):
- (JSC::HandleStack::grow):
- * collector/handles/HandleStack.h: Added.
- (JSC::HandleStack::enterScope):
- (JSC::HandleStack::zapTo):
- (JSC::HandleStack::leaveScope):
- (JSC::HandleStack::push):
- * collector/handles/Local.h: Added.
- (JSC::Local::internalSet):
- (JSC::::Local):
- (JSC::::operator):
- (JSC::LocalStack::LocalStack):
- (JSC::LocalStack::peek):
- (JSC::LocalStack::pop):
- (JSC::LocalStack::push):
- (JSC::LocalStack::isEmpty):
- (JSC::LocalStack::size):
- * collector/handles/LocalScope.h: Added.
- (JSC::LocalScope::LocalScope):
- (JSC::LocalScope::~LocalScope):
- (JSC::LocalScope::release):
- * runtime/Heap.cpp:
- (JSC::Heap::markRoots):
- * runtime/Heap.h:
- (JSC::Heap::allocateLocalHandle):
- (JSC::Heap::handleStack):
- * runtime/JSCell.h:
- (JSC::JSCell::::getString):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::allocateLocalHandle):
- * runtime/JSONObject.cpp:
- (JSC::Stringifier::Stringifier):
- (JSC::Stringifier::stringify):
- (JSC::Stringifier::appendStringifiedValue):
- (JSC::Stringifier::Holder::Holder):
- (JSC::Walker::Walker):
- (JSC::Walker::walk):
- (JSC::JSONProtoFuncParse):
- (JSC::JSONProtoFuncStringify):
- (JSC::JSONStringify):
- * runtime/JSONObject.h:
- * runtime/MarkStack.h:
- (JSC::MarkStack::appendValues):
- (JSC::MarkStack::appendSlots):
-
-2011-03-15 Gavin Barraclough <barraclough@apple.com>
-
- Rubber Stamped by Sam Weinig.
-
- Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler
- Some methods have unnecessary differences in name/arguments for interpreter/JIT.
-
- * bytecode/CodeBlock.cpp:
- * bytecode/CodeBlock.h:
- (JSC::HandlerInfo::HandlerInfo):
- (JSC::CodeBlock::addPropertyAccessInfo):
- (JSC::CodeBlock::addGlobalResolveInfo):
- (JSC::CodeBlock::addCallLinkInfo):
- (JSC::CodeBlock::globalResolveInfo):
- * bytecode/Opcode.h:
- * bytecode/StructureStubInfo.h:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::emitResolve):
- (JSC::BytecodeGenerator::emitResolveWithBase):
- (JSC::BytecodeGenerator::emitGetById):
- (JSC::BytecodeGenerator::emitPutById):
- (JSC::BytecodeGenerator::emitDirectPutById):
- (JSC::BytecodeGenerator::emitCall):
- (JSC::BytecodeGenerator::emitConstruct):
- (JSC::BytecodeGenerator::emitCatch):
-
-2011-03-15 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Fix broken assert in new code.
-
- * dfg/DFGAliasTracker.h:
- (JSC::DFG::AliasTracker::recordPutByVal):
- - recordPutByVal is called for both PutByVal & PutByValAlias.
-
-2011-03-15 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by Sam Weinig.
-
- Removed redundant code from BytecodeGenerator.
-
- * bytecompiler/BytecodeGenerator.cpp:
- * bytecompiler/BytecodeGenerator.h:
- - delete uncalled code missed when reparsing was removed.
-
-2011-03-15 Kevin Ollivier <kevino@theolliviers.com>
-
- Reviewed by Darin Adler.
-
- Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export
- info into the headers rather than in export symbol definition files, but disable it on
- all platforms initially so we can deal with port build issues one port at a time.
-
- https://bugs.webkit.org/show_bug.cgi?id=27551
-
- * API/JSBase.h:
- * config.h:
- * wtf/Assertions.h:
- * wtf/ExportMacros.h: Added.
- * wtf/Platform.h:
-
-2011-03-14 Laszlo Gombos <laszlo.1.gombos@nokia.com>
-
- Unreviewed build fix.
-
- Buildfix when JIT is not enabled after r81079
- https://bugs.webkit.org/show_bug.cgi?id=56361
-
- * runtime/Executable.cpp:
-
-2011-03-14 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Made the global object moving-GC-safe
- https://bugs.webkit.org/show_bug.cgi?id=56348
-
- SunSpider reports no change.
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
- suggested we do not need to visit all our references during GC, since
- that is not true in a moving GC.
-
- Re-sorted data members by type, removed one duplicate, and added back
- the one missing mark I found.
-
- * runtime/JSGlobalObject.h: Re-sorted data members by type.
-
-2011-03-14 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Made JSWrapperObject and subclasses moving-GC-safe
- https://bugs.webkit.org/show_bug.cgi?id=56346
-
- SunSpider reports no change.
-
- * runtime/BooleanObject.cpp:
- (JSC::BooleanObject::BooleanObject):
- * runtime/DateInstance.cpp:
- (JSC::DateInstance::DateInstance): No more need for JSGlobalData, since
- we don't initialize the wrapped value in our constructor.
-
- * runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because
- we do not in fact override markChildren.
-
- * runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object
- no longer does so for us. Also added an ASSERT to catch a latent bug,
- where DatePrototype stomped on its base class's anonymous slot. Hard-coded
- anonymous slots are a plague on our code. This doesn't cause any problems
- in our existing code since the base class never reads the anonymous slot
- it declares, but it caused crashes when I tried to start using the slot
- in an initial version of this patch.
-
- * runtime/JSWrapperObject.h:
- (JSC::JSWrapperObject::JSWrapperObject):
- (JSC::JSWrapperObject::internalValue):
- (JSC::JSWrapperObject::setInternalValue): Resolved a problem where
- our internal value was stored in two places: an anonymous slot, and a
- data member which was not always visited during GC. Now, we only use the
- data member, and we always visit it. (Instead of relying on certain
- subclasses to set the OverridesMarkChildren bit, we set it ourselves.)
-
- * runtime/NumberObject.cpp:
- (JSC::NumberObject::NumberObject): No more need for JSGlobalData, since
- we don't initialize the wrapped value in our constructor.
-
- * runtime/NumberObject.h: Removed meaningless declaration.
-
- * runtime/StringObject.cpp:
- (JSC::StringObject::StringObject): No more need for JSGlobalData, since
- we don't initialize the wrapped value in our constructor.
-
- * runtime/StringObject.h: Don't set the OverridesMarkChildren flag because
- we do not in fact override markChildren.
-
- * runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object
- no longer does so for us. Also added an ASSERT to catch a latent bug,
- where DatePrototype stomped on its base class's anonymous slot. Hard-coded
- anonymous slots are a plague on our code.
-
-2011-03-14 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Look-ahead assertions with back references don’t work as expected
- https://bugs.webkit.org/show_bug.cgi?id=56082
-
- Changed parentheses assertion processing to temporarily back out the
- number of known characters after the assertion while processing the
- assertion. This was done so that assertions don't fail due to
- checking the number of required characters as additional to the
- rest of the express since assertions don't "consume" input.
- Added a byte code to uncheck characters to support the change.
-
- * yarr/YarrInterpreter.cpp:
- (JSC::Yarr::Interpreter::matchDisjunction):
- (JSC::Yarr::ByteCompiler::uncheckInput):
- (JSC::Yarr::ByteCompiler::emitDisjunction):
- * yarr/YarrInterpreter.h:
- (JSC::Yarr::ByteTerm::UncheckInput):
-
-2011-03-14 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
-
- Reviewed by Laszlo Gombos.
-
- [Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian.
- https://bugs.webkit.org/show_bug.cgi?id=56133
-
- Add condition to not compile webkit internal math round functions on RVCT compiler versions
- from 3.0.0 because they are already defined in compiler math library.
-
- * wtf/MathExtras.h:
-
-2011-03-14 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Geoffrey Garen & Oliver Hunt.
-
- Bug 56284 - Add a dataflow intermediate representation for use in JIT generation.
-
- The JSC JIT presently generates code directly from the bytecode used by the interpreter.
- This is not an optimal intermediate representation for JIT code generation, since it does
- not capture liveness information of values, and provides little opportunity to perform
- any static analysis for even primitive types. The JIT currently generates two code paths,
- a fast path handling common cases, and a slower path handling less common operand types.
- However the slow path jumps back into the fast path, meaning that information arising
- from the earlier type checks cannot be propagated to later operations.
-
- This patch adds:
- * a dataflow intermediate representation capable of describing a single basic block
- of operations,
- * a mechanism to convert a simple, single-block bytecode functions to the new IR,
- * and a JIT code generator capable of generating code from this representation.
-
- The JIT generates two code paths, with the slower path not reentering the fast path
- mid-block, allowing speculative optimizations to be made on the hot path, with type
- information arising from these speculative decisions able to be propagated through the
- dataflow. Code generation of both speculative and non-speculative paths exploits the type
- and liveness information represented in the dataflow graph to attempt to avoid redundant
- boxing and type-checking of values, and to remove unnecessary spills of temporary values
- to the RegisterFile.
-
- The dataflow JIT currently can only support a subset of bytecode operations, limited to
- arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
- dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
- expanded to include, control-flow, function calls, and then the long-tail of remaining
- bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
- this only supports x86-64.
-
- The status of the dataflow JIT is currently work-in-progress. Limitations of the present
- JIT code generation may cause performance regressions, particularly:
- * the policy to only generate arithmetic code on the speculative path using integer
- instructions, never using floating point.
- * the policy to only generate arithmetic code on the non-speculative path using
- floating point instructions, never using integer.
- * always generating JSValue adds on the non-speculative path as a call out to a
- C-function, never handling this in JIT code.
- * always assuming by-Value property accesses on the speculative path to be array
- accesses.
- * generating all by-Value property accesses from the non-speculative path as a call
- out to a C-function.
- * generating all by-Indentifer property accesses as a call out to a C-function.
- Due to these regressions, the code is landed in a state where it is disabled in most
- cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
- addressed, the JIT will be allowed to trigger in more cases.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Added new files to Xcode project.
- * dfg: Added.
- - Added directory for new code.
- * dfg/DFGByteCodeParser.cpp: Added.
- * dfg/DFGByteCodeParser.h: Added.
- - Contruct a DFG::Graph representation from a bytecode CodeBlock.
- * dfg/DFGGenerationInfo.h: Added.
- - Track type & register information for VirtualRegisters during JIT code generation.
- * dfg/DFGGraph.cpp: Added.
- * dfg/DFGGraph.h: Added.
- - Dataflow graph intermediate representation for code generation.
- * dfg/DFGJITCodeGenerator.cpp: Added.
- * dfg/DFGJITCodeGenerator.h: Added.
- - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
- * dfg/DFGJITCompiler.cpp: Added.
- * dfg/DFGJITCompiler.h: Added.
- - Class responsible for driving code generation of speculativeJIT & non-speculative
- code paths from the dataflow graph.
- * dfg/DFGNonSpeculativeJIT.cpp: Added.
- * dfg/DFGNonSpeculativeJIT.h: Added.
- - Used to generate the non-speculative code path, this make no assumptions
- about operand types.
- * dfg/DFGOperations.cpp: Added.
- * dfg/DFGOperations.h: Added.
- - Helper functions called from the JIT generated code.
- * dfg/DFGRegisterBank.h: Added.
- - Used to track contents of physical registers during JIT code generation.
- * dfg/DFGSpeculativeJIT.cpp: Added.
- * dfg/DFGSpeculativeJIT.h: Added.
- - Used to generate the speculative code path, this make assumptions about
- operand types to enable optimization.
- * runtime/Executable.cpp:
- - Add code to attempt to use the DFG JIT to compile a function, with fallback
- to the existing JIT.
- * wtf/Platform.h:
- - Added compile guards to enable the DFG JIT.
-
-2011-03-14 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed more cases of DeprecatedPtr (exception, SmallStrings)
- https://bugs.webkit.org/show_bug.cgi?id=56332
-
- * runtime/Identifier.cpp:
- (JSC::Identifier::add):
- (JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded
- constant, to make this code less brittle.
-
- * runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because
- this reference is owned and managed directly by the heap.
-
- * runtime/JSString.cpp:
- (JSC::JSString::substringFromRope):
- * runtime/JSString.h:
- (JSC::jsSingleCharacterString):
- (JSC::jsSingleCharacterSubstring):
- (JSC::jsString):
- (JSC::jsStringWithFinalizer):
- (JSC::jsSubstring):
- (JSC::jsOwnedString): Use a variable instead of a hard-coded
- constant, to make this code less brittle.
-
- * runtime/SmallStrings.cpp:
- (JSC::SmallStringsStorage::rep):
- (JSC::SmallStringsStorage::SmallStringsStorage):
- (JSC::SmallStrings::SmallStrings):
- (JSC::SmallStrings::markChildren):
- (JSC::SmallStrings::clear):
- (JSC::SmallStrings::count): Use a variable instead of a hard-coded
- constant, to make this code less brittle.
-
- * runtime/SmallStrings.h:
- (JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of
- DeprecatedPtr because these references are owned and managed directly by
- the heap.
-
- Stop using FixedArray because we only want a very limited set
- of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.)
-
- * runtime/WriteBarrier.h:
- (JSC::operator==):
- (JSC::WriteBarrier::WriteBarrier):
- (JSC::HeapRoot::HeapRoot):
- (JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set
- without write barrier because we assume all HeapRoots are scanned during
- all GC passes.
-
-2011-03-14 Brian Weinstein <bweinstein@apple.com>
-
- Reviewed by Adam Roben and Gavin Barraclough.
-
- FileSystemWin.cpp needs listDirectory() implementation
- https://bugs.webkit.org/show_bug.cgi?id=56331
- <rdar://problem/9126635>
-
- Give StringConcatenate the ability to deal with const UChar*'s as a String type to append.
-
- * wtf/text/StringConcatenate.h:
-
-2011-03-14 Mark Rowe <mrowe@apple.com>
-
- Reviewed by Oliver Hunt.
-
- <http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot
-
- * API/JSClassRef.cpp:
- (OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if
- the class definition contains duplicates. This also removes what look to be leaks
- of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr
- which retains / releases the instances at the appropriate time, so explicitly calling
- ref is not necessary.
-
-2011-03-14 Oliver Hunt <oliver@apple.com>
-
- Fix windows build
-
- * jit/JSInterfaceJIT.h:
- (JSC::JSInterfaceJIT::emitLoadInt32):
- (JSC::JSInterfaceJIT::tagFor):
- (JSC::JSInterfaceJIT::payloadFor):
- (JSC::JSInterfaceJIT::intPayloadFor):
- (JSC::JSInterfaceJIT::intTagFor):
- (JSC::JSInterfaceJIT::addressFor):
-
-2011-03-11 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Ensure all values are correctly tagged in the registerfile
- https://bugs.webkit.org/show_bug.cgi?id=56214
-
- This patch makes sure that all JSCell pointers written to
- the registerfile are correctly tagged as JSCells, and replaces
- raw int usage with the immediate representation.
-
- For performance, register pressure, and general saneness reasons
- I've added abstractions for reading and writing the tag
- and payload of integer registers directly for the JSVALUE64
- encoding.
-
- * interpreter/Register.h:
- (JSC::Register::withInt):
- (JSC::Register::withCallee):
- (JSC::Register::operator=):
- (JSC::Register::i):
- (JSC::Register::activation):
- (JSC::Register::function):
- (JSC::Register::propertyNameIterator):
- (JSC::Register::scopeChain):
- * jit/JIT.h:
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCall):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitPutToCallFrameHeader):
- (JSC::JIT::emitPutCellToCallFrameHeader):
- (JSC::JIT::emitPutIntToCallFrameHeader):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- (JSC::JIT::emit_op_load_varargs):
- (JSC::JIT::emitSlow_op_load_varargs):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- * jit/JSInterfaceJIT.h:
- (JSC::JSInterfaceJIT::intPayloadFor):
- (JSC::JSInterfaceJIT::intTagFor):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::returnJSValue):
- (JSC::SpecializedThunkJIT::returnDouble):
- (JSC::SpecializedThunkJIT::returnInt32):
- (JSC::SpecializedThunkJIT::returnJSCell):
-
-2011-03-13 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- A few Heap-related renames (sans file moves, which should come next)
- https://bugs.webkit.org/show_bug.cgi?id=56283
-
- ConservativeSet => ConservativeRoots. "Set" was misleading, since items
- are not uniqued. Also, "Roots" is more specific about what's in the set.
-
- MachineStackMarker => MachineThreads. "Threads" is more descriptive of
- the fact that this class maintains a set of all threads using JSC.
- "Stack" was misleading, since this class traverses stacks and registers.
- "Mark" was misleading, since this class doesn't mark anything anymore.
-
- registerThread => addCurrentThread. "Current" is more specific.
- unregisterThread => removeCurrentThread. "Current" is more specific.
-
- "currentThreadRegistrar" => threadSpecific. The only point of this data
- structure is to register a thread-specific destructor with a pointer to
- this.
-
- "mark...Conservatively" => "gather". "Mark" is not true, since these
- functions don't mark anything. "Conservatively" is redundant, since they
- take "ConservativeRoots" as an argument.
-
- * API/APIShims.h:
- (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
- * JavaScriptCore.exp:
- * runtime/ConservativeSet.cpp:
- (JSC::ConservativeRoots::grow):
- (JSC::ConservativeRoots::add):
- * runtime/ConservativeSet.h:
- (JSC::ConservativeRoots::ConservativeRoots):
- (JSC::ConservativeRoots::~ConservativeRoots):
- (JSC::ConservativeRoots::size):
- (JSC::ConservativeRoots::roots):
- * runtime/Heap.cpp:
- (JSC::Heap::Heap):
- (JSC::Heap::markRoots):
- * runtime/Heap.h:
- (JSC::Heap::machineThreads):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::makeUsableFromMultipleThreads):
- * runtime/MachineStackMarker.cpp:
- (JSC::MachineThreads::MachineThreads):
- (JSC::MachineThreads::~MachineThreads):
- (JSC::MachineThreads::makeUsableFromMultipleThreads):
- (JSC::MachineThreads::addCurrentThread):
- (JSC::MachineThreads::removeThread):
- (JSC::MachineThreads::removeCurrentThread):
- (JSC::MachineThreads::gatherFromCurrentThreadInternal):
- (JSC::MachineThreads::gatherFromCurrentThread):
- (JSC::MachineThreads::gatherFromOtherThread):
- (JSC::MachineThreads::gatherConservativeRoots):
- * runtime/MachineStackMarker.h:
- * runtime/MarkStack.h:
- (JSC::MarkStack::append):
-
-2011-03-13 David Kilzer <ddkilzer@apple.com>
-
- BUILD FIX for armv7 after r80969
-
- Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
- <https://bugs.webkit.org/show_bug.cgi?id=56270>
-
- * assembler/MacroAssemblerARMv7.h:
- (JSC::MacroAssemblerARMv7::load32): Made void* address argument
- const.
- (JSC::MacroAssemblerARMv7::store32): Ditto.
-
-2011-03-13 Geoffrey Garen <ggaren@apple.com>
-
- Not reviewed.
-
- Try to fix the Mac build.
-
- * JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward
- ConervativeSet.h, since it's now visible when compiling other projects.
-
-2011-03-13 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed another case of DeprecatedPtr (ConservativeSet)
- https://bugs.webkit.org/show_bug.cgi?id=56281
-
- The ConservativeSet is an internal data structure used during marking,
- so direct pointers are fine.
-
- * runtime/ConservativeSet.cpp:
- (JSC::ConservativeSet::grow):
- * runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append.
- (JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated
- the size of the set based on sizeof(DeprecatedPtr<T>*) instead of
- sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not.
- (JSC::ConservativeSet::size):
- (JSC::ConservativeSet::set): Use direct pointers, as stated above.
-
- * runtime/Heap.cpp:
- (JSC::Heap::markRoots):
- * runtime/MarkStack.h:
- (JSC::MarkStack::append): Created a special case of append for
- ConservativeSet. I didn't want to add back a generic "append JSCell*"
- function, since other class might start using that wrong. (In the end,
- this function might go away, since the Heap will want to do something
- slightly more interesting with the conservative set, but this is OK for
- now.)
-
-2011-03-13 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed another case of DeprecatedPtr (PutPropertySlot)
- https://bugs.webkit.org/show_bug.cgi?id=56278
-
- * runtime/PutPropertySlot.h:
- (JSC::PutPropertySlot::setExistingProperty):
- (JSC::PutPropertySlot::setNewProperty):
- (JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot,
- since it's a stack-allocated temporary.
-
-2011-03-13 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Removed one case of DeprecatedPtr (ScopeChainIterator)
- https://bugs.webkit.org/show_bug.cgi?id=56277
-
- * runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator,
- since it's a stack-allocated temporary.
-
-2011-03-13 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 56273 - Add three operand forms to MacroAssember operations.
-
- Adding for X86(_64) for now, should be rolled out to other backends as necessary.
- These may allow more efficient code generation in some cases, avoiding the need
- for unnecessary register-register move instructions.
-
- * assembler/AbstractMacroAssembler.h:
- (JSC::AbstractMacroAssembler::Jump::link):
- (JSC::AbstractMacroAssembler::Jump::linkTo):
- - marked these methods const.
- (JSC::AbstractMacroAssembler::Jump::isSet):
- - add a method to check whether a Jump object has been set to
- reference an instruction, or is in a null, unset state.
- * assembler/MacroAssemblerCodeRef.h:
- (JSC::FunctionPtr::FunctionPtr):
- - add non-explicit constructor, for FunctionPtr's to C/C++ functions.
- * assembler/MacroAssemblerX86Common.h:
- (JSC::MacroAssemblerX86Common::and32):
- (JSC::MacroAssemblerX86Common::lshift32):
- (JSC::MacroAssemblerX86Common::or32):
- (JSC::MacroAssemblerX86Common::rshift32):
- (JSC::MacroAssemblerX86Common::urshift32):
- (JSC::MacroAssemblerX86Common::xor32):
- (JSC::MacroAssemblerX86Common::moveDouble):
- (JSC::MacroAssemblerX86Common::addDouble):
- (JSC::MacroAssemblerX86Common::divDouble):
- (JSC::MacroAssemblerX86Common::subDouble):
- (JSC::MacroAssemblerX86Common::mulDouble):
- (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
- (JSC::MacroAssemblerX86Common::branchTest32):
- (JSC::MacroAssemblerX86Common::branchTest8):
- (JSC::MacroAssemblerX86Common::branchAdd32):
- (JSC::MacroAssemblerX86Common::branchMul32):
- (JSC::MacroAssemblerX86Common::branchSub32):
- - add three operand forms of these instructions.
- * assembler/MacroAssemblerX86_64.h:
- (JSC::MacroAssemblerX86_64::addDouble):
- (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
- (JSC::MacroAssemblerX86_64::loadPtr):
- (JSC::MacroAssemblerX86_64::branchTestPtr):
- * assembler/X86Assembler.h:
- (JSC::X86Assembler::JmpSrc::isSet):
- - add a method to check whether a JmpSrc object has been set to
- reference an instruction, or is in a null, unset state.
- (JSC::X86Assembler::movsd_rr):
- - added FP register-register move.
- (JSC::X86Assembler::linkJump):
- - Add an assert to check jumps aren't linked more than once.
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitLoadInt32ToDouble):
- - load integers to the FPU via regsiters on x86-64.
-
-2011-03-13 Gavin Barraclough <barraclough@apple.com>
-
- ARM build fix.
-
- * assembler/MacroAssemblerARM.h:
- (JSC::MacroAssemblerARM::load32):
-
-2011-03-13 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
-
- The JIT need to 'friend' other classes in order to be able to calculate offsets
- of various properties, or the absolute addresses of members within specific objects,
- in order to JIT generate code that will access members within the class when run.
-
- Instead of using friends in these cases, switch to providing specific accessor
- methods to provide this information. In the case of offsets, these can be static
- functions, and in the case of pointers to members within a specific object these can
- be const methods returning pointers to const values, to prevent clients from
- modifying values otherwise encapsulated within classes.
-
- * bytecode/SamplingTool.h:
- * interpreter/Register.h:
- * interpreter/RegisterFile.h:
- * runtime/JSArray.h:
- * runtime/JSCell.h:
- * runtime/JSTypeInfo.h:
- * runtime/JSVariableObject.h:
- * runtime/Structure.h:
- * wtf/RefCounted.h:
- - Change these classes to no longer friend the JIT, add accessors for member offsets.
- * jit/JIT.cpp:
- * jit/JITCall32_64.cpp:
- * jit/JITInlineMethods.h:
- * jit/JITOpcodes.cpp:
- * jit/JITOpcodes32_64.cpp:
- * jit/JITPropertyAccess.cpp:
- * jit/JITPropertyAccess32_64.cpp:
- - Change the JIT to use class accessors, rather than taking object ofsets directly.
- * assembler/AbstractMacroAssembler.h:
- * assembler/MacroAssemblerX86_64.h:
- * assembler/X86Assembler.h:
- - Since the accessors for objects members return const pointers to retain encapsulation,
- methods generating code with absolute addresses must be able to handle const pointers
- (the JIT doesn't write to these values, do dies treat the pointer to value as const
- from within the C++ code of the JIT, if not at runtime!).
-
-2011-03-12 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r80919.
- http://trac.webkit.org/changeset/80919
- https://bugs.webkit.org/show_bug.cgi?id=56251
-
- all windows bots failed to compile this change (Requested by
- loislo on #webkit).
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecode/StructureStubInfo.cpp:
- * interpreter/Register.h:
- (JSC::Register::withInt):
- (JSC::Register::withCallee):
- (JSC::Register::operator=):
- (JSC::Register::i):
- (JSC::Register::activation):
- (JSC::Register::function):
- (JSC::Register::propertyNameIterator):
- (JSC::Register::scopeChain):
- * jit/JIT.h:
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCall):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitPutToCallFrameHeader):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- (JSC::JIT::emit_op_load_varargs):
- (JSC::JIT::emitSlow_op_load_varargs):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- * jit/JSInterfaceJIT.h:
- (JSC::JSInterfaceJIT::payloadFor):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::returnJSValue):
- (JSC::SpecializedThunkJIT::returnDouble):
- (JSC::SpecializedThunkJIT::returnInt32):
- (JSC::SpecializedThunkJIT::returnJSCell):
- * runtime/ArgList.cpp:
- * runtime/DateConversion.cpp:
- * runtime/GCActivityCallbackCF.cpp:
- * runtime/Identifier.cpp:
- * runtime/JSActivation.h:
- (JSC::asActivation):
- * runtime/JSLock.cpp:
- * runtime/JSNumberCell.cpp:
- * runtime/JSObject.h:
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSValue.h:
- * runtime/JSZombie.cpp:
- * runtime/MarkedBlock.cpp:
- * runtime/MarkedSpace.cpp:
- * runtime/PropertyNameArray.cpp:
- * runtime/ScopeChain.h:
- (JSC::ExecState::globalThisValue):
- * wtf/DateMath.cpp:
-
-2011-03-11 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Ensure all values are correctly tagged in the registerfile
- https://bugs.webkit.org/show_bug.cgi?id=56214
-
- This patch makes sure that all JSCell pointers written to
- the registerfile are correctly tagged as JSCells, and replaces
- raw int usage with the immediate representation.
-
- For performance, register pressure, and general saneness reasons
- I've added abstractions for reading and writing the tag
- and payload of integer registers directly for the JSVALUE64
- encoding.
-
- * interpreter/Register.h:
- (JSC::Register::withInt):
- (JSC::Register::withCallee):
- (JSC::Register::operator=):
- (JSC::Register::i):
- (JSC::Register::activation):
- (JSC::Register::function):
- (JSC::Register::propertyNameIterator):
- (JSC::Register::scopeChain):
- * jit/JIT.h:
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::compileOpCallVarargs):
- (JSC::JIT::compileOpCall):
- (JSC::JIT::compileOpCallSlowCase):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitPutToCallFrameHeader):
- (JSC::JIT::emitPutCellToCallFrameHeader):
- (JSC::JIT::emitPutIntToCallFrameHeader):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- (JSC::JIT::emit_op_load_varargs):
- (JSC::JIT::emitSlow_op_load_varargs):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::privateCompileCTINativeCall):
- (JSC::JIT::emit_op_get_pnames):
- (JSC::JIT::emit_op_next_pname):
- * jit/JSInterfaceJIT.h:
- (JSC::JSInterfaceJIT::intPayloadFor):
- (JSC::JSInterfaceJIT::intTagFor):
- * jit/SpecializedThunkJIT.h:
- (JSC::SpecializedThunkJIT::returnJSValue):
- (JSC::SpecializedThunkJIT::returnDouble):
- (JSC::SpecializedThunkJIT::returnInt32):
- (JSC::SpecializedThunkJIT::returnJSCell):
-
-2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
-
- Reviewed by Eric Seidel.
-
- Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner.
- https://bugs.webkit.org/show_bug.cgi?id=56231
-
- * JavaScriptCore.gypi: Added project_dir variable.
- * gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore.
- * gyp/generate-dtrace-header.sh: Changed to use project_dir.
-
-2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
-
- Reviewed by Adam Barth.
-
- Start using derived sources correctly and link minidom with JavaScriptCore gyp project.
- https://bugs.webkit.org/show_bug.cgi?id=56217
-
- * gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory
- to the scripts.
- * gyp/generate-derived-sources.sh: Changed to use passed directory.
- * gyp/generate-dtrace-header.sh: Ditto.
-
-2011-03-11 Eric Carlson <eric.carlson@apple.com>
-
- Reviewed by Sam Weinig.
-
- <rdar://problem/8955589> Adopt AVFoundation media back end on Lion.
-
- No new tests, existing media tests cover this.
-
- * JavaScriptCore.exp: Export cancelCallOnMainThread
- * wtf/Platform.h: Define WTF_USE_AVFOUNDATION.
-
-2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
-
- Reviewed by Adam Barth.
-
- Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project.
- https://bugs.webkit.org/show_bug.cgi?id=56207
-
- * JavaScriptCore.gypi: Added Tracing.d to the sources.
- * gyp/generate-dtrace-header.sh: Added.
- * gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them),
- and added DTrace header generating step.
-
-2011-03-10 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Fix allocation of native function with a cached thunk
- https://bugs.webkit.org/show_bug.cgi?id=56127
-
- Fix this race condition found while fixing zombies.
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::clearWeakPointers):
- * runtime/Heap.cpp:
- (JSC::Heap::reset):
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::markChildren):
- * runtime/JSValue.h:
- (JSC::JSValue::decode):
- * runtime/JSZombie.cpp:
- (JSC::JSZombie::leakedZombieStructure):
- * runtime/JSZombie.h:
- (JSC::JSZombie::createStructure):
- * runtime/MarkedBlock.cpp:
-
-2011-03-10 Luiz Agostini <luiz.agostini@openbossa.org>
-
- Reviewed by Andreas Kling.
-
- [Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently)
- https://bugs.webkit.org/show_bug.cgi?id=33008
-
- Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally.
- Symbian is excluded because pthread_kill does not work on it. Mac is excluded because
- it has its own ways to do JSC threading.
-
- Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true.
-
- * runtime/MachineStackMarker.cpp:
- * wtf/Platform.h:
-
-2011-03-10 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Bug 56077 - ES5 conformance issues with RegExp.prototype
-
- There are three issues causing test failures in sputnik.
-
- (1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden).
- (2) The 'length' property of the test/exec functions should be 1.
- (3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input.
-
- * runtime/RegExpObject.cpp:
- (JSC::RegExpObject::markChildren):
- - Added to mark lastIndex
- (JSC::regExpObjectLastIndex):
- (JSC::setRegExpObjectLastIndex):
- - lastIndex is now stored as a JSValue.
- (JSC::RegExpObject::match):
- - Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double).
- * runtime/RegExpObject.h:
- (JSC::RegExpObject::setLastIndex):
- (JSC::RegExpObject::setLastIndex):
- - Set lastIndex, either from a size_t or a JSValue.
- (JSC::RegExpObject::getLastIndex):
- - Get lastIndex.
- (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
- - Initialize as a JSValue.
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- - Add test/exec properties with length 1.
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- - Do not read RegExp.input if none is provided.
- * tests/mozilla/js1_2/regexp/RegExp_input.js:
- * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js:
- - Update these tests (they relied on non-ES5 behaviour).
-
-2011-03-10 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Rolled back in 80277 and 80280 with event handler layout test failures fixed.
- https://bugs.webkit.org/show_bug.cgi?id=55653
-
- The failures were caused by a last minute typo: assigning to currentEvent
- instead of m_currentEvent.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecompiler/BytecodeGenerator.cpp:
- * jit/JITOpcodes.cpp:
- * jit/JITOpcodes32_64.cpp:
- * runtime/Arguments.h:
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSCell.h:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSVariableObject.h:
- * runtime/MarkedSpace.cpp:
- * runtime/MarkedSpace.h:
-
-2011-03-09 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- jquery/manipulation.html fails after r80598
- https://bugs.webkit.org/show_bug.cgi?id=56019
-
- When linking a call, codeblock now takes ownership of the linked function
- This removes the need for unlinking, and thus the incorrectness that was
- showing up in these tests.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::~CodeBlock):
- (JSC::CodeBlock::markAggregate):
- * bytecode/CodeBlock.h:
- (JSC::CallLinkInfo::CallLinkInfo):
- (JSC::CallLinkInfo::setUnlinked):
- (JSC::CodeBlock::addCaller):
- * jit/JIT.cpp:
- (JSC::JIT::privateCompile):
- (JSC::JIT::linkCall):
- (JSC::JIT::linkConstruct):
- * jit/JIT.h:
- * runtime/Executable.cpp:
- * runtime/Executable.h:
-
-2011-03-09 Daniel Bates <dbates@rim.com>
-
- Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684>
- (Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>).
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError().
-
-2011-03-09 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 56041 - RexExp constructor should only accept flags "gim"
- Fix for issues introduced in r80667.
-
- Invalid flags to a RegExp literal are a late syntax error!
-
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::addRegExp):
- - Pass a PassRefPtr<RegExp>
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addRegExp):
- (JSC::BytecodeGenerator::emitNewRegExp):
- * bytecompiler/BytecodeGenerator.h:
- - Pass a PassRefPtr<RegExp>
- * bytecompiler/NodesCodegen.cpp:
- (JSC::RegExpNode::emitBytecode):
- - Should not be ASSERTing that the flags are valid - this is a late(er) error.
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- - Need to check for error from RegExp constructor.
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- - Need to check for error from RegExp constructor.
- * runtime/RegExp.h:
- (JSC::RegExp::isValid):
- - Make isValid check that the regexp was created with valid flags.
- * runtime/RegExpKey.h:
- - Since we'll not create RegExp objects with invalid flags, separate out the deleted value.
-
-2011-03-09 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix part 2.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-09 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix part 1.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-09 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Darin Adler.
-
- Bug 56041 - RexExp constructor should only accept flags "gim"
- We also should be passing the flags around as a bitfield rather than a string,
- and should not have redundant, incompatible code for converting the string to a bitfield!
-
- * JavaScriptCore.exp:
- * bytecompiler/NodesCodegen.cpp:
- (JSC::RegExpNode::emitBytecode):
- - Need to parse flags string to enum.
- * runtime/RegExp.cpp:
- (JSC::regExpFlags):
- (JSC::RegExp::RegExp):
- (JSC::RegExp::create):
- - Add method to parse flags string to enum, change constructor/create args to take enum.
- * runtime/RegExp.h:
- (JSC::RegExp::global):
- (JSC::RegExp::ignoreCase):
- (JSC::RegExp::multiline):
- - Change to use new enum values.
- * runtime/RegExpCache.cpp:
- (JSC::RegExpCache::lookupOrCreate):
- (JSC::RegExpCache::create):
- * runtime/RegExpCache.h:
- - Changed to use regExpFlags enum instead of int/const UString&.
- * runtime/RegExpConstructor.cpp:
- (JSC::constructRegExp):
- - Add use new enum parsing, check for error.
- * runtime/RegExpKey.h:
- (JSC::RegExpKey::RegExpKey):
- * runtime/RegExpPrototype.cpp:
- (JSC::RegExpPrototype::RegExpPrototype):
- - Pass NoFlags value instead of empty string.
- (JSC::regExpProtoFuncCompile):
- - Add use new enum parsing, check for error.
- * runtime/StringPrototype.cpp:
- (JSC::stringProtoFuncMatch):
- (JSC::stringProtoFuncSearch):
- - Pass NoFlags value instead of empty string.
-
-2011-03-08 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig
-
- Bug 55994 - Functions on Array.prototype should check length first.
- These methods are designed to work on generic objects too, and if 'length'
- is a getter that throws an exception, ensure this is correctly thrown
- (even if other exceptions would be thrown, too).
-
- Make the length check the first thing we do.
- This change shows a progression on SunSpider on my machine, but this is likely bogus.
-
- * runtime/ArrayPrototype.cpp:
- (JSC::arrayProtoFuncToString):
- (JSC::arrayProtoFuncToLocaleString):
- (JSC::arrayProtoFuncJoin):
- (JSC::arrayProtoFuncPop):
- (JSC::arrayProtoFuncPush):
- (JSC::arrayProtoFuncReverse):
- (JSC::arrayProtoFuncShift):
- (JSC::arrayProtoFuncSlice):
- (JSC::arrayProtoFuncSort):
- (JSC::arrayProtoFuncSplice):
- (JSC::arrayProtoFuncUnShift):
- (JSC::arrayProtoFuncFilter):
- (JSC::arrayProtoFuncMap):
- (JSC::arrayProtoFuncEvery):
- (JSC::arrayProtoFuncForEach):
- (JSC::arrayProtoFuncSome):
- (JSC::arrayProtoFuncReduce):
- (JSC::arrayProtoFuncReduceRight):
- (JSC::arrayProtoFuncIndexOf):
- (JSC::arrayProtoFuncLastIndexOf):
-
-2011-03-07 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make CodeBlock GC write barrier safe
- https://bugs.webkit.org/show_bug.cgi?id=55910
-
- In order to make CodeBlock WriteBarrier safe it was necessary
- to make it have a single GC owner, and for that reason I have
- made ExecutableBase a GC allocated object. This required
- updating their creation routines as well as all sites that hold
- a reference to them. GC objects that held Executable's have been
- converted to WriteBarriers, and all other sites now use Global<>.
-
- As an added benefit this gets rid of JSGlobalData's list of
- GlobalCodeBlocks.
-
- Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression
- on SunSpider. Given none of the tests that show regressions
- demonstrate a regression on their own, and sampling shows up nothing.
- I suspect we're just getting one or two additional gc passes at
- the end of the run.
-
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::dump):
- (JSC::CodeBlock::CodeBlock):
- (JSC::EvalCodeCache::markAggregate):
- (JSC::CodeBlock::markAggregate):
- * bytecode/CodeBlock.h:
- (JSC::CodeBlock::ownerExecutable):
- (JSC::CodeBlock::addConstant):
- (JSC::CodeBlock::constantRegister):
- (JSC::CodeBlock::getConstant):
- (JSC::CodeBlock::addFunctionDecl):
- (JSC::CodeBlock::addFunctionExpr):
- (JSC::GlobalCodeBlock::GlobalCodeBlock):
- (JSC::ExecState::r):
- * bytecode/EvalCodeCache.h:
- (JSC::EvalCodeCache::get):
- * bytecode/SamplingTool.h:
- (JSC::ScriptSampleRecord::ScriptSampleRecord):
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::addConstantValue):
- (JSC::BytecodeGenerator::emitEqualityOp):
- * bytecompiler/BytecodeGenerator.h:
- (JSC::BytecodeGenerator::makeFunction):
- * debugger/Debugger.cpp:
- (JSC::evaluateInGlobalCallFrame):
- * debugger/DebuggerCallFrame.cpp:
- (JSC::DebuggerCallFrame::evaluate):
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::callEval):
- * jit/JITInlineMethods.h:
- (JSC::JIT::emitLoadDouble):
- (JSC::JIT::emitLoadInt32ToDouble):
- * jit/JITStubs.cpp:
- (JSC::JITThunks::JITThunks):
- (JSC::JITThunks::hostFunctionStub):
- (JSC::JITThunks::clearHostFunctionStubs):
- * jit/JITStubs.h:
- * runtime/Completion.cpp:
- (JSC::checkSyntax):
- (JSC::evaluate):
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::EvalExecutable):
- (JSC::ProgramExecutable::ProgramExecutable):
- (JSC::FunctionExecutable::FunctionExecutable):
- (JSC::FunctionExecutable::~FunctionExecutable):
- (JSC::EvalExecutable::markChildren):
- (JSC::ProgramExecutable::markChildren):
- (JSC::FunctionExecutable::markChildren):
- (JSC::FunctionExecutable::fromGlobalCode):
- * runtime/Executable.h:
- (JSC::ExecutableBase::ExecutableBase):
- (JSC::ExecutableBase::createStructure):
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::NativeExecutable):
- (JSC::VPtrHackExecutable::VPtrHackExecutable):
- (JSC::ScriptExecutable::ScriptExecutable):
- (JSC::EvalExecutable::create):
- (JSC::EvalExecutable::createStructure):
- (JSC::ProgramExecutable::create):
- (JSC::ProgramExecutable::createStructure):
- (JSC::FunctionExecutable::create):
- (JSC::FunctionExecutable::createStructure):
- * runtime/FunctionConstructor.cpp:
- (JSC::constructFunction):
- * runtime/Heap.cpp:
- (JSC::Heap::destroy):
- (JSC::Heap::markRoots):
- * runtime/Heap.h:
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::JSActivation):
- (JSC::JSActivation::markChildren):
- * runtime/JSActivation.h:
- (JSC::JSActivation::JSActivationData::JSActivationData):
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::~JSFunction):
- (JSC::JSFunction::markChildren):
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::storeVPtrs):
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::getHostFunction):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncEval):
- * runtime/JSObject.cpp:
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::markChildren):
- * runtime/JSStaticScopeObject.h:
- (JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
- (JSC::JSStaticScopeObject::JSStaticScopeObject):
- * runtime/JSZombie.cpp:
- (JSC::JSZombie::leakedZombieStructure):
- * runtime/JSZombie.h:
- (JSC::JSZombie::createStructure):
- * runtime/MarkedSpace.h:
-
-2011-03-07 Andy Estes <aestes@apple.com>
-
- Reviewed by Dan Bernstein.
-
- REGRESSION (r79060): Timestamp is missing from tweets in twitter.
- https://bugs.webkit.org/show_bug.cgi?id=55228
-
- A change to the date parser to handle the case where the year is
- specified before the time zone inadvertently started accepting strings
- such as '+0000' as valid years. Those strings actually represent time
- zones in an offset of hours and minutes from UTC, not years.
-
- * wtf/DateMath.cpp:
- (WTF::parseDateFromNullTerminatedCharacters): If the current character
- in dateString is '+' or '-', do not try to parse the next token as a
- year.
-
-2011-03-06 Yuta Kitamura <yutak@chromium.org>
-
- Reviewed by Kent Tamura.
-
- Add SHA-1 for new WebSocket protocol
- https://bugs.webkit.org/show_bug.cgi?id=55039
-
- The code is based on Chromium's portable SHA-1 implementation
- (src/base/sha1_portable.cc). Modifications were made in order
- to make the code comply with WebKit coding style.
-
- * GNUmakefile.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * wtf/CMakeLists.txt:
- * wtf/MD5.cpp:
- (WTF::MD5::MD5):
- * wtf/SHA1.cpp: Added.
- (WTF::testSHA1): This function will be run the first time SHA1
- constructor is called. This function computes a few hash values
- and checks the results in debug builds. However, constructor is
- probably not a good place to run these tests, so we need to find
- a good place for it (bug 55853).
- (WTF::expectSHA1):
- (WTF::f):
- (WTF::k):
- (WTF::rotateLeft):
- (WTF::SHA1::SHA1):
- (WTF::SHA1::addBytes):
- (WTF::SHA1::computeHash):
- (WTF::SHA1::finalize):
- (WTF::SHA1::processBlock):
- (WTF::SHA1::reset):
- * wtf/SHA1.h: Added.
- (WTF::SHA1::addBytes):
- * wtf/wtf.pri:
-
-2011-03-05 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Add Derived Sources to WebCore GYP build
- https://bugs.webkit.org/show_bug.cgi?id=55813
-
- Rename the action to be friendlier.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-03-04 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
-
- Reviewed by Laszlo Gombos.
-
- [Qt] Need symbian version of cryptographicallyRandomValuesFromOS
- https://bugs.webkit.org/show_bug.cgi?id=55782
-
- Implement Symbian version of cryptographicallyRandomValuesFromOS
-
- * wtf/OSRandomSource.cpp:
- (WTF::cryptographicallyRandomValuesFromOS):
-
-2011-03-04 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Cameron Zwarich.
-
- Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible().
-
- * runtime/JSObject.cpp:
- (JSC::JSObject::defineOwnProperty):
- Add missing check.
-
-2011-03-04 Gavin Barraclough <barraclough@apple.com>
-
- Rubber stamped by olliej.
-
- Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::privateExecute):
- (1) don't infinite loop.
- (2) goto 1.
-
-2011-03-04 Gavin Barraclough <barraclough@apple.com>
-
- cmake build fix.
-
- * CMakeLists.txt:
-
-2011-03-04 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Add Copy Files step to JavaScriptCore GYP build for apitest and minidom
- https://bugs.webkit.org/show_bug.cgi?id=55798
-
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
-
-2011-03-04 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Remove unneeded round-trips through ../Source in the Chromium GYP build
- https://bugs.webkit.org/show_bug.cgi?id=55795
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-03-04 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Use target_defaults to reduce boilerplate in GYP build system
- https://bugs.webkit.org/show_bug.cgi?id=55790
-
- Instead of setting up the configuration in each target, just defer to
- target_defaults. Also, removed a define that was redundant with the
- xcconfig.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-03-03 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 55736 - Implement seal/freeze/preventExtensions for normal object types.
- Provide basic functionallity from section 15.2.4 of ECMA-262.
- This support will need expanding to cover arrays, too.
-
- Shows a 0.5% progression on SunSpidey, this seems to be due to changing
- ObjectConstructor to use a static table.
-
- * DerivedSources.make:
- * JavaScriptCore.exp:
- * interpreter/CallFrame.h:
- (JSC::ExecState::objectConstructorTable):
- Add a static table for ObjectConstructor.
- * runtime/CommonIdentifiers.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- (JSC::JSGlobalData::~JSGlobalData):
- Add a static table for ObjectConstructor.
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::reset):
- Add a static table for ObjectConstructor.
- * runtime/JSObject.cpp:
- (JSC::JSObject::seal):
- (JSC::JSObject::freeze):
- (JSC::JSObject::preventExtensions):
- Transition the object's structure.
- (JSC::JSObject::defineOwnProperty):
- Check isExtensible.
- * runtime/JSObject.h:
- (JSC::JSObject::isSealed):
- (JSC::JSObject::isFrozen):
- (JSC::JSObject::isExtensible):
- These wrap method on structure.
- (JSC::JSObject::putDirectInternal):
- Check isExtensible.
- * runtime/ObjectConstructor.cpp:
- (JSC::ObjectConstructor::ObjectConstructor):
- (JSC::ObjectConstructor::getOwnPropertySlot):
- (JSC::ObjectConstructor::getOwnPropertyDescriptor):
- Change ObjectConstructor to use a static table.
- (JSC::objectConstructorSeal):
- (JSC::objectConstructorFreeze):
- (JSC::objectConstructorPreventExtensions):
- (JSC::objectConstructorIsSealed):
- (JSC::objectConstructorIsFrozen):
- (JSC::objectConstructorIsExtensible):
- Add new methods on Object.
- * runtime/ObjectConstructor.h:
- (JSC::ObjectConstructor::createStructure):
- * runtime/Structure.cpp:
- (JSC::Structure::Structure):
- init/propagate m_preventExtensions
- (JSC::Structure::sealTransition):
- (JSC::Structure::freezeTransition):
- (JSC::Structure::preventExtensionsTransition):
- transition the structure, materializing the property map, setting m_preventExtensions & changing attributes.
- (JSC::Structure::isSealed):
- (JSC::Structure::isFrozen):
- check attributes to detect if object is sealed/frozen.
- * runtime/Structure.h:
- (JSC::Structure::isExtensible):
- checks the m_preventExtensions flag.
-
-2011-03-04 Steve Falkenburg <sfalken@apple.com>
-
- Reviewed by Jon Honeycutt.
-
- Adopt VersionStamper tool for Windows WebKit DLLs
- https://bugs.webkit.org/show_bug.cgi?id=55784
- <rdar://problem/9021273>
-
- We now use a tool to stamp the version number onto the Apple WebKit DLLs
- during the post-build step.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed.
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:
-
-2011-03-04 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- JavaScriptCore GYP build should use a header map
- https://bugs.webkit.org/show_bug.cgi?id=55712
-
- This patch moves the os-win32 files into their own variable so that we
- can use a header map in the Apple Mac Xcode build. The problem is that
- the header map searches the whole project rather than just the files
- included in a given target. Another solution to this problem is to
- make GYP smarter about filtering out what files are added to the
- project file.
-
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
-
-2011-03-03 Ryosuke Niwa <rniwa@webkit.org>
-
- Reviewed by Darin Adler.
-
- Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h
- https://bugs.webkit.org/show_bug.cgi?id=55554
-
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0.
- (JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer.
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::addStaticGlobals): Ditto.
- * wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR
- (WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t.
-
-2011-03-03 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Add jsc to JavaScriptCore GYP build
- https://bugs.webkit.org/show_bug.cgi?id=55711
-
- * JavaScriptCore.gypi:
- - Move jsc.cpp into jsc_files because it's really part of the jsc
- target.
- * JavaScriptCore.xcodeproj/project.pbxproj:
- - Remove extraneous files from the normal jsc build. I probably
- added these by mistake at some point.
- * gyp/JavaScriptCore.gyp:
- - Add the jsc target to the GYP file.
-
-2011-03-03 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Add testapi to JavaScriptCore GYP build
- https://bugs.webkit.org/show_bug.cgi?id=55707
-
- The new testapi target is slightly incomplete. There's a resource
- copying step that we don't quite have yet.
-
- This patch also cleans up some of the configuration issues in
- JavaScriptCore.xcodeproj. It seems kind of wordy to repeat these for
- each target. I suspect there's a more compact way of defining the
- configurations, but this removes the "Default" configuration, which is
- progress.
-
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
-
-2011-03-03 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Teach JavaScriptCore GYP build about private headers
- https://bugs.webkit.org/show_bug.cgi?id=55532
-
- This patch distinguishes between public and private framework headers
- so that public headers are copied into the Headers directory and
- private headers are copied into the PrivateHeaders directory.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-03-03 Geoffrey Garen <ggaren@apple.com>
-
- Rolled out 80277 and 80280 because they caused event handler layout test
- failures.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecompiler/BytecodeGenerator.cpp:
- * jit/JITOpcodes.cpp:
- * jit/JITOpcodes32_64.cpp:
- * runtime/Arguments.h:
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSCell.h:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h:
- * runtime/JSObject.cpp:
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSVariableObject.h:
- * runtime/MarkedSpace.cpp:
- * runtime/MarkedSpace.h:
-
-2011-03-03 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Build fix. Alter order of headers included to make sure windows.h
- is configured by wx, and skip Posix implementation file we don't use on Win.
-
- * wscript:
- * wtf/wx/StringWx.cpp:
-
-2011-03-03 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- JSVariableObject needs to use WriteBarrier for symboltable property storage
- https://bugs.webkit.org/show_bug.cgi?id=55698
-
- Replace the direct usage of Register in JSVariableObject (and descendents)
- with WriteBarrier. This requires updating the Arguments object to use
- WriteBarrier as well.
-
- * interpreter/Interpreter.cpp:
- (JSC::Interpreter::unwindCallFrame):
- (JSC::Interpreter::privateExecute):
- (JSC::Interpreter::retrieveArguments):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * runtime/ArgList.h:
- (JSC::MarkedArgumentBuffer::initialize):
- * runtime/Arguments.cpp:
- (JSC::Arguments::markChildren):
- (JSC::Arguments::copyToRegisters):
- (JSC::Arguments::fillArgList):
- (JSC::Arguments::getOwnPropertySlot):
- (JSC::Arguments::getOwnPropertyDescriptor):
- (JSC::Arguments::put):
- * runtime/Arguments.h:
- (JSC::Arguments::setActivation):
- (JSC::Arguments::Arguments):
- (JSC::Arguments::copyRegisters):
- (JSC::JSActivation::copyRegisters):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::markChildren):
- (JSC::JSActivation::symbolTableGet):
- (JSC::JSActivation::symbolTablePut):
- (JSC::JSActivation::symbolTablePutWithAttributes):
- (JSC::JSActivation::put):
- (JSC::JSActivation::putWithAttributes):
- (JSC::JSActivation::argumentsGetter):
- * runtime/JSActivation.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::put):
- (JSC::JSGlobalObject::putWithAttributes):
- (JSC::JSGlobalObject::markChildren):
- (JSC::JSGlobalObject::copyGlobalsFrom):
- (JSC::JSGlobalObject::copyGlobalsTo):
- (JSC::JSGlobalObject::resizeRegisters):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::setRegisters):
- (JSC::JSGlobalObject::addStaticGlobals):
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::put):
- (JSC::JSStaticScopeObject::putWithAttributes):
- * runtime/JSVariableObject.cpp:
- (JSC::JSVariableObject::symbolTableGet):
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::registerAt):
- (JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
- (JSC::JSVariableObject::symbolTableGet):
- (JSC::JSVariableObject::symbolTablePut):
- (JSC::JSVariableObject::symbolTablePutWithAttributes):
- (JSC::JSVariableObject::copyRegisterArray):
- (JSC::JSVariableObject::setRegisters):
-
-2011-03-03 Geoffrey Garen <ggaren@apple.com>
-
- Try to fix Windows build.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol.
-
- * runtime/JSStaticScopeObject.cpp:
- (JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function
- inline -- it's virtual.
-
-2011-03-02 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- Moved all variable object storage inline -- upping the object size limit to 1K
- https://bugs.webkit.org/show_bug.cgi?id=55653
-
- * JavaScriptCore.exp:
- * bytecompiler/BytecodeGenerator.cpp:
- * jit/JITOpcodes.cpp:
- * runtime/Arguments.h:
- * runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_.
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class
- to accomodate objects up to 1K.
-
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_.
-
- * runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum
- object size, since it doesn't anymore.
-
- * runtime/JSStaticScopeObject.cpp:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K.
-
-2011-03-03 Timothy Hatcher <timothy@apple.com>
-
- Make APIShims usable from WebCore.
-
- Reviewed by Oliver Hunt.
-
- * ForwardingHeaders/JavaScriptCore/APIShims.h: Added.
- * GNUmakefile.am:
- * JavaScriptCore.exp:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-03-03 Peter Varga <pvarga@webkit.org>
-
- Reviewed by Oliver Hunt.
-
- Begin Characters Optimization Causes YARR Interpreter Errors
- https://bugs.webkit.org/show_bug.cgi?id=55479
-
- The addBeginTerm function is removed because it doesn't correctly handle those
- cases when an "invalid" term has been
- collected (e.g. CharacterClass). Move the removed function to the
- setupAlternativeBeginTerms method's switch-case
- where the non-allowed cases are correctly handled.
-
- Reenable the Beginning Character Optimization in the YARR Interpreter again.
-
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms):
- (JSC::Yarr::YarrPattern::compile):
-
-2011-03-02 Jessie Berlin <jberlin@apple.com>
-
- Reviewed by Adam Roben.
-
- WebKit2: Use CFNetwork Sessions API.
- https://bugs.webkit.org/show_bug.cgi?id=55435
-
- Add the ability to create a Private Browsing storage session.
-
- * wtf/Platform.h:
- Add a new #define for using CF Storage Sessions.
-
-2011-03-02 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Remove "register slot" concept from PropertySlot
- https://bugs.webkit.org/show_bug.cgi?id=55621
-
- PropertySlot had already stopped storing Register "slots"
- so this patch is simply removing that api entirely.
- This exposed a problem in the ProgramNode constructor for
- BytecodeGenerator where it reads from the registerfile
- before it has initialised it.
-
- This bug wasn't a problem before as we were merely testing
- for property existence rather than the actual value, and
- used to work because setRegisterSlot didn't check that the
- provided slot contained an initialised value.
-
- To get around this issue we now use symbolTableHasProperty
- to do the symbol table check without trying to read the
- RegisterFile.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator):
- * runtime/Arguments.cpp:
- (JSC::Arguments::getOwnPropertySlot):
- * runtime/JSActivation.cpp:
- (JSC::JSActivation::symbolTableGet):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::symbolTableHasProperty):
- * runtime/JSVariableObject.h:
- (JSC::JSVariableObject::symbolTableGet):
- * runtime/PropertySlot.h:
-
-2011-03-02 Daniel Cheng <dcheng@chromium.org>
-
- Reviewed by David Levin.
-
- Add feature define for data transfer items
- https://bugs.webkit.org/show_bug.cgi?id=55510
-
- * Configurations/FeatureDefines.xcconfig:
- * wtf/Platform.h:
-
-2011-03-02 Adam Roben <aroben@apple.com>
-
- Delete old .res files whenever any .vsprops file changes
-
- Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to
- fail
-
- Reviewed by Tony Chang.
-
- * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
- (main): Restructured code to loop over a set of file extensions, deleting any old files that
- have that extension. Now deletes .res files, too. (We previously deleted any file matching
- *.manifest*, but that turned out to just be the union of *.manifest and *.res.)
-
-2011-03-02 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Teach JavaScriptCore GYP build how to build minidom
- https://bugs.webkit.org/show_bug.cgi?id=55536
-
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
-
-2011-03-01 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- JavaScriptCore GYP build should copy some headers into the target framework
- https://bugs.webkit.org/show_bug.cgi?id=55524
-
- After this patch, all the framework headers are exported as public
- headers. We need to teach GYP how to handle private headers.
-
- I struggled to determine how to store the information about whether a
- header was public, private, or project (i.e., not exported).
- Generally, the GYPI should just list the files, but it seemed siliy to
- have an almost duplicated list of files in the GYP file itself. If
- this design doesn't scale, we might have to revisit it in the future.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
- * gyp/JavaScriptCore.gyp:
-
-2011-03-01 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r80079.
- http://trac.webkit.org/changeset/80079
- https://bugs.webkit.org/show_bug.cgi?id=55547
-
- "Broke the Win debug build?" (Requested by dcheng on #webkit).
-
- * wtf/Platform.h:
-
-2011-03-01 Daniel Cheng <dcheng@chromium.org>
-
- Reviewed by David Levin.
-
- Add feature define for data transfer items
- https://bugs.webkit.org/show_bug.cgi?id=55510
-
- * wtf/Platform.h:
-
-2011-03-01 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Joseph Pecoraro.
-
- Misaligned memory access in CloneDeserializer on all ARM arch.
- https://bugs.webkit.org/show_bug.cgi?id=48742
-
- Add a CPU class for architectures that need aligned addresses
- for memory access.
-
- * wtf/Platform.h:
-
-2011-03-01 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Add pre- and post-build actions for JavaScriptCore GYP build
- https://bugs.webkit.org/show_bug.cgi?id=55507
-
- After this patch, we have all the steps for building the main
- JavaScriptCore framework except the "copy headers" step, which I'll do
- next.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-03-01 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Rolled back in r79627 now that the underlying cause for it crashing is fixed.
- https://bugs.webkit.org/show_bug.cgi?id=55159
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/Heap.cpp:
- (JSC::Heap::allocateSlowCase):
- * runtime/Heap.h:
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedSpace::sizeClassFor):
- (JSC::JSCell::Heap::allocate):
- (JSC::JSCell::JSCell::operator new):
- * runtime/MarkedBlock.h:
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::SizeClass::SizeClass):
-
-2011-03-01 Mark Rowe <mrowe@apple.com>
-
- Reviewed by Sam Weinig.
-
- Replace two script phases that do nothing but copy files with copy files build phases.
-
- This speeds up the build by a few seconds on high-end Mac Pros.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-03-01 David Kilzer <ddkilzer@apple.com>
-
- Spring cleaning!
-
- Rubber-stamped by Mark Rowe.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- (Copy Into Framework): Remove "set -x" and its comment.
-
-2011-03-01 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Darin Adler.
-
- TinyMCE not working in nightlies
- https://bugs.webkit.org/show_bug.cgi?id=54978
-
- Disabling setupBeginChars() to temporarily work arround the test
- failure. Filed https://bugs.webkit.org/show_bug.cgi?id=55479
- to track fixing the issue.
-
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPattern::compile):
-
-2011-02-23 Joseph Pecoraro <joepeck@webkit.org>
-
- Reviewed by Kenneth Rohde Christiansen.
-
- Viewport parsing no longer accepts "1.0;" value as valid.
- https://bugs.webkit.org/show_bug.cgi?id=53705
-
- Include a didReadNumber parameter to String -> float / double
- conversion functions. This way, if the "ok" boolean out
- parameter is false, you can check to see if there in fact
- was a valid number parsed with garbage at the end. Examples
- of that would be parsing "123x456" would have ok = false,
- but didReadNumber = true.
-
- * JavaScriptCore.exp:
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::toDouble):
- (WTF::StringImpl::toFloat):
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.cpp:
- (WTF::String::toDouble):
- (WTF::String::toFloat):
- (WTF::charactersToDouble):
- (WTF::charactersToFloat):
- * wtf/text/WTFString.h:
-
-2011-02-28 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Past-the-end writes in VM exceptions (caused crashes in r79627)
- https://bugs.webkit.org/show_bug.cgi?id=55448
-
- Some exceptions had the wrong structures, so they misoverestimated their
- inline storage sizes.
-
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData): Use the right structure.
-
- * runtime/JSObject.h:
- (JSC::JSNonFinalObject::JSNonFinalObject):
- (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity
- is correct to verify this doesn't happen again.
-
-2011-03-01 Andras Becsi <abecsi@webkit.org>
-
- Reviewed by Csaba Osztrogonác.
-
- [Qt] Clean up the project files and move common options to WebKit.pri.
-
- * JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri.
- * JavaScriptCore.pro: Deduplicate options.
- * jsc.pro: Ditto.
-
-2011-03-01 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Teach JavaScriptCore GYP build about DEPTH
- https://bugs.webkit.org/show_bug.cgi?id=55425
-
- In addition to teaching the JavaScriptCore GYP build about DEPTH, this
- change overrides the GCC warning configuration to disable a warning
- that's causing probems in Assertions.cpp. With that warning disabled,
- JavaScriptCore builds again.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-02-28 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-28 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r79948.
- http://trac.webkit.org/changeset/79948
- https://bugs.webkit.org/show_bug.cgi?id=55439
-
- "caused crashes on the SL release bot" (Requested by ggaren on
- #webkit).
-
- * runtime/JSGlobalData.h:
- * runtime/WriteBarrier.h:
-
-2011-02-28 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-28 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig & Darin Adler.
-
- Bug 55423 - Clean up property tables in Structure
-
- Encapsulate, reduce duplication of table search code,
- and reduce the size of the tables (remove the index,
- just maintain the tables in the correct order).
-
- Shows a 0.5% - 1% progression on sunspider.
-
- * JavaScriptCore.exp:
- * runtime/PropertyMapHashTable.h:
- (JSC::isPowerOf2):
- (JSC::nextPowerOf2):
- bit ops used to calculate table size.
- (JSC::PropertyMapEntry::PropertyMapEntry):
- (JSC::PropertyTable::ordered_iterator::operator++):
- (JSC::PropertyTable::ordered_iterator::operator==):
- (JSC::PropertyTable::ordered_iterator::operator!=):
- (JSC::PropertyTable::ordered_iterator::operator*):
- (JSC::PropertyTable::ordered_iterator::operator->):
- (JSC::PropertyTable::ordered_iterator::ordered_iterator):
- implementation of the iterator types
- (JSC::PropertyTable::PropertyTable):
- (JSC::PropertyTable::~PropertyTable):
- constructors take an initial capacity for the table,
- a table to copy, or both.
- (JSC::PropertyTable::begin):
- (JSC::PropertyTable::end):
- create in-order iterators.
- (JSC::PropertyTable::find):
- search the hash table
- (JSC::PropertyTable::add):
- add a value to the hash table
- (JSC::PropertyTable::remove):
- remove a value from the hash table
- (JSC::PropertyTable::size):
- (JSC::PropertyTable::isEmpty):
- accessors.
- (JSC::PropertyTable::propertyStorageSize):
- (JSC::PropertyTable::clearDeletedOffsets):
- (JSC::PropertyTable::hasDeletedOffset):
- (JSC::PropertyTable::getDeletedOffset):
- (JSC::PropertyTable::addDeletedOffset):
- cache deleted (available) offsets in the property storage array.
- (JSC::PropertyTable::copy):
- take a copy of the PropertyTable, potentially expanding the capacity.
- (JSC::PropertyTable::sizeInMemory):
- used for DEBUG build statistics
- (JSC::PropertyTable::reinsert):
- (JSC::PropertyTable::rehash):
- (JSC::PropertyTable::tableCapacity):
- (JSC::PropertyTable::deletedEntryIndex):
- (JSC::PropertyTable::skipDeletedEntries):
- (JSC::PropertyTable::table):
- (JSC::PropertyTable::usedCount):
- (JSC::PropertyTable::dataSize):
- (JSC::PropertyTable::sizeForCapacity):
- (JSC::PropertyTable::canInsert):
- these methods provide internal implementation.
- * runtime/Structure.cpp:
- (JSC::Structure::dumpStatistics):
- (JSC::Structure::~Structure):
- (JSC::Structure::materializePropertyMap):
- (JSC::Structure::despecifyDictionaryFunction):
- (JSC::Structure::addPropertyTransition):
- (JSC::Structure::flattenDictionaryStructure):
- (JSC::Structure::copyPropertyTable):
- (JSC::Structure::get):
- (JSC::Structure::despecifyFunction):
- (JSC::Structure::despecifyAllFunctions):
- (JSC::Structure::put):
- (JSC::Structure::remove):
- (JSC::Structure::createPropertyMap):
- (JSC::Structure::getPropertyNames):
- (JSC::PropertyTable::checkConsistency):
- (JSC::Structure::checkConsistency):
- factored out code to PropertyMapHashTable.h
- * runtime/Structure.h:
- (JSC::Structure::propertyStorageSize):
- (JSC::Structure::isEmpty):
- (JSC::Structure::get):
- factored out code to PropertyMapHashTable.h
-
-2011-02-28 Xan Lopez <xlopez@igalia.com>
-
- Another fix build :(
-
- Fix typo.
-
- * runtime/MachineStackMarker.cpp:
- (JSC::freePlatformThreadRegisters):
-
-2011-02-28 Xan Lopez <xlopez@igalia.com>
-
- Unreviewed build fix for Snow Leopard.
-
- * runtime/MachineStackMarker.cpp:
- (JSC::freePlatformThreadRegisters):
-
-2011-02-28 Alejandro G. Castro <alex@igalia.com>
-
- Unreviewed, fix SnowLeopard compilation after r79952.
-
- * runtime/MachineStackMarker.cpp:
- (JSC::freePlatformThreadRegisters):
-
-2011-02-28 Mark Rowe <mrowe@apple.com>
-
- Reviewed by Darin Adler.
-
- <http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors.
-
- * wtf/OwnArrayPtr.h:
- (WTF::::set): Implement OwnArrayPtr::set.
-
-2011-02-28 Martin Zoubek <martin.zoubek@acision.com> and Alejandro G. Castro <alex@igalia.com>
-
- Reviewed by Martin Robinson.
-
- Multithread support for JSC on UNIX
- https://bugs.webkit.org/show_bug.cgi?id=26838
-
- Implement suspendThread() and resumeThread() for systems with
- pthread.h using thread signal handler.
-
- * runtime/MachineStackMarker.cpp:
- (JSC::pthreadSignalHandlerSuspendResume):
- (JSC::MachineStackMarker::Thread::Thread):
- (JSC::getCurrentPlatformThread):
- (JSC::suspendThread):
- (JSC::resumeThread):
- (JSC::getPlatformThreadRegisters):
- (JSC::otherThreadStackPointer):
- (JSC::freePlatformThreadRegisters):
- (JSC::MachineStackMarker::markOtherThreadConservatively):
- * wtf/Platform.h: Added Gtk port to use
- ENABLE_JSC_MULTIPLE_THREADS.
-
-2011-02-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Darin Adler.
-
- Stop using DeprecatedPtr for the global exception slot
- https://bugs.webkit.org/show_bug.cgi?id=55424
-
- Create GCRootPtr to signify that the exception slot is
- a gcroot, and so is exempt from the usual writebarrier
- restrictions.
-
- * runtime/JSGlobalData.h:
- * runtime/WriteBarrier.h:
- (JSC::GCRootPtr::GCRootPtr):
- (JSC::GCRootPtr::operator=):
-
-2011-02-28 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- Use more xcconfig files in JavaScriptCore gyp build
- https://bugs.webkit.org/show_bug.cgi?id=55391
-
- The GYP experts tell me that we have have a total of two xcconfig
- files: one for the xcodeproj as a whole and one for each target. This
- patch uses that technique to re-use the existing xcconfig files and
- eliminate the duplication.
-
- Technically, this patch introduces some build errors because the
- xcconfig files assume that the xcodeproj file is one level higher in
- the directory hierarchy. Specifically, the xcodeproj file can no
- longer find the Info.plist or the prefix header. I plan to fix that in
- a subsequent patch.
-
- Also, this patch introduces the Release and Production configurations,
- which should work correctly now.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-02-28 Jon Honeycutt <jhoneycutt@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- Add symbol to export.
-
-2011-02-28 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make ScopeChainNode GC allocated
- https://bugs.webkit.org/show_bug.cgi?id=55283
-
- Simplify lifetime and other issues with the scopechain
- by making it gc allocated. This allows us to simplify
- function exit and unwinding, as well as making the
- current iterative refcounting go away.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * bytecode/CodeBlock.cpp:
- (JSC::CodeBlock::createActivation):
- * bytecode/StructureStubInfo.cpp:
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::generate):
- (JSC::BytecodeGenerator::BytecodeGenerator):
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
- (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
- * bytecompiler/BytecodeGenerator.h:
- * debugger/Debugger.cpp:
- (JSC::Recompiler::operator()):
- * debugger/DebuggerCallFrame.h:
- (JSC::DebuggerCallFrame::scopeChain):
- * interpreter/CachedCall.h:
- (JSC::CachedCall::CachedCall):
- * interpreter/CallFrame.h:
- * interpreter/Interpreter.cpp:
- (JSC::depth):
- (JSC::Interpreter::unwindCallFrame):
- (JSC::Interpreter::throwException):
- (JSC::Interpreter::execute):
- (JSC::Interpreter::executeCall):
- (JSC::Interpreter::executeConstruct):
- (JSC::Interpreter::privateExecute):
- * jit/JITCall.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::compileOpCall):
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCallInitializeCallFrame):
- (JSC::JIT::emit_op_ret):
- (JSC::JIT::emit_op_ret_object_or_this):
- (JSC::JIT::compileOpCall):
- * jit/JITOpcodes.cpp:
- (JSC::JIT::emit_op_end):
- (JSC::JIT::emit_op_ret):
- (JSC::JIT::emit_op_ret_object_or_this):
- * jit/JITOpcodes32_64.cpp:
- (JSC::JIT::emit_op_end):
- * jit/JITStubs.cpp:
- (JSC::DEFINE_STUB_FUNCTION):
- * jit/JITStubs.h:
- * runtime/ArgList.cpp:
- * runtime/Completion.cpp:
- (JSC::evaluate):
- * runtime/Completion.h:
- * runtime/DateConversion.cpp:
- * runtime/Executable.cpp:
- (JSC::EvalExecutable::compileInternal):
- (JSC::ProgramExecutable::compileInternal):
- (JSC::FunctionExecutable::compileForCallInternal):
- (JSC::FunctionExecutable::compileForConstructInternal):
- * runtime/FunctionConstructor.cpp:
- (JSC::constructFunction):
- * runtime/GCActivityCallbackCF.cpp:
- * runtime/Identifier.cpp:
- * runtime/JSCell.h:
- * runtime/JSChunk.cpp: Added.
- * runtime/JSChunk.h: Added.
- * runtime/JSFunction.cpp:
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::markChildren):
- (JSC::JSFunction::getCallData):
- (JSC::JSFunction::getOwnPropertySlot):
- (JSC::JSFunction::getConstructData):
- * runtime/JSFunction.h:
- (JSC::JSFunction::scope):
- (JSC::JSFunction::setScope):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::init):
- (JSC::JSGlobalObject::markChildren):
- * runtime/JSGlobalObject.h:
- (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
- (JSC::JSGlobalObject::globalScopeChain):
- * runtime/JSGlobalObjectFunctions.cpp:
- (JSC::globalFuncEval):
- * runtime/JSLock.cpp:
- * runtime/JSNumberCell.cpp:
- * runtime/JSZombie.cpp:
- * runtime/MarkedBlock.cpp:
- * runtime/MarkedSpace.cpp:
- * runtime/PropertyNameArray.cpp:
- * runtime/ScopeChain.cpp:
- (JSC::ScopeChainNode::print):
- (JSC::ScopeChainNode::localDepth):
- (JSC::ScopeChainNode::markChildren):
- * runtime/ScopeChain.h:
- (JSC::ScopeChainNode::ScopeChainNode):
- (JSC::ScopeChainNode::createStructure):
- (JSC::ScopeChainNode::push):
- (JSC::ScopeChainNode::pop):
- (JSC::ScopeChainIterator::ScopeChainIterator):
- (JSC::ScopeChainIterator::operator*):
- (JSC::ScopeChainIterator::operator->):
- (JSC::ScopeChainIterator::operator++):
- (JSC::ScopeChainNode::begin):
- (JSC::ScopeChainNode::end):
- (JSC::ExecState::globalData):
- (JSC::ExecState::lexicalGlobalObject):
- (JSC::ExecState::globalThisValue):
- * runtime/ScopeChainMark.h:
- * wtf/DateMath.cpp:
-
-2011-02-27 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible
- https://bugs.webkit.org/show_bug.cgi?id=55326
-
- Currently, randomNumber does a bunch of platform-specific work that to
- get a cryptographic randomness when available. Instead, we should use
- cryptographicallyRandomNumber, which abstracts this work.
- Unfortunately, we can't remove all of the WTF::randomNumber
- implementation because not every port has access to cryptographically
- random numbers.
-
- * wtf/RandomNumber.cpp:
- (WTF::randomNumber):
-
-2011-02-27 Benjamin Poulain <ikipou@gmail.com>
-
- Reviewed by Darin Adler.
-
- Eliminate DeprecatedPtrList from RenderBlock
- https://bugs.webkit.org/show_bug.cgi?id=54972
-
- Add methods find() and contains() using an adaptor to ListHashSet.
- Those method are like the one of HashSet, they allow to find objects
- based on a different key than the one used to define the set.
-
- Add convenience methods for direct access to the head and tail of the list.
- Those methods are providing similar API/behavior as Vector.
-
- * wtf/ListHashSet.h:
- (WTF::::first):
- (WTF::::last):
- (WTF::::removeLast):
- (WTF::ListHashSetTranslatorAdapter::hash):
- (WTF::ListHashSetTranslatorAdapter::equal):
- (WTF::::find):
- (WTF::::contains):
-
-2011-02-26 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Andreas Kling.
-
- Add support for DragonFly BSD
- https://bugs.webkit.org/show_bug.cgi?id=54407
-
- DragonFly BSD is based on FreeBSD, so handle it like FreeBSD.
-
- * wtf/Platform.h:
-
-2011-02-26 Adam Barth <abarth@webkit.org>
-
- Reviewed by Dimitri Glazkov.
-
- JavaScriptCore should use the xcconfig file instead of importing that information into GYP
- https://bugs.webkit.org/show_bug.cgi?id=55282
-
- Technically, this breaks the build because I had removed one of the
- warnings in this config file, but this change seems like an
- improvement.
-
- * gyp/JavaScriptCore.gyp:
-
-2011-02-26 Thouraya ANDOLSI <thouraya.andolsi@st.com>
-
- Reviewed by Nikolas Zimmermann.
-
- SH4 JIT SUPPORT
- https://bugs.webkit.org/show_bug.cgi?id=44329
-
- Provide an ExecutableAllocater::cacheFlush() implementation for
- Linux/SH4.
-
- * jit/ExecutableAllocator.h:
- (JSC::ExecutableAllocator::cacheFlush):
-
-2011-02-25 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r79627.
- http://trac.webkit.org/changeset/79627
- https://bugs.webkit.org/show_bug.cgi?id=55274
-
- broke worker tests (Requested by olliej on #webkit).
-
- * JavaScriptCore.exp:
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
- * runtime/Heap.cpp:
- (JSC::Heap::allocate):
- * runtime/Heap.h:
- * runtime/JSCell.h:
- (JSC::JSCell::JSCell::operator new):
- (JSC::JSCell::MarkedSpace::sizeClassFor):
- (JSC::JSCell::MarkedSpace::allocate):
- * runtime/MarkedBlock.h:
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::SizeClass::SizeClass):
-
-2011-02-25 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Darin Adler.
-
- Leak in JSParser::Scope of ScopeLabelInfo Vector
- https://bugs.webkit.org/show_bug.cgi?id=55249
-
- Changed m_labels to be an OwnPtr<>. Added VectorTraits
- and Scope copy constructor to support this change.
-
- * parser/JSParser.cpp:
- (JSC::JSParser::Scope::~Scope):
-
-2011-02-25 Fumitoshi Ukai <ukai@chromium.org>
-
- Reviewed by Adam Barth.
-
- WebSocket uses insecure random numbers
- https://bugs.webkit.org/show_bug.cgi?id=54714
-
- * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
-
-2011-02-25 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Adam Roben.
-
- Move timeBeginPeriod into OS(WINDOWS) section
- https://bugs.webkit.org/show_bug.cgi?id=55247
-
- * jsc.cpp:
- (main): timeBeginPeriod is available on all Windows versions and not compiler specific.
-
-2011-02-25 Patrick Gansterer <paroga@webkit.org>
-
- Unreviewed WinCE build fix for r79695.
-
- * jsc.cpp:
- (main): SetErrorMode isn't available on WinCE.
-
-2011-02-25 Adam Roben <aroben@apple.com>
-
- Work around Cygwin's crash-suppression behavior
-
- Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will
- inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be
- invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode
- when our test apps launch to work around Cygwin's behavior.
-
- Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem
- debugger) when launched from Cygwin 1.7
-
- Reviewed by Darin Adler.
-
- * API/tests/testapi.c: Added a now-needed #include.
- (main):
- * jsc.cpp:
- (main):
- Call ::SetErrorMode(0) to undo Cygwin's folly.
-
- * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our
- other projects do so that windows.h won't define min/max macros that interfere with
- std::numeric_limits<T>::min/max.
-
-2011-02-24 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Add GYP project for JavaScriptCore
- https://bugs.webkit.org/show_bug.cgi?id=55027
-
- Again, this GYP files is very rough, but it succeeds in building
- JavaScriptCore. There's a lot more work to do here, especially in the
- area of sharing with JavaScriptGlue.gyp. This patch is more of a
- checkpoint so that other folks can help out if they wish.
-
- * gyp: Added.
- * gyp/JavaScriptCore.gyp: Added.
- * gyp/generate-derived-sources.sh: Added.
-
-2011-02-24 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Add missing files to JavaScriptCore.gypi
- https://bugs.webkit.org/show_bug.cgi?id=55193
-
- I forgot to add mm files in my previous patch.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
-
-2011-02-24 Adam Barth <abarth@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Remove unused parameter name in GCActivityCallback.cpp
- https://bugs.webkit.org/show_bug.cgi?id=55194
-
- This change is not strictly required for the GYP-based build system,
- but I noticed this error when working on the new build system.
-
- * runtime/GCActivityCallback.cpp:
- (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-
-2011-02-24 James Robinson <jamesr@chromium.org>
-
- Reviewed by Darin Fisher.
-
- Add a USE() macro to control use of the built-in UTF8 codec
- https://bugs.webkit.org/show_bug.cgi?id=55189
-
- Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi.
-
- * wtf/Platform.h:
-
-2011-02-24 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- Variable-sized allocation (but still capped at 64 bytes)
- https://bugs.webkit.org/show_bug.cgi?id=55159
-
- SunSpider reports no change.
-
- * JavaScriptCore.exp: Some day, I hope not to have to edit this file.
-
- * runtime/Heap.cpp:
- (JSC::Heap::allocateSlowCase): Split allocation into a fast and slow
- case, so the fast case can inline size class selection and turn it into
- a compile-time constant.
-
- Changed the collect-on-every allocation debugging switch to collect only
- on every slow allocation, so you can still flip the switch without
- recompiling the world. This may also be preferable for debugging purposes,
- since collecting after every single allocation can be unusably slow,
- and can mask problems by running destructors early.
-
- * runtime/Heap.h: Ditto.
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedSpace::sizeClassFor):
- (JSC::JSCell::Heap::allocate):
- (JSC::JSCell::JSCell::operator new): The inlining mentioned above.
-
- * runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With
- multiple size classes, allocating a full 256KB for the first allocation
- in a given class can be pathologically wasteful. (8KB, or 4KB Mac and
- 8KB Windows, would be even better, but that seems to be a peformance
- regression for now.)
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::reset): There's more than one size class now, and its
- cell size is not constant.
-
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::SizeClass::SizeClass): Ditto.
-
-2011-02-23 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Make WeakGCMap use new handle infrastructure
- https://bugs.webkit.org/show_bug.cgi?id=55100
-
- Remove old WeakGCMap implementation and move over to new handle
- based logic.
-
- This has a number of benefits, most notably it makes a WeakGCMap
- always reflect the true state of the world by as all entries are
- removed at the first gc cycle that makes them dead. This allows
- us to get rid of code in a wide variety of objects where the only
- purpose was to remove themselves from maps.
-
- It also means that we no longer need to have special "unchecked"
- versions of any functions on WeakGCMap. Alas in order to maintain
- compatibility with the JSWeakObjectMapClear API it is still
- necessary to have an api that resembles uncheckedRemove, this is
- now deprecatedRemove and will be dealt with in a later patch.
-
- In order to get correct semantics in WeakGCMap we need more
- contextual information in the finalizer, so we've added an
- abstract class based finaliser and a context parameter to the
- calls.
-
- The new an improved WeakGCMap also results in sigificantly more
- churn in the weak handle lists so exposed some potential problems
- during the post mark phase which have been rectified as well.
-
- * API/JSWeakObjectMapRefPrivate.cpp:
- * API/JSWeakObjectMapRefPrivate.h:
- * runtime/Heap.cpp:
- (JSC::Heap::globalObjectCount):
- (JSC::Heap::protectedGlobalObjectCount):
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * runtime/JSGlobalData.h:
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::~JSGlobalObject):
- (JSC::JSGlobalObject::init):
- * runtime/WeakGCMap.h:
- (JSC::WeakGCMap::iterator::iterator):
- (JSC::WeakGCMap::iterator::get):
- (JSC::WeakGCMap::iterator::getSlot):
- (JSC::WeakGCMap::iterator::operator++):
- (JSC::WeakGCMap::iterator::operator==):
- (JSC::WeakGCMap::iterator::operator!=):
- (JSC::WeakGCMap::WeakGCMap):
- (JSC::WeakGCMap::isEmpty):
- (JSC::WeakGCMap::clear):
- (JSC::WeakGCMap::get):
- (JSC::WeakGCMap::getSlot):
- (JSC::WeakGCMap::set):
- (JSC::WeakGCMap::take):
- (JSC::WeakGCMap::size):
- (JSC::WeakGCMap::deprecatedRemove):
- (JSC::WeakGCMap::begin):
- (JSC::WeakGCMap::end):
- (JSC::WeakGCMap::~WeakGCMap):
- (JSC::WeakGCMap::finalize):
- * runtime/WeakGCPtr.h:
- (JSC::WeakGCPtr::WeakGCPtr):
- (JSC::WeakGCPtr::set):
-
-2011-02-24 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Make weaklist processing deal with weak handles being removed during the iteration
- https://bugs.webkit.org/show_bug.cgi?id=55105
-
- It is possible for the handle heap to end up in a broken state if
- a handle's finalizer removes either the current or next handle
- to be visited during the post-gc cleanup. This patch removes that
- problem by allowing the deallocate(Node*) routine to update the
- iterator if it is called during finalization.
-
- * collector/handles/HandleHeap.cpp:
- (JSC::HandleHeap::HandleHeap):
- (JSC::HandleHeap::updateAfterMark):
- (JSC::HandleHeap::clearWeakPointers):
- (JSC::HandleHeap::writeBarrier):
- (JSC::HandleHeap::protectedGlobalObjectCount):
- * collector/handles/HandleHeap.h:
- (JSC::Finalizer::~Finalizer):
- (JSC::HandleHeap::getFinalizer):
- (JSC::HandleHeap::deallocate):
- (JSC::HandleHeap::makeWeak):
- (JSC::HandleHeap::makeSelfDestroying):
- (JSC::HandleHeap::Node::Node):
- (JSC::HandleHeap::Node::setFinalizer):
- (JSC::HandleHeap::Node::finalizer):
- (JSC::HandleHeap::Node::finalizerContext):
- * interpreter/RegisterFile.cpp:
- (JSC::RegisterFile::setGlobalObject):
- (JSC::GlobalObjectNotifier::finalize):
- (JSC::RegisterFile::globalObjectCollectedNotifier):
- * interpreter/RegisterFile.h:
- (JSC::RegisterFile::RegisterFile):
- * runtime/Heap.cpp:
- (JSC::Heap::destroy):
- * runtime/WeakGCPtr.h:
- (JSC::WeakGCPtr::WeakGCPtr):
- (JSC::WeakGCPtr::set):
-
-2011-02-24 Michael Saboff <msaboff@apple.com>
-
- Reviewed by Oliver Hunt.
-
- PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd()
- https://bugs.webkit.org/show_bug.cgi?id=55156
-
- Added code to delete unneeded PatternAlternative after it is removed
- from m_alternatives Vector.
-
- * yarr/YarrPattern.cpp:
- (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
-
-2011-02-24 Eric Seidel <eric@webkit.org>
-
- Reviewed by Anders Carlsson.
-
- VectorBuffer should not call malloc(0)
- https://bugs.webkit.org/show_bug.cgi?id=55091
-
- Turns out the malloc() call which was so hot in:
- https://bugs.webkit.org/show_bug.cgi?id=55005
- was actually just malloc(0).
-
- We shouldn't be calling malloc(0) anyway, since there is no need to
- and it might actually do work on some systems.
- I believe on Mac it ends up taking the standard spinlocks (expensive)
- and the code on Brew actually does a malloc(1) instead. Neither is desirable.
-
- * wtf/Vector.h:
- (WTF::VectorBufferBase::allocateBuffer):
- (WTF::VectorBufferBase::tryAllocateBuffer):
-
-2011-02-24 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Darin Adler.
-
- Remove obsolete PLATFORM(CI)
- https://bugs.webkit.org/show_bug.cgi?id=55082
-
- * wtf/Platform.h:
-
-2011-02-24 Martin Robinson <mrobinson@igalia.com>
-
- Reviewed by Xan Lopez.
-
- [GTK] Remove the GFile GOwnPtr specialization
- https://bugs.webkit.org/show_bug.cgi?id=55154
-
- Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr
- to track GFiles since they are just regular reference-counted GObjects.
-
- * wtf/gobject/GOwnPtr.cpp: Remove GFile specialization.
- * wtf/gobject/GOwnPtr.h: Ditto.
-
-2011-02-24 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Eric Seidel.
-
- Rename PLATFORM(SKIA) to USE(SKIA)
- https://bugs.webkit.org/show_bug.cgi?id=55090
-
- * wtf/Platform.h:
-
-2011-02-24 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Alexey Proskuryakov.
-
- Remove pthreads dependecy for JSLock
- https://bugs.webkit.org/show_bug.cgi?id=54832
-
- JSLock is only needed to support an obsolete execution model where JavaScriptCore
- automatically protected against concurrent access from multiple threads.
- So it's safe to disable it on non-mac platforms where we don't have native pthreads.
-
- * runtime/JSLock.cpp:
-
-2011-02-24 Chao-ying Fu <fu@mips.com>
-
- Reviewed by Eric Seidel.
-
- Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values
- https://bugs.webkit.org/show_bug.cgi?id=54997
-
- * jit/JIT.h:
- * jit/JITStubs.cpp:
- (JSC::JITThunks::JITThunks):
-
-2011-02-24 Andras Becsi <abecsi@webkit.org>
-
- Reviewed by Laszlo Gombos.
-
- [Qt] MinGW build fails to link
- https://bugs.webkit.org/show_bug.cgi?id=55050
-
- Prepend the libraries of subcomponents instead of appending them
- to fix the library order according to the dependency of the libraries
-
- * JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore
- * jsc.pro: ditto
-
-2011-02-24 Eric Seidel <eric@webkit.org>
-
- Reviewed by Adam Barth.
-
- Deque<T> should support inline capacity
- https://bugs.webkit.org/show_bug.cgi?id=55032
-
- The title says it all. There are currently no places
- which use this code yet, however it's been tested in conjunction
- with code for bug 55005.
-
- This also adds an ASSERT that capacity is never 1. If you were able
- to set the capacity equal to 1, the Deque would just get confused
- and happily append your item but still think it had size 0.
-
- * wtf/Deque.h:
- (WTF::DequeIterator::DequeIterator):
- (WTF::DequeConstIterator::DequeConstIterator):
- (WTF::DequeReverseIterator::DequeReverseIterator):
- (WTF::DequeConstReverseIterator::DequeConstReverseIterator):
- (WTF::::checkValidity):
- (WTF::::checkIndexValidity):
- (WTF::::invalidateIterators):
- (WTF::::Deque):
- (WTF::deleteAllValues):
- (WTF::::operator):
- (WTF::::destroyAll):
- (WTF::::~Deque):
- (WTF::::swap):
- (WTF::::clear):
- (WTF::::findIf):
- (WTF::::expandCapacityIfNeeded):
- (WTF::::expandCapacity):
- (WTF::::takeFirst):
- (WTF::::append):
- (WTF::::prepend):
- (WTF::::removeFirst):
- (WTF::::remove):
- (WTF::::addToIteratorsList):
- (WTF::::removeFromIteratorsList):
- (WTF::::DequeIteratorBase):
- (WTF::::~DequeIteratorBase):
- (WTF::::isEqual):
- (WTF::::increment):
- (WTF::::decrement):
- (WTF::::after):
- (WTF::::before):
- * wtf/Vector.h:
-
-2011-02-22 Adam Barth <abarth@webkit.org>
-
- Reviewed by Ojan Vafai.
-
- Add missing files to JavaScriptCore.gypi
- https://bugs.webkit.org/show_bug.cgi?id=55020
-
- gypi files are supposed to list every file under the sun. This patch
- adds some missing files and sorts the rest.
-
- * JavaScriptCore.gypi:
-
-2011-02-23 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- Refactored MarkedSpace to operate in terms of size classes
- https://bugs.webkit.org/show_bug.cgi?id=55106
-
- SunSpider reports no change.
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedSpace::sizeClassFor):
- (JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size
- class. Since these functions are inline, the compiler can constant fold
- them.
-
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::cellSize):
- (JSC::MarkedBlock::size): Factored out a cellSize() helper.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::allocateFromSizeClass):
- (JSC::MarkedSpace::shrink):
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::SizeClass::SizeClass):
- (JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of
- abstract SizeClass objects, which are independent linked lists of blocks
- of a certain size class, instead of a single m_heap object.
-
-2011-02-23 Adam Barth <abarth@webkit.org>
-
- Reviewed by James Robinson.
-
- [Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox
- https://bugs.webkit.org/show_bug.cgi?id=55093
-
- Exclude OSRandomSource.cpp from the Chromium build. This function is
- implemented in WebKit/chromium/src instead.
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-02-23 Oliver Hunt <oliver@apple.com>
-
- Roll out r64156 as it introduces incorrect behaviour.
-
- * runtime/JSByteArray.h:
- (JSC::JSByteArray::setIndex):
-
-2011-02-23 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation
- https://bugs.webkit.org/show_bug.cgi?id=55079
-
- SunSpider reports no change.
-
- * runtime/Heap.cpp:
- (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace,
- since we want Heap to logically control MarkedSpace. MarkedSpace should
- never choose to sweep itself.
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a
- member of MarkedBlock. No need to reset nextAtom to firstAtom() when
- we reach the end of a block, since there's now an explicit reset pass
- during GC.
-
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered
- some data members to improve cache locality.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h:
- (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an
- explicit reset pass.
-
-2011-02-23 James Robinson <jamesr@chromium.org>
-
- Unreviewed, rolling out r79428.
- http://trac.webkit.org/changeset/79428
- https://bugs.webkit.org/show_bug.cgi?id=54714
-
- Does not work in the Chromium sandbox
-
- * JavaScriptCore.exp:
-
-2011-02-23 Adam Roben <aroben@apple.com>
-
- Fix an off-by-one error in JSC::appendSourceToError
-
- Looks like this bug has been around since the code was first added in r35245.
-
- Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError
- when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled
-
- Reviewed by Darin Adler.
-
- * interpreter/Interpreter.cpp:
- (JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the
- character at stop-1 rather than at stop. At this point in the code, stop represents the
- index just past the end of the characters we care about, and can even be just past the end
- of the entire data buffer.
-
-2011-02-23 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Darin Adler.
-
- Rolled back in r79367 with SnowLeopard Release bot crash fixed.
- https://bugs.webkit.org/show_bug.cgi?id=54999
-
- The crash was caused by failure to update the "nextBlock" pointer when
- removing a block from the list while shrinking. The fix is to update the
- "nextBlock" pointer.
-
- This crash was very rare because it only happened in cases where the very
- first block in the heap contained no marked cells.
-
-2011-02-23 Dan Bernstein <mitz@apple.com>
-
- Reviewed by Gavin Barraclough.
-
- Include frame numbers in backtraces.
- https://bugs.webkit.org/show_bug.cgi?id=55060
-
- * wtf/Assertions.cpp:
-
-2011-02-23 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Gavin Barraclough.
-
- latest jsc for armv7 crashes in sunspider tests
- https://bugs.webkit.org/show_bug.cgi?id=54667
-
- Update JIT offset values in ARMv7 after r78732. Fixes crashes in
- SunSpider and JavaScript tests.
-
- * jit/JIT.h: update values.
-
-2011-02-23 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r79418.
- http://trac.webkit.org/changeset/79418
- https://bugs.webkit.org/show_bug.cgi?id=55043
-
- "breaks shlib linux build" (Requested by morrita on #webkit).
-
- * JavaScriptCore.gyp/JavaScriptCore.gyp:
- * JavaScriptCore.gypi:
-
-2011-02-23 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Alexey Proskuryakov.
-
- Use DEFINE_STATIC_LOCAL for ignoreSetMutex in Structure.cpp
- https://bugs.webkit.org/show_bug.cgi?id=54831
-
- * runtime/InitializeThreading.cpp:
- (JSC::initializeThreadingOnce):
- * runtime/Structure.cpp:
- (JSC::ignoreSetMutex):
- (JSC::Structure::Structure):
- (JSC::Structure::~Structure):
- (JSC::Structure::initializeThreading):
- * runtime/Structure.h:
-
-2011-02-23 Patrick Gansterer <paroga@webkit.org>
-
- Reviewed by Darin Adler.
-
- Rename PLATFORM(CF) to USE(CF)
- https://bugs.webkit.org/show_bug.cgi?id=53540
-
- * runtime/DatePrototype.cpp:
- * runtime/GCActivityCallbackCF.cpp:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::JSGlobalData):
- * wtf/CurrentTime.cpp:
- * wtf/Platform.h:
- * wtf/text/AtomicString.h:
- * wtf/text/StringImpl.h:
- (WTF::StringImpl::computeHash):
- * wtf/text/WTFString.h:
- * wtf/unicode/icu/CollatorICU.cpp:
- (WTF::Collator::userDefault):
-
-2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
-
- Unreviewed build fix for Windows.
-
- WebSocket uses insecure random numbers
- https://bugs.webkit.org/show_bug.cgi?id=54714
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export WTF::cryptographicallyRandomNumber()
-
-2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
-
- Reviewed by Adam Barth.
-
- WebSocket uses insecure random numbers
- https://bugs.webkit.org/show_bug.cgi?id=54714
-
- * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
-
-2011-02-22 Adam Barth <abarth@webkit.org>
-
- Reviewed by Ojan Vafai.
-
- Add missing files to JavaScriptCore.gypi
- https://bugs.webkit.org/show_bug.cgi?id=55020
-
- gypi files are supposed to list every file under the sun. This patch
- adds some missing files and sorts the rest.
-
- * JavaScriptCore.gypi:
-
-2011-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r79367.
- http://trac.webkit.org/changeset/79367
- https://bugs.webkit.org/show_bug.cgi?id=55012
-
- all layout tests are crashing on Snow Leopard (Requested by
- rniwa on #webkit).
-
- * GNUmakefile.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * runtime/MarkedBlock.h:
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::destroy):
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::freeBlock):
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::shrink):
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h:
- (JSC::CollectorHeap::collectorBlock):
- * wtf/CMakeLists.txt:
- * wtf/DoublyLinkedList.h: Removed.
-
-2011-02-22 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
- https://bugs.webkit.org/show_bug.cgi?id=54999
-
- SunSpider reports no change.
-
- * GNUmakefile.am:
- * JavaScriptCore.gypi:
- * JavaScriptCore.vcproj/WTF/WTF.vcproj:
- * JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time.
- * wtf/CMakeLists.txt:
-
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::setPrev):
- (JSC::MarkedBlock::setNext):
- (JSC::MarkedBlock::prev):
- (JSC::MarkedBlock::next): Added linked list data members and accessors.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::destroy):
- (JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore.
-
- (JSC::MarkedSpace::freeBlocks): New helper function for updating relevant
- data structures when freeing blocks.
-
- (JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and
- not a vector index.
-
- (JSC::MarkedSpace::shrink): Construct a temporary list of empties and
- then free them, to avoid modifying our hash table while iterating it.
- This wasn't a concern before because we were using indirect array
- indexing, not direct pointer indexing.
-
- (JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and
- not a vector index.
-
- * runtime/MarkedSpace.h:
- (JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list.
-
- * wtf/DoublyLinkedList.h: Added. New linked list class.
- (WTF::::DoublyLinkedList):
- (WTF::::isEmpty):
- (WTF::::head):
- (WTF::::append):
- (WTF::::remove):
-
-2011-02-22 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-22 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 54988 - Re-create StructureTransitionTable class, encapsulate transition table
-
- The Structure class keeps a table of transitions to derived Structure types. Since
- this table commonly contains a single entry we employ an optimization where instead
- of holding a map, we may hold a pointer directly to a single instance of the mapped
- type. We use an additional bit of data to flag whether the pointer is currently
- pointing to a table of transitions, or a singleton transition. Previously we had
- commonly used a pattern of storing data in the low bits of pointers, but had moved
- away from this since it causes false leaks to be reported by the leaks tool. However
- in this case, the entries in the map are weak links - this pointer will never be
- responsible for keeping an object alive. As such we can use this approach provided
- that the bit is set when a table is not in use (otherwise the table would appear to
- be leaked).
-
- Additionally, the transition table currently allows two entries to exist for a given
- key - one specialized to a particular value, and one not specialized. This is
- unnecessary, wasteful, and a little inconsistent. (If you create an entry for a
- specialized value, then a non-specialized entry, both will exist. If you create an
- entry for a non-specialized value, then try to create a specialized entry, only a
- non-specialized form will be allowed.)
-
- This shows a small progression on v8.
-
- * JavaScriptCore.exp:
- * runtime/JSObject.h:
- (JSC::JSObject::putDirectInternal):
- * runtime/Structure.cpp:
- (JSC::StructureTransitionTable::contains):
- (JSC::StructureTransitionTable::get):
- (JSC::StructureTransitionTable::remove):
- (JSC::StructureTransitionTable::add):
- (JSC::Structure::dumpStatistics):
- (JSC::Structure::Structure):
- (JSC::Structure::~Structure):
- (JSC::Structure::addPropertyTransitionToExistingStructure):
- (JSC::Structure::addPropertyTransition):
- * runtime/Structure.h:
- (JSC::Structure::get):
- * runtime/StructureTransitionTable.h:
- (JSC::StructureTransitionTable::Hash::hash):
- (JSC::StructureTransitionTable::Hash::equal):
- (JSC::StructureTransitionTable::HashTraits::emptyValue):
- (JSC::StructureTransitionTable::HashTraits::constructDeletedValue):
- (JSC::StructureTransitionTable::HashTraits::isDeletedValue):
- (JSC::StructureTransitionTable::StructureTransitionTable):
- (JSC::StructureTransitionTable::~StructureTransitionTable):
- (JSC::StructureTransitionTable::isUsingSingleSlot):
- (JSC::StructureTransitionTable::map):
- (JSC::StructureTransitionTable::setMap):
- (JSC::StructureTransitionTable::singleTransition):
- (JSC::StructureTransitionTable::setSingleTransition):
-
-2011-02-22 Andras Becsi <abecsi@webkit.org>
-
- Reviewed by Laszlo Gombos.
-
- [Qt] Redesign the build system
- https://bugs.webkit.org/show_bug.cgi?id=51339
-
- Part 2.
-
- Build WebCore as a static library, compile the WebKit API and WebKit2 API
- in a final step and link to WebKit2, WebCore and JSC libraries to fix
- linking issues resulting from stripped away symbols.
-
- * JavaScriptCore.pri: Remove the workaround.
-
-2011-02-21 Adam Roben <aroben@apple.com>
-
- Fix linker warning on Windows
-
- r79135 tried to export JSObject::s_info by adding it to JavaScriptCore.def. This is the
- obvious way (since it's how we export functions), but unfortunately it doesn't work correct.
- r79222 made us export it the right way (using the JS_EXPORTDATA macro), but forgot to remove
- it from JavaScriptCore.def. This caused us to get linker warnings about exporting the symbol
- multiple times.
-
- Rubber-stamped by Anders Carlsson.
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSObject::s_info.
-
-2011-02-21 Brian Weinstein <bweinstein@apple.com>
-
- Reviewed by Adam Roben.
-
- WebResourceCacheManager should be responsible for managing the CFURLCache as well
- as the WebCore memory cache.
- https://bugs.webkit.org/show_bug.cgi?id=54886
- Part of <rdar://problem/8971738>
-
- Add a new use flag for using the CFURLCache.
-
- * wtf/Platform.h:
-
-2011-02-21 Xan Lopez <xlopez@igalia.com>
-
- Reviewed by Gavin Barraclough.
-
- Use ASSERT_JIT_OFFSET in JITPropertyAccess32_64.cpp
- https://bugs.webkit.org/show_bug.cgi?id=54901
-
- * jit/JIT.h: swap actual and expected values in message, they were
- reversed.
- * jit/JITCall32_64.cpp:
- (JSC::JIT::compileOpCall): use ASSERT_JIT_OFFSET instead of
- a simple ASSERT.
- * jit/JITPropertyAccess32_64.cpp:
- (JSC::JIT::emit_op_method_check): ditto.
- (JSC::JIT::compileGetByIdHotPath): ditto.
- (JSC::JIT::compileGetByIdSlowCase): ditto.
- (JSC::JIT::emit_op_put_by_id): ditto.
-
-2011-02-21 Gavin Barraclough <barraclough@apple.com>
-
- Ruber stamped by Sam Weinig
-
- Bug 54899 - Math.LOG10E should be 0.4342944819032518
- This value is quoted in section 15.8.1.5 of the spec.
-
- * runtime/MathObject.cpp:
- (JSC::MathObject::MathObject):
-
-2011-02-21 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 54894 - Make inheritance structure described by ClassInfo match C++ class hierarchy.
-
- The ClassInfo objects describe an inheritance hierarchy, with each ClassInfo instance
- containing a pointer to its parent class. These links should reflect the inheritance
- hierarchy of C++ classes below JSObject. For the large part it does, but in some cases
- entries in the C++ hierarchy are skipped over. This presently likely doesn't matter,
- since intervening C++ classes may not have ClassInfo - but would be a potential bug
- were ClassInfo were to be added.
-
- * API/JSCallbackConstructor.cpp:
- * API/JSCallbackFunction.cpp:
- * API/JSCallbackObjectFunctions.h:
- * runtime/Arguments.h:
- * runtime/ArrayPrototype.cpp:
- * runtime/BooleanObject.cpp:
- * runtime/DateInstance.cpp:
- * runtime/DatePrototype.cpp:
- * runtime/ErrorInstance.cpp:
- * runtime/InternalFunction.cpp:
- * runtime/JSActivation.cpp:
- * runtime/JSArray.cpp:
- * runtime/JSFunction.cpp:
- * runtime/JSONObject.cpp:
- * runtime/JSObject.h:
- * runtime/JSZombie.h:
- * runtime/MathObject.cpp:
- * runtime/NativeErrorConstructor.cpp:
- * runtime/NumberConstructor.cpp:
- * runtime/NumberObject.cpp:
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpObject.cpp:
- * runtime/StringObject.cpp:
- * runtime/StringPrototype.cpp:
-
-2011-02-21 Adam Roben <aroben@apple.com>
-
- Export JSObject::s_info from JavaScriptCore.dll
-
- This matches what we do for all other ClassInfo objects that WebCore needs access to.
-
- Fixes <http://webkit.org/b/54881> REGRESSION (r79132): Lots of tests crashing in
- JSCell::inherits on Windows
-
- Reviewed by Sam Weinig.
-
- * runtime/JSObject.h: Added JS_EXPORTDATA to s_info.
-
-2011-02-21 Kristian Amlie <kristian.amlie@nokia.com>
-
- Reviewed by Andreas Kling.
-
- Switched to compiler based detection, where the error actually is.
-
- It is not the platform that needs the workaround, it is the compiler.
-
- QtWebKit fails to compile on Windows XP with msvc-2008
- https://bugs.webkit.org/show_bug.cgi?id=54746
-
- * bytecode/CodeBlock.h:
- * runtime/RegExpObject.h:
-
-2011-02-20 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Oliver Hunt.
-
- https://bugs.webkit.org/show_bug.cgi?id=54839
- Remove PrototypeFunction, NativeFunctionWrapper, and GlobalEvalFunction.
-
- Historically, Native functions used to be represented by PrototypeFunctions, however
- since introducing call optimizations to the JIT this has used JSFunctions for host
- calls too. At the point this change was made, the interpreter continued to use
- PrototypeFunctions, however since fallback from the JIT to interpreter was introduced
- the interpreter has had to be able to run using host functions represented using
- JSFunctions - leading to an unnecessary and redundant divergence in behaviour between
- interpreter only builds, and situations where the JIT has fallen back to interpreting.
-
- NativeFunctionWrapper only existed to select between PrototypeFunction and JSFunction
- for wrappers for host functions, and as such can also be removed.
-
- GlobalEvalFunction is a redundant wrapper that happens to be derived from
- PrototypeFunction. It existed to hold a reference to the global object - but since all
- functions how derive from JSObjectWithGlobalObject, this no longer requires an
- additional class to provide this functionality.
-
- * JavaScriptCore.JSVALUE32_64only.exp:
- * JavaScriptCore.JSVALUE64only.exp:
- * JavaScriptCore.xcodeproj/project.pbxproj:
- Removed symbols / references to files.
-
- * runtime/GlobalEvalFunction.cpp: Removed.
- * runtime/GlobalEvalFunction.h: Removed.
- * runtime/NativeFunctionWrapper.h: Removed.
- * runtime/PrototypeFunction.cpp: Removed.
- * runtime/PrototypeFunction.h: Removed.
- Removed.
-
- * runtime/Executable.cpp:
- (JSC::NativeExecutable::~NativeExecutable):
- * runtime/Executable.h:
- (JSC::NativeExecutable::create):
- (JSC::NativeExecutable::NativeExecutable):
- (JSC::JSFunction::nativeFunction):
- * runtime/JSFunction.cpp:
- (JSC::callHostFunctionAsConstructor):
- (JSC::JSFunction::JSFunction):
- (JSC::JSFunction::getCallData):
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp:
- (JSC::JSGlobalData::getHostFunction):
- * runtime/JSGlobalData.h:
- (JSC::JSGlobalData::getCTIStub):
- Added interpreter-friendly constructors for NativeExecutables.
-
- * bytecompiler/BytecodeGenerator.cpp:
- * interpreter/Interpreter.cpp:
- * jit/JITStubs.cpp:
- * jsc.cpp:
- * runtime/ArrayConstructor.cpp:
- * runtime/BooleanPrototype.cpp:
- * runtime/BooleanPrototype.h:
- * runtime/CallData.h:
- * runtime/DateConstructor.cpp:
- * runtime/DateConstructor.h:
- * runtime/ErrorPrototype.cpp:
- * runtime/ErrorPrototype.h:
- * runtime/FunctionPrototype.cpp:
- * runtime/FunctionPrototype.h:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h:
- * runtime/JSGlobalObjectFunctions.cpp:
- * runtime/Lookup.cpp:
- * runtime/NumberPrototype.cpp:
- * runtime/NumberPrototype.h:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectConstructor.h:
- * runtime/ObjectPrototype.cpp:
- * runtime/ObjectPrototype.h:
- * runtime/RegExpPrototype.cpp:
- * runtime/RegExpPrototype.h:
- * runtime/SmallStrings.h:
- * runtime/StringConstructor.cpp:
- * runtime/StringConstructor.h:
- Removed use of redundant classes.
-
-2011-02-19 Laszlo Gombos <laszlo.1.gombos@nokia.com>
-
- Unreviewed build fix for Symbian.
-
- [Symbian] Revert the removal of linking
- against hal after r79126.
-
- Dependency on the hal library can not be removed
- as it is still used (e.g. in MarkStackSymbian.cpp).
-
- * JavaScriptCore.pri:
-
-2011-02-19 Gavin Barraclough <barraclough@apple.com>
-
- Interpreter build fix.
-
- * runtime/ArrayConstructor.cpp:
- * runtime/BooleanPrototype.cpp:
- * runtime/DateConstructor.cpp:
- * runtime/ErrorPrototype.cpp:
- * runtime/FunctionPrototype.cpp:
- * runtime/Lookup.cpp:
- * runtime/NumberPrototype.cpp:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectPrototype.cpp:
- * runtime/RegExpPrototype.cpp:
- * runtime/StringConstructor.cpp:
-
-2011-02-19 Gavin Barraclough <barraclough@apple.com>
-
- Build fix!!
-
- * JavaScriptCore.exp:
-
-2011-02-19 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix!!
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-19 Gavin Barraclough <barraclough@apple.com>
-
- Windows build fix!
-
- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-19 Gavin Barraclough <barraclough@apple.com>
-
- Build fix!
-
- * JavaScriptCore.exp:
-
-2011-02-18 Gavin Barraclough <barraclough@apple.com>
-
- Reviewed by Sam Weinig.
-
- Bug 54786 - Devirtualize JSCell::classInfo()
-
- Instead of making a virtual function call, add a pointer to the ClassInfo
- onto Structure.
-
- This removes a virtual function call, and paves the way towards removing all
- the createStructure methods, and StructureFlags/AnonymousSlotCount properties
- (these should be able to move onto ClassInfo).
-
- Calls to Structure::create must now pass a pointer to the ClassInfo for the
- structure. All objects now have a ClassInfo pointer, non-object cell types
- still do not.
-
- Changes are most mechanical, involving three steps:
- * Remove virtual classInfo() methods.
- * Add &s_info parameter to calls to Structure::create.
- * Rename ClassInfo static members on classes from 'info' to 's_info',
- for consistency.
-
- * API/JSCallbackConstructor.cpp:
- * API/JSCallbackConstructor.h:
- * API/JSCallbackFunction.cpp:
- * API/JSCallbackFunction.h:
- * API/JSCallbackObject.cpp:
- * API/JSCallbackObject.h:
- * API/JSCallbackObjectFunctions.h:
- * API/JSObjectRef.cpp:
- * API/JSValueRef.cpp:
- * API/JSWeakObjectMapRefPrivate.cpp:
- * JavaScriptCore.exp:
- * debugger/Debugger.cpp:
- * debugger/DebuggerActivation.h:
- * debugger/DebuggerCallFrame.cpp:
- * interpreter/Interpreter.cpp:
- * jit/JITCall32_64.cpp:
- * jit/JITOpcodes.cpp:
- * jit/JITStubs.cpp:
- * profiler/Profiler.cpp:
- * runtime/Arguments.cpp:
- * runtime/Arguments.h:
- * runtime/ArrayConstructor.cpp:
- * runtime/ArrayPrototype.cpp:
- * runtime/ArrayPrototype.h:
- * runtime/BooleanObject.cpp:
- * runtime/BooleanObject.h:
- * runtime/BooleanPrototype.cpp:
- * runtime/DateConstructor.cpp:
- * runtime/DateInstance.cpp:
- * runtime/DateInstance.h:
- * runtime/DatePrototype.cpp:
- * runtime/DatePrototype.h:
- * runtime/ErrorInstance.cpp:
- * runtime/ErrorInstance.h:
- * runtime/ErrorPrototype.cpp:
- * runtime/FunctionPrototype.cpp:
- * runtime/FunctionPrototype.h:
- * runtime/GetterSetter.h:
- * runtime/GlobalEvalFunction.h:
- * runtime/InternalFunction.cpp:
- * runtime/InternalFunction.h:
- * runtime/JSAPIValueWrapper.h:
- * runtime/JSActivation.cpp:
- * runtime/JSActivation.h:
- * runtime/JSArray.cpp:
- * runtime/JSArray.h:
- * runtime/JSByteArray.cpp:
- * runtime/JSByteArray.h:
- * runtime/JSCell.cpp:
- * runtime/JSCell.h:
- * runtime/JSFunction.cpp:
- * runtime/JSFunction.h:
- * runtime/JSGlobalData.cpp:
- * runtime/JSGlobalObject.cpp:
- * runtime/JSGlobalObject.h:
- * runtime/JSNotAnObject.h:
- * runtime/JSONObject.cpp:
- * runtime/JSONObject.h:
- * runtime/JSObject.cpp:
- * runtime/JSObject.h:
- * runtime/JSObjectWithGlobalObject.h:
- * runtime/JSPropertyNameIterator.h:
- * runtime/JSStaticScopeObject.h:
- * runtime/JSString.h:
- * runtime/JSVariableObject.h:
- * runtime/JSWrapperObject.h:
- * runtime/JSZombie.cpp:
- * runtime/JSZombie.h:
- * runtime/Lookup.cpp:
- * runtime/MathObject.cpp:
- * runtime/MathObject.h:
- * runtime/NativeErrorConstructor.cpp:
- * runtime/NativeErrorConstructor.h:
- * runtime/NumberConstructor.cpp:
- * runtime/NumberConstructor.h:
- * runtime/NumberObject.cpp:
- * runtime/NumberObject.h:
- * runtime/NumberPrototype.cpp:
- * runtime/ObjectConstructor.cpp:
- * runtime/ObjectPrototype.cpp:
- * runtime/RegExpConstructor.cpp:
- * runtime/RegExpConstructor.h:
- * runtime/RegExpObject.cpp:
- * runtime/RegExpObject.h:
- * runtime/RegExpPrototype.cpp:
- * runtime/ScopeChain.cpp:
- * runtime/StringConstructor.cpp:
- * runtime/StringObject.cpp:
- * runtime/StringObject.h:
- * runtime/StringObjectThatMasqueradesAsUndefined.h:
- * runtime/StringPrototype.cpp:
- * runtime/StringPrototype.h:
- * runtime/Structure.cpp:
- * runtime/Structure.h:
-
-2011-02-19 David Kilzer <ddkilzer@apple.com>
-
- <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc
-
- Reviewed by Dan Bernstein.
-
- * Configurations/Base.xcconfig: Added
- JAVASCRIPTCORE_FRAMEWORKS_DIR variable.
- * Configurations/JavaScriptCore.xcconfig: Used
- JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH.
- * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
- for Production configuration of jsc target.
- (Copy Into Framework): Removed old build phase.
- (Fix Framework Reference): Renamed build phase to "Copy Into
- Framework". Added "set -x" call to make the script print the
- commands it is running. Added code to exit early for Production
- builds since this was never intended for them. Added code to
- copy jsc into the JavaScriptCore.framework/Resources directory.
-
-2011-02-19 Siddharth Mathur <siddharth.mathur@nokia.com>
-
- Reviewed by Laszlo Gombos.
-
- [Symbian] OSAllocator implementation for Symbian OS.
- Manages both data and code region requests. V8 and Sunspider tested
- OK with interpreter. Not tested with JSC JIT yet as it has unrelated
- failures. Also no thread safety yet.
- https://bugs.webkit.org/show_bug.cgi?id=51128
-
- * JavaScriptCore.pri: removed HAL linkage
- * wtf/Bitmap.h:
- (WTF::::findRunOfZeros): find run of zeros in a bitmap. quick n dirty
- * wtf/OSAllocator.h:
- (WTF::OSAllocator::decommitAndRelease): decommit explicitly
- * wtf/OSAllocatorSymbian.cpp: Impl. of OSAllocator interface
- (WTF::allocateCodeChunk): utility for code chunks
- (WTF::deallocateCodeChunk): utility for code chunks
- (WTF::dataAllocatorInstance): getter for data allocator instance
- (WTF::OSAllocator::reserveUncommitted):
- (WTF::OSAllocator::releaseDecommitted):
- (WTF::OSAllocator::commit):
- (WTF::OSAllocator::decommit):
- (WTF::OSAllocator::reserveAndCommit):
- (WTF::PageAllocatorSymbian::PageAllocatorSymbian): maps requests
- to one underlying Symbian chunk
- (WTF::PageAllocatorSymbian::~PageAllocatorSymbian):
- (WTF::PageAllocatorSymbian::reserve):
- (WTF::PageAllocatorSymbian::release):
- (WTF::PageAllocatorSymbian::commit):
- (WTF::PageAllocatorSymbian::decommit):
- (WTF::PageAllocatorSymbian::contains):
- * wtf/PageAllocatorSymbian.h: Added.
- (WTF::SymbianChunk::SymbianChunk): wrapper around RChunk
- (WTF::SymbianChunk::~SymbianChunk):
- (WTF::SymbianChunk::contains):
-
-2011-02-19 Yong Li <yoli@rim.com>
-
- Reviewed by Eric Seidel.
-
- https://bugs.webkit.org/show_bug.cgi?id=54687
- When being built with armcc, "int" bit fields are treated as
- unsigned integers, which will fail the comparisons like "m_offset == -1".
- Using "signed" fixes the problem.
-
- * assembler/ARMAssembler.h:
- * assembler/ARMv7Assembler.h:
-
-2011-02-18 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Made MarkedSpace block iteration size-class agnostic
- https://bugs.webkit.org/show_bug.cgi?id=54792
-
- SunSpider reports no change.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::clearMarks):
- (JSC::MarkedSpace::sweep):
- (JSC::MarkedSpace::objectCount):
- (JSC::MarkedSpace::size):
- (JSC::MarkedSpace::capacity):
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::forEach): Iterate blocks in hashing order instead of
- size class list order. This is a much simpler convention in a world
- of many different size classes.
-
-2011-02-18 Kristian Amlie <kristian.amlie@nokia.com>
-
- Reviewed by Andreas Kling.
-
- Added friend exception to Qt platform, which also compiles Windows.
-
- QtWebKit fails to compile on Windows XP with msvc-2008
- https://bugs.webkit.org/show_bug.cgi?id=54746
-
- * bytecode/CodeBlock.h:
- * runtime/RegExpObject.h:
-
-2011-02-18 Geoffrey Garen <ggaren@apple.com>
-
- (Rolled back in r79022 with crash fixed.)
-
- Reviewed by Sam Weinig.
-
- Use hashing instead of linear search in the conservative pointer test
- https://bugs.webkit.org/show_bug.cgi?id=54767
-
- SunSpider reports no change.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::destroy): No need to explicitly clear the blocks array,
- since freeBlock removes items for us.
-
- (JSC::MarkedSpace::freeBlock): Fixed a typo that always removed the last
- block from the block set instead of the block being freed. Changed to
- remove a block from our data structures before deallocating it, since
- this is slightly cleaner.
-
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::contains): Variable-sized objects will use more,
- smaller blocks, so it's important for the contains check not to be O(n)
- in the number of blocks.
-
-2011-02-18 chris reiss <christopher.reiss@nokia.com>
-
- Reviewed by Andreas Kling.
-
- REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
- https://bugs.webkit.org/show_bug.cgi?id=49989
-
- updated test fast/js/script-tests/date-parse-test.js
-
- * wtf/DateMath.cpp:
- (WTF::parseDateFromNullTerminatedCharacters):
-
-2011-02-18 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r79022.
- http://trac.webkit.org/changeset/79022
- https://bugs.webkit.org/show_bug.cgi?id=54775
-
- It broke the whole world (Requested by Ossy on #webkit).
-
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::contains):
-
-2011-02-18 Yael Aharon <yael.aharon@nokia.com>
-
- Reviewed by Dave Hyatt.
-
- Add support for dir=auto
- https://bugs.webkit.org/show_bug.cgi?id=50916
-
- Change defaultWritingDirection() to return if the writing direction
- was determined from a letter with strong directionality or not.
-
- * JavaScriptCore.exp:
- * JavaScriptCore.order:
- * wtf/text/StringImpl.cpp:
- (WTF::StringImpl::defaultWritingDirection):
- * wtf/text/StringImpl.h:
- * wtf/text/WTFString.h:
- (WTF::String::defaultWritingDirection):
-
-2011-02-18 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Use hashing instead of linear search in the conservative pointer test
- https://bugs.webkit.org/show_bug.cgi?id=54767
-
- SunSpider reports no change.
-
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::contains): Variable-sized objects will use more,
- smaller blocks, so it's important for the contains check not to be O(n)
- in the number of blocks.
-
-2011-02-18 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Tightened some usage accounting code in MarkedSpace
- https://bugs.webkit.org/show_bug.cgi?id=54761
-
- SunSpider reports no change.
-
- * runtime/Heap.cpp:
- (JSC::Heap::Heap): Initialize the marked space high water mark on
- construction, instead of relying on some implicit subtleties to make
- not initializing it work out OK.
-
- * runtime/Heap.h: Fixed up includes.
-
- * runtime/MarkedBlock.h: Made firstAtom() static so clients can call it
- even without having allocated a block.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace): Don't pre-allocate a block, since this
- would be prohibitively expensive with multiple size classes.
-
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::freeBlock): Track allocated blocks in a hash set,
- since linear search in the contains check will be prohibitively
- expensive once we're using lots of smaller blocks.
-
- (JSC::MarkedSpace::allocate): Don't assume that we always have a block
- allocated, since we don't anymore. (See above.)
-
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h: Updated for changes mentioned above.
-
-2011-02-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Made object allocation secretly variable-sized (Shhhh!)
- https://bugs.webkit.org/show_bug.cgi?id=54721
-
- SunSpider reports no change.
-
- Internally, MarkedBlock now makes variable-sized allocations, even
- though MarkedSpace doesn't take advantage of this yet.
-
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are
- fixed-sized.
-
- * runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things
- that are not multiples of 64 bytes.
-
-2011-02-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Fixed some math errors when when using variable-sized cells
- https://bugs.webkit.org/show_bug.cgi?id=54717
-
- SunSpider reports no change.
-
- Computer Science Barbie says, "Math is not so hard afterall!"
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedBlock::allocate): Round up when calculating the
- minimum number of atoms required for a cell, since rounding down
- will get you splinched.
-
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- (JSC::MarkedBlock::sweep):
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests
- because m_endAtom is actually a fuzzy end -- iterating from firstAtom()
- may not hit m_endAtom exactly.
-
-2011-02-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- A little more abstraction for MarkedSpace::contains
- https://bugs.webkit.org/show_bug.cgi?id=54715
-
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::contains): Added a contains function, so MarkedSpace
- doesn't have to know how MarkedBlock tracks containment internally.
-
- * runtime/MarkedSpace.h:
- (JSC::MarkedSpace::contains): Call through to MarkedBlock to figure out
- if a cell that seems to be in a block is valid.
-
-2011-02-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Sam Weinig.
-
- Removed the invariant that the last cell in a block is always marked
- https://bugs.webkit.org/show_bug.cgi?id=54713
-
- SunSpider reports no change.
-
- This adds one branch to allocation, but simplifies the mark invariant,
- especially in a world of variable-sized cells. Now, it really is true
- that any cell whose mark bit is set is a valid, live cell whose
- constructor has run and whose destructor has not run.
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while
- since we can no longer rely on a set mark bit to break out of this loop
- before it reaches the end of the block.
-
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::MarkedBlock):
- (JSC::MarkedBlock::sweep):
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::isEmpty):
- (JSC::MarkedBlock::clearMarks):
- (JSC::MarkedBlock::markCount):
- (JSC::MarkedBlock::forEach): No need to set a special last mark bit.
-
-2011-02-17 Sheriff Bot <webkit.review.bot@gmail.com>
-
- Unreviewed, rolling out r78856 and r78907.
- http://trac.webkit.org/changeset/78856
- http://trac.webkit.org/changeset/78907
- https://bugs.webkit.org/show_bug.cgi?id=54705
-
- These seem to break tests on 32-bit builds. (Requested by
- aroben on #webkit).
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * collector/handles/Global.h:
- (JSC::Global::internalSet):
- * collector/handles/Handle.h:
- (JSC::HandleTypes::getFromSlot):
- (JSC::HandleTypes::toJSValue):
- (JSC::HandleTypes::validateUpcast):
- (JSC::HandleConverter::operator->):
- (JSC::HandleConverter::operator*):
- (JSC::Handle::Handle):
- (JSC::Handle::get):
- * runtime/JSArray.cpp:
- (JSC::JSArray::sortNumeric):
- * runtime/JSObject.h:
- (JSC::JSObject::inlineGetOwnPropertySlot):
- * runtime/SlotAccessor.h: Removed.
- * runtime/WeakGCPtr.h:
- (JSC::WeakGCPtr::get):
- (JSC::WeakGCPtr::internalSet):
- * runtime/WriteBarrier.h:
- (JSC::DeprecatedPtr::DeprecatedPtr):
- (JSC::DeprecatedPtr::get):
- (JSC::DeprecatedPtr::operator*):
- (JSC::DeprecatedPtr::operator->):
- (JSC::DeprecatedPtr::slot):
- (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
- (JSC::DeprecatedPtr::operator!):
- (JSC::WriteBarrierBase::set):
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::operator*):
- (JSC::WriteBarrierBase::operator->):
- (JSC::WriteBarrierBase::clear):
- (JSC::WriteBarrierBase::slot):
- (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
- (JSC::WriteBarrierBase::operator!):
- (JSC::WriteBarrierBase::setWithoutWriteBarrier):
- (JSC::WriteBarrier::WriteBarrier):
-
-2011-02-17 Csaba Osztrogonác <ossy@webkit.org>
-
- Unreviewed.
-
- [Qt] Buildfix.
-
- * wtf/RetainPtr.h: Add missing PLATFORM(CF) guard.
-
-2011-02-17 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Oliver Hunt.
-
- Made MarkedBlock variable-sized
- https://bugs.webkit.org/show_bug.cgi?id=54692
-
- SunSpider reports no change.
-
- Each MarkedBlock is now composed of a set of fixed-sized atoms, with one
- mark bit per atom. A given cell may be composed of one or more atoms.
-
- * runtime/Heap.cpp:
- (JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace,
- bubbling it up from MarkedBlock, since MarkedBlock now supports variable-
- sizedness.
-
- * runtime/JSCell.h:
- (JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and
- (implicit) one constants -- these quantities are not constant anymore.
- Updated for switch from cell to atom.
-
- * runtime/MarkedBlock.cpp:
- (JSC::MarkedBlock::create):
- (JSC::MarkedBlock::destroy):
- (JSC::MarkedBlock::MarkedBlock):
- (JSC::MarkedBlock::sweep):
- * runtime/MarkedBlock.h:
- (JSC::MarkedBlock::firstAtom):
- (JSC::MarkedBlock::atoms):
- (JSC::MarkedBlock::isAtomAligned):
- (JSC::MarkedBlock::blockFor):
- (JSC::MarkedBlock::isEmpty):
- (JSC::MarkedBlock::clearMarks):
- (JSC::MarkedBlock::size):
- (JSC::MarkedBlock::capacity):
- (JSC::MarkedBlock::atomNumber):
- (JSC::MarkedBlock::isMarked):
- (JSC::MarkedBlock::testAndSetMarked):
- (JSC::MarkedBlock::setMarked):
- (JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE
- and BLOCK_SIZE, and switched away from calling arbitrary pointers cells.
-
- * runtime/MarkedSpace.cpp:
- (JSC::MarkedSpace::MarkedSpace):
- (JSC::MarkedSpace::allocateBlock):
- (JSC::MarkedSpace::allocate):
- (JSC::MarkedSpace::reset):
- * runtime/MarkedSpace.h:
- (JSC::CollectorHeap::CollectorHeap):
- (JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness
- a property of MarkedSpace.
-
-2011-02-17 Oliver Hunt <oliver@apple.com>
-
- Attempt to fix windows build
-
- * runtime/WriteBarrier.h:
-
-2011-02-17 Oliver Hunt <oliver@apple.com>
-
- Reviewed by Geoffrey Garen.
-
- Refactor WriteBarrier and DeprecatedPtr to have less code duplication.
- https://bugs.webkit.org/show_bug.cgi?id=54608
-
- Make use of the tricks used for Handle, et al to avoid duplicating all
- of the logic for DeprecatedPtr and WriteBarrier simply to support known
- vs. unknown types.
-
- * JavaScriptCore.xcodeproj/project.pbxproj:
- * collector/handles/Global.h:
- (JSC::Global::internalSet):
- * collector/handles/Handle.h:
- (JSC::Handle::Handle):
- (JSC::Handle::get):
- * runtime/JSArray.cpp:
- (JSC::JSArray::sortNumeric):
- * runtime/JSObject.h:
- (JSC::JSObject::inlineGetOwnPropertySlot):
- * runtime/SlotAccessor.h: Added.
- (JSC::SlotTypes::getFromBaseType):
- (JSC::SlotTypes::convertToBaseType):
- (JSC::SlotTypes::getFromSlot):
- (JSC::SlotTypes::toJSValue):
- (JSC::SlotTypes::validateUpcast):
- (JSC::SlotAccessor::operator->):
- (JSC::SlotAccessor::operator*):
- * runtime/WeakGCPtr.h:
- (JSC::WeakGCPtr::get):
- (JSC::WeakGCPtr::internalSet):
- * runtime/WriteBarrier.h:
- (JSC::DeprecatedPtr::DeprecatedPtr):
- (JSC::DeprecatedPtr::get):
- (JSC::DeprecatedPtr::slot):
- (JSC::DeprecatedPtr::operator=):
- (JSC::WriteBarrierTranslator::convertToStorage):
- (JSC::WriteBarrierTranslator::convertFromStorage):
- (JSC::WriteBarrierBase::set):
- (JSC::WriteBarrierBase::get):
- (JSC::WriteBarrierBase::clear):
- (JSC::WriteBarrierBase::slot):
- (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
- (JSC::WriteBarrierBase::operator!):
- (JSC::WriteBarrierBase::setWithoutWriteBarrier):
- (JSC::WriteBarrier::WriteBarrier):
-
-2011-02-17 Kevin Ollivier <kevino@theolliviers.com>
-
- [wx] Revert incorrect blind fix and restore previous working code.
-
- * wtf/wx/StringWx.cpp:
- (WTF::String::String):
-
-2011-02-16 Geoffrey Garen <ggaren@apple.com>
-
- Reviewed by Maciej Stachowiak.
-
- Intermittent crashes beneath MarkStack::drain
- https://bugs.webkit.org/show_bug.cgi?id=54614
- <rdar://problem/8971070>
-
- The crashes were caused by a GC happening after the global object's
- property table had grown (due to compilation), but before the properties
- had been fully initialized by program execution.
-
- * bytecompiler/BytecodeGenerator.cpp:
- (JSC::BytecodeGenerator::BytecodeGenerator): Explicitly resize the global
- object's register storage immediately, without waiting for program
- execution to do it for us. This ensures that the global object's count
- of global variables is consistent with the size of its global variable
- storage at all times, and it ensures that all global variables are
- properly initialized from the get-go.
+ (MarkedBlock):
+ * heap/MarkedSpace.cpp: const!
- * runtime/JSGlobalObject.cpp:
- (JSC::JSGlobalObject::resizeRegisters):
- * runtime/JSGlobalObject.h: Added a helper function for growing the
- global object's register storage, and initializing new registers.
+ (JSC::MarkedSpace::freeBlocks): Make sure to call destroy before
+ returning a block to the BlockAllocator. Otherwise, our destructors
+ won't run. (If we get this wrong now, we'll get a compile error.)
-== Rolled over to ChangeLog-2011-02-16 ==
+== Rolled over to ChangeLog-2012-05-22 ==
diff --git a/Source/JavaScriptCore/ChangeLog-2012-05-22 b/Source/JavaScriptCore/ChangeLog-2012-05-22
new file mode 100644
index 000000000..2b3dee1b1
--- /dev/null
+++ b/Source/JavaScriptCore/ChangeLog-2012-05-22
@@ -0,0 +1,70902 @@
+2012-05-22 Yong Li <yoli@rim.com>
+
+ [BlackBerry] getPlatformThreadRegisters() should fetch target thread's registers
+ https://bugs.webkit.org/show_bug.cgi?id=87148
+
+ Reviewed by George Staikos.
+
+ Our previous implementation of getPlatformThreadRegisters() read registers in current
+ thread's context but it is supposed to read the target thread's registers.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::getPlatformThreadRegisters):
+
+2012-05-05 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should support reflective arguments access
+ https://bugs.webkit.org/show_bug.cgi?id=85721
+
+ Reviewed by Oliver Hunt.
+
+ Merged r116345 from dfgopt.
+
+ This adds support for op_create_arguments to the DFG. No other arguments-related
+ opcodes are added by this change, though it does add a lot of the scaffolding
+ necessary for the other ops.
+
+ This also adds GetByVal/PutByVal optimizations for Arguments.
+
+ Finally, this rationalizes slowPathCall with no return. Previously, that would
+ work via callOperation() overloads that took InvalidGPRReg as the return GPR.
+ But that creates awful ambiguity, since we had template functions that were
+ polymorphic over all parameters except the second, which was a GPRReg, and a
+ bunch of non-template overloads that also potentially had GPRReg as the second
+ argument. I finally started to hit this ambiguity and was getting absolutely
+ bizarre compiler errors, that made me feel like I was programming in SML. So,
+ I changed the no-argument overloads to take NoResultTag instead, which made
+ everything sensible again by eliminating the overload ambiguity.
+
+ This is a ~7% speed-up on V8/earley and neutral elsewhere.
+
+ * bytecode/PredictedType.h:
+ (JSC::isArgumentsPrediction):
+ (JSC):
+ (JSC::isActionableMutableArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCCallHelpers.h:
+ (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
+ (CCallHelpers):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ (JSC::DFG::canInlineOpcode):
+ * dfg/DFGCommon.h:
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::unmodifiedArgumentsRegister):
+ (Node):
+ (JSC::DFG::Node::shouldSpeculateArguments):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::pickCanTrample):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/Arguments.h:
+ (ArgumentsData):
+ (Arguments):
+ (JSC::Arguments::offsetOfData):
+
+2011-05-21 Geoffrey Garen <ggaren@apple.com>
+
+ GC allocation trigger should be tuned to system RAM
+ https://bugs.webkit.org/show_bug.cgi?id=87039
+
+ Reviewed by Darin Adler.
+
+ This helps avoid OOM crashes on small platforms, and helps avoid "too much GC"
+ performance issues on big platforms.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (Heap): GC balances between a fixed minimum and a proportional multiplier,
+ which are limited based on system RAM.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::createContextGroup):
+ (JSC::JSGlobalData::create):
+ (JSC::JSGlobalData::createLeaked):
+ * runtime/JSGlobalData.h:
+ (JSGlobalData): Renamed HeapSize to HeapType because the exact size is
+ influenced by the heap type, but not determined by it.
+
+2012-05-21 Gavin Barraclough <barraclough@apple.com>
+
+ Disable private names by default in WebCore
+ https://bugs.webkit.org/show_bug.cgi?id=87088
+
+ Reviewed by Geoff Garen.
+
+ r117859 introduced a preliminary implementation of ES6-like private name objects to JSC.
+ These are probably not yet ready to be web-facing, so disabling by default in WebCore.
+ Opting-in for JSC & DumpRenderTree so that we can still run the fast/js/names.html test.
+
+ * jsc.cpp:
+ (GlobalObject):
+ (GlobalObject::javaScriptExperimentsEnabled):
+ - Implemented new trap to opt-in to private names support.
+ * runtime/JSGlobalObject.cpp:
+ (JSC):
+ (JSC::JSGlobalObject::reset):
+ - Only add the Name property to the global object if experiments are enabled.
+ * runtime/JSGlobalObject.h:
+ (GlobalObjectMethodTable):
+ - Added new trap to enabled experiments.
+ (JSGlobalObject):
+ (JSC::JSGlobalObject::finishCreation):
+ - Set the global object's m_experimentsEnabled state on construction.
+ (JSC::JSGlobalObject::javaScriptExperimentsEnabled):
+ - Defaults to off.
+
+2012-05-06 Filip Pizlo <fpizlo@apple.com>
+
+ Truncating multiplication on integers should not OSR exit every time
+ https://bugs.webkit.org/show_bug.cgi?id=85752
+
+ Reviewed by Gavin Barraclough.
+
+ Merge r116264 from dfgopt.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::mulShouldSpeculateInteger):
+ (Graph):
+ (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+
+2012-05-21 Csaba Osztrogonác <ossy@webkit.org>
+
+ DFG should be able to compute dominators
+ https://bugs.webkit.org/show_bug.cgi?id=85269
+
+ Unreviewed trivial 32 bit buildfix after r117861.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+
+2012-05-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should be able to compute dominators
+ https://bugs.webkit.org/show_bug.cgi?id=85269
+
+ Reviewed by Oliver Hunt.
+
+ Merged r115754 from dfgopt.
+
+ Implements a naive dominator calculator, which is currently just used to
+ print information in graph dumps. I've enabled it by default mainly to
+ be able to track its performance impact. So far it appears that there is
+ none, which is unsurprising given that the number of basic blocks in most
+ procedures is small.
+
+ Also tweaked bytecode dumping to reveal more useful information about the
+ nature of the code block.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * dfg/DFGDominators.cpp: Added.
+ (DFG):
+ (JSC::DFG::Dominators::Dominators):
+ (JSC::DFG::Dominators::~Dominators):
+ (JSC::DFG::Dominators::compute):
+ (JSC::DFG::Dominators::iterateForBlock):
+ * dfg/DFGDominators.h: Added.
+ (DFG):
+ (Dominators):
+ (JSC::DFG::Dominators::invalidate):
+ (JSC::DFG::Dominators::computeIfNecessary):
+ (JSC::DFG::Dominators::isValid):
+ (JSC::DFG::Dominators::dominates):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (Graph):
+
+2012-05-21 Michael Saboff <msaboff@apple.com>
+
+ Cleanup of Calls to operationStrCat and operationNewArray and Use Constructor after r117729
+ https://bugs.webkit.org/show_bug.cgi?id=87027
+
+ Reviewed by Oliver Hunt.
+
+ Change calls to operationStrCat and operationNewArray to provide the
+ pointer to the EncodedJSValue* data buffer instead of the ScratchBuffer
+ that contains it. Added a ScratchBuffer::create() function.
+ This is a clean-up to r117729.
+
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSGlobalData.h:
+ (JSC::ScratchBuffer::create):
+ (JSC::ScratchBuffer::dataBuffer):
+ (JSC::JSGlobalData::scratchBufferForSize):
+
+2012-05-15 Gavin Barraclough <barraclough@apple.com>
+
+ Add support for private names
+ https://bugs.webkit.org/show_bug.cgi?id=86509
+
+ Reviewed by Oliver Hunt.
+
+ The spec isn't final, but we can start adding support to allow property maps
+ to contain keys that aren't identifiers.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertySlot):
+ (JSC::::put):
+ (JSC::::deleteProperty):
+ (JSC::::getStaticValue):
+ (JSC::::staticFunctionGetter):
+ (JSC::::callbackGetter):
+ - Only expose public named properties over the JSC API.
+ * CMakeLists.txt:
+ * DerivedSources.make:
+ * DerivedSources.pri:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ - Added new files to build system.
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationPutByValInternal):
+ - Added support for property access with name objects.
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::privateNamePrototypeTable):
+ - Added hash table for NamePrototype
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ - Added support for property access with name objects.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Added support for property access with name objects.
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::getByVal):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::opIn):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+ - Added support for property access with name objects.
+ * runtime/JSGlobalData.cpp:
+ (JSC):
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ - Added hash table for NamePrototype
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSGlobalObject):
+ (JSC::JSGlobalObject::privateNameStructure):
+ (JSC::JSGlobalObject::symbolTableHasProperty):
+ - Added new global properties.
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::isName):
+ - Added type for NameInstances, for fast isName check.
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deleteProperty):
+ (JSC::JSVariableObject::symbolTableGet):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::symbolTableGet):
+ (JSC::JSVariableObject::symbolTablePut):
+ (JSC::JSVariableObject::symbolTablePutWithAttributes):
+ - symbol table lookup should take a PropertyName.
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::HashTable::entry):
+ - entry lookup should take a PropertyName.
+ * runtime/NameConstructor.cpp: Added.
+ (JSC):
+ (JSC::NameConstructor::NameConstructor):
+ (JSC::NameConstructor::finishCreation):
+ (JSC::constructPrivateName):
+ (JSC::NameConstructor::getConstructData):
+ (JSC::NameConstructor::getCallData):
+ * runtime/NameConstructor.h: Added.
+ (JSC):
+ (NameConstructor):
+ (JSC::NameConstructor::create):
+ (JSC::NameConstructor::createStructure):
+ - Added constructor.
+ * runtime/NameInstance.cpp: Added.
+ (JSC):
+ (JSC::NameInstance::NameInstance):
+ (JSC::NameInstance::destroy):
+ * runtime/NameInstance.h: Added.
+ (JSC):
+ (NameInstance):
+ (JSC::NameInstance::createStructure):
+ (JSC::NameInstance::create):
+ (JSC::NameInstance::privateName):
+ (JSC::NameInstance::nameString):
+ (JSC::NameInstance::finishCreation):
+ (JSC::isName):
+ - Added instance.
+ * runtime/NamePrototype.cpp: Added.
+ (JSC):
+ (JSC::NamePrototype::NamePrototype):
+ (JSC::NamePrototype::finishCreation):
+ (JSC::NamePrototype::getOwnPropertySlot):
+ (JSC::NamePrototype::getOwnPropertyDescriptor):
+ (JSC::privateNameProtoFuncToString):
+ * runtime/NamePrototype.h: Added.
+ (JSC):
+ (NamePrototype):
+ (JSC::NamePrototype::create):
+ (JSC::NamePrototype::createStructure):
+ - Added prototype.
+ * runtime/PrivateName.h: Added.
+ (JSC):
+ (PrivateName):
+ (JSC::PrivateName::PrivateName):
+ (JSC::PrivateName::uid):
+ - A private name object holds a StringImpl that can be used as a unique key in a property map.
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::find):
+ (JSC::PropertyTable::findWithString):
+ - Strings should only match keys in the table that are identifiers.
+ * runtime/PropertyName.h:
+ (JSC::PropertyName::PropertyName):
+ (PropertyName):
+ (JSC::PropertyName::uid):
+ (JSC::PropertyName::publicName):
+ (JSC::PropertyName::asIndex):
+ (JSC::operator==):
+ (JSC::operator!=):
+ - replaced impl() & ustring() with uid() [to get the raw impl] and publicName() [impl or null, if not an identifier].
+ * runtime/Structure.cpp:
+ (JSC::Structure::despecifyDictionaryFunction):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::attributeChangeTransition):
+ (JSC::Structure::get):
+ (JSC::Structure::despecifyFunction):
+ (JSC::Structure::putSpecificValue):
+ (JSC::Structure::remove):
+ (JSC::Structure::getPropertyNamesFromStructure):
+ * runtime/Structure.h:
+ (JSC::Structure::get):
+ - call uid() to get a PropertyName raw impl, for use as a key.
+
+2012-04-30 Filip Pizlo <fpizlo@apple.com>
+
+ Bytecode dumps should contain data about the state of get_by_id caches
+ https://bugs.webkit.org/show_bug.cgi?id=85246
+
+ Reviewed by Gavin Barraclough.
+
+ Merge r115694 from dfgopt.
+
+ Changed the DFG bytecode parser (and the code that calls it) to be able
+ to call codeBlock->dump() on the code blocks being parsed.
+
+ Changed bytecode dumping to be able to print the state of get_by_id
+ caches inline with the bytecode.
+
+ Removed the old StructureStubInfo dumping code, which no longer worked
+ right, and was incapable of telling us information about chain and list
+ accesses.
+
+ This change does not add dumping for put_by_id caches. We can add that
+ at a later time.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::printUnaryOp):
+ (JSC::CodeBlock::printBinaryOp):
+ (JSC::CodeBlock::printConditionalJump):
+ (JSC::CodeBlock::printGetByIdOp):
+ (JSC::dumpStructure):
+ (JSC):
+ (JSC::dumpChain):
+ (JSC::CodeBlock::printGetByIdCacheStatus):
+ (JSC::CodeBlock::printCallOp):
+ (JSC::CodeBlock::printPutByIdOp):
+ (JSC::printGlobalResolveInfo):
+ (JSC::CodeBlock::printStructure):
+ (JSC::CodeBlock::printStructures):
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::visitStructures):
+ (JSC::ProgramCodeBlock::jitCompileImpl):
+ (JSC::EvalCodeBlock::jitCompileImpl):
+ (JSC::FunctionCodeBlock::jitCompileImpl):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ (JSC::CodeBlock::jitCompile):
+ (ProgramCodeBlock):
+ (EvalCodeBlock):
+ (FunctionCodeBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ (JSC::DFG::parse):
+ * dfg/DFGByteCodeParser.h:
+ (DFG):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGDriver.h:
+ (DFG):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * jit/JITDriver.h:
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::jitCompileAndSetHeuristics):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::jitCompile):
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::jitCompile):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::jitCompileForCall):
+ (JSC::FunctionExecutable::jitCompileForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (EvalExecutable):
+ (ProgramExecutable):
+ (FunctionExecutable):
+ (JSC::FunctionExecutable::jitCompileFor):
+ * runtime/ExecutionHarness.h:
+ (JSC::prepareForExecution):
+ (JSC::prepareFunctionForExecution):
+
+2012-05-21 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing header files.
+
+2012-05-21 Allan Sandfeld Jensen <allan.jensen@nokia.com>
+
+ GCC 4.7 and C++11
+ https://bugs.webkit.org/show_bug.cgi?id=86465
+
+ Reviewed by Darin Adler.
+
+ Set emptyValueIsZero flag so RegExpKey can be used with the non-copyable RegExp values.
+
+ * runtime/RegExpKey.h:
+
+2012-05-20 Michael Saboff <msaboff@apple.com>
+
+ JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection
+ https://bugs.webkit.org/show_bug.cgi?id=86553
+
+ Reviewed by Gavin Barraclough.
+
+ Scratch buffers can contain the only reference to live objects.
+ Therefore visit scratch buffer contents as conservative roots.
+ Changed the scratch buffers to be a struct with an "active"
+ length and the actual buffer. The users of the scratch
+ buffer emit code where needed to set and clear the active
+ length as appropriate. During marking, the active count is
+ used for conservative marking.
+
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::debugCall):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGThunks.cpp:
+ (JSC::DFG::osrExitGenerationThunkGenerator):
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::gatherConservativeRoots):
+ * runtime/JSGlobalData.h:
+ (JSC::ScratchBuffer::ScratchBuffer):
+ (ScratchBuffer):
+ (JSC::ScratchBuffer::allocationSize):
+ (JSC::ScratchBuffer::setActiveLength):
+ (JSC::ScratchBuffer::activeLength):
+ (JSC::ScratchBuffer::activeLengthPtr):
+ (JSC::ScratchBuffer::dataBuffer):
+ (JSGlobalData):
+ (JSC::JSGlobalData::scratchBufferForSize):
+
+2012-05-20 Filip Pizlo <fpizlo@apple.com>
+
+ Predicted types should know about arguments
+ https://bugs.webkit.org/show_bug.cgi?id=85165
+
+ Reviewed by Oliver Hunt.
+
+ Merge r115604 from dfgopt.
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionToAbbreviatedString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC):
+ (JSC::isMyArgumentsPrediction):
+ (JSC::isArgumentsPrediction):
+
+2012-05-20 Filip Pizlo <fpizlo@apple.com>
+
+ Bytecompiler should emit trivially fewer jumps in loops
+ https://bugs.webkit.org/show_bug.cgi?id=85144
+
+ Reviewed by Oliver Hunt.
+
+ Merged r115587 from dfgopt.
+
+ 1-2% across the board win.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::WhileNode::emitBytecode):
+ (JSC::ForNode::emitBytecode):
+
+2012-05-19 Vivek Galatage <vivekgalatage@gmail.com>
+
+ Windows build broken due to changes in the http://trac.webkit.org/changeset/117646
+ https://bugs.webkit.org/show_bug.cgi?id=86939
+
+ The changeset 117646 changed the JSString::toBoolean signature. This
+ change is for fixing the windows build break.
+
+ Reviewed by Ryosuke Niwa.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-05-18 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION(117646): fast/canvas/webgl/glsl-conformance.html is crashing in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=86929
+
+ Reviewed by Oliver Hunt.
+
+ The problem was that if CFG simplification saw a Branch with identical successors,
+ it would always perform a basic block merge. But that's wrong if the successor has
+ other predecessors.
+
+ * dfg/DFGCFGSimplificationPhase.cpp:
+ (JSC::DFG::CFGSimplificationPhase::run):
+
+2012-05-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CFG simplification crashes if it's trying to remove an unreachable block
+ that has an already-killed-off unreachable successor
+ https://bugs.webkit.org/show_bug.cgi?id=86918
+
+ Reviewed by Oliver Hunt.
+
+ This fixes crashes in:
+ inspector/styles/styles-computed-trace.html
+ inspector/console/console-big-array.html
+
+ * dfg/DFGCFGSimplificationPhase.cpp:
+ (JSC::DFG::CFGSimplificationPhase::fixPhis):
+
+2012-05-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have control flow graph simplification
+ https://bugs.webkit.org/show_bug.cgi?id=84553
+
+ Reviewed by Oliver Hunt.
+
+ Merged r115512 from dfgopt.
+
+ This change gives the DFG the ability to simplify the control flow graph
+ as part of an optimization fixpoint that includes CSE, CFA, and constant
+ folding. This required a number of interesting changes including:
+
+ - Solidifying the set of invariants that the DFG obeys. For example, the
+ head and tail of each basic block must advertise the set of live locals
+ and the set of available locals, respectively. It must do so by
+ referring to the first access to the local in the block (for head) and
+ the last one (for tail). This patch introduces the start of a
+ validation step that may be turned on even with asserts disabled. To
+ ensure that these invariants are preserved, I had to remove the
+ redundant phi elimination phase. For now I just remove the call, but in
+ the future we will probably remove it entirely unless we find a use for
+ it.
+
+ - Making it easier to get the boolean version of a JSValue. This is a
+ pure operation, but we previously did not treat it as such.
+
+ - Fixing the merging and filtering of AbstractValues that correspond to
+ concrete JSValues. This was previously broken and was limiting the
+ effect of running constant folding. Fixing this meant that I had to
+ change how constant folding eliminates GetLocal nodes, so as to ensure
+ that the resulting graph still obeys DFG rules.
+
+ - Introducing simplified getters for some of the things that DFG phases
+ want to know about, like the Nth child of a node (now just
+ graph.child(...) if you don't care about performance too much) or
+ getting successors of a basic block.
+
+ The current CFG simplifier can handle almost all of the cases that it
+ ought to handle; the noteworthy one that is not yet handled is removing
+ basic blocks that just have jumps. To do this right we need to be able
+ to remove jump-only blocks that also perform keep-alive on some values.
+ To make this work, we need to be able to hoist the keep-alive into (or
+ just above) a Branch. This is not fundamentally difficult but I opted to
+ let this patch omit this optimization. We can handle this later.
+
+ This is a big win on programs that include inline functions that are
+ often called with constant arguments. Of course, SunSpider, V8, and
+ Kraken don't count. Those benchmarks are completely neutral with this
+ change.
+
+ * API/JSValueRef.cpp:
+ (JSValueToBoolean):
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
+ * bytecode/Operands.h:
+ (JSC::Operands::setOperandFirstTime):
+ (Operands):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ (JSC::DFG::AbstractState::mergeToSuccessors):
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::AbstractValue::isClear):
+ (JSC::DFG::AbstractValue::operator!=):
+ (JSC::DFG::AbstractValue::merge):
+ (JSC::DFG::AbstractValue::filter):
+ (JSC::DFG::AbstractValue::validateIgnoringValue):
+ (AbstractValue):
+ * dfg/DFGAdjacencyList.h:
+ (JSC::DFG::AdjacencyList::child):
+ (JSC::DFG::AdjacencyList::setChild):
+ (AdjacencyList):
+ * dfg/DFGBasicBlock.h:
+ (JSC::DFG::BasicBlock::~BasicBlock):
+ (BasicBlock):
+ (JSC::DFG::BasicBlock::numNodes):
+ (JSC::DFG::BasicBlock::nodeIndex):
+ (JSC::DFG::BasicBlock::isPhiIndex):
+ (JSC::DFG::BasicBlock::isInPhis):
+ (JSC::DFG::BasicBlock::isInBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (ByteCodeParser):
+ (DFG):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCFAPhase.cpp:
+ (JSC::DFG::CFAPhase::run):
+ (JSC::DFG::CFAPhase::performBlockCFA):
+ (JSC::DFG::performCFA):
+ * dfg/DFGCFAPhase.h:
+ (DFG):
+ * dfg/DFGCFGSimplificationPhase.cpp: Added.
+ (DFG):
+ (CFGSimplificationPhase):
+ (JSC::DFG::CFGSimplificationPhase::CFGSimplificationPhase):
+ (JSC::DFG::CFGSimplificationPhase::run):
+ (JSC::DFG::CFGSimplificationPhase::killUnreachable):
+ (JSC::DFG::CFGSimplificationPhase::findOperandSource):
+ (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
+ (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
+ (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
+ (JSC::DFG::CFGSimplificationPhase::fixPhis):
+ (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
+ (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
+ (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
+ (OperandSubstitution):
+ (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
+ (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
+ (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
+ (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
+ (JSC::DFG::performCFGSimplification):
+ * dfg/DFGCFGSimplificationPhase.h: Added.
+ (DFG):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::run):
+ (CSEPhase):
+ (JSC::DFG::CSEPhase::impureCSE):
+ (JSC::DFG::CSEPhase::globalVarLoadElimination):
+ (JSC::DFG::CSEPhase::getByValLoadElimination):
+ (JSC::DFG::CSEPhase::checkStructureLoadElimination):
+ (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
+ (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ (JSC::DFG::CSEPhase::performBlockCSE):
+ (JSC::DFG::performCSE):
+ * dfg/DFGCSEPhase.h:
+ (DFG):
+ * dfg/DFGCommon.h:
+ * dfg/DFGConstantFoldingPhase.cpp:
+ (JSC::DFG::ConstantFoldingPhase::run):
+ (JSC::DFG::performConstantFolding):
+ * dfg/DFGConstantFoldingPhase.h:
+ (DFG):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGEdge.h:
+ (Edge):
+ (JSC::DFG::Edge::operator UnspecifiedBoolType*):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::run):
+ (JSC::DFG::FixupPhase::fixupBlock):
+ (JSC::DFG::performFixup):
+ * dfg/DFGFixupPhase.h:
+ (DFG):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::handleSuccessor):
+ (DFG):
+ (JSC::DFG::Graph::determineReachability):
+ (JSC::DFG::Graph::resetReachability):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::deref):
+ (JSC::DFG::Graph::changeIndex):
+ (Graph):
+ (JSC::DFG::Graph::changeEdge):
+ (JSC::DFG::Graph::numSuccessors):
+ (JSC::DFG::Graph::successor):
+ (JSC::DFG::Graph::successorForCondition):
+ (JSC::DFG::Graph::isPredictedNumerical):
+ (JSC::DFG::Graph::byValIsPure):
+ (JSC::DFG::Graph::clobbersWorld):
+ (JSC::DFG::Graph::numChildren):
+ (JSC::DFG::Graph::child):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::convertToConstant):
+ (JSC::DFG::Node::numSuccessors):
+ (Node):
+ (JSC::DFG::Node::successor):
+ (JSC::DFG::Node::successorForCondition):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGPhase.cpp:
+ (JSC::DFG::Phase::endPhase):
+ * dfg/DFGPhase.h:
+ (JSC::DFG::runPhase):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::run):
+ (JSC::DFG::performPredictionPropagation):
+ * dfg/DFGPredictionPropagationPhase.h:
+ (DFG):
+ * dfg/DFGRedundantPhiEliminationPhase.cpp:
+ (JSC::DFG::RedundantPhiEliminationPhase::run):
+ (JSC::DFG::performRedundantPhiElimination):
+ * dfg/DFGRedundantPhiEliminationPhase.h:
+ (DFG):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::use):
+ (ScoreBoard):
+ (JSC::DFG::ScoreBoard::useIfHasResult):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::createOSREntries):
+ (JSC::DFG::SpeculativeJIT::linkOSREntries):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ (JSC::DFG::SpeculativeJIT::compileRegExpExec):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::nextBlock):
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::use):
+ (JSC::DFG::SpeculativeJIT::jump):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGValidate.cpp: Added.
+ (DFG):
+ (Validate):
+ (JSC::DFG::Validate::Validate):
+ (JSC::DFG::Validate::validate):
+ (JSC::DFG::Validate::reportValidationContext):
+ (JSC::DFG::Validate::dumpData):
+ (JSC::DFG::Validate::dumpGraphIfAppropriate):
+ (JSC::DFG::validate):
+ * dfg/DFGValidate.h: Added.
+ (DFG):
+ (JSC::DFG::validate):
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ (JSC::DFG::VirtualRegisterAllocationPhase::run):
+ (JSC::DFG::performVirtualRegisterAllocation):
+ * dfg/DFGVirtualRegisterAllocationPhase.h:
+ (DFG):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncSome):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::constructBoolean):
+ (JSC::callBooleanConstructor):
+ * runtime/JSCell.h:
+ (JSCell):
+ * runtime/JSObject.cpp:
+ (JSC):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::toBoolean):
+ * runtime/JSString.h:
+ (JSString):
+ (JSC::JSCell::toBoolean):
+ (JSC::JSValue::toBoolean):
+ * runtime/JSValue.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::toPropertyDescriptor):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::setRegExpConstructorMultiline):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+
+2012-05-18 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fix.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
+
+2012-04-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have constant propagation
+ https://bugs.webkit.org/show_bug.cgi?id=84004
+
+ Reviewed by Gavin Barraclough.
+
+ Merge r114554 from dfgopt.
+
+ Changes AbstractValue to be able to hold a "set" of constants, where
+ the maximum set size is 1 - so merging a value containing constant A
+ with another value containing constant B where A != B will result in
+ the AbstractValue claiming that it does not know any constants (i.e.
+ it'll just have a predicted type and possible a structure).
+
+ Added a constant folding phase that uses this new information to
+ replace pure operations known to have constant results with
+ JSConstants. This is OSR-exit-aware, in that it will prepend a Phantom
+ that refers to all of the kids of the node we replaced.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::beginBasicBlock):
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGAbstractState.h:
+ (AbstractState):
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::AbstractValue::clear):
+ (JSC::DFG::AbstractValue::isClear):
+ (JSC::DFG::AbstractValue::makeTop):
+ (JSC::DFG::AbstractValue::clobberValue):
+ (AbstractValue):
+ (JSC::DFG::AbstractValue::valueIsTop):
+ (JSC::DFG::AbstractValue::value):
+ (JSC::DFG::AbstractValue::set):
+ (JSC::DFG::AbstractValue::operator==):
+ (JSC::DFG::AbstractValue::merge):
+ (JSC::DFG::AbstractValue::filter):
+ (JSC::DFG::AbstractValue::validate):
+ (JSC::DFG::AbstractValue::checkConsistency):
+ (JSC::DFG::AbstractValue::dump):
+ * dfg/DFGAdjacencyList.h:
+ (JSC::DFG::AdjacencyList::initialize):
+ (AdjacencyList):
+ (JSC::DFG::AdjacencyList::reset):
+ * dfg/DFGBasicBlock.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (BasicBlock):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::constantCSE):
+ (CSEPhase):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGConstantFoldingPhase.cpp: Added.
+ (DFG):
+ (ConstantFoldingPhase):
+ (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
+ (JSC::DFG::ConstantFoldingPhase::run):
+ (JSC::DFG::performConstantFolding):
+ * dfg/DFGConstantFoldingPhase.h: Added.
+ (DFG):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.h:
+ (Graph):
+ (JSC::DFG::Graph::convertToConstant):
+ * dfg/DFGInsertionSet.h:
+ (JSC::DFG::InsertionSet::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::convertToConstant):
+ (Node):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::description):
+ * runtime/JSValue.h:
+ (JSValue):
+
+2012-05-18 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
+
+ Fix build for Qt by using ASSERT_UNUSED in DFGSpeculativeJIT
+ https://bugs.webkit.org/show_bug.cgi?id=86902
+
+ Reviewed by Andreas Kling.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
+
+2012-04-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have out-of-line slow paths
+ https://bugs.webkit.org/show_bug.cgi?id=83992
+
+ Reviewed by Oliver Hunt.
+
+ Merge of r114472 and r114553 from dfgopt.
+
+ Introduces the notion of slow path code generation closures in the DFG.
+ These are defined in DFGSlowPathGenerator.h, though they are fairly
+ extensible so DFGSpeculativeJIT64.cpp and DFGSpeculativeJIT32_64.cpp
+ define a couple special-purpose ones. A slow path generation closure
+ (DFG::SlowPathGenerator) is executed after the main speculative path is
+ generated. This makes them great for scheduling slow path code out of
+ the way of the hot paths.
+
+ This patch also converts most - but not all - of the DFG to use slow
+ path generators instead of inline slow paths.
+
+ The result is a sub-1% improvement on SunSpider and V8, and a miniscule
+ regression on Kraken.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
+ (TrustedImmPtr):
+ (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
+ (TrustedImm32):
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGCommon.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (DFG):
+ (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
+ (PropertyAccessRecord):
+ (JITCompiler):
+ * dfg/DFGSilentRegisterSavePlan.h: Added.
+ (DFG):
+ (SilentRegisterSavePlan):
+ (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
+ (JSC::DFG::SilentRegisterSavePlan::spillAction):
+ (JSC::DFG::SilentRegisterSavePlan::fillAction):
+ (JSC::DFG::SilentRegisterSavePlan::nodeIndex):
+ (JSC::DFG::SilentRegisterSavePlan::gpr):
+ (JSC::DFG::SilentRegisterSavePlan::fpr):
+ * dfg/DFGSlowPathGenerator.h: Added.
+ (DFG):
+ (SlowPathGenerator):
+ (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
+ (JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
+ (JSC::DFG::SlowPathGenerator::generate):
+ (JSC::DFG::SlowPathGenerator::label):
+ (JSC::DFG::SlowPathGenerator::call):
+ (JumpingSlowPathGenerator):
+ (JSC::DFG::JumpingSlowPathGenerator::JumpingSlowPathGenerator):
+ (JSC::DFG::JumpingSlowPathGenerator::linkFrom):
+ (JSC::DFG::JumpingSlowPathGenerator::jumpTo):
+ (CallSlowPathGenerator):
+ (JSC::DFG::CallSlowPathGenerator::CallSlowPathGenerator):
+ (JSC::DFG::CallSlowPathGenerator::call):
+ (JSC::DFG::CallSlowPathGenerator::setUp):
+ (JSC::DFG::CallSlowPathGenerator::recordCall):
+ (JSC::DFG::CallSlowPathGenerator::tearDown):
+ (CallResultAndNoArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::CallResultAndNoArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::generateInternal):
+ (CallResultAndOneArgumentSlowPathGenerator):
+ (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::CallResultAndOneArgumentSlowPathGenerator):
+ (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::generateInternal):
+ (CallResultAndTwoArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::CallResultAndTwoArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::generateInternal):
+ (CallResultAndThreeArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::CallResultAndThreeArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::generateInternal):
+ (CallResultAndFourArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::CallResultAndFourArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::generateInternal):
+ (CallResultAndFiveArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::CallResultAndFiveArgumentsSlowPathGenerator):
+ (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::generateInternal):
+ (JSC::DFG::slowPathCall):
+ (AssigningSlowPathGenerator):
+ (JSC::DFG::AssigningSlowPathGenerator::AssigningSlowPathGenerator):
+ (JSC::DFG::AssigningSlowPathGenerator::generateInternal):
+ (JSC::DFG::slowPathMove):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::~SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::addSlowPathGenerator):
+ (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ (DFG):
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
+ (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
+ (JSC::DFG::SpeculativeJIT::silentSpill):
+ (JSC::DFG::SpeculativeJIT::silentFill):
+ (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
+ (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::SpeculativeJIT::pickCanTrample):
+ (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (ValueToNumberSlowPathGenerator):
+ (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator):
+ (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (CompareAndBoxBooleanSlowPathGenerator):
+ (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
+ (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (ValueToNumberSlowPathGenerator):
+ (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator):
+ (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (CompareAndBoxBooleanSlowPathGenerator):
+ (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
+ (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-05-18 Tony Chang <tony@chromium.org>
+
+ remove the CSS_GRID_LAYOUT compiler define, but default grid layout to off
+ https://bugs.webkit.org/show_bug.cgi?id=86767
+
+ Reviewed by Ojan Vafai.
+
+ * Configurations/FeatureDefines.xcconfig: Remove ENABLE_CSS_GRID_LAYOUT.
+
+2012-05-17 Filip Pizlo <fpizlo@apple.com>
+
+ Setting array index -1 and looping over array causes bad behavior
+ https://bugs.webkit.org/show_bug.cgi?id=86733
+ <rdar://problem/11477670>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGOperations.cpp:
+
+2012-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ Rolled out r117495 because it caused som out of memory crashes.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+
+2012-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Refactored the Heap to move more MarkedSpace logic into MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=86790
+
+ Reviewed by Gavin Barraclough.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::lastChanceToFinalize):
+ (JSC::Heap::markRoots):
+ (JSC):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (Heap): Took all the functors from here...
+
+ * heap/MarkedBlock.h:
+ (CountFunctor):
+ (JSC::MarkedBlock::CountFunctor::CountFunctor):
+ (JSC::MarkedBlock::CountFunctor::count):
+ (JSC::MarkedBlock::CountFunctor::returnValue):
+ (MarkedBlock):
+ * heap/MarkedSpace.h:
+ (JSC::ClearMarks::operator()):
+ (JSC):
+ (JSC::Sweep::operator()):
+ (JSC::MarkCount::operator()):
+ (JSC::Size::operator()):
+ (JSC::Capacity::operator()):
+ (MarkedSpace):
+ (JSC::MarkedSpace::clearMarks):
+ (JSC::MarkedSpace::sweep):
+ (JSC::MarkedSpace::objectCount):
+ (JSC::MarkedSpace::size):
+ (JSC::MarkedSpace::capacity): and put them here.
+
+2012-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Increase the GC allocation trigger
+ https://bugs.webkit.org/show_bug.cgi?id=86699
+
+ Reviewed by Sam Weinig.
+
+ This helps a lot when the heap is growing, and helps to resolve
+ the regression caused by r116484.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+
+2012-05-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ GC in the middle of JSObject::allocatePropertyStorage can cause badness
+ https://bugs.webkit.org/show_bug.cgi?id=83839
+
+ Reviewed by Geoff Garen.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're
+ growing our already-existing PropertyStorage.
+ * runtime/JSObject.h:
+ (JSObject):
+ (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage
+ and the new structure so that we can be sure a GC never occurs when our Structure
+ info is out of sync with our PropertyStorage.
+ (JSC):
+ (JSC::JSObject::putDirectInternal): Moved the check to see if we should
+ allocate more backing store before the actual property insertion into
+ the structure.
+ (JSC::JSObject::putDirectWithoutTransition): Ditto.
+ (JSC::JSObject::transitionTo): Ditto.
+ * runtime/Structure.cpp:
+ (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy
+ for property backing stores contained within the Structure class.
+ (JSC):
+ * runtime/Structure.h:
+ (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion
+ into the Structure would require resizing the property backing store so that they can
+ preallocate the required storage.
+ (Structure):
+
+2012-05-16 Geoffrey Garen <ggaren@apple.com>
+
+ GC is not thread-safe when moving values between C stacks
+ https://bugs.webkit.org/show_bug.cgi?id=86672
+
+ Reviewed by Phil Pizlo.
+
+ GC pauses thread A while marking thread A, and then B while marking B,
+ which isn't safe against A and B moving values between each others'
+ stacks.
+
+ This is a theoretical bug -- I haven't been able to reproduce it
+ in the wild.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::gatherFromOtherThread):
+ (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the
+ duration of stack marking, to avoid missing values that might be moving
+ between C stacks.
+
+2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Block freeing thread should not free blocks when we are actively requesting them
+ https://bugs.webkit.org/show_bug.cgi?id=86519
+
+ Reviewed by Geoff Garen.
+
+ * heap/BlockAllocator.h:
+ (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done
+ while we hold the lock to ensure proper locking.
+
+2012-05-15 Filip Pizlo <fpizlo@apple.com>
+
+ shrinkToFit() is often not called for Vectors in CodeBlock
+ https://bugs.webkit.org/show_bug.cgi?id=86436
+
+ Reviewed by Oliver Hunt.
+
+ The vectors in CodeBlock are often appended to during various stages of
+ compilation, but we neglect to shrink them after compilation finishes. This
+ patch takes the most brutal possible approach: shrink all the vectors after
+ the bytecompile phase, and then shrink them again after the appropriate
+ JITing phase. The two shrinks are necessary because the JIT may append more
+ stuff, but may also generate code that directly references things in other
+ vectors; hence some can only be shrunk before JIT and some after. Also,
+ we may allow a CodeBlock to sit around for a long time - possibly forever -
+ before invoking the JIT, hence it makes sense to have two shrinks.
+
+ This is performance neutral on the major benchmarks we track.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shrinkToFit):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ (JSC::CodeBlock::appendWeakReferenceTransition):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2012-05-15 Oliver Hunt <oliver@apple.com>
+
+ Make error information available even if all we have is line number information.
+ https://bugs.webkit.org/show_bug.cgi?id=86547
+
+ Reviewed by Filip Pizlo.
+
+ We don't need expression information to generate useful line, file, and stack information,
+ so only require that we have line number info available.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * runtime/Executable.h:
+ (JSC):
+
+2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Block freeing thread should not free blocks when we are actively requesting them
+ https://bugs.webkit.org/show_bug.cgi?id=86519
+
+ Reviewed by Geoffrey Garen.
+
+ The block freeing thread shoots us in the foot if it decides to run while we're actively
+ requesting blocks and returning them. This situation can arise when there is a lot of copying
+ collection going on in steady state. We allocate a large swath of pages to copy into, then we
+ return all the newly free old pages to the BlockAllocator. In this state, if the block freeing
+ thread wakes up in between collections (which is more likely than it waking up during a
+ collection) and frees half of these pages, they will be needed almost immediately during the
+ next collection, causing a storm of VM allocations which we know are going to be very slow.
+
+ What we'd like is for when things have quieted down the block freeing thread can then return
+ memory to the OS. Usually this will be when a page has fully loaded and has a low allocation
+ rate. In this situation, our opportunistic collections will only be running at least every few
+ seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say,
+ while a page is loading.
+
+ * heap/BlockAllocator.cpp:
+ (JSC::BlockAllocator::BlockAllocator): Initialize our new field.
+ (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently.
+ If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out
+ on an update, we'll see it when we wake up again.
+ * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests.
+ (BlockAllocator):
+ (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks
+ that to true. We don't bother locking since we assume that writing to a bool is atomic.
+
+2012-05-14 Luke Macpherson <macpherson@chromium.org>
+
+ Introduce ENABLE_CSS_VARIABLES compile flag.
+ https://bugs.webkit.org/show_bug.cgi?id=86338
+
+ Reviewed by Dimitri Glazkov.
+
+ Add a configuration option for CSS Variables support, disabling it by default.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-05-14 Gavin Barraclough <barraclough@apple.com>
+
+ Cannot login to iCloud
+ https://bugs.webkit.org/show_bug.cgi?id=86321
+
+ Reviewed by Filip Pizlo.
+
+ This is a bug introduced by bug#85853, we shouldn't allow assignment to
+ the prototype property of functions to be cached, since we need to clear
+ the cached inheritorID.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::put):
+
+2012-05-14 Michael Saboff <msaboff@apple.com>
+
+ Enh: Add the Ability to Disable / Enable JavaScript GC Timer
+ https://bugs.webkit.org/show_bug.cgi?id=86382
+
+ Reviewed by Darin Adler.
+
+ Add flag to GCActivityCallback to enable / disable activity timer.
+ Add api via Heap to set the flag's value.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Windows export
+ * heap/Heap.cpp:
+ (JSC::Heap::setGarbageCollectionTimerEnabled):
+ * heap/Heap.h:
+ * runtime/GCActivityCallback.h:
+ (JSC::GCActivityCallback::isEnabled):
+ (JSC::GCActivityCallback::setEnabled):
+ (JSC::GCActivityCallback::GCActivityCallback):
+ * runtime/GCActivityCallbackCF.cpp:
+ (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
+
+2012-05-14 Michael Saboff <msaboff@apple.com>
+
+ Increase Debug Logging in MarkStack::validate()
+ https://bugs.webkit.org/show_bug.cgi?id=86408
+
+ Rubber-stamped by Filip Pizlo.
+
+ Added some descriptive debug messages for the conditions and
+ values when a cell validation fails.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validate):
+
+2012-05-14 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing header file.
+
+2012-05-14 Yong Li <yoli@rim.com>
+
+ DFG JIT didn't work with ARM EABI.
+ https://bugs.webkit.org/show_bug.cgi?id=84449
+
+ Reviewed by Filip Pizlo.
+
+ Add a 32-bit dummy argument for some callOperation()
+ methods to make it work for ARM EABI.
+
+ * dfg/DFGCCallHelpers.h:
+ (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
+ (CCallHelpers):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+
+2012-05-13 Gavin Barraclough <barraclough@apple.com>
+
+ Introduce PropertyName class
+ https://bugs.webkit.org/show_bug.cgi?id=86241
+
+ Reviewed by Darin Adler.
+
+ This patch introduced a couple of small bugs.
+
+ * runtime/PropertyName.h:
+ (JSC::toUInt32FromCharacters):
+ - Returning wrong value for "" - should not convert to 0.
+ (JSC::PropertyName::PropertyName):
+ - Remove the ASSERT, it was a little too aspirational.
+
+2012-05-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG performs incorrect constant folding on double-to-uint32 conversion in
+ Uint32Array PutByVal
+ https://bugs.webkit.org/show_bug.cgi?id=86330
+
+ Reviewed by Darin Adler.
+
+ static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d).
+ In particular, C++ casts on typical hardware (like x86 and similar) will
+ return 0x80000000 for double values that are out of range of the int32 domain
+ (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call
+ for wrap-around; for example the double value 4294967297 ought to become the
+ int32 value 1, not 0x80000000.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+
+2012-05-11 Gavin Barraclough <barraclough@apple.com>
+
+ Introduce PropertyName class
+ https://bugs.webkit.org/show_bug.cgi?id=86241
+
+ Reviewed by Geoff Garen.
+
+ Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
+ This change paves the way to allow for properties keyed by values that are not Identifiers.
+
+ This change is largely a mechanical find & replace.
+ It also changes JSFunction's constructor to take a UString& instead of an Identifier&
+ (since in some cases we can no longer guarantee that we'lll have an Identifier), and
+ unifies Identifier's methods to obtain array indices onto PropertyName.
+
+ The new PropertyName class retains the ability to support .impl() and .ustring(), but
+ in a future patch we may need to rework this, since not all PropertyNames should be
+ equal based on their string representation.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::finishCreation):
+ * API/JSCallbackFunction.h:
+ (JSCallbackFunction):
+ (JSC::JSCallbackFunction::create):
+ * API/JSCallbackObject.h:
+ (JSCallbackObject):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertySlot):
+ (JSC::::getOwnPropertyDescriptor):
+ (JSC::::put):
+ (JSC::::deleteProperty):
+ (JSC::::getStaticValue):
+ (JSC::::staticFunctionGetter):
+ (JSC::::callbackGetter):
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeFunctionWithCallback):
+ * JSCTypedArrayStubs.h:
+ (JSC):
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ (JSC::DebuggerActivation::put):
+ (JSC::DebuggerActivation::putDirectVirtual):
+ (JSC::DebuggerActivation::deleteProperty):
+ (JSC::DebuggerActivation::getOwnPropertyDescriptor):
+ (JSC::DebuggerActivation::defineOwnProperty):
+ * debugger/DebuggerActivation.h:
+ (DebuggerActivation):
+ * jsc.cpp:
+ (GlobalObject::addFunction):
+ (GlobalObject::addConstructableFunction):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlot):
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ (JSC::Arguments::put):
+ (JSC::Arguments::deleteProperty):
+ (JSC::Arguments::defineOwnProperty):
+ * runtime/Arguments.h:
+ (Arguments):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::finishCreation):
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayConstructor.h:
+ (ArrayConstructor):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ (JSC::putProperty):
+ * runtime/ArrayPrototype.h:
+ (ArrayPrototype):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::finishCreation):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.h:
+ (BooleanPrototype):
+ * runtime/ClassInfo.h:
+ (MethodTable):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::finishCreation):
+ (JSC::DateConstructor::getOwnPropertySlot):
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.h:
+ (DateConstructor):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertySlot):
+ (JSC::DatePrototype::getOwnPropertyDescriptor):
+ * runtime/DatePrototype.h:
+ (DatePrototype):
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::create):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::finishCreation):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.h:
+ (ErrorPrototype):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::finishCreation):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::finishCreation):
+ (JSC::FunctionPrototype::addFunctionProperties):
+ (JSC::functionProtoFuncBind):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::create):
+ (FunctionPrototype):
+ * runtime/Identifier.cpp:
+ (JSC):
+ * runtime/Identifier.h:
+ (Identifier):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::finishCreation):
+ * runtime/InternalFunction.h:
+ (InternalFunction):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+ (JSC::JSActivation::getOwnPropertySlot):
+ (JSC::JSActivation::put):
+ (JSC::JSActivation::putDirectVirtual):
+ (JSC::JSActivation::deleteProperty):
+ (JSC::JSActivation::argumentsGetter):
+ * runtime/JSActivation.h:
+ (JSActivation):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::defineOwnProperty):
+ (JSC::JSArray::getOwnPropertySlot):
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ (JSC::JSArray::put):
+ (JSC::JSArray::deleteProperty):
+ * runtime/JSArray.h:
+ (JSArray):
+ (JSC):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::create):
+ (JSC::JSBoundFunction::finishCreation):
+ * runtime/JSBoundFunction.h:
+ (JSBoundFunction):
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlot):
+ (JSC::JSCell::put):
+ (JSC::JSCell::deleteProperty):
+ (JSC::JSCell::putDirectVirtual):
+ (JSC::JSCell::defineOwnProperty):
+ (JSC::JSCell::getOwnPropertyDescriptor):
+ * runtime/JSCell.h:
+ (JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ (JSC::JSFunction::finishCreation):
+ (JSC::JSFunction::argumentsGetter):
+ (JSC::JSFunction::callerGetter):
+ (JSC::JSFunction::lengthGetter):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::put):
+ (JSC::JSFunction::deleteProperty):
+ (JSC::JSFunction::defineOwnProperty):
+ (JSC::getCalculatedDisplayName):
+ * runtime/JSFunction.h:
+ (JSFunction):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ (JSC::JSGlobalObject::putDirectVirtual):
+ (JSC::JSGlobalObject::defineOwnProperty):
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::createThrowTypeError):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.h:
+ (JSGlobalObject):
+ (JSC::JSGlobalObject::hasOwnPropertyForWrite):
+ (JSC::JSGlobalObject::symbolTableHasProperty):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertySlot):
+ (JSC::JSNotAnObject::getOwnPropertyDescriptor):
+ (JSC::JSNotAnObject::put):
+ (JSC::JSNotAnObject::deleteProperty):
+ * runtime/JSNotAnObject.h:
+ (JSNotAnObject):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::getOwnPropertySlot):
+ (JSC::JSONObject::getOwnPropertyDescriptor):
+ * runtime/JSONObject.h:
+ (JSONObject):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::putDirectVirtual):
+ (JSC::JSObject::putDirectAccessor):
+ (JSC::JSObject::hasProperty):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::hasOwnProperty):
+ (JSC::callDefaultValueFunction):
+ (JSC::JSObject::findPropertyHashEntry):
+ (JSC::JSObject::getPropertySpecificValue):
+ (JSC::JSObject::removeDirect):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ (JSC::JSObject::getPropertyDescriptor):
+ (JSC::putDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSObject):
+ (JSC::JSObject::getDirect):
+ (JSC::JSObject::getDirectLocation):
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ (JSC::JSObject::getOwnPropertySlot):
+ (JSC::JSCell::fastGetOwnPropertySlot):
+ (JSC::JSObject::getPropertySlot):
+ (JSC::JSObject::get):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putOwnDataProperty):
+ (JSC::JSObject::putDirect):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSValue::get):
+ (JSC::JSValue::put):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+ (JSC::JSStaticScopeObject::putDirectVirtual):
+ (JSC::JSStaticScopeObject::getOwnPropertySlot):
+ * runtime/JSStaticScopeObject.h:
+ (JSStaticScopeObject):
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ (JSC::JSString::getStringPropertyDescriptor):
+ * runtime/JSString.h:
+ (JSString):
+ (JSC::JSString::getStringPropertySlot):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::putToPrimitive):
+ * runtime/JSValue.h:
+ (JSC):
+ (JSValue):
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deleteProperty):
+ (JSC::JSVariableObject::symbolTableGet):
+ (JSC::JSVariableObject::putDirectVirtual):
+ * runtime/JSVariableObject.h:
+ (JSVariableObject):
+ (JSC::JSVariableObject::symbolTableGet):
+ (JSC::JSVariableObject::symbolTablePut):
+ (JSC::JSVariableObject::symbolTablePutWithAttributes):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::HashTable::entry):
+ (JSC):
+ (JSC::getStaticPropertySlot):
+ (JSC::getStaticPropertyDescriptor):
+ (JSC::getStaticFunctionSlot):
+ (JSC::getStaticFunctionDescriptor):
+ (JSC::getStaticValueSlot):
+ (JSC::getStaticValueDescriptor):
+ (JSC::lookupPut):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertySlot):
+ (JSC::MathObject::getOwnPropertyDescriptor):
+ * runtime/MathObject.h:
+ (MathObject):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::finishCreation):
+ * runtime/NumberConstructor.cpp:
+ (JSC):
+ (JSC::NumberConstructor::finishCreation):
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ (JSC::NumberConstructor::put):
+ (JSC::numberConstructorNaNValue):
+ (JSC::numberConstructorNegInfinity):
+ (JSC::numberConstructorPosInfinity):
+ (JSC::numberConstructorMaxValue):
+ (JSC::numberConstructorMinValue):
+ * runtime/NumberConstructor.h:
+ (NumberConstructor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.h:
+ (NumberPrototype):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::finishCreation):
+ (JSC::ObjectConstructor::getOwnPropertySlot):
+ (JSC::ObjectConstructor::getOwnPropertyDescriptor):
+ * runtime/ObjectConstructor.h:
+ (ObjectConstructor):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::defineOwnProperty):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.h:
+ (ObjectPrototype):
+ * runtime/PropertySlot.h:
+ (PropertySlot):
+ (JSC::PropertySlot::getValue):
+ * runtime/RegExpConstructor.cpp:
+ (JSC):
+ (JSC::RegExpConstructor::finishCreation):
+ (JSC::RegExpConstructor::getOwnPropertySlot):
+ (JSC::RegExpConstructor::getOwnPropertyDescriptor):
+ (JSC::regExpConstructorDollar1):
+ (JSC::regExpConstructorDollar2):
+ (JSC::regExpConstructorDollar3):
+ (JSC::regExpConstructorDollar4):
+ (JSC::regExpConstructorDollar5):
+ (JSC::regExpConstructorDollar6):
+ (JSC::regExpConstructorDollar7):
+ (JSC::regExpConstructorDollar8):
+ (JSC::regExpConstructorDollar9):
+ (JSC::regExpConstructorInput):
+ (JSC::regExpConstructorMultiline):
+ (JSC::regExpConstructorLastMatch):
+ (JSC::regExpConstructorLastParen):
+ (JSC::regExpConstructorLeftContext):
+ (JSC::regExpConstructorRightContext):
+ (JSC::RegExpConstructor::put):
+ * runtime/RegExpConstructor.h:
+ (RegExpConstructor):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlot):
+ (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+ (JSC::RegExpMatchesArray::put):
+ (JSC::RegExpMatchesArray::deleteProperty):
+ (JSC::RegExpMatchesArray::defineOwnProperty):
+ * runtime/RegExpObject.cpp:
+ (JSC):
+ (JSC::RegExpObject::getOwnPropertySlot):
+ (JSC::RegExpObject::getOwnPropertyDescriptor):
+ (JSC::RegExpObject::deleteProperty):
+ (JSC::RegExpObject::defineOwnProperty):
+ (JSC::regExpObjectGlobal):
+ (JSC::regExpObjectIgnoreCase):
+ (JSC::regExpObjectMultiline):
+ (JSC::regExpObjectSource):
+ (JSC::RegExpObject::put):
+ * runtime/RegExpObject.h:
+ (RegExpObject):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpPrototype.h:
+ (RegExpPrototype):
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::deleteProperty):
+ * runtime/StrictEvalActivation.h:
+ (StrictEvalActivation):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::finishCreation):
+ (JSC::StringConstructor::getOwnPropertySlot):
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringConstructor.h:
+ (StringConstructor):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlot):
+ (JSC::StringObject::getOwnPropertyDescriptor):
+ (JSC::StringObject::put):
+ (JSC::StringObject::defineOwnProperty):
+ (JSC::StringObject::deleteProperty):
+ * runtime/StringObject.h:
+ (StringObject):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertySlot):
+ (JSC::StringPrototype::getOwnPropertyDescriptor):
+ * runtime/StringPrototype.h:
+ (StringPrototype):
+ * runtime/Structure.cpp:
+ (JSC::Structure::despecifyDictionaryFunction):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::attributeChangeTransition):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::get):
+ (JSC::Structure::despecifyFunction):
+ (JSC::Structure::putSpecificValue):
+ (JSC::Structure::remove):
+ * runtime/Structure.h:
+ (Structure):
+ (JSC::Structure::get):
+
+2012-05-11 Michael Saboff <msaboff@apple.com>
+
+ Rolling out r116659.
+
+ Causes ASSERT failures on bots.
+
+ Rubber stamped by Geoff Garen.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::markingThreadMain):
+ (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::MarkStackThreadSharedData::reset):
+ (JSC::MarkStack::reset):
+ (JSC):
+ (JSC::SlotVisitor::copyAndAppend):
+ * heap/MarkStack.h:
+ (MarkStackThreadSharedData):
+ (MarkStack):
+ * runtime/JSString.h:
+ (JSString):
+ (JSC::JSString::finishCreation):
+ (JSC::JSString::is8Bit):
+ (JSC::JSRopeString::finishCreation):
+
+2012-05-11 Oliver Hunt <oliver@apple.com>
+
+ Appease thread verifier when dealing with the JSC API's shared VM
+ https://bugs.webkit.org/show_bug.cgi?id=86268
+
+ Reviewed by Geoffrey Garen.
+
+ If we're the shared VM, just disable the verifier. This makes debug builds
+ livable against non-webkit clients.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+
+2012-05-11 Filip Pizlo <fpizlo@apple.com>
+
+ JIT memory allocator is not returning memory to the OS on Darwin
+ https://bugs.webkit.org/show_bug.cgi?id=86047
+
+ Reviewed by Geoff Garen.
+
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
+
+2012-05-11 Geoffrey Garen <ggaren@apple.com>
+
+ Clarified JSGlobalData (JavaScript VM) lifetime
+ https://bugs.webkit.org/show_bug.cgi?id=85142
+
+ Reviewed by Alexey Proskuryakov.
+
+ (Follow-up fix.)
+
+ * API/JSContextRef.cpp:
+ (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef.
+ (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on
+ test, because apps might have been linked on older OS's.)
+
+2012-05-11 Sam Weinig <sam@webkit.org>
+
+ Fix crash seen when running with libgmalloc
+ <rdar://problem/11435411>
+ https://bugs.webkit.org/show_bug.cgi?id=86232
+
+ Reviewed by Gavin Barraclough.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::markingThreadMain):
+ Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its
+ destructor.
+
+2012-05-10 Gavin Barraclough <barraclough@apple.com>
+
+ Remove op_get_callee
+
+ Rubber stamped by Geoff Garen.
+
+ This is now redundant.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ (JSC):
+ (JSC::padOpcodeName):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+
+2012-05-10 Gavin Barraclough <barraclough@apple.com>
+
+ Cache inheritorID on JSFunction
+ https://bugs.webkit.org/show_bug.cgi?id=85853
+
+ Reviewed by Geoff Garen & Filip Pizlo.
+
+ An object's prototype is indicated via its structure. To create an otherwise
+ empty object with object A as its prototype, we require a structure with its
+ prototype set to point to A. We wish to use this same structure for all empty
+ objects created with a prototype of A, so we presently store this structure as
+ a property of A, known as the inheritorID.
+
+ When a function F is invoked as a constructor, where F has a property 'prototype'
+ set to point to A, in order to create the 'this' value for the constructor to
+ use the following steps are taken:
+ - the 'prototype' proptery of F is read, via a regular [[Get]] access.
+ - the inheritorID internal property of the prototype is read.
+ - a new, empty object is constructed with its structure set to point to inheritorID.
+
+ There are two drawbacks to the current approach:
+ - it requires that every object has an inheritorID field.
+ - it requires a [[Get]] access on every constructor call to access the 'prototype' property.
+
+ Instead, switch to caching a copy of the inheritorID on the function. Constructor
+ calls now only need read the internal property from the callee, saving a [[Get]].
+ This also means that JSObject::m_inheritorID is no longer commonly read, and in a
+ future patch we can move to storing this in a more memory efficient fashion.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ (JSC):
+ (JSC::padOpcodeName):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateJSFunction):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::cacheInheritorID):
+ (JSC):
+ (JSC::JSFunction::put):
+ (JSC::JSFunction::defineOwnProperty):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::cachedInheritorID):
+ (JSFunction):
+ (JSC::JSFunction::offsetOfCachedInheritorID):
+
+2012-05-10 Michael Saboff <msaboff@apple.com>
+
+ Enh: Hash Const JSString in Backing Stores to Save Memory
+ https://bugs.webkit.org/show_bug.cgi?id=86024
+
+ Reviewed by Filip Pizlo.
+
+ During garbage collection, each marking thread keeps a HashMap of
+ strings. While visiting via MarkStack::copyAndAppend(), we check to
+ see if the string we are visiting is already in the HashMap. If not
+ we add it. If so, we change the reference to the current string we're
+ visiting to the prior string.
+
+ To somewhat reduce the performance impact of this change, if a string
+ is unique at the end of a marking it will not be checked during further
+ GC phases. In some cases this won't catch all duplicates, but we are
+ trying to catch the growth of duplicate strings.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::resetChildren): New method called by the
+ main thread to reset the slave threads. This is primarily done to
+ clear the m_uniqueStrings HashMap.
+ (JSC):
+ (JSC::MarkStackThreadSharedData::markingThreadMain):
+ (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::MarkStackThreadSharedData::reset):
+ (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
+ (JSC::MarkStack::internalAppend): New method that performs the hash consting.
+ (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash consting
+ internalAppend()
+ * heap/MarkStack.h:
+ (MarkStackThreadSharedData):
+ (MarkStack):
+ (JSC::MarkStack::sharedData):
+ * runtime/JSString.h:
+ (JSString): Added m_isHashConstSingleton flag, accessors for the flag and
+ code to initialize the flag.
+ (JSC::JSString::finishCreation):
+ (JSC::JSString::isHashConstSingleton):
+ (JSC::JSString::clearHashConstSingleton):
+ (JSC::JSString::setHashConstSingleton):
+ (JSC::JSRopeString::finishCreation):
+
+2012-05-09 Filip Pizlo <fpizlo@apple.com>
+
+ JIT memory allocator is not returning memory to the OS on Darwin
+ https://bugs.webkit.org/show_bug.cgi?id=86047
+ <rdar://problem/11414948>
+
+ Reviewed by Geoff Garen.
+
+ Work around the problem by using a different madvise() flag, but only for the JIT memory
+ allocator. Also put in ASSERTs that the call is actually working.
+
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage):
+ (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
+
+2012-05-09 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to get useful debug logging from the JIT memory allocator
+ https://bugs.webkit.org/show_bug.cgi?id=86042
+
+ Reviewed by Geoff Garen.
+
+ * jit/ExecutableAllocator.h:
+
+2012-05-09 Gavin Barraclough <barraclough@apple.com>
+
+ GC race condition in OpaqueJSClass::prototype
+ https://bugs.webkit.org/show_bug.cgi?id=86034
+
+ Build fix.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ - Eeeep, landed bad version of patch!
+
+2012-05-09 Gavin Barraclough <barraclough@apple.com>
+
+ GC race condition in OpaqueJSClass::prototype
+ https://bugs.webkit.org/show_bug.cgi?id=86034
+
+ Reviewed by Filip Pizlo.
+
+ The bug here is basically:
+ if (weakref) weakref->method()
+ where a GC may occur between the if & the method call.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+
+2012-05-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ CopiedSpace does not add pinned blocks back to the to-space filter
+ https://bugs.webkit.org/show_bug.cgi?id=86011
+
+ Reviewed by Geoffrey Garen.
+
+ After a collection has finished, we go through the blocks in from-space
+ and move any of them that are pinned into to-space. At the beginning of
+ collection, we reset the to-space block filter that is used during
+ conservative scanning and add back the blocks that are filled during the
+ collection. However, we neglect to add back those blocks that are moved
+ from from-space to to-space, which can cause the conservative scan to
+ think that some pinned items are not actually in CopiedSpace.
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the
+ to-space filter. Also added a comment and assert for future readers that
+ indicates that it's okay that we don't also add the block to the
+ to-space block set since it was never removed.
+
+
+2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Use independent version numbers for public libraries
+ https://bugs.webkit.org/show_bug.cgi?id=85984
+
+ Reviewed by Gustavo Noronha Silva.
+
+ * GNUmakefile.am: Use LIBJAVASCRIPTCOREGTK_VERSION for library
+ version.
+
+2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Do not install JavaScriptCore platform-specific headers
+ https://bugs.webkit.org/show_bug.cgi?id=85983
+
+ Reviewed by Gustavo Noronha Silva.
+
+ JavaScriptCore.h includes JSStringRefCF.h unconditionally. It was
+ renamed to JavaScript.h in r29234 and it still exists for
+ compatibility with mac and windows users.
+
+ * GNUmakefile.list.am: Remove JavaScriptCore.h, JSStringRefCF.h
+ and JSStringRefBSTR.h from the sources and headers list.
+
+2012-05-08 Gavin Barraclough <barraclough@apple.com>
+
+ ROLLING OUT r114255
+
+ GC in the middle of JSObject::allocatePropertyStorage can cause badness
+ https://bugs.webkit.org/show_bug.cgi?id=83839
+
+ Reviewed by nobody.
+
+ This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSObject):
+ (JSC::JSObject::isUsingInlineStorage):
+ (JSC):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ * runtime/Structure.cpp:
+ (JSC):
+ * runtime/Structure.h:
+ (JSC::Structure::didTransition):
+
+2012-05-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Heap should not continually allocate new pages in steady state
+ https://bugs.webkit.org/show_bug.cgi?id=85936
+
+ Reviewed by Geoff Garen.
+
+ Currently, in steady state (i.e. a constant amount of live GC
+ memory with a constant rate of allocation) assuming we've just
+ finished a collection with X live blocks in CopiedSpace, we
+ increase our working set by X blocks in CopiedSpace with each
+ collection we perform. This is due to the fact that we allocate
+ until we run out of free blocks to use in the Heap before we
+ consider whether we should run a collection.
+
+ In the longer term, this issue will be mostly resolved by
+ implementing quick release for the CopiedSpace. In the shorter
+ term, we should change our policy to check whether we should
+ allocate before trying to use a free block from the Heap. We
+ can change our policy to something more appropriate once we
+ have implemented quick release.
+
+ This change should also have the convenient side effect of
+ reducing the variance in GC-heavy tests (e.g. v8-splay) due
+ to fact that we are doing less VM allocation during copying
+ collection. Overall, this patch is performance neutral across
+ the benchmarks we track.
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator
+ around so that we only do it if the block request must succeed
+ i.e. after we've already checked whether we should do a collection.
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::allocateSlowCase): Ditto.
+ (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this
+ function because by the time we've called it, we've already checked whether we
+ should run a collection so there's no point in returning null.
+ * heap/MarkedAllocator.h: Removing old arguments from function declaration.
+ (MarkedAllocator):
+
+2012-05-08 Gavin Barraclough <barraclough@apple.com>
+
+ SIGFPE on divide in classic interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=85917
+
+ Rubber stamped by Oliver Hunt.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ - check for divisor of -1.
+
+2012-05-07 Oliver Hunt <oliver@apple.com>
+
+ Rolling out r110287
+
+ RS=Filip Pizlo
+
+ r110287 was meant to be refactoring only, but changed behavior
+ enough to break some websites, including qq.com.
+
+2012-05-07 Andy Estes <aestes@apple.com>
+
+ ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-05-07 Oliver Hunt <oliver@apple.com>
+
+ Fix release build.
+
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
+2012-05-07 Oliver Hunt <oliver@apple.com>
+
+ LLInt doesn't check for Ropes when performing a character switch
+ https://bugs.webkit.org/show_bug.cgi?id=85837
+
+ Reviewed by Filip Pizlo.
+
+ Make LLint check if the scrutinee of a char switch is a rope, and if
+ so fall back to a slow case.
+
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (LLInt):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+
+2012-05-07 Eric Seidel <eric@webkit.org>
+
+ Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed
+ https://bugs.webkit.org/show_bug.cgi?id=85822
+
+ Reviewed by Adam Barth.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-05-05 Gavin Barraclough <barraclough@apple.com>
+
+ Remove TrustedImm32::m_isPointer
+ https://bugs.webkit.org/show_bug.cgi?id=85726
+
+ Rubber stamped by Sam Weinig.
+
+ We used to rely on being able to generate code with known, fixed offsets – to do so we
+ would inhibit more optimal code generation for pointers. This is no longer necessary.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
+ (TrustedImm32):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::store32):
+ (JSC::MacroAssemblerARM::move):
+ (JSC::MacroAssemblerARM::branch32):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::move):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::add32):
+ (JSC::MacroAssemblerMIPS::and32):
+ (JSC::MacroAssemblerMIPS::mul32):
+ (JSC::MacroAssemblerMIPS::or32):
+ (JSC::MacroAssemblerMIPS::sub32):
+ (JSC::MacroAssemblerMIPS::store32):
+ (JSC::MacroAssemblerMIPS::move):
+
+2012-05-04 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not Flush GetLocal's
+ https://bugs.webkit.org/show_bug.cgi?id=85663
+ <rdar://problem/11373600>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::flushArgument):
+ (JSC::DFG::ByteCodeParser::handleCall):
+
+2012-05-04 Allan Sandfeld Jensen <allan.jensen@nokia.com>
+
+ Doesn't build with ENABLE_JIT=0
+ https://bugs.webkit.org/show_bug.cgi?id=85042
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/Operands.h:
+
+2012-05-03 Oliver Hunt <oliver@apple.com>
+
+ Regression(r114702): Clobbering the caller frame register before we've stored it.
+ https://bugs.webkit.org/show_bug.cgi?id=85564
+
+ Reviewed by Filip Pizlo.
+
+ Don't use t0 as a temporary, when we're about to use the value in t0.
+
+ * llint/LowLevelInterpreter32_64.asm:
+
+2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Removing remainder of accidental printfs.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+
+2012-05-03 Andy Estes <aestes@apple.com>
+
+ If you add printf()s to your garbage collector, the layout tests are gonna have a bad time.
+
+ * runtime/GCActivityCallbackCF.cpp:
+ (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
+
+2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection
+ https://bugs.webkit.org/show_bug.cgi?id=85543
+
+ Reviewed by Filip Pizlo.
+
+ Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its
+ allocation limit for the current cycle, thus hastening an allocation-triggered collection.
+ In reality, it should just affect the opportunistic GC timer. We should track the bytes
+ we think have been abandoned and the bytes that have been allocated separately.
+
+ * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much
+ we think we've abandoned.
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportAbandonedObjectGraph):
+ (JSC):
+ (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call
+ rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather
+ than bytes allocated. Also notifies the timer, summing the two values together.
+ (JSC::Heap::collect):
+ (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting
+ to GCActivityCallback.
+ * heap/Heap.h:
+ (Heap):
+
+2012-05-02 Eric Seidel <eric@webkit.org>
+
+ Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate)
+ https://bugs.webkit.org/show_bug.cgi?id=85433
+
+ Reviewed by Adam Barth.
+
+ I have a script which can autogenerate these xcconfig files as well as the
+ vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists
+ from a central feature list file.
+ In preparation for posting such a tool, I'm re-sorting these xcconfig files to be
+ alphabetically ordered (currently they're close, but not quite).
+ There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which
+ I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-05-02 Hojong Han <hojong.han@samsung.com>
+
+ ARM_TRADITIONAL build fix
+ https://bugs.webkit.org/show_bug.cgi?id=85358
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::lshift32):
+ (MacroAssemblerARM):
+ (JSC::MacroAssemblerARM::or32):
+ (JSC::MacroAssemblerARM::urshift32):
+ (JSC::MacroAssemblerARM::xor32):
+ (JSC::MacroAssemblerARM::branchSub32):
+
+2012-05-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Opportunistic GC should give up if the Heap is paged out
+ https://bugs.webkit.org/show_bug.cgi?id=85411
+
+ Reviewed by Filip Pizlo.
+
+ Opportunistic GC is punishing us severely in limited memory situations because its
+ assumptions about how much time a collection will take are way out of whack when the Heap
+ has been paged out by the OS. We should add a simple detection function to the Heap that
+ detects if its is paged out. It will do this by iterating each block of both the MarkedSpace
+ and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms),
+ the function returns true. This function will only be run prior to an opportunistic
+ collection (i.e. it will not run during our normal allocation-triggered collections).
+
+ In my tests, steady state was drastically improved in high memory pressure situations (i.e.
+ the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC
+ would be triggered due to pages doing things in the background, which would cause a
+ significant pause. As we close pages we now cause normal collections rather than full
+ collections, which prevents us from collecting all of the dead memory immediately. One
+ nice way to deal with this issue might be to do incremental sweeping.
+
+
+ * heap/CopiedSpace.cpp:
+ (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over
+ to-space, from-space, and the oversize blocks.
+ (JSC):
+ (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out
+ by iterating all of the blocks.
+ * heap/CopiedSpace.h:
+ (CopiedSpace):
+ * heap/Heap.cpp:
+ (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the
+ MarkedSpace and CopiedSpace if they are paged out.
+ (JSC):
+ * heap/Heap.h:
+ (Heap):
+ (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off
+ each time it determines that the Heap is paged out.
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's
+ list of blocks are paged out.
+ (JSC):
+ * heap/MarkedAllocator.h:
+ (MarkedAllocator):
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out.
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ * runtime/GCActivityCallback.cpp:
+ (JSC::DefaultGCActivityCallback::cancel):
+ (JSC):
+ * runtime/GCActivityCallback.h:
+ (JSC::GCActivityCallback::cancel):
+ (DefaultGCActivityCallback):
+ * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining
+ whether the Heap is paged out or not.
+ (JSC):
+ (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we
+ should attempt a collection based on whether or not we can iterate the blocks of the Heap in
+ 100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to
+ do a collection. This gives us a nice linear backoff so we're not constantly re-trying in
+ steady state paged-out-ness.
+ (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing
+ exactly the same thing as willCollect, is more obvious as to what it's doing when we call it
+ in timerDidFire.
+
+2012-05-02 Yong Li <yoli@rim.com>
+
+ Fix GCC X86 build error
+ https://bugs.webkit.org/show_bug.cgi?id=85379
+
+ Reviewed by Rob Buis.
+
+ Always explicitly claim ".text" to make sure
+ functions defined with inline assembly will be
+ created in the correct section.
+
+ * dfg/DFGOperations.cpp:
+ (JSC):
+
+2012-05-02 Oliver Hunt <oliver@apple.com>
+
+ Unreviewed, rolling out r115388.
+ http://trac.webkit.org/changeset/115388
+ https://bugs.webkit.org/show_bug.cgi?id=85011
+
+ This caused many weird performance problems, and needs to be
+ landed in pieces.
+
+ * dfg/DFGOperations.cpp:
+ * heap/Heap.cpp:
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::dumpCaller):
+ (JSC):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::init):
+ (ExecState):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::prepareForRepeatCall):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::execute):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::growSlowCase):
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::end):
+ (JSC::RegisterFile::size):
+ (JSC::RegisterFile::addressOfEnd):
+ (RegisterFile):
+ (JSC::RegisterFile::RegisterFile):
+ (JSC::RegisterFile::shrink):
+ (JSC::RegisterFile::grow):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::jitCompileFor):
+ (JSC::lazyLinkFor):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::handleHostCall):
+ * llint/LowLevelInterpreter.asm:
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::arityCheckFor):
+
+2012-05-01 Oliver Hunt <oliver@apple.com>
+
+ Physijs demo crashes due to DFG not updating topCallFrame correctly.
+ https://bugs.webkit.org/show_bug.cgi?id=85311
+
+ Reviewed by Filip Pizlo.
+
+ A few of the dfg operations failed to correctly set the topCallFrame,
+ and so everything goes wrong. This patch corrects the effected operations,
+ and makes debug builds poison topCallFrame before calling a dfg operation.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
+ (JSC::DFG::SpeculativeJIT::appendCallSetResult):
+
+2012-04-30 Gavin Barraclough <barraclough@apple.com>
+
+ Should be able to use YARR JIT without the JS language JIT
+ https://bugs.webkit.org/show_bug.cgi?id=85252
+
+ Reviewed by Geoff Garen.
+
+ Need to split canUseRegExpJIT out of canUseJIT.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC):
+ (JSC::useJIT):
+ (JSC::JSGlobalData::JSGlobalData):
+ - replace m_canUseJIT with m_canUseAssembler
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ (JSC::JSGlobalData::canUseRegExpJIT):
+ - Added canUseRegExpJIT, distinct from canUseJIT.
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::compileMatchOnly):
+ - Call canUseRegExpJIT instead of canUseJIT.
+
+2012-04-30 Gavin Barraclough <barraclough@apple.com>
+
+ Should be able to build YARR JIT without the JS language JIT
+ https://bugs.webkit.org/show_bug.cgi?id=85242
+
+ Reviewed by Michael Saboff.
+
+ Some build macros are wrong.
+
+ * assembler/RepatchBuffer.h:
+ * jit/ExecutableAllocator.h:
+ (JSC):
+ * jit/JITExceptions.cpp:
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+
+2012-04-26 Gavin Barraclough <barraclough@apple.com>
+
+ Arguments object resets attributes on redefinition of a parameter
+ https://bugs.webkit.org/show_bug.cgi?id=84994
+
+ Rubber stamped by Oliver Hunt.
+
+ There is a bug that we always re-add the original property before
+ redefinition, doing so in a way that will reset the attributes
+ without checking configurability.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::defineOwnProperty):
+ - Only instantiate the property once - do not re-add if
+ it has already been added, or if it has been deleted.
+
+2012-04-30 Ryosuke Niwa <rniwa@webkit.org>
+
+ Remove an erroneous assertion after r115655.
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::toUStringWithRadix):
+
+2012-04-30 Myles Maxfield <mmaxfield@google.com>
+
+ End of Interpreter::tryCacheGetByID can trigger the garbage collector
+ https://bugs.webkit.org/show_bug.cgi?id=84927
+
+ Reviewed by Oliver Hunt.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::tryCacheGetByID):
+
+2012-04-30 Benjamin Poulain <benjamin@webkit.org>
+
+ jsSingleCharacterString and jsSingleCharacterSubstring are not inlined
+ https://bugs.webkit.org/show_bug.cgi?id=85147
+
+ Reviewed by Darin Adler.
+
+ The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined
+ by the compiler. This annihilate the gains of using SmallStrings.
+
+ On stringProtoFuncCharAt(), this patch improves the performance by 11%.
+
+ * runtime/JSString.h:
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+
+2012-04-30 Benjamin Poulain <bpoulain@apple.com>
+
+ Add fast patch for radix == 10 on numberProtoFuncToString
+ https://bugs.webkit.org/show_bug.cgi?id=85120
+
+ Reviewed by Darin Adler.
+
+ When radix, we use to turn the doubleValue into a JSValue just to convert
+ it to a String. The problem is that was using the slow path for conversion and
+ for the toString() operation.
+
+ This patch shortcuts the creation of a JSValue and uses NumericStrings directly.
+ The conversion is split between Integer and Double to ensure the fastest conversion
+ for the common case of integer arguments.
+
+ Converting number with radix 10 becomes 5% faster.
+
+ Due to the simpler conversion of number to string for integer, converting
+ integers that do not fall in the two previous optimizations get 32% faster.
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::extractRadixFromArgs):
+ (JSC::integerValueToString):
+ (JSC::numberProtoFuncToString):
+
+2012-04-30 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing header.
+
+2012-04-28 Geoffrey Garen <ggaren@apple.com>
+
+ Factored threaded block allocation into a separate object
+ https://bugs.webkit.org/show_bug.cgi?id=85148
+
+ Reviewed by Sam Weinig.
+
+ 99% of this patch just moves duplicated block allocation and
+ deallocation code into a new object named BlockAllocator, with these
+ exceptions:
+
+ * heap/BlockAllocator.h: Added.
+ (BlockAllocator::BlockAllocator): The order of declarations here now
+ guards us against an unlikely race condition during startup.
+
+ * heap/BlockAllocator.cpp:
+ JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to
+ highlight a lack of clarity we have in our block deallocation routines.
+
+2012-04-28 Sam Weinig <sam@webkit.org>
+
+ Try to fix the Qt build.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::lastChanceToFinalize):
+
+2012-04-28 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-04-28 Geoffrey Garen <ggaren@apple.com>
+
+ Clarified JSGlobalData (JavaScript VM) lifetime
+ https://bugs.webkit.org/show_bug.cgi?id=85142
+
+ Reviewed by Anders Carlsson.
+
+ This was so confusing that I didn't feel like I could reason about
+ memory lifetime in the heap without fixing it.
+
+ The rules are:
+
+ (1) JSGlobalData owns the virtual machine and all memory in it.
+
+ (2) Deleting a JSGlobalData frees the virtual machine and all memory
+ in it.
+
+ (Caveat emptor: if you delete the virtual machine while you're running
+ JIT code or accessing GC objects, you're gonna have a bad time.)
+
+ (I opted not to make arbitrary sub-objects keep the virtual machine
+ alive automatically because:
+
+ (a) doing that right would be complex and slow;
+
+ (b) in the case of an exiting thread or process, there's no
+ clear way to give the garbage collector a chance to try again
+ later;
+
+ (c) continuing to run the garbage collector after we've been
+ asked to shut down the virtual machine seems rude;
+
+ (d) we've never really supported that feature, anyway.)
+
+ (3) Normal ref-counting will do. No need to call a battery of
+ specialty functions to tear down a JSGlobalData. Its foibles
+ notwithstanding, C++ does in fact know how to execute destructors in
+ order.
+
+ * API/JSContextRef.cpp:
+ (JSGlobalContextCreate): Removed compatibility shim for older
+ operating systems because it's no longer used.
+
+ (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do
+ the right thing", this code is much simpler. We still have one special
+ case to notify the garbage collector if we're removing the last
+ reference to the global object, since this can improve memory behavior.
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::freeAllBlocks):
+ * heap/CopiedSpace.h:
+ (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true
+ destruction-time behaviors should be limited to our C++ destructor.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::~Heap):
+ (JSC):
+ (JSC::Heap::lastChanceToFinalize):
+ * heap/Heap.h:
+ (Heap):
+ (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because
+ true destruction-time behaviors should be limited to our C++
+ destructor.
+
+ Reorganized the code, putting code that must run before any objects
+ get torn down into lastChanceToFinalize, and code that just tears down
+ objects into our destructor.
+
+ * heap/Local.h:
+ (JSC::LocalStack::LocalStack):
+ (JSC::LocalStack::push):
+ (LocalStack): See rule (2).
+
+ * jsc.cpp:
+ (functionQuit):
+ (main):
+ (printUsageStatement):
+ (parseArguments):
+ (jscmain):
+ * testRegExp.cpp:
+ (main):
+ (printUsageStatement):
+ (parseArguments):
+ (realMain): See rule (3).
+
+ I removed the feature of ensuring orderly tear-down when calling quit()
+ or running in --help mode because it didn't seem very useful and
+ making it work with Windows structured exception handling and
+ NO_RETURN didn't seem like a fun way to spend a Saturday.
+
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data
+ member in JSGlobalData to ensure that it's destructed last, so other
+ objects that reference it destruct without crashing. This allowed me
+ to remove clearBuiltinStructures() altogether, and helped guarantee
+ rule (3).
+
+ (JSC::JSGlobalData::~JSGlobalData): Explicitly call
+ lastChanceToFinalize() at the head of our destructor to ensure that
+ all pending finalizers run while the virtual machine is still in a
+ valid state. Trying to resurrect (re-ref) the virtual machine at this
+ point is not valid, but all other operations are.
+
+ Changed a null to a 0xbbadbeef to clarify just how bad this beef is.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ * runtime/JSGlobalObject.h:
+ (JSGlobalObject):
+ (JSC::JSGlobalObject::globalData): See rule (3).
+
+2012-04-27 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Windows build.
+
+ * heap/WeakBlock.h:
+ (WeakBlock):
+
+2012-04-27 Geoffrey Garen <ggaren@apple.com>
+
+ Made WeakSet::allocate() static and removed its JSGlobalData argument
+ https://bugs.webkit.org/show_bug.cgi?id=85128
+
+ Reviewed by Anders Carlsson.
+
+ This is a step toward faster finalization.
+
+ WeakSet::allocate() now deduces which WeakSet to allocate from based on
+ its JSCell* argument. (Currently, there's only one WeakSet, but soon
+ there will be many.)
+
+ This was a global replace of "globalData.heap.weakSet()->allocate" with
+ "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument.
+
+ * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h.
+
+ I had to split out WeakSet::allocate() in to a separate header to avoid
+ a cycle.
+
+ (JSC::WeakSet::allocate): We can mask the pointer we're passed to
+ figure out where to allocate our WeakImpl. (Soon, we'll use this to
+ associate the WeakImpl with the GC block it references.)
+
+2012-04-27 Geoffrey Garen <ggaren@apple.com>
+
+ Stop using aligned allocation for WeakBlock
+ https://bugs.webkit.org/show_bug.cgi?id=85124
+
+ Reviewed by Anders Carlsson.
+
+ We don't actually use the alignment for anything.
+
+ * heap/WeakBlock.cpp:
+ (JSC::WeakBlock::create):
+ (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular
+ allocation.
+
+ * heap/WeakBlock.h:
+ (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned
+ allocation. This change required me to add some declarations that we used
+ to inherit from HeapBlock.
+
+ (WeakBlock::blockFor): Removed. This function relied on aligned allocation
+ but didn't do anything for us.
+
+ (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation
+ logic, so it shouldn't own the function.
+
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::~WeakSet):
+ (JSC::WeakSet::finalizeAll):
+ (JSC::WeakSet::visitLiveWeakImpls):
+ (JSC::WeakSet::visitDeadWeakImpls):
+ (JSC::WeakSet::sweep):
+ (JSC::WeakSet::shrink):
+ (JSC::WeakSet::resetAllocator):
+ (JSC::WeakSet::tryFindAllocator):
+ * heap/WeakSet.h:
+ (WeakSet): Updated declarations to reflect WeakBlock not inheriting from
+ HeapBlock. This allowed me to remove some casts, which was nice.
+
+ (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of
+ asking WeakBlock to do it for us. We don't need to have a WeakBlock
+ pointer to set the flag, so stop asking for one.
+
+2012-04-27 Kentaro Hara <haraken@chromium.org>
+
+ [JSC] Implement a helper method createNotEnoughArgumentsError()
+ https://bugs.webkit.org/show_bug.cgi?id=85102
+
+ Reviewed by Geoffrey Garen.
+
+ In bug 84787, kbr@ requested to avoid hard-coding
+ createTypeError(exec, "Not enough arguments") here and there.
+ This patch implements createNotEnoughArgumentsError(exec)
+ and uses it in JSC bindings.
+
+ c.f. a corresponding bug for V8 bindings is bug 85097.
+
+ * runtime/Error.cpp:
+ (JSC::createNotEnoughArgumentsError):
+ (JSC):
+ * runtime/Error.h:
+ (JSC):
+
+2012-04-27 Geoffrey Garen <ggaren@apple.com>
+
+ Only allow non-null pointers in the WeakSet
+ https://bugs.webkit.org/show_bug.cgi?id=85119
+
+ Reviewed by Darin Adler.
+
+ This is a step toward more efficient finalization.
+
+ No clients put non-pointers (JSValues) into Weak<T> and PassWeak<T>.
+
+ Some clients put null pointers into Weak<T> and PassWeak<T>, but this is
+ more efficient and straight-forward to model with a null in the Weak<T>
+ or PassWeak<T> instead of allocating a WeakImpl just to hold null.
+
+ * heap/PassWeak.h:
+ (JSC): Removed the Unknown (JSValue) type of weak pointer because it's
+ unused now.
+
+ (PassWeak): Don't provide a default initializer for our JSCell* argument.
+ This feature was only used in one place, and it was a bug.
+
+ (JSC::::get): Don't check for a null stored inside our WeakImpl: that's
+ not allowed anymore.
+
+ (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of
+ allocating a WeakImpl and storing null into it.
+
+ * heap/Weak.h:
+ (Weak):
+ (JSC::::Weak): Same changes as in PassWeak<T>.
+
+ * heap/WeakBlock.cpp:
+ (JSC::WeakBlock::visitLiveWeakImpls):
+ (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in
+ the WeakSet now, so no need to check for non-cells and null cell pointers.
+
+ * heap/WeakImpl.h:
+ (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet
+ now, so ASSERT that.
+
+2012-04-27 Gavin Barraclough <barraclough@apple.com>
+
+ <rdar://problem/7909395> Math in JavaScript is inaccurate on iOS
+
+ By defalut IEEE754 denormal support is disabled on iOS;
+ turn it on.
+
+ Reviewed by Filip Pizlo.
+
+ * jsc.cpp:
+ (main):
+ - clear the appropriate bit in the fpscr.
+
+2012-04-27 Michael Saboff <msaboff@apple.com>
+
+ Memory wasted in JSString for non-rope strings
+ https://bugs.webkit.org/show_bug.cgi?id=84907
+
+ Reviewed by Geoffrey Garen.
+
+ Split JSString into two classes, JSString as a base class that does not
+ include the fibers of a Rope, and a subclass JSRopeString that has the
+ rope functionality. Both classes "share" the same ClassInfo. Added
+ a bool to JSString to indicate that the string was allocated as a JSRopeString
+ to properly handle visiting the fiber children when the rope is resolved and
+ the JSRopeString appears as a JSString. Didn't change the interface of JSString
+ to require any JIT changes.
+
+ As part of this change, removed "cellSize" from ClassInfo since both classes
+ share the same ClassInfo, but have different sizes. The only use I could find
+ for cellSize was an ASSERT in allocateCell().
+
+ This appears to be neutral on performance tests.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope
+ to JSRopeString::resolveRope
+ * runtime/ClassInfo.h:
+ (JSC):
+ (ClassInfo):
+ * runtime/JSCell.h:
+ (JSC::allocateCell):
+ * runtime/JSString.cpp:
+ (JSC::JSRopeString::RopeBuilder::expand):
+ (JSC::JSString::visitChildren):
+ (JSC):
+ (JSC::JSRopeString::visitFibers):
+ (JSC::JSRopeString::resolveRope):
+ (JSC::JSRopeString::resolveRopeSlowCase8):
+ (JSC::JSRopeString::resolveRopeSlowCase):
+ (JSC::JSRopeString::outOfMemory):
+ (JSC::JSRopeString::getIndexSlowCase):
+ * runtime/JSString.h:
+ (JSC):
+ (JSString):
+ (JSC::JSString::finishCreation):
+ (JSC::JSString::create):
+ (JSC::JSString::isRope):
+ (JSC::JSString::is8Bit):
+ (JSRopeString):
+ (RopeBuilder):
+ (JSC::JSRopeString::RopeBuilder::RopeBuilder):
+ (JSC::JSRopeString::RopeBuilder::append):
+ (JSC::JSRopeString::RopeBuilder::release):
+ (JSC::JSRopeString::RopeBuilder::length):
+ (JSC::JSRopeString::JSRopeString):
+ (JSC::JSRopeString::finishCreation):
+ (JSC::JSRopeString::createNull):
+ (JSC::JSRopeString::create):
+ (JSC::JSString::value):
+ (JSC::JSString::tryGetValue):
+ (JSC::JSString::getIndex):
+ (JSC::jsStringBuilder):
+ * runtime/Operations.h:
+ (JSC::jsString):
+ (JSC::jsStringFromArguments):
+
+2012-04-27 Oliver Hunt <oliver@apple.com>
+
+ Correct assertion.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+
+2012-04-27 Oliver Hunt <oliver@apple.com>
+
+ Lazy link phase of baseline jit fails to propagate exception
+ https://bugs.webkit.org/show_bug.cgi?id=85092
+
+ Reviewed by Filip Pizlo.
+
+ Very simple patch, when linking produces an error we need to actually store
+ the exception prior to throwing it. I can't find any other examples of this,
+ but as we're already in the slow path when throwing an exception I've hardened
+ exception throwing against null exceptions.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * jit/JITStubs.cpp:
+ (JSC::lazyLinkFor):
+
+2012-04-27 Benjamin Poulain <benjamin@webkit.org>
+
+ Generalize the single character optimization of numberProtoFuncToString
+ https://bugs.webkit.org/show_bug.cgi?id=85027
+
+ Reviewed by Geoffrey Garen.
+
+ The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString()
+ when the radix is 36.
+
+ This patch generalize the optimization for any radix. Any positive number smaller than its radix
+ can be represented by a single character of radixDigits.
+
+ This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion.
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToString):
+
+2012-04-27 Gavin Peters <gavinp@chromium.org>
+
+ Add new ENABLE_LINK_PRERENDER define to control the Prerendering API
+ https://bugs.webkit.org/show_bug.cgi?id=84871
+
+ Reviewed by Adam Barth.
+
+ Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
+ API separates it from prefetching. Having separate include guards lets ports enable prefetching,
+ a relatively easy change, without needing to build the infrastructure for prerendering, which
+ is considerably more complicated.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-04-26 Oliver Hunt <oliver@apple.com>
+
+ Allocating WeakImpl should not trigger GC, as that makes the world very tricksy.
+ https://bugs.webkit.org/show_bug.cgi?id=85020
+
+ Reviewed by Gavin Barraclough.
+
+ Now in the event that we are unable to find an allocator for a new handle, just
+ add a new allocator rather than trying to recover "dead" handles through a GC.
+
+ Find allocator is now much simpler, and addAllocator directly reports the
+ increased memory usage to the heap without causing any GC to happen immediately.
+
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::findAllocator):
+ (JSC::WeakSet::addAllocator):
+
+2012-04-26 Oliver Hunt <oliver@apple.com>
+
+ Remove RegisterFile::end()/m_end
+ https://bugs.webkit.org/show_bug.cgi?id=85011
+
+ Reviewed by Gavin Barraclough.
+
+ Get rid of end() and m_end from RegisterFile. From now on
+ we only care about the end of the committed region when calling
+ code. When re-entering the VM we now plant the new CallFrame
+ immediately after whatever the current topCallFrame is. This
+ required adding a routine to CallFrame to determine exactly what
+ we should be doing (in the absence of an existing CallFrame, we
+ can't reason about the frameExtent() so we check for that).
+
+ This also now means that the GC only marks the portion of the
+ RegisterFile that is actually in use, and that VM re-entry doesn't
+ exhaust the RegisterFile as rapidly.
+
+ * dfg/DFGOperations.cpp:
+ * heap/Heap.cpp:
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::init):
+ (JSC::ExecState::startOfReusableRegisterFile):
+ (ExecState):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::prepareForRepeatCall):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::execute):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::growSlowCase):
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::commitEnd):
+ (JSC::RegisterFile::addressOfEnd):
+ (RegisterFile):
+ (JSC::RegisterFile::RegisterFile):
+ (JSC::RegisterFile::shrink):
+ (JSC::RegisterFile::grow):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::jitCompileFor):
+ (JSC::lazyLinkFor):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::handleHostCall):
+ * llint/LowLevelInterpreter.asm:
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::arityCheckFor):
+
+2012-04-26 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ARMv7 backend should optimize Float32 arrays
+ https://bugs.webkit.org/show_bug.cgi?id=85000
+ <rdar://problem/10652827>
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/ARMv7Assembler.h:
+ (ARMv7Assembler):
+ (JSC::ARMv7Assembler::flds):
+ (JSC::ARMv7Assembler::fsts):
+ (JSC::ARMv7Assembler::vcvtds):
+ (JSC::ARMv7Assembler::vcvtsd):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::loadFloat):
+ (MacroAssemblerARMv7):
+ (JSC::MacroAssemblerARMv7::storeFloat):
+ (JSC::MacroAssemblerARMv7::convertFloatToDouble):
+ (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
+ * bytecode/PredictedType.h:
+ (JSC::isActionableFloatMutableArrayPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateFloat32Array):
+
+2012-04-25 Benjamin Poulain <benjamin@webkit.org>
+
+ Add a version of StringImpl::find() without offset
+ https://bugs.webkit.org/show_bug.cgi?id=83968
+
+ Reviewed by Sam Weinig.
+
+ Add support for the new StringImpl::find() to UString.
+
+ Change stringProtoFuncIndexOf() to specifically take advatage of the feature.
+ This gives a 12% gains on a distribution of strings between 30 and 100 characters.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::substituteBackreferences):
+ (JSC::stringProtoFuncIndexOf):
+ * runtime/UString.h:
+ (UString):
+ (JSC::UString::find):
+
+2012-04-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ WebCore shouldn't call collectAllGarbage directly
+ https://bugs.webkit.org/show_bug.cgi?id=84897
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol
+ for reportAbanondedObjectGraph so WebCore can use it.
+ * heap/Heap.h: Ditto.
+
+2012-04-25 Oliver Hunt <oliver@apple.com>
+
+ Biolab disaster crashes on ToT
+ https://bugs.webkit.org/show_bug.cgi?id=84898
+
+ Reviewed by Filip Pizlo.
+
+ Whoops, committed without saving reviewer requested change.
+
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ (JSC::DFG::VirtualRegisterAllocationPhase::run):
+
+2012-04-25 Oliver Hunt <oliver@apple.com>
+
+ Biolab disaster crashes on ToT
+ https://bugs.webkit.org/show_bug.cgi?id=84898
+
+ Reviewed by Filip Pizlo.
+
+ I recently added an assertion to the Interpreter to catch incorrect
+ updates of topCallFrame. This caused a bunch of sites (including biolab
+ disaster) to crash as we were not correctly handling callee registers
+ of inlined functions, leading to a mismatch.
+
+ I could not actually make this trigger directly, although it does trigger
+ already on some of the GTK and QT bots.
+
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ (JSC::DFG::VirtualRegisterAllocationPhase::run):
+
+2012-04-25 Kenneth Russell <kbr@google.com>
+
+ Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced
+ https://bugs.webkit.org/show_bug.cgi?id=83655
+
+ Reviewed by Oliver Hunt.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionToAbbreviatedString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC):
+ (JSC::isActionableIntMutableArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGNode.h:
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+ (SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::getByVal):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/JSByteArray.cpp: Removed.
+ * runtime/JSByteArray.h: Removed.
+ * runtime/JSGlobalData.cpp:
+
+2012-04-25 Filip Pizlo <fpizlo@apple.com>
+
+ http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=84815
+ <rdar://problem/11319514>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
+
+2012-04-25 Michael Saboff <msaboff@apple.com>
+
+ Closure in try {} with catch captures all locals from the enclosing function
+ https://bugs.webkit.org/show_bug.cgi?id=84804
+
+ Reviewed by Oliver Hunt.
+
+ Changed the capturing of local variables from capturing when eval is used,
+ within a "with" or within a "catch" to be just when an eval is used.
+ Renamed the function returning that we should capture from
+ getCapturedVariables() to usesEval(), since that what it noew returns.
+ Needed to fix the "with" code to only range check when the activation
+ has actually been torn off. Added m_isTornOff to JSActivation to
+ track this.
+
+ * parser/Parser.h:
+ (JSC::Scope::usesEval):
+ (JSC::Scope::getCapturedVariables):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ * runtime/JSActivation.h:
+ (JSActivation):
+ (JSC::JSActivation::tearOff):
+
+2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ GC Activity Callback timer should be based on how much has been allocated since the last collection
+ https://bugs.webkit.org/show_bug.cgi?id=84763
+
+ Reviewed by Geoffrey Garen.
+
+ The desired behavior for the GC timer is to collect at some point in the future,
+ regardless of how little we've allocated. A secondary goal, which is almost if not
+ as important, is for the timer to collect sooner if there is the potential to
+ collect a greater amount of memory. Conversely, as we allocate more memory we'd
+ like to reduce the delay to the next collection. If we're allocating quickly enough,
+ the timer should be preempted in favor of a normal allocation-triggered collection.
+ If allocation were to slow or stop, we'd like the timer to be able to opportunistically
+ run a collection without us having to allocate to the hard limit set by the Heap.
+
+ This type of policy can be described in terms of the amount of CPU we are willing
+ to dedicate to reclaim a single MB of memory. For example, we might be willing to
+ dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of
+ the last collection, e.g. if our last collection took 1ms, we would want to wait about
+ 100ms before running another collection to reclaim 1 MB. These constants should be
+ tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB.
+
+ * API/JSBase.cpp: Use the new reportAbandonedObjectGraph.
+ (JSGarbageCollect):
+ * API/JSContextRef.cpp: Ditto.
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call
+ this function to notify the Heap that some unknown number of JSC objects might have just
+ been abandoned and are now garbage. The Heap might schedule a new collection timer based
+ on this notification.
+ (JSC):
+ (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect.
+ * heap/Heap.h:
+ (Heap):
+ * heap/MarkedAllocator.h:
+ (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the
+ current allocator's FreeList once zapping was complete.
+ * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by
+ Heap::reportAbandonedObjectGraph.
+ (JSC):
+ * runtime/GCActivityCallback.h:
+ (JSC::GCActivityCallback::willCollect):
+ (DefaultGCActivityCallback):
+ * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the
+ timer based on how much we have allocated since the last collection up to a certain amount.
+ We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered
+ collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB.
+ (DefaultGCActivityCallbackPlatformData):
+ (JSC):
+ (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
+ (JSC::DefaultGCActivityCallback::commonConstructor):
+ (JSC::scheduleTimer):
+ (JSC::cancelTimer):
+ (JSC::DefaultGCActivityCallback::didAllocate):
+
+2012-04-24 Michael Saboff <msaboff@apple.com>
+
+ objectProtoFuncToString creates new string every invocation
+ https://bugs.webkit.org/show_bug.cgi?id=84781
+
+ Reviewed by Geoffrey Garen.
+
+ Cache the results of object toString() in the attached Structure.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncToString):
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue.
+ * runtime/Structure.h: Added new member m_hasObjectToStringValue
+ (JSC):
+ (JSC::Structure::objectToStringValue):
+ (Structure):
+ (JSC::Structure::setObjectToStringValue):
+
+2012-04-24 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=84727.
+ Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled.
+
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::or32):
+ (JSC::MacroAssemblerSH4::and32):
+ (JSC::MacroAssemblerSH4::lshift32):
+ (JSC::MacroAssemblerSH4::xor32):
+ (JSC::MacroAssemblerSH4::branchSub32):
+ (JSC::MacroAssemblerSH4::urshift32):
+
+2012-04-24 Gavin Barraclough <barraclough@apple.com>
+
+ Add explicit patchableBranchPtrWithPatch/patchableJump methods
+ https://bugs.webkit.org/show_bug.cgi?id=84498
+
+ Reviewed by Filip Pizlo.
+
+ Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump):
+ (PatchableJump):
+ (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&):
+ (AbstractMacroAssembler):
+ (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
+ - Added PatchableJump type, removed inUninterruptedSequence.
+ * assembler/LinkBuffer.h:
+ (LinkBuffer):
+ (JSC::LinkBuffer::locationOf):
+ - Only allow the location to be taken of patchable branches
+ * assembler/MacroAssembler.h:
+ (MacroAssembler):
+ (JSC::MacroAssembler::patchableBranchPtrWithPatch):
+ (JSC::MacroAssembler::patchableJump):
+ (JSC::MacroAssembler::shouldBlind):
+ - Added default implementation of patchableBranchPtrWithPatch, patchableJump.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
+ (MacroAssemblerARMv7):
+ (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch):
+ (JSC::MacroAssemblerARMv7::patchableJump):
+ (JSC::MacroAssemblerARMv7::jump):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+ - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump.
+ * dfg/DFGCorrectableJumpPoint.h:
+ (DFG):
+ (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
+ - Late jumps are PatchableJumps.
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ - replace use of inUninterruptedSequence
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
+ (PropertyAccessRecord):
+ - replace use of inUninterruptedSequence
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ - replace use of inUninterruptedSequence
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ - replace use of inUninterruptedSequence
+ * jit/JIT.h:
+ (PropertyStubCompilationInfo):
+ - replace use of inUninterruptedSequence
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::beginUninterruptedSequence):
+ (JSC::JIT::endUninterruptedSequence):
+ - replace use of inUninterruptedSequence
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ - replace use of inUninterruptedSequence
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ - replace use of inUninterruptedSequence
+
+2012-04-24 Benjamin Poulain <bpoulain@apple.com>
+
+ Generalize the single character optimization of r114072
+ https://bugs.webkit.org/show_bug.cgi?id=83961
+
+ Reviewed by Eric Seidel.
+
+ Use the regular String::find(StringImpl*) in all cases now that it has been made faster.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::replaceUsingStringSearch):
+
+2012-04-24 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, 32-bit build fix.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-04-24 Filip Pizlo <fpizlo@apple.com>
+
+ DFG performs incorrect DCE on (some?) intrinsics
+ https://bugs.webkit.org/show_bug.cgi?id=84746
+ <rdar://problem/11310772>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::setIntrinsicResult):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray
+ https://bugs.webkit.org/show_bug.cgi?id=84648
+
+ Reviewed by Geoffrey Garen.
+
+ When emit_op_new_array successfully allocates a new JSArray but fails to allocate
+ the corresponding ArrayStorage for it, it falls back to the out-of-line stub call
+ to constructArray, which constructs and entirely new JSArray/ArrayStorage pair.
+ This leaves us with a JSArray hanging around on the stack or in a register that
+ did not go through its own constructor, thus giving it uninitialized memory in the
+ two fields that are checked in JSArray::visitChildren.
+
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that
+ if we fail we haven't generated the poisonous JSArray that can cause a GC crash.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emitSlow_op_new_array):
+
+2012-04-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG on ARMv7 should not OSR exit on every integer division
+ https://bugs.webkit.org/show_bug.cgi?id=84661
+
+ Reviewed by Oliver Hunt.
+
+ On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since
+ that was broken with the introduction of Int32ToDouble) nor does it have to know
+ whether or not to convert its result to integer. This is now taken care of for free
+ with the addition of the DoubleAsInt32 node, which represents a double-is-really-int
+ speculation.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
+ * dfg/DFGOSRExit.h:
+ (OSRExit):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
+ (DFG):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-04-24 Geoffrey Garen <ggaren@apple.com>
+
+ "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink
+ https://bugs.webkit.org/show_bug.cgi?id=84740
+ <rdar://problem/9917638>
+
+ Reviewed by Gavin Barraclough.
+
+ Shrink!
+
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy): Be more specific about what's shrinking, since we
+ can also shrink the WeakSet, but we don't do so here.
+
+ (JSC::Heap::collect): If we're going to shrink the heap, shrink the
+ WeakSet too. Otherwise, its footprint is permanent.
+
+ * heap/Heap.h:
+ (Heap): Removed shrink() as a public interface, since it's vague about
+ which parts of the heap it affects, and it's really an internal detail.
+
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has
+ already taken place, since that's the convention for shrink() in the heap.
+
+ * heap/WeakSet.h:
+ (WeakSet): New function!
+
+2012-04-24 Adam Klein <adamk@chromium.org>
+
+ Fix includes in StrongInlines.h and ScriptValue.h
+ https://bugs.webkit.org/show_bug.cgi?id=84659
+
+ Reviewed by Geoffrey Garen.
+
+ * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's
+ definiition is required here.
+
+2012-04-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit should ensure that all variables have been initialized
+ https://bugs.webkit.org/show_bug.cgi?id=84653
+ <rdar://problem/11258183>
+
+ Reviewed by Gavin Barraclough.
+
+ Initialize all uncaptured dead variables to undefined on OSR exit.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+
+2012-04-23 Oliver Hunt <oliver@apple.com>
+
+ Call instruction for the baseline JIT stores origin info in wrong callframe
+ https://bugs.webkit.org/show_bug.cgi?id=84645
+
+ Reviewed by Gavin Barraclough.
+
+ The baseline JIT was updating the wrong callframe when making a call. If the
+ call failed during dispatch (unable to perform codegen, calling a non-object)
+ we would attempt to use this information, but it would be completely wrong.
+
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+
+2012-04-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG must keep alive values that it will perform speculations on
+ https://bugs.webkit.org/show_bug.cgi?id=84638
+ <rdar://problem/11258183>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGNodeType.h:
+ (DFG):
+
+2012-04-23 Oliver Hunt <oliver@apple.com>
+
+ Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeCall):
+
+2012-04-22 Jon Lee <jonlee@apple.com>
+
+ Remove notifications support on Mac Lion.
+ https://bugs.webkit.org/show_bug.cgi?id=84554
+ <rdar://problem/11297128>
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-04-21 Darin Adler <darin@apple.com>
+
+ Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
+ https://bugs.webkit.org/show_bug.cgi?id=84523
+
+ Reviewed by Oliver Hunt.
+
+ Profiles showed that checks against -1 were costly, and I saw they could be eliminated.
+ Streamlined this code to use standard character types and 0 rather than -1. One benefit
+ of this is that there's no widening and narrowing. Another is that there are many cases
+ where we already have the correct behavior for 0, so can eliminate a branch that was
+ used to test for -1 before. Also eliminates typecasts in the code.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a
+ character type, not an int.
+ (JSC::Lexer::setCode): Use 0 rather than -1 when past the end.
+ (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit.
+ (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end
+ of the code. This can be used places we used to cheeck for -1.
+ (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment.
+ (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int.
+ (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that
+ had a data-member-style name.
+ (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart
+ function already returns false for the 0 character. Updated types in a couple other places. Used
+ the atEnd function where needed.
+ (JSC::Lexer::parseIdentifierSlowCase): More of the same.
+ (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString.
+ (JSC::Lexer::parseString): Ditto.
+ (JSC::Lexer::parseStringSlowCase): Ditto.
+ (JSC::Lexer::parseMultilineComment): Ditto.
+ (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in
+ the tokenInfo instead of putting it in a local variable first, saving some memory access.
+ (JSC::Lexer::scanRegExp): Ditto.
+ (JSC::Lexer::skipRegExp): Ditto.
+
+ * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to
+ the character type. Added atEnd function.
+ (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize.
+ (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1.
+
+2012-04-21 Darin Adler <darin@apple.com>
+
+ Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
+ https://bugs.webkit.org/show_bug.cgi?id=84523
+
+ Reviewed by Oliver Hunt.
+
+ Separate preparation step of copyright dates, renaming, and other small tweaks.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions.
+ (JSC::Lexer::peek): Removed meaningless comment.
+ (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about
+ what this function does.
+ (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name.
+ (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex.
+ (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage.
+
+ * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class.
+ Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed
+ getUnicodeCharacter to parseFourDigitUnicodeHex.
+
+2012-04-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should optimize int8 and int16 arrays on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=84503
+
+ Reviewed by Oliver Hunt.
+
+ * assembler/ARMv7Assembler.h:
+ (ARMv7Assembler):
+ (JSC::ARMv7Assembler::ldrsb):
+ (JSC::ARMv7Assembler::ldrsh):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load16Signed):
+ (JSC::MacroAssemblerARMv7::load8Signed):
+ * bytecode/PredictedType.h:
+ (JSC::isActionableIntMutableArrayPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInt8Array):
+ (JSC::DFG::Node::shouldSpeculateInt16Array):
+
+2012-04-20 Oliver Hunt <oliver@apple.com>
+
+ Add an ability to find the extent of a callframe
+ https://bugs.webkit.org/show_bug.cgi?id=84513
+
+ Reviewed by Filip Pizlo.
+
+ Add a function to get the extent of a callframe and
+ use that function for a new assertion to make sure the
+ RegisterFile makes sense using that information.
+
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::frameExtentInternal):
+ (JSC):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::frameExtent):
+ (ExecState):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeCall):
+
+2012-04-20 Benjamin Poulain <bpoulain@apple.com>
+
+ Inline the JSArray constructor
+ https://bugs.webkit.org/show_bug.cgi?id=84416
+
+ Reviewed by Geoffrey Garen.
+
+ The constructor is trivial, no reason to jump for it.
+
+ This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays).
+
+ * runtime/JSArray.cpp:
+ (JSC):
+ * runtime/JSArray.h:
+ (JSC::JSArray::JSArray):
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Heap should cancel GC timer at the start of the collection
+ https://bugs.webkit.org/show_bug.cgi?id=84477
+
+ Reviewed by Geoffrey Garen.
+
+ Currently the Heap cancels the GC timer at the conclusion of a collection.
+ We should change this to be at the beginning because something (e.g. a finalizer)
+ could call didAbandonObjectGraph(), which will schedule the timer, but then
+ we'll immediately unschedule the timer at the conclusion of the collection,
+ thus potentially preventing large swaths of memory from being reclaimed in a timely manner.
+
+ * API/JSBase.cpp:
+ (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is
+ busy or not, since we're just scheduling a timer to run a GC in the future.
+ * heap/Heap.cpp:
+ (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the
+ top of Heap::collect.
+ * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect.
+ (JSC::DefaultGCActivityCallback::willCollect):
+ * runtime/GCActivityCallback.h: Ditto.
+ (JSC::GCActivityCallback::willCollect):
+ (DefaultGCActivityCallback):
+ * runtime/GCActivityCallbackCF.cpp: Ditto.
+ (JSC::DefaultGCActivityCallback::willCollect):
+
+2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSGarbageCollect should not call collectAllGarbage()
+ https://bugs.webkit.org/show_bug.cgi?id=84476
+
+ Reviewed by Geoffrey Garen.
+
+ * API/JSBase.cpp:
+ (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph.
+
+2012-04-19 Oliver Hunt <oliver@apple.com>
+
+ Exception stack traces aren't complete when the exception starts in native code
+ https://bugs.webkit.org/show_bug.cgi?id=84073
+
+ Reviewed by Filip Pizlo.
+
+ Refactored building the stack trace to so that we can construct
+ it earlier, and don't rely on any prior work performed in the
+ exception handling machinery. Also updated LLInt and the DFG to
+ completely initialise the callframes of host function calls.
+
+ Also fixed a few LLInt paths that failed to correctly update the
+ topCallFrame.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * interpreter/Interpreter.cpp:
+ (JSC::eval):
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::addStackTraceIfNecessary):
+ (JSC):
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ (Interpreter):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jsc.cpp:
+ (functionJSCStack):
+ * llint/LLIntExceptions.cpp:
+ (JSC::LLInt::interpreterThrowInCaller):
+ (JSC::LLInt::returnToThrow):
+ (JSC::LLInt::callToThrow):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::handleHostCall):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * parser/Parser.h:
+ (JSC::::parse):
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ (JSC::throwError):
+ * runtime/Error.h:
+ (JSC):
+
+2012-04-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ We're collecting pathologically due to small allocations
+ https://bugs.webkit.org/show_bug.cgi?id=84404
+
+ Reviewed by Geoffrey Garen.
+
+ No change in performance on run-jsc-benchmarks.
+
+ * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList.
+ (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
+ * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no
+ longer useful.
+ (JSC::CopiedSpace::CopiedSpace):
+ (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than
+ carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace.
+ (JSC::CopiedSpace::tryAllocateOversize): Call the new didAllocate to notify the Heap of
+ newly allocated stuff.
+ (JSC::CopiedSpace::tryReallocateOversize):
+ (JSC::CopiedSpace::doneFillingBlock):
+ (JSC::CopiedSpace::doneCopying):
+ (JSC::CopiedSpace::destroy):
+ * heap/CopiedSpace.h:
+ (CopiedSpace):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::startedCopying):
+ * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and
+ bytesAllocatedLimit to track how much memory has been allocated since the last collection.
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering
+ a collection to be the size of the Heap after the previous collection. Thus, we still have our
+ 2x allocation amount.
+ (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated
+ thus far and then adds the new number of bytes to the current total.
+ (JSC):
+ * heap/Heap.h: Removed water mark related stuff.
+ (JSC::Heap::notifyIsSafeToCollect):
+ (Heap):
+ (JSC::Heap::shouldCollect):
+ (JSC):
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct.
+ (JSC::MarkedAllocator::allocateSlowCase):
+ (JSC::MarkedAllocator::addBlock):
+ * heap/MarkedAllocator.h:
+ (MarkedAllocator):
+ (JSC::MarkedAllocator::MarkedAllocator):
+ (JSC::MarkedAllocator::allocate):
+ (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell.
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::specializedSweep):
+ (JSC::MarkedBlock::sweep):
+ (JSC::MarkedBlock::sweepHelper):
+ (JSC::MarkedBlock::zapFreeList):
+ * heap/MarkedBlock.h:
+ (FreeList): Added a new struct that keeps track of the current MarkedAllocator's
+ free list including the number of bytes of stuff in the free list so that when the free list is
+ exhausted, the correct amount can be reported to Heap.
+ (MarkedBlock):
+ (JSC::MarkedBlock::FreeList::FreeList):
+ (JSC):
+ * heap/MarkedSpace.cpp: Removing all water mark related stuff.
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocators):
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ (JSC):
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This
+ function still needs work though now that the Heap knows how many bytes have been allocated
+ since the last collection.
+ * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct.
+ (JSC::JIT::emitAllocateBasicJSObject): Ditto.
+ * llint/LowLevelInterpreter.asm: Ditto.
+ * runtime/GCActivityCallback.cpp:
+ (JSC::DefaultGCActivityCallback::didAllocate):
+ * runtime/GCActivityCallback.h:
+ (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that
+ the allocation that is being reported has already taken place.
+ (DefaultGCActivityCallback):
+ * runtime/GCActivityCallbackCF.cpp:
+ (JSC):
+ (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of
+ allocation since the last collection is not above a threshold (initially arbitrarily chosen to
+ be 128KB).
+
+2012-04-19 Filip Pizlo <fpizlo@apple.com>
+
+ MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal
+ https://bugs.webkit.org/show_bug.cgi?id=84401
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
+
+2012-04-19 Don Olmstead <don.olmstead@am.sony.com>
+
+ KeywordLookupGenerator.py should take an output file as an argument
+ https://bugs.webkit.org/show_bug.cgi?id=84292
+
+ Reviewed by Eric Seidel.
+
+ Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script.
+
+ * KeywordLookupGenerator.py:
+
+2012-04-19 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to perform debugCall on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=84381
+
+ Reviewed by Oliver Hunt.
+
+ debugCall() was clobbering the argument to the call it was making, leading to a
+ corrupt ExecState*. This change fixes that issue by using a scratch register that
+ does not clobber arguments, and it also introduces more assertions that we have
+ a valid call frame.
+
+ * dfg/DFGAssemblyHelpers.cpp:
+ (DFG):
+ (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::selectScratchGPR):
+ (AssemblyHelpers):
+ (JSC::DFG::AssemblyHelpers::debugCall):
+ (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::selectScratchGPR):
+
+2012-04-19 Filip Pizlo <fpizlo@apple.com>
+
+ LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that
+ the PB/PC has been preserved
+ https://bugs.webkit.org/show_bug.cgi?id=84367
+
+ Reviewed by Oliver Hunt.
+
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+
+2012-04-19 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to load from Float64 arrays on ARMv7 without crashing
+ https://bugs.webkit.org/show_bug.cgi?id=84361
+
+ Reviewed by Oliver Hunt.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::loadDouble):
+ (JSC::MacroAssemblerARMv7::storeDouble):
+
+2012-04-19 Dominik Röttsches <dominik.rottsches@linux.intel.com>
+
+ [CMake] Build fix after r114575
+ https://bugs.webkit.org/show_bug.cgi?id=84322
+
+ Reviewed by Simon Hausmann.
+
+ Build fix, adding WTF when linking jsc shell.
+
+ * shell/CMakeLists.txt:
+
+2012-04-18 Filip Pizlo <fpizlo@apple.com>
+
+ JSC testing should have complete coverage over typed array types
+ https://bugs.webkit.org/show_bug.cgi?id=84302
+
+ Reviewed by Geoff Garen.
+
+ Added Uint8ClampedArray to the set of typed arrays that are supported by jsc
+ command-line.
+
+ * JSCTypedArrayStubs.h:
+ (JSC):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+
+2012-04-18 Filip Pizlo <fpizlo@apple.com>
+
+ jsc command line should support typed arrays by default
+ https://bugs.webkit.org/show_bug.cgi?id=84298
+
+ Rubber stamped by Gavin Barraclough.
+
+ * JSCTypedArrayStubs.h:
+ (JSC):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+
+2012-04-18 Filip Pizlo <fpizlo@apple.com>
+
+ JSVALUE32_64 should be able to perform division on ARM without crashing, and variables
+ forced double should not be scrambled when performing OSR entry
+ https://bugs.webkit.org/show_bug.cgi?id=84272
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+
+2012-04-18 Don Olmstead <don.olmstead@am.sony.com>
+
+ JavaScriptCore.gypi not current
+ https://bugs.webkit.org/show_bug.cgi?id=84224
+
+ Reviewed by Eric Seidel.
+
+ Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself.
+
+ Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory.
+
+ * JavaScriptCore.gypi:
+
+2012-04-18 Benjamin Poulain <bpoulain@apple.com>
+
+ Remove m_subclassData from JSArray, move the attribute to subclass as needed
+ https://bugs.webkit.org/show_bug.cgi?id=84249
+
+ Reviewed by Geoffrey Garen.
+
+ JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves
+ the attribute to RuntimeArray to avoid allocating memory for the pointer in the common
+ case.
+
+ This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations
+ of CopiedSpace.
+
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateJSArray):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ * runtime/JSArray.h:
+
+2012-04-18 Benjamin Poulain <bpoulain@apple.com>
+
+ replaceUsingStringSearch: delay the creation of the replace string until needed
+ https://bugs.webkit.org/show_bug.cgi?id=83841
+
+ Reviewed by Geoffrey Garen.
+
+ We do not need to obtain the replaceValue until we have a match. By moving the intialization
+ of replaceValue when needed, we save a few instructions when there is no match.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::replaceUsingRegExpSearch):
+ (JSC::replaceUsingStringSearch):
+ (JSC::stringProtoFuncReplace):
+
+2012-04-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ GC activity timer should be tied to allocation, not collection
+ https://bugs.webkit.org/show_bug.cgi?id=83919
+
+ Reviewed by Geoffrey Garen.
+
+ * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've
+ released a global object, we're abandoning a potentially large number of objects that JSC might want
+ to collect.
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate
+ that we've hit a slow path and are allocating now, so schedule the timer.
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to
+ throw away too much code during our benchmarks (especially vp8, which is very large and thus has large
+ amounts of compiled code).
+ (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we
+ can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a
+ collection to see if we should throw away our compiled code. Currently this is set to happen about once
+ every minute.
+ * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code.
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like
+ in CopiedSpace.
+ * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms.
+ (JSC::DefaultGCActivityCallback::willAllocate):
+ (JSC):
+ (JSC::DefaultGCActivityCallback::didCollect):
+ (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
+ * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing
+ the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection
+ occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for
+ when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of
+ objects and that JSC might want to clean them up.
+ (JSC::GCActivityCallback::~GCActivityCallback):
+ (JSC::GCActivityCallback::willAllocate):
+ (JSC::GCActivityCallback::didCollect):
+ (JSC::GCActivityCallback::didAbandonObjectGraph):
+ (JSC::GCActivityCallback::synchronize):
+ (DefaultGCActivityCallback):
+ * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions.
+ We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually
+ turned out to be quite expensive (although Instruments couldn't tell us this).
+ (DefaultGCActivityCallbackPlatformData):
+ (JSC):
+ (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
+ (JSC::DefaultGCActivityCallback::commonConstructor):
+ (JSC::scheduleTimer):
+ (JSC::cancelTimer):
+ (JSC::DefaultGCActivityCallback::willAllocate):
+ (JSC::DefaultGCActivityCallback::didCollect):
+ (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
+
+2012-04-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not attempt to get rare case counts for op_mod on ARM
+ https://bugs.webkit.org/show_bug.cgi?id=84218
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ * dfg/DFGCommon.h:
+ (JSC::DFG::isX86):
+ (DFG):
+
+2012-04-17 Myles Maxfield <mmaxfield@google.com>
+
+ BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE
+ https://bugs.webkit.org/show_bug.cgi?id=80912
+
+ Reviewed by Hajime Morita.
+
+ * wtf/BumpPointerAllocator.h:
+ (WTF::BumpPointerPool::create):
+
+2012-04-17 Filip Pizlo <fpizlo@apple.com>
+
+ Attempt to fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-04-17 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to create an inheritorID for the global this object without crashing
+ https://bugs.webkit.org/show_bug.cgi?id=84200
+ <rdar://problem/11251082>
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSGlobalThis.cpp:
+ (JSC::JSGlobalThis::setUnwrappedObject):
+ * runtime/JSGlobalThis.h:
+ (JSC::JSGlobalThis::unwrappedObject):
+ (JSGlobalThis):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::createInheritorID):
+ * runtime/JSObject.h:
+ (JSObject):
+ (JSC::JSObject::resetInheritorID):
+
+2012-04-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG and LLInt should not clobber the frame pointer on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=84185
+ <rdar://problem/10767252>
+
+ Reviewed by Gavin Barraclough.
+
+ Changed LLInt to use a different register. Changed DFG to use one fewer
+ registers. We should revisit this and switch the DFG to use a different
+ register instead of r7, but we can do that in a subsequent step since
+ the performance effect is tiny.
+
+ * dfg/DFGGPRInfo.h:
+ (GPRInfo):
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ * offlineasm/armv7.rb:
+
+2012-04-17 Filip Pizlo <fpizlo@apple.com>
+
+ use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument
+ https://bugs.webkit.org/show_bug.cgi?id=83942
+ <rdar://problem/11247370>
+
+ Reviewed by Gavin Barraclough.
+
+ Don't use references to the graph after resizing the graph.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::flushArgument):
+
+2012-04-16 Gavin Barraclough <barraclough@apple.com>
+
+ Array.prototype.toString should be generic
+ https://bugs.webkit.org/show_bug.cgi?id=81588
+
+ Reviewed by Sam Weinig.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ - check for join function, use fast case if base object is array & join is present & default.
+ * runtime/CommonIdentifiers.h:
+ - added 'join'.
+
+2012-04-16 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck issues.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2012-04-16 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r114309.
+ http://trac.webkit.org/changeset/114309
+ https://bugs.webkit.org/show_bug.cgi?id=84097
+
+ it broke everything (Requested by olliej on #webkit).
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.h:
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ (Interpreter):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (functionJSCStack):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::handleHostCall):
+ * parser/Parser.h:
+ (JSC::::parse):
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ (JSC::throwError):
+ * runtime/Error.h:
+ (JSC):
+
+2012-04-16 Oliver Hunt <oliver@apple.com>
+
+ Exception stack traces aren't complete when the exception starts in native code
+ https://bugs.webkit.org/show_bug.cgi?id=84073
+
+ Reviewed by Gavin Barraclough.
+
+ Refactored building the stack trace to so that we can construct
+ it earlier, and don't rely on any prior work performed in the
+ exception handling machinery. Also updated LLInt and the DFG to
+ completely initialise the callframes of host function calls.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::codeOriginIndexForReturn):
+ (CodeBlock):
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::addStackTraceIfNecessary):
+ (JSC):
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ (Interpreter):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (functionJSCStack):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::handleHostCall):
+ * parser/Parser.h:
+ (JSC::::parse):
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ (JSC::throwError):
+ * runtime/Error.h:
+ (JSC):
+
+2012-04-16 Oliver Hunt <oliver@apple.com>
+
+ Fix COMMANDLINE_TYPEDARRAYS build
+ https://bugs.webkit.org/show_bug.cgi?id=84051
+
+ Reviewed by Gavin Barraclough.
+
+ Update for new putByIndex API and wtf changes.
+
+ * JSCTypedArrayStubs.h:
+ (JSC):
+
+2012-04-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ GC in the middle of JSObject::allocatePropertyStorage can cause badness
+ https://bugs.webkit.org/show_bug.cgi?id=83839
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're
+ growing our already-existing PropertyStorage.
+ * runtime/JSObject.h:
+ (JSObject):
+ (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage
+ and the new structure so that we can be sure a GC never occurs when our Structure
+ info is out of sync with our PropertyStorage.
+ (JSC):
+ (JSC::JSObject::putDirectInternal): Moved the check to see if we should
+ allocate more backing store before the actual property insertion into
+ the structure.
+ (JSC::JSObject::putDirectWithoutTransition): Ditto.
+ (JSC::JSObject::transitionTo): Ditto.
+ * runtime/Structure.cpp:
+ (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy
+ for property backing stores contained within the Structure class.
+ (JSC):
+ * runtime/Structure.h:
+ (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion
+ into the Structure would require resizing the property backing store so that they can
+ preallocate the required storage.
+ (Structure):
+
+2012-04-13 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r114185.
+ http://trac.webkit.org/changeset/114185
+ https://bugs.webkit.org/show_bug.cgi?id=83967
+
+ Broke a bunch of JavaScript related tests (Requested by
+ andersca on #webkit).
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ * runtime/CommonIdentifiers.h:
+ * tests/mozilla/ecma/Array/15.4.4.2.js:
+ (getTestCases):
+
+2012-04-13 Gavin Barraclough <barraclough@apple.com>
+
+ Don't rely on fixed offsets to patch calls
+ https://bugs.webkit.org/show_bug.cgi?id=83966
+
+ Rubber stamped by Oliver Hunt.
+
+ These aren't being used anywhere!
+
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+
+2012-04-13 Hojong Han <hojong.han@samsung.com>
+
+ Array.prototype.toString and Array.prototype.toLocaleString should be generic
+ https://bugs.webkit.org/show_bug.cgi?id=81588
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ * runtime/CommonIdentifiers.h:
+ * tests/mozilla/ecma/Array/15.4.4.2.js:
+ (getTestCases.array.item.new.TestCase):
+ (getTestCases):
+
+2012-04-13 Gavin Barraclough <barraclough@apple.com>
+
+ Don't rely on fixed offsets to patch method checks
+ https://bugs.webkit.org/show_bug.cgi?id=83958
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/StructureStubInfo.h:
+ - Add fields for the method check info.
+ * jit/JIT.cpp:
+ (JSC::PropertyStubCompilationInfo::copyToStubInfo):
+ - Store the offsets on the stub info, instead of asserting.
+ * jit/JIT.h:
+ - Delete all the method check related offsets.
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ - Use the offset from the stubInfo.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Pass the stubInfo to patchMethodCallProto.
+
+2012-04-13 Gavin Barraclough <barraclough@apple.com>
+
+ Don't rely on fixed offsets to patch get_by_id/put_by_id
+ https://bugs.webkit.org/show_bug.cgi?id=83924
+
+ Reviewed by Oliver Hunt.
+
+ Store offsets in the structure stub info, as we do for the DFG JIT.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::differenceBetween):
+ - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!)
+ * bytecode/StructureStubInfo.h:
+ - added new fields for baseline JIT offsets.
+ * jit/JIT.cpp:
+ (JSC::PropertyStubCompilationInfo::copyToStubInfo):
+ - moved out from JIT::privateCompile.
+ (JSC::JIT::privateCompile):
+ - moved out code to PropertyStubCompilationInfo::copyToStubInfo.
+ * jit/JIT.h:
+ (PropertyStubCompilationInfo):
+ - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info.
+ - removed many offsets.
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::patchGetByIdSelf):
+ (JSC::JIT::patchPutByIdReplace):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ (JSC::JIT::resetPatchGetById):
+ (JSC::JIT::resetPatchPutById):
+ - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
+ - changed repatch functions to read offsets from the structure stub info.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::patchGetByIdSelf):
+ (JSC::JIT::patchPutByIdReplace):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ (JSC::JIT::resetPatchGetById):
+ (JSC::JIT::resetPatchPutById):
+ - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
+ - changed repatch functions to read offsets from the structure stub info.
+
+2012-04-13 Rob Buis <rbuis@rim.com>
+
+ Fix some compiler warnings (miscellaneous)
+ https://bugs.webkit.org/show_bug.cgi?id=80790
+
+ Reviewed by Antonio Gomes.
+
+ Fix signed/unsigned comparison warning.
+
+ * parser/Lexer.cpp:
+ (JSC::::record16):
+
+2012-04-12 Benjamin Poulain <bpoulain@apple.com>
+
+ Improve replaceUsingStringSearch() for case of a single character searchValue
+ https://bugs.webkit.org/show_bug.cgi?id=83738
+
+ Reviewed by Geoffrey Garen.
+
+ This patch improves replaceUsingStringSearch() with the following:
+ -Add a special case for single character search, taking advantage of the faster WTF::find().
+ -Inline replaceUsingStringSearch().
+ -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds
+ by definition.
+
+ This gives less than 1% improvement for the multicharacter replace.
+ The single character search show about 9% improvement.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::replaceUsingStringSearch):
+
+2012-04-12 Michael Saboff <msaboff@apple.com>
+
+ StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects
+ https://bugs.webkit.org/show_bug.cgi?id=83823
+
+ Reviewed by Gavin Barraclough.
+
+ Put the clearing of the accessType to after the call to deref() so that
+ deref() can use the accessType to delete referenced objects as needed.
+
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::reset):
+
+2012-04-12 Balazs Kelemen <kbalazs@webkit.org>
+
+ [Qt] Fix WebKit1 build with V8
+ https://bugs.webkit.org/show_bug.cgi?id=83322
+
+ Reviewed by Adam Barth.
+
+ * yarr/yarr.pri:
+
+2012-04-12 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=83821
+ Move dfg repatching properties of structure stub info into a union
+
+ Reviewed by Oliver Hunt.
+
+ We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this.
+
+ * bytecode/StructureStubInfo.h:
+ (StructureStubInfo):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchByIdSelfAccess):
+ (JSC::DFG::linkRestoreScratch):
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryBuildGetByIDProtoList):
+ (JSC::DFG::emitPutReplaceStub):
+ (JSC::DFG::emitPutTransitionStub):
+ (JSC::DFG::tryCachePutByID):
+ (JSC::DFG::tryBuildPutByIdList):
+ (JSC::DFG::dfgResetGetByID):
+ (JSC::DFG::dfgResetPutByID):
+
+2012-04-12 Gavin Barraclough <barraclough@apple.com>
+
+ Delete a bunch of unused, copy & pasted values in JIT.h
+ https://bugs.webkit.org/show_bug.cgi?id=83822
+
+ Reviewed by Oliver Hunt.
+
+ The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense.
+
+ * jit/JIT.h:
+ (JIT):
+
+2012-04-12 Csaba Osztrogonác <ossy@webkit.org>
+
+ [Qt][ARM] Buildfix after r113934.
+
+ Reviewed by Zoltan Herczeg.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::compare8):
+ (MacroAssemblerARM):
+
+2012-04-11 Filip Pizlo <fpizlo@apple.com>
+
+ It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail
+ https://bugs.webkit.org/show_bug.cgi?id=83744
+ <rdar://problem/11206946>
+
+ Reviewed by Andy Estes.
+
+ This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node
+ that is statically known to return boolean results.
+
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+
+2012-04-11 Michael Saboff <msaboff@apple.com>
+
+ Invalid Union Reference in StructureStubInfo.{cpp.h}
+ https://bugs.webkit.org/show_bug.cgi?id=83735
+
+ Reviewed by Filip Pizlo.
+
+ Changed the references to u.getByIdProtoList and u.getByIdSelfList
+ to be consistent.
+
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::visitWeakReferences):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdSelfList):
+
+2012-04-11 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed attempting to make Qt's eccentric hardware work.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::compare8):
+ (MacroAssemblerARM):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::compare8):
+ (MacroAssemblerMIPS):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::compare8):
+ (MacroAssemblerSH4):
+
+2012-04-11 Filip Pizlo <fpizlo@apple.com>
+
+ op_is_foo should be optimized
+ https://bugs.webkit.org/show_bug.cgi?id=83666
+
+ Reviewed by Gavin Barraclough.
+
+ This implements inlining of op_is_undefined, op_is_string, op_is_number,
+ and op_is_boolean in LLInt and the baseline JIT. op_is_object and
+ op_is_function are not inlined because they are quite a bit more complex.
+
+ This also implements all of the op_is_foo opcodes in the DFG, but it does
+ not do any type profiling based optimizations, yet.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::compare8):
+ (MacroAssemblerARMv7):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::compare8):
+ (MacroAssemblerX86Common):
+ * assembler/MacroAssemblerX86_64.h:
+ (MacroAssemblerX86_64):
+ (JSC::MacroAssemblerX86_64::testPtr):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCCallHelpers.h:
+ (JSC::DFG::CCallHelpers::setupArguments):
+ (CCallHelpers):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ (JSC::DFG::SpeculativeJIT::appendCallSetResult):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_is_undefined):
+ (JSC):
+ (JSC::JIT::emit_op_is_boolean):
+ (JSC::JIT::emit_op_is_number):
+ (JSC::JIT::emit_op_is_string):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_is_undefined):
+ (JSC):
+ (JSC::JIT::emit_op_is_boolean):
+ (JSC::JIT::emit_op_is_number):
+ (JSC::JIT::emit_op_is_string):
+ * jit/JITStubs.cpp:
+ (JSC):
+ * llint/LLIntSlowPaths.cpp:
+ (LLInt):
+ * llint/LLIntSlowPaths.h:
+ (LLInt):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * offlineasm/armv7.rb:
+ * offlineasm/instructions.rb:
+ * offlineasm/x86.rb:
+
+2012-04-11 Filip Pizlo <fpizlo@apple.com>
+
+ If you use an IntegerOperand and want to return it with integerResult, you need to
+ zero extend to get rid of the box
+ https://bugs.webkit.org/show_bug.cgi?id=83734
+ <rdar://problem/11232296>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+
+2012-04-11 Filip Pizlo <fpizlo@apple.com>
+
+ SpeculativeJIT::fillStorage() should work with all the states that a cell may be in
+ https://bugs.webkit.org/show_bug.cgi?id=83722
+
+ Reviewed by Gavin Barraclough.
+
+ It's now possible to do StorageOperand on a cell, in the case that the storage is
+ inline. But this means that fillStorage() must be able to handle all of the states
+ that a cell might be in. Previously it didn't.
+
+ With this change, it now does handle all of the states, and moreover, it does so
+ by preserving the DataFormat of cells and performing all of the cell speculations
+ that should be performed if you're using a cell as storage. But if you use this on
+ something that is known to be storage already then it behaves as it did before.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillStorage):
+
+2012-04-11 Filip Pizlo <fpizlo@apple.com>
+
+ Global variable predictions should not be coalesced unnecessarily
+ https://bugs.webkit.org/show_bug.cgi?id=83678
+
+ Reviewed by Geoff Garen.
+
+ Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar
+ to have a heapPrediction like a civilized DFG opcode ought to.
+
+ No performance effect.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictionTracker.h: Removed.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGenerationInfo.h:
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (Graph):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+
+2012-04-11 Benjamin Poulain <bpoulain@apple.com>
+
+ Optimize String.split() for 1 character separator
+ https://bugs.webkit.org/show_bug.cgi?id=83546
+
+ Reviewed by Gavin Barraclough.
+
+ This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case
+ where the separator is a single character.
+
+ The two main gains are:
+ -Use of the find() function with a single character instead of doing a full string matching.
+ -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline
+ function.
+
+ The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits.
+
+ This makes String.split() faster by about 13% in that particular case.
+
+ * runtime/StringPrototype.cpp:
+ (JSC):
+ (JSC::splitStringByOneCharacterImpl):
+ (JSC::stringProtoFuncSplit):
+
+2012-04-10 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck issues.
+
+ * GNUmakefile.list.am: Ad missing files.
+
+2012-04-10 Mark Rowe <mrowe@apple.com>
+
+ Attempt to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-04-10 Patrick Gansterer <paroga@webkit.org>
+
+ Cleanup wtf/Platform.h and config.h files
+ https://bugs.webkit.org/show_bug.cgi?id=83431
+
+ Reviewed by Eric Seidel.
+
+ The ENABLE() and USE() macros take care about the case when the flag
+ isn't defined. So there is no need to define anything with 0.
+
+ Also move duplicated code from the config.h files to Platform.h and
+ merge a few preprocessor commands to make the file more readable.
+
+ * config.h:
+
+2012-04-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should flush SetLocals to arguments
+ https://bugs.webkit.org/show_bug.cgi?id=83554
+
+ Reviewed by Gavin Barraclough.
+
+ This is necessary to match baseline JIT argument capture behavior.
+
+ But to make this work right we need to have a story for arguments into
+ which we store values of different formats. This patch introduces the
+ notion of an ArgumentPosition - i.e. an argument in a particular inline
+ call frame - and forces unification of all data pertinent to selecting
+ the argument's data format.
+
+ Also fixed an amusing bug in the handling of OSR on SetLocals if there
+ was any insertion/deletion of nodes in the basic block. This is benign
+ for now but won't be eventually since the DFG is getting smarter. So
+ better fix it now.
+
+ Also fixed an amusing bug in the handling of OSR on SetLocals if they
+ are immediately followed by a Flush. I think this bug might have always
+ been there but now it'll happen more commonly, and it's covered by the
+ run-javascriptcore-tests.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGArgumentPosition.h: Added.
+ (DFG):
+ (ArgumentPosition):
+ (JSC::DFG::ArgumentPosition::ArgumentPosition):
+ (JSC::DFG::ArgumentPosition::addVariable):
+ (JSC::DFG::ArgumentPosition::mergeArgumentAwareness):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGDoubleFormatState.h: Added.
+ (DFG):
+ (JSC::DFG::mergeDoubleFormatStates):
+ (JSC::DFG::mergeDoubleFormatState):
+ (JSC::DFG::doubleFormatStateToString):
+ * dfg/DFGGraph.h:
+ (Graph):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::VariableAccessData):
+ (JSC::DFG::VariableAccessData::predict):
+ (JSC::DFG::VariableAccessData::argumentAwarePrediction):
+ (VariableAccessData):
+ (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction):
+ (JSC::DFG::VariableAccessData::doubleFormatState):
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
+ (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
+ (JSC::DFG::VariableAccessData::mergeDoubleFormatState):
+ (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
+
+2012-04-10 Adam Klein <adamk@chromium.org>
+
+ Remove unused NonNullPassRefPtr from WTF
+ https://bugs.webkit.org/show_bug.cgi?id=82389
+
+ Reviewed by Kentaro Hara.
+
+ * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr.
+
+2012-04-10 Darin Adler <darin@apple.com>
+
+ Remove unused data member from Lexer class
+ https://bugs.webkit.org/show_bug.cgi?id=83429
+
+ Reviewed by Kentaro Hara.
+
+ I noticed that m_delimited was "write-only", so I deleted it.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::setCode): Removed code to set m_delimited.
+ (JSC::Lexer::parseIdentifier): Ditto.
+ (JSC::Lexer::parseIdentifierSlowCase): Ditto.
+ (JSC::Lexer::lex): Ditto.
+ * parser/Lexer.h: Deleted m_delimited.
+
+2012-04-10 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Enable USE_FOLDERS property
+ https://bugs.webkit.org/show_bug.cgi?id=83571
+
+ Reviewed by Daniel Bates.
+
+ Setting the FOLDER property on targets gives more structure
+ to the generated Visual Studio solutions.
+ This does not affect other CMake generators.
+
+ * CMakeLists.txt:
+ * shell/CMakeLists.txt:
+
+2012-04-10 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to see why a code block was not compiled by the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=83553
+
+ Reviewed by Geoff Garen.
+
+ If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the
+ opcode that caused the rejection.
+
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::debugFail):
+ (DFG):
+ (JSC::DFG::canHandleOpcodes):
+
+2012-04-09 Gavin Barraclough <barraclough@apple.com>
+
+ If a callback constructor returns a C++ null, throw a type error.
+ https://bugs.webkit.org/show_bug.cgi?id=83537
+
+ Rubber Stamped by Geoff Garen.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::constructJSCallback):
+ - If a callback constructor returns a C++ null, throw a type error.
+ * API/tests/testapi.c:
+ (Base_returnHardNull):
+ * API/tests/testapi.js:
+ - Add a test case for callback constructors that return a C++ null.
+
+2012-04-09 Gavin Barraclough <barraclough@apple.com>
+
+ If a callback function returns a C++ null, convert to undefined.
+ https://bugs.webkit.org/show_bug.cgi?id=83534
+
+ Reviewed by Geoff Garen.
+
+ * API/JSCallbackFunction.cpp:
+ - If a callback function returns a C++ null, convert to undefined.
+ (JSC::JSCallbackFunction::call):
+ * API/tests/testapi.c:
+ (Base_returnHardNull):
+ * API/tests/testapi.js:
+ - Add a test case for callback functions that return a C++ null.
+
+2012-04-09 Filip Pizlo <fpizlo@apple.com>
+
+ Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that
+ are currently being generated
+ https://bugs.webkit.org/show_bug.cgi?id=83531
+ <rdar://problem/11215200>
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+
+2012-04-09 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks.
+
+ * dfg/DFGOperations.cpp:
+ (JSC):
+ * offlineasm/armv7.rb:
+
+2012-04-09 Patrick Gansterer <paroga@webkit.org>
+
+ Remove HAVE_STDINT_H
+ https://bugs.webkit.org/show_bug.cgi?id=83434
+
+ Reviewed by Kentaro Hara.
+
+ HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already.
+
+ * config.h:
+
+2012-04-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not load the property storage if it is inline.
+ https://bugs.webkit.org/show_bug.cgi?id=83455
+
+ Reviewed by Gavin Barraclough.
+
+ We had previously decided to have all property storage accesses go through
+ the property storage pointer even if they don't "really" have to, because
+ we were thinking this would help GC barriers somehow. Well, we never ended
+ up doing anything with that. Hence, doing these wasted loads of the
+ property storage pointer when the storage is inline is just a waste of CPU
+ cycles.
+
+ This change makes the DFG's inline property accesses (GetByOffset and
+ PutByOffset) go directly to the inline property storage if the structure(s)
+ tell us that it's OK.
+
+ This looks like an across-the-board 1% win.
+
+ * bytecode/StructureSet.h:
+ (JSC):
+ (JSC::StructureSet::allAreUsingInlinePropertyStorage):
+ (StructureSet):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillStorage):
+
+2012-04-08 Filip Pizlo <fpizlo@apple.com>
+
+ Command-line jsc's exception handling should be rationalized
+ https://bugs.webkit.org/show_bug.cgi?id=83437
+
+ Reviewed by Dan Bernstein.
+
+ - If an exception is thrown during run() execution, it is now propagated,
+ so that it will terminate program execution unless it is caught.
+
+ - If program execution terminates with an exception, the exception is now
+ always printed.
+
+ - When printing the exception, the backtrace is now also printed if one is
+ available. It will only not be available if you use something akin to my
+ favorite line of code, 'throw "error"', since primitives don't have
+ properties and hence we cannot attach a "stack" property to them.
+
+ * jsc.cpp:
+ (functionRun):
+ (runWithScripts):
+
+2012-04-04 Filip Pizlo <fpizlo@apple.com>
+
+ Forced OSR exits should lead to recompilation based on count, not rate
+ https://bugs.webkit.org/show_bug.cgi?id=83247
+ <rdar://problem/10720925>
+
+ Reviewed by Geoff Garen.
+
+ Track which OSR exits happen because of inadequate coverage. Count them
+ separately. If the count reaches a threshold, immediately trigger
+ reoptimization.
+
+ This is in contrast to the recompilation trigger for all other OSR exits.
+ Normally recomp is triggered when the exit rate exceeds a certain ratio.
+
+ Looks like a slight V8 speedup (sub 1%).
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::forcedOSRExitCounter):
+ (JSC::CodeBlock::addressOfForcedOSRExitCounter):
+ (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
+ (JSC::CodeBlock::shouldReoptimizeNow):
+ (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
+ (CodeBlock):
+ * bytecode/DFGExitProfile.h:
+ (JSC::DFG::exitKindToString):
+ * dfg/DFGOSRExitCompiler.cpp:
+ (JSC::DFG::OSRExitCompiler::handleExitCounts):
+ (DFG):
+ * dfg/DFGOSRExitCompiler.h:
+ (OSRExitCompiler):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/Options.cpp:
+ (Options):
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h:
+ (Options):
+
+2012-04-06 Benjamin Poulain <bpoulain@apple.com>
+
+ Do not abuse ArrayStorage's m_length for testing array consistency
+ https://bugs.webkit.org/show_bug.cgi?id=83403
+
+ Reviewed by Geoffrey Garen.
+
+ Array creation from a list of values is a 3 steps process:
+ -JSArray::tryCreateUninitialized()
+ -JSArray::initializeIndex() for each values
+ -JSArray::completeInitialization()
+
+ Previously, the attribute m_length was not set to the final size
+ JSArray::tryCreateUninitialized() because it was used to test the array
+ consistency JSArray::initializeIndex().
+
+ This caused the initialization loop using JSArray::initializeIndex() maintain
+ two counters:
+ -index of the loop
+ -storage->m_length++
+
+ This patch fixes this by using the index of the initialization loop for the indinces of
+ JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex
+ is introduced if CHECK_ARRAY_CONSISTENCY is defined.
+
+ The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined.
+
+ This improves the performance of JSArray creation from literals by 8%.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::tryFinishCreationUninitialized):
+ (JSC::JSArray::checkConsistency):
+ * runtime/JSArray.h:
+ (ArrayStorage):
+ (JSC::JSArray::initializeIndex):
+ (JSC::JSArray::completeInitialization):
+
+2012-04-06 Jon Lee <jonlee@apple.com>
+
+ Build fix for Windows bots.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol.
+
+2012-04-06 Geoffrey Garen <ggaren@apple.com>
+
+ Renamed
+
+ WeakHeap => WeakSet
+ HandleHeap => HandleSet
+
+ Reviewed by Sam Weinig.
+
+ These sets do have internal allocators, but it's confusing to call them
+ heaps because they're sub-objects of an object called "heap".
+
+ * heap/HandleHeap.cpp: Removed.
+ * heap/HandleHeap.h: Removed.
+ * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp.
+ * heap/WeakHeap.cpp: Removed.
+ * heap/WeakHeap.h: Removed.
+ * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp.
+ * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h.
+
+ Plus global rename using grep.
+
+2012-04-06 Dan Bernstein <mitz@apple.com>
+
+ <rdar://problem/10912476> HiDPI: Have canvas use a hidpi backing store, but downsample upon access
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS.
+
+2012-04-06 Rob Buis <rbuis@rim.com>
+
+ Fix cast-align warnings in JSC
+ https://bugs.webkit.org/show_bug.cgi?id=80790
+
+ Reviewed by George Staikos.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::computeJumpType):
+ (JSC::ARMv7Assembler::link):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::linkCode):
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::copyAndAppend):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * wtf/RefCountedArray.h:
+ (WTF::RefCountedArray::Header::payload):
+
+2012-04-06 Darin Adler <darin@apple.com>
+
+ Streamline strtod and fix some related problems
+ https://bugs.webkit.org/show_bug.cgi?id=82857
+
+ Reviewed by Geoffrey Garen.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number
+ and we know it has only correct characters, leading spaces, trailing junk, and
+ trailing spaces are not a possibility. No need to add a trailing null character.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need
+ to allow trailing junk since the code above already allows only numeric digits
+ in the string. This code path is used only in unusual cases, so it's not
+ optimized for 8-bit strings, but easily could be.
+ (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this
+ function template because all the callers are OK with trailing junk. Use the
+ parseDouble function. No need to copy the data into a byte buffer, because
+ parseDouble handles that.
+ (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the
+ jsStrDecimalLiteral function template. That's OK because this function
+ already checks for trailing junk and handles it appropriately. The old code
+ path was doing it twice.
+ (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the
+ jsStrDecimalLiteral function template; the template allows junk unconditionally.
+
+ * runtime/LiteralParser.cpp:
+ (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number
+ and we know it has only correct characters, leading spaces, trailing junk, and
+ trailing spaces are not a possibility. No need to add a trailing null character.
+ No need to copy the data into a byte buffer, because parseDouble handles that.
+ We could optimize the UChar case even more because we know all the characters
+ are ASCII, but not doing that at this time.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated.
+
+2012-04-06 Patrick Gansterer <paroga@webkit.org>
+
+ Remove JSC dependency from GregorianDateTime
+ https://bugs.webkit.org/show_bug.cgi?id=83290
+
+ Reviewed by Geoffrey Garen.
+
+ This allows us to move it to WTF later.
+
+ * runtime/DateConstructor.cpp:
+ (JSC::callDate):
+ * runtime/JSDateMath.h:
+
+2012-04-05 Michael Saboff <msaboff@apple.com>
+
+ Call Heap::discardAllCompiledCode() in low memory situations
+ https://bugs.webkit.org/show_bug.cgi?id=83335
+
+ Reviewed by Geoffrey Garen.
+
+ Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?"
+ check inline so that it can be called directly without this check.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::discardAllCompiledCode):
+ (JSC::Heap::collectAllGarbage):
+ * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be
+ called from WebCore.
+ (Heap):
+ * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration.
+ (JSGlobalData):
+
+2012-04-05 Benjamin Poulain <bpoulain@apple.com>
+
+ Speed up the conversion from JSValue to String for bulk operations
+ https://bugs.webkit.org/show_bug.cgi?id=83243
+
+ Reviewed by Geoffrey Garen.
+
+ When making operations on primitive types, we loose some time converting
+ values to JSString in order to extract the string.
+
+ This patch speeds up some basic Array operations by avoiding the creation
+ of intermediary JSString when possible.
+
+ For the cases where we need to convert a lot of JSValue in a tight loop,
+ an inline conversion is used.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncSort):
+ * runtime/CommonIdentifiers.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sort):
+ * runtime/JSString.h:
+ (JSC::JSValue::toUString):
+ (JSC):
+ (JSC::inlineJSValueNotStringtoUString):
+ (JSC::JSValue::toUStringInline):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toUStringSlowCase):
+ (JSC):
+ * runtime/JSValue.h:
+ (JSValue):
+
+2012-04-05 Benjamin Poulain <bpoulain@apple.com>
+
+ Use QuickSort when sorting primitive values by string representation
+ https://bugs.webkit.org/show_bug.cgi?id=83312
+
+ Reviewed by Gavin Barraclough.
+
+ When the value we are sorting are all primitive values, we do not need to
+ ensure a stable sort as two values with equal string representation are
+ indistinguishable from JavaScript.
+
+ This gives about 16% performance increase when sorting primitive values.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sort):
+
+2012-04-05 Oliver Hunt <oliver@apple.com>
+
+ SIGILL in JavaScriptCore on a Geode processor
+ https://bugs.webkit.org/show_bug.cgi?id=82496
+
+ Reviewed by Gavin Barraclough.
+
+ Don't attempt to use the DFG when SSE2 is not available.
+
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::canCompileOpcodes):
+
+2012-04-05 Oliver Hunt <oliver@apple.com>
+
+ Fix 32-bit build.
+
+ * API/APICast.h:
+ (toJS):
+
+2012-04-05 Oliver Hunt <oliver@apple.com>
+
+ Replace static_cast with jsCast when casting JSCell subclasses in JSC
+ https://bugs.webkit.org/show_bug.cgi?id=83307
+
+ Reviewed by Gavin Barraclough.
+
+ Replace all usage of static_cast<JSCell subtype*> with jsCast<> in JavaScriptCore.
+ This results in assertions when unsafe casts are performed, but simply leaves
+ a static_cast<> in release builds.
+
+ * API/APICast.h:
+ (toJS):
+ * API/JSCallbackConstructor.cpp:
+ (JSC::constructJSCallback):
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::call):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::asCallbackObject):
+ (JSC::::finishCreation):
+ (JSC::::construct):
+ (JSC::::call):
+ * API/JSObjectRef.cpp:
+ (JSObjectGetPrivate):
+ (JSObjectSetPrivate):
+ (JSObjectGetPrivateProperty):
+ (JSObjectSetPrivateProperty):
+ (JSObjectDeletePrivateProperty):
+ * API/JSValueRef.cpp:
+ (JSValueIsObjectOfClass):
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::resolve):
+ (JSC::BytecodeGenerator::resolveConstDecl):
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::finishCreation):
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.h:
+ (JSC::isHostFunction):
+ * runtime/JSActivation.h:
+ (JSC::asActivation):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::defineOwnProperty):
+ * runtime/JSArray.h:
+ (JSC::asArray):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::boundFunctionCall):
+ (JSC::boundFunctionConstruct):
+ * runtime/JSByteArray.h:
+ (JSC::asByteArray):
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toObject):
+ * runtime/JSCell.h:
+ (JSC::jsCast):
+ * runtime/JSGlobalObject.h:
+ (JSC::asGlobalObject):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::setPrototypeWithCycleCheck):
+ (JSC::JSObject::allowsAccessFrom):
+ (JSC::JSObject::toThisObject):
+ (JSC::JSObject::unwrappedObject):
+ * runtime/JSObject.h:
+ (JSC::asObject):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::Register::propertyNameIterator):
+ * runtime/JSString.h:
+ (JSC::asString):
+ (JSC::JSValue::toString):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSubstr):
+
+2012-04-05 Benjamin Poulain <bpoulain@apple.com>
+
+ Make something faster than JSStringBuilder for joining an array of JSValue
+ https://bugs.webkit.org/show_bug.cgi?id=83180
+
+ Reviewed by Geoffrey Garen.
+
+ This patch add the class JSStringJoiner optimized for join() operations.
+
+ This class makes stricter constraints than JSStringBuilder in order avoid
+ memory allocations.
+
+ In the best case, the class allocate memory only twice:
+ -Allocate an array to keep a list of UString to join.
+ -Allocate the final string.
+
+ We also avoid the conversion from 8bits strings to 16bits strings since
+ they are costly and unlikly to help for subsequent calls.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ * runtime/JSStringJoiner.cpp: Added.
+ (JSC):
+ (JSC::appendStringToData):
+ (JSC::joinStrings):
+ (JSC::JSStringJoiner::build):
+ * runtime/JSStringJoiner.h: Added.
+ (JSC):
+ (JSStringJoiner):
+ (JSC::JSStringJoiner::JSStringJoiner):
+ (JSC::JSStringJoiner::append):
+
+2012-04-05 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=77293
+ [Un]Reserve 'let'
+
+ Rubber stamped by Oliver Hunt.
+
+ Revert r106198.
+ This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html
+ If we're going to reserve let, we're going to have to do so in a more
+ circumspect fashion.
+
+ * parser/Keywords.table:
+
+2012-04-05 Michael Saboff <msaboff@apple.com>
+
+ Rolling out http://trac.webkit.org/changeset/113262.
+ Original code was fine.
+
+ Rubber-stamped by Oliver Hunt.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::additionBlindedConstant):
+
+2012-04-05 Patrick Gansterer <paroga@webkit.org>
+
+ [WinCE] Remove unnecessary function decleration
+ https://bugs.webkit.org/show_bug.cgi?id=83155
+
+ Reviewed by Kentaro Hara.
+
+ * runtime/JSDateMath.cpp:
+
+2012-04-04 Patrick Gansterer <paroga@webkit.org>
+
+ Add WTF::getCurrentLocalTime()
+ https://bugs.webkit.org/show_bug.cgi?id=83164
+
+ Reviewed by Alexey Proskuryakov.
+
+ Replace the calls to WTF::getLocalTime() with time(0) with the new function.
+ This allows us to use Win32 API on windows to get the same result in a next step.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/DateConstructor.cpp:
+ (JSC::callDate):
+
+2012-04-04 Oliver Hunt <oliver@apple.com>
+
+ Parser fails to revert some state after parsing expression and object literals.
+ https://bugs.webkit.org/show_bug.cgi?id=83236
+
+ Reviewed by Gavin Barraclough.
+
+ Reset left hand side counter after parsing the literals.
+
+ * parser/Parser.cpp:
+ (JSC::::parseObjectLiteral):
+ (JSC::::parseStrictObjectLiteral):
+ (JSC::::parseArrayLiteral):
+
+2012-04-04 Filip Pizlo <fpizlo@apple.com>
+
+ DFG InstanceOf should not uselessly speculate cell
+ https://bugs.webkit.org/show_bug.cgi?id=83234
+
+ Reviewed by Oliver Hunt.
+
+ If InstanceOf is the only user of its child then don't speculate cell, since
+ the not-cell case is super easy to handle.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileInstanceOf):
+
+2012-04-04 Michael Saboff <msaboff@apple.com>
+
+ Fixed minor error: "& 3" should be "& 2".
+
+ Rubber-stamped by Oliver Hunt.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::additionBlindedConstant):
+
+2012-04-04 Michael Saboff <msaboff@apple.com>
+
+ Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP
+ https://bugs.webkit.org/show_bug.cgi?id=83191
+
+ Reviewed by Oliver Hunt.
+
+ Make are that blinded constant pairs are similarly aligned to the
+ original immediate values so that instructions that expect that
+ alignment work correctly. One example is ARMv7 add/sub imm to SP.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned.
+ (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned.
+ (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned.
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::additionBlindedConstant):
+
+2012-04-04 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should short-circuit Branch(LogicalNot(...))
+ https://bugs.webkit.org/show_bug.cgi?id=83181
+
+ Reviewed by Geoff Garen.
+
+ Slight (sub 1%) speed-up on V8.
+
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+
+2012-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode
+ https://bugs.webkit.org/show_bug.cgi?id=83139
+
+ Reviewed by Sam Weinig.
+
+ * heap/PassWeak.h:
+ (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error,
+ so work around that here. (Long-term, we should make 32-bit and 64-bit
+ agree on the right behavior.)
+
+2012-04-03 Geoffrey Garen <ggaren@apple.com>
+
+ Updated JSC expected test results to reflect recent bug fixes <disapproving look>.
+
+ Reviewed by Sam Weinig.
+
+ * tests/mozilla/expected.html:
+
+2012-03-29 Geoffrey Garen <ggaren@apple.com>
+
+ First step toward incremental Weak<T> finalization
+ https://bugs.webkit.org/show_bug.cgi?id=82670
+
+ Reviewed by Filip Pizlo.
+
+ This patch implements a Weak<T> heap that is compatible with incremental
+ finalization, while making as few behavior changes as possible. The behavior
+ changes it makes are:
+
+ (*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
+ instead, a separate flag indicates that the JSValue is no longer valid.
+ (This is required so that the JSValue can be preserved for later finalization.)
+ Objects dealing with WeakImpls directly must change to check the flag.
+
+ (*) Weak<T> is no longer a subclass of Handle<T>.
+
+ (*) DOM GC performance is different -- 9% faster in the geometric mean,
+ but 15% slower in one specific case:
+ gc-dom1.html: 6% faster
+ gc-dom2.html: 23% faster
+ gc-dom3.html: 17% faster
+ gc-dom4.html: 15% *slower*
+
+ The key features of this new heap are:
+
+ (*) Each block knows its own state, independent of any other blocks.
+
+ (*) Each block caches its own sweep result.
+
+ (*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
+ mark them yet, since that would be a behavior change.)
+
+ * API/JSCallbackObject.cpp:
+ (JSC::JSCallbackObjectData::finalize):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init): Updated to use the new WeakHeap API.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri: Paid the build system tax since I added some new files.
+
+ * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,
+ so we can keep passing a Handle<T> to finalizers, to avoid more surface
+ area change in this patch. A follow-up patch should change the type we
+ pass to finalizers.
+
+ * heap/HandleHeap.cpp:
+ (JSC):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::isLiveNode):
+ * heap/HandleHeap.h:
+ (JSC):
+ (HandleHeap):
+ (Node):
+ (JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
+ we have a separate WeakHeap now.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
+ for through our watermark now. Removed m_waterMark because it was unused.
+
+ (JSC::Heap::destroy): Updated for addition of WeakHeap.
+
+ (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
+ variable to participating in the watermark strategy. I wanted to standardize
+ WeakHeap and all other Heap clients on this strategy, to make sure it's
+ accurate.
+
+ (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
+ dead visit pass, as explained above.
+
+ (JSC::Heap::collect):
+ (JSC::Heap::resetAllocators): Updated for addition of WeakHeap.
+
+ (JSC::Heap::addFinalizer):
+ (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.
+
+ * heap/Heap.h:
+ (JSC::Heap::weakHeap):
+ (Heap):
+ (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
+ strategy, since this is the best way for WeakHeap to report its memory
+ cost. (I plan to update this in a follow-up patch to make it more accurate,
+ but for now it is not less accurate than it used to be.)
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocators):
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ (JSC::MarkedSpace::addToWaterMark):
+ (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
+ it was unused, and I didn't want to update WeakHeap to keep an usused
+ variable working. Added API for above.
+
+ * heap/PassWeak.h:
+ (JSC):
+ (WeakImplAccessor):
+ (PassWeak):
+ (JSC::::operator):
+ (JSC::::get):
+ (JSC::::was):
+ (JSC::::PassWeak):
+ (JSC::::~PassWeak):
+ (JSC::UnspecifiedBoolType):
+ (JSC::::leakImpl):
+ (JSC::adoptWeak):
+ * heap/Strong.h:
+ (JSC::Strong::operator!):
+ (Strong):
+ (JSC::Strong::operator UnspecifiedBoolType*):
+ (JSC::Strong::get):
+ * heap/Weak.h:
+ (Weak):
+ (JSC::::Weak):
+ (JSC):
+ (JSC::::isHashTableDeletedValue):
+ (JSC::::~Weak):
+ (JSC::::swap):
+ (JSC::=):
+ (JSC::::operator):
+ (JSC::UnspecifiedBoolType):
+ (JSC::::release):
+ (JSC::::clear):
+ (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
+ down to two things:
+
+ (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.
+
+ (*) Explicitly check WeakImpl::state() for non-liveness before returning
+ a value (explained above).
+
+ These files implement the new Weak<T> heap behavior described above:
+
+ * heap/WeakBlock.cpp: Added.
+ * heap/WeakBlock.h: Added.
+ * heap/WeakHandleOwner.cpp: Added.
+ * heap/WeakHandleOwner.h: Added.
+ * heap/WeakHeap.cpp: Added.
+ * heap/WeakHeap.h: Added.
+ * heap/WeakImpl.h: Added.
+
+ One interesting difference from the old heap is that we don't allow
+ clients to overwrite a WeakImpl after allocating it, and we don't recycle
+ WeakImpls prior to garbage collection. This is required for lazy finalization,
+ but it will also help us esablish a useful invariant in the future: allocating
+ a WeakImpl will be a binding contract to run a finalizer at some point in the
+ future, even if the WeakImpl is later deallocated.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
+ its JSValue, since that's our API contract now, and the JSValue might
+ be stale.
+
+ * runtime/JSCell.h:
+ (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.
+
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::add): I can't remember why I did this.
+
+ * runtime/StructureTransitionTable.h:
+ * runtime/WeakGCMap.h: I had to update these classes because they allocate
+ and deallocate weak pointers manually. They should probably stop doing that.
+
+2012-04-03 Keishi Hattori <keishi@webkit.org>
+
+ Disable ENABLE_DATALIST for now
+ https://bugs.webkit.org/show_bug.cgi?id=82871
+
+ Reviewed by Kent Tamura.
+
+ * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST.
+
+2012-04-02 Filip Pizlo <fpizlo@apple.com>
+
+ jsr/sret should be removed
+ https://bugs.webkit.org/show_bug.cgi?id=82986
+ <rdar://problem/11017015>
+
+ Reviewed by Sam Weinig and Geoff Garen.
+
+ Replaces jsr/sret with finally block inlining.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ (JSC):
+ (JSC::padOpcodeName):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::pushFinallyContext):
+ (JSC::BytecodeGenerator::emitComplexJumpScopes):
+ (JSC):
+ * bytecompiler/BytecodeGenerator.h:
+ (FinallyContext):
+ (BytecodeGenerator):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::TryNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITOpcodes.cpp:
+ (JSC):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+
+2012-04-03 Mark Rowe <mrowe@apple.com>
+
+ Make it possible to install the JavaScriptCore test tools.
+
+ Part of <rdar://problem/11158607>.
+
+ Reviewed by Filip Pizlo.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named
+ Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on
+ those targets individually to depending on the new aggregate target.
+
+2012-04-03 Filip Pizlo <fpizlo@apple.com>
+
+ Offlineasm ARM backend has a very convoluted way of saying it wants to emit a
+ three-operand multiply instruction
+ https://bugs.webkit.org/show_bug.cgi?id=83100
+
+ Reviewed by Darin Adler.
+
+ Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was
+ already smart enough to do the Right Thing for multiply.
+
+ * offlineasm/armv7.rb:
+
+2012-04-03 Filip Pizlo <fpizlo@apple.com>
+
+ Offlineasm ARM backend uses the wrong mnemonic for multiply
+ https://bugs.webkit.org/show_bug.cgi?id=83098
+ <rdar://problem/11168744>
+
+ Reviewed by Gavin Barraclough.
+
+ Use "mul" instead of "muls" since we're passing three operands, not two.
+
+ * offlineasm/armv7.rb:
+
+2012-04-03 Gavin Barraclough <barraclough@apple.com>
+
+ Linux crashes during boot
+ https://bugs.webkit.org/show_bug.cgi?id=83096
+
+ Reviewed by Filip Pizlo.
+
+ The bug here is that we add empty JSValues to the sparse map, and then set them
+ - but a GC may occur before doing so (due to a call to reportExtraMemory cost).
+ We may want to consider making it safe to mark empty JSValues, but the simple &
+ contained fix to this specific bug is to just initialize these values to
+ something other than JSValue().
+
+ * runtime/JSArray.cpp:
+ (JSC::SparseArrayValueMap::add):
+ - Initialize sparse map entries.
+
+2012-04-02 Oliver Hunt <oliver@apple.com>
+
+ Incorrect liveness information when inlining
+ https://bugs.webkit.org/show_bug.cgi?id=82985
+
+ Reviewed by Filip Pizlo.
+
+ Don't remap register numbers that have already been remapped.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+
+2012-04-02 Filip Pizlo <fpizlo@apple.com>
+
+ Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we
+ try to create an arguments object from the activation
+ https://bugs.webkit.org/show_bug.cgi?id=82947
+ <rdar://problem/11058598>
+
+ Reviewed by Gavin Barraclough.
+
+ We now copy the entire call frame header just to be sure. This is mostly perf-netural,
+ except for a 3.7% slow-down in V8/earley.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::tearOff):
+
+2012-04-02 Daniel Bates <dbates@webkit.org>
+
+ Remove Source/JavaScriptCore/wtf and its empty subdirectories
+
+ Rubber-stamped by Eric Seidel.
+
+ Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF
+ (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory
+ Source/JavaScriptCore/wtf and its empty subdirectories.
+
+ * wtf: Removed.
+ * wtf/android: Removed.
+ * wtf/blackberry: Removed.
+ * wtf/chromium: Removed.
+ * wtf/dtoa: Removed.
+ * wtf/efl: Removed.
+ * wtf/gobject: Removed.
+ * wtf/gtk: Removed.
+ * wtf/mac: Removed.
+ * wtf/qt: Removed.
+ * wtf/qt/compat: Removed.
+ * wtf/tests: Removed.
+ * wtf/text: Removed.
+ * wtf/threads: Removed.
+ * wtf/threads/win: Removed.
+ * wtf/unicode: Removed.
+ * wtf/unicode/glib: Removed.
+ * wtf/unicode/icu: Removed.
+ * wtf/unicode/qt4: Removed.
+ * wtf/unicode/wince: Removed.
+ * wtf/url: Removed.
+ * wtf/url/api: Removed.
+ * wtf/url/src: Removed.
+ * wtf/win: Removed.
+ * wtf/wince: Removed.
+ * wtf/wx: Removed.
+
+2012-04-02 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck issues.
+
+ * GNUmakefile.list.am: Add missing file.
+
+2012-04-01 Darin Adler <darin@apple.com>
+
+ Fix incorrect path for libWTF.a in Mac project file.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that
+ would cause other configurations to try to link with the "Release" version of
+ libWTF.a instead of the correct version.
+
+2012-03-29 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should optimize a==b for a being an object and b being either an object or
+ null/undefined, and vice versa
+ https://bugs.webkit.org/show_bug.cgi?id=82656
+
+ Reviewed by Oliver Hunt.
+
+ Implements additional object equality optimizations for the case that one
+ operand is predicted to be an easily speculated object (like FinalObject or
+ Array) and the other is either an easily speculated object or Other, i.e.
+ Null or Undefined.
+
+ 2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8.
+
+ I also took the opportunity to clean up the control flow for the speculation
+ decisions in the various Compare opcodes. And to fix a build bug in SamplingTool.
+ And to remove debug cruft I stupidly committed in my last patch.
+
+ * bytecode/SamplingTool.h:
+ (SamplingRegion):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compare):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
+
+2012-03-30 David Barr <davidbarr@chromium.org>
+
+ Split up top-level .gitignore and .gitattributes
+ https://bugs.webkit.org/show_bug.cgi?id=82687
+
+ Reviewed by Tor Arne Vestbø.
+
+ * JavaScriptCore.gyp/.gitignore: Added.
+
+2012-03-30 Steve Falkenburg <sfalken@apple.com>
+
+ Windows (make based) build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them.
+
+2012-03-30 Keishi Hattori <keishi@webkit.org>
+
+ Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium
+ https://bugs.webkit.org/show_bug.cgi?id=80972
+
+ Reviewed by Kent Tamura.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-03-29 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor recompileAllJSFunctions() to be less expensive
+ https://bugs.webkit.org/show_bug.cgi?id=80330
+
+ Reviewed by Filip Pizlo.
+
+ This change is performance neutral on the JS benchmarks we track. It's mostly to improve page
+ load performance, which currently does at least a couple full GCs per navigation.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode
+ because the function doesn't actually recompile anything (and never did); it simply throws code
+ away for it to be recompiled later if we determine we should do so.
+ (JSC):
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
+ (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
+ * heap/Heap.h:
+ (JSC):
+ (Heap):
+ * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can
+ be used in DoublyLinkedLists.
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
+ * runtime/Executable.h:
+ (FunctionExecutable):
+ (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
+ * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage
+ the list of FunctionExecutables.
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
+
+2012-03-29 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for non-x86 platforms.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitSlow_op_mod):
+
+2012-03-29 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix p2.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-29 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix p1.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-29 Gavin Barraclough <barraclough@apple.com>
+
+ Template the Yarr::Interpreter on the character type
+ https://bugs.webkit.org/show_bug.cgi?id=82637
+
+ Reviewed by Sam Weinig.
+
+ We should be able to call to the interpreter after having already checked the character type,
+ without having to re-package the character pointer back up into a string!
+
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match):
+ (JSC::RegExp::matchCompareWithInterpreter):
+ - Don't pass length.
+ * yarr/Yarr.h:
+ - moved function declarations to YarrInterpreter.h.
+ * yarr/YarrInterpreter.cpp:
+ (Yarr):
+ (Interpreter):
+ (JSC::Yarr::Interpreter::InputStream::InputStream):
+ (InputStream):
+ (JSC::Yarr::Interpreter::Interpreter):
+ (JSC::Yarr::interpret):
+ - templated Interpreter class on CharType.
+ * yarr/YarrInterpreter.h:
+ (Yarr):
+ - added function declarations.
+
+2012-03-29 David Kilzer <ddkilzer@apple.com>
+
+ Don't use a flattened framework path when building on OS X
+
+ Reviewed by Mark Rowe.
+
+ * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME
+ to select different INSTALL_PATH values.
+
+2012-03-29 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed build fix, add Win-specific sources
+ the wx port needs after WTF move.
+
+ * wscript:
+
+2012-03-29 Andy Estes <aestes@apple.com>
+
+ Remove an unused variable that breaks the build with newer versions of clang.
+
+ Rubber stamped by Gavin Barraclough.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
+
+2012-03-29 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
+
+ HashMap<>::add should return a more descriptive object
+ https://bugs.webkit.org/show_bug.cgi?id=71063
+
+ Reviewed by Ryosuke Niwa.
+
+ Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps
+ the iterator type, there's a need for its own AddResult type -- instantiated from
+ HashTableAddResult template class.
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::contextData):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addVar):
+ (JSC::BytecodeGenerator::addGlobalVar):
+ (JSC::BytecodeGenerator::addConstant):
+ (JSC::BytecodeGenerator::addConstantValue):
+ (JSC::BytecodeGenerator::emitLoad):
+ (JSC::BytecodeGenerator::addStringConstant):
+ (JSC::BytecodeGenerator::emitLazyNewFunction):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::PropertyListNode::emitBytecode):
+ * debugger/Debugger.cpp:
+ * dfg/DFGAssemblyHelpers.cpp:
+ (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::ctiStub):
+ (JSC::JITThunks::hostFunctionStub):
+ * parser/Parser.cpp:
+ (JSC::::parseStrictObjectLiteral):
+ * parser/Parser.h:
+ (JSC::Scope::declareParameter):
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::add):
+ (JSC::Identifier::add8):
+ (JSC::Identifier::addSlowCase):
+ * runtime/Identifier.h:
+ (JSC::Identifier::add):
+ (JSC::IdentifierTable::add):
+ * runtime/JSArray.cpp:
+ (JSC::SparseArrayValueMap::add):
+ (JSC::SparseArrayValueMap::put):
+ (JSC::SparseArrayValueMap::putDirect):
+ (JSC::JSArray::enterDictionaryMode):
+ (JSC::JSArray::defineOwnNumericProperty):
+ * runtime/JSArray.h:
+ (SparseArrayValueMap):
+ * runtime/PropertyNameArray.cpp:
+ (JSC::PropertyNameArray::add):
+ * runtime/StringRecursionChecker.h:
+ (JSC::StringRecursionChecker::performCheck):
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::add):
+ * runtime/WeakGCMap.h:
+ (WeakGCMap):
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ * tools/ProfileTreeNode.h:
+ (JSC::ProfileTreeNode::sampleChild):
+
+2012-03-29 Patrick Gansterer <paroga@webkit.org>
+
+ Build fix for !ENABLE(YARR_JIT) after r112454.
+
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::invalidateCode):
+
+2012-03-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG object equality speculations should be simplified
+ https://bugs.webkit.org/show_bug.cgi?id=82557
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateFinalObject):
+ (JSC::DFG::Node::shouldSpeculateArray):
+
+2012-03-28 David Kilzer <ddkilzer@apple.com>
+
+ minidom configurations should be based on ToolExecutable.xcconfig
+ <http://webkit.org/b/82513>
+
+ Reviewed by Mark Rowe.
+
+ Note that this patch changes minidom from being installed in
+ /usr/local/bin to JavaScriptCore.framework/Resources.
+
+ * Configurations/ToolExecutable.xcconfig: Add semi-colon.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
+ configurations on ToolExecutable.xcconfig. Remove redundant
+ PRODUCT_NAME and SKIP_INSTALL variables.
+
+2012-03-28 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix - some compiles generating NORETURN related warnings.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::setSubpatternStart):
+ (JSC::Yarr::YarrGenerator::setSubpatternEnd):
+ (JSC::Yarr::YarrGenerator::clearSubpatternStart):
+
+2012-03-28 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed. Build fix, move WTF back into JSCore target
+ until issues with JSCore not linking in all WTF symbols are resolved.
+
+ * wscript:
+
+2012-03-28 Gavin Barraclough <barraclough@apple.com>
+
+ Yarr: if we're not using the output array, don't populate it!
+ https://bugs.webkit.org/show_bug.cgi?id=82519
+
+ Reviewed by Sam Weinig.
+
+ * runtime/RegExp.cpp:
+ (JSC):
+ - Missed review comment! - didn't fully remove RegExpRepresentation.
+
+2012-03-28 Gavin Barraclough <barraclough@apple.com>
+
+ Yarr: if we're not using the output array, don't populate it!
+ https://bugs.webkit.org/show_bug.cgi?id=82519
+
+ Reviewed by Sam Weinig.
+
+ Add a new variant of the match method to RegExp that returns a MatchResult,
+ and modify YarrJIT to be able to compile code that doesn't use an output vector.
+
+ This is a 3% progression on v8-regexp.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Moved MatchResult into its own header.
+ * assembler/AbstractMacroAssembler.h:
+ - Added missing include.
+ * runtime/MatchResult.h: Added.
+ (MatchResult::MatchResult):
+ (MatchResult):
+ (MatchResult::failed):
+ (MatchResult::operator bool):
+ (MatchResult::empty):
+ - Moved MatchResult into its own header.
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::compileIfNecessary):
+ (JSC::RegExp::match):
+ - Changed due to execute & representation changes.
+ (JSC::RegExp::compileMatchOnly):
+ (JSC::RegExp::compileIfNecessaryMatchOnly):
+ - Added helper to compile MatchOnly code.
+ (JSC::RegExp::invalidateCode):
+ (JSC::RegExp::matchCompareWithInterpreter):
+ (JSC::RegExp::printTraceData):
+ - Changed due representation changes.
+ * runtime/RegExp.h:
+ (RegExp):
+ (JSC::RegExp::hasCode):
+ - Made YarrCodeBlock a member.
+ * runtime/RegExpConstructor.h:
+ (RegExpConstructor):
+ (JSC::RegExpConstructor::performMatch):
+ - Added no-ovector form.
+ * runtime/RegExpMatchesArray.cpp:
+ (JSC::RegExpMatchesArray::reifyAllProperties):
+ - Match now takes a reference to ovector, not a pointer.
+ * runtime/RegExpObject.h:
+ (JSC):
+ - Moved MatchResult into its own header.
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+ - Match now takes a reference to ovector, not a pointer.
+ * testRegExp.cpp:
+ (testOneRegExp):
+ - Match now takes a reference to ovector, not a pointer.
+ * yarr/YarrJIT.cpp:
+ (Yarr):
+ (YarrGenerator):
+ (JSC::Yarr::YarrGenerator::initCallFrame):
+ (JSC::Yarr::YarrGenerator::removeCallFrame):
+ (JSC::Yarr::YarrGenerator::setSubpatternStart):
+ (JSC::Yarr::YarrGenerator::setSubpatternEnd):
+ (JSC::Yarr::YarrGenerator::clearSubpatternStart):
+ (JSC::Yarr::YarrGenerator::setMatchStart):
+ (JSC::Yarr::YarrGenerator::getMatchStart):
+ - Added helper functions to intermediate access to output.
+ (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
+ (JSC::Yarr::YarrGenerator::generate):
+ (JSC::Yarr::YarrGenerator::backtrack):
+ (JSC::Yarr::YarrGenerator::generateEnter):
+ (JSC::Yarr::YarrGenerator::compile):
+ - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
+ (JSC::Yarr::jitCompile):
+ - Needs to template of MatchOnly or IncludeSubpatterns.
+ * yarr/YarrJIT.h:
+ (YarrCodeBlock):
+ (JSC::Yarr::YarrCodeBlock::set8BitCode):
+ (JSC::Yarr::YarrCodeBlock::set16BitCode):
+ (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
+ (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
+ (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
+ (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
+ (JSC::Yarr::YarrCodeBlock::execute):
+ (JSC::Yarr::YarrCodeBlock::clear):
+ - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
+
+2012-03-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit should not generate an exit for variables of inlinees if the
+ inlinees are not in scope
+ https://bugs.webkit.org/show_bug.cgi?id=82312
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/CodeBlock.h:
+ (JSC::baselineCodeBlockForInlineCallFrame):
+ (JSC):
+ (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::computeNumVariablesForCodeOrigin):
+ (DFG):
+ (JSC::DFG::OSRExit::OSRExit):
+
+2012-03-27 Matt Lilek <mrl@apple.com>
+
+ Stop compiling Interpreter.cpp with -fno-var-tracking
+ https://bugs.webkit.org/show_bug.cgi?id=82299
+
+ Reviewed by Anders Carlsson.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-03-27 Pratik Solanki <psolanki@apple.com>
+
+ Compiler warning when JIT is not enabled
+ https://bugs.webkit.org/show_bug.cgi?id=82352
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+
+2012-03-26 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Unaligned userspace access for SH4 platforms
+ https://bugs.webkit.org/show_bug.cgi?id=79104
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/AbstractMacroAssembler.h:
+ (Jump):
+ (JSC::AbstractMacroAssembler::Jump::Jump):
+ (JSC::AbstractMacroAssembler::Jump::link):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::load16Unaligned):
+ (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerSH4::branchDouble):
+ (JSC::MacroAssemblerSH4::branchTrue):
+ (JSC::MacroAssemblerSH4::branchFalse):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::extraInstrForBranch):
+ (SH4Assembler):
+ (JSC::SH4Assembler::bra):
+ (JSC::SH4Assembler::linkJump):
+ * jit/JIT.h:
+ (JIT):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
+2012-03-26 Ryosuke Niwa <rniwa@webkit.org>
+
+ cssText should use shorthand notations
+ https://bugs.webkit.org/show_bug.cgi?id=81737
+
+ Reviewed by Enrica Casucci.
+
+ Export symbols of BitVector on Windows.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-26 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should assert that argument value recoveries can only be
+ AlreadyInRegisterFile or Constant
+ https://bugs.webkit.org/show_bug.cgi?id=82249
+
+ Reviewed by Michael Saboff.
+
+ Made the assertions that the DFG makes for argument value recoveries match
+ what Arguments expects.
+
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::isConstant):
+ (ValueRecovery):
+ (JSC::ValueRecovery::isAlreadyInRegisterFile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-03-26 Dan Bernstein <mitz@apple.com>
+
+ Tried to fix the Windows build.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::CharacterClassConstructor::putRange):
+
+2012-03-26 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed - speculative Windows build fix.
+
+ * yarr/YarrCanonicalizeUCS2.h:
+ (JSC::Yarr::getCanonicalPair):
+
+2012-03-26 Dan Bernstein <mitz@apple.com>
+
+ Fixed builds with assertions disabled.
+
+ * yarr/YarrCanonicalizeUCS2.h:
+ (JSC::Yarr::areCanonicallyEquivalent):
+
+2012-03-26 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed - errk! - accidentally the whole pbxproj.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-03-25 Gavin Barraclough <barraclough@apple.com>
+
+ Greek sigma is handled wrong in case independent regexp.
+ https://bugs.webkit.org/show_bug.cgi?id=82063
+
+ Reviewed by Oliver Hunt.
+
+ The bug here is that we assume that any given codepoint has at most one additional value it
+ should match under a case insensitive match, and that the pair of codepoints that match (if
+ a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
+ given codepoint). Life is not that simple.
+
+ Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
+ it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
+ we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
+ simple binary search to find an entry in typically eight compares.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * yarr/yarr.pri:
+ - Added new files to build systems.
+ * yarr/YarrCanonicalizeUCS2.cpp: Added.
+ - New - autogenerated, UCS2 canonicalized comparison tables.
+ * yarr/YarrCanonicalizeUCS2.h: Added.
+ (JSC::Yarr::rangeInfoFor):
+ - Look up the canonicalization info for a UCS2 character.
+ (JSC::Yarr::getCanonicalPair):
+ - For a UCS2 character with a single equivalent value, look it up.
+ (JSC::Yarr::isCanonicallyUnique):
+ - Returns true if no other UCS2 code points are canonically equal.
+ (JSC::Yarr::areCanonicallyEquivalent):
+ - Compare two values, under canonicalization rules.
+ * yarr/YarrCanonicalizeUCS2.js: Added.
+ - script used to generate YarrCanonicalizeUCS2.cpp.
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::tryConsumeBackReference):
+ - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::CharacterClassConstructor::putChar):
+ - Updated to determine canonical equivalents correctly.
+ (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
+ - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
+ (JSC::Yarr::CharacterClassConstructor::putRange):
+ - Updated to determine canonical equivalents correctly.
+ (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
+ - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
+
+2012-03-26 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
+ so we make sure it finds the API headers on all platforms.
+
+ * wscript:
+
+2012-03-26 Patrick Gansterer <paroga@webkit.org>
+
+ Build fix for WinCE after r112039.
+
+ * interpreter/Register.h:
+ (Register): Removed inline keyword from decleration since
+ there is an ALWAYS_INLINE at the definition anyway.
+
+2012-03-26 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2012-03-25 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed build fix. Move WTF to its own static lib build.
+
+ * wscript:
+
+2012-03-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG int-to-double conversion should be revealed to CSE
+ https://bugs.webkit.org/show_bug.cgi?id=82135
+
+ Reviewed by Oliver Hunt.
+
+ This introduces the notion of an Int32ToDouble node, which is injected
+ into the graph anytime we know that we have a double use of a node that
+ was predicted integer. The Int32ToDouble simplifies double speculation
+ on integers by skipping the path that would unbox doubles, if we know
+ that the value is already proven to be an integer. It allows integer to
+ double conversions to be subjected to common subexpression elimination
+ (CSE) by allowing the CSE phase to see where these conversions are
+ occurring. Finally, it allows us to see when a constant is being used
+ as both a double and an integer. This is a bit odd, since it means that
+ sometimes a double use of a constant will not refer directly to the
+ constant. This should not cause problems, for now, but it may require
+ some canonizalization in the future if we want to support strength
+ reductions of double operations based on constants.
+
+ To allow injection of nodes into the graph, this change introduces the
+ DFG::InsertionSet, which is a way of lazily inserting elements into a
+ list. This allows the FixupPhase to remain O(N) despite performing
+ multiple injections in a single basic block. Without the InsertionSet,
+ each injection would require performing an insertion into a vector,
+ which is O(N), leading to O(N^2) performance overall. With the
+ InsertionSet, each injection simply records what insertion would have
+ been performed, and all insertions are performed at once (via
+ InsertionSet::execute) after processing of a basic block is completed.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/PredictedType.h:
+ (JSC::isActionableIntMutableArrayPrediction):
+ (JSC):
+ (JSC::isActionableFloatMutableArrayPrediction):
+ (JSC::isActionableTypedMutableArrayPrediction):
+ (JSC::isActionableMutableArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGCommon.h:
+ (JSC::DFG::useKindToString):
+ (DFG):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::run):
+ (JSC::DFG::FixupPhase::fixupBlock):
+ (FixupPhase):
+ (JSC::DFG::FixupPhase::fixupNode):
+ (JSC::DFG::FixupPhase::fixDoubleEdge):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGInsertionSet.h: Added.
+ (DFG):
+ (Insertion):
+ (JSC::DFG::Insertion::Insertion):
+ (JSC::DFG::Insertion::index):
+ (JSC::DFG::Insertion::element):
+ (InsertionSet):
+ (JSC::DFG::InsertionSet::InsertionSet):
+ (JSC::DFG::InsertionSet::append):
+ (JSC::DFG::InsertionSet::execute):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
+ (DFG):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ (JSC::DFG::IntegerOperand::IntegerOperand):
+ (JSC::DFG::DoubleOperand::DoubleOperand):
+ (JSC::DFG::JSValueOperand::JSValueOperand):
+ (JSC::DFG::StorageOperand::StorageOperand):
+ (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
+ (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
+ (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
+ (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
+ (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-03-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFGOperands should be moved out of the DFG and into bytecode
+ https://bugs.webkit.org/show_bug.cgi?id=82151
+
+ Reviewed by Dan Bernstein.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
+ * dfg/DFGBasicBlock.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGOSREntry.h:
+ * dfg/DFGOSRExit.h:
+ * dfg/DFGOperands.h: Removed.
+ * dfg/DFGVariableAccessData.h:
+
+2012-03-24 Filip Pizlo <fpizlo@apple.com>
+
+ DFG 64-bit Branch implementation should not be creating a JSValueOperand that
+ it isn't going to use
+ https://bugs.webkit.org/show_bug.cgi?id=82136
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+
+2012-03-24 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed. Fix the build after WTF move.
+
+ * wscript:
+
+2012-03-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG double voting may be overzealous in the case of variables that end up
+ being used as integers
+ https://bugs.webkit.org/show_bug.cgi?id=82008
+
+ Reviewed by Oliver Hunt.
+
+ Cleaned up propagation, making the intent more explicit in most places.
+ Back-propagate NodeUsedAsInt for cases where a node was used in a context
+ that is known to strongly prefer integers.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dumpCodeOrigin):
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (Graph):
+ * dfg/DFGNodeFlags.cpp:
+ (JSC::DFG::nodeFlagsAsString):
+ * dfg/DFGNodeFlags.h:
+ (DFG):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::run):
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (PredictionPropagationPhase):
+ (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
+ (JSC::DFG::PredictionPropagationPhase::vote):
+ (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
+ (JSC::DFG::PredictionPropagationPhase::fixupNode):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
+
+2012-03-24 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::Node::shouldNotSpeculateInteger() should be eliminated
+ https://bugs.webkit.org/show_bug.cgi?id=82123
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (Node):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+
+2012-03-24 Yong Li <yoli@rim.com>
+
+ Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
+ https://bugs.webkit.org/show_bug.cgi?id=81521
+
+ Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
+ for CPU(ARM_TRADITIONAL) to fit actual need.
+
+ Reviewed by Oliver Hunt.
+
+ * jit/JIT.h:
+ (JIT):
+
+2012-03-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG Fixup should be able to short-circuit trivial ValueToInt32's
+ https://bugs.webkit.org/show_bug.cgi?id=82030
+
+ Reviewed by Michael Saboff.
+
+ Takes the fixup() method of the prediction propagation phase and makes it
+ into its own phase. Adds the ability to short-circuit trivial ValueToInt32
+ nodes, and mark pure ValueToInt32's as such.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCommon.h:
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGFixupPhase.cpp: Added.
+ (DFG):
+ (FixupPhase):
+ (JSC::DFG::FixupPhase::FixupPhase):
+ (JSC::DFG::FixupPhase::run):
+ (JSC::DFG::FixupPhase::fixupNode):
+ (JSC::DFG::FixupPhase::fixIntEdge):
+ (JSC::DFG::performFixup):
+ * dfg/DFGFixupPhase.h: Added.
+ (DFG):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::run):
+ (PredictionPropagationPhase):
+
+2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ tryReallocate could break the zero-ed memory invariant of CopiedBlocks
+ https://bugs.webkit.org/show_bug.cgi?id=82087
+
+ Reviewed by Filip Pizlo.
+
+ Removing this optimization turned out to be ~1% regression on kraken, so I simply
+ undid the modification to the current block if we fail.
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail
+ to reallocate from the current block.
+
+2012-03-23 Alexey Proskuryakov <ap@apple.com>
+
+ [Mac] No need for platform-specific ENABLE_BLOB values
+ https://bugs.webkit.org/show_bug.cgi?id=82102
+
+ Reviewed by David Kilzer.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-03-23 Michael Saboff <msaboff@apple.com>
+
+ DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
+ https://bugs.webkit.org/show_bug.cgi?id=81805
+
+ Reviewed by Filip Pizlo.
+
+ Added SpeculativeJIT::checkGeneratedType() to determine the current format
+ of an operand. Used that information in SpeculativeJIT::compileValueToInt32
+ to generate code that will use integer and JSValue types in integer
+ format directly without a conversion to double.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkGeneratedType):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ * dfg/DFGSpeculativeJIT.h:
+ (DFG):
+ (SpeculativeJIT):
+
+2012-03-23 Steve Falkenburg <sfalken@apple.com>
+
+ Update Apple Windows build files for WTF move
+ https://bugs.webkit.org/show_bug.cgi?id=82069
+
+ Reviewed by Jessie Berlin.
+
+ * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
+
+2012-03-23 Dean Jackson <dino@apple.com>
+
+ Disable CSS_SHADERS in Apple builds
+ https://bugs.webkit.org/show_bug.cgi?id=81996
+
+ Reviewed by Simon Fraser.
+
+ Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-03-23 Gavin Barraclough <barraclough@apple.com>
+
+ RexExp constructor last match properties should not rely on previous ovector
+ https://bugs.webkit.org/show_bug.cgi?id=82077
+
+ Reviewed by Oliver Hunt.
+
+ This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
+
+ This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
+ Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
+ a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
+ location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
+ a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
+ reified state. This means that next time a match is performed, the store of the result will
+ automatically blow away the reified value.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added new files.
+ * runtime/RegExp.cpp:
+ (JSC::RegExpFunctionalTestCollector::outputOneTest):
+ - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
+ * runtime/RegExpCachedResult.cpp: Added.
+ (JSC::RegExpCachedResult::visitChildren):
+ (JSC::RegExpCachedResult::lastResult):
+ (JSC::RegExpCachedResult::setInput):
+ - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
+ * runtime/RegExpCachedResult.h: Added.
+ (RegExpCachedResult):
+ - Added new class.
+ (JSC::RegExpCachedResult::RegExpCachedResult):
+ (JSC::RegExpCachedResult::record):
+ (JSC::RegExpCachedResult::input):
+ - Initialize the object, record the result of a RegExp match, access the stored input property.
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ - Initialize m_result/m_multiline properties.
+ (JSC::RegExpConstructor::visitChildren):
+ - Make sure the cached results (or lazy source for them) are marked.
+ (JSC::RegExpConstructor::getBackref):
+ (JSC::RegExpConstructor::getLastParen):
+ (JSC::RegExpConstructor::getLeftContext):
+ (JSC::RegExpConstructor::getRightContext):
+ - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
+ (JSC::regExpConstructorInput):
+ (JSC::setRegExpConstructorInput):
+ - Changed to use RegExpCachedResult.
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::create):
+ (RegExpConstructor):
+ (JSC::RegExpConstructor::setMultiline):
+ (JSC::RegExpConstructor::multiline):
+ - Move multiline property onto the constructor object; it is not affected by the last match.
+ (JSC::RegExpConstructor::setInput):
+ (JSC::RegExpConstructor::input):
+ - These defer to RegExpCachedResult.
+ (JSC::RegExpConstructor::performMatch):
+ * runtime/RegExpMatchesArray.cpp: Added.
+ (JSC::RegExpMatchesArray::visitChildren):
+ - Eeeep! added missing visitChildren!
+ (JSC::RegExpMatchesArray::finishCreation):
+ (JSC::RegExpMatchesArray::reifyAllProperties):
+ (JSC::RegExpMatchesArray::reifyMatchProperty):
+ - Moved from RegExpConstructor.cpp.
+ (JSC::RegExpMatchesArray::leftContext):
+ (JSC::RegExpMatchesArray::rightContext):
+ - Since the match start/
+ * runtime/RegExpMatchesArray.h:
+ (RegExpMatchesArray):
+ - Declare new methods & structure flags.
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::match):
+ - performMatch now requires the JSString input, to cache.
+ * runtime/StringPrototype.cpp:
+ (JSC::removeUsingRegExpSearch):
+ (JSC::replaceUsingRegExpSearch):
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ - performMatch now requires the JSString input, to cache.
+
+2012-03-23 Tony Chang <tony@chromium.org>
+
+ [chromium] rename newwtf target back to wtf
+ https://bugs.webkit.org/show_bug.cgi?id=82064
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Simplify memory usage tracking in CopiedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=80705
+
+ Reviewed by Filip Pizlo.
+
+ * heap/CopiedAllocator.h:
+ (CopiedAllocator): Rename currentUtilization to currentSize.
+ (JSC::CopiedAllocator::currentCapacity):
+ * heap/CopiedBlock.h:
+ (CopiedBlock):
+ (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
+ declaration.
+ (JSC):
+ (JSC::CopiedBlock::size): Add new function to calculate the block's size.
+ (JSC::CopiedBlock::capacity): Ditto for capacity.
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
+ field for the water mark.
+ (JSC::CopiedSpace::init):
+ (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current
+ block, we need to update our current water mark with the size of the block.
+ (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we
+ need to update our current water mark with the size of the used portion of the block.
+ (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when
+ reallocating because it will either get accounted for when we fill up the block later
+ in the case of being able to reallocate in the current block or it will get picked up
+ immediately because we'll have to get a new block.
+ (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when
+ realloc-ing an oversize block because we deallocate the old block and allocate a brand
+ new one.
+ (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to
+ the CopiedSpace by the SlotVisitors.
+ (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
+ (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or
+ not we should collect now instead of doing the calculation ourself.
+ (JSC::CopiedSpace::destroy):
+ (JSC):
+ (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how
+ MarkedSpace does.
+ (JSC::CopiedSpace::capacity): Ditto for capacity.
+ * heap/CopiedSpace.h:
+ (JSC::CopiedSpace::waterMark):
+ (CopiedSpace):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a
+ collection.
+ (JSC::CopiedSpace::allocateNewBlock):
+ (JSC::CopiedSpace::fitsInBlock):
+ (JSC::CopiedSpace::allocateFromBlock):
+ * heap/Heap.cpp:
+ (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
+ (JSC::Heap::capacity): Ditto for capacity.
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (Heap):
+ (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to
+ determine whether they should initiate a collection or continue to allocate new blocks.
+ (JSC):
+ (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
+ Heap (MarkedSpace and CopiedSpace).
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
+
+2012-03-23 Ryosuke Niwa <rniwa@webkit.org>
+
+ BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
+ https://bugs.webkit.org/show_bug.cgi?id=82012
+
+ Reviewed by Filip Pizlo.
+
+ Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
+
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::resizeOutOfLine):
+ * wtf/BitVector.h:
+ (BitVector):
+ (OutOfLineBits):
+
+2012-03-22 Michael Saboff <msaboff@apple.com>
+
+ ExecutableAllocator::memoryPressureMultiplier() might can return NaN
+ https://bugs.webkit.org/show_bug.cgi?id=82002
+
+ Reviewed by Filip Pizlo.
+
+ Guard against divide by zero and then make sure the return
+ value is >= 1.0.
+
+ * jit/ExecutableAllocator.cpp:
+ (JSC::ExecutableAllocator::memoryPressureMultiplier):
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::ExecutableAllocator::memoryPressureMultiplier):
+
+2012-03-22 Jessie Berlin <jberlin@apple.com>
+
+ Windows build fix after r111778.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ Don't include and try to build files owned by WTF.
+ Also, let VS have its way with the vcproj in terms of file ordering.
+
+2012-03-22 Raphael Kubo da Costa <rakuco@FreeBSD.org>
+
+ [CMake] Unreviewed build fix after r111778.
+
+ * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
+ the include paths so that the right config.h is used.
+
+2012-03-22 Tony Chang <tony@chromium.org>
+
+ Unreviewed, fix chromium build after wtf move.
+
+ Remove old wtf_config and wtf targets.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2012-03-22 Martin Robinson <mrobinson@igalia.com>
+
+ Fixed the GTK+ WTF/JavaScriptCore build after r111778.
+
+ * GNUmakefile.list.am: Removed an extra trailing backslash.
+
+2012-03-22 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
+ rather than only those that contain symbols that JavaScriptCore itself uses.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
+
+2012-03-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG NodeFlags has some duplicate code and naming issues
+ https://bugs.webkit.org/show_bug.cgi?id=81975
+
+ Reviewed by Gavin Barraclough.
+
+ Removed most references to "ArithNodeFlags" since those are now just part
+ of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
+ NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
+ because the former was never called and the latter did the same things as
+ mergeFlags().
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::arithNodeFlags):
+ (Node):
+ * dfg/DFGNodeFlags.cpp:
+ (JSC::DFG::nodeFlagsAsString):
+ * dfg/DFGNodeFlags.h:
+ (DFG):
+ (JSC::DFG::nodeUsedAsNumber):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
+
+2012-03-22 Eric Seidel <eric@webkit.org>
+
+ Actually move WTF files to their new home
+ https://bugs.webkit.org/show_bug.cgi?id=81844
+
+ Unreviewed. The details of the port-specific changes
+ have been seen by contributors from those ports, but
+ the whole 5MB change isn't very reviewable as-is.
+
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JSCTypedArrayStubs.h:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jsc.cpp:
+
+2012-03-22 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed. Adding Source/WTF to the build.
+
+ * wscript:
+
+2012-03-22 Gavin Barraclough <barraclough@apple.com>
+
+ Add JSValue::isFunction
+ https://bugs.webkit.org/show_bug.cgi?id=81935
+
+ Reviewed by Geoff Garen.
+
+ This would be useful in the WebCore bindings code.
+ Also, remove asFunction, replace with jsCast<JSFunction*>.
+
+ * API/JSContextRef.cpp:
+ * debugger/Debugger.cpp:
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::functionName):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueOfFunctionConstant):
+ * dfg/DFGOperations.cpp:
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::isInlineCallFrameSlow):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::jitCompileFor):
+ (JSC::lazyLinkFor):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::traceFunctionPrologue):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::setUpCall):
+ * runtime/Arguments.h:
+ (JSC::Arguments::finishCreation):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::arityCheckFor):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncToString):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sort):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::argumentsGetter):
+ (JSC::JSFunction::callerGetter):
+ (JSC::JSFunction::lengthGetter):
+ * runtime/JSFunction.h:
+ (JSC):
+ (JSC::asJSFunction):
+ (JSC::JSValue::isFunction):
+ * runtime/JSGlobalData.cpp:
+ (WTF::Recompiler::operator()):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+ * runtime/JSValue.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::replaceUsingRegExpSearch):
+
+2012-03-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculation on booleans should be rationalized
+ https://bugs.webkit.org/show_bug.cgi?id=81840
+
+ Reviewed by Gavin Barraclough.
+
+ This removes isKnownBoolean() and replaces it with AbstractState-based
+ optimization, and cleans up the control flow in code gen methods for
+ Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
+ and removes isKnownNotBoolean() since that method appeared to be a
+ helper used solely by 32_64's speculateBooleanOperation().
+
+ This is performance-neutral.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateNumber):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (DFG):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-03-21 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * wtf/MetaAllocator.h:
+ (MetaAllocator): Export the destructor.
+
+2012-03-21 Eric Seidel <eric@webkit.org>
+
+ Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=81834
+
+ Reviewed by Adam Barth.
+
+ * jsc.cpp:
+ * os-win32/WinMain.cpp:
+ * runtime/JSDateMath.cpp:
+ * runtime/TimeoutChecker.cpp:
+ * testRegExp.cpp:
+ * tools/CodeProfiling.cpp:
+
+2012-03-21 Eric Seidel <eric@webkit.org>
+
+ WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
+ https://bugs.webkit.org/show_bug.cgi?id=81838
+
+ Reviewed by Geoffrey Garen.
+
+ My understanding is that weak vtables happen when the compiler/linker cannot
+ determine which compilation unit should constain the vtable. In this case
+ because there were only pure virtual functions as well as an "inline"
+ virtual destructor (thus the virtual destructor was defined in many compilation
+ units). Since you can't actually "inline" a virtual function (it still has to
+ bounce through the vtable), the "inline" on this virutal destructor doesn't
+ actually help performance, and is only serving to confuse the compiler here.
+ I've moved the destructor implementation to the .cpp file, thus making
+ it clear to the compiler where the vtable should be stored, and solving the error.
+
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocator::~MetaAllocator):
+ (WTF):
+ * wtf/MetaAllocator.h:
+
+2012-03-20 Gavin Barraclough <barraclough@apple.com>
+
+ RegExpMatchesArray should not copy the ovector
+ https://bugs.webkit.org/show_bug.cgi?id=81742
+
+ Reviewed by Michael Saboff.
+
+ Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
+ This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
+ main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
+ and the results never accessed).
+ If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
+
+ * dfg/DFGOperations.cpp:
+ - RegExpObject match renamed back to test (test returns a bool).
+ * runtime/RegExpConstructor.cpp:
+ (JSC):
+ - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
+ (JSC::RegExpMatchesArray::finishCreation):
+ - Removed RegExpConstructorPrivate parameter.
+ (JSC::RegExpMatchesArray::reifyAllProperties):
+ - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
+ If there are sub-pattern properties, the RegExp is re-run to generate their values.
+ (JSC::RegExpMatchesArray::reifyMatchProperty):
+ - Reify just the match (index 0) property of the RegExpMatchesArray.
+ * runtime/RegExpConstructor.h:
+ (RegExpConstructor):
+ (JSC::RegExpConstructor::performMatch):
+ - performMatch now returns a MatchResult, rather than using out-parameters.
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
+ (RegExpMatchesArray):
+ (JSC::RegExpMatchesArray::create):
+ - Now passed the input string matched against, the RegExp, and the MatchResult.
+ (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
+ (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
+ - Helpers to conditionally reify properties.
+ (JSC::RegExpMatchesArray::getOwnPropertySlot):
+ (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+ (JSC::RegExpMatchesArray::put):
+ (JSC::RegExpMatchesArray::putByIndex):
+ (JSC::RegExpMatchesArray::deleteProperty):
+ (JSC::RegExpMatchesArray::deletePropertyByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyNames):
+ (JSC::RegExpMatchesArray::defineOwnProperty):
+ - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
+ (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::exec):
+ (JSC::RegExpObject::match):
+ - match now returns a MatchResult.
+ * runtime/RegExpObject.h:
+ (JSC::MatchResult::MatchResult):
+ - Added the result of a match is a start & end tuple.
+ (JSC::MatchResult::failed):
+ - A failure is indicated by (notFound, 0).
+ (JSC::MatchResult::operator bool):
+ - Evaluates to false if the match failed.
+ (JSC::MatchResult::empty):
+ - Evaluates to true if the match succeeded with length 0.
+ (JSC::RegExpObject::test):
+ - Now returns a bool.
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncTest):
+ - RegExpObject match renamed back to test (test returns a bool).
+ * runtime/StringPrototype.cpp:
+ (JSC::removeUsingRegExpSearch):
+ (JSC::replaceUsingRegExpSearch):
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ - performMatch now returns a MatchResult, rather than using out-parameters.
+
+2012-03-21 Hojong Han <hojong.han@samsung.com>
+
+ Fix out of memory by allowing overcommit
+ https://bugs.webkit.org/show_bug.cgi?id=81743
+
+ Reviewed by Geoffrey Garen.
+
+ Garbage collection is not triggered and new blocks are added
+ because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2012-03-21 Jessie Berlin <jberlin@apple.com>
+
+ More Windows build fixing.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ Fix the order of the include directories to look in include/private first before looking
+ in include/private/JavaScriptCore.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ Look in the Production output directory (where the wtf headers will be). This is the same
+ thing that is done for jsc and testRegExp in ReleasePGO.
+
+2012-03-21 Jessie Berlin <jberlin@apple.com>
+
+ WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
+ $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
+ https://bugs.webkit.org/show_bug.cgi?id=81739
+
+ Reviewed by Dan Bernstein.
+
+ * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+ Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
+ subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
+ * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
+ Ditto.
+
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
+ Get the headers for those 4 files from the wtf subdirectory of the build output, not the
+ JavaScriptCore/wtf subdirectory.
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+ Ditto.
+
+2012-03-20 Eric Seidel <eric@webkit.org>
+
+ Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
+ https://bugs.webkit.org/show_bug.cgi?id=80911
+
+ Reviewed by Adam Barth.
+
+ Update the various build systems to depend on Source/WTF headers
+ as well as remove references to Platform.h (since it's now moved).
+
+ * CMakeLists.txt:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+
+2012-03-20 Filip Pizlo <fpizlo@apple.com>
+
+ op_mod fails on many interesting corner cases
+ https://bugs.webkit.org/show_bug.cgi?id=81648
+
+ Reviewed by Oliver Hunt.
+
+ Removed most strength reduction for op_mod, and fixed the integer handling
+ to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
+ which this patch also fixes.
+
+ This patch is performance neutral on all of the major benchmarks we track.
+
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compileArithMod):
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITArithmetic.cpp:
+ (JSC):
+ (JSC::JIT::emit_op_mod):
+ (JSC::JIT::emitSlow_op_mod):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_mod):
+ (JSC::JIT::emitSlow_op_mod):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC):
+ * jit/JITStubs.h:
+ (TrampolineStructure):
+ (JSC::JITThunks::ctiNativeConstruct):
+ * llint/LowLevelInterpreter64.asm:
+ * wtf/Platform.h:
+ * wtf/SimpleStats.h:
+ (WTF::SimpleStats::variance):
+
+2012-03-20 Steve Falkenburg <sfalken@apple.com>
+
+ Windows (make based) build fix.
+ <rdar://problem/11069015>
+
+ * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
+
+2012-03-20 Steve Falkenburg <sfalken@apple.com>
+
+ Move WTF-related Windows project files out of JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=80680
+
+ This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
+ It does not move any source code. This is in preparation for the WTF source move out of
+ JavaScriptCore.
+
+ Reviewed by Jessie Berlin.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln:
+ * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
+ * JavaScriptCore.vcproj/WTF: Removed.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
+ * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
+ * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
+
+2012-03-20 Benjamin Poulain <bpoulain@apple.com>
+
+ Cache the type string of JavaScript object
+ https://bugs.webkit.org/show_bug.cgi?id=81446
+
+ Reviewed by Geoffrey Garen.
+
+ Instead of creating the JSString every time, we create
+ lazily the strings in JSGlobalData.
+
+ This avoid the construction of the StringImpl and of the JSString,
+ which gives some performance improvements.
+
+ * runtime/CommonIdentifiers.h:
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toStringSlowCase):
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::SmallStrings):
+ (JSC::SmallStrings::finalizeSmallStrings):
+ (JSC::SmallStrings::initialize):
+ (JSC):
+ * runtime/SmallStrings.h:
+ (SmallStrings):
+
+2012-03-20 Oliver Hunt <oliver@apple.com>
+
+ Allow LLINT to work even when executable allocation fails.
+ https://bugs.webkit.org/show_bug.cgi?id=81693
+
+ Reviewed by Gavin Barraclough.
+
+ Don't crash if executable allocation fails if we can fall back on LLINT
+
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2012-03-20 Csaba Osztrogonác <ossy@webkit.org>
+
+ Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
+ https://bugs.webkit.org/show_bug.cgi?id=81428
+
+ 32 bit buildfix after r111355.
+
+ 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
+ The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h).
+
+ Reviewed by Zoltan Herczeg.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
+
+2012-03-19 Jochen Eisinger <jochen@chromium.org>
+
+ Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
+ https://bugs.webkit.org/show_bug.cgi?id=80983
+
+ Reviewed by Darin Adler.
+
+ This allows printing a backtrace acquired by an earlier WTFGetBacktrace
+ call which is useful for local debugging.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
+2012-03-19 Benjamin Poulain <benjamin@webkit.org>
+
+ Do not copy the script source in the SourceProvider, just reference the existing string
+ https://bugs.webkit.org/show_bug.cgi?id=81466
+
+ Reviewed by Geoffrey Garen.
+
+ * parser/SourceCode.h: Remove the unused, and incorrect, function data().
+ * parser/SourceProvider.h: Add OVERRIDE for clarity.
+
+2012-03-19 Filip Pizlo <fpizlo@apple.com>
+
+ Division optimizations fail to infer cases of truncated division and
+ mishandle -2147483648/-1
+ https://bugs.webkit.org/show_bug.cgi?id=81428
+ <rdar://problem/11067382>
+
+ Reviewed by Oliver Hunt.
+
+ If you're a division over integers and you're only used as an integer, then you're
+ an integer division and remainder checks become unnecessary. If you're dividing
+ -2147483648 by -1, don't crash.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (MacroAssemblerX86Common):
+ (JSC::MacroAssemblerX86Common::add32):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * llint/LowLevelInterpreter64.asm:
+
+2012-03-19 Benjamin Poulain <bpoulain@apple.com>
+
+ Simplify SmallStrings
+ https://bugs.webkit.org/show_bug.cgi?id=81445
+
+ Reviewed by Gavin Barraclough.
+
+ SmallStrings had two methods that should not be public: count() and clear().
+
+ The method clear() is effectively replaced by finalizeSmallStrings(). The body
+ of the method was moved to the constructor since the code is obvious.
+
+ The method count() is unused.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::SmallStrings):
+ * runtime/SmallStrings.h:
+ (SmallStrings):
+
+2012-03-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG can no longer compile V8-v4/regexp in debug mode
+ https://bugs.webkit.org/show_bug.cgi?id=81592
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-03-19 Filip Pizlo <fpizlo@apple.com>
+
+ Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
+ change throughout the fixpoint
+ https://bugs.webkit.org/show_bug.cgi?id=81583
+
+ Reviewed by Michael Saboff.
+
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+
+2012-03-19 Filip Pizlo <fpizlo@apple.com>
+
+ GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
+ the process of being generated
+ https://bugs.webkit.org/show_bug.cgi?id=81565
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finalizeUnconditionally):
+
+2012-03-19 Eric Seidel <eric@webkit.org>
+
+ Fix WTF header include discipline in Chromium WebKit
+ https://bugs.webkit.org/show_bug.cgi?id=81281
+
+ Reviewed by James Robinson.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * wtf/unicode/icu/CollatorICU.cpp:
+
+2012-03-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
+ https://bugs.webkit.org/show_bug.cgi?id=81556
+
+ Rubber stamped by Gavin Barraclough.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAbstractState.h:
+ (JSC::DFG::AbstractState::forNode):
+ * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
+ (JSC::DFG::AdjacencyList::AdjacencyList):
+ (JSC::DFG::AdjacencyList::child):
+ (JSC::DFG::AdjacencyList::setChild):
+ (JSC::DFG::AdjacencyList::child1):
+ (JSC::DFG::AdjacencyList::child2):
+ (JSC::DFG::AdjacencyList::child3):
+ (JSC::DFG::AdjacencyList::setChild1):
+ (JSC::DFG::AdjacencyList::setChild2):
+ (JSC::DFG::AdjacencyList::setChild3):
+ (JSC::DFG::AdjacencyList::child1Unchecked):
+ (JSC::DFG::AdjacencyList::initialize):
+ (AdjacencyList):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addVarArgChild):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::canonicalize):
+ (JSC::DFG::CSEPhase::performSubstitution):
+ * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
+ (DFG):
+ (JSC::DFG::Edge::Edge):
+ (JSC::DFG::Edge::operator==):
+ (JSC::DFG::Edge::operator!=):
+ (Edge):
+ (JSC::DFG::operator==):
+ (JSC::DFG::operator!=):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::operator[]):
+ (JSC::DFG::Graph::at):
+ (JSC::DFG::Graph::ref):
+ (JSC::DFG::Graph::deref):
+ (JSC::DFG::Graph::clearAndDerefChild1):
+ (JSC::DFG::Graph::clearAndDerefChild2):
+ (JSC::DFG::Graph::clearAndDerefChild3):
+ (Graph):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::child1):
+ (JSC::DFG::Node::child1Unchecked):
+ (JSC::DFG::Node::child2):
+ (JSC::DFG::Node::child3):
+ (Node):
+ * dfg/DFGNodeFlags.cpp:
+ (JSC::DFG::arithNodeFlagsAsString):
+ * dfg/DFGNodeFlags.h:
+ (DFG):
+ (JSC::DFG::nodeUsedAsNumber):
+ * dfg/DFGNodeReferenceBlob.h: Removed.
+ * dfg/DFGNodeUse.h: Removed.
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
+ (JSC::DFG::PredictionPropagationPhase::vote):
+ (JSC::DFG::PredictionPropagationPhase::fixupNode):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::use):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::useChildren):
+ (JSC::DFG::SpeculativeJIT::writeBarrier):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::at):
+ (JSC::DFG::SpeculativeJIT::canReuse):
+ (JSC::DFG::SpeculativeJIT::use):
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ (JSC::DFG::IntegerOperand::IntegerOperand):
+ (JSC::DFG::DoubleOperand::DoubleOperand):
+ (JSC::DFG::JSValueOperand::JSValueOperand):
+ (JSC::DFG::StorageOperand::StorageOperand):
+ (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
+ (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
+ (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
+ (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
+ (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+
+2012-03-19 Gavin Barraclough <barraclough@apple.com>
+
+ Object.freeze broken on latest Nightly
+ https://bugs.webkit.org/show_bug.cgi?id=80577
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::defineOwnProperty):
+ - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
+ been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::defineOwnProperty):
+ - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
+ the object must be extensible; this is incorrect since these properties should already exist
+ on the object. In addition, it was asserting that the arguments/caller values must match the
+ corresponding magic data properties, but for strict mode function this is incorrect. Instead,
+ just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
+
+2012-03-19 Filip Pizlo <fpizlo@apple.com>
+
+ LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
+ https://bugs.webkit.org/show_bug.cgi?id=81559
+
+ Reviewed by Michael Saboff.
+
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
+2012-03-19 Yong Li <yoli@rim.com>
+
+ [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
+ https://bugs.webkit.org/show_bug.cgi?id=77013
+
+ We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
+ implement memory decommitting for QNX.
+
+ Reviewed by Rob Buis.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::commit):
+ (WTF::OSAllocator::decommit):
+
+2012-03-19 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed - revent a couple of files accidentally committed.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::defineOwnProperty):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::defineOwnProperty):
+
+2012-03-19 Jessie Berlin <jberlin@apple.com>
+
+ Another Windows build fix after r111129.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-19 Raphael Kubo da Costa <rakuco@FreeBSD.org>
+
+ Cross-platform processor core counter: fix build on FreeBSD.
+ https://bugs.webkit.org/show_bug.cgi?id=81482
+
+ Reviewed by Zoltan Herczeg.
+
+ The documentation of sysctl(3) shows that <sys/types.h> should be
+ included before <sys/sysctl.h> (sys/types.h tends to be the first
+ included header in general).
+
+ This should fix the build on FreeBSD and other systems where
+ sysctl.h really depends on types defined in types.h.
+
+ * wtf/NumberOfCores.cpp:
+
+2012-03-19 Jessie Berlin <jberlin@apple.com>
+
+ Windows build fix after r111129.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-19 Gavin Barraclough <barraclough@apple.com>
+
+ JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
+ https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
+
+ Reviewed by Oliver Hunt.
+
+ The API specifies that convertToType may opt not to handle a conversion:
+ "@result The objects's converted value, or NULL if the object was not converted."
+ In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
+ conversion functions, and failing that call the JSObject::defaultValue function.
+
+ Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
+ the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
+ bug#73368, these will return the result from the first convertToType they find, regardless
+ of whether this result is null, and if no convertToType method is found in the api class
+ hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
+ chain), they will also return a null pointer. This is unsafe.
+
+ It would be easy to make the approach based around toStringCallback/valueOfCallback continue
+ to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
+ (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
+ Making the fallback work with toString/valueOf methods attached to api objects is probably
+ not the right thing to do – instead, we should just implement the defaultValue trap for api
+ objects.
+
+ In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
+ null to be returned from C to JavaScript - this is not okay. Handle with an exception.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::call):
+ - Should be null checking the return value.
+ (JSC):
+ - Remove toStringCallback/valueOfCallback.
+ * API/JSCallbackFunction.h:
+ (JSCallbackFunction):
+ - Remove toStringCallback/valueOfCallback.
+ * API/JSCallbackObject.h:
+ (JSCallbackObject):
+ - Add defaultValue mthods to JSCallbackObject.
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::defaultValue):
+ - Add defaultValue mthods to JSCallbackObject.
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ - Remove toStringCallback/valueOfCallback.
+ * API/tests/testapi.js:
+ - Revert this test, now we no longer artificially introduce a toString method onto the api object.
+
+2012-03-18 Raphael Kubo da Costa <rakuco@FreeBSD.org>
+
+ [EFL] Include ICU_INCLUDE_DIRS when building.
+ https://bugs.webkit.org/show_bug.cgi?id=81483
+
+ Reviewed by Daniel Bates.
+
+ So far, only the ICU libraries were being included when building
+ JavaScriptCore, however the include path is also needed, otherwise the
+ build will fail when ICU is installed into a non-standard location.
+
+ * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
+
+2012-03-17 Gavin Barraclough <barraclough@apple.com>
+
+ Strength reduction, RegExp.exec -> RegExp.test
+ https://bugs.webkit.org/show_bug.cgi?id=81459
+
+ Reviewed by Sam Weinig.
+
+ RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
+ expression for a match against a string - however exec is more expensive, since
+ it allocates a matches array object. In cases where the result is consumed in a
+ boolean context the allocation of the matches array can be trivially elided.
+
+ For example:
+ function f()
+ {
+ for (i =0; i < 10000000; ++i)
+ if(!/a/.exec("a"))
+ err = true;
+ }
+
+ This is a 2.5x speedup on this example microbenchmark loop.
+
+ In a more advanced form of this optimization, we may be able to avoid allocating
+ the array where access to the array can be observed.
+
+ * create_hash_table:
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGNodeType.h:
+ (DFG):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileRegExpExec):
+ (DFG):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jsc.cpp:
+ (GlobalObject::addConstructableFunction):
+ * runtime/Intrinsic.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ (JSC):
+ * runtime/JSFunction.h:
+ (JSFunction):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::exec):
+ (JSC::RegExpObject::match):
+ * runtime/RegExpObject.h:
+ (RegExpObject):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncTest):
+ (JSC::regExpProtoFuncExec):
+
+2012-03-16 Michael Saboff <msaboff@apple.com>
+
+ Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
+ https://bugs.webkit.org/show_bug.cgi?id=81244
+
+ Rubber stamped by Filip Pizlo.
+
+ Changed type and name of JSGlobalData::m_isInitializingObject to
+ ClassInfo* and m_initializingObjectClass.
+ Changed JSGlobalData::setInitializingObject to
+ JSGlobalData::setInitializingObjectClass. This pointer can be used within
+ the debugger to determine what type of object is being initialized.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::finishCreation):
+ (JSC::allocateCell):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ (JSC::JSGlobalData::isInitializingObject):
+ (JSC::JSGlobalData::setInitializingObjectClass):
+ * runtime/Structure.h:
+ (JSC::JSCell::finishCreation):
+
+2012-03-16 Mark Rowe <mrowe@apple.com>
+
+ Build fix. Do not preserve owner and group information when installing the WTF headers.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-03-15 David Dorwin <ddorwin@chromium.org>
+
+ Make the array pointer parameters in the Typed Array create() methods const.
+ https://bugs.webkit.org/show_bug.cgi?id=81147
+
+ Reviewed by Kenneth Russell.
+
+ This allows const arrays to be passed to these methods.
+ They use PassRefPtr<Subclass> create(), which already has a const parameter.
+
+ * wtf/Int16Array.h:
+ (Int16Array):
+ (WTF::Int16Array::create):
+ * wtf/Int32Array.h:
+ (Int32Array):
+ (WTF::Int32Array::create):
+ * wtf/Int8Array.h:
+ (Int8Array):
+ (WTF::Int8Array::create):
+ * wtf/Uint16Array.h:
+ (Uint16Array):
+ (WTF::Uint16Array::create):
+ * wtf/Uint32Array.h:
+ (Uint32Array):
+ (WTF::Uint32Array::create):
+ * wtf/Uint8Array.h:
+ (Uint8Array):
+ (WTF::Uint8Array::create):
+ * wtf/Uint8ClampedArray.h:
+ (Uint8ClampedArray):
+ (WTF::Uint8ClampedArray::create):
+
+2012-03-15 Myles Maxfield <mmaxfield@google.com>
+
+ CopiedSpace::tryAllocateOversize assumes system page size
+ https://bugs.webkit.org/show_bug.cgi?id=80615
+
+ Reviewed by Geoffrey Garen.
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::tryAllocateOversize):
+ * heap/CopiedSpace.h:
+ (CopiedSpace):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::oversizeBlockFor):
+ * wtf/BumpPointerAllocator.h:
+ (WTF::BumpPointerPool::create):
+ * wtf/StdLibExtras.h:
+ (WTF::roundUpToMultipleOf):
+
+2012-03-15 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing Windows build breakage
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-15 Patrick Gansterer <paroga@webkit.org>
+
+ [EFL] Make zlib a general build requirement
+ https://bugs.webkit.org/show_bug.cgi?id=80153
+
+ Reviewed by Hajime Morita.
+
+ After r109538 WebSocket module needs zlib to support deflate-frame extension.
+
+ * wtf/Platform.h:
+
+2012-03-15 Benjamin Poulain <bpoulain@apple.com>
+
+ NumericStrings should be inlined
+ https://bugs.webkit.org/show_bug.cgi?id=81183
+
+ Reviewed by Gavin Barraclough.
+
+ NumericStrings is not always inlined. When it is not, the class is not faster
+ than using UString::number() directly.
+
+ * runtime/NumericStrings.h:
+ (JSC::NumericStrings::add):
+ (JSC::NumericStrings::lookupSmallString):
+
+2012-03-15 Andras Becsi <andras.becsi@nokia.com>
+
+ Fix ARM build after r110792.
+
+ Unreviewed build fix.
+
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+ Remove superfluous curly brackets.
+
+2012-03-15 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
+ https://bugs.webkit.org/show_bug.cgi?id=81256
+
+ Reviewed by Oliver Hunt.
+
+ This is a 0.5% sunspider progression.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
+ - switch which form of vmov we use.
+
+2012-03-15 YoungTaeck Song <youngtaeck.song@samsung.com>
+
+ [EFL] Add OwnPtr specialization for Ecore_Timer.
+ https://bugs.webkit.org/show_bug.cgi?id=80119
+
+ Reviewed by Hajime Morita.
+
+ Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
+
+ * wtf/OwnPtrCommon.h:
+ (WTF):
+ * wtf/efl/OwnPtrEfl.cpp:
+ (WTF::deleteOwnedPtr):
+ (WTF):
+
+2012-03-15 Hojong Han <hojong.han@samsung.com>
+
+ Linux has madvise enough to support OSAllocator::commit/decommit
+ https://bugs.webkit.org/show_bug.cgi?id=80505
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::commit):
+ (WTF::OSAllocator::decommit):
+
+2012-03-15 Steve Falkenburg <sfalken@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
+ * JavaScriptCore.vcproj/WTF/copy-files.cmd:
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+
+2012-03-15 Steve Falkenburg <sfalken@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+
+2012-03-15 Kevin Ollivier <kevino@theolliviers.com>
+
+ Move wx port to using export macros
+ https://bugs.webkit.org/show_bug.cgi?id=77279
+
+ Reviewed by Hajime Morita.
+
+ * wscript:
+ * wtf/Platform.h:
+
+2012-03-14 Benjamin Poulain <bpoulain@apple.com>
+
+ Avoid StringImpl::getData16SlowCase() when sorting array
+ https://bugs.webkit.org/show_bug.cgi?id=81070
+
+ Reviewed by Geoffrey Garen.
+
+ The function codePointCompare() is used intensively when sorting strings.
+ This patch improves its performance by:
+ -Avoiding character conversion.
+ -Inlining the function.
+
+ This makes Peacekeeper's arrayCombined test 30% faster.
+
+ * wtf/text/StringImpl.cpp:
+ * wtf/text/StringImpl.h:
+ (WTF):
+ (WTF::codePointCompare):
+ (WTF::codePointCompare8):
+ (WTF::codePointCompare16):
+ (WTF::codePointCompare8To16):
+
+2012-03-14 Hojong Han <hojong.han@samsung.com>
+
+ Fix memory allocation failed by fastmalloc
+ https://bugs.webkit.org/show_bug.cgi?id=79614
+
+ Reviewed by Geoffrey Garen.
+
+ Memory allocation failed even if the heap grows successfully.
+ It is wrong to get the span only from the large list after the heap grows,
+ because new span could be added in the normal list.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::New):
+
+2012-03-14 Hojong Han <hojong.han@samsung.com>
+
+ Run cacheFlush page by page to assure of flushing all the requested ranges
+ https://bugs.webkit.org/show_bug.cgi?id=77712
+
+ Reviewed by Geoffrey Garen.
+
+ Current MetaAllocator concept, always coalesces adjacent free spaces,
+ doesn't meet memory management of Linux kernel.
+ In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
+ Therefore cacheFlush page by page guarantees a flush-requested range.
+
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+
+2012-03-14 Oliver Hunt <oliver@apple.com>
+
+ Make ARMv7 work again
+ https://bugs.webkit.org/show_bug.cgi?id=81157
+
+ Reviewed by Geoffrey Garen.
+
+ We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
+ where we the ARMv7MacroAssembler would also try to use dataRegister for its own
+ nefarious purposes.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::store32):
+ * assembler/MacroAssemblerARMv7.h:
+ (MacroAssemblerARMv7):
+
+2012-03-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Heap::destroy leaks CopiedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=81055
+
+ Reviewed by Geoffrey Garen.
+
+ Added a destroy() function to CopiedSpace that moves all normal size
+ CopiedBlocks from the CopiedSpace to the Heap's list of free blocks
+ as well as deallocates all of the oversize blocks in the CopiedSpace.
+ This function is now called in Heap::destroy().
+
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::destroy):
+ (JSC):
+ * heap/CopiedSpace.h:
+ (CopiedSpace):
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+
+2012-03-14 Andrew Lo <anlo@rim.com>
+
+ [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
+ https://bugs.webkit.org/show_bug.cgi?id=81000
+
+ Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/Platform.h:
+
+2012-03-13 Filip Pizlo <fpizlo@apple.com>
+
+ ValueToInt32 speculation will cause OSR exits even when it does not have to
+ https://bugs.webkit.org/show_bug.cgi?id=81068
+ <rdar://problem/11043926>
+
+ Reviewed by Anders Carlsson.
+
+ Two related changes:
+ 1) ValueToInt32 will now always just defer to the non-speculative path, instead
+ of exiting, if it doesn't know what speculations to perform.
+ 2) ValueToInt32 will speculate boolean if it sees this to be profitable.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateBoolean):
+ (Node):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+
+2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ More Windows build fixing
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Windows build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Type conversion of exponential part failed
+ https://bugs.webkit.org/show_bug.cgi?id=80673
+
+ Reviewed by Geoffrey Garen.
+
+ * parser/Lexer.cpp:
+ (JSC::::lex):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::parseInt):
+ (JSC):
+ (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
+ we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template
+ parameter for strtod to allow trailing spaces.
+ (JSC::toDouble):
+ (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
+ * runtime/LiteralParser.cpp:
+ (JSC::::Lexer::lexNumber):
+ * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that
+ we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
+ * wtf/dtoa.cpp:
+ (WTF):
+ (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were
+ broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
+ * wtf/dtoa.h:
+ * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the
+ Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
+ A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those
+ here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
+ * wtf/text/WTFString.cpp:
+ (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
+
+2012-03-13 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
+ Removing the assert for now.
+
+ * dfg/DFGOperations.h:
+ * llint/LLIntSlowPaths.h:
+
+2012-03-13 Filip Pizlo <fpizlo@apple.com>
+
+ Functions with C linkage should return POD types
+ https://bugs.webkit.org/show_bug.cgi?id=81061
+
+ Reviewed by Mark Rowe.
+
+ * dfg/DFGOperations.h:
+ * llint/LLIntSlowPaths.h:
+ (LLInt):
+ (SlowPathReturnType):
+ (JSC::LLInt::encodeResult):
+
+2012-03-13 Filip Pizlo <fpizlo@apple.com>
+
+ Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
+ https://bugs.webkit.org/show_bug.cgi?id=80979
+ <rdar://problem/11036848>
+
+ Reviewed by Oliver Hunt.
+
+ Also improved DFG IR dumping to include type information in a somewhat more
+ intuitive way.
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToAbbreviatedString):
+ (JSC):
+ * bytecode/PredictedType.h:
+ (JSC):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
+
+2012-03-13 George Staikos <staikos@webkit.org>
+
+ The callback is only used if SA_RESTART is defined. Compile it out
+ otherwise to avoid a warning.
+ https://bugs.webkit.org/show_bug.cgi?id=80926
+
+ Reviewed by Alexey Proskuryakov.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC):
+
+2012-03-13 Hojong Han <hojong.han@samsung.com>
+
+ Dump the generated code for ARM_TRADITIONAL
+ https://bugs.webkit.org/show_bug.cgi?id=80975
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::dumpCode):
+
+2012-03-13 Adam Barth <abarth@webkit.org> && Benjamin Poulain <bpoulain@apple.com>
+
+ Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
+ https://bugs.webkit.org/show_bug.cgi?id=78853
+
+ Reviewed by Adam Barth.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2012-03-13 Kwonjin Jeong <gram@company100.net>
+
+ Remove SlotVisitor::copy() method.
+ https://bugs.webkit.org/show_bug.cgi?id=80973
+
+ Reviewed by Geoffrey Garen.
+
+ SlotVisitor::copy() method isn't called anywhere.
+
+ * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
+ * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
+
+2012-03-12 Hojong Han <hojong.han@samsung.com>
+
+ Fix test cases for RegExp multiline
+ https://bugs.webkit.org/show_bug.cgi?id=80822
+
+ Reviewed by Gavin Barraclough.
+
+ * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
+ * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
+ * tests/mozilla/js1_2/regexp/beginLine.js:
+ * tests/mozilla/js1_2/regexp/endLine.js:
+
+2012-03-12 Filip Pizlo <fpizlo@apple.com>
+
+ Arithmetic use inference should be procedure-global and should run in tandem
+ with type propagation
+ https://bugs.webkit.org/show_bug.cgi?id=80819
+ <rdar://problem/11034006>
+
+ Reviewed by Gavin Barraclough.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
+ * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
+ (PredictionPropagationPhase):
+ (JSC::DFG::PredictionPropagationPhase::isNotZero):
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::VariableAccessData):
+ (JSC::DFG::VariableAccessData::flags):
+ (VariableAccessData):
+ (JSC::DFG::VariableAccessData::mergeFlags):
+
+2012-03-12 Filip Pizlo <fpizlo@apple.com>
+
+ Node::op and Node::flags should be private
+ https://bugs.webkit.org/show_bug.cgi?id=80824
+ <rdar://problem/11033435>
+
+ Reviewed by Gavin Barraclough.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ (JSC::DFG::AbstractState::mergeToSuccessors):
+ * dfg/DFGArithNodeFlagsInferencePhase.cpp:
+ (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::flushArgument):
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::isJSConstant):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::linkBlock):
+ * dfg/DFGCFAPhase.cpp:
+ (JSC::DFG::CFAPhase::performBlockCFA):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::canonicalize):
+ (JSC::DFG::CSEPhase::endIndexForPureCSE):
+ (JSC::DFG::CSEPhase::pureCSE):
+ (JSC::DFG::CSEPhase::byValIsPure):
+ (JSC::DFG::CSEPhase::clobbersWorld):
+ (JSC::DFG::CSEPhase::impureCSE):
+ (JSC::DFG::CSEPhase::globalVarLoadElimination):
+ (JSC::DFG::CSEPhase::getByValLoadElimination):
+ (JSC::DFG::CSEPhase::checkFunctionElimination):
+ (JSC::DFG::CSEPhase::checkStructureLoadElimination):
+ (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
+ (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (DFG):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::addShouldSpeculateInteger):
+ (JSC::DFG::Graph::negateShouldSpeculateInteger):
+ (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
+ * dfg/DFGNode.cpp: Removed.
+ * dfg/DFGNode.h:
+ (DFG):
+ (JSC::DFG::Node::Node):
+ (Node):
+ (JSC::DFG::Node::op):
+ (JSC::DFG::Node::flags):
+ (JSC::DFG::Node::setOp):
+ (JSC::DFG::Node::setFlags):
+ (JSC::DFG::Node::mergeFlags):
+ (JSC::DFG::Node::filterFlags):
+ (JSC::DFG::Node::clearFlags):
+ (JSC::DFG::Node::setOpAndDefaultFlags):
+ (JSC::DFG::Node::mustGenerate):
+ (JSC::DFG::Node::isConstant):
+ (JSC::DFG::Node::isWeakConstant):
+ (JSC::DFG::Node::valueOfJSConstant):
+ (JSC::DFG::Node::hasVariableAccessData):
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::resolveGlobalDataIndex):
+ (JSC::DFG::Node::hasArithNodeFlags):
+ (JSC::DFG::Node::arithNodeFlags):
+ (JSC::DFG::Node::setArithNodeFlag):
+ (JSC::DFG::Node::mergeArithNodeFlags):
+ (JSC::DFG::Node::hasConstantBuffer):
+ (JSC::DFG::Node::hasRegexpIndex):
+ (JSC::DFG::Node::hasVarNumber):
+ (JSC::DFG::Node::hasScopeChainDepth):
+ (JSC::DFG::Node::hasResult):
+ (JSC::DFG::Node::hasInt32Result):
+ (JSC::DFG::Node::hasNumberResult):
+ (JSC::DFG::Node::hasJSResult):
+ (JSC::DFG::Node::hasBooleanResult):
+ (JSC::DFG::Node::isJump):
+ (JSC::DFG::Node::isBranch):
+ (JSC::DFG::Node::isTerminal):
+ (JSC::DFG::Node::hasHeapPrediction):
+ (JSC::DFG::Node::hasFunctionCheckData):
+ (JSC::DFG::Node::hasStructureTransitionData):
+ (JSC::DFG::Node::hasStructureSet):
+ (JSC::DFG::Node::hasStorageAccessData):
+ (JSC::DFG::Node::hasFunctionDeclIndex):
+ (JSC::DFG::Node::hasFunctionExprIndex):
+ (JSC::DFG::Node::child1):
+ (JSC::DFG::Node::child2):
+ (JSC::DFG::Node::child3):
+ (JSC::DFG::Node::firstChild):
+ (JSC::DFG::Node::numChildren):
+ * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
+ * dfg/DFGNodeFlags.h: Added.
+ (DFG):
+ (JSC::DFG::nodeUsedAsNumber):
+ (JSC::DFG::nodeCanTruncateInteger):
+ (JSC::DFG::nodeCanIgnoreNegativeZero):
+ (JSC::DFG::nodeMayOverflow):
+ (JSC::DFG::nodeCanSpeculateInteger):
+ * dfg/DFGNodeType.h: Added.
+ (DFG):
+ (JSC::DFG::defaultFlags):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::vote):
+ (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
+ (JSC::DFG::PredictionPropagationPhase::fixupNode):
+ * dfg/DFGRedundantPhiEliminationPhase.cpp:
+ (JSC::DFG::RedundantPhiEliminationPhase::run):
+ (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
+ (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::useChildren):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compileMovHint):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compileAdd):
+ (JSC::DFG::SpeculativeJIT::compare):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ (JSC::DFG::VirtualRegisterAllocationPhase::run):
+
+2012-03-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ Minor DataLog fixes
+ https://bugs.webkit.org/show_bug.cgi?id=80826
+
+ Reviewed by Andreas Kling.
+
+ * bytecode/ExecutionCounter.cpp:
+ Do not include DataLog.h, it is not used.
+
+ * jit/ExecutableAllocator.cpp:
+ Ditto.
+
+ * wtf/DataLog.cpp:
+ (WTF::initializeLogFileOnce):
+ Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
+
+ * wtf/HashTable.cpp:
+ Include DataLog as it is used.
+
+2012-03-12 SangGyu Lee <sg5.lee@samsung.com>
+
+ Integer overflow check code in arithmetic operation in classic interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=80465
+
+ Reviewed by Gavin Barraclough.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2012-03-12 Zeno Albisser <zeno@webkit.org>
+
+ [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
+ https://bugs.webkit.org/show_bug.cgi?id=80827
+
+ Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
+
+ Reviewed by Simon Hausmann.
+
+ * wtf/Platform.h:
+
+2012-03-12 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed prospective Qt/Mac build fix
+
+ * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
+ whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
+ constructor.
+
+2012-03-12 Filip Pizlo <fpizlo@apple.com>
+
+ All DFG nodes should have a mutable set of flags
+ https://bugs.webkit.org/show_bug.cgi?id=80779
+ <rdar://problem/11026218>
+
+ Reviewed by Gavin Barraclough.
+
+ Got rid of NodeId, and placed all of the flags that distinguished NodeId
+ from NodeType into a separate Node::flags field. Combined what was previously
+ ArithNodeFlags into Node::flags.
+
+ In the process of debugging, I found that the debug support in the virtual
+ register allocator was lacking, so I improved it. I also realized that the
+ virtual register allocator was assuming that the nodes in a basic block were
+ contiguous, which is no longer the case. So I fixed that. The fix also made
+ it natural to have more extreme assertions, so I added them. I suspect this
+ will make it easier to catch virtual register allocation bugs in the future.
+
+ This is mostly performance neutral; if anything it looks like a slight
+ speed-up.
+
+ This patch does leave some work for future refactorings; for example, Node::op
+ is unencapsulated. This was already the case, though now it feels even more
+ like it should be. I avoided doing that because this patch has already grown
+ way bigger than I wanted.
+
+ Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
+ move some unnecessarily inline stuff out of DFGNode.h.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGArithNodeFlagsInferencePhase.cpp:
+ (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCFAPhase.cpp:
+ (JSC::DFG::CFAPhase::performBlockCFA):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::endIndexForPureCSE):
+ (JSC::DFG::CSEPhase::pureCSE):
+ (JSC::DFG::CSEPhase::clobbersWorld):
+ (JSC::DFG::CSEPhase::impureCSE):
+ (JSC::DFG::CSEPhase::setReplacement):
+ (JSC::DFG::CSEPhase::eliminate):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ (JSC::DFG::CSEPhase::performBlockCSE):
+ (CSEPhase):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::opName):
+ (JSC::DFG::Graph::dump):
+ (DFG):
+ * dfg/DFGNode.cpp: Added.
+ (DFG):
+ (JSC::DFG::arithNodeFlagsAsString):
+ * dfg/DFGNode.h:
+ (DFG):
+ (JSC::DFG::nodeUsedAsNumber):
+ (JSC::DFG::nodeCanTruncateInteger):
+ (JSC::DFG::nodeCanIgnoreNegativeZero):
+ (JSC::DFG::nodeMayOverflow):
+ (JSC::DFG::nodeCanSpeculateInteger):
+ (JSC::DFG::defaultFlags):
+ (JSC::DFG::Node::Node):
+ (Node):
+ (JSC::DFG::Node::setOpAndDefaultFlags):
+ (JSC::DFG::Node::mustGenerate):
+ (JSC::DFG::Node::arithNodeFlags):
+ (JSC::DFG::Node::setArithNodeFlag):
+ (JSC::DFG::Node::mergeArithNodeFlags):
+ (JSC::DFG::Node::hasResult):
+ (JSC::DFG::Node::hasInt32Result):
+ (JSC::DFG::Node::hasNumberResult):
+ (JSC::DFG::Node::hasJSResult):
+ (JSC::DFG::Node::hasBooleanResult):
+ (JSC::DFG::Node::isJump):
+ (JSC::DFG::Node::isBranch):
+ (JSC::DFG::Node::isTerminal):
+ (JSC::DFG::Node::child1):
+ (JSC::DFG::Node::child2):
+ (JSC::DFG::Node::child3):
+ (JSC::DFG::Node::firstChild):
+ (JSC::DFG::Node::numChildren):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::vote):
+ (JSC::DFG::PredictionPropagationPhase::fixupNode):
+ * dfg/DFGScoreBoard.h:
+ (ScoreBoard):
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::assertClear):
+ (JSC::DFG::ScoreBoard::use):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::useChildren):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ (JSC::DFG::VirtualRegisterAllocationPhase::run):
+
+2012-03-10 Filip Pizlo <fpizlo@apple.com>
+
+ LLInt should support JSVALUE64
+ https://bugs.webkit.org/show_bug.cgi?id=79609
+ <rdar://problem/10063437>
+
+ Reviewed by Gavin Barraclough and Oliver Hunt.
+
+ Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
+ patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
+ file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
+ specialized for value representation.
+
+ Also made some minor changes to offlineasm and the slow-paths.
+
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LLIntEntrypoints.cpp:
+ * llint/LLIntSlowPaths.cpp:
+ (LLInt):
+ (JSC::LLInt::llint_trace_value):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::jitCompileAndSetHeuristics):
+ * llint/LLIntSlowPaths.h:
+ (LLInt):
+ (SlowPathReturnType):
+ (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
+ (JSC::LLInt::encodeResult):
+ * llint/LLIntThunks.cpp:
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * offlineasm/armv7.rb:
+ * offlineasm/asm.rb:
+ * offlineasm/ast.rb:
+ * offlineasm/backends.rb:
+ * offlineasm/instructions.rb:
+ * offlineasm/parser.rb:
+ * offlineasm/registers.rb:
+ * offlineasm/transform.rb:
+ * offlineasm/x86.rb:
+ * wtf/Platform.h:
+
+2012-03-10 Yong Li <yoli@rim.com>
+
+ Web Worker crashes with WX_EXCLUSIVE
+ https://bugs.webkit.org/show_bug.cgi?id=80532
+
+ Let each JS global object own a meta allocator
+ for WX_EXCLUSIVE to avoid conflicts from Web Worker.
+ Also fix a mutex leak in MetaAllocator's dtor.
+
+ Reviewed by Filip Pizlo.
+
+ * jit/ExecutableAllocator.cpp:
+ (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
+ (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
+ (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
+ (DemandExecutableAllocator):
+ (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
+ (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
+ (JSC::DemandExecutableAllocator::allocateNewSpace):
+ (JSC::DemandExecutableAllocator::allocators):
+ (JSC::DemandExecutableAllocator::allocatorsMutex):
+ (JSC):
+ (JSC::ExecutableAllocator::initializeAllocator):
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutableAllocator::underMemoryPressure):
+ (JSC::ExecutableAllocator::memoryPressureMultiplier):
+ (JSC::ExecutableAllocator::allocate):
+ (JSC::ExecutableAllocator::committedByteCount):
+ (JSC::ExecutableAllocator::dumpProfile):
+ * jit/ExecutableAllocator.h:
+ (JSC):
+ (ExecutableAllocator):
+ (JSC::ExecutableAllocator::allocator):
+ * wtf/MetaAllocator.h:
+ (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
+ * wtf/TCSpinLock.h:
+ (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
+
+2012-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Object.freeze broken on latest Nightly
+ https://bugs.webkit.org/show_bug.cgi?id=80577
+
+ Reviewed by Oliver Hunt.
+
+ The problem here is that deleteProperty rejects deletion of prototype.
+ This is correct in most cases, however defineOwnPropery is presently
+ implemented internally to ensure the attributes change by deleting the
+ old property, and creating a new one.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::deleteProperty):
+ - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
+
+2012-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Array.prototype.toLocaleString visits elements in wrong order under certain conditions
+ https://bugs.webkit.org/show_bug.cgi?id=80663
+
+ Reviewed by Michael Saboff.
+
+ The bug here is actually that we're continuing to process the array after an exception
+ has been thrown, and that the second value throw is overriding the first.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToLocaleString):
+
+2012-03-09 Ryosuke Niwa <rniwa@webkit.org>
+
+ WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
+ https://bugs.webkit.org/show_bug.cgi?id=80080
+
+ Reviewed by Filip Pizlo.
+
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingRegion::Locker::Locker):
+ (JSC::SamplingRegion::Locker::~Locker):
+ * bytecode/SamplingTool.h:
+ (JSC::SamplingRegion::exchangeCurrent):
+ * wtf/Atomics.h:
+ (WTF):
+ (WTF::weakCompareAndSwap):
+ (WTF::weakCompareAndSwapUIntPtr):
+
+2012-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
+ https://bugs.webkit.org/show_bug.cgi?id=49989
+
+ Reviewed by Oliver Hunt.
+
+ Patch originally by chris reiss <christopher.reiss@nokia.com>,
+ allow the year to appear before the timezone in date strings.
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+
+2012-03-09 Mark Rowe <mrowe@apple.com>
+
+ Ensure that the WTF headers are copied at installhdrs time.
+
+ Reviewed by Dan Bernstein and Jessie Berlin.
+
+ * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
+ so that our script phases are invoked at installhdrs time. The only one that
+ does any useful work at that time is the one that installs WTF headers.
+
+2012-03-09 Jon Lee <jonlee@apple.com>
+
+ Add support for ENABLE(LEGACY_NOTIFICATIONS)
+ https://bugs.webkit.org/show_bug.cgi?id=80497
+
+ Reviewed by Adam Barth.
+
+ Prep for b80472: Update API for Web Notifications
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-03-09 Ashod Nakashian <ashodnakashian@yahoo.com>
+
+ Bash scripts should support LF endings only
+ https://bugs.webkit.org/show_bug.cgi?id=79509
+
+ Reviewed by David Kilzer.
+
+ * gyp/generate-derived-sources.sh: Added property svn:eol-style.
+ * gyp/run-if-exists.sh: Added property svn:eol-style.
+ * gyp/update-info-plist.sh: Added property svn:eol-style.
+
+2012-03-09 Jessie Berlin <jberlin@apple.com>
+
+ Windows debug build fix.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::shouldBlind):
+ Fix unreachable code warnings (which we treat as errors).
+
+2012-03-09 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Zoltan Herczeg.
+
+ [Qt] Fix the SH4 build after r109834
+ https://bugs.webkit.org/show_bug.cgi?id=80492
+
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::branchAdd32):
+ (JSC::MacroAssemblerSH4::branchSub32):
+
+2012-03-09 Andy Wingo <wingo@igalia.com>
+
+ Refactor code feature analysis in the parser
+ https://bugs.webkit.org/show_bug.cgi?id=79112
+
+ Reviewed by Geoffrey Garen.
+
+ This commit refactors the parser to more uniformly propagate flag
+ bits down and up the parse process, as the parser descends and
+ returns into nested blocks. Some flags get passed town to
+ subscopes, some apply to specific scopes only, and some get
+ unioned up after parsing subscopes.
+
+ The goal is to eventually be very precise with scoping
+ information, once we have block scopes: one block scope might use
+ `eval', which would require the emission of a symbol table within
+ that block and containing blocks, whereas another block in the
+ same function might not, allowing us to not emit a symbol table.
+
+ * parser/Nodes.h:
+ (JSC::ScopeFlags): Rename from CodeFeatures.
+ (JSC::ScopeNode::addScopeFlags):
+ (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
+ (JSC::ScopeNode::isStrictMode):
+ (JSC::ScopeNode::usesEval):
+ (JSC::ScopeNode::usesArguments):
+ (JSC::ScopeNode::setUsesArguments):
+ (JSC::ScopeNode::usesThis):
+ (JSC::ScopeNode::needsActivationForMoreThanVariables):
+ (JSC::ScopeNode::needsActivation): Refactor these accessors to
+ operate on the m_scopeFlags member.
+ (JSC::ScopeNode::source):
+ (JSC::ScopeNode::sourceURL):
+ (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
+ semantic change.
+ (JSC::ScopeNode::ScopeNode)
+ (JSC::ProgramNode::ProgramNode)
+ (JSC::EvalNode::EvalNode)
+ (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
+ take a ScopeFlags as an argument, instead of a bool inStrictContext.
+
+ * parser/Nodes.cpp:
+ (JSC::ScopeNode::ScopeNode):
+ (JSC::ProgramNode::ProgramNode):
+ (JSC::ProgramNode::create):
+ (JSC::EvalNode::EvalNode):
+ (JSC::EvalNode::create):
+ (JSC::FunctionBodyNode::FunctionBodyNode):
+ (JSC::FunctionBodyNode::create): Adapt constructors to change.
+
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::ASTBuilder):
+ (JSC::ASTBuilder::thisExpr):
+ (JSC::ASTBuilder::createResolve):
+ (JSC::ASTBuilder::createFunctionBody):
+ (JSC::ASTBuilder::createFuncDeclStatement):
+ (JSC::ASTBuilder::createTryStatement):
+ (JSC::ASTBuilder::createWithStatement):
+ (JSC::ASTBuilder::addVar):
+ (JSC::ASTBuilder::Scope::Scope):
+ (Scope):
+ (ASTBuilder):
+ (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
+ features here. Instead rely on the base Parser mechanism to track
+ features.
+
+ * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
+
+ * parser/Parser.h:
+ (JSC::Scope::Scope): Manage scope through flags, not
+ bit-booleans. This lets us uniformly propagate them up and down.
+ (JSC::Scope::declareWrite):
+ (JSC::Scope::declareParameter):
+ (JSC::Scope::useVariable):
+ (JSC::Scope::collectFreeVariables):
+ (JSC::Scope::getCapturedVariables):
+ (JSC::Scope::saveFunctionInfo):
+ (JSC::Scope::restoreFunctionInfo):
+ (JSC::Parser::pushScope): Adapt to use scope flags and their
+ accessors instead of bit-booleans.
+ * parser/Parser.cpp:
+ (JSC::::Parser):
+ (JSC::::parseInner):
+ (JSC::::didFinishParsing):
+ (JSC::::parseSourceElements):
+ (JSC::::parseVarDeclarationList):
+ (JSC::::parseConstDeclarationList):
+ (JSC::::parseWithStatement):
+ (JSC::::parseTryStatement):
+ (JSC::::parseFunctionBody):
+ (JSC::::parseFunctionInfo):
+ (JSC::::parseFunctionDeclaration):
+ (JSC::::parsePrimaryExpression): Hoist some of the flag handling
+ out of the "context" (ASTBuilder or SyntaxChecker) and to here.
+ Does not seem to have a performance impact.
+
+ * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
+ Cache the scopeflags.
+ * parser/SyntaxChecker.h: Remove evalCount() decl.
+
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::ScriptExecutable::usesEval):
+ (JSC::ScriptExecutable::usesArguments):
+ (JSC::ScriptExecutable::needsActivation):
+ (JSC::ScriptExecutable::isStrictMode):
+ (JSC::ScriptExecutable::recordParse):
+ (ScriptExecutable): ScopeFlags, not features.
+
+2012-03-08 Benjamin Poulain <bpoulain@apple.com>
+
+ Build fix for MSVC after r110266
+
+ Unreviewed. A #ifdef for MSVC was left over in r110266.
+
+ * runtime/RegExpObject.h:
+ (RegExpObject):
+
+2012-03-08 Benjamin Poulain <bpoulain@apple.com>
+
+ Allocate the RegExpObject's data with the Cell
+ https://bugs.webkit.org/show_bug.cgi?id=80654
+
+ Reviewed by Gavin Barraclough.
+
+ This patch removes the creation of RegExpObject's data to avoid the overhead
+ create by the allocation and destruction.
+
+ We RegExp are created repeatedly, this provides some performance improvment.
+ The PeaceKeeper test stringDetectBrowser improves by 10%.
+
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ (JSC::RegExpObject::visitChildren):
+ (JSC::RegExpObject::getOwnPropertyDescriptor):
+ (JSC::RegExpObject::defineOwnProperty):
+ (JSC::RegExpObject::match):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::setRegExp):
+ (JSC::RegExpObject::regExp):
+ (JSC::RegExpObject::setLastIndex):
+ (JSC::RegExpObject::getLastIndex):
+ (RegExpObject):
+
+2012-03-08 Steve Falkenburg <sfalken@apple.com>
+
+ Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
+ https://bugs.webkit.org/show_bug.cgi?id=80657
+
+ Preparation for WTF separation from JavaScriptCore.
+ The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
+ dependencies for generated files.
+
+ This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
+ versions of the WTF code independent of the JavaScriptCore code.
+
+ Reviewed by Jessie Berlin.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
+ * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
+ * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
+ * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
+ * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
+ * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
+ * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
+ * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
+ * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
+
+2012-03-08 Benjamin Poulain <benjamin@webkit.org>
+
+ Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
+ https://bugs.webkit.org/show_bug.cgi?id=80652
+
+ Reviewed by Eric Seidel.
+
+ Fix the header, URLSegments.h is not part of the API.
+
+ * wtf/url/api/ParsedURL.h:
+
+2012-03-08 Ryosuke Niwa <rniwa@webkit.org>
+
+ Mac build fix for micro data API.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-03-08 Gavin Barraclough <barraclough@apple.com>
+
+ String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
+ https://bugs.webkit.org/show_bug.cgi?id=26890
+
+ Reviewed by Oliver Hunt.
+
+ Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::replaceUsingRegExpSearch):
+ (JSC::stringProtoFuncMatch):
+ - added calls to setLastIndex.
+
+2012-03-08 Matt Lilek <mrl@apple.com>
+
+ Don't enable VIDEO_TRACK on all OS X platforms
+ https://bugs.webkit.org/show_bug.cgi?id=80635
+
+ Reviewed by Eric Carlson.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-03-08 Oliver Hunt <oliver@apple.com>
+
+ Build fix. That day is not today.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::shouldBlind):
+ * assembler/MacroAssemblerX86Common.h:
+ (MacroAssemblerX86Common):
+ (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
+
+2012-03-08 Oliver Hunt <oliver@apple.com>
+
+ Build fix. One of these days I'll manage to commit something that works everywhere.
+
+ * assembler/AbstractMacroAssembler.h:
+ (AbstractMacroAssembler):
+ * assembler/MacroAssemblerARMv7.h:
+ (MacroAssemblerARMv7):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
+ (MacroAssemblerX86Common):
+
+2012-03-08 Chao-ying Fu <fu@mips.com>
+
+ Update MIPS patchOffsetGetByIdSlowCaseCall
+ https://bugs.webkit.org/show_bug.cgi?id=80302
+
+ Reviewed by Oliver Hunt.
+
+ * jit/JIT.h:
+ (JIT):
+
+2012-03-08 Oliver Hunt <oliver@apple.com>
+
+ Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
+ https://bugs.webkit.org/show_bug.cgi?id=80633
+
+ Reviewed by Gavin Barraclough.
+
+ Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
+ if there isn't a machine specific implementation (otherwise the 64bit value
+ got truncated and 32bit checks were used -- leaving 32bits untested).
+ Also add a bit of logic to ensure that we don't try to blind a few common
+ constants that go through the ImmPtr paths -- encoded numeric JSValues and
+ unencoded doubles with common "safe" values.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::shouldBlindDouble):
+ (MacroAssembler):
+ (JSC::MacroAssembler::shouldBlind):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
+
+2012-03-08 Mark Rowe <mrowe@apple.com>
+
+ <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
+
+ Reviewed by Dan Bernstein.
+
+ * Configurations/Base.xcconfig:
+
+2012-03-08 Steve Falkenburg <sfalken@apple.com>
+
+ Fix line endings for copy-files.cmd.
+
+ If a cmd file doesn't have Windows line endings, it doesn't work properly.
+ In this case, the label :clean wasn't found, breaking the clean build.
+
+ Reviewed by Jessie Berlin.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+
+2012-03-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CFA incorrectly handles ValueToInt32
+ https://bugs.webkit.org/show_bug.cgi?id=80568
+
+ Reviewed by Gavin Barraclough.
+
+ Changed it match exactly the decision pattern used in
+ DFG::SpeculativeJIT::compileValueToInt32
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+
+2012-03-08 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
+
+ [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
+ https://bugs.webkit.org/show_bug.cgi?id=80524
+
+ Reviewed by Simon Hausmann.
+
+ Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking
+ of WTF library.
+
+ * runtime/Identifier.cpp:
+ * wtf/WTFThreadData.cpp:
+ (JSC):
+ (JSC::IdentifierTable::~IdentifierTable):
+ (JSC::IdentifierTable::add):
+
+2012-03-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG instruction count threshold should be lifted to 10000
+ https://bugs.webkit.org/show_bug.cgi?id=80579
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions):
+
+2012-03-07 Filip Pizlo <fpizlo@apple.com>
+
+ Incorrect tracking of abstract values of variables forced double
+ https://bugs.webkit.org/show_bug.cgi?id=80566
+ <rdar://problem/11001442>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+
+2012-03-07 Chao-yng Fu <fu@mips.com>
+
+ [Qt] Fix the MIPS/SH4 build after r109834
+ https://bugs.webkit.org/show_bug.cgi?id=80492
+
+ Reviewed by Oliver Hunt.
+
+ Implement three-argument branch(Add,Sub)32.
+
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::add32):
+ (MacroAssemblerMIPS):
+ (JSC::MacroAssemblerMIPS::sub32):
+ (JSC::MacroAssemblerMIPS::branchAdd32):
+ (JSC::MacroAssemblerMIPS::branchSub32):
+
+2012-03-07 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r110127.
+ http://trac.webkit.org/changeset/110127
+ https://bugs.webkit.org/show_bug.cgi?id=80562
+
+ compile failed on AppleWin (Requested by ukai on #webkit).
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+ * heap/Heap.h:
+ (JSC):
+ (Heap):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::finalize):
+ * runtime/Executable.h:
+ (FunctionExecutable):
+ (JSC::FunctionExecutable::create):
+ * runtime/JSGlobalData.cpp:
+ (WTF):
+ (Recompiler):
+ (WTF::Recompiler::operator()):
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC):
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
+
+2012-03-07 Hojong Han <hojong.han@samsung.com>
+
+ The end atom of the marked block considered to filter invalid cells
+ https://bugs.webkit.org/show_bug.cgi?id=79191
+
+ Reviewed by Geoffrey Garen.
+
+ Register file could have stale pointers beyond the end atom of marked block.
+ Those pointers can weasel out of filtering in-middle-of-cell pointer.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isLiveCell):
+
+2012-03-07 Jessie Berlin <jberlin@apple.com>
+
+ Clean Windows build fails after r110033
+ https://bugs.webkit.org/show_bug.cgi?id=80553
+
+ Rubber-stamped by Jon Honeycutt and Eric Seidel.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ Place the implementation files next to their header files in the wtf/text subdirectory.
+ Use echo -F to tell xcopy that these are files (since there is apparently no flag).
+ * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+ Update the path to those implementation files.
+ * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
+ Ditto.
+
+2012-03-07 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Eliminate redundant Phis in DFG
+ https://bugs.webkit.org/show_bug.cgi?id=80415
+
+ Reviewed by Filip Pizlo.
+
+ Although this may not have any advantage at current stage, this is towards
+ minimal SSA to make more high level optimizations (like bug 76770) easier.
+ We have the choices either to build minimal SSA from scratch or to
+ keep current simple Phi insertion mechanism and remove the redundancy
+ in another phase. Currently we choose the latter because the change
+ could be smaller.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
+ (DFG):
+ (RedundantPhiEliminationPhase):
+ (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
+ (JSC::DFG::RedundantPhiEliminationPhase::run):
+ (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
+ (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
+ (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
+ (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
+ (JSC::DFG::performRedundantPhiElimination):
+ * dfg/DFGRedundantPhiEliminationPhase.h: Added.
+ (DFG):
+
+2012-03-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor recompileAllJSFunctions() to be less expensive
+ https://bugs.webkit.org/show_bug.cgi?id=80330
+
+ Reviewed by Geoffrey Garen.
+
+ This change is performance neutral on the JS benchmarks we track. It's mostly to improve page
+ load performance, which currently does at least a couple full GCs per navigation.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode
+ because the function doesn't actually recompile anything (and never did); it simply throws code
+ away for it to be recompiled later if we determine we should do so.
+ (JSC):
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
+ (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
+ * heap/Heap.h:
+ (JSC):
+ (Heap):
+ * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can
+ be used in DoublyLinkedLists.
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
+ * runtime/Executable.h:
+ (FunctionExecutable):
+ (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
+ * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage
+ the list of FunctionExecutables.
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
+
+2012-03-06 Oliver Hunt <oliver@apple.com>
+
+ Further harden 64-bit JIT
+ https://bugs.webkit.org/show_bug.cgi?id=80457
+
+ Reviewed by Filip Pizlo.
+
+ This patch implements blinding for ImmPtr. Rather than xor based blinding
+ we perform randomised pointer rotations in order to avoid the significant
+ cost in executable memory that would otherwise be necessary (and to avoid
+ the need for an additional scratch register in some cases).
+
+ As with the prior blinding patch there's a moderate amount of noise as we
+ correct the use of ImmPtr vs. TrustedImmPtr.
+
+ * assembler/AbstractMacroAssembler.h:
+ (ImmPtr):
+ (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
+ * assembler/MacroAssembler.h:
+ (MacroAssembler):
+ (JSC::MacroAssembler::storePtr):
+ (JSC::MacroAssembler::branchPtr):
+ (JSC::MacroAssembler::shouldBlind):
+ (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
+ (RotatedImmPtr):
+ (JSC::MacroAssembler::rotationBlindConstant):
+ (JSC::MacroAssembler::loadRotationBlindedConstant):
+ (JSC::MacroAssembler::convertInt32ToDouble):
+ (JSC::MacroAssembler::move):
+ (JSC::MacroAssembler::poke):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::storeDouble):
+ (JSC::MacroAssemblerARMv7::branchAdd32):
+ * assembler/MacroAssemblerX86_64.h:
+ (MacroAssemblerX86_64):
+ (JSC::MacroAssemblerX86_64::rotateRightPtr):
+ (JSC::MacroAssemblerX86_64::xorPtr):
+ * assembler/X86Assembler.h:
+ (X86Assembler):
+ (JSC::X86Assembler::xorq_rm):
+ (JSC::X86Assembler::rorq_i8r):
+ * dfg/DFGCCallHelpers.h:
+ (CCallHelpers):
+ (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::createOSREntries):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentFillGPR):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ (JSC::DFG::SpeculativeJIT::emitEdgeCode):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::fillDouble):
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitSlow_op_post_inc):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ (JSC::JIT::emitGetVirtualRegister):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_mov):
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emit_op_strcat):
+ (JSC::JIT::emit_op_ensure_property_exists):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ (JSC::JIT::emit_op_jmp_scopes):
+ (JSC::JIT::emit_op_switch_imm):
+ (JSC::JIT::emit_op_switch_char):
+ (JSC::JIT::emit_op_switch_string):
+ (JSC::JIT::emit_op_throw_reference_error):
+ (JSC::JIT::emit_op_debug):
+ (JSC::JIT::emitSlow_op_resolve_global_dynamic):
+ (JSC::JIT::emit_op_new_array):
+ (JSC::JIT::emitSlow_op_new_array):
+ (JSC::JIT::emit_op_new_array_buffer):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emit_op_strcat):
+ (JSC::JIT::emit_op_ensure_property_exists):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ (JSC::JIT::emit_op_jmp_scopes):
+ (JSC::JIT::emit_op_switch_imm):
+ (JSC::JIT::emit_op_switch_char):
+ (JSC::JIT::emit_op_switch_string):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_index):
+ * jit/JITStubCall.h:
+ (JITStubCall):
+ (JSC::JITStubCall::addArgument):
+
+2012-03-07 Simon Hausmann <simon.hausmann@nokia.com>
+
+ ARM build fix.
+
+ Reviewed by Zoltan Herczeg.
+
+ Implement three-argument branch(Add,Sub)32.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::add32):
+ (MacroAssemblerARM):
+ (JSC::MacroAssemblerARM::sub32):
+ (JSC::MacroAssemblerARM::branchAdd32):
+ (JSC::MacroAssemblerARM::branchSub32):
+
+2012-03-07 Andy Wingo <wingo@igalia.com>
+
+ Parser: Inline ScopeNodeData into ScopeNode
+ https://bugs.webkit.org/show_bug.cgi?id=79776
+
+ Reviewed by Geoffrey Garen.
+
+ It used to be that some ScopeNode members were kept in a separate
+ structure because sometimes they wouldn't be needed, and
+ allocating a ParserArena was expensive. This patch makes
+ ParserArena lazily allocate its IdentifierArena, allowing the
+ members to be included directly, which is simpler and easier to
+ reason about.
+
+ * parser/ParserArena.cpp:
+ (JSC::ParserArena::ParserArena):
+ (JSC::ParserArena::reset):
+ (JSC::ParserArena::isEmpty):
+ * parser/ParserArena.h:
+ (JSC::ParserArena::identifierArena): Lazily allocate the
+ IdentifierArena.
+
+ * parser/Nodes.cpp:
+ (JSC::ScopeNode::ScopeNode):
+ (JSC::ScopeNode::singleStatement):
+ (JSC::ProgramNode::create):
+ (JSC::EvalNode::create):
+ (JSC::FunctionBodyNode::create):
+ * parser/Nodes.h:
+ (JSC::ScopeNode::destroyData):
+ (JSC::ScopeNode::needsActivationForMoreThanVariables):
+ (JSC::ScopeNode::needsActivation):
+ (JSC::ScopeNode::hasCapturedVariables):
+ (JSC::ScopeNode::capturedVariableCount):
+ (JSC::ScopeNode::captures):
+ (JSC::ScopeNode::varStack):
+ (JSC::ScopeNode::functionStack):
+ (JSC::ScopeNode::neededConstants):
+ (ScopeNode):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
+ into ScopeNode. Adapt accessors.
+
+2012-03-06 Eric Seidel <eric@webkit.org>
+
+ Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
+ https://bugs.webkit.org/show_bug.cgi?id=80363
+
+ Reviewed by Mark Rowe.
+
+ Historically WTF has been part of JavaScriptCore, and on Mac and Windows
+ its headers have appeared as part of the "private" headers exported by
+ JavaScriptCore. All of the WTF headers there are "flattened" into a single
+ private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
+ to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
+
+ However, very soon, we are moving the WTF source code out of JavaScriptCore into its
+ own directory and project. As part of such, the WTF headers will no longer be part of
+ the JavaScriptCore private interfaces.
+ In preparation for that, this change makes both the Mac and Win builds export
+ WTF headers in a non-flattened manner. On Mac, that means into usr/local/include/wtf
+ (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
+
+ There are 5 parts to this change.
+ 1. Updates the JavaScriptCore XCode and VCProj files to actually install these headers
+ (and header directories) into the appropriate places in the build directory.
+ 2. Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
+ (WebCore, WebKit, etc. had already been taught to look in previous patches).
+ 3. Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
+ using fully qualified paths.
+ 4. Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
+ 5. Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
+
+ Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
+ It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
+ headers, those will have to be updated to use <wtf/Foo.h> after this change.
+ I've discussed this proposed change at length with Mark Rowe, and my understanding is they
+ are ready for (and interested in) this change happening.
+
+ * API/tests/JSNode.c:
+ * API/tests/JSNodeList.c:
+ * Configurations/Base.xcconfig:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerCodeRef.h:
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGOperations.cpp:
+ * heap/GCAssertions.h:
+ * heap/HandleHeap.h:
+ * heap/HandleStack.h:
+ * heap/MarkedSpace.h:
+ * heap/PassWeak.h:
+ * heap/Strong.h:
+ * heap/Weak.h:
+ * jit/HostCallReturnValue.cpp:
+ * jit/JIT.cpp:
+ * jit/JITStubs.cpp:
+ * jit/ThunkGenerators.cpp:
+ * parser/Lexer.cpp:
+ * runtime/Completion.cpp:
+ * runtime/Executable.cpp:
+ * runtime/Identifier.h:
+ * runtime/InitializeThreading.cpp:
+ * runtime/JSDateMath.cpp:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/JSStringBuilder.h:
+ * runtime/JSVariableObject.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/WriteBarrier.h:
+ * tools/CodeProfile.cpp:
+ * tools/TieredMMapArray.h:
+ * wtf/AVLTree.h:
+ * wtf/Alignment.h:
+ * wtf/AlwaysInline.h:
+ * wtf/ArrayBufferView.h:
+ * wtf/Assertions.h:
+ * wtf/Atomics.h:
+ * wtf/Bitmap.h:
+ * wtf/BoundsCheckedPointer.h:
+ * wtf/CheckedArithmetic.h:
+ * wtf/Deque.h:
+ * wtf/ExportMacros.h:
+ * wtf/FastAllocBase.h:
+ * wtf/FastMalloc.h:
+ * wtf/Float32Array.h:
+ * wtf/Float64Array.h:
+ * wtf/Functional.h:
+ * wtf/HashCountedSet.h:
+ * wtf/HashFunctions.h:
+ * wtf/HashMap.h:
+ * wtf/HashSet.h:
+ * wtf/HashTable.h:
+ * wtf/HashTraits.h:
+ * wtf/Int16Array.h:
+ * wtf/Int32Array.h:
+ * wtf/Int8Array.h:
+ * wtf/IntegralTypedArrayBase.h:
+ * wtf/ListHashSet.h:
+ * wtf/MainThread.h:
+ * wtf/MetaAllocator.h:
+ * wtf/Noncopyable.h:
+ * wtf/OwnArrayPtr.h:
+ * wtf/OwnPtr.h:
+ * wtf/PackedIntVector.h:
+ * wtf/ParallelJobs.h:
+ * wtf/PassOwnArrayPtr.h:
+ * wtf/PassOwnPtr.h:
+ * wtf/PassRefPtr.h:
+ * wtf/PassTraits.h:
+ * wtf/Platform.h:
+ * wtf/PossiblyNull.h:
+ * wtf/RefCounted.h:
+ * wtf/RefCountedLeakCounter.h:
+ * wtf/RefPtr.h:
+ * wtf/RetainPtr.h:
+ * wtf/SimpleStats.h:
+ * wtf/Spectrum.h:
+ * wtf/StdLibExtras.h:
+ * wtf/TCPageMap.h:
+ * wtf/TemporaryChange.h:
+ * wtf/ThreadSafeRefCounted.h:
+ * wtf/Threading.h:
+ * wtf/ThreadingPrimitives.h:
+ * wtf/TypeTraits.h:
+ * wtf/TypedArrayBase.h:
+ * wtf/Uint16Array.h:
+ * wtf/Uint32Array.h:
+ * wtf/Uint8Array.h:
+ * wtf/Uint8ClampedArray.h:
+ * wtf/UnusedParam.h:
+ * wtf/Vector.h:
+ * wtf/VectorTraits.h:
+ * wtf/dtoa/double-conversion.h:
+ * wtf/dtoa/utils.h:
+ * wtf/gobject/GRefPtr.h:
+ * wtf/gobject/GlibUtilities.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/AtomicStringImpl.h:
+ * wtf/text/CString.h:
+ * wtf/text/StringConcatenate.h:
+ * wtf/text/StringHash.h:
+ * wtf/text/WTFString.h:
+ * wtf/unicode/CharacterNames.h:
+ * wtf/unicode/UTF8.h:
+ * wtf/unicode/glib/UnicodeGLib.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+ * wtf/unicode/wince/UnicodeWinCE.h:
+ * wtf/url/api/ParsedURL.h:
+ * wtf/url/api/URLString.h:
+ * wtf/wince/FastMallocWinCE.h:
+ * yarr/YarrJIT.cpp:
+
+2012-03-06 Gavin Barraclough <barraclough@apple.com>
+
+ Array.prototype functions should throw if delete fails
+ https://bugs.webkit.org/show_bug.cgi?id=80467
+
+ Reviewed by Oliver Hunt.
+
+ All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
+ In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
+ in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
+ one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
+ routines, for handling arrays with holes. These three copies should be unified.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::shift):
+ (JSC::unshift):
+ - Added - shared copies of the shift/unshift functionality.
+ (JSC::arrayProtoFuncPop):
+ - should throw if the delete fails.
+ (JSC::arrayProtoFuncReverse):
+ - should throw if the delete fails.
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ - use shift/unshift.
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::shiftCount):
+ (JSC::JSArray::unshiftCount):
+ - Don't try to handle arrays with holes; return a value indicating
+ the generic routine should be used instead.
+ * runtime/JSArray.h:
+ - declaration for shiftCount/unshiftCount changed.
+ * tests/mozilla/js1_6/Array/regress-304828.js:
+ - this was asserting incorrect behaviour.
+
+2012-03-06 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
+ https://bugs.webkit.org/show_bug.cgi?id=80469
+
+ Reviewed by Antonio Gomes.
+
+ * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
+ property on the library being created.
+
+2012-03-06 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG BasicBlock should group the Phi nodes together and separate them
+ from the other nodes
+ https://bugs.webkit.org/show_bug.cgi?id=80361
+
+ Reviewed by Filip Pizlo.
+
+ This would make it more efficient to remove the redundant Phi nodes or
+ insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
+ This is performance neutral on SunSpider, V8 and Kraken.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::clobberStructures):
+ (JSC::DFG::AbstractState::dump):
+ * dfg/DFGBasicBlock.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (BasicBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::insertPhiNode):
+ * dfg/DFGCFAPhase.cpp:
+ (JSC::DFG::CFAPhase::performBlockCFA):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::pureCSE):
+ (JSC::DFG::CSEPhase::impureCSE):
+ (JSC::DFG::CSEPhase::globalVarLoadElimination):
+ (JSC::DFG::CSEPhase::getByValLoadElimination):
+ (JSC::DFG::CSEPhase::checkFunctionElimination):
+ (JSC::DFG::CSEPhase::checkStructureLoadElimination):
+ (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
+ (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
+ (JSC::DFG::CSEPhase::performBlockCSE):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-03-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ GCActivityCallback timer should vary with the length of the previous GC
+ https://bugs.webkit.org/show_bug.cgi?id=80344
+
+ Reviewed by Geoffrey Garen.
+
+ * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last
+ GC length so that the GC Activity Callback can use it.
+ (JSC::Heap::Heap):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (JSC::Heap::lastGCLength):
+ (Heap):
+ * runtime/GCActivityCallbackCF.cpp:
+ (JSC):
+ (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last
+ GC to determine the length of our timer trigger (currently set at 100x the duration
+ of the last GC).
+
+2012-03-06 Rob Buis <rbuis@rim.com>
+
+ BlackBerry] Fix cast-align gcc warnings when compiling JSC
+ https://bugs.webkit.org/show_bug.cgi?id=80420
+
+ Reviewed by Gavin Barraclough.
+
+ Fix warnings given in Blackberry build.
+
+ * heap/CopiedBlock.h:
+ (JSC::CopiedBlock::CopiedBlock):
+ * wtf/RefCountedArray.h:
+ (WTF::RefCountedArray::Header::fromPayload):
+
+2012-03-06 Gavin Barraclough <barraclough@apple.com>
+
+ writable/configurable not respected for some properties of Function/String/Arguments
+ https://bugs.webkit.org/show_bug.cgi?id=80436
+
+ Reviewed by Oliver Hunt.
+
+ Special properties should behave like regular properties.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::defineOwnProperty):
+ - Mis-nested logic for making read-only properties non-live.
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::put):
+ - arguments/length/caller are non-writable, non-configurable - reject appropriately.
+ (JSC::JSFunction::deleteProperty):
+ - Attempting to delete prototype/caller should fail.
+ (JSC::JSFunction::defineOwnProperty):
+ - Ensure prototype is reified on attempt to reify it.
+ - arguments/length/caller are non-writable, non-configurable - reject appropriately.
+ * runtime/JSFunction.h:
+ - added declaration for defineOwnProperty.
+ (JSFunction):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::put):
+ - length is non-writable, non-configurable - reject appropriately.
+
+2012-03-06 Ulan Degenbaev <ulan@chromium.org>
+
+ TypedArray subarray call for subarray does not clamp the end index parameter properly
+ https://bugs.webkit.org/show_bug.cgi?id=80285
+
+ Reviewed by Kenneth Russell.
+
+ * wtf/ArrayBufferView.h:
+ (WTF::ArrayBufferView::calculateOffsetAndLength):
+
+2012-03-06 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r109837.
+ http://trac.webkit.org/changeset/109837
+ https://bugs.webkit.org/show_bug.cgi?id=80399
+
+ breaks Mac Productions builds, too late to try and fix it
+ tonight (Requested by eseidel on #webkit).
+
+ * API/tests/JSNode.c:
+ * API/tests/JSNodeList.c:
+ * Configurations/Base.xcconfig:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerCodeRef.h:
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGOperations.cpp:
+ * heap/GCAssertions.h:
+ * heap/HandleHeap.h:
+ * heap/HandleStack.h:
+ * heap/MarkedSpace.h:
+ * heap/PassWeak.h:
+ * heap/Strong.h:
+ * heap/Weak.h:
+ * jit/HostCallReturnValue.cpp:
+ * jit/JIT.cpp:
+ * jit/JITStubs.cpp:
+ * jit/ThunkGenerators.cpp:
+ * parser/Lexer.cpp:
+ * runtime/Completion.cpp:
+ * runtime/Executable.cpp:
+ * runtime/Identifier.h:
+ * runtime/InitializeThreading.cpp:
+ * runtime/JSDateMath.cpp:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/JSStringBuilder.h:
+ * runtime/JSVariableObject.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/WriteBarrier.h:
+ * tools/CodeProfile.cpp:
+ * tools/TieredMMapArray.h:
+ * yarr/YarrJIT.cpp:
+
+2012-03-06 Zoltan Herczeg <zherczeg@webkit.org>
+
+ [Qt][ARM] Speculative buildfix after r109834.
+
+ Reviewed by Csaba Osztrogonác.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::and32):
+ (MacroAssemblerARM):
+
+2012-03-05 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed windows build fix pt 2.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-05 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed windows build fix pt 1.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-03-05 Gavin Barraclough <barraclough@apple.com>
+
+ putByIndex should throw in strict mode
+ https://bugs.webkit.org/show_bug.cgi?id=80335
+
+ Reviewed by Filip Pizlo.
+
+ Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
+
+ This is a largely mechanical change, simply adding an extra parameter to a number
+ of functions. Some call sites need perform additional exception checks, and
+ operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
+
+ This patch doesn't fix a missing throw from some cases of shift/unshift (this is
+ an existing bug), I'll follow up with a third patch to handle that.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectSetPropertyAtIndex):
+ * JSCTypedArrayStubs.h:
+ (JSC):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::putByIndex):
+ * runtime/Arguments.h:
+ (Arguments):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ * runtime/ClassInfo.h:
+ (MethodTable):
+ * runtime/JSArray.cpp:
+ (JSC::SparseArrayValueMap::put):
+ (JSC::JSArray::put):
+ (JSC::JSArray::putByIndex):
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ (JSC::JSArray::push):
+ (JSC::JSArray::shiftCount):
+ (JSC::JSArray::unshiftCount):
+ * runtime/JSArray.h:
+ (SparseArrayValueMap):
+ (JSArray):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::putByIndex):
+ * runtime/JSByteArray.h:
+ (JSByteArray):
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putByIndex):
+ * runtime/JSCell.h:
+ (JSCell):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::putByIndex):
+ * runtime/JSNotAnObject.h:
+ (JSNotAnObject):
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putByIndex):
+ * runtime/JSObject.h:
+ (JSC::JSValue::putByIndex):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::fillArrayInstance):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::putByIndex):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+
+2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ PredictNone is incorrectly treated as isDoublePrediction
+ https://bugs.webkit.org/show_bug.cgi?id=80365
+
+ Reviewed by Filip Pizlo.
+
+ Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
+
+ * bytecode/PredictedType.h:
+ (JSC::isFixedIndexedStorageObjectPrediction):
+ (JSC::isDoublePrediction):
+
+2012-03-05 Filip Pizlo <fpizlo@apple.com>
+
+ The LLInt should work even when the JIT is disabled
+ https://bugs.webkit.org/show_bug.cgi?id=80340
+ <rdar://problem/10922235>
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
+ (MacroAssemblerCodeRef):
+ (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::initialize):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ * jit/JIT.h:
+ (JSC::JIT::compileCTINativeCall):
+ * jit/JITStubs.h:
+ (JSC::JITThunks::ctiNativeCall):
+ (JSC::JITThunks::ctiNativeConstruct):
+ * llint/LLIntEntrypoints.cpp:
+ (JSC::LLInt::getFunctionEntrypoint):
+ (JSC::LLInt::getEvalEntrypoint):
+ (JSC::LLInt::getProgramEntrypoint):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (LLInt):
+ * llint/LLIntSlowPaths.h:
+ (LLInt):
+ * llint/LowLevelInterpreter.h:
+ * llint/LowLevelInterpreter32_64.asm:
+ * runtime/Executable.h:
+ (NativeExecutable):
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ * runtime/Options.cpp:
+ (Options):
+ (JSC::Options::parse):
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h:
+ (Options):
+ * wtf/Platform.h:
+
+2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Checks for dead variables are not sufficient when fixing the expected
+ values in DFG OSR entry
+ https://bugs.webkit.org/show_bug.cgi?id=80371
+
+ Reviewed by Filip Pizlo.
+
+ A dead variable should be identified when there's no node referencing it.
+ But we currently failed to catch the case where there are some nodes
+ referencing a variable but those nodes are actually not referenced by
+ others so will be ignored in code generation. In such case we should
+ also consider that variable to be a dead variable in the block and fix
+ the expected values.
+ This is performance neutral on SunSpider, V8 and Kraken.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+
+2012-03-05 Oliver Hunt <oliver@apple.com>
+
+ Fix Qt build.
+
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/MacroAssembler.h:
+ (MacroAssembler):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileArithSub):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitSub32Constant):
+
+2012-03-05 Eric Seidel <eric@webkit.org>
+
+ Update JavaScriptCore files to use fully-qualified WTF include paths
+ https://bugs.webkit.org/show_bug.cgi?id=79960
+
+ Reviewed by Adam Barth.
+
+ This change does 5 small/related things:
+ 1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
+ (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
+ was not installing headers there.)
+ 2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
+ header search path, as that's where the WTF headers will be installed.
+ 3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
+ in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
+ 4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
+ since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
+ 5. Makes build-webkit build the WTF XCode project by default.
+
+ * API/tests/JSNode.c:
+ * API/tests/JSNodeList.c:
+ * Configurations/Base.xcconfig:
+ * assembler/MacroAssemblerCodeRef.h:
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGOperations.cpp:
+ * heap/GCAssertions.h:
+ * heap/HandleHeap.h:
+ * heap/HandleStack.h:
+ * heap/MarkedSpace.h:
+ * heap/PassWeak.h:
+ * heap/Strong.h:
+ * heap/Weak.h:
+ * jit/HostCallReturnValue.cpp:
+ * jit/JIT.cpp:
+ * jit/JITStubs.cpp:
+ * jit/ThunkGenerators.cpp:
+ * parser/Lexer.cpp:
+ * runtime/Completion.cpp:
+ * runtime/Executable.cpp:
+ * runtime/Identifier.h:
+ * runtime/InitializeThreading.cpp:
+ * runtime/JSDateMath.cpp:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/JSStringBuilder.h:
+ * runtime/JSVariableObject.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/WriteBarrier.h:
+ * tools/CodeProfile.cpp:
+ * tools/TieredMMapArray.h:
+ * yarr/YarrJIT.cpp:
+
+2012-03-05 Oliver Hunt <oliver@apple.com>
+
+ Add basic support for constant blinding to the JIT
+ https://bugs.webkit.org/show_bug.cgi?id=80354
+
+ Reviewed by Filip Pizlo.
+
+ This patch adds basic constant blinding support to the JIT, at the
+ MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG)
+ get constant blinding. Woo!
+
+ This patch only introduces blinding for Imm32, a later patch will do similar
+ for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially
+ impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
+ accessor that's needed to access the actual value. This also means you cannot
+ accidentally pass an untrusted value to a function that does not perform
+ blinding.
+
+ To make everything work sensibly, this patch also corrects some code that was using
+ Imm32 when TrustedImm32 could be used, and refactors a few callers that use
+ untrusted immediates, so that they call slightly different varaints of the functions
+ that they used previously. This is largely necessary to deal with x86-32 not having
+ sufficient registers to handle the additional work required when we choose to blind
+ a constant.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
+ (Imm32):
+ (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
+ (JSC::AbstractMacroAssembler::endUninterruptedSequence):
+ (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
+ (AbstractMacroAssembler):
+ (JSC::AbstractMacroAssembler::inUninterruptedSequence):
+ (JSC::AbstractMacroAssembler::random):
+ (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
+ (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::addressForPoke):
+ (MacroAssembler):
+ (JSC::MacroAssembler::poke):
+ (JSC::MacroAssembler::branchPtr):
+ (JSC::MacroAssembler::branch32):
+ (JSC::MacroAssembler::convertInt32ToDouble):
+ (JSC::MacroAssembler::shouldBlind):
+ (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
+ (BlindedImm32):
+ (JSC::MacroAssembler::keyForConstant):
+ (JSC::MacroAssembler::xorBlindConstant):
+ (JSC::MacroAssembler::additionBlindedConstant):
+ (JSC::MacroAssembler::andBlindedConstant):
+ (JSC::MacroAssembler::orBlindedConstant):
+ (JSC::MacroAssembler::loadXorBlindedConstant):
+ (JSC::MacroAssembler::add32):
+ (JSC::MacroAssembler::addPtr):
+ (JSC::MacroAssembler::and32):
+ (JSC::MacroAssembler::andPtr):
+ (JSC::MacroAssembler::move):
+ (JSC::MacroAssembler::or32):
+ (JSC::MacroAssembler::store32):
+ (JSC::MacroAssembler::sub32):
+ (JSC::MacroAssembler::subPtr):
+ (JSC::MacroAssembler::xor32):
+ (JSC::MacroAssembler::branchAdd32):
+ (JSC::MacroAssembler::branchMul32):
+ (JSC::MacroAssembler::branchSub32):
+ (JSC::MacroAssembler::trustedImm32ForShift):
+ (JSC::MacroAssembler::lshift32):
+ (JSC::MacroAssembler::rshift32):
+ (JSC::MacroAssembler::urshift32):
+ * assembler/MacroAssemblerARMv7.h:
+ (MacroAssemblerARMv7):
+ (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
+ (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::branchSubPtr):
+ (MacroAssemblerX86_64):
+ (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileArithSub):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::compileBinaryArithOp):
+ (JSC::JIT::emit_op_add):
+ (JSC::JIT::emit_op_mul):
+ (JSC::JIT::emit_op_div):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitAdd32Constant):
+ (JSC::JIT::emitSub32Constant):
+ (JSC::JIT::emitBinaryDoubleOp):
+ (JSC::JIT::emitSlow_op_mul):
+ (JSC::JIT::emit_op_div):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::updateTopCallFrame):
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emitSlow_op_jfalse):
+ (JSC::JIT::emitSlow_op_jtrue):
+ * jit/JITStubCall.h:
+ (JITStubCall):
+ (JSC::JITStubCall::addArgument):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::backtrack):
+
+2012-03-05 Gavin Barraclough <barraclough@apple.com>
+
+ putByIndex should throw in strict mode
+ https://bugs.webkit.org/show_bug.cgi?id=80335
+
+ Reviewed by Filip Pizlo.
+
+ We'll need to pass an additional parameter.
+
+ Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
+ to match the method in the MethodTable, make this take a parameter indicating
+ whether the put should throw. This fixes the cases where the base of the put
+ is a primitive.
+
+ * dfg/DFGOperations.cpp:
+ (DFG):
+ (JSC::DFG::putByVal):
+ (JSC::DFG::operationPutByValInternal):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/JSObject.h:
+ (JSC::JSValue::putByIndex):
+ * runtime/JSValue.cpp:
+ (JSC):
+ * runtime/JSValue.h:
+ (JSValue):
+
+2012-03-05 Sam Weinig <sam@webkit.org>
+
+ Add support for hosting layers in the window server in WebKit2
+ <rdar://problem/10400246>
+ https://bugs.webkit.org/show_bug.cgi?id=80310
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Platform.h:
+ Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
+
+2012-03-05 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
+
+ * bytecode/ExecutionCounter.cpp:
+ (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
+ * bytecode/ExecutionCounter.h:
+
+2012-03-05 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r109705.
+
+ * bytecode/ExecutionCounter.cpp:
+ * bytecode/ExecutionCounter.h:
+
+2012-03-05 Andy Wingo <wingo@igalia.com>
+
+ Lexer: Specialize character predicates for LChar, UChar
+ https://bugs.webkit.org/show_bug.cgi?id=79677
+
+ Reviewed by Oliver Hunt.
+
+ This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
+ and isLineTerminator to perform a more limited number of checks if
+ the lexer is being instantiated to work on LChar sequences. This
+ is about a 1.5% win on the --parse-only suite, here.
+
+ * parser/Lexer.cpp:
+ (JSC::isLatin1): New static helper, specialized for LChar and
+ UChar.
+ (JSC::typesOfLatin1Characters): Rename from
+ typesOfASCIICharacters, and expand to the range of the LChar
+ type. All uses of isASCII are changed to use isLatin1. Generated
+ using libunistring.
+ (JSC::isNonLatin1IdentStart):
+ (JSC::isIdentStart):
+ (JSC::isNonLatin1IdentPart):
+ (JSC::isIdentPart):
+ (JSC::Lexer::shiftLineTerminator):
+ (JSC::Lexer::parseIdentifier):
+ (JSC::Lexer::parseIdentifierSlowCase):
+ (JSC::Lexer::parseStringSlowCase):
+ (JSC::Lexer::parseMultilineComment):
+ (JSC::Lexer::lex):
+ (JSC::Lexer::scanRegExp):
+ (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
+ * parser/Lexer.h:
+ (JSC::Lexer::isWhiteSpace):
+ (JSC::Lexer::isLineTerminator):
+ * KeywordLookupGenerator.py:
+ (Trie.printAsC): Declare specialized isIdentPart static functions.
+
+2012-03-05 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing header file.
+
+2012-03-05 Andy Wingo <wingo@igalia.com>
+
+ WTF: Micro-optimize cleanup of empty vectors and hash tables
+ https://bugs.webkit.org/show_bug.cgi?id=79903
+
+ Reviewed by Michael Saboff and Geoffrey Garen.
+
+ This patch speeds up cleanup of vectors and hash tables whose
+ backing store was never allocated. This is the case by default
+ for most vectors / hash tables that never had any entries added.
+
+ The result for me is that calling checkSyntax 1000 times on
+ concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
+ 2.4% speedup.
+
+ * wtf/HashTable.h:
+ (WTF::HashTable::~HashTable):
+ (WTF::::clear): Don't deallocate the storage or frob member
+ variables if there is no backing storage.
+ * wtf/Vector.h:
+ (WTF::VectorBufferBase::deallocateBuffer): Likewise.
+
+2012-03-04 Filip Pizlo <fpizlo@apple.com>
+
+ JIT heuristics should be hyperbolic
+ https://bugs.webkit.org/show_bug.cgi?id=80055
+ <rdar://problem/10922260>
+
+ Reviewed by Oliver Hunt.
+
+ Added tracking of the amount of executable memory typically used for a bytecode
+ instruction. Modified the execution counter scheme to use this, and the amount
+ of free memory, to determine how long to wait before invoking the JIT.
+
+ The result is that even if we bomb the VM with more code than can fit in our
+ executable memory pool, we still keep running and almost never run out of
+ executable memory - which ensures that if we have to JIT something critical, then
+ we'll likely have enough memory to do so. This also does not regress performance
+ on the three main benchmarks.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::predictedMachineCodeSize):
+ (JSC):
+ (JSC::CodeBlock::usesOpcode):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ (JSC::CodeBlock::checkIfJITThresholdReached):
+ (JSC::CodeBlock::dontJITAnytimeSoon):
+ (JSC::CodeBlock::jitAfterWarmUp):
+ (JSC::CodeBlock::jitSoon):
+ (JSC::CodeBlock::llintExecuteCounter):
+ (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
+ (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
+ (JSC::CodeBlock::addressOfJITExecuteCounter):
+ (JSC::CodeBlock::offsetOfJITExecuteCounter):
+ (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
+ (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
+ (JSC::CodeBlock::jitExecuteCounter):
+ (JSC::CodeBlock::checkIfOptimizationThresholdReached):
+ (JSC::CodeBlock::optimizeNextInvocation):
+ (JSC::CodeBlock::dontOptimizeAnytimeSoon):
+ (JSC::CodeBlock::optimizeAfterWarmUp):
+ (JSC::CodeBlock::optimizeAfterLongWarmUp):
+ (JSC::CodeBlock::optimizeSoon):
+ * bytecode/ExecutionCounter.cpp: Added.
+ (JSC):
+ (JSC::ExecutionCounter::ExecutionCounter):
+ (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
+ (JSC::ExecutionCounter::setNewThreshold):
+ (JSC::ExecutionCounter::deferIndefinitely):
+ (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
+ (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
+ (JSC::ExecutionCounter::hasCrossedThreshold):
+ (JSC::ExecutionCounter::setThreshold):
+ (JSC::ExecutionCounter::reset):
+ * bytecode/ExecutionCounter.h: Added.
+ (JSC):
+ (ExecutionCounter):
+ (JSC::ExecutionCounter::formattedTotalCount):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * jit/ExecutableAllocator.cpp:
+ (JSC::DemandExecutableAllocator::allocateNewSpace):
+ (JSC::ExecutableAllocator::underMemoryPressure):
+ (JSC):
+ (JSC::ExecutableAllocator::memoryPressureMultiplier):
+ * jit/ExecutableAllocator.h:
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::ExecutableAllocator::memoryPressureMultiplier):
+ (JSC):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::jitCompileAndSetHeuristics):
+ * llint/LowLevelInterpreter32_64.asm:
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ * runtime/Options.cpp:
+ (Options):
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h:
+ (Options):
+ * wtf/SimpleStats.h: Added.
+ (WTF):
+ (SimpleStats):
+ (WTF::SimpleStats::SimpleStats):
+ (WTF::SimpleStats::add):
+ (WTF::SimpleStats::operator!):
+ (WTF::SimpleStats::count):
+ (WTF::SimpleStats::sum):
+ (WTF::SimpleStats::sumOfSquares):
+ (WTF::SimpleStats::mean):
+ (WTF::SimpleStats::variance):
+ (WTF::SimpleStats::standardDeviation):
+
+2012-03-04 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
+ https://bugs.webkit.org/show_bug.cgi?id=71507
+
+ Reviewed by Antonio Gomes.
+
+ * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
+
+2012-03-04 David Kilzer <ddkilzer@apple.com>
+
+ Fix build when the classic interpreter is enabled
+
+ Reviewed by Gavin Barraclough.
+
+ Fixes the following build error when running the "Generate
+ Derived Sources" build phase script:
+
+ offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
+ ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
+ from JavaScriptCore/offlineasm/asm.rb:131
+ Command /bin/sh failed with exit code 1
+
+ Gavin's fix in r109674 avoided the #error statement in
+ JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
+ caused the "Generate Derived Sources" build phase script to fail
+ when JavaScriptCore/offlineasm/asm.rb was run. The solution is
+ to detect when the classic interpreter is being built and simply
+ exit early from asm.rb in that case.
+
+ * llint/LLIntOffsetsExtractor.cpp:
+ (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
+ JIT is disabled. Note that offsets.rb doesn't care about the
+ return value here, but instead it cares about finding the magic
+ values in the binary. The magic values are no longer present
+ when the JIT is disabled.
+ * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
+ early with a status message.
+ * offlineasm/offsets.rb:
+ (MissingMagicValuesException): Add new exception class.
+ (offsetsAndConfigurationIndex): Throw
+ MissingMagicValuesException when no magic values are found.
+
+2012-03-04 Jurij Smakov <jurij@wooyd.org>
+
+ SPARC also needs aligned accesses.
+
+ Rubber-stamped by Gustavo Noronha Silva.
+
+ * wtf/Platform.h:
+
+2012-03-04 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed build fix.
+
+ * jit/JITStubs.h:
+ - Move ENABLE(JIT) to head of file.
+
+2012-03-03 Gavin Barraclough <barraclough@apple.com>
+
+ Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
+ https://bugs.webkit.org/show_bug.cgi?id=80217
+
+ Reviewed by Filip Pizlo.
+
+ putByIndex() provides similar behavior to put(), but for indexed property names.
+ Many places in ArrayPrototype call putByIndex() where they really mean to call
+ [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
+ calling numeric accessors (& respecting numeric read only properties) on the
+ prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
+ putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ * runtime/JSArray.cpp:
+ (JSC):
+ (JSC::reject):
+ (JSC::SparseArrayValueMap::putDirect):
+ (JSC::JSArray::defineOwnNumericProperty):
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ (JSC::JSArray::putDirectIndexBeyondVectorLength):
+ * runtime/JSArray.h:
+ (SparseArrayValueMap):
+ (JSArray):
+ (JSC::JSArray::putDirectIndex):
+
+2012-03-03 Benjamin Poulain <benjamin@webkit.org>
+
+ Implement the basis of KURLWTFURL
+ https://bugs.webkit.org/show_bug.cgi?id=79600
+
+ Reviewed by Adam Barth.
+
+ Add an API to know if a ParsedURL is valid.
+
+ * wtf/url/api/ParsedURL.cpp:
+ (WTF::ParsedURL::ParsedURL):
+ (WTF):
+ (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
+ and by KURL's detach() on write.
+ (WTF::ParsedURL::baseAsString):
+ (WTF::ParsedURL::segment):
+ Add a stronger constraint on accessors: the client of this API should never ask for the segments
+ on an invalid URL.
+ * wtf/url/api/ParsedURL.h:
+ (WTF):
+ (WTF::ParsedURL::ParsedURL):
+ (ParsedURL):
+ (WTF::ParsedURL::isValid):
+
+2012-03-03 Hans Wennborg <hans@chromium.org>
+
+ Implement Speech JavaScript API
+ https://bugs.webkit.org/show_bug.cgi?id=80019
+
+ Reviewed by Adam Barth.
+
+ Add ENABLE_SCRIPTED_SPEECH.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-03-02 Filip Pizlo <fpizlo@apple.com>
+
+ When getting the line number of a call into a call frame with no code block, it's
+ incorrect to rely on the returnPC
+ https://bugs.webkit.org/show_bug.cgi?id=80195
+
+ Reviewed by Oliver Hunt.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getCallerInfo):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileLoadVarargs):
+
+2012-03-02 Han Hojong <hojong.han@samsung.com>
+
+ Expected results updated for checking type conversion
+ https://bugs.webkit.org/show_bug.cgi?id=80138
+
+ Reviewed by Gavin Barraclough.
+
+ * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
+
+2012-03-02 Kenichi Ishibashi <bashi@chromium.org>
+
+ Adding WebSocket per-frame DEFLATE extension
+ https://bugs.webkit.org/show_bug.cgi?id=77522
+
+ Added USE(ZLIB) flag.
+
+ Reviewed by Kent Tamura.
+
+ * wtf/Platform.h:
+
+2012-03-02 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+
+2012-03-01 Filip Pizlo <fpizlo@apple.com>
+
+ DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
+ virtue of being in the transitive closure
+ https://bugs.webkit.org/show_bug.cgi?id=80098
+
+ Reviewed by Anders Carlsson.
+
+ If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
+ then you might have the visitAggregate() method called concurrently by multiple threads.
+ This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
+ racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
+ due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
+
+ It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
+ not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
+ any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
+ Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
+ don't lead to two threads racing over each other as they clobber state. This patch
+ achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
+ trivially linearizable) will get to trace the CodeBlock; all other threads give up and
+ go home.
+
+ Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
+ times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
+ even when it's gotten sufficient counts. But that takes a while - sometimes up to a
+ minute to get a crash. I have no other reliable repro case.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (DFGData):
+ * heap/DFGCodeBlocks.cpp:
+ (JSC::DFGCodeBlocks::clearMarks):
+
+2012-03-01 Filip Pizlo <fpizlo@apple.com>
+
+ The JIT should not crash the entire process just because there is not enough executable
+ memory, if the LLInt is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=79962
+
+ Reviewed by Csaba Osztrogonác.
+
+ Fix for ARM, SH4.
+
+ * assembler/AssemblerBufferWithConstantPool.h:
+ (JSC::AssemblerBufferWithConstantPool::executableCopy):
+
+2012-03-01 Ryosuke Niwa <rniwa@webkit.org>
+
+ Revert my change. Broke builds.
+ Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
+ Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
+
+ * wtf/Atomics.h:
+ (WTF):
+ (WTF::weakCompareAndSwap):
+
+2012-03-01 Ryosuke Niwa <rniwa@webkit.org>
+
+ Gcc build fix.
+
+ Rubber-stamped by Filip Pizlo.
+
+ * wtf/Atomics.h:
+ (WTF):
+ (WTF::weakCompareAndSwap):
+
+2012-03-01 Gavin Barraclough <barraclough@apple.com>
+
+ ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
+ https://bugs.webkit.org/show_bug.cgi?id=80011
+
+ Reviewed by Oliver Hunt.
+
+ Also, fix getting the caller from within a bound function, for within a getter,
+ or setter (make our implementation match other browsers).
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getCallerInfo):
+ - Allow this to get the caller of host functions.
+ (JSC::Interpreter::retrieveCallerFromVMCode):
+ - This should use getCallerInfo, and should skip over function bindings.
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::callerGetter):
+ - This should never return a strict-mode function.
+
+2012-03-01 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG local CSE for a node can be terminated earlier
+ https://bugs.webkit.org/show_bug.cgi?id=80014
+
+ Reviewed by Filip Pizlo.
+
+ When one of the node's childredn is met in the process of back traversing
+ the nodes, we don't need to traverse the remaining nodes.
+ This is performance neutral on SunSpider, V8 and Kraken.
+
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::pureCSE):
+ (JSC::DFG::CSEPhase::impureCSE):
+ (JSC::DFG::CSEPhase::getByValLoadElimination):
+ (JSC::DFG::CSEPhase::checkFunctionElimination):
+ (JSC::DFG::CSEPhase::checkStructureLoadElimination):
+ (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
+ (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
+
+2012-02-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG BasicBlocks should not require that their nodes have continuous indices in the graph
+ https://bugs.webkit.org/show_bug.cgi?id=79899
+
+ Reviewed by Filip Pizlo.
+
+ This will make it more convenient to insert nodes into the DFG.
+ With this capability we now place the Phi nodes in the corresponding
+ blocks.
+ Local CSE is modified to not to rely on the assumption of continuous
+ node indices in a block.
+ This is performance neutral on SunSpider, V8 and Kraken.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::AbstractState):
+ (JSC::DFG::AbstractState::beginBasicBlock):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::clobberStructures):
+ (JSC::DFG::AbstractState::mergeToSuccessors):
+ (JSC::DFG::AbstractState::dump):
+ * dfg/DFGAbstractState.h:
+ (JSC::DFG::AbstractState::forNode):
+ (AbstractState):
+ * dfg/DFGArithNodeFlagsInferencePhase.cpp:
+ (ArithNodeFlagsInferencePhase):
+ * dfg/DFGBasicBlock.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (BasicBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::insertPhiNode):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::linkBlock):
+ (JSC::DFG::ByteCodeParser::determineReachability):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ * dfg/DFGCFAPhase.cpp:
+ (JSC::DFG::CFAPhase::performBlockCFA):
+ (CFAPhase):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::CSEPhase):
+ (JSC::DFG::CSEPhase::endIndexForPureCSE):
+ (JSC::DFG::CSEPhase::pureCSE):
+ (JSC::DFG::CSEPhase::impureCSE):
+ (JSC::DFG::CSEPhase::globalVarLoadElimination):
+ (JSC::DFG::CSEPhase::getByValLoadElimination):
+ (JSC::DFG::CSEPhase::checkFunctionElimination):
+ (JSC::DFG::CSEPhase::checkStructureLoadElimination):
+ (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
+ (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ (JSC::DFG::CSEPhase::performBlockCSE):
+ (CSEPhase):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGPhase.cpp:
+ (JSC::DFG::Phase::beginPhase):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ (JSC::DFG::SpeculativeJIT::compileStrictEq):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ (JSC::DFG::VirtualRegisterAllocationPhase::run):
+
+2012-02-29 Filip Pizlo <fpizlo@apple.com>
+
+ The JIT should not crash the entire process just because there is not
+ enough executable memory, if the LLInt is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=79962
+ <rdar://problem/10922215>
+
+ Unreviewed, adding forgotten file.
+
+ * jit/JITCompilationEffort.h: Added.
+ (JSC):
+
+2012-02-29 Filip Pizlo <fpizlo@apple.com>
+
+ The JIT should not crash the entire process just because there is not
+ enough executable memory, if the LLInt is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=79962
+ <rdar://problem/10922215>
+
+ Reviewed by Gavin Barraclough.
+
+ Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
+ a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
+ JITCompilationMustSucceed. This preserves the old behavior of LLInt is
+ disabled or if we're compiling something that can't be interpreted (like
+ an OSR exit stub).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ (ARMAssembler):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::executableCopy):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::~LinkBuffer):
+ (LinkBuffer):
+ (JSC::LinkBuffer::didFailToAllocate):
+ (JSC::LinkBuffer::isValid):
+ (JSC::LinkBuffer::linkCode):
+ (JSC::LinkBuffer::performFinalization):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::executableCopy):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::executableCopy):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * bytecode/CodeBlock.cpp:
+ (JSC::ProgramCodeBlock::jitCompileImpl):
+ (JSC::EvalCodeBlock::jitCompileImpl):
+ (JSC::FunctionCodeBlock::jitCompileImpl):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::jitCompile):
+ (CodeBlock):
+ (ProgramCodeBlock):
+ (EvalCodeBlock):
+ (FunctionCodeBlock):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JITCompiler):
+ * jit/ExecutableAllocator.cpp:
+ (JSC::DemandExecutableAllocator::allocateNewSpace):
+ (JSC::ExecutableAllocator::allocate):
+ * jit/ExecutableAllocator.h:
+ (ExecutableAllocator):
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::ExecutableAllocator::allocate):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::compile):
+ (JIT):
+ * jit/JITCompilationEffort.h: Added.
+ (JSC):
+ * jit/JITDriver.h:
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+ * llint/LLIntSlowPaths.cpp:
+ (LLInt):
+ (JSC::LLInt::jitCompileAndSetHeuristics):
+ (JSC::LLInt::entryOSR):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::jitCompile):
+ (JSC::ProgramExecutable::jitCompile):
+ (JSC::FunctionExecutable::jitCompileForCall):
+ (JSC::FunctionExecutable::jitCompileForConstruct):
+ * runtime/Executable.h:
+ (EvalExecutable):
+ (ProgramExecutable):
+ (FunctionExecutable):
+ (JSC::FunctionExecutable::jitCompileFor):
+ * runtime/ExecutionHarness.h:
+ (JSC::prepareForExecution):
+ (JSC::prepareFunctionForExecution):
+
+2012-02-29 No'am Rosenthal <noam.rosenthal@nokia.com>
+
+ [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
+ https://bugs.webkit.org/show_bug.cgi?id=79501
+
+ Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * wtf/Platform.h:
+
+2012-02-29 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Oliver Hunt.
+
+ * tests/mozilla/ecma_2/RegExp/constructor-001.js:
+ * tests/mozilla/ecma_2/RegExp/function-001.js:
+ * tests/mozilla/ecma_2/RegExp/properties-001.js:
+ - Check in new test cases results.
+
+2012-02-29 Mark Rowe <mrowe@apple.com>
+
+ Stop installing JSCLLIntOffsetsExtractor.
+
+ Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
+ that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
+ This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
+
+ While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
+ for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
+ to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
+ allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
+
+ Reviewed by Filip Pizlo.
+
+ * Configurations/TestRegExp.xcconfig: Removed.
+ * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-02-28 Filip Pizlo <fpizlo@apple.com>
+
+ RefCounted::deprecatedTurnOffVerifier() should not be deprecated
+ https://bugs.webkit.org/show_bug.cgi?id=79864
+
+ Reviewed by Oliver Hunt.
+
+ Removed the word "deprecated" from the name of this method, since this method
+ should not be deprecated. It works just fine as it is, and there is simply no
+ alternative to calling this method for many interesting JSC classes.
+
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider):
+ * runtime/SymbolTable.h:
+ (JSC::SharedSymbolTable::SharedSymbolTable):
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
+ (WTF::MetaAllocator::allocate):
+ * wtf/RefCounted.h:
+ (RefCountedBase):
+ (WTF::RefCountedBase::turnOffVerifier):
+
+2012-02-29 Gavin Barraclough <barraclough@apple.com>
+
+ 'source' property of RegExp instance cannot be ""
+ https://bugs.webkit.org/show_bug.cgi?id=79938
+
+ Reviewed by Oliver Hunt.
+
+ 15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
+ and also states that the result must be a valid RegularExpressionLiteral. '//' is
+ not a valid RegularExpressionLiteral (since it is a single line comment), and hence
+ source cannot ever validly be "". If the source is empty, return a different Pattern
+ that would match the same thing.
+
+ * runtime/RegExpObject.cpp:
+ (JSC::regExpObjectSource):
+ - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+ - No need to special case the empty string - this should be being done by 'source'.
+
+2012-02-29 Gavin Barraclough <barraclough@apple.com>
+
+ Writable attribute not set correctly when redefining an accessor to a data descriptor
+ https://bugs.webkit.org/show_bug.cgi?id=79931
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+ - use attributesOverridingCurrent instead of attributesWithOverride.
+ * runtime/PropertyDescriptor.cpp:
+ * runtime/PropertyDescriptor.h:
+ - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
+
+2012-02-29 Kevin Ollivier <kevino@theolliviers.com>
+
+ Add JSCore symbol exports needed by wx port
+ https://bugs.webkit.org/show_bug.cgi?id=77280
+
+ Reviewed by Hajime Morita.
+
+ * wtf/ArrayBufferView.h:
+ * wtf/ExportMacros.h:
+
+2012-02-28 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Always build wtf as a static library.
+ https://bugs.webkit.org/show_bug.cgi?id=79857
+
+ Reviewed by Eric Seidel.
+
+ To help the efforts in bug 75673 to move WTF out of
+ JavaScriptCore, act more like the other ports and remove the
+ possibility of building WTF as a shared library.
+
+ It does not make much sense to, for example, ship WTF as a
+ separate .so with webkit-efl packages, and it should be small
+ enough not to cause problems during linking.
+
+ * wtf/CMakeLists.txt:
+
+2012-02-28 Dmitry Lomov <dslomov@google.com>
+
+ [JSC] Implement ArrayBuffer transfer
+ https://bugs.webkit.org/show_bug.cgi?id=73493.
+ Implement ArrayBuffer transfer, per Khronos spec: http://www.khronos.org/registry/typedarray/specs/latest/#9.
+ This brings parity with V8 implementation of transferable typed arrays.
+
+ Reviewed by Oliver Hunt.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
+ * wtf/ArrayBuffer.h:
+ (ArrayBuffer): Added extra export.
+
+2012-02-28 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed. Build fix after recent LLInt additions.
+
+ * wscript:
+
+2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor SpeculativeJIT::emitAllocateJSFinalObject
+ https://bugs.webkit.org/show_bug.cgi?id=79801
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
+ function, which is more generic in that it can allocate a variety of classes.
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
+
+2012-02-28 Gavin Barraclough <barraclough@apple.com>
+
+ [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
+ https://bugs.webkit.org/show_bug.cgi?id=79588
+
+ Reviewed by Oliver Hunt.
+
+ In the case of [[Get]], this is a pretty trivial bug - just don't wrap
+ primitives at the point you call a getter.
+
+ For setters, this is a little more involved, since we have already wrapped
+ the value up in a synthesized object. Stop doing so. There is also a further
+ subtely, that in strict mode all attempts to create a new data property on
+ the object should throw.
+
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::put):
+ - [[Put]] to a string primitive should use JSValue::putToPrimitive.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ - Remove static function called in one place.
+ * runtime/JSObject.h:
+ (JSC::JSValue::put):
+ - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::synthesizePrototype):
+ - Add support for synthesizing the prototype of strings.
+ (JSC::JSValue::putToPrimitive):
+ - Added, implements [[Put]] for primitive bases, per 8.7.2.
+ * runtime/JSValue.h:
+ (JSValue):
+ - Add declaration for JSValue::putToPrimitive.
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ - Don't call ToObject on primitive this values.
+
+2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Re-enable parallel GC on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=79837
+
+ Rubber stamped by Filip Pizlo.
+
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
+ so we removed it and things should go back to normal.
+
+2012-02-28 Filip Pizlo <fpizlo@apple.com>
+
+ Some run-javascriptcore-tests broken for 32-bit debug
+ https://bugs.webkit.org/show_bug.cgi?id=79844
+
+ Rubber stamped by Oliver Hunt.
+
+ These assertions are just plain wrong for 32-bit. We could either have a massive
+ assertion that depends on value representation, that has to be changed every
+ time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
+ could get rid of the assertions. I pick the latter.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Get rid of padding cruft in CopiedBlock
+ https://bugs.webkit.org/show_bug.cgi?id=79686
+
+ Reviewed by Filip Pizlo.
+
+ * heap/CopiedBlock.h:
+ (CopiedBlock): Removed the extra padding that was used for alignment purposes until
+ the calculation of the payload offset into CopiedBlocks was redone recently.
+
+2012-02-28 Anders Carlsson <andersca@apple.com>
+
+ Fix build with newer versions of clang.
+
+ Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
+ but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
+ takes a string literal.
+
+ * wtf/Assertions.cpp:
+
+2012-02-28 Mario Sanchez Prada <msanchez@igalia.com>
+
+ [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
+ https://bugs.webkit.org/show_bug.cgi?id=79496
+
+ Reviewed by Martin Robinson.
+
+ Handle GMainLoop and GMainContext in GRefPtr, by calling
+ g_main_loop_(un)ref and g_main_context_(un)ref in the
+ implementation of the refGPtr and derefGPtr template functions.
+
+ * wtf/gobject/GRefPtr.cpp:
+ (WTF::refGPtr):
+ (WTF):
+ (WTF::derefGPtr):
+ * wtf/gobject/GRefPtr.h:
+ (WTF):
+ * wtf/gobject/GTypedefs.h:
+
+2012-02-28 Yong Li <yoli@rim.com>
+
+ JSString::resolveRope() should report extra memory cost to the heap.
+ https://bugs.webkit.org/show_bug.cgi?id=79555
+
+ Reviewed by Michael Saboff.
+
+ At the time a JSString is constructed with fibers, it doesn't report
+ extra memory cost, which is reasonable because it hasn't allocate
+ new memory. However when the rope is resolved, it should report meory
+ cost for the new buffer.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+
+2012-02-27 Oliver Hunt <oliver@apple.com>
+
+ sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=79728
+
+ Reviewed by Gavin Barraclough.
+
+ When initialising a chained get instruction we may end up in a state where
+ the instruction stream says we have a scopechain, but it has not yet been set
+ (eg. if allocating the StructureChain itself is what leads to the GC). We could
+ re-order the allocation, but it occurs in a couple of places, so it seems less
+ fragile simply to null check the scopechain slot before we actually visit the slot.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitStructures):
+
+2012-02-27 Filip Pizlo <fpizlo@apple.com>
+
+ Old JIT's style of JSVALUE64 strict equality is subtly wrong
+ https://bugs.webkit.org/show_bug.cgi?id=79700
+
+ Reviewed by Oliver Hunt.
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::comparePtr):
+ (MacroAssemblerX86_64):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emitSlow_op_stricteq):
+ (JSC::JIT::emitSlow_op_nstricteq):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2012-02-27 Gavin Barraclough <barraclough@apple.com>
+
+ Implement support for op_negate and op_bitnot in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=79617
+
+ Reviewed by Filip Pizlo.
+
+ Add an ArithNegate op to the DFG JIT, to implement op_negate.
+
+ This patch also adds support for op_negate to the JSVALUE64 baseline JIT
+ (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
+
+ This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::sub_S):
+ - Added sub_S from immediate.
+ (ARMv7Assembler):
+ (JSC::ARMv7Assembler::vneg):
+ - Added double negate.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::negateDouble):
+ - Added double negate.
+ (MacroAssemblerARMv7):
+ (JSC::MacroAssemblerARMv7::branchNeg32):
+ - Added.
+ * assembler/MacroAssemblerX86.h:
+ (MacroAssemblerX86):
+ - moved loadDouble, absDouble to common.
+ * assembler/MacroAssemblerX86Common.h:
+ (MacroAssemblerX86Common):
+ (JSC::MacroAssemblerX86Common::absDouble):
+ - implementation can be shared.
+ (JSC::MacroAssemblerX86Common::negateDouble):
+ - Added.
+ (JSC::MacroAssemblerX86Common::loadDouble):
+ - allow absDouble to have a common implementation.
+ * assembler/MacroAssemblerX86_64.h:
+ (MacroAssemblerX86_64):
+ - moved loadDouble, absDouble to common.
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ - support ArithNegate.
+ * dfg/DFGArithNodeFlagsInferencePhase.cpp:
+ (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
+ - support ArithNegate.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ - support ArithNegate.
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ - support op_negate.
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::performNodeCSE):
+ - support ArithNegate.
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ - support op_negate.
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::negateShouldSpeculateInteger):
+ - support ArithNegate.
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasArithNodeFlags):
+ - support ArithNegate.
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ - support ArithNegate.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileArithNegate):
+ - support ArithNegate.
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ - support ArithNegate.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - support ArithNegate.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - support ArithNegate.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ - Add support for op_negate in JSVALUE64.
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_negate):
+ (JSC::JIT::emitSlow_op_negate):
+ - Add support for op_negate in JSVALUE64.
+
+2012-02-27 Mahesh Kulkarni <mahesh.kulkarni@nokia.com>
+
+ Unreviewed. Build fix for linux-bot (qt) after r109021.
+
+ * runtime/Error.cpp:
+
+2012-02-27 Oliver Hunt <oliver@apple.com>
+
+ REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
+ https://bugs.webkit.org/show_bug.cgi?id=79693
+
+ Reviewed by Filip Pizlo.
+
+ Alas we can't provide the stack trace as an array, as despite everyone wanting
+ an array, everyone arbitrarily creates the array by calling split on the stack
+ trace. To create the array we would have provided them in the first place.
+
+ This changes the exception's stack property to a \n separated string. To get the
+ old array just do <exception>.stack.split("\n").
+
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+
+2012-02-27 Gavin Barraclough <barraclough@apple.com>
+
+ RegExp lastIndex should behave as a regular property
+ https://bugs.webkit.org/show_bug.cgi?id=79446
+
+ Reviewed by Sam Weinig.
+
+ lastIndex should be a regular data descriptor, with the attributes configurable:false,
+ enumerable:false, writable:true. As such, it should be possible to reconfigure writable
+ as false. If the lastIndex property is reconfigured to be read-only, we should respect
+ this correctly.
+
+ * runtime/CommonIdentifiers.h:
+ - Removed some unused identifiers, added lastIndex.
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::getOwnPropertySlot):
+ - lastIndex is no longer a static value, provided specific handling.
+ (JSC::RegExpObject::getOwnPropertyDescriptor):
+ - lastIndex is no longer a static value, provided specific handling.
+ (JSC::RegExpObject::deleteProperty):
+ - lastIndex is no longer a static value, provided specific handling.
+ (JSC::RegExpObject::getOwnPropertyNames):
+ - lastIndex is no longer a static value, provided specific handling.
+ (JSC::RegExpObject::getPropertyNames):
+ - lastIndex is no longer a static value, provided specific handling.
+ (JSC::reject):
+ - helper function for defineOwnProperty.
+ (JSC::RegExpObject::defineOwnProperty):
+ - lastIndex is no longer a static value, provided specific handling.
+ (JSC::RegExpObject::put):
+ - lastIndex is no longer a static value, provided specific handling.
+ (JSC::RegExpObject::match):
+ - Pass setLastIndex an ExecState, so it can throw if read-only.
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::setLastIndex):
+ - Pass setLastIndex an ExecState, so it can throw if read-only.
+ (RegExpObjectData):
+ - Added lastIndexIsWritable.
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncCompile):
+ - Pass setLastIndex an ExecState, so it can throw if read-only.
+
+2012-02-27 Gavin Barraclough <barraclough@apple.com>
+
+ Implement support for op_negate and op_bitnot in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=79617
+
+ Reviewed by Sam Weinig.
+
+ Remove op_bitnop - this is redundant, ~x === x^-1.
+ This is a fractional (<1%) progression.
+
+ Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
+ Remove CanReuse from the result type - this was unused.
+ Remove op_bitnot.
+
+ * assembler/MacroAssemblerARM.h:
+ (MacroAssemblerARM):
+ (JSC::MacroAssemblerARM::xor32):
+ * assembler/MacroAssemblerARMv7.h:
+ (MacroAssemblerARMv7):
+ (JSC::MacroAssemblerARMv7::xor32):
+ * assembler/MacroAssemblerMIPS.h:
+ (MacroAssemblerMIPS):
+ (JSC::MacroAssemblerMIPS::xor32):
+ * assembler/MacroAssemblerSH4.h:
+ (MacroAssemblerSH4):
+ (JSC::MacroAssemblerSH4::xor32):
+ * assembler/MacroAssemblerX86Common.h:
+ (MacroAssemblerX86Common):
+ (JSC::MacroAssemblerX86Common::xor32):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ (JSC):
+ (JSC::padOpcodeName):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC):
+ (JSC::BitwiseNotNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC):
+ * jit/JITOpcodes.cpp:
+ (JSC):
+ * jit/JITStubs.cpp:
+ (JSC):
+ * jit/JITStubs.h:
+ * llint/LLIntSlowPaths.cpp:
+ (LLInt):
+ * llint/LLIntSlowPaths.h:
+ (LLInt):
+ * llint/LowLevelInterpreter32_64.asm:
+ * parser/NodeConstructors.h:
+ (JSC::NegateNode::NegateNode):
+ (JSC::BitwiseNotNode::BitwiseNotNode):
+ (JSC::MultNode::MultNode):
+ (JSC::DivNode::DivNode):
+ (JSC::ModNode::ModNode):
+ (JSC::SubNode::SubNode):
+ (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
+ * parser/Nodes.h:
+ (BitwiseNotNode):
+ (JSC::BitwiseNotNode::expr):
+ (JSC):
+ * parser/ResultType.h:
+ (ResultType):
+ (JSC::ResultType::numberTypeIsInt32):
+ (JSC::ResultType::stringOrNumberType):
+ (JSC::ResultType::forAdd):
+ (JSC::ResultType::forBitOp):
+
+2012-02-27 Michael Saboff <msaboff@apple.com>
+
+ Error check regexp min quantifier
+ https://bugs.webkit.org/show_bug.cgi?id=70648
+
+ Reviewed by Gavin Barraclough.
+
+ Added checking for min or only quantifier being UINT_MAX.
+ When encountered this becomes a SyntaxError during parsing.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::parseQuantifier):
+ (JSC::Yarr::Parser::parse):
+ (Parser):
+
+2012-02-27 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2012-02-26 Hajime Morrita <morrita@chromium.org>
+
+ Move ChromeClient::showContextMenu() to ContextMenuClient
+ https://bugs.webkit.org/show_bug.cgi?id=79427
+
+ Reviewed by Adam Barth.
+
+ Added ACCESSIBILITY_CONTEXT_MENUS.
+
+ * wtf/Platform.h:
+
+2012-02-26 Filip Pizlo <fpizlo@apple.com>
+
+ LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=79616
+
+ Reviewed by Oliver Hunt.
+
+ Guard against the fact that in JSVALUE64, JSValue().isCell() == true.
+
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::AbstractValue::validate):
+
+2012-02-26 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should support activations and nested functions
+ https://bugs.webkit.org/show_bug.cgi?id=79554
+
+ Reviewed by Sam Weinig.
+
+ Fix 32-bit. The 32-bit function+activation code had some really weird
+ register reuse bugs.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-02-26 Filip Pizlo <fpizlo@apple.com>
+
+ Getting the instruction stream for a code block should not require two loads
+ https://bugs.webkit.org/show_bug.cgi?id=79608
+
+ Reviewed by Sam Weinig.
+
+ Introduced the RefCountedArray class, which contains a single inline pointer
+ to a ref-counted non-resizeable vector backing store. This satisfies the
+ requirements of CodeBlock, which desires the ability to share instruction
+ streams with other CodeBlocks. It also reduces the number of loads required
+ for getting the instruction stream by one.
+
+ This patch also gets rid of the bytecode discarding logic, since we don't
+ use it anymore and it's unlikely to ever work right with DFG or LLInt. And
+ I didn't feel like porting dead code to use RefCountedArray.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::instructionOffsetForNth):
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ (JSC::CodeBlock::handlerForBytecodeOffset):
+ (JSC::CodeBlock::lineNumberForBytecodeOffset):
+ (JSC::CodeBlock::expressionRangeForBytecodeOffset):
+ (JSC::CodeBlock::shrinkToFit):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ (JSC::CodeBlock::numberOfInstructions):
+ (JSC::CodeBlock::instructions):
+ (JSC::CodeBlock::instructionCount):
+ (JSC::CodeBlock::valueProfileForBytecodeOffset):
+ (JSC):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::Label::setLocation):
+ (JSC):
+ (JSC::BytecodeGenerator::generate):
+ (JSC::BytecodeGenerator::newLabel):
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC):
+ (BytecodeGenerator):
+ (JSC::BytecodeGenerator::instructions):
+ * bytecompiler/Label.h:
+ (JSC::Label::Label):
+ (Label):
+ * dfg/DFGByteCodeCache.h:
+ (JSC::DFG::ByteCodeCache::~ByteCodeCache):
+ (JSC::DFG::ByteCodeCache::get):
+ * jit/JITExceptions.cpp:
+ (JSC::genericThrow):
+ * llint/LowLevelInterpreter32_64.asm:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ * wtf/RefCountedArray.h: Added.
+ (WTF):
+ (RefCountedArray):
+ (WTF::RefCountedArray::RefCountedArray):
+ (WTF::RefCountedArray::operator=):
+ (WTF::RefCountedArray::~RefCountedArray):
+ (WTF::RefCountedArray::size):
+ (WTF::RefCountedArray::data):
+ (WTF::RefCountedArray::begin):
+ (WTF::RefCountedArray::end):
+ (WTF::RefCountedArray::at):
+ (WTF::RefCountedArray::operator[]):
+ (Header):
+ (WTF::RefCountedArray::Header::size):
+ (WTF::RefCountedArray::Header::payload):
+ (WTF::RefCountedArray::Header::fromPayload):
+ * wtf/Platform.h:
+
+2012-02-26 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
+ https://bugs.webkit.org/show_bug.cgi?id=79571
+
+ Reviewed by Gavin Barraclough.
+
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::createGetterOrSetterProperty):
+ * parser/Parser.cpp:
+ (JSC::::parseProperty):
+ * parser/SyntaxChecker.h:
+ (JSC::SyntaxChecker::createGetterOrSetterProperty):
+
+2012-02-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Implement fast path for op_new_array in the baseline JIT
+ https://bugs.webkit.org/show_bug.cgi?id=78612
+
+ Reviewed by Filip Pizlo.
+
+ heap/CopiedAllocator.h:
+ (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
+ * heap/CopiedSpace.h:
+ (CopiedSpace): Friended the JIT to allow access to isOversize.
+ (JSC::CopiedSpace::allocator):
+ * heap/Heap.h:
+ (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
+ can use it for simple allocation i.e. when we can just bump the offset without having to
+ do anything else.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
+ we have to bail out because the fast allocation path fails for whatever reason.
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
+ allocate generic backing stores. This function is used by emitAllocateJSArray.
+ (JSC):
+ (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
+ more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
+ it will also be used for emit_op_new_array_buffer.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
+ a stub call for oversize arrays.
+ (JSC):
+ (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we
+ fail in any way on the fast path.
+ * runtime/JSArray.cpp:
+ (JSC):
+ * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
+ initialize in the JIT.
+ (ArrayStorage):
+ (JSC::ArrayStorage::lengthOffset):
+ (JSC::ArrayStorage::numValuesInVectorOffset):
+ (JSC::ArrayStorage::allocBaseOffset):
+ (JSC::ArrayStorage::vectorOffset):
+ (JSArray):
+ (JSC::JSArray::sparseValueMapOffset):
+ (JSC::JSArray::subclassDataOffset):
+ (JSC::JSArray::indexBiasOffset):
+ (JSC):
+ (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
+ to being a static function in the JSArray class. This move allows the JIT to call it to
+ see what size it should allocate.
+
+2012-02-26 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getLineNumberForCallFrame):
+ (JSC::Interpreter::getStackTrace):
+
+2012-02-26 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r108681.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getLineNumberForCallFrame):
+
+2012-02-25 Filip Pizlo <fpizlo@apple.com>
+
+ LLInt assembly file should be split into 32-bit and 64-bit parts
+ https://bugs.webkit.org/show_bug.cgi?id=79584
+
+ Reviewed by Sam Weinig.
+
+ Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
+ the ability to include files, and correctly track dependencies: it restricts
+ the include mechanism to using the same directory as the source file, and uses
+ the SHA1 hash of all .asm files in that directory as an input hash.
+
+ * llint/LLIntOfflineAsmConfig.h:
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm: Added.
+ - This is just the entire contents of what was previously LowLevelInterpreter.asm
+ * llint/LowLevelInterpreter64.asm: Added.
+ * offlineasm/asm.rb:
+ * offlineasm/ast.rb:
+ * offlineasm/generate_offset_extractor.rb:
+ * offlineasm/parser.rb:
+ * offlineasm/self_hash.rb:
+
+2012-02-25 Filip Pizlo <fpizlo@apple.com>
+
+ Offlineasm should support X86_64
+ https://bugs.webkit.org/show_bug.cgi?id=79581
+
+ Reviewed by Oliver Hunt.
+
+ * llint/LLIntOfflineAsmConfig.h:
+ * offlineasm/backends.rb:
+ * offlineasm/instructions.rb:
+ * offlineasm/settings.rb:
+ * offlineasm/x86.rb:
+
+2012-02-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should support activations and nested functions
+ https://bugs.webkit.org/show_bug.cgi?id=79554
+
+ Reviewed by Oliver Hunt.
+
+ Wrote the simplest possible implementation of activations. Big speed-up on
+ code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
+ Kraken) because they do not appear to have sufficient coverage over code
+ that uses activations.
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromValue):
+ * bytecode/PredictedType.h:
+ (JSC):
+ (JSC::isEmptyPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ (JSC::DFG::canInlineOpcode):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::needsActivation):
+ * dfg/DFGNode.h:
+ (DFG):
+ (JSC::DFG::Node::storageAccessDataIndex):
+ (Node):
+ (JSC::DFG::Node::hasFunctionDeclIndex):
+ (JSC::DFG::Node::functionDeclIndex):
+ (JSC::DFG::Node::hasFunctionExprIndex):
+ (JSC::DFG::Node::functionExprIndex):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-02-25 Benjamin Poulain <benjamin@webkit.org>
+
+ Add an empty skeleton of KURL for WTFURL
+ https://bugs.webkit.org/show_bug.cgi?id=78990
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
+ so that can use them in WebCore.
+
+2012-02-25 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, fix build for DFG disabled and LLInt enabled.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * llint/LLIntSlowPaths.cpp:
+ (LLInt):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+
+2012-02-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix the CopiedBlock offset alignment in a cross platform fashion
+ https://bugs.webkit.org/show_bug.cgi?id=79556
+
+ Reviewed by Filip Pizlo.
+
+ Replaced m_payload with a payload() method that calculates the offset
+ of the payload with the proper alignment. This change allows us to
+ avoid alignment-related issues in a cross-platform manner.
+
+ * heap/CopiedAllocator.h:
+ (JSC::CopiedAllocator::currentUtilization):
+ * heap/CopiedBlock.h:
+ (JSC::CopiedBlock::CopiedBlock):
+ (JSC::CopiedBlock::payload):
+ (CopiedBlock):
+ * heap/CopiedSpace.cpp:
+ (JSC::CopiedSpace::doneFillingBlock):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::borrowBlock):
+ (JSC::CopiedSpace::allocateFromBlock):
+
+2012-02-24 Michael Saboff <msaboff@apple.com>
+
+ Unreviewed, Windows build fix. Changed signature in export to match
+ change made in r108858.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-02-24 Filip Pizlo <fpizlo@apple.com>
+
+ DFG support for op_new_regexp should be enabled
+ https://bugs.webkit.org/show_bug.cgi?id=79538
+
+ Reviewed by Oliver Hunt.
+
+ No performance change.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGCommon.h:
+
+2012-02-24 Michael Saboff <msaboff@apple.com>
+
+ ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
+ https://bugs.webkit.org/show_bug.cgi?id=73728
+
+ Reviewed by Gavin Barraclough.
+
+ Fixed the mixing of signed and unsigned character indeces in YARR
+ interpreter.
+
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match): Added code to check for match longer than 2^31 and
+ return no match after resetting the offsets.
+ * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
+ handling except when matching back references.
+ (JSC::Yarr::Interpreter::InputStream::readChecked):
+ (JSC::Yarr::Interpreter::InputStream::checkInput):
+ (JSC::Yarr::Interpreter::InputStream::uncheckInput):
+ (JSC::Yarr::Interpreter::InputStream::atStart):
+ (JSC::Yarr::Interpreter::InputStream::atEnd):
+ (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
+ (JSC::Yarr::Interpreter::checkCharacter):
+ (JSC::Yarr::Interpreter::checkCasedCharacter):
+ (JSC::Yarr::Interpreter::checkCharacterClass):
+ (JSC::Yarr::Interpreter::tryConsumeBackReference):
+ (JSC::Yarr::Interpreter::matchAssertionBOL):
+ (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
+ (JSC::Yarr::Interpreter::backtrackPatternCharacter):
+ (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
+ (JSC::Yarr::Interpreter::matchCharacterClass):
+ (JSC::Yarr::Interpreter::backtrackCharacterClass):
+ (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
+ (JSC::Yarr::Interpreter::matchDisjunction):
+ (JSC::Yarr::Interpreter::interpret):
+ (JSC::Yarr::ByteCompiler::assertionBOL):
+ (JSC::Yarr::ByteCompiler::assertionEOL):
+ (JSC::Yarr::ByteCompiler::assertionWordBoundary):
+ (JSC::Yarr::ByteCompiler::atomPatternCharacter):
+ (JSC::Yarr::ByteCompiler::atomCharacterClass):
+ (JSC::Yarr::ByteCompiler::atomBackReference):
+ (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
+ (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
+ (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
+ (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+ * yarr/YarrInterpreter.h:
+
+2012-02-24 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
+ enabled.
+
+ * llint/LLIntOfflineAsmConfig.h:
+ * llint/LowLevelInterpreter.asm:
+
+2012-02-24 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should be able to handle variables getting captured
+ https://bugs.webkit.org/show_bug.cgi?id=79469
+
+ Reviewed by Oliver Hunt.
+
+ Made captured variables work by placing a Flush on the SetLocal and
+ forcing the emission of the GetLocal even if copy propagation tells us
+ who has the value.
+
+ Changed the CFA and various prediction codes to understand that we can't
+ really prove anything about captured variables. Well, we could in the
+ future by just looking at what side effects are happening, but in this
+ first cut we just assume that we can't reason about captured variables.
+
+ Also added a mode where the DFG pretends that all variables and arguments
+ got captured. Used this mode to harden the code.
+
+ This is performance neutral. Capturing all variables is a slow down, but
+ not too big of one. This seems to predict that when we add activation
+ support, the amount of speed benefit we'll get from increased coverage
+ will far outweigh the pessimism that we'll have to endure for captured
+ variables.
+
+ * bytecode/CodeType.h:
+ (JSC::codeTypeToString):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::merge):
+ * dfg/DFGAbstractState.h:
+ (AbstractState):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::flushArgument):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightInlineFunctionForCall):
+ (JSC::DFG::mightInlineFunctionForConstruct):
+ * dfg/DFGCommon.h:
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::needsActivation):
+ (Graph):
+ (JSC::DFG::Graph::argumentIsCaptured):
+ (JSC::DFG::Graph::localIsCaptured):
+ (JSC::DFG::Graph::isCaptured):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldGenerate):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (DFG):
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (ValueSource):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ (JSC::DFG::VirtualRegisterAllocationPhase::run):
+
+2012-02-24 Gavin Barraclough <barraclough@apple.com>
+
+ Should not allow malformed \x escapes
+ https://bugs.webkit.org/show_bug.cgi?id=79462
+
+ Reviewed by Oliver Hunt.
+
+ * parser/Lexer.cpp:
+ (JSC::::parseString):
+ (JSC::::parseStringSlowCase):
+ - Prohibit malformed '\x' escapes
+ * tests/mozilla/ecma/Array/15.4.5.1-1.js:
+ * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
+ * tests/mozilla/ecma_2/RegExp/hex-001.js:
+ * tests/mozilla/js1_2/regexp/hexadecimal.js:
+ - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
+
+2012-02-24 Daniel Bates <dbates@webkit.org>
+
+ Fix change log entry for changeset r108819; add bug URL
+ https://bugs.webkit.org/show_bug.cgi?id=79504
+
+ Changeset r108819 is associated with bug #79504.
+
+ * ChangeLog
+
+2012-02-24 Daniel Bates <dbates@webkit.org>
+
+ Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=79504
+
+ Reviewed by Oliver Hunt.
+
+ There are a few places in Interpreter.cpp that need to be updated to use
+ ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
+ ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
+ (https://bugs.webkit.org/show_bug.cgi?id=78791).
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getLineNumberForCallFrame):
+ (JSC::getCallerInfo):
+ (JSC::getSourceURLFromCallFrame):
+
+2012-02-24 Adam Roben <aroben@apple.com>
+
+ Undo the BUILDING_WTF part of r108808
+
+ This broke the build, which is obviously worse than the linker warning it was trying to
+ solve.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+
+2012-02-24 Adam Roben <aroben@apple.com>
+
+ Fix linker warnings on Windows
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
+ exported via JS_EXPORTDATA.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
+ aren't actually building WTF, but we are statically linking it, so we need to define this
+ symbol so that we export WTF's exports.
+
+2012-02-24 Philippe Normand <pnormand@igalia.com>
+
+ Fix GTK WebAudio build for WebKitGTK 1.7.90.
+
+ Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
+ Rubber-stamped by Philippe Normand.
+
+ * GNUmakefile.list.am: Add Complex.h to the list of files so it
+ gets disted in the tarballs.
+
+2012-02-24 Zoltan Herczeg <zherczeg@webkit.org>
+
+ [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
+ https://bugs.webkit.org/show_bug.cgi?id=79199
+
+ Ruber stamped by Csaba Osztrogonác.
+
+ Temporary fix since the new member wastes a little space on
+ 64 bit systems. Although it is harmless, it is only needed
+ for 32 bit systems.
+
+ * heap/CopiedBlock.h:
+ (CopiedBlock):
+
+2012-02-24 Han Hojong <hojong.han@samsung.com>
+
+ Remove useless jump instructions for short circuit
+ https://bugs.webkit.org/show_bug.cgi?id=75602
+
+ Reviewed by Michael Saboff.
+
+ Jump instruction is inserted to make short circuit,
+ however it does nothing but moving to the next instruction.
+ Therefore useless jump instructions are removed,
+ and jump list is moved into the case not for a short circuit,
+ so that only necessary instructions are added to JIT code
+ unless it has a 16 bit pattern character and an 8 bit string.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+
+2012-02-24 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r108731.
+ http://trac.webkit.org/changeset/108731
+ https://bugs.webkit.org/show_bug.cgi?id=79464
+
+ Broke Chromium Win tests (Requested by bashi on #webkit).
+
+ * wtf/Platform.h:
+
+2012-02-24 Andrew Lo <anlo@rim.com>
+
+ [BlackBerry] Enable requestAnimationFrame
+ https://bugs.webkit.org/show_bug.cgi?id=79408
+
+ Use timer implementation of requestAnimationFrame on BlackBerry.
+
+ Reviewed by Rob Buis.
+
+ * wtf/Platform.h:
+
+2012-02-24 Mathias Bynens <mathias@qiwi.be>
+
+ `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
+ https://bugs.webkit.org/show_bug.cgi?id=78908
+
+ Add additional checks for zero-width non-joiner (0x200C) and
+ zero-width joiner (0x200D) characters.
+
+ Reviewed by Michael Saboff.
+
+ * parser/Lexer.cpp:
+ (JSC::isNonASCIIIdentPart)
+ * runtime/LiteralParser.cpp:
+ (JSC::::Lexer::lexIdentifier)
+
+2012-02-23 Kenichi Ishibashi <bashi@chromium.org>
+
+ Adding WebSocket per-frame DEFLATE extension
+ https://bugs.webkit.org/show_bug.cgi?id=77522
+
+ Added USE(ZLIB) flag.
+
+ Reviewed by Kent Tamura.
+
+ * wtf/Platform.h:
+
+2012-02-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Zero out CopiedBlocks on initialization
+ https://bugs.webkit.org/show_bug.cgi?id=79199
+
+ Reviewed by Filip Pizlo.
+
+ Made CopyBlocks zero their payloads during construction. This allows
+ JSArray to avoid having to manually clear its backing store upon allocation
+ and also alleviates any future pain with regard to the garbage collector trying
+ to mark what it thinks are values in what is actually uninitialized memory.
+
+ * heap/CopiedBlock.h:
+ (JSC::CopiedBlock::CopiedBlock):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation):
+ (JSC::JSArray::tryFinishCreationUninitialized):
+ (JSC::JSArray::increaseVectorLength):
+ (JSC::JSArray::unshiftCountSlowCase):
+
+2012-02-23 Oliver Hunt <oliver@apple.com>
+
+ Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
+ https://bugs.webkit.org/show_bug.cgi?id=79407
+
+ Reviewed by Gavin Barraclough.
+
+ Outside of exception handling, we don't know what our source line number is. This
+ change allows us to pass -1 is as the initial line number, and get the correct line
+ number in the resultant stack trace. We can't completely elide the initial line
+ number (yet) due to some idiosyncrasies of the exception handling machinery.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getLineNumberForCallFrame):
+ (JSC):
+ (JSC::Interpreter::getStackTrace):
+
+2012-02-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit value profiling should have graceful handling of local variables and arguments
+ https://bugs.webkit.org/show_bug.cgi?id=79310
+
+ Reviewed by Gavin Barraclough.
+
+ Previously, if we OSR exited because a prediction in a local was wrong, we'd
+ only realize what the true type of the local was if the regular value profiling
+ kicked in and told us. Unless the local was block-locally copy propagated, in
+ which case we'd know from an OSR exit profile.
+
+ This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
+ exit because of a mispredicted local or argument type, we'll know what the type of
+ the local or argument should be immediately upon exiting.
+
+ The way that local variable OSR exit profiling works is that we now have a lazily
+ added set of OSR-exit-only value profiles for exit sites that are BadType and that
+ cited a GetLocal as their value source. The value profiles are only added if the
+ OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
+ operand. The look-up is performed by querying the
+ CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
+ the bytecode index and the operand. Because the value profiles are added at random
+ times, they are not sorted; instead they are just stored in an arbitrarily-ordered
+ SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
+ creates a LazyOperandValueProfileParser, which turns the
+ CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
+ of DFG parsing.
+
+ Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
+ into which values observed during OSR exit would be placed. Now it uses a lazy
+ thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
+ either contain a ValueProfile inside it (which works for previous uses of OSR exit
+ profiling) or it may just have knowledge of how to go about creating the
+ LazyOperandValueProfile in the case that the OSR exit is actually taken. This
+ ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
+ value profiling buckets unless we actually did OSR exit on every single operand,
+ in every single instruction, in each code block (that's probably unlikely).
+
+ This appears to be neutral on the major benchmarks, but is a double-digit speed-up
+ on code deliberately written to have data flow that spans basic blocks and where
+ the code exhibits post-optimization polymorphism in a local variable.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ (JSC::CodeBlock::lazyOperandValueProfiles):
+ * bytecode/LazyOperandValueProfile.cpp: Added.
+ (JSC):
+ (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
+ (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
+ (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
+ (JSC::CompressedLazyOperandValueProfileHolder::add):
+ (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
+ (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
+ (JSC::LazyOperandValueProfileParser::getIfPresent):
+ (JSC::LazyOperandValueProfileParser::prediction):
+ * bytecode/LazyOperandValueProfile.h: Added.
+ (JSC):
+ (LazyOperandValueProfileKey):
+ (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
+ (JSC::LazyOperandValueProfileKey::operator!):
+ (JSC::LazyOperandValueProfileKey::operator==):
+ (JSC::LazyOperandValueProfileKey::hash):
+ (JSC::LazyOperandValueProfileKey::bytecodeOffset):
+ (JSC::LazyOperandValueProfileKey::operand):
+ (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
+ (JSC::LazyOperandValueProfileKeyHash::hash):
+ (JSC::LazyOperandValueProfileKeyHash::equal):
+ (LazyOperandValueProfileKeyHash):
+ (WTF):
+ (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
+ (LazyOperandValueProfile):
+ (JSC::LazyOperandValueProfile::key):
+ (CompressedLazyOperandValueProfileHolder):
+ (LazyOperandValueProfileParser):
+ * bytecode/MethodOfGettingAValueProfile.cpp: Added.
+ (JSC):
+ (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
+ (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
+ * bytecode/MethodOfGettingAValueProfile.h: Added.
+ (JSC):
+ (MethodOfGettingAValueProfile):
+ (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
+ (JSC::MethodOfGettingAValueProfile::operator!):
+ * bytecode/ValueProfile.cpp: Removed.
+ * bytecode/ValueProfile.h:
+ (JSC):
+ (ValueProfileBase):
+ (JSC::ValueProfileBase::ValueProfileBase):
+ (JSC::ValueProfileBase::dump):
+ (JSC::ValueProfileBase::computeUpdatedPrediction):
+ (JSC::MinimalValueProfile::MinimalValueProfile):
+ (ValueProfileWithLogNumberOfBuckets):
+ (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::getValueProfileBytecodeOffset):
+ (JSC::getRareCaseProfileBytecodeOffset):
+ * dfg/DFGByteCodeParser.cpp:
+ (ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
+ (DFG):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueProfileFor):
+ (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
+ (Graph):
+ * dfg/DFGNode.h:
+ (Node):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ * dfg/DFGOSRExit.h:
+ (OSRExit):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGPhase.cpp:
+ (JSC::DFG::Phase::beginPhase):
+ (JSC::DFG::Phase::endPhase):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
+ (VariableAccessData):
+
+2012-02-23 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix.
+
+ * llint/LLIntOffsetsExtractor.cpp:
+
+2012-02-23 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.
+
+ * llint/LLIntOffsetsExtractor.cpp:
+ * wtf/Platform.h:
+
+2012-02-23 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Build fix for non-Mac wx builds.
+
+ * runtime/DatePrototype.cpp:
+
+2012-02-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
+ https://bugs.webkit.org/show_bug.cgi?id=79334
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::flush):
+
+2012-02-23 Gavin Barraclough <barraclough@apple.com>
+
+ Object.isSealed / Object.isFrozen don't work for native objects
+ https://bugs.webkit.org/show_bug.cgi?id=79331
+
+ Reviewed by Sam Weinig.
+
+ Need to inspect all properties, including static ones.
+ This exposes a couple of bugs in Array & Arguments:
+ - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
+ - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::defineOwnProperty):
+ - Add handling for callee/caller/length.
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ - report length's writability correctly.
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorSeal):
+ (JSC::objectConstructorFreeze):
+ (JSC::objectConstructorIsSealed):
+ (JSC::objectConstructorIsFrozen):
+ - Add spec-based implementation for non-final objects.
+
+2012-02-23 Gavin Barraclough <barraclough@apple.com>
+
+ pop of array hole should get from the prototype chain
+ https://bugs.webkit.org/show_bug.cgi?id=79338
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::pop):
+ - If the fast fast vector case fails, more closely follow the spec.
+
+2012-02-23 Yong Li <yoli@rim.com>
+
+ JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
+ https://bugs.webkit.org/show_bug.cgi?id=79268
+
+ Reviewed by Michael Saboff.
+
+ resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
+ after it fails to allocate a buffer for m_value. So outOfMemory() should assert
+ isRope() rather than !isRope().
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::outOfMemory):
+
+2012-02-23 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
+ https://bugs.webkit.org/show_bug.cgi?id=79371
+
+ Reviewed by Daniel Bates.
+
+ * CMakeLists.txt:
+ * shell/CMakeLists.txt:
+ * wtf/CMakeLists.txt:
+
+2012-02-23 Aron Rosenberg <arosenberg@logitech.com>
+
+ Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
+ https://bugs.webkit.org/show_bug.cgi?id=76210
+
+ Add compile time check for Visual Studio 2005 or newer.
+
+ Reviewed by Simon Hausmann.
+
+ * os-win32/inttypes.h:
+
+2012-02-22 Gavin Barraclough <barraclough@apple.com>
+
+ Implement [[DefineOwnProperty]] for the arguments object
+ https://bugs.webkit.org/show_bug.cgi?id=79309
+
+ Reviewed by Sam Weinig.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::deletePropertyByIndex):
+ (JSC::Arguments::deleteProperty):
+ - Deleting an argument should also delete the copy on the object, if any.
+ (JSC::Arguments::defineOwnProperty):
+ - Defining a property may override the live mapping.
+ * runtime/Arguments.h:
+ (Arguments):
+
+2012-02-22 Gavin Barraclough <barraclough@apple.com>
+
+ Fix Object.freeze for non-final objects.
+ https://bugs.webkit.org/show_bug.cgi?id=79286
+
+ Reviewed by Oliver Hunt.
+
+ For vanilla objects we implement this with a single transition, for objects
+ with special properties we should just follow the spec defined algorithm.
+
+ * runtime/JSArray.cpp:
+ (JSC::SparseArrayValueMap::put):
+ - this does need to handle inextensible objects.
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorSeal):
+ (JSC::objectConstructorFreeze):
+ - Implement spec defined algorithm for non-final objects.
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::freezeTransition):
+ - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
+ * runtime/Structure.h:
+ (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
+ (JSC::Structure::setHasGetterSetterProperties):
+ (JSC::Structure::setContainsReadOnlyProperties):
+ (Structure):
+ - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
+
+2012-02-22 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Allocations from CopiedBlocks should always be 8-byte aligned
+ https://bugs.webkit.org/show_bug.cgi?id=79271
+
+ Reviewed by Geoffrey Garen.
+
+ * heap/CopiedAllocator.h:
+ (JSC::CopiedAllocator::allocate):
+ * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always
+ guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
+ (CopiedBlock):
+ * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
+ (JSC::CopiedSpace::tryAllocateOversize):
+ (JSC::CopiedSpace::getFreshBlock):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC::CopiedSpace::allocateFromBlock):
+ * runtime/JSArray.h:
+ (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte
+ aligned on both 64- and 32-bit platforms.
+ * wtf/StdLibExtras.h:
+ (WTF::is8ByteAligned): Added new utility function that functions similarly to the
+ way isPointerAligned does, but it just always checks for 8 byte alignment.
+ (WTF):
+
+2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r108456.
+ http://trac.webkit.org/changeset/108456
+ https://bugs.webkit.org/show_bug.cgi?id=79223
+
+ Broke fast/regex/pcre-test-4.html and cannot find anyone on
+ IRC (Requested by zherczeg on #webkit).
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
+
+2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r108468.
+ http://trac.webkit.org/changeset/108468
+ https://bugs.webkit.org/show_bug.cgi?id=79219
+
+ Broke Chromium Win release build (Requested by bashi on
+ #webkit).
+
+ * wtf/Platform.h:
+
+2012-02-22 Kenichi Ishibashi <bashi@chromium.org>
+
+ Adding WebSocket per-frame DEFLATE extension
+ https://bugs.webkit.org/show_bug.cgi?id=77522
+
+ Added USE(ZLIB) flag.
+
+ Reviewed by Kent Tamura.
+
+ * wtf/Platform.h:
+
+2012-02-22 Hojong Han <hojong.han@samsung.com>
+
+ Short circuit fixed for a 16 bt pattern character and an 8 bit string.
+ https://bugs.webkit.org/show_bug.cgi?id=75602
+
+ Reviewed by Gavin Barraclough.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
+
+2012-02-21 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix for systems with case sensitive disks.
+
+ * llint/LLIntOfflineAsmConfig.h:
+
+2012-02-21 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should be a triple-tier VM
+ https://bugs.webkit.org/show_bug.cgi?id=75812
+ <rdar://problem/10079694>
+
+ Reviewed by Gavin Barraclough.
+
+ Implemented an interpreter that uses the JIT's calling convention. This
+ interpreter is called LLInt, or the Low Level Interpreter. JSC will now
+ will start by executing code in LLInt and will only tier up to the old
+ JIT after the code is proven hot.
+
+ LLInt is written in a modified form of our macro assembly. This new macro
+ assembly is compiled by an offline assembler (see offlineasm), which
+ implements many modern conveniences such as a Turing-complete CPS-based
+ macro language and direct access to relevant C++ type information
+ (basically offsets of fields and sizes of structs/classes).
+
+ Code executing in LLInt appears to the rest of the JSC world "as if" it
+ were executing in the old JIT. Hence, things like exception handling and
+ cross-execution-engine calls just work and require pretty much no
+ additional overhead.
+
+ This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
+ V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
+ V8, and Kraken, but appear to get a double-digit improvement on real-world
+ websites due to a huge reduction in the amount of JIT'ing.
+
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * assembler/LinkBuffer.h:
+ * assembler/MacroAssemblerCodeRef.h:
+ (MacroAssemblerCodePtr):
+ (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
+ * bytecode/BytecodeConventions.h: Added.
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::computeFromLLInt):
+ (JSC):
+ (JSC::CallLinkStatus::computeFor):
+ * bytecode/CallLinkStatus.h:
+ (JSC::CallLinkStatus::isSet):
+ (JSC::CallLinkStatus::operator!):
+ (CallLinkStatus):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC):
+ (JSC::CodeBlock::unlinkCalls):
+ (JSC::CodeBlock::unlinkIncomingCalls):
+ (JSC::CodeBlock::bytecodeOffset):
+ (JSC::ProgramCodeBlock::jettison):
+ (JSC::EvalCodeBlock::jettison):
+ (JSC::FunctionCodeBlock::jettison):
+ (JSC::ProgramCodeBlock::jitCompileImpl):
+ (JSC::EvalCodeBlock::jitCompileImpl):
+ (JSC::FunctionCodeBlock::jitCompileImpl):
+ * bytecode/CodeBlock.h:
+ (JSC):
+ (CodeBlock):
+ (JSC::CodeBlock::baselineVersion):
+ (JSC::CodeBlock::linkIncomingCall):
+ (JSC::CodeBlock::bytecodeOffset):
+ (JSC::CodeBlock::jitCompile):
+ (JSC::CodeBlock::hasOptimizedReplacement):
+ (JSC::CodeBlock::addPropertyAccessInstruction):
+ (JSC::CodeBlock::addGlobalResolveInstruction):
+ (JSC::CodeBlock::addLLIntCallLinkInfo):
+ (JSC::CodeBlock::addGlobalResolveInfo):
+ (JSC::CodeBlock::numberOfMethodCallLinkInfos):
+ (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ (JSC::CodeBlock::addFrequentExitSite):
+ (JSC::CodeBlock::dontJITAnytimeSoon):
+ (JSC::CodeBlock::jitAfterWarmUp):
+ (JSC::CodeBlock::jitSoon):
+ (JSC::CodeBlock::llintExecuteCounter):
+ (ProgramCodeBlock):
+ (EvalCodeBlock):
+ (FunctionCodeBlock):
+ * bytecode/GetByIdStatus.cpp:
+ (JSC::GetByIdStatus::computeFromLLInt):
+ (JSC):
+ (JSC::GetByIdStatus::computeFor):
+ * bytecode/GetByIdStatus.h:
+ (JSC::GetByIdStatus::GetByIdStatus):
+ (JSC::GetByIdStatus::wasSeenInJIT):
+ (GetByIdStatus):
+ * bytecode/Instruction.h:
+ (JSC):
+ (JSC::Instruction::Instruction):
+ (Instruction):
+ * bytecode/LLIntCallLinkInfo.h: Added.
+ (JSC):
+ (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
+ (LLIntCallLinkInfo):
+ (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
+ (JSC::LLIntCallLinkInfo::isLinked):
+ (JSC::LLIntCallLinkInfo::unlink):
+ * bytecode/MethodCallLinkStatus.cpp:
+ (JSC::MethodCallLinkStatus::computeFor):
+ * bytecode/Opcode.cpp:
+ (JSC):
+ * bytecode/Opcode.h:
+ (JSC):
+ (JSC::padOpcodeName):
+ * bytecode/PutByIdStatus.cpp:
+ (JSC::PutByIdStatus::computeFromLLInt):
+ (JSC):
+ (JSC::PutByIdStatus::computeFor):
+ * bytecode/PutByIdStatus.h:
+ (PutByIdStatus):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::emitCatch):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOperations.cpp:
+ * heap/Heap.h:
+ (JSC):
+ (JSC::Heap::firstAllocatorWithoutDestructors):
+ (Heap):
+ * heap/MarkStack.cpp:
+ (JSC::visitChildren):
+ * heap/MarkedAllocator.h:
+ (JSC):
+ (MarkedAllocator):
+ * heap/MarkedSpace.h:
+ (JSC):
+ (MarkedSpace):
+ (JSC::MarkedSpace::firstAllocator):
+ * interpreter/CallFrame.cpp:
+ (JSC):
+ (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
+ (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
+ (JSC::CallFrame::currentVPC):
+ (JSC::CallFrame::setCurrentVPC):
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::hasReturnPC):
+ (JSC::ExecState::clearReturnPC):
+ (ExecState):
+ (JSC::ExecState::bytecodeOffsetForNonDFGCode):
+ (JSC::ExecState::currentVPC):
+ (JSC::ExecState::setCurrentVPC):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::Interpreter):
+ (JSC::Interpreter::~Interpreter):
+ (JSC):
+ (JSC::Interpreter::initialize):
+ (JSC::Interpreter::isOpcode):
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::getCallerInfo):
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveLastCaller):
+ * interpreter/Interpreter.h:
+ (JSC):
+ (Interpreter):
+ (JSC::Interpreter::getOpcode):
+ (JSC::Interpreter::getOpcodeID):
+ (JSC::Interpreter::classicEnabled):
+ * interpreter/RegisterFile.h:
+ (JSC):
+ (RegisterFile):
+ * jit/ExecutableAllocator.h:
+ (JSC):
+ * jit/HostCallReturnValue.cpp: Added.
+ (JSC):
+ (JSC::getHostCallReturnValueWithExecState):
+ * jit/HostCallReturnValue.h: Added.
+ (JSC):
+ (JSC::initializeHostCallReturnValue):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JITCode.h:
+ (JSC::JITCode::isOptimizingJIT):
+ (JITCode):
+ (JSC::JITCode::isBaselineCode):
+ (JSC::JITCode::JITCode):
+ * jit/JITDriver.h:
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+ * jit/JITExceptions.cpp:
+ (JSC::jitThrow):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::updateTopCallFrame):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC):
+ * jit/JITStubs.h:
+ (JSC):
+ * jit/JSInterfaceJIT.h:
+ * llint: Added.
+ * llint/LLIntCommon.h: Added.
+ * llint/LLIntData.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::Data::Data):
+ (JSC::LLInt::Data::performAssertions):
+ (JSC::LLInt::Data::~Data):
+ * llint/LLIntData.h: Added.
+ (JSC):
+ (LLInt):
+ (Data):
+ (JSC::LLInt::Data::exceptionInstructions):
+ (JSC::LLInt::Data::opcodeMap):
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LLIntEntrypoints.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::getFunctionEntrypoint):
+ (JSC::LLInt::getEvalEntrypoint):
+ (JSC::LLInt::getProgramEntrypoint):
+ * llint/LLIntEntrypoints.h: Added.
+ (JSC):
+ (LLInt):
+ (JSC::LLInt::getEntrypoint):
+ * llint/LLIntExceptions.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::interpreterThrowInCaller):
+ (JSC::LLInt::returnToThrowForThrownException):
+ (JSC::LLInt::returnToThrow):
+ (JSC::LLInt::callToThrow):
+ * llint/LLIntExceptions.h: Added.
+ (JSC):
+ (LLInt):
+ * llint/LLIntOfflineAsmConfig.h: Added.
+ * llint/LLIntOffsetsExtractor.cpp: Added.
+ (JSC):
+ (LLIntOffsetsExtractor):
+ (JSC::LLIntOffsetsExtractor::dummy):
+ (main):
+ * llint/LLIntSlowPaths.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::llint_trace_operand):
+ (JSC::LLInt::llint_trace_value):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::traceFunctionPrologue):
+ (JSC::LLInt::shouldJIT):
+ (JSC::LLInt::entryOSR):
+ (JSC::LLInt::resolveGlobal):
+ (JSC::LLInt::getByVal):
+ (JSC::LLInt::handleHostCall):
+ (JSC::LLInt::setUpCall):
+ (JSC::LLInt::genericCall):
+ * llint/LLIntSlowPaths.h: Added.
+ (JSC):
+ (LLInt):
+ * llint/LLIntThunks.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::generateThunkWithJumpTo):
+ (JSC::LLInt::functionForCallEntryThunkGenerator):
+ (JSC::LLInt::functionForConstructEntryThunkGenerator):
+ (JSC::LLInt::functionForCallArityCheckThunkGenerator):
+ (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
+ (JSC::LLInt::evalEntryThunkGenerator):
+ (JSC::LLInt::programEntryThunkGenerator):
+ * llint/LLIntThunks.h: Added.
+ (JSC):
+ (LLInt):
+ * llint/LowLevelInterpreter.asm: Added.
+ * llint/LowLevelInterpreter.cpp: Added.
+ * llint/LowLevelInterpreter.h: Added.
+ * offlineasm: Added.
+ * offlineasm/armv7.rb: Added.
+ * offlineasm/asm.rb: Added.
+ * offlineasm/ast.rb: Added.
+ * offlineasm/backends.rb: Added.
+ * offlineasm/generate_offset_extractor.rb: Added.
+ * offlineasm/instructions.rb: Added.
+ * offlineasm/offset_extractor_constants.rb: Added.
+ * offlineasm/offsets.rb: Added.
+ * offlineasm/opt.rb: Added.
+ * offlineasm/parser.rb: Added.
+ * offlineasm/registers.rb: Added.
+ * offlineasm/self_hash.rb: Added.
+ * offlineasm/settings.rb: Added.
+ * offlineasm/transform.rb: Added.
+ * offlineasm/x86.rb: Added.
+ * runtime/CodeSpecializationKind.h: Added.
+ (JSC):
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::arityCheckFor):
+ (CommonSlowPaths):
+ * runtime/Executable.cpp:
+ (JSC::jettisonCodeBlock):
+ (JSC):
+ (JSC::EvalExecutable::jitCompile):
+ (JSC::samplingDescription):
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::jitCompile):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::baselineCodeBlockFor):
+ (JSC::FunctionExecutable::jitCompileForCall):
+ (JSC::FunctionExecutable::jitCompileForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC):
+ (EvalExecutable):
+ (ProgramExecutable):
+ (FunctionExecutable):
+ (JSC::FunctionExecutable::jitCompileFor):
+ * runtime/ExecutionHarness.h: Added.
+ (JSC):
+ (JSC::prepareForExecution):
+ (JSC::prepareFunctionForExecution):
+ * runtime/JSArray.h:
+ (JSC):
+ (JSArray):
+ * runtime/JSCell.h:
+ (JSC):
+ (JSCell):
+ * runtime/JSFunction.h:
+ (JSC):
+ (JSFunction):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC):
+ (JSGlobalData):
+ * runtime/JSGlobalObject.h:
+ (JSC):
+ (JSGlobalObject):
+ * runtime/JSObject.h:
+ (JSC):
+ (JSObject):
+ (JSFinalObject):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC):
+ (JSPropertyNameIterator):
+ * runtime/JSString.h:
+ (JSC):
+ (JSString):
+ * runtime/JSTypeInfo.h:
+ (JSC):
+ (TypeInfo):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::description):
+ * runtime/JSValue.h:
+ (LLInt):
+ (JSValue):
+ * runtime/JSVariableObject.h:
+ (JSC):
+ (JSVariableObject):
+ * runtime/Options.cpp:
+ (Options):
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h:
+ (Options):
+ * runtime/ScopeChain.h:
+ (JSC):
+ (ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC):
+ (Structure):
+ * runtime/StructureChain.h:
+ (JSC):
+ (StructureChain):
+ * wtf/InlineASM.h:
+ * wtf/Platform.h:
+ * wtf/SentinelLinkedList.h:
+ (SentinelLinkedList):
+ (WTF::SentinelLinkedList::isEmpty):
+ * wtf/text/StringImpl.h:
+ (JSC):
+ (StringImpl):
+
+2012-02-21 Oliver Hunt <oliver@apple.com>
+
+ Unbreak double-typed arrays on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=79177
+
+ Reviewed by Gavin Barraclough.
+
+ The existing code had completely broken address arithmetic.
+
+ * JSCTypedArrayStubs.h:
+ (JSC):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::storeDouble):
+ (JSC::MacroAssemblerARMv7::storeFloat):
+
+2012-02-21 Gavin Barraclough <barraclough@apple.com>
+
+ Should be able to reconfigure a non-configurable property as read-only
+ https://bugs.webkit.org/show_bug.cgi?id=79170
+
+ Reviewed by Sam Weinig.
+
+ See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable,
+ but does not inhibit making a writable property read-only.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::setInDefineOwnProperty):
+ (JSGlobalData):
+ (JSC::JSGlobalData::isInDefineOwnProperty):
+ - Added flag, tracking whether we are in JSObject::defineOwnProperty.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deleteProperty):
+ (DefineOwnPropertyScope):
+ - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing!
+ (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
+ (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
+ - Added RAII helper.
+ (JSC::JSObject::defineOwnProperty):
+ - Track on the globalData when we are in this method.
+
+2012-02-21 Oliver Hunt <oliver@apple.com>
+
+ Make TypedArrays be available in commandline jsc
+ https://bugs.webkit.org/show_bug.cgi?id=79163
+
+ Reviewed by Gavin Barraclough.
+
+ Adds a compile time option to have jsc support a basic implementation
+ of the TypedArrays available in WebCore. This lets us test the typed
+ array logic in the JIT witout having to build webcore.
+
+ * JSCTypedArrayStubs.h: Added.
+ (JSC):
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject):
+ (GlobalObject::addConstructableFunction):
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+
+2012-02-21 Tom Sepez <tsepez@chromium.org>
+
+ equalIgnoringNullity() only comparing half the bytes for equality
+ https://bugs.webkit.org/show_bug.cgi?id=79135
+
+ Reviewed by Adam Barth.
+
+ * wtf/text/StringImpl.h:
+ (WTF::equalIgnoringNullity):
+
+2012-02-21 Roland Takacs <takacs.roland@stud.u-szeged.hu>
+
+ Unnecessary preprocessor macros in MainThread.h/cpp
+ https://bugs.webkit.org/show_bug.cgi?id=79083
+
+ Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro.
+
+ * wtf/MainThread.cpp:
+ (WTF):
+ * wtf/MainThread.h:
+ (WTF):
+
+2012-02-21 Sam Weinig <sam@webkit.org>
+
+ Attempt to fix the Snow Leopard build.
+
+ * Configurations/Base.xcconfig:
+
+2012-02-21 Sam Weinig <sam@webkit.org>
+
+ Use libc++ when building with Clang on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=78981
+
+ Reviewed by Dan Bernstein.
+
+ * Configurations/Base.xcconfig:
+
+2012-02-21 Adam Roben <aroben@apple.com>
+
+ Roll out r108309, r108323, and r108326
+
+ They broke the 32-bit Lion build.
+
+ Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
+
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * assembler/LinkBuffer.h:
+ * assembler/MacroAssemblerCodeRef.h:
+ * bytecode/BytecodeConventions.h: Removed.
+ * bytecode/CallLinkStatus.cpp:
+ * bytecode/CallLinkStatus.h:
+ * bytecode/CodeBlock.cpp:
+ * bytecode/CodeBlock.h:
+ * bytecode/GetByIdStatus.cpp:
+ * bytecode/GetByIdStatus.h:
+ * bytecode/Instruction.h:
+ * bytecode/LLIntCallLinkInfo.h: Removed.
+ * bytecode/MethodCallLinkStatus.cpp:
+ * bytecode/Opcode.cpp:
+ * bytecode/Opcode.h:
+ * bytecode/PutByIdStatus.cpp:
+ * bytecode/PutByIdStatus.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ * dfg/DFGByteCodeParser.cpp:
+ * dfg/DFGCapabilities.h:
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOperations.cpp:
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ * heap/MarkedAllocator.h:
+ * heap/MarkedSpace.h:
+ * interpreter/CallFrame.cpp:
+ * interpreter/CallFrame.h:
+ * interpreter/Interpreter.cpp:
+ * interpreter/Interpreter.h:
+ * interpreter/RegisterFile.h:
+ * jit/ExecutableAllocator.h:
+ * jit/HostCallReturnValue.cpp: Removed.
+ * jit/HostCallReturnValue.h: Removed.
+ * jit/JIT.cpp:
+ * jit/JITCode.h:
+ * jit/JITDriver.h:
+ * jit/JITExceptions.cpp:
+ * jit/JITInlineMethods.h:
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+ * jit/JSInterfaceJIT.h:
+ * llint/LLIntCommon.h: Removed.
+ * llint/LLIntData.cpp: Removed.
+ * llint/LLIntData.h: Removed.
+ * llint/LLIntEntrypoints.cpp: Removed.
+ * llint/LLIntEntrypoints.h: Removed.
+ * llint/LLIntExceptions.cpp: Removed.
+ * llint/LLIntExceptions.h: Removed.
+ * llint/LLIntOfflineAsmConfig.h: Removed.
+ * llint/LLIntOffsetsExtractor.cpp: Removed.
+ * llint/LLIntSlowPaths.cpp: Removed.
+ * llint/LLIntSlowPaths.h: Removed.
+ * llint/LLIntThunks.cpp: Removed.
+ * llint/LLIntThunks.h: Removed.
+ * llint/LowLevelInterpreter.asm: Removed.
+ * llint/LowLevelInterpreter.cpp: Removed.
+ * llint/LowLevelInterpreter.h: Removed.
+ * offlineasm/armv7.rb: Removed.
+ * offlineasm/asm.rb: Removed.
+ * offlineasm/ast.rb: Removed.
+ * offlineasm/backends.rb: Removed.
+ * offlineasm/generate_offset_extractor.rb: Removed.
+ * offlineasm/instructions.rb: Removed.
+ * offlineasm/offset_extractor_constants.rb: Removed.
+ * offlineasm/offsets.rb: Removed.
+ * offlineasm/opt.rb: Removed.
+ * offlineasm/parser.rb: Removed.
+ * offlineasm/registers.rb: Removed.
+ * offlineasm/self_hash.rb: Removed.
+ * offlineasm/settings.rb: Removed.
+ * offlineasm/transform.rb: Removed.
+ * offlineasm/x86.rb: Removed.
+ * runtime/CodeSpecializationKind.h: Removed.
+ * runtime/CommonSlowPaths.h:
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+ * runtime/ExecutionHarness.h: Removed.
+ * runtime/JSArray.h:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSString.h:
+ * runtime/JSTypeInfo.h:
+ * runtime/JSValue.cpp:
+ * runtime/JSValue.h:
+ * runtime/JSVariableObject.h:
+ * runtime/Options.cpp:
+ * runtime/Options.h:
+ * runtime/ScopeChain.h:
+ * runtime/Structure.cpp:
+ * runtime/Structure.h:
+ * runtime/StructureChain.h:
+ * wtf/InlineASM.h:
+ * wtf/Platform.h:
+ * wtf/SentinelLinkedList.h:
+ * wtf/text/StringImpl.h:
+
+2012-02-21 Gustavo Noronha Silva <kov@debian.org> and Bob Tracy <rct@frus.com>
+
+ Does not build on IA64, SPARC and Alpha
+ https://bugs.webkit.org/show_bug.cgi?id=79047
+
+ Rubber-stamped by Kent Tamura.
+
+ * wtf/dtoa/utils.h: these architectures also have correct double
+ operations, so add them to the appropriate side of the check.
+
+2012-02-21 Filip Pizlo <fpizlo@apple.com>
+
+ Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build.
+ https://bugs.webkit.org/show_bug.cgi?id=75812
+
+ Reviewed by Csaba Osztrogonác.
+
+ * dfg/DFGOperations.cpp:
+ (JSC):
+ * jit/HostCallReturnValue.h:
+ (JSC::initializeHostCallReturnValue):
+
+2012-02-21 Filip Pizlo <fpizlo@apple.com>
+
+ Attempted build fix for ELF platforms.
+
+ * dfg/DFGOperations.cpp:
+ (JSC):
+ (JSC::getHostCallReturnValueWithExecState):
+ * jit/HostCallReturnValue.cpp:
+ (JSC):
+ * jit/HostCallReturnValue.h:
+ (JSC::initializeHostCallReturnValue):
+
+2012-02-20 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should be a triple-tier VM
+ https://bugs.webkit.org/show_bug.cgi?id=75812
+ <rdar://problem/10079694>
+
+ Reviewed by Gavin Barraclough.
+
+ Implemented an interpreter that uses the JIT's calling convention. This
+ interpreter is called LLInt, or the Low Level Interpreter. JSC will now
+ will start by executing code in LLInt and will only tier up to the old
+ JIT after the code is proven hot.
+
+ LLInt is written in a modified form of our macro assembly. This new macro
+ assembly is compiled by an offline assembler (see offlineasm), which
+ implements many modern conveniences such as a Turing-complete CPS-based
+ macro language and direct access to relevant C++ type information
+ (basically offsets of fields and sizes of structs/classes).
+
+ Code executing in LLInt appears to the rest of the JSC world "as if" it
+ were executing in the old JIT. Hence, things like exception handling and
+ cross-execution-engine calls just work and require pretty much no
+ additional overhead.
+
+ This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
+ V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
+ V8, and Kraken, but appear to get a double-digit improvement on real-world
+ websites due to a huge reduction in the amount of JIT'ing.
+
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * assembler/LinkBuffer.h:
+ * assembler/MacroAssemblerCodeRef.h:
+ (MacroAssemblerCodePtr):
+ (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
+ * bytecode/BytecodeConventions.h: Added.
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::computeFromLLInt):
+ (JSC):
+ (JSC::CallLinkStatus::computeFor):
+ * bytecode/CallLinkStatus.h:
+ (JSC::CallLinkStatus::isSet):
+ (JSC::CallLinkStatus::operator!):
+ (CallLinkStatus):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC):
+ (JSC::CodeBlock::unlinkCalls):
+ (JSC::CodeBlock::unlinkIncomingCalls):
+ (JSC::CodeBlock::bytecodeOffset):
+ (JSC::ProgramCodeBlock::jettison):
+ (JSC::EvalCodeBlock::jettison):
+ (JSC::FunctionCodeBlock::jettison):
+ (JSC::ProgramCodeBlock::jitCompileImpl):
+ (JSC::EvalCodeBlock::jitCompileImpl):
+ (JSC::FunctionCodeBlock::jitCompileImpl):
+ * bytecode/CodeBlock.h:
+ (JSC):
+ (CodeBlock):
+ (JSC::CodeBlock::baselineVersion):
+ (JSC::CodeBlock::linkIncomingCall):
+ (JSC::CodeBlock::bytecodeOffset):
+ (JSC::CodeBlock::jitCompile):
+ (JSC::CodeBlock::hasOptimizedReplacement):
+ (JSC::CodeBlock::addPropertyAccessInstruction):
+ (JSC::CodeBlock::addGlobalResolveInstruction):
+ (JSC::CodeBlock::addLLIntCallLinkInfo):
+ (JSC::CodeBlock::addGlobalResolveInfo):
+ (JSC::CodeBlock::numberOfMethodCallLinkInfos):
+ (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ (JSC::CodeBlock::addFrequentExitSite):
+ (JSC::CodeBlock::dontJITAnytimeSoon):
+ (JSC::CodeBlock::jitAfterWarmUp):
+ (JSC::CodeBlock::jitSoon):
+ (JSC::CodeBlock::llintExecuteCounter):
+ (ProgramCodeBlock):
+ (EvalCodeBlock):
+ (FunctionCodeBlock):
+ * bytecode/GetByIdStatus.cpp:
+ (JSC::GetByIdStatus::computeFromLLInt):
+ (JSC):
+ (JSC::GetByIdStatus::computeFor):
+ * bytecode/GetByIdStatus.h:
+ (JSC::GetByIdStatus::GetByIdStatus):
+ (JSC::GetByIdStatus::wasSeenInJIT):
+ (GetByIdStatus):
+ * bytecode/Instruction.h:
+ (JSC):
+ (JSC::Instruction::Instruction):
+ (Instruction):
+ * bytecode/LLIntCallLinkInfo.h: Added.
+ (JSC):
+ (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
+ (LLIntCallLinkInfo):
+ (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
+ (JSC::LLIntCallLinkInfo::isLinked):
+ (JSC::LLIntCallLinkInfo::unlink):
+ * bytecode/MethodCallLinkStatus.cpp:
+ (JSC::MethodCallLinkStatus::computeFor):
+ * bytecode/Opcode.cpp:
+ (JSC):
+ * bytecode/Opcode.h:
+ (JSC):
+ (JSC::padOpcodeName):
+ * bytecode/PutByIdStatus.cpp:
+ (JSC::PutByIdStatus::computeFromLLInt):
+ (JSC):
+ (JSC::PutByIdStatus::computeFor):
+ * bytecode/PutByIdStatus.h:
+ (PutByIdStatus):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::emitCatch):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOperations.cpp:
+ * heap/Heap.h:
+ (JSC):
+ (JSC::Heap::firstAllocatorWithoutDestructors):
+ (Heap):
+ * heap/MarkStack.cpp:
+ (JSC::visitChildren):
+ * heap/MarkedAllocator.h:
+ (JSC):
+ (MarkedAllocator):
+ * heap/MarkedSpace.h:
+ (JSC):
+ (MarkedSpace):
+ (JSC::MarkedSpace::firstAllocator):
+ * interpreter/CallFrame.cpp:
+ (JSC):
+ (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
+ (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
+ (JSC::CallFrame::currentVPC):
+ (JSC::CallFrame::setCurrentVPC):
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::hasReturnPC):
+ (JSC::ExecState::clearReturnPC):
+ (ExecState):
+ (JSC::ExecState::bytecodeOffsetForNonDFGCode):
+ (JSC::ExecState::currentVPC):
+ (JSC::ExecState::setCurrentVPC):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::Interpreter):
+ (JSC::Interpreter::~Interpreter):
+ (JSC):
+ (JSC::Interpreter::initialize):
+ (JSC::Interpreter::isOpcode):
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::getCallerInfo):
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveLastCaller):
+ * interpreter/Interpreter.h:
+ (JSC):
+ (Interpreter):
+ (JSC::Interpreter::getOpcode):
+ (JSC::Interpreter::getOpcodeID):
+ (JSC::Interpreter::classicEnabled):
+ * interpreter/RegisterFile.h:
+ (JSC):
+ (RegisterFile):
+ * jit/ExecutableAllocator.h:
+ (JSC):
+ * jit/HostCallReturnValue.cpp: Added.
+ (JSC):
+ (JSC::getHostCallReturnValueWithExecState):
+ * jit/HostCallReturnValue.h: Added.
+ (JSC):
+ (JSC::initializeHostCallReturnValue):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JITCode.h:
+ (JSC::JITCode::isOptimizingJIT):
+ (JITCode):
+ (JSC::JITCode::isBaselineCode):
+ (JSC::JITCode::JITCode):
+ * jit/JITDriver.h:
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+ * jit/JITExceptions.cpp:
+ (JSC::jitThrow):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::updateTopCallFrame):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC):
+ * jit/JITStubs.h:
+ (JSC):
+ * jit/JSInterfaceJIT.h:
+ * llint: Added.
+ * llint/LLIntCommon.h: Added.
+ * llint/LLIntData.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::Data::Data):
+ (JSC::LLInt::Data::performAssertions):
+ (JSC::LLInt::Data::~Data):
+ * llint/LLIntData.h: Added.
+ (JSC):
+ (LLInt):
+ (Data):
+ (JSC::LLInt::Data::exceptionInstructions):
+ (JSC::LLInt::Data::opcodeMap):
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LLIntEntrypoints.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::getFunctionEntrypoint):
+ (JSC::LLInt::getEvalEntrypoint):
+ (JSC::LLInt::getProgramEntrypoint):
+ * llint/LLIntEntrypoints.h: Added.
+ (JSC):
+ (LLInt):
+ (JSC::LLInt::getEntrypoint):
+ * llint/LLIntExceptions.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::interpreterThrowInCaller):
+ (JSC::LLInt::returnToThrowForThrownException):
+ (JSC::LLInt::returnToThrow):
+ (JSC::LLInt::callToThrow):
+ * llint/LLIntExceptions.h: Added.
+ (JSC):
+ (LLInt):
+ * llint/LLIntOfflineAsmConfig.h: Added.
+ * llint/LLIntOffsetsExtractor.cpp: Added.
+ (JSC):
+ (LLIntOffsetsExtractor):
+ (JSC::LLIntOffsetsExtractor::dummy):
+ (main):
+ * llint/LLIntSlowPaths.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::llint_trace_operand):
+ (JSC::LLInt::llint_trace_value):
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ (JSC::LLInt::traceFunctionPrologue):
+ (JSC::LLInt::shouldJIT):
+ (JSC::LLInt::entryOSR):
+ (JSC::LLInt::resolveGlobal):
+ (JSC::LLInt::getByVal):
+ (JSC::LLInt::handleHostCall):
+ (JSC::LLInt::setUpCall):
+ (JSC::LLInt::genericCall):
+ * llint/LLIntSlowPaths.h: Added.
+ (JSC):
+ (LLInt):
+ * llint/LLIntThunks.cpp: Added.
+ (LLInt):
+ (JSC::LLInt::generateThunkWithJumpTo):
+ (JSC::LLInt::functionForCallEntryThunkGenerator):
+ (JSC::LLInt::functionForConstructEntryThunkGenerator):
+ (JSC::LLInt::functionForCallArityCheckThunkGenerator):
+ (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
+ (JSC::LLInt::evalEntryThunkGenerator):
+ (JSC::LLInt::programEntryThunkGenerator):
+ * llint/LLIntThunks.h: Added.
+ (JSC):
+ (LLInt):
+ * llint/LowLevelInterpreter.asm: Added.
+ * llint/LowLevelInterpreter.cpp: Added.
+ * llint/LowLevelInterpreter.h: Added.
+ * offlineasm: Added.
+ * offlineasm/armv7.rb: Added.
+ * offlineasm/asm.rb: Added.
+ * offlineasm/ast.rb: Added.
+ * offlineasm/backends.rb: Added.
+ * offlineasm/generate_offset_extractor.rb: Added.
+ * offlineasm/instructions.rb: Added.
+ * offlineasm/offset_extractor_constants.rb: Added.
+ * offlineasm/offsets.rb: Added.
+ * offlineasm/opt.rb: Added.
+ * offlineasm/parser.rb: Added.
+ * offlineasm/registers.rb: Added.
+ * offlineasm/self_hash.rb: Added.
+ * offlineasm/settings.rb: Added.
+ * offlineasm/transform.rb: Added.
+ * offlineasm/x86.rb: Added.
+ * runtime/CodeSpecializationKind.h: Added.
+ (JSC):
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::arityCheckFor):
+ (CommonSlowPaths):
+ * runtime/Executable.cpp:
+ (JSC::jettisonCodeBlock):
+ (JSC):
+ (JSC::EvalExecutable::jitCompile):
+ (JSC::samplingDescription):
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::jitCompile):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::baselineCodeBlockFor):
+ (JSC::FunctionExecutable::jitCompileForCall):
+ (JSC::FunctionExecutable::jitCompileForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC):
+ (EvalExecutable):
+ (ProgramExecutable):
+ (FunctionExecutable):
+ (JSC::FunctionExecutable::jitCompileFor):
+ * runtime/ExecutionHarness.h: Added.
+ (JSC):
+ (JSC::prepareForExecution):
+ (JSC::prepareFunctionForExecution):
+ * runtime/JSArray.h:
+ (JSC):
+ (JSArray):
+ * runtime/JSCell.h:
+ (JSC):
+ (JSCell):
+ * runtime/JSFunction.h:
+ (JSC):
+ (JSFunction):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC):
+ (JSGlobalData):
+ * runtime/JSGlobalObject.h:
+ (JSC):
+ (JSGlobalObject):
+ * runtime/JSObject.h:
+ (JSC):
+ (JSObject):
+ (JSFinalObject):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC):
+ (JSPropertyNameIterator):
+ * runtime/JSString.h:
+ (JSC):
+ (JSString):
+ * runtime/JSTypeInfo.h:
+ (JSC):
+ (TypeInfo):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::description):
+ * runtime/JSValue.h:
+ (LLInt):
+ (JSValue):
+ * runtime/JSVariableObject.h:
+ (JSC):
+ (JSVariableObject):
+ * runtime/Options.cpp:
+ (Options):
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h:
+ (Options):
+ * runtime/ScopeChain.h:
+ (JSC):
+ (ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC):
+ (Structure):
+ * runtime/StructureChain.h:
+ (JSC):
+ (StructureChain):
+ * wtf/InlineASM.h:
+ * wtf/Platform.h:
+ * wtf/SentinelLinkedList.h:
+ (SentinelLinkedList):
+ (WTF::SentinelLinkedList::isEmpty):
+ * wtf/text/StringImpl.h:
+ (JSC):
+ (StringImpl):
+
+2012-02-20 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, rolling out http://trac.webkit.org/changeset/108291
+ It completely broke the 32-bit JIT.
+
+ * heap/CopiedAllocator.h:
+ * heap/CopiedSpace.h:
+ (CopiedSpace):
+ * heap/Heap.h:
+ (JSC::Heap::allocatorForObjectWithDestructor):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITInlineMethods.h:
+ (JSC):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+ * runtime/JSArray.cpp:
+ (JSC::storageSize):
+ (JSC):
+ * runtime/JSArray.h:
+ (ArrayStorage):
+ (JSArray):
+
+2012-02-20 Gavin Barraclough <barraclough@apple.com>
+
+ [[Put]] should throw if prototype chain contains a readonly property.
+ https://bugs.webkit.org/show_bug.cgi?id=79069
+
+ Reviewed by Oliver Hunt.
+
+ Currently we only check the base of the put, not the prototype chain.
+ Fold this check in with the test for accessors.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ - Updated to test all objects in the propotype chain for readonly properties.
+ (JSC::JSObject::putDirectAccessor):
+ (JSC::putDescriptor):
+ - Record the presence of readonly properties on the structure.
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
+ * runtime/Structure.h:
+ (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
+ (JSC::Structure::setHasGetterSetterProperties):
+ - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
+ (JSC::Structure::setContainsReadOnlyProperties):
+ - Added.
+
+2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Implement fast path for op_new_array in the baseline JIT
+ https://bugs.webkit.org/show_bug.cgi?id=78612
+
+ Reviewed by Filip Pizlo.
+
+ * heap/CopiedAllocator.h:
+ (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
+ * heap/CopiedSpace.h:
+ (CopiedSpace): Friended the JIT to allow access to
+ (JSC::CopiedSpace::allocator):
+ * heap/Heap.h:
+ (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
+ can use it for simple allocation i.e. when we can just bump the offset without having to
+ do anything else.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
+ we have to bail out because the fast allocation path fails for whatever reason.
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
+ allocate generic backing stores. This function is used by emitAllocateJSArray.
+ (JSC):
+ (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
+ more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
+ it will also be used for emit_op_new_array_buffer.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
+ a stub call for oversize arrays.
+ (JSC):
+ (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on
+ the fast path.
+ * runtime/JSArray.cpp:
+ (JSC):
+ * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
+ initialize in the JIT.
+ (ArrayStorage):
+ (JSC::ArrayStorage::lengthOffset):
+ (JSC::ArrayStorage::numValuesInVectorOffset):
+ (JSC::ArrayStorage::allocBaseOffset):
+ (JSC::ArrayStorage::vectorOffset):
+ (JSArray):
+ (JSC::JSArray::sparseValueMapOffset):
+ (JSC::JSArray::subclassDataOffset):
+ (JSC::JSArray::indexBiasOffset):
+ (JSC):
+ (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
+ to being a static function in the JSArray class. This move allows the JIT to call it to
+ see what size it should allocate.
+
+2012-02-20 Gavin Barraclough <barraclough@apple.com>
+
+ DefineOwnProperty fails with numeric properties & Object.prototype
+ https://bugs.webkit.org/show_bug.cgi?id=79059
+
+ Reviewed by Oliver Hunt.
+
+ ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names),
+ calls to defineOwnProperty need to update this cache.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::defineOwnProperty):
+ (JSC):
+ (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
+ * runtime/ObjectPrototype.h:
+ (ObjectPrototype):
+
+2012-02-20 Pino Toscano <pino@debian.org>
+
+ Does not build on GNU Hurd
+ https://bugs.webkit.org/show_bug.cgi?id=79045
+
+ Reviewed by Gustavo Noronha Silva.
+
+ * wtf/Platform.h: define WTF_OS_HURD.
+ * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix
+ for the lack of PTHREAD_KEYS_MAX definition, with a value which
+ should not cause issues.
+
+2012-02-20 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Undoing accidental changes
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+
+2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Factor out allocation in CopySpace into a separate CopyAllocator
+ https://bugs.webkit.org/show_bug.cgi?id=78610
+
+ Reviewed by Oliver Hunt.
+
+ Added a new CopyAllocator class, which allows us to do allocations without
+ having to load the current offset and store the current offset in the current
+ block. This change will allow us to easily do inline assembly in the JIT for
+ array allocations.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/CopiedAllocator.h: Added.
+ (JSC):
+ (CopiedAllocator):
+ (JSC::CopiedAllocator::currentBlock):
+ (JSC::CopiedAllocator::CopiedAllocator):
+ (JSC::CopiedAllocator::allocate):
+ (JSC::CopiedAllocator::fitsInCurrentBlock):
+ (JSC::CopiedAllocator::wasLastAllocation):
+ (JSC::CopiedAllocator::startedCopying):
+ (JSC::CopiedAllocator::resetCurrentBlock):
+ (JSC::CopiedAllocator::currentUtilization):
+ (JSC::CopiedAllocator::resetLastAllocation):
+ * heap/CopiedBlock.h:
+ (CopiedBlock):
+ * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we
+ weren't really getting any benefits from having such big functions in a header file.
+ (JSC::CopiedSpace::CopiedSpace):
+ (JSC):
+ (JSC::CopiedSpace::init):
+ (JSC::CopiedSpace::tryAllocateSlowCase):
+ (JSC::CopiedSpace::tryAllocateOversize):
+ (JSC::CopiedSpace::tryReallocate):
+ (JSC::CopiedSpace::tryReallocateOversize):
+ (JSC::CopiedSpace::doneFillingBlock):
+ (JSC::CopiedSpace::doneCopying):
+ (JSC::CopiedSpace::getFreshBlock):
+ * heap/CopiedSpace.h:
+ (CopiedSpace):
+ * heap/CopiedSpaceInlineMethods.h:
+ (JSC):
+ (JSC::CopiedSpace::startedCopying):
+ (JSC::CopiedSpace::addNewBlock):
+ (JSC::CopiedSpace::allocateNewBlock):
+ (JSC::CopiedSpace::fitsInBlock):
+ (JSC::CopiedSpace::tryAllocate):
+ (JSC::CopiedSpace::allocateFromBlock):
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+ * heap/HeapBlock.h:
+ (HeapBlock):
+
+2012-02-20 Patrick Gansterer <paroga@webkit.org>
+
+ Fix Visual Studio 2010 build.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::PropertyListNode::emitBytecode):
+
+2012-02-16 Gavin Barraclough <barraclough@apple.com>
+
+ Move special __proto__ property to Object.prototype
+ https://bugs.webkit.org/show_bug.cgi?id=78409
+
+ Reviewed by Oliver Hunt.
+
+ Re-implement this as a regular accessor property. This has three key benefits:
+ 1) It makes it possible for objects to be given properties named __proto__.
+ 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
+ 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
+
+ * parser/Parser.cpp:
+ (JSC::::parseFunctionInfo):
+ - No need to prohibit functions named __proto__.
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ - Add __proto__ accessor to Object.prototype.
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncProtoGetter):
+ (JSC::globalFuncProtoSetter):
+ - Definition of the __proto__ accessor functions.
+ * runtime/JSGlobalObjectFunctions.h:
+ - Declaration of the __proto__ accessor functions.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
+ (JSC::JSObject::putDirectAccessor):
+ - Track on the structure whether an object contains accessors other than one for __proto__.
+ (JSC::JSObject::defineOwnProperty):
+ - No need to prohibit definition of own properties named __proto__.
+ * runtime/JSObject.h:
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ - Remove the special handling for __proto__.
+ (JSC::JSValue::get):
+ - Remove the special handling for __proto__.
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ - Remove the special handling for __proto__.
+ * runtime/JSValue.h:
+ (JSValue):
+ - Made synthesizePrototype public (this may be needed by the __proto__ getter).
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetPrototypeOf):
+ - Perform the security check & call prototype() directly.
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
+ * runtime/Structure.h:
+ (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
+ (JSC::Structure::setHasGetterSetterProperties):
+ (Structure):
+ - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
+
+2012-02-20 Michael Saboff <msaboff@apple.com>
+
+ Update toLower and toUpper tests for Unicode 6.1 changes
+ https://bugs.webkit.org/show_bug.cgi?id=78923
+
+ Reviewed by Oliver Hunt.
+
+ * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test
+ to handle a third set of results for updated Unicode 6.1
+ changes.
+ (getTestCases):
+ (TestCaseMultiExpected):
+ (writeTestCaseResultMultiExpected):
+ (getTestCaseResultMultiExpected):
+ (test):
+ (GetUnicodeValues):
+ (DecimalToHexString):
+
+2012-02-20 Andy Wingo <wingo@igalia.com>
+
+ Remove unused features from CodeFeatures
+ https://bugs.webkit.org/show_bug.cgi?id=78804
+
+ Reviewed by Gavin Barraclough.
+
+ * parser/Nodes.h:
+ * parser/ASTBuilder.h:
+ (JSC::ClosureFeature):
+ (JSC::ASTBuilder::createFunctionBody):
+ (JSC::ASTBuilder::usesClosures):
+ Remove "ClosureFeature". Since we track captured variables more
+ precisely, this bit doesn't do us any good.
+
+ (JSC::AssignFeature):
+ (JSC::ASTBuilder::makeAssignNode):
+ (JSC::ASTBuilder::makePrefixNode):
+ (JSC::ASTBuilder::makePostfixNode):
+ (JSC::ASTBuilder::usesAssignment):
+ Similarly, remove AssignFeature. It is unused.
+
+2012-02-19 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck issues.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2012-02-18 Sam Weinig <sam@webkit.org>
+
+ Fix style issues in DFG Phase classes
+ https://bugs.webkit.org/show_bug.cgi?id=78983
+
+ Reviewed by Ryosuke Niwa.
+
+ * dfg/DFGArithNodeFlagsInferencePhase.cpp:
+ * dfg/DFGCFAPhase.cpp:
+ * dfg/DFGCSEPhase.cpp:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp:
+ Add a space before the colon in class declarations.
+
+2012-02-18 Filip Pizlo <fpizlo@apple.com>
+
+ Attempt to fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-02-18 Sam Weinig <sam@webkit.org>
+
+ Fix the libc++ build.
+
+ Reviewed by Anders Carlsson.
+
+ * heap/Weak.h:
+ Libc++'s nullptr emulation does not allow default construction
+ of the nullptr_t type. Work around this with the arguably clearer
+ just returning nullptr.
+
+2012-02-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFGPropagator.cpp has too many things
+ https://bugs.webkit.org/show_bug.cgi?id=78956
+
+ Reviewed by Oliver Hunt.
+
+ Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
+ various things and put them into separate files. These new phases follow
+ the naming convention "DFG<name>Phase" where <name> is a noun. They are
+ called via functions of the form "perform<name>".
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
+ (DFG):
+ (JSC::DFG::performArithNodeFlagsInference):
+ * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
+ (DFG):
+ * dfg/DFGCFAPhase.cpp: Added.
+ (DFG):
+ (JSC::DFG::performCFA):
+ * dfg/DFGCFAPhase.h: Added.
+ (DFG):
+ * dfg/DFGCSEPhase.cpp: Added.
+ (DFG):
+ (JSC::DFG::performCSE):
+ * dfg/DFGCSEPhase.h: Added.
+ (DFG):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGPhase.cpp: Added.
+ (DFG):
+ (JSC::DFG::Phase::beginPhase):
+ (JSC::DFG::Phase::endPhase):
+ * dfg/DFGPhase.h: Added.
+ (DFG):
+ (Phase):
+ (JSC::DFG::Phase::Phase):
+ (JSC::DFG::Phase::~Phase):
+ (JSC::DFG::Phase::globalData):
+ (JSC::DFG::Phase::codeBlock):
+ (JSC::DFG::Phase::profiledBlock):
+ (JSC::DFG::Phase::beginPhase):
+ (JSC::DFG::Phase::endPhase):
+ (JSC::DFG::runPhase):
+ * dfg/DFGPredictionPropagationPhase.cpp: Added.
+ (DFG):
+ (JSC::DFG::performPredictionPropagation):
+ * dfg/DFGPredictionPropagationPhase.h: Added.
+ (DFG):
+ * dfg/DFGPropagator.cpp: Removed.
+ * dfg/DFGPropagator.h: Removed.
+ * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
+ (DFG):
+ (JSC::DFG::performVirtualRegisterAllocation):
+ * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
+ (DFG):
+
+2012-02-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and
+ the CodeBlock that was used for profiling
+ https://bugs.webkit.org/show_bug.cgi?id=78954
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.h:
+ (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
+ (JSC):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::AbstractState):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGAbstractState.h:
+ * dfg/DFGAssemblyHelpers.h:
+ (AssemblyHelpers):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::parse):
+ * dfg/DFGByteCodeParser.h:
+ (DFG):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::Graph):
+ (Graph):
+ (JSC::DFG::Graph::getJSConstantPrediction):
+ (JSC::DFG::Graph::addShouldSpeculateInteger):
+ (JSC::DFG::Graph::isInt32Constant):
+ (JSC::DFG::Graph::isDoubleConstant):
+ (JSC::DFG::Graph::isNumberConstant):
+ (JSC::DFG::Graph::isBooleanConstant):
+ (JSC::DFG::Graph::isFunctionConstant):
+ (JSC::DFG::Graph::valueOfJSConstant):
+ (JSC::DFG::Graph::valueOfInt32Constant):
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ (JSC::DFG::Graph::valueOfFunctionConstant):
+ (JSC::DFG::Graph::baselineCodeBlockFor):
+ (JSC::DFG::Graph::valueProfileFor):
+ (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::JITCompiler):
+ (JITCompiler):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::isNotNegZero):
+ (JSC::DFG::Propagator::isNotZero):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::doRoundOfDoubleVoting):
+ (JSC::DFG::Propagator::globalCFA):
+ (JSC::DFG::propagate):
+ * dfg/DFGPropagator.h:
+ (DFG):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculativeJIT::compileAdd):
+ (JSC::DFG::SpeculativeJIT::compileArithSub):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isConstant):
+ (JSC::DFG::SpeculativeJIT::isJSConstant):
+ (JSC::DFG::SpeculativeJIT::isInt32Constant):
+ (JSC::DFG::SpeculativeJIT::isDoubleConstant):
+ (JSC::DFG::SpeculativeJIT::isNumberConstant):
+ (JSC::DFG::SpeculativeJIT::isBooleanConstant):
+ (JSC::DFG::SpeculativeJIT::isFunctionConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
+ (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+
+2012-02-17 Ahmad Sharif <asharif.tools@gmail.com>
+
+ There is a warning in memset in glibc that gets triggered through a
+ warndecl when the fill-value of memset is a non-zero constant and the
+ size is zero. This warning is enabled when building with
+ -D_FORTIFY_SOURCE=2. This patch fixes the warning.
+
+ https://bugs.webkit.org/show_bug.cgi?id=78513
+
+ Reviewed by Alexey Proskuryakov
+
+ * wtf/Vector.h:
+
+2012-02-17 Kalev Lember <kalevlember@gmail.com>
+
+ Remove unused parameters from WTF threading API
+ https://bugs.webkit.org/show_bug.cgi?id=78389
+
+ Reviewed by Adam Roben.
+
+ waitForThreadCompletion() had an out param 'void **result' to get the
+ 'void *' returned by ThreadFunction. However, the implementation in
+ ThreadingWin.cpp ignored the out param, not filling it in. This had
+ led to a situation where none of the client code made use of the param
+ and just ignored it.
+
+ To clean this up, the patch changes the signature of ThreadFunction to
+ return void instead of void* and drops the the unused 'void **result'
+ parameter from waitForThreadCompletion. Also, all client code is
+ updated for the API change.
+
+ As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even
+ though the change only affects internal API, Safari is using it
+ directly and we'll need to keep the old versions around for ABI
+ compatibility. For this, the patch adds compatibility wrappers with
+ the old ABI.
+
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingThread::threadStartFunc):
+ (JSC::SamplingThread::stop):
+ * bytecode/SamplingTool.h:
+ (SamplingThread):
+ * heap/Heap.cpp:
+ (JSC::Heap::~Heap):
+ (JSC::Heap::blockFreeingThreadStartFunc):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
+ (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
+ * heap/MarkStack.h:
+ (MarkStackThreadSharedData):
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
+ * wtf/ParallelJobsGeneric.h:
+ (ThreadPrivate):
+ * wtf/ThreadFunctionInvocation.h: Update the signature of
+ ThreadFunction.
+ (WTF):
+ * wtf/Threading.cpp:
+ (WTF::threadEntryPoint): Update for ThreadFunction signature change.
+ (WTF):
+ (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation):
+ ABI compatibility function for Safari.
+ (ThreadFunctionWithReturnValueInvocation): Ditto.
+ (WTF::compatEntryPoint): Ditto.
+ (WTF::createThread): Ditto.
+ (WTF::waitForThreadCompletion): Ditto.
+ * wtf/Threading.h: Update the signature of ThreadFunction and
+ waitForThreadCompletion.
+ (WTF):
+ * wtf/ThreadingPthreads.cpp: Implement the new API.
+ (WTF::wtfThreadEntryPoint):
+ (WTF):
+ (WTF::createThreadInternal):
+ (WTF::waitForThreadCompletion):
+ * wtf/ThreadingWin.cpp: Implement the new API.
+ (WTF::wtfThreadEntryPoint):
+ (WTF::waitForThreadCompletion):
+
+2012-02-16 Oliver Hunt <oliver@apple.com>
+
+ Implement Error.stack
+ https://bugs.webkit.org/show_bug.cgi?id=66994
+
+ Reviewed by Gavin Barraclough.
+
+ Implement support for stack traces on exception objects. This is a rewrite
+ of the core portion of the last stack walking logic, but the mechanical work
+ of adding the information to an exception comes from the original work by
+ Juan Carlos Montemayor Elosua.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getCallerInfo):
+ (JSC):
+ (JSC::getSourceURLFromCallFrame):
+ (JSC::getStackFrameCodeType):
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::throwException):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC):
+ (StackFrame):
+ (JSC::StackFrame::toString):
+ (Interpreter):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (functionJSCStack):
+ * parser/Nodes.h:
+ (JSC::FunctionBodyNode::setInferredName):
+ * parser/Parser.h:
+ (JSC::::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+ (JSC):
+
+2012-02-17 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename Bump* to Copy*
+ https://bugs.webkit.org/show_bug.cgi?id=78573
+
+ Reviewed by Geoffrey Garen.
+
+ Renamed anything with "Bump" in the name to have "Copied" instead.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * heap/BumpBlock.h: Removed.
+ * heap/BumpSpace.cpp: Removed.
+ * heap/BumpSpace.h: Removed.
+ * heap/BumpSpaceInlineMethods.h: Removed.
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::ConservativeRoots):
+ (JSC::ConservativeRoots::genericAddPointer):
+ * heap/ConservativeRoots.h:
+ (ConservativeRoots):
+ * heap/CopiedBlock.h: Added.
+ (JSC):
+ (CopiedBlock):
+ (JSC::CopiedBlock::CopiedBlock):
+ * heap/CopiedSpace.cpp: Added.
+ (JSC):
+ (JSC::CopiedSpace::tryAllocateSlowCase):
+ * heap/CopiedSpace.h: Added.
+ (JSC):
+ (CopiedSpace):
+ (JSC::CopiedSpace::isInCopyPhase):
+ (JSC::CopiedSpace::totalMemoryAllocated):
+ (JSC::CopiedSpace::totalMemoryUtilized):
+ * heap/CopiedSpaceInlineMethods.h: Added.
+ (JSC):
+ (JSC::CopiedSpace::CopiedSpace):
+ (JSC::CopiedSpace::init):
+ (JSC::CopiedSpace::contains):
+ (JSC::CopiedSpace::pin):
+ (JSC::CopiedSpace::startedCopying):
+ (JSC::CopiedSpace::doneCopying):
+ (JSC::CopiedSpace::doneFillingBlock):
+ (JSC::CopiedSpace::recycleBlock):
+ (JSC::CopiedSpace::getFreshBlock):
+ (JSC::CopiedSpace::borrowBlock):
+ (JSC::CopiedSpace::addNewBlock):
+ (JSC::CopiedSpace::allocateNewBlock):
+ (JSC::CopiedSpace::fitsInBlock):
+ (JSC::CopiedSpace::fitsInCurrentBlock):
+ (JSC::CopiedSpace::tryAllocate):
+ (JSC::CopiedSpace::tryAllocateOversize):
+ (JSC::CopiedSpace::allocateFromBlock):
+ (JSC::CopiedSpace::tryReallocate):
+ (JSC::CopiedSpace::tryReallocateOversize):
+ (JSC::CopiedSpace::isOversize):
+ (JSC::CopiedSpace::isPinned):
+ (JSC::CopiedSpace::oversizeBlockFor):
+ (JSC::CopiedSpace::blockFor):
+ * heap/Heap.cpp:
+ * heap/Heap.h:
+ (JSC):
+ (Heap):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::SlotVisitor::drainFromShared):
+ (JSC::SlotVisitor::startCopying):
+ (JSC::SlotVisitor::allocateNewSpace):
+ (JSC::SlotVisitor::doneCopying):
+ * heap/MarkStack.h:
+ (MarkStackThreadSharedData):
+ * heap/SlotVisitor.h:
+ (SlotVisitor):
+ * runtime/JSArray.cpp:
+ * runtime/JSObject.cpp:
+
+2012-02-16 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add JSC code profiling support on Linux x86
+ https://bugs.webkit.org/show_bug.cgi?id=78871
+
+ Reviewed by Gavin Barraclough.
+
+ We don't unwind the stack for now as we cannot guarantee all the
+ libraries are compiled without -fomit-frame-pointer.
+
+ * tools/CodeProfile.cpp:
+ (JSC::CodeProfile::sample):
+ * tools/CodeProfiling.cpp:
+ (JSC):
+ (JSC::profilingTimer):
+ (JSC::CodeProfiling::begin):
+ (JSC::CodeProfiling::end):
+
+2012-02-16 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed. Rolling out r107980, because it broke 32 bit platforms.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC):
+ (Interpreter):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * parser/Nodes.h:
+ (JSC::FunctionBodyNode::setInferredName):
+ * parser/Parser.h:
+ (JSC::::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+ (JSC):
+
+2012-02-16 Filip Pizlo <fpizlo@apple.com>
+
+ ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER
+ https://bugs.webkit.org/show_bug.cgi?id=78791
+
+ Rubber stamped by Oliver Hunt.
+
+ Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
+ COMPUTED_GOTO_CLASSIC_INTERPRETER.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC):
+ (JSC::CodeBlock::shrinkToFit):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ * bytecode/Instruction.h:
+ (JSC::Instruction::Instruction):
+ * bytecode/Opcode.h:
+ (JSC::padOpcodeName):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ * interpreter/AbstractPC.cpp:
+ (JSC::AbstractPC::AbstractPC):
+ * interpreter/AbstractPC.h:
+ (AbstractPC):
+ * interpreter/CallFrame.h:
+ (ExecState):
+ * interpreter/Interpreter.cpp:
+ (JSC):
+ (JSC::Interpreter::initialize):
+ (JSC::Interpreter::isOpcode):
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveLastCaller):
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::getOpcode):
+ (JSC::Interpreter::getOpcodeID):
+ (Interpreter):
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (NativeExecutable):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ (JSGlobalData):
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+ * wtf/Platform.h:
+
+2012-02-15 Geoffrey Garen <ggaren@apple.com>
+
+ Made Weak<T> single-owner, adding PassWeak<T>
+ https://bugs.webkit.org/show_bug.cgi?id=78740
+
+ Reviewed by Sam Weinig.
+
+ This works basically the same way as OwnPtr<T> and PassOwnPtr<T>.
+
+ This clarifies the semantics of finalizers: It's ambiguous and probably
+ a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
+ twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a
+ Weak<T>, we now use PassWeak<T>.
+
+ This also makes Weak<T> HashMaps more efficient.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since
+ set() is gone now.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Export!
+
+ * heap/PassWeak.h: Added.
+ (JSC):
+ (PassWeak):
+ (JSC::PassWeak::PassWeak):
+ (JSC::PassWeak::~PassWeak):
+ (JSC::PassWeak::get):
+ (JSC::::leakHandle):
+ (JSC::adoptWeak):
+ (JSC::operator==):
+ (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>.
+
+ * heap/Weak.h:
+ (Weak):
+ (JSC::Weak::Weak):
+ (JSC::Weak::release):
+ (JSC::Weak::hashTableDeletedValue):
+ (JSC::=):
+ (JSC): Changed to be non-copyable, removing a lot of copying-related
+ APIs. Added hash traits so hash maps still work.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by
+ our new hash map API.
+
+2012-02-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix the broken viewport tests
+ https://bugs.webkit.org/show_bug.cgi?id=78774
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/WTFString.cpp:
+ (WTF):
+ (WTF::toDoubleType): Template-ized to allow other functions to specify whether they
+ want to allow trailing junk or not when calling strtod.
+ (WTF::charactersToDouble):
+ (WTF::charactersToFloat):
+ (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows
+ trailing junk.
+ * wtf/text/WTFString.h:
+ (WTF):
+
+2012-02-16 Oliver Hunt <oliver@apple.com>
+
+ Implement Error.stack
+ https://bugs.webkit.org/show_bug.cgi?id=66994
+
+ Reviewed by Gavin Barraclough.
+
+ Implement support for stack traces on exception objects. This is a rewrite
+ of the core portion of the last stack walking logic, but the mechanical work
+ of adding the information to an exception comes from the original work by
+ Juan Carlos Montemayor Elosua.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::getCallerInfo):
+ (JSC):
+ (JSC::getSourceURLFromCallFrame):
+ (JSC::getStackFrameCodeType):
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::throwException):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC):
+ (StackFrame):
+ (JSC::StackFrame::toString):
+ (Interpreter):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (functionJSCStack):
+ * parser/Nodes.h:
+ (JSC::FunctionBodyNode::setInferredName):
+ * parser/Parser.h:
+ (JSC::::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+ (JSC):
+
+2012-02-15 Gavin Barraclough <barraclough@apple.com>
+
+ Numerous trivial bugs in Object.defineProperty
+ https://bugs.webkit.org/show_bug.cgi?id=78777
+
+ Reviewed by Sam Weinig.
+
+ There are a handful of really trivial bugs, related to Object.defineProperty:
+ * Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
+ * Calling an undefined setter should only throw in strict mode.
+ * When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
+ * Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
+ * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
+ * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
+ * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
+ * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
+ * Should be able to define an non-configurable accessor.
+ These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute.
+
+ * runtime/JSArray.cpp:
+ (JSC::SparseArrayValueMap::put):
+ - Added ASSERT.
+ - Calling an undefined setter should only throw in strict mode.
+ (JSC::JSArray::putDescriptor):
+ - Should be able to define an non-configurable accessor.
+ (JSC::JSArray::defineOwnNumericProperty):
+ - Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
+ * runtime/JSArray.h:
+ (JSArray):
+ - made enterDictionaryMode public, called from JSObject.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ - Calling an undefined setter should only throw in strict mode.
+ (JSC::JSObject::preventExtensions):
+ - Put array objects into dictionary mode to handle this!
+ (JSC::JSObject::defineOwnProperty):
+ - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
+ - Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorDefineProperties):
+ - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::attributesWithOverride):
+ - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
+ (JSC::PropertyDescriptor::attributesOverridingCurrent):
+ - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
+ * runtime/Structure.cpp:
+ (JSC::Structure::freezeTransition):
+ - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
+ (JSC::Structure::isFrozen):
+ - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
+
+2012-02-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not check the types of arguments that are dead
+ https://bugs.webkit.org/show_bug.cgi?id=78518
+
+ Reviewed by Geoff Garen.
+
+ The argument checks are now elided if the corresponding SetArgument is dead,
+ and the abstract value of the argument is set to bottom (None, []). This is
+ performance neutral on the benchmarks we currently track.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+
+2012-02-15 Oliver Hunt <oliver@apple.com>
+
+ Ensure that the DFG JIT always plants a CodeOrigin when making calls
+ https://bugs.webkit.org/show_bug.cgi?id=78763
+
+ Reviewed by Gavin Barraclough.
+
+ Make all calls plant a CodeOrigin prior to the actual
+ call. Also clobbers the Interpreter with logic to ensure
+ that the interpreter always plants a bytecode offset.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (CallBeginToken):
+ (JSC::DFG::JITCompiler::beginJSCall):
+ (JSC::DFG::JITCompiler::beginCall):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDList):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * interpreter/AbstractPC.cpp:
+ (JSC::AbstractPC::AbstractPC):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::bytecodeOffsetForNonDFGCode):
+ (ExecState):
+ (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
+ (JSC::ExecState::codeOriginIndexForDFG):
+
+2012-02-14 Oliver Hunt <oliver@apple.com>
+
+ Fix Interpreter.
+
+ * runtime/Executable.cpp:
+ (JSC):
+ * runtime/Executable.h:
+ (ExecutableBase):
+
+2012-02-14 Matt Lilek <mrl@apple.com>
+
+ Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms
+ https://bugs.webkit.org/show_bug.cgi?id=78629
+
+ Reviewed by David Kilzer.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-02-14 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fix for non-DFG platforms.
+
+ * assembler/MacroAssembler.h:
+ (MacroAssembler):
+
+2012-02-14 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, fix build and configuration goof.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::invert):
+ * dfg/DFGCommon.h:
+
+2012-02-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should be able to emit code on control flow edges
+ https://bugs.webkit.org/show_bug.cgi?id=78515
+
+ Reviewed by Gavin Barraclough.
+
+ This gets us a few steps closer to being able to perform global register allocation,
+ by allowing us to have landing pads on control flow edges. This will let us reshuffle
+ registers if it happens to be necessary due to different reg alloc decisions in
+ differen blocks.
+
+ This also introduces the notion of a landing pad for OSR entry, which will allow us
+ to emit code that places data into registers when we're entering into the DFG from
+ the old JIT.
+
+ Finally, this patch introduces a verification mode that checks that the landing pads
+ are actually emitted and do actually work as advertised. When verification is disabled,
+ this has no effect on behavior.
+
+ * assembler/MacroAssembler.h:
+ (MacroAssembler):
+ (JSC::MacroAssembler::invert):
+ (JSC::MacroAssembler::isInvertible):
+ * dfg/DFGCommon.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::createOSREntries):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::linkOSREntries):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ * dfg/DFGSpeculativeJIT.h:
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::branchDouble):
+ (JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
+ (JSC::DFG::SpeculativeJIT::branch32):
+ (JSC::DFG::SpeculativeJIT::branchTest32):
+ (JSC::DFG::SpeculativeJIT::branchPtr):
+ (JSC::DFG::SpeculativeJIT::branchTestPtr):
+ (JSC::DFG::SpeculativeJIT::branchTest8):
+ (JSC::DFG::SpeculativeJIT::jump):
+ (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit):
+ (JSC::DFG::SpeculativeJIT::emitEdgeCode):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-02-14 Filip Pizlo <fpizlo@apple.com>
+
+ Assertion failure under JSC::DFG::AbstractState::execute loading economist.com
+ https://bugs.webkit.org/show_bug.cgi?id=78153
+ <rdar://problem/10861712> <rdar://problem/10861947>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileAdd):
+
+2012-02-14 Eric Seidel <eric@webkit.org>
+
+ Upstream Android's additions to Platform.h
+ https://bugs.webkit.org/show_bug.cgi?id=78536
+
+ Reviewed by Adam Barth.
+
+ * wtf/Platform.h:
+
+2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Replace old strtod with new strtod
+ https://bugs.webkit.org/show_bug.cgi?id=68044
+
+ Reviewed by Geoffrey Garen.
+
+ * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
+ (JSC::::lex):
+ * runtime/JSGlobalObjectFunctions.cpp: Ditto.
+ (JSC::parseInt):
+ (JSC::jsStrDecimalLiteral):
+ * runtime/LiteralParser.cpp: Ditto.
+ (JSC::::Lexer::lexNumber):
+ * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
+ It takes a template argument to allow clients to determine statically whether it should allow
+ junk after the numbers or not.
+ (WTF):
+ (WTF::strtod):
+ * wtf/dtoa.h:
+ (WTF):
+ * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
+ (WTF::toDoubleType):
+
+2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ More windows build fixing
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-02-13 Oliver Hunt <oliver@apple.com>
+
+ Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
+ https://bugs.webkit.org/show_bug.cgi?id=76315
+
+ Reviewed by Gavin Barraclough.
+
+ Perform a 3 byte compare using two comparisons, rather than trying to perform the
+ operation with a four byte load.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
+2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Windows build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Replace old strtod with new strtod
+ https://bugs.webkit.org/show_bug.cgi?id=68044
+
+ Reviewed by Geoffrey Garen.
+
+ * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
+ (JSC::::lex):
+ * runtime/JSGlobalObjectFunctions.cpp: Ditto.
+ (JSC::parseInt):
+ (JSC::jsStrDecimalLiteral):
+ * runtime/LiteralParser.cpp: Ditto.
+ (JSC::::Lexer::lexNumber):
+ * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
+ It takes a template argument to allow clients to determine statically whether it should allow
+ junk after the numbers or not.
+ (WTF):
+ (WTF::strtod):
+ * wtf/dtoa.h:
+ (WTF):
+ * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
+ (WTF::toDoubleType):
+
+2012-02-13 Sam Weinig <sam@webkit.org>
+
+ Move JSC related assertions out of Assertions.h and into their own header
+ https://bugs.webkit.org/show_bug.cgi?id=78508
+
+ Reviewed by Gavin Barraclough.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Add GCAssertions.h
+
+ * heap/GCAssertions.h: Added.
+ Move assertions here.
+
+ * runtime/WriteBarrier.h:
+ Add #include of GCAssertions.h
+
+ * wtf/Assertions.h:
+ Remove JSC related assertions.
+
+ * wtf/Compiler.h:
+ Add compiler check for __has_trivial_destructor.
+
+2012-02-13 Chao-ying Fu <fu@mips.com>
+
+ Update MIPS patchOffsetGetByIdSlowCaseCall
+ https://bugs.webkit.org/show_bug.cgi?id=78392
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JIT.h:
+ (JIT):
+
+2012-02-13 Patrick Gansterer <paroga@webkit.org>
+
+ Remove obsolete #if from ThreadSpecific.h
+ https://bugs.webkit.org/show_bug.cgi?id=78485
+
+ Reviewed by Adam Roben.
+
+ Since alle platform use either pthread or Win32 for threading,
+ we can remove all PLATFORM() preprocessor statements.
+
+ * wtf/ThreadSpecific.h:
+ (ThreadSpecific):
+
+2012-02-13 Jessie Berlin <jberlin@apple.com>
+
+ Fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-02-13 Sam Weinig <sam@webkit.org>
+
+ Use C11's _Static_assert for COMPILE_ASSERT if it is available
+ https://bugs.webkit.org/show_bug.cgi?id=78506
+
+ Rubber-stamped by Antti Koivisto.
+
+ Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly
+ better error messages.
+
+ * wtf/Assertions.h:
+ Use _Static_assert if it is available.
+
+ * wtf/Compiler.h:
+ Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler.
+
+2012-02-13 Mario Sanchez Prada <msanchez@igalia.com>
+
+ [GTK] Add GSList to the list of GObject types in GOwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=78487
+
+ Reviewed by Philippe Normand.
+
+ Handle the GSList type in GOwnPtr, by calling g_slist_free in the
+ implementation of the freeOwnedGPtr template function.
+
+ * wtf/gobject/GOwnPtr.cpp:
+ (WTF::GSList):
+ (WTF):
+ * wtf/gobject/GOwnPtr.h:
+ (WTF):
+ * wtf/gobject/GTypedefs.h:
+
+2012-02-06 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [EFL] Drop support for the Curl network backend.
+ https://bugs.webkit.org/show_bug.cgi?id=77874
+
+ Reviewed by Eric Seidel.
+
+ Nobody seems to be maintaining the Curl backend in WebCore, the
+ EFL port developers all seem to be using the Soup backend and the
+ port itself has many features which are only implemented for the
+ latter.
+
+ * wtf/PlatformEfl.cmake: Always build the gobject-dependent source
+ files.
+
+2012-02-13 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r107485.
+
+ * bytecode/PolymorphicPutByIdList.cpp:
+
+2012-02-13 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=78434
+ Unreviewed - temporarily reverting r107498 will I fix a couple of testcases.
+
+ * parser/Parser.cpp:
+ (JSC::::parseFunctionInfo):
+ * runtime/ClassInfo.h:
+ (MethodTable):
+ (JSC):
+ * runtime/JSCell.cpp:
+ (JSC):
+ * runtime/JSCell.h:
+ (JSCell):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC):
+ * runtime/JSGlobalObjectFunctions.h:
+ (JSC):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC):
+ (JSC::JSObject::putDirectAccessor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ (JSC::JSValue::get):
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ * runtime/JSValue.h:
+ (JSValue):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetPrototypeOf):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ (JSC::Structure::setHasGetterSetterProperties):
+ (Structure):
+
+2012-02-12 Ashod Nakashian <ashodnakashian@yahoo.com>
+
+ KeywordLookupGenerator.py script fails in some cases
+ https://bugs.webkit.org/show_bug.cgi?id=77886
+
+ Reviewed by Benjamin Poulain.
+
+ * parser/Keywords.table: Converted to LF-only.
+
+2012-02-12 Shinya Kawanaka <shinyak@google.com>
+
+ Introduce ShadowRootList.
+ https://bugs.webkit.org/show_bug.cgi?id=78069
+
+ Reviewed by Hajime Morita.
+
+ DoublyLinkedList should have tail() method to take the last element.
+
+ * wtf/DoublyLinkedList.h:
+ (DoublyLinkedList):
+ (WTF::::tail):
+ (WTF):
+
+2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Move source files in WTF_HEADERS to WTF_SOURCES.
+ https://bugs.webkit.org/show_bug.cgi?id=78436
+
+ Reviewed by Daniel Bates.
+
+ * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES,
+ and correctly sort the files which start with 'M'.
+
+2012-02-12 Sam Weinig <sam@webkit.org>
+
+ Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj.
+
+ Rubber-stamped by Anders Carlsson.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Remove unused or empty variable definitions.
+ https://bugs.webkit.org/show_bug.cgi?id=78437
+
+ Reviewed by Daniel Bates.
+
+ * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition.
+ * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition.
+ * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will
+ be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES).
+
+2012-02-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution()
+ https://bugs.webkit.org/show_bug.cgi?id=78431
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+
+2012-02-11 Benjamin Poulain <benjamin@webkit.org>
+
+ Add back WTFURL to WebKit
+ https://bugs.webkit.org/show_bug.cgi?id=77291
+
+ Reviewed by Adam Barth.
+
+ WTFURL was removed from WebKit in r86787.
+
+ This patch adds the code back to WTF with the following changes:
+ -Guard the feature with USE(WTFURL).
+ -Change the typename CHAR to CharacterType to follow recent WebKit conventions.
+ -Fix some coding style to make check-webkit-style happy.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Platform.h:
+ * wtf/url/api/ParsedURL.cpp: Added.
+ (WTF):
+ (WTF::ParsedURL::ParsedURL):
+ (WTF::ParsedURL::scheme):
+ (WTF::ParsedURL::username):
+ (WTF::ParsedURL::password):
+ (WTF::ParsedURL::host):
+ (WTF::ParsedURL::port):
+ (WTF::ParsedURL::path):
+ (WTF::ParsedURL::query):
+ (WTF::ParsedURL::fragment):
+ (WTF::ParsedURL::segment):
+ * wtf/url/api/ParsedURL.h: Added.
+ (WTF):
+ (ParsedURL):
+ (WTF::ParsedURL::spec):
+ * wtf/url/api/URLString.h: Added.
+ (WTF):
+ (URLString):
+ (WTF::URLString::URLString):
+ (WTF::URLString::string):
+ * wtf/url/src/RawURLBuffer.h: Added.
+ (WTF):
+ (RawURLBuffer):
+ (WTF::RawURLBuffer::RawURLBuffer):
+ (WTF::RawURLBuffer::~RawURLBuffer):
+ (WTF::RawURLBuffer::resize):
+ * wtf/url/src/URLBuffer.h: Added.
+ (WTF):
+ (URLBuffer):
+ (WTF::URLBuffer::URLBuffer):
+ (WTF::URLBuffer::~URLBuffer):
+ (WTF::URLBuffer::at):
+ (WTF::URLBuffer::set):
+ (WTF::URLBuffer::capacity):
+ (WTF::URLBuffer::length):
+ (WTF::URLBuffer::data):
+ (WTF::URLBuffer::setLength):
+ (WTF::URLBuffer::append):
+ (WTF::URLBuffer::grow):
+ * wtf/url/src/URLCharacterTypes.cpp: Added.
+ (WTF):
+ ():
+ * wtf/url/src/URLCharacterTypes.h: Added.
+ (WTF):
+ (URLCharacterTypes):
+ (WTF::URLCharacterTypes::isQueryChar):
+ (WTF::URLCharacterTypes::isIPv4Char):
+ (WTF::URLCharacterTypes::isHexChar):
+ ():
+ (WTF::URLCharacterTypes::isCharOfType):
+ * wtf/url/src/URLComponent.h: Added.
+ (WTF):
+ (URLComponent):
+ (WTF::URLComponent::URLComponent):
+ (WTF::URLComponent::fromRange):
+ (WTF::URLComponent::isValid):
+ (WTF::URLComponent::isNonEmpty):
+ (WTF::URLComponent::isEmptyOrInvalid):
+ (WTF::URLComponent::reset):
+ (WTF::URLComponent::operator==):
+ (WTF::URLComponent::begin):
+ (WTF::URLComponent::setBegin):
+ (WTF::URLComponent::length):
+ (WTF::URLComponent::setLength):
+ (WTF::URLComponent::end):
+ * wtf/url/src/URLEscape.cpp: Added.
+ (WTF):
+ ():
+ * wtf/url/src/URLEscape.h: Added.
+ (WTF):
+ (WTF::appendURLEscapedCharacter):
+ * wtf/url/src/URLParser.h: Added.
+ (WTF):
+ (URLParser):
+ ():
+ (WTF::URLParser::isPossibleAuthorityTerminator):
+ (WTF::URLParser::parseAuthority):
+ (WTF::URLParser::extractScheme):
+ (WTF::URLParser::parseAfterScheme):
+ (WTF::URLParser::parseStandardURL):
+ (WTF::URLParser::parsePath):
+ (WTF::URLParser::parsePathURL):
+ (WTF::URLParser::parseMailtoURL):
+ (WTF::URLParser::parsePort):
+ (WTF::URLParser::extractFileName):
+ (WTF::URLParser::extractQueryKeyValue):
+ (WTF::URLParser::isURLSlash):
+ (WTF::URLParser::shouldTrimFromURL):
+ (WTF::URLParser::trimURL):
+ (WTF::URLParser::consecutiveSlashes):
+ (WTF::URLParser::isPortDigit):
+ (WTF::URLParser::nextAuthorityTerminator):
+ (WTF::URLParser::parseUserInfo):
+ (WTF::URLParser::parseServerInfo):
+ * wtf/url/src/URLQueryCanonicalizer.h: Added.
+ (WTF):
+ (URLQueryCanonicalizer):
+ (WTF::URLQueryCanonicalizer::canonicalize):
+ (WTF::URLQueryCanonicalizer::isAllASCII):
+ (WTF::URLQueryCanonicalizer::isRaw8Bit):
+ (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
+ (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
+ * wtf/url/src/URLSegments.cpp: Added.
+ (WTF):
+ (WTF::URLSegments::length):
+ (WTF::URLSegments::charactersBefore):
+ * wtf/url/src/URLSegments.h: Added.
+ (WTF):
+ (URLSegments):
+ ():
+ (WTF::URLSegments::URLSegments):
+
+2012-02-11 Filip Pizlo <fpizlo@apple.com>
+
+ Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path
+ https://bugs.webkit.org/show_bug.cgi?id=78430
+ <rdar://problem/10849469> <rdar://problem/10849684>
+
+ Reviewed by Gavin Barraclough.
+
+ The old JIT's put_by_id transition caching involves repatching the slow call to
+ a generated stub. That means that the call is counted as "slow case". So, this
+ patch inserts code to decrement the slow case count if the stub succeeds.
+
+ Looks like a ~1% speed-up on V8.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+
+2012-02-11 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix for Qt.
+
+ * wtf/DataLog.h:
+
+2012-02-11 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to send all JSC debug logging to a file
+ https://bugs.webkit.org/show_bug.cgi?id=78418
+
+ Reviewed by Sam Weinig.
+
+ Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
+ and WTF::dataLogV. Changed all debugging- and profiling-related printfs
+ to use WTF::dataLog() or one of its friends. By default, debug logging
+ goes to stderr, unless you change the setting in wtf/DataLog.cpp.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::dumpLinkStatistics):
+ (JSC::LinkBuffer::dumpCode):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::vprintfStdoutInstr):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::printUnaryOp):
+ (JSC::CodeBlock::printBinaryOp):
+ (JSC::CodeBlock::printConditionalJump):
+ (JSC::CodeBlock::printGetByIdOp):
+ (JSC::CodeBlock::printCallOp):
+ (JSC::CodeBlock::printPutByIdOp):
+ (JSC::printGlobalResolveInfo):
+ (JSC::printStructureStubInfo):
+ (JSC::CodeBlock::printStructure):
+ (JSC::CodeBlock::printStructures):
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::dumpStatistics):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::tallyFrequentExitSites):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/Opcode.cpp:
+ (JSC::OpcodeStats::~OpcodeStats):
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingFlags::stop):
+ (JSC::SamplingRegion::dumpInternal):
+ (JSC::SamplingTool::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::linkBlock):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCommon.h:
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::printWhiteSpace):
+ (JSC::DFG::Graph::dumpCodeOrigin):
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::propagatePredictionsForward):
+ (JSC::DFG::Propagator::propagatePredictionsBackward):
+ (JSC::DFG::Propagator::doRoundOfDoubleVoting):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::fixup):
+ (JSC::DFG::Propagator::startIndexForChildren):
+ (JSC::DFG::Propagator::endIndexForPureCSE):
+ (JSC::DFG::Propagator::setReplacement):
+ (JSC::DFG::Propagator::eliminate):
+ (JSC::DFG::Propagator::performNodeCSE):
+ (JSC::DFG::Propagator::localCSE):
+ (JSC::DFG::Propagator::allocateVirtualRegisters):
+ (JSC::DFG::Propagator::performBlockCFA):
+ (JSC::DFG::Propagator::performForwardCFA):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::dump):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::dump):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::dump):
+ (JSC::DFG::SpeculativeJIT::checkConsistency):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+ * heap/MarkedBlock.h:
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::dumpCaller):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::dumpRegisters):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * profiler/Profile.cpp:
+ (JSC::Profile::debugPrintData):
+ (JSC::Profile::debugPrintDataSampleStyle):
+ * profiler/ProfileNode.cpp:
+ (JSC::ProfileNode::debugPrintData):
+ (JSC::ProfileNode::debugPrintDataSampleStyle):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::dumpRegExpTrace):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::matchCompareWithInterpreter):
+ * runtime/SamplingCounter.cpp:
+ (JSC::AbstractSamplingCounter::dump):
+ * runtime/SamplingCounter.h:
+ (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::print):
+ * runtime/Structure.cpp:
+ (JSC::Structure::dumpStatistics):
+ (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
+ * tools/CodeProfile.cpp:
+ (JSC::CodeProfile::report):
+ * tools/ProfileTreeNode.h:
+ (JSC::ProfileTreeNode::dumpInternal):
+ * wtf/CMakeLists.txt:
+ * wtf/DataLog.cpp: Added.
+ (WTF):
+ (WTF::initializeLogFileOnce):
+ (WTF::initializeLogFile):
+ (WTF::dataFile):
+ (WTF::dataLogV):
+ (WTF::dataLog):
+ * wtf/DataLog.h: Added.
+ (WTF):
+ * wtf/HashTable.cpp:
+ (WTF::HashTableStats::~HashTableStats):
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocator::dumpProfile):
+ * wtf/text/WTFString.cpp:
+ (String::show):
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::dumpDisjunction):
+
+2012-02-11 Gavin Barraclough <barraclough@apple.com>
+
+ Move special __proto__ property to Object.prototype
+ https://bugs.webkit.org/show_bug.cgi?id=78409
+
+ Reviewed by Oliver Hunt.
+
+ Re-implement this as a regular accessor property. This has three key benefits:
+ 1) It makes it possible for objects to be given properties named __proto__.
+ 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
+ 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
+
+ * parser/Parser.cpp:
+ (JSC::::parseFunctionInfo):
+ - No need to prohibit functions named __proto__.
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ - Add __proto__ accessor to Object.prototype.
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncProtoGetter):
+ (JSC::globalFuncProtoSetter):
+ - Definition of the __proto__ accessor functions.
+ * runtime/JSGlobalObjectFunctions.h:
+ - Declaration of the __proto__ accessor functions.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
+ (JSC::JSObject::putDirectAccessor):
+ - Track on the structure whether an object contains accessors other than one for __proto__.
+ (JSC::JSObject::defineOwnProperty):
+ - No need to prohibit definition of own properties named __proto__.
+ * runtime/JSObject.h:
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ - Remove the special handling for __proto__.
+ (JSC::JSValue::get):
+ - Remove the special handling for __proto__.
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ - Remove the special handling for __proto__.
+ * runtime/JSValue.h:
+ (JSValue):
+ - Made synthesizePrototype public (this may be needed by the __proto__ getter).
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetPrototypeOf):
+ - Perform the security check & call prototype() directly.
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
+ * runtime/Structure.h:
+ (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
+ (JSC::Structure::setHasGetterSetterProperties):
+ (Structure):
+ - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
+
+2012-02-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CFA assumes that a WeakJSConstant's structure is known
+ https://bugs.webkit.org/show_bug.cgi?id=78428
+ <rdar://problem/10849492> <rdar://problem/10849621>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+
+2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Qt debug build fix
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate
+ JSFinalObjects in the destuctor subspace, so we should remove this assert so it
+ doesn't cause crashes.
+
+2012-02-11 Filip Pizlo <fpizlo@apple.com>
+
+ Old 32_64 JIT should assert that its use of map() is consistent with the DFG
+ OSR exit's expectations
+ https://bugs.webkit.org/show_bug.cgi?id=78419
+ <rdar://problem/10817121>
+
+ Reviewed by Oliver Hunt.
+
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::map):
+
+2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Reduce the reentrancy limit of the interpreter for the iOS simulator
+ https://bugs.webkit.org/show_bug.cgi?id=78400
+
+ Reviewed by Gavin Barraclough.
+
+ * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks.
+ (JSC):
+
+2012-02-11 Filip Pizlo <fpizlo@apple.com>
+
+ [DFG] Misuse of WeakJSConstants in silentFillGPR code.
+ https://bugs.webkit.org/show_bug.cgi?id=78423
+ <rdar://problem/10849353> <rdar://problem/10804043>
+
+ Reviewed by Sam Weinig.
+
+ The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
+ This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
+ hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentFillGPR):
+
+2012-02-11 Sam Weinig <sam@webkit.org>
+
+ Prepare JavaScriptCore to build with libc++
+ <rdar://problem/10426673>
+ https://bugs.webkit.org/show_bug.cgi?id=78424
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/NullPtr.cpp:
+ * wtf/NullPtr.h:
+ libc++ provides std::nullptr emulation, so we don't have to.
+
+2012-02-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have polymorphic put_by_id caching
+ https://bugs.webkit.org/show_bug.cgi?id=78062
+ <rdar://problem/10326439> <rdar://problem/10824839>
+
+ Reviewed by Oliver Hunt.
+
+ Implemented polymorphic put_by_id caching in the DFG, and added much of the
+ machinery that would be needed to implement it in the old JIT as well.
+
+ I decided against using the old PolymorphicAccessStructureList mechanism as
+ this didn't quite fit with put_by_id. In particular, I wanted the ability to
+ have one list that captured all relevant cases (including proto put_by_id
+ if we ever decided to do it). And I wanted the code to have better
+ encapsulation. And I didn't want to get confused by the fact that the
+ original (non-list) put_by_id cache may itself consist of a stub routine.
+
+ This code is still sub-optimal (for example adding a replace to a list whose
+ previous elements are all transitions should just repatch the original code,
+ but here it will generate a stub) but it already generates a >20% speed-up
+ on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/PolymorphicPutByIdList.cpp: Added.
+ (JSC):
+ (JSC::PutByIdAccess::fromStructureStubInfo):
+ (JSC::PutByIdAccess::visitWeak):
+ (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
+ (JSC::PolymorphicPutByIdList::from):
+ (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList):
+ (JSC::PolymorphicPutByIdList::isFull):
+ (JSC::PolymorphicPutByIdList::isAlmostFull):
+ (JSC::PolymorphicPutByIdList::addAccess):
+ (JSC::PolymorphicPutByIdList::visitWeak):
+ * bytecode/PolymorphicPutByIdList.h: Added.
+ (JSC):
+ (PutByIdAccess):
+ (JSC::PutByIdAccess::PutByIdAccess):
+ (JSC::PutByIdAccess::transition):
+ (JSC::PutByIdAccess::replace):
+ (JSC::PutByIdAccess::isSet):
+ (JSC::PutByIdAccess::operator!):
+ (JSC::PutByIdAccess::type):
+ (JSC::PutByIdAccess::isTransition):
+ (JSC::PutByIdAccess::isReplace):
+ (JSC::PutByIdAccess::oldStructure):
+ (JSC::PutByIdAccess::structure):
+ (JSC::PutByIdAccess::newStructure):
+ (JSC::PutByIdAccess::chain):
+ (JSC::PutByIdAccess::stubRoutine):
+ (PolymorphicPutByIdList):
+ (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
+ (JSC::PolymorphicPutByIdList::isEmpty):
+ (JSC::PolymorphicPutByIdList::size):
+ (JSC::PolymorphicPutByIdList::at):
+ (JSC::PolymorphicPutByIdList::operator[]):
+ (JSC::PolymorphicPutByIdList::kind):
+ * bytecode/PutKind.h: Added.
+ (JSC):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::visitWeakReferences):
+ * bytecode/StructureStubInfo.h:
+ (JSC):
+ (JSC::isPutByIdAccess):
+ (JSC::StructureStubInfo::initPutByIdList):
+ (StructureStubInfo):
+ (JSC::StructureStubInfo::reset):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ (DFG):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::appropriateGenericPutByIdFunction):
+ (JSC::DFG::appropriateListBuildingPutByIdFunction):
+ (DFG):
+ (JSC::DFG::emitPutReplaceStub):
+ (JSC::DFG::emitPutTransitionStub):
+ (JSC::DFG::tryCachePutByID):
+ (JSC::DFG::dfgRepatchPutByID):
+ (JSC::DFG::tryBuildPutByIdList):
+ (JSC::DFG::dfgBuildPutByIdList):
+ (JSC::DFG::dfgResetPutByID):
+ * dfg/DFGRepatch.h:
+ (DFG):
+ * runtime/WriteBarrier.h:
+ (WriteBarrierBase):
+ (JSC::WriteBarrierBase::copyFrom):
+
+2012-02-10 Vineet Chaudhary <rgf748@motorola.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=72756
+ DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it
+
+ Reviewed by Timothy Hatcher.
+
+ * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and
+ AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions.
+
+2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing windows build
+
+ Unreviewed build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-02-10 Adam Klein <adamk@chromium.org>
+
+ Enable MUTATION_OBSERVERS by default on all platforms
+ https://bugs.webkit.org/show_bug.cgi?id=78196
+
+ Reviewed by Ojan Vafai.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-02-10 Yong Li <yoli@rim.com>
+
+ ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
+ https://bugs.webkit.org/show_bug.cgi?id=76724
+
+ Reviewed by Rob Buis.
+
+ This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on.
+ The size used to call makeExecutable can be smaller than the one that was used for makeWritable.
+ So it can leave pages behind that are not set back to default flags. When an assembly on one of those
+ pages is executed or JIT returns to those pages in the case it was already executing from there, the
+ software will crash.
+
+ * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization().
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ (JSC::LinkBuffer::performFinalization):
+ (LinkBuffer):
+
+2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Split MarkedSpace into destructor and destructor-free subspaces
+ https://bugs.webkit.org/show_bug.cgi?id=77761
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
+ * heap/Heap.h:
+ (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to
+ pick which subspace they want to allocate out of.
+ (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
+ (Heap):
+ (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
+ (JSC):
+ (JSC::Heap::allocateWithoutDestructor): Ditto.
+ * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate
+ their MarkedBlocks correctly.
+ (JSC::MarkedAllocator::allocateBlock):
+ * heap/MarkedAllocator.h:
+ (JSC::MarkedAllocator::cellsNeedDestruction):
+ (MarkedAllocator):
+ (JSC::MarkedAllocator::MarkedAllocator):
+ (JSC):
+ (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
+ an init function that does all of that stuff in fewer lines.
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::create):
+ (JSC::MarkedBlock::recycle):
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make
+ checking the m_cellsNeedDestructor flag faster and cleaner looking.
+ (JSC):
+ (JSC::MarkedBlock::specializedSweep):
+ (JSC::MarkedBlock::sweep):
+ (JSC::MarkedBlock::sweepHelper):
+ * heap/MarkedBlock.h:
+ (MarkedBlock):
+ (JSC::MarkedBlock::cellsNeedDestruction):
+ (JSC):
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocators):
+ (JSC::MarkedSpace::canonicalizeCellLivenessData):
+ (JSC::TakeIfUnmarked::operator()):
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ (Subspace):
+ (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of
+ allocators.
+ (JSC):
+ (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
+ (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
+ (JSC::MarkedSpace::allocateWithDestructor): Ditto.
+ (JSC::MarkedSpace::forEachBlock):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
+ (JSC::JIT::emitAllocateBasicJSObject):
+ (JSC::JIT::emitAllocateJSFinalObject):
+ (JSC::JIT::emitAllocateJSFunction):
+ * runtime/JSArray.cpp:
+ (JSC):
+ * runtime/JSArray.h:
+ (JSArray):
+ (JSC::JSArray::create):
+ (JSC):
+ (JSC::JSArray::tryCreateUninitialized):
+ * runtime/JSCell.h:
+ (JSCell):
+ (JSC):
+ (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires
+ destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this
+ constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
+ (JSC::allocateCell):
+ * runtime/JSFunction.cpp:
+ (JSC):
+ * runtime/JSFunction.h:
+ (JSFunction):
+ * runtime/JSObject.cpp:
+ (JSC):
+ * runtime/JSObject.h:
+ (JSNonFinalObject):
+ (JSC):
+ (JSFinalObject):
+ (JSC::JSFinalObject::create):
+
+2012-02-10 Adrienne Walker <enne@google.com>
+
+ Remove implicit copy constructor usage in HashMaps with OwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=78071
+
+ Reviewed by Darin Adler.
+
+ Change the return type of emptyValue() in PairHashTraits to be the
+ actual type returned rather than the trait type to avoid an implicit
+ generation of the OwnPtr copy constructor. This happens for hash
+ traits involving OwnPtr where the empty value is not zero and each
+ hash bucket needs to be initialized with emptyValue().
+
+ Also, update StructureTransitionTable to use default hash traits
+ rather than rolling its own, in order to update it to handle
+ EmptyValueType.
+
+ Test: patch from bug 74154 compiles on Clang with this patch
+
+ * runtime/StructureTransitionTable.h:
+ (StructureTransitionTable):
+ * wtf/HashTraits.h:
+ (GenericHashTraits):
+ (PairHashTraits):
+ (WTF::PairHashTraits::emptyValue):
+
+2012-02-10 Aron Rosenberg <arosenberg@logitech.com>
+
+ [Qt] Fix compiler warning in Visual Studio 2010 about TR1
+ https://bugs.webkit.org/show_bug.cgi?id=63642
+
+ Reviewed by Simon Hausmann.
+
+ * JavaScriptCore.pri:
+
+2012-02-10 Michael Saboff <msaboff@apple.com>
+
+ Yarr assert with regexp where alternative in *-quantified group matches empty
+ https://bugs.webkit.org/show_bug.cgi?id=67752
+
+ Reviewed by Gavin Barraclough.
+
+ Added backtracking for the prior alternative if it matched
+ but didn't consume any input characters.
+
+ * yarr/YarrJIT.cpp:
+ (YarrOp): New jump.
+ (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
+ when an alternative matches and no input was consumed. Moved the
+ zero length match check for a set of alternatives to the alternative
+ code from the parentheses cases to the alternative end cases.
+ Converted the existing zero length checks in the parentheses cases
+ to runtime assertion checks.
+ (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
+ to prior term.
+
+2012-02-10 Roland Takacs <takacs.roland@stud.u-szeged.hu>
+
+ [Qt] GC should be parallel on Qt platform
+ https://bugs.webkit.org/show_bug.cgi?id=73309
+
+ Reviewed by Zoltan Herczeg.
+
+ These changes made the parallel gc feature available for Qt port.
+ The implementation of "registerGCThread" and "isMainThreadOrGCThread",
+ and a local static function [initializeGCThreads] is moved from
+ MainThreadMac.mm to the common MainThread.cpp to make them available
+ for other platforms.
+
+ Measurement results:
+ V8 speed-up: 1.025x as fast [From: 663.4ms To: 647.0ms ]
+ V8 Splay speed-up: 1.185x as fast [From: 138.4ms To: 116.8ms ]
+
+ Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
+
+ * JavaScriptCore.order:
+ * wtf/MainThread.cpp:
+ (WTF::initializeMainThread):
+ (WTF):
+ (WTF::initializeGCThreads):
+ (WTF::registerGCThread):
+ (WTF::isMainThreadOrGCThread):
+ * wtf/MainThread.h:
+ (WTF):
+ * wtf/Platform.h:
+ * wtf/mac/MainThreadMac.mm:
+ (WTF):
+
+2012-02-09 Andy Wingo <wingo@igalia.com>
+
+ Eliminate dead code in BytecodeGenerator::resolve()
+ https://bugs.webkit.org/show_bug.cgi?id=78242
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::resolve):
+ BytecodeGenerator::shouldOptimizeLocals() is only true for
+ FunctionCode, and thus cannot be true for GlobalCode.
+
+2012-02-09 Andy Wingo <wingo@igalia.com>
+
+ Remove BytecodeGenerator::isLocal
+ https://bugs.webkit.org/show_bug.cgi?id=78241
+
+ Minor refactor to BytecodeGenerator.
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::isLocal):
+ (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused
+ methods.
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ResolveNode::isPure): Use the ResolveResult mechanism
+ instead of isLocal. This will recognize more resolve nodes as
+ being pure.
+ (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the
+ location instead of isLocalConstant.
+
+2012-02-09 Oliver Hunt <oliver@apple.com>
+
+ The JS Parser scope object needs a VectorTrait specialization
+ https://bugs.webkit.org/show_bug.cgi?id=78308
+
+ Reviewed by Gavin Barraclough.
+
+ This showed up as a periodic crash in various bits of generated code
+ originally, but I've added an assertion in the bytecode generator
+ that makes the effected code much more crash-happy should it go
+ wrong again.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::resolve):
+ * parser/Parser.cpp:
+ * parser/Parser.h:
+ (JSC):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::isValidScopedLookup):
+ (JSActivation):
+
+2012-02-08 Oliver Hunt <oliver@apple.com>
+
+ Whoops, fix the build.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+
+2012-02-08 Oliver Hunt <oliver@apple.com>
+
+ Fix issue encountered while debugging stacktraces
+ https://bugs.webkit.org/show_bug.cgi?id=78147
+
+ Reviewed by Gavin Barraclough.
+
+ Debugging is easier if we always ensure that we have a non-null
+ inferred name.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+
+2012-02-08 Oliver Hunt <oliver@apple.com>
+
+ updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs
+ https://bugs.webkit.org/show_bug.cgi?id=78145
+
+ Reviewed by Gavin Barraclough.
+
+ Fix the updateTopCallFrame helper to store additional information
+ that becomes necessary when we are trying to provide more stack
+ frame information.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::bytecodeOffsetForBaselineJIT):
+ (ExecState):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::compileGetByIdProto):
+ (JSC::JIT::compileGetByIdSelfList):
+ (JSC::JIT::compileGetByIdProtoList):
+ (JSC::JIT::compileGetByIdChainList):
+ (JSC::JIT::compileGetByIdChain):
+ (JSC::JIT::compilePutByIdTransition):
+ (JIT):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::updateTopCallFrame):
+
+2012-02-07 Robert Kroeger <rjkroege@chromium.org>
+
+ [chromium] Remove the enable marcro for the no longer necessary Chromium
+ gesture recognizer.
+ https://bugs.webkit.org/show_bug.cgi?id=77492
+
+ Reviewed by Adam Barth.
+
+ * wtf/Platform.h:
+
+2012-02-07 Tony Chang <tony@chromium.org>
+
+ merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in
+ https://bugs.webkit.org/show_bug.cgi?id=78036
+
+ Reviewed by Darin Adler.
+
+ * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES.
+
+2012-02-07 Gyuyoung Kim <gyuyoung.kim@samsung.com>
+
+ [CMAKE] Use *bin* and *lib* directories for executable and libraries.
+ https://bugs.webkit.org/show_bug.cgi?id=77928
+
+ Reviewed by Daniel Bates.
+
+ CMake has used *Programs* directory for executable. In addition, shared libraries are being
+ built in source directory. It is better to set common places in order to maintain executable
+ and libraries. *bin* is for executable and *lib* is for library.
+
+ * shell/CMakeLists.txt: Change *Programs* with *bin*.
+
+2012-02-07 Gavin Barraclough <barraclough@apple.com>
+
+ Crash on http://www.rickshawbags.com/
+ https://bugs.webkit.org/show_bug.cgi?id=78045
+
+ Reviewed by Darin Adler.
+
+ Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
+
+ This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
+ isVariableObject() checks were excluding StaticScopeObjects, this patch
+ inadvertently changed them to be included.
+
+ * runtime/JSType.h:
+ - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
+ and thus is excluded from isVariableObject() checks.
+
+2012-02-06 Jer Noble <jer.noble@apple.com>
+
+ Use CMClock as a timing source for PlatformClock where available.
+ https://bugs.webkit.org/show_bug.cgi?id=77885
+
+ Reviewed by Eric Carlson.
+
+ * wtf/Platform.h: Added WTF_USE_COREMEDIA.
+
+2012-02-06 Filip Pizlo <fpizlo@apple.com>
+
+ ValueToNumber and ValueToDouble nodes don't do anything and should be removed
+ https://bugs.webkit.org/show_bug.cgi?id=77855
+ <rdar://problem/10811325>
+
+ Reviewed by Gavin Barraclough.
+
+ Removed ValueToNumber and ValueToDouble, because the only thing they were doing
+ was wasting registers.
+
+ This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken,
+ mostly due to a >10% win on gaussian-blur. No win anywhere else.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getToInt32):
+ (ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (DFG):
+ (JSC::DFG::Node::hasArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::vote):
+ (JSC::DFG::Propagator::doRoundOfDoubleVoting):
+ (Propagator):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::canonicalize):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-02-06 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed WinCE build fix after r106197.
+
+ * tools/CodeProfiling.cpp:
+ (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it.
+
+2012-02-05 Gavin Barraclough <barraclough@apple.com>
+
+ Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
+ https://bugs.webkit.org/show_bug.cgi?id=77451
+
+ Reviewed by Sam Weinig.
+
+ These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
+ Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
+
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::defineOwnProperty):
+ * debugger/DebuggerActivation.h:
+ (DebuggerActivation):
+ * runtime/ClassInfo.h:
+ (MethodTable):
+ (JSC):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::finishCreation):
+ * runtime/JSCell.cpp:
+ (JSC):
+ * runtime/JSCell.h:
+ (JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::defineOwnProperty):
+ (JSC):
+ * runtime/JSGlobalObject.h:
+ (JSGlobalObject):
+ * runtime/JSObject.cpp:
+ (JSC):
+ * runtime/JSObject.h:
+ (JSObject):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncDefineGetter):
+ (JSC::objectProtoFuncDefineSetter):
+ (JSC::objectProtoFuncLookupGetter):
+ (JSC::objectProtoFuncLookupSetter):
+
+2012-02-06 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2012-02-05 Filip Pizlo <fpizlo@apple.com>
+
+ DFG's child references from one node to another should have room for type information
+ https://bugs.webkit.org/show_bug.cgi?id=77797
+
+ Reviewed by Oliver Hunt.
+
+ The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned)
+ and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated
+ together as a DFG::NodeUse, which can in most cases still be used as an index (for
+ example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places
+ where they really want a NodeIndex).
+
+ The NodeUse stores both the index and the UseKind without bloating the memory usage of
+ DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is
+ roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile
+ something - likely a sensible assumption! - then we will only be able to have room for
+ about 24 million nodes, which means we only need about 24.5 bits for the node index).
+ Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index,
+ but stores the index as a signed number to make NoNode work naturally. Hence we really
+ just have 27 bits for the index.
+
+ This is performance-neutral on all benchmarks we track.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAbstractState.h:
+ (JSC::DFG::AbstractState::forNode):
+ (AbstractState):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::addVarArgChild):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ * dfg/DFGCommon.h:
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (DFG):
+ * dfg/DFGGraph.h:
+ (Graph):
+ (JSC::DFG::Graph::operator[]):
+ (JSC::DFG::Graph::at):
+ (JSC::DFG::Graph::ref):
+ (JSC::DFG::Graph::deref):
+ (JSC::DFG::Graph::clearAndDerefChild1):
+ (JSC::DFG::Graph::clearAndDerefChild2):
+ (JSC::DFG::Graph::clearAndDerefChild3):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::child1):
+ (JSC::DFG::Node::child1Unchecked):
+ (JSC::DFG::Node::child2):
+ (JSC::DFG::Node::child3):
+ (JSC::DFG::Node::firstChild):
+ (JSC::DFG::Node::numChildren):
+ (JSC::DFG::Node::dumpChildren):
+ (Node):
+ * dfg/DFGNodeReferenceBlob.h: Added.
+ (DFG):
+ (NodeReferenceBlob):
+ (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob):
+ (JSC::DFG::NodeReferenceBlob::child):
+ (JSC::DFG::NodeReferenceBlob::child1):
+ (JSC::DFG::NodeReferenceBlob::child2):
+ (JSC::DFG::NodeReferenceBlob::child3):
+ (JSC::DFG::NodeReferenceBlob::child1Unchecked):
+ (JSC::DFG::NodeReferenceBlob::initialize):
+ (JSC::DFG::NodeReferenceBlob::firstChild):
+ (JSC::DFG::NodeReferenceBlob::setFirstChild):
+ (JSC::DFG::NodeReferenceBlob::numChildren):
+ (JSC::DFG::NodeReferenceBlob::setNumChildren):
+ * dfg/DFGNodeUse.h: Added.
+ (DFG):
+ (NodeUse):
+ (JSC::DFG::NodeUse::NodeUse):
+ (JSC::DFG::NodeUse::indexUnchecked):
+ (JSC::DFG::NodeUse::index):
+ (JSC::DFG::NodeUse::setIndex):
+ (JSC::DFG::NodeUse::useKind):
+ (JSC::DFG::NodeUse::setUseKind):
+ (JSC::DFG::NodeUse::isSet):
+ (JSC::DFG::NodeUse::operator!):
+ (JSC::DFG::NodeUse::operator==):
+ (JSC::DFG::NodeUse::operator!=):
+ (JSC::DFG::NodeUse::shift):
+ (JSC::DFG::NodeUse::makeWord):
+ (JSC::DFG::operator==):
+ (JSC::DFG::operator!=):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::vote):
+ (JSC::DFG::Propagator::toDouble):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::canonicalize):
+ (JSC::DFG::Propagator::startIndex):
+ (JSC::DFG::Propagator::globalVarLoadElimination):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::performSubstitution):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::use):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::useChildren):
+ (JSC::DFG::SpeculativeJIT::writeBarrier):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compileMovHint):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compileAdd):
+ (JSC::DFG::SpeculativeJIT::compileArithSub):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ (JSC::DFG::SpeculativeJIT::compileStrictEq):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::at):
+ (JSC::DFG::SpeculativeJIT::canReuse):
+ (JSC::DFG::SpeculativeJIT::use):
+ (SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ (JSC::DFG::IntegerOperand::IntegerOperand):
+ (JSC::DFG::DoubleOperand::DoubleOperand):
+ (JSC::DFG::JSValueOperand::JSValueOperand):
+ (JSC::DFG::StorageOperand::StorageOperand):
+ (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
+ (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
+ (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
+ (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
+ (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compileValueAdd):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileValueAdd):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-02-05 Gyuyoung Kim <gyuyoung.kim@samsung.com>
+
+ [CMAKE] Support javascriptcore test for EFL port.
+ https://bugs.webkit.org/show_bug.cgi?id=77425
+
+ Reviewed by Daniel Bates.
+
+ Efl and WinCE as well as Blackberry port are now using Cmake as its build system
+ and they are share the make file to create jsc excutable. In order to run
+ "run-javascriptcore-tests", EFL port needs to change jsc installation configuration
+ with executable output directory(e.g. Programs). So, this patch change jsc installation
+ configuration only for EFL port.
+
+ * shell/CMakeLists.txt:
+
+2012-02-04 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Sam Weinig.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
+ - Fix comment.
+
+2012-02-04 Kalev Lember <kalevlember@gmail.com>
+
+ [GTK] CurrentTime: Reorder headers for win32
+ https://bugs.webkit.org/show_bug.cgi?id=77808
+
+ Reviewed by Martin Robinson.
+
+ In GTK+ win32 port, monotonicallyIncreasingTime() implementation is
+ based on g_get_monotonic_time(). Reorder headers to make sure glib.h
+ gets included even when the platform is win32.
+
+ CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()':
+ CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope
+ CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type]
+
+ * wtf/CurrentTime.cpp:
+
+2012-02-03 Anders Carlsson <andersca@apple.com>
+
+ Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores
+ https://bugs.webkit.org/show_bug.cgi?id=77788
+
+ Reviewed by Andreas Kling.
+
+ The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to
+ code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening.
+
+ * wtf/FastAllocBase.h:
+
+2012-02-03 Rob Buis <rbuis@rim.com>
+
+ Fix alignment warnings in ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=55368
+
+ Reviewed by Filip Pizlo.
+
+ Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code.
+
+ * heap/HandleTypes.h:
+ (JSC::HandleTypes::getFromSlot):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::specializedSweep):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::forEachCell):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::unvalidatedGet):
+
+2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Build fix
+
+ Unreviewed build fix
+
+ Forgot to add a couple files.
+
+ * heap/MarkedAllocator.cpp: Added.
+ (JSC):
+ (JSC::MarkedAllocator::tryAllocateHelper):
+ (JSC::MarkedAllocator::tryAllocate):
+ (JSC::MarkedAllocator::allocateSlowCase):
+ (JSC::MarkedAllocator::allocateBlock):
+ (JSC::MarkedAllocator::addBlock):
+ (JSC::MarkedAllocator::removeBlock):
+ * heap/MarkedAllocator.h: Added.
+ (JSC):
+ (DFG):
+ (MarkedAllocator):
+ (JSC::MarkedAllocator::cellSize):
+ (JSC::MarkedAllocator::heap):
+ (JSC::MarkedAllocator::setHeap):
+ (JSC::MarkedAllocator::setCellSize):
+ (JSC::MarkedAllocator::setMarkedSpace):
+ (JSC::MarkedAllocator::MarkedAllocator):
+ (JSC::MarkedAllocator::allocate):
+ (JSC::MarkedAllocator::reset):
+ (JSC::MarkedAllocator::zapFreeList):
+ (JSC::MarkedAllocator::forEachBlock):
+
+2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor MarkedBlock::SizeClass into a separate class
+ https://bugs.webkit.org/show_bug.cgi?id=77600
+
+ Reviewed by Geoffrey Garen.
+
+ We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
+ the responsibility of allocating objects from the collection of MarkedBlocks
+ that it manages. Also limited the amount of coupling to internal data fields
+ from other places, although it's mostly unavoidable in the JIT code.
+
+ Eventually MarkedAllocator will implement various policies to do with object
+ management, e.g. whether or not to run destructors on objects that it manages.
+ MarkedSpace will manage a collection of MarkedAllocators with varying policies,
+ as it does now but to a larger extent.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ (JSC::Heap::resetAllocators):
+ * heap/Heap.h:
+ (JSC::Heap::allocatorForObject):
+ (Heap):
+ * heap/MarkedAllocator.cpp: Added.
+ (JSC):
+ (JSC::MarkedAllocator::tryAllocateHelper):
+ (JSC::MarkedAllocator::tryAllocate):
+ (JSC::MarkedAllocator::allocateSlowCase):
+ (JSC::MarkedAllocator::allocateBlock):
+ (JSC::MarkedAllocator::addBlock):
+ (JSC::MarkedAllocator::removeBlock):
+ * heap/MarkedAllocator.h: Added.
+ (JSC):
+ (DFG):
+ (MarkedAllocator):
+ (JSC::MarkedAllocator::cellSize):
+ (JSC::MarkedAllocator::heap):
+ (JSC::MarkedAllocator::setHeap):
+ (JSC::MarkedAllocator::setCellSize):
+ (JSC::MarkedAllocator::setMarkedSpace):
+ (JSC::MarkedAllocator::MarkedAllocator):
+ (JSC::MarkedAllocator::allocate):
+ (JSC::MarkedAllocator::reset):
+ (JSC::MarkedAllocator::zapFreeList):
+ (JSC::MarkedAllocator::forEachBlock):
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocators):
+ (JSC::MarkedSpace::canonicalizeCellLivenessData):
+ (JSC::TakeIfUnmarked::operator()):
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ (JSC::MarkedSpace::allocatorFor):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::forEachBlock):
+ (JSC::MarkedSpace::didAddBlock):
+ (JSC::MarkedSpace::didConsumeFreeList):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+
+2012-02-03 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Replace GNU linker script for exports with export macros in WTF/JSC
+ https://bugs.webkit.org/show_bug.cgi?id=77723
+
+ Reviewed by Tor Arne Vestbø.
+
+ * wtf/Platform.h: Enable use of export macros.
+
+2012-02-02 Hajime Morrita <morrita@chromium.org>
+
+ Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation.
+
+ * interpreter/Interpreter.h:
+ (Interpreter):
+
+2012-01-31 Hajime Morrita <morrita@chromium.org>
+
+ [Mac] eliminate JavaScriptCore.exp
+ https://bugs.webkit.org/show_bug.cgi?id=72854
+
+ Reviewed by Darin Adler.
+
+ - Removed exp files and corresponding makefile entries.
+ - Changed the build configuration no to use exp file.
+
+ * Configurations/JavaScriptCore.xcconfig:
+ * DerivedSources.make:
+ * JavaScriptCore.JSVALUE32_64only.exp: Removed.
+ * JavaScriptCore.JSVALUE64only.exp: Removed.
+ * JavaScriptCore.exp: Removed.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Platform.h:
+
+2012-02-02 Benjamin Poulain <bpoulain@apple.com>
+
+ Running a Web Worker on about:blank crashes the interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=77593
+
+ Reviewed by Michael Saboff.
+
+ The method Interpreter::execute() was crashing on empty programs because
+ the assumption is made the source is not null.
+
+ This patch shortcut the execution when the String is null to avoid invalid
+ memory access.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+
+2012-02-02 Kalev Lember <kalevlember@gmail.com>
+
+ [GTK] Use win32 native threading
+ https://bugs.webkit.org/show_bug.cgi?id=77676
+
+ Reviewed by Martin Robinson.
+
+ r97269 switched from glib threading to pthreads, breaking win32 GTK+.
+ This is a follow up, removing some leftovers in ThreadSpecific.h and
+ switching win32 to use the native threading in ThreadingWin.cpp.
+
+ * GNUmakefile.list.am: Compile in win32 native threading support
+ * wtf/ThreadSpecific.h: Remove GTK+-specific definitions
+ (ThreadSpecific):
+ (WTF::::destroy):
+
+2012-02-02 Filip Pizlo <fpizlo@apple.com>
+
+ retrieveCallerFromVMCode should call trueCallerFrame
+ https://bugs.webkit.org/show_bug.cgi?id=77684
+
+ Reviewed by Oliver Hunt.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::retrieveCallerFromVMCode):
+
+2012-02-02 Kalev Lember <kalevlember@gmail.com>
+
+ [GTK] Implement current executable path finding for win32
+ https://bugs.webkit.org/show_bug.cgi?id=77677
+
+ Reviewed by Martin Robinson.
+
+ The WTF helper for getting the binary path that was added in r101710
+ left out the win32 implementation. Fix this.
+
+ * wtf/gobject/GlibUtilities.cpp:
+ (getCurrentExecutablePath):
+
+2012-02-02 Filip Pizlo <fpizlo@apple.com>
+
+ Throwing away bytecode and then reparsing during DFG optimization is just
+ plain wrong and makes things crash
+ https://bugs.webkit.org/show_bug.cgi?id=77680
+ <rdar://problem/10798490>
+
+ Reviewed by Oliver Hunt.
+
+ This is the minimal surgical fix: it removes the code that triggered bytecode
+ throw-away. Once we're confident that this is a good idea, we can kill all of
+ the code that implements the feature.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::discardBytecodeLater):
+ (JSC::CodeBlock::addValueProfile):
+ * jit/JITDriver.h:
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+
+2012-02-02 Filip Pizlo <fpizlo@apple.com>
+
+ Release build debugging should be easier
+ https://bugs.webkit.org/show_bug.cgi?id=77669
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/ARMAssembler.h:
+ (ARMAssembler):
+ (JSC::ARMAssembler::debugOffset):
+ * assembler/ARMv7Assembler.h:
+ (ARMv7Assembler):
+ (JSC::ARMv7Assembler::debugOffset):
+ (ARMInstructionFormatter):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
+ * assembler/AbstractMacroAssembler.h:
+ (AbstractMacroAssembler):
+ (JSC::AbstractMacroAssembler::debugOffset):
+ * assembler/AssemblerBuffer.h:
+ (AssemblerBuffer):
+ (JSC::AssemblerBuffer::debugOffset):
+ * assembler/LinkBuffer.h:
+ (LinkBuffer):
+ (JSC::LinkBuffer::debugSize):
+ * assembler/MIPSAssembler.h:
+ (MIPSAssembler):
+ (JSC::MIPSAssembler::debugOffset):
+ * assembler/X86Assembler.h:
+ (X86Assembler):
+ (JSC::X86Assembler::debugOffset):
+ (X86InstructionFormatter):
+ (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
+ * bytecode/CodeBlock.cpp:
+ (JSC):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ * bytecode/CodeOrigin.h:
+ (CodeOrigin):
+ (JSC):
+ (JSC::CodeOrigin::inlineStack):
+ * bytecode/DFGExitProfile.h:
+ (JSC::DFG::exitKindToString):
+ * bytecode/DataFormat.h:
+ (JSC::dataFormatToString):
+ * bytecode/PredictedType.cpp:
+ (JSC):
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ (JSC):
+ * bytecode/ValueRecovery.h:
+ (ValueRecovery):
+ (JSC::ValueRecovery::dump):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC):
+ (JSC::BytecodeGenerator::setDumpsGeneratedCode):
+ (JSC::BytecodeGenerator::dumpsGeneratedCode):
+ (JSC::BytecodeGenerator::generate):
+ * dfg/DFGAbstractValue.h:
+ (StructureAbstractValue):
+ (JSC::DFG::StructureAbstractValue::dump):
+ (AbstractValue):
+ (JSC::DFG::AbstractValue::dump):
+ * dfg/DFGAssemblyHelpers.h:
+ (DFG):
+ (AssemblyHelpers):
+ (JSC::DFG::AssemblyHelpers::debugCall):
+ * dfg/DFGFPRInfo.h:
+ (FPRInfo):
+ (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGGPRInfo.h:
+ (GPRInfo):
+ (JSC::DFG::GPRInfo::debugName):
+ * dfg/DFGGraph.cpp:
+ (DFG):
+ * dfg/DFGGraph.h:
+ (Graph):
+ * dfg/DFGNode.h:
+ (DFG):
+ (JSC::DFG::arithNodeFlagsAsString):
+ (Node):
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::dumpChildren):
+ * dfg/DFGOSRExit.cpp:
+ (DFG):
+ (JSC::DFG::OSRExit::dump):
+ * dfg/DFGOSRExit.h:
+ (OSRExit):
+ * runtime/JSValue.cpp:
+ (JSC):
+ (JSC::JSValue::description):
+ * runtime/JSValue.h:
+ (JSValue):
+ * wtf/BitVector.cpp:
+ (WTF):
+ (WTF::BitVector::dump):
+ * wtf/BitVector.h:
+ (BitVector):
+
+2012-02-02 Oliver Hunt <oliver@apple.com>
+
+ Getters and setters cause line numbers in errors/console.log to be offset for the whole file
+ https://bugs.webkit.org/show_bug.cgi?id=77675
+
+ Reviewed by Timothy Hatcher.
+
+ Our default literal parsing logic doesn't handle the extra work required for
+ getters and setters. When it encounters one, it rolls back the lexer and
+ then switches to a more complete parsing function. Unfortunately it was only
+ winding back the character position, and was ignoring the line number and
+ other lexer data. This led to every getter and setter causing the line number
+ to be incorrectly incremented leading to increasingly incorrect numbers for
+ the rest of the file.
+
+ * parser/Parser.cpp:
+ (JSC::::parseObjectLiteral):
+
+2012-02-02 Andy Wingo <wingo@igalia.com>
+
+ Fix type punning warning in HashTable.h debug builds
+ https://bugs.webkit.org/show_bug.cgi?id=77422
+
+ Reviewed by Gavin Barraclough.
+
+ * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning
+ warning appearing in debug builds with gcc-4.6.2 on GNU/Linux.
+
+2012-02-01 Michael Saboff <msaboff@apple.com>
+
+ Yarr crash with regexp replace
+ https://bugs.webkit.org/show_bug.cgi?id=67454
+
+ Reviewed by Gavin Barraclough.
+
+ Properly handle the case of a back reference to an unmatched
+ subpattern by always matching without consuming any characters.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::matchBackReference):
+ (JSC::Yarr::Interpreter::backtrackBackReference):
+
+2012-02-01 Gavin Barraclough <barraclough@apple.com>
+
+ calling function on catch block scope containing an eval result in wrong this value being passed
+ https://bugs.webkit.org/show_bug.cgi?id=77581
+
+ Reviewed by Oliver Hunt.
+
+ javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::TryNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::createTryStatement):
+ * parser/NodeConstructors.h:
+ (JSC::TryNode::TryNode):
+ * parser/Nodes.h:
+ (TryNode):
+ * parser/Parser.cpp:
+ (JSC::::parseTryStatement):
+ * parser/SyntaxChecker.h:
+ (JSC::SyntaxChecker::createTryStatement):
+ * runtime/JSObject.h:
+ (JSObject):
+ (JSC::JSObject::isStaticScopeObject):
+ (JSC):
+
+2012-02-01 Oliver Hunt <oliver@apple.com>
+
+ Add support for inferred function names
+ https://bugs.webkit.org/show_bug.cgi?id=77579
+
+ Reviewed by Gavin Barraclough.
+
+ Add new "inferred" names to function expressions, getters, and setters.
+ This property is not exposed to JS, so is only visible in the debugger
+ and profiler.
+
+ * JavaScriptCore.exp:
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::makeFunction):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::calculatedFunctionName):
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::createAssignResolve):
+ (JSC::ASTBuilder::createGetterOrSetterProperty):
+ (JSC::ASTBuilder::createProperty):
+ (JSC::ASTBuilder::makeAssignNode):
+ * parser/Nodes.h:
+ (JSC::FunctionBodyNode::setInferredName):
+ (JSC::FunctionBodyNode::inferredName):
+ (FunctionBodyNode):
+ * profiler/Profiler.cpp:
+ (JSC):
+ (JSC::Profiler::createCallIdentifier):
+ (JSC::createCallIdentifierFromFunctionImp):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::create):
+ (JSC::FunctionExecutable::inferredName):
+ (FunctionExecutable):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::calculatedDisplayName):
+ (JSC):
+ (JSC::getCalculatedDisplayName):
+ * runtime/JSFunction.h:
+ (JSC):
+
+2012-02-01 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should fold double-to-int conversions
+ https://bugs.webkit.org/show_bug.cgi?id=77532
+
+ Reviewed by Oliver Hunt.
+
+ Performance neutral on major benchmarks. But it makes calling V8's
+ Math.random() 4x faster.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC):
+ (JSC::CodeBlock::addOrFindConstant):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addConstant):
+ (CodeBlock):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getJSConstantForValue):
+ (JSC::DFG::ByteCodeParser::isInt32Constant):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::addShouldSpeculateInteger):
+ (Graph):
+ (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::doRoundOfDoubleVoting):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileAdd):
+ (DFG):
+ (JSC::DFG::SpeculativeJIT::compileArithSub):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
+ (SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::asDouble):
+
+2012-02-01 Filip Pizlo <fpizlo@apple.com>
+
+ DFG graph dump for GetScopedVar should show the correct prediction
+ https://bugs.webkit.org/show_bug.cgi?id=77530
+
+ Reviewed by Geoff Garen.
+
+ GetScopedVar has a heap prediction, not a variable prediction. But it does
+ have a variable. Hence we need to check for heap predictions before checking
+ for variable predictions.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+
+2012-02-01 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Replace JSArray destructor with finalizer
+ https://bugs.webkit.org/show_bug.cgi?id=77488
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finalize): Added finalizer.
+ (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
+ (JSC):
+ (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
+ (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode
+ because the old name was confusing because we could have a sparse array that never
+ called enterSparseMode.
+ (JSC::JSArray::defineOwnNumericProperty):
+ (JSC::JSArray::setLengthWritable):
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ (JSC::JSArray::setLength):
+ (JSC::JSArray::pop):
+ (JSC::JSArray::sort):
+ (JSC::JSArray::compactForSorting):
+ * runtime/JSArray.h:
+ (JSArray):
+
+2012-02-01 Andy Wingo <wingo@igalia.com>
+
+ Refactor identifier resolution in BytecodeGenerator
+ https://bugs.webkit.org/show_bug.cgi?id=76285
+
+ Reviewed by Geoffrey Garen.
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::ResolveResult): New class, to describe the storage
+ location corresponding to an identifier in a program.
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::resolve): New function, replacing
+ findScopedProperty.
+ (JSC::BytecodeGenerator::resolveConstDecl): New function,
+ encapsulating what ConstDeclNode::emitBytecode used to do.
+ (JSC::BytecodeGenerator::emitGetStaticVar):
+ (JSC::BytecodeGenerator::emitPutStaticVar): New functions,
+ corresponding to the old emitGetScopedVar and emitPutScopedVar.
+ (JSC::BytecodeGenerator::registerFor): Remove version that took an
+ Identifier&; replaced by ResolveResult::local().
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveBase):
+ (JSC::BytecodeGenerator::emitResolveBaseForPut):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a
+ "resolveResult" argument. This is more clear, and reduces the
+ amount of double analysis happening at compile-time.
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ResolveNode::emitBytecode):
+ (JSC::EvalFunctionCallNode::emitBytecode):
+ (JSC::FunctionCallResolveNode::emitBytecode):
+ (JSC::PostfixResolveNode::emitBytecode):
+ (JSC::DeleteResolveNode::emitBytecode):
+ (JSC::TypeOfResolveNode::emitBytecode):
+ (JSC::PrefixResolveNode::emitBytecode):
+ (JSC::ReadModifyResolveNode::emitBytecode):
+ (JSC::AssignResolveNode::emitBytecode):
+ (JSC::ConstDeclNode::emitCodeSingle):
+ (JSC::ForInNode::emitBytecode): Refactor to use the new
+ ResolveResult structure.
+
+2012-02-01 Csaba Osztrogonác <ossy@webkit.org>
+
+ Implement Error.stack
+ https://bugs.webkit.org/show_bug.cgi?id=66994
+
+ Unreviewed, rolling out r106407.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/AbstractPC.cpp:
+ (JSC::AbstractPC::AbstractPC):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ (JSC):
+ (Interpreter):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * parser/Parser.h:
+ (JSC::::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+ (JSC):
+
+2012-01-31 Hajime Morrita <morrita@chromium.org>
+
+ Add missing JS_PRIVATE_EXPORTs
+ https://bugs.webkit.org/show_bug.cgi?id=77507
+
+ Reviewed by Kevin Ollivier.
+
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ * interpreter/Interpreter.h:
+ (Interpreter):
+ * runtime/JSValue.h:
+ (JSValue):
+ * wtf/text/AtomicString.h:
+ (WTF::AtomicString::add):
+ * wtf/text/WTFString.h:
+ (WTF):
+
+2012-01-31 Geoffrey Garen <ggaren@apple.com>
+
+ Stop using -fomit-frame-pointer
+ https://bugs.webkit.org/show_bug.cgi?id=77403
+
+ Reviewed by Filip Pizlo.
+
+ JavaScriptCore is too fast. I'm just the man to fix it.
+
+ * Configurations/JavaScriptCore.xcconfig:
+
+2012-01-31 Michael Saboff <msaboff@apple.com>
+
+ StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
+ https://bugs.webkit.org/show_bug.cgi?id=76647
+
+ Reviewed by Darin Adler.
+
+ Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
+ to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special
+ cases. One case is s-sharp (0xdf) which converts to "SS". The other case is
+ for characters which become 16 bit values when converted to upper case. For
+ those, we up convert the the source string and use the 16 bit path.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncToUpperCase):
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::upper):
+ * wtf/unicode/CharacterNames.h:
+ (smallLetterSharpS): New constant
+
+2012-01-31 Oliver Hunt <oliver@apple.com>
+
+ Remove unneeded sourceId property
+ https://bugs.webkit.org/show_bug.cgi?id=77495
+
+ Reviewed by Filip Pizlo.
+
+ sourceId isn't used anymore, so we'll just remove it.
+
+ * runtime/Error.cpp:
+ (JSC):
+ (JSC::addErrorInfo):
+ (JSC::hasErrorInfo):
+
+2012-01-31 Oliver Hunt <oliver@apple.com>
+
+ Implement Error.stack
+ https://bugs.webkit.org/show_bug.cgi?id=66994
+
+ Reviewed by Gavin Barraclough.
+
+ Original patch by Juan Carlos Montemayor Elosua:
+ This patch utilizes topCallFrame to create a stack trace when
+ an error is thrown. Users will also be able to use the stack()
+ command in jsc to get arrays with stack trace information.
+
+ Modified to be correct on ToT, with a variety of correctness,
+ performance, and security improvements.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::getCallerLine):
+ (JSC::getSourceURLFromCallFrame):
+ (JSC::getStackFrameCodeType):
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ (JSC::StackFrame::toString):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (functionJSCStack):
+ * parser/Parser.h:
+ (JSC::Parser::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+
+2012-01-31 Scott Graham <scottmg@chromium.org>
+
+ [Chromium] Remove references to gyp cygwin build target
+ https://bugs.webkit.org/show_bug.cgi?id=77253
+
+ Reviewed by Julien Chaffraix.
+
+ Target dependency is no longer required, it's done earlier in the
+ build process.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2012-01-31 Michael Saboff <msaboff@apple.com>
+
+ ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
+ https://bugs.webkit.org/show_bug.cgi?id=77443
+
+ Reviewed by Gavin Barraclough.
+
+ Removed failing ASSERT() and thus destructor. The ASSERT isn't needed.
+ We are hitting it in the YARR JIT case where we bail out and go to the
+ interpreter with a partially JIT'ed function. Since we haven't linked
+ the JIT'ed code, there is likely to be some unresolved jumps in the vector
+ when the ARMv7Assembler destructor is called. For the case where we
+ complete the JIT process, we clear the vector at the end of
+ LinkBuffer::linkCode (LinkBuffer.h:292).
+
+ * assembler/ARMv7Assembler.h:
+ (ARMv7Assembler):
+
+2012-01-31 Anders Carlsson <andersca@apple.com>
+
+ Vector<T>::operator== shouldn't require T to have operator!=
+ https://bugs.webkit.org/show_bug.cgi?id=77448
+
+ Reviewed by Andreas Kling.
+
+ Change VectorComparer::compare to use !(a == b) instead of a != b since
+ it makes more sense for Vector::operator== to use the element's operator==.
+
+ * wtf/Vector.h:
+
+2012-01-30 Oliver Hunt <oliver@apple.com>
+
+ get_by_val_arguments is broken in the interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=77389
+
+ Reviewed by Gavin Barraclough.
+
+ When get_by_val had wad a value profile added, the same slot was not added to
+ get_by_val_arguments. This broke the interpreter as the interpreter falls
+ back on its regular get_by_val implementation.
+
+ No tests are added as the interpreter is fairly broken in its
+ current state (multiple tests fail due to this bug).
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ (JSC):
+ ():
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitGetArgumentByVal):
+
+2012-01-30 Oliver Hunt <oliver@apple.com>
+
+ Unexpected syntax error
+ https://bugs.webkit.org/show_bug.cgi?id=77340
+
+ Reviewed by Gavin Barraclough.
+
+ Function calls and new expressions have the same semantics for
+ assignment, so should simply share their lhs handling.
+
+ * parser/Parser.cpp:
+ (JSC::::parseMemberExpression):
+
+2012-01-30 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed ARMv7 build fix.
+
+ * tools/CodeProfiling.cpp:
+ (JSC):
+ (JSC::setProfileTimer):
+ (JSC::CodeProfiling::begin):
+ (JSC::CodeProfiling::end):
+
+2012-01-30 David Levin <levin@chromium.org>
+
+ Using OS(WIN) or OS(MAC) should cause a build error.
+ https://bugs.webkit.org/show_bug.cgi?id=77162
+
+ Reviewed by Darin Adler.
+
+ * wtf/Platform.h: Expand them into something that will
+ cause a compile error.
+
+2012-01-30 Yong Li <yoli@rim.com>
+
+ [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM
+ https://bugs.webkit.org/show_bug.cgi?id=77360
+
+ Reviewed by Rob Buis.
+
+ Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM)
+ for OS(QNX).
+
+ * wtf/Platform.h:
+
+2012-01-30 Gavin Barraclough <barraclough@apple.com>
+
+ Speculative Windows build fix.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (FunctionPtr):
+
+2012-01-30 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=77163
+ MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
+
+ Rubber stamped by Geoff Garen
+
+ * assembler/MacroAssemblerCodeRef.h:
+
+2012-01-30 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed build fix for interpreter builds.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ * bytecode/CodeBlock.h:
+ (CodeBlock):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * tools/CodeProfile.cpp:
+ (JSC::CodeProfile::sample):
+
+2012-01-30 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed build fix following bug#76855
+
+ * JavaScriptCore.exp:
+
+2012-01-30 Michael Saboff <msaboff@apple.com>
+
+ CaseFoldingHash::hash() doesn't handle 8 bit strings directly
+ https://bugs.webkit.org/show_bug.cgi?id=76652
+
+ Reviewed by Andreas Kling.
+
+ * wtf/text/StringHash.h:
+ (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
+
+2012-01-30 Michael Saboff <msaboff@apple.com>
+
+ stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
+ https://bugs.webkit.org/show_bug.cgi?id=76651
+
+ Reviewed by Geoffrey Garen.
+
+ Made local function substituteBackreferencesSlow a template function
+ based on character width. Cleaned up getCharacters() in both UString
+ and StringImpl. Changed getCharacters<UChar> to up convert an 8 bit
+ string to 16 bits if necessary.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::substituteBackreferencesSlow):
+ (JSC::substituteBackreferences):
+ * runtime/UString.h:
+ (JSC::LChar):
+ (JSC::UChar):
+ * wtf/text/StringImpl.h:
+ (WTF::UChar):
+
+2012-01-30 Gavin Barraclough <barraclough@apple.com>
+
+ Clean up putDirect
+ https://bugs.webkit.org/show_bug.cgi?id=76232
+
+ Reviewed by Sam Weinig.
+
+ Part 3 - merge op_put_getter & op_put_setter.
+
+ Putting these separately is inefficient (and makes future optimiation,
+ e.g. making GetterSetter immutable) harder. Change to emit a single
+ op_put_getter_setter bytecode op. Ultimately we should probably be
+ able to merge this with put direct, to create a common op to initialize
+ object literal properties.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ (JSC):
+ ():
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitPutGetterSetter):
+ * bytecompiler/BytecodeGenerator.h:
+ (BytecodeGenerator):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::PropertyListNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_getter_setter):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_getter_setter):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ ():
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putDirectVirtual):
+ (JSC::JSObject::putDirectAccessor):
+ (JSC):
+ (JSC::putDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ ():
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirect):
+ (JSC::JSObject::putDirectWithoutTransition):
+
+2012-01-30 Michael Saboff <msaboff@apple.com>
+
+ Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=76649
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp: Added export for charactersToDouble.
+
+2012-01-30 Michael Saboff <msaboff@apple.com>
+
+ WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
+ https://bugs.webkit.org/show_bug.cgi?id=76648
+
+ Reviewed by Geoffrey Garen.
+
+ Added a new overloaded append member that takes a String& argument, an offest
+ and a length to do direct sub string appending to a StringBuilder.
+
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::append):
+
+2012-01-29 Zoltan Herczeg <zherczeg@webkit.org>
+
+ Custom written CSS lexer
+ https://bugs.webkit.org/show_bug.cgi?id=70107
+
+ Reviewed by Antti Koivisto and Oliver Hunt.
+
+ Add new helper functions for the custom written CSS lexer.
+
+ * wtf/ASCIICType.h:
+ (WTF::toASCIILowerUnchecked):
+ (WTF):
+ (WTF::isASCIIAlphaCaselessEqual):
+
+2012-01-29 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const
+ https://bugs.webkit.org/show_bug.cgi?id=77146
+ <rdar://problem/10770586>
+
+ Reviewed by Oliver Hunt.
+
+ The old JIT expects that the result of the last operation is in the lastResultRegister. The DFG JIT is
+ designed to correctly track the lastResultRegister by looking at SetLocal nodes. However, when the DFG
+ JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the
+ lastResultRegister. Hence if we OSR exit on the first node following the end of an inlined code block
+ that had a return value, and that first node uses the return value, the old JIT will get massively
+ confused. This patch takes a surgical approach: instead of making the DFG smarter, it makes the old
+ JIT slightly dumber.
+
+ * jit/JITCall.cpp:
+ (JSC::JIT::emit_op_call_put_result):
+
+2012-01-29 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix for Mac non-x64 platforms.
+
+ * tools/CodeProfiling.cpp:
+ (JSC):
+
+2012-01-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reserve 'let'
+ https://bugs.webkit.org/show_bug.cgi?id=77293
+
+ Rubber stamped by Oliver Hunt.
+
+ 'let' may become a keyword in ES6. We're going to try experimentally reserving it,
+ to see if this breaks the web.
+
+ * parser/Keywords.table:
+
+2012-01-27 Gavin Barraclough <barraclough@apple.com>
+
+ Implement a JIT-code aware sampling profiler for JSC
+ https://bugs.webkit.org/show_bug.cgi?id=76855
+
+ Reviewed by Oliver Hunt.
+
+ To enable the profiler, set the JSC_CODE_PROFILING environment variable to
+ 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
+ trace all samples).
+
+ The profiler requires -fomit-frame-pointer to be removed from the build flags.
+
+ * JavaScriptCore.exp:
+ - Removed an export.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added new files
+ * bytecode/CodeBlock.cpp:
+ - For baseline codeblocks, cache the result of canCompileWithDFG.
+ * bytecode/CodeBlock.h:
+ - For baseline codeblocks, cache the result of canCompileWithDFG.
+ * jit/ExecutableAllocator.cpp:
+ (JSC::ExecutableAllocator::initializeAllocator):
+ - Notify the profiler when the allocator is created.
+ (JSC::ExecutableAllocator::allocate):
+ - Inform the allocated of the ownerUID.
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::ExecutableAllocator::initializeAllocator):
+ - Notify the profiler when the allocator is created.
+ (JSC::ExecutableAllocator::allocate):
+ - Inform the allocated of the ownerUID.
+ * jit/JITStubs.cpp:
+ - If profiling, don't mask the return address in JIT code.
+ (We do so to provide nicer backtraces in debug builds).
+ * runtime/Completion.cpp:
+ (JSC::evaluate):
+ - Notify the profiler of script evaluations.
+ * tools: Added.
+ * tools/CodeProfile.cpp: Added.
+ (JSC::symbolName):
+ - Helper function to get the name of a symbol in the framework.
+ (JSC::truncateTrace):
+ - Helper to truncate traces into methods know to have uninformatively deep stacks.
+ (JSC::CodeProfile::sample):
+ - Record a stack trace classifying samples.
+ (JSC::CodeProfile::report):
+ - {Print profiler output.
+ * tools/CodeProfile.h: Added.
+ - new class, captures a set of samples associated with an evaluated script,
+ and nested to record samples from subscripts.
+ * tools/CodeProfiling.cpp: Added.
+ (JSC::CodeProfiling::profilingTimer):
+ - callback fired then a timer event occurs.
+ (JSC::CodeProfiling::notifyAllocator):
+ - called when the executable allocator is constructed.
+ (JSC::CodeProfiling::getOwnerUIDForPC):
+ - helper to lookup the codeblock from an address in JIT code
+ (JSC::CodeProfiling::begin):
+ - enter a profiling scope.
+ (JSC::CodeProfiling::end):
+ - exit a profiling scope.
+ * tools/CodeProfiling.h: Added.
+ - new class, instantialed from Completion to define a profiling scope.
+ * tools/ProfileTreeNode.h: Added.
+ - new class, used to construct a tree of samples.
+ * tools/TieredMMapArray.h: Added.
+ - new class, a malloc-free vector (can be used while the main thread is suspended,
+ possibly holding the malloc heap lock).
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
+ (WTF::MetaAllocator::allocate):
+ - Allow allocation handles to track information about their owner.
+ * wtf/MetaAllocator.h:
+ (MetaAllocator):
+ - Allow allocation handles to track information about their owner.
+ * wtf/MetaAllocatorHandle.h:
+ (MetaAllocatorHandle):
+ (WTF::MetaAllocatorHandle::ownerUID):
+ - Allow allocation handles to track information about their owner.
+ * wtf/OSAllocator.h:
+ (WTF::OSAllocator::reallocateCommitted):
+ - reallocate an existing, committed memory allocation.
+
+2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r106187.
+ http://trac.webkit.org/changeset/106187
+ https://bugs.webkit.org/show_bug.cgi?id=77276
+
+ The last rollout was a false charge. (Requested by morrita on
+ #webkit).
+
+ * runtime/ExceptionHelpers.h:
+ (InterruptedExecutionError):
+ * runtime/JSBoundFunction.h:
+ (JSBoundFunction):
+ * runtime/RegExp.h:
+ (RegExp):
+ * runtime/RegExpMatchesArray.h:
+ (RegExpMatchesArray):
+
+2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r106151.
+ http://trac.webkit.org/changeset/106151
+ https://bugs.webkit.org/show_bug.cgi?id=77275
+
+ may break windows build (Requested by morrita on #webkit).
+
+ * runtime/ExceptionHelpers.h:
+ (InterruptedExecutionError):
+ * runtime/JSBoundFunction.h:
+ (JSBoundFunction):
+ * runtime/RegExp.h:
+ (RegExp):
+ * runtime/RegExpMatchesArray.h:
+ (RegExpMatchesArray):
+
+2012-01-28 Filip Pizlo <fpizlo@apple.com>
+
+ GC invoked while doing an old JIT property storage reallocation may lead
+ to an object that refers to a dead structure
+ https://bugs.webkit.org/show_bug.cgi?id=77273
+ <rdar://problem/10770565>
+
+ Reviewed by Gavin Barraclough.
+
+ The put_by_id transition was already saving the old structure by virtue of
+ having the object on the stack, so that wasn't going to get deleted. But the
+ new structure was unprotected in the transition. I've now changed the
+ transition code to save the new structure, ensuring that the GC will know it
+ to be marked if invoked from within put_by_id_transition_realloc.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ (JSC):
+ ():
+
+2012-01-27 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r106167.
+ http://trac.webkit.org/changeset/106167
+ https://bugs.webkit.org/show_bug.cgi?id=77264
+
+ broke LayoutTests/fast/js/string-capitalization.html
+ (Requested by msaboff on #webkit).
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncToLowerCase):
+ (JSC::stringProtoFuncToUpperCase):
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::upper):
+
+2012-01-27 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix for interpreter platforms.
+
+ * interpreter/AbstractPC.cpp:
+ (JSC::AbstractPC::AbstractPC):
+
+2012-01-27 Michael Saboff <msaboff@apple.com>
+
+ StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
+ https://bugs.webkit.org/show_bug.cgi?id=76647
+
+ Reviewed by Geoffrey Garen.
+
+ Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar
+ to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle the two
+ 8 bit characters that when converted to upper case become 16 bit characters.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace.
+ (JSC::stringProtoFuncToUpperCase):
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::upper):
+
+2012-01-27 Hajime Morita <morrita@google.com>
+
+ [JSC] ThunkGenerators.cpp should hide its asm-defined symbols
+ https://bugs.webkit.org/show_bug.cgi?id=77244
+
+ Reviewed by Filip Pizlo.
+
+ * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS()
+ * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp
+
+2012-01-27 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [JSC] Asm-originated symbols should be marked as hidden
+ https://bugs.webkit.org/show_bug.cgi?id=77150
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches,
+ but they were missing in the CPU(X86) and the CPU(X86_64) cases.
+
+2012-01-27 MORITA Hajime <morrita@google.com>
+
+ [JSC] Some JS_EXPORTDATA may not be necessary.
+ https://bugs.webkit.org/show_bug.cgi?id=77145
+
+ Reviewed by Darin Adler.
+
+ Removed JS_EXPORTDATA attributes whose attributing symbols are
+ not exported on Mac port.
+
+ * runtime/ExceptionHelpers.h:
+ (InterruptedExecutionError):
+ * runtime/JSBoundFunction.h:
+ (JSBoundFunction):
+ * runtime/RegExp.h:
+ (RegExp):
+ * runtime/RegExpMatchesArray.h:
+ (RegExpMatchesArray):
+
+2012-01-27 MORITA Hajime <morrita@google.com>
+
+ [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs
+ https://bugs.webkit.org/show_bug.cgi?id=77113
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export.
+
+2012-01-27 Zeno Albisser <zeno@webkit.org>
+
+ [Qt][Mac] Build fails after adding ICU support (r105997).
+ https://bugs.webkit.org/show_bug.cgi?id=77118
+
+ Use Apple code path for unicode date formats on mac.
+
+ Reviewed by Tor Arne Vestbø.
+
+ * runtime/DatePrototype.cpp:
+ ():
+
+2012-01-27 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Add a GKeyFile especialization to GOwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=77191
+
+ Reviewed by Martin Robinson.
+
+ * wtf/gobject/GOwnPtr.cpp:
+ (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
+ * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
+ * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.
+
+2012-01-25 Yury Semikhatsky <yurys@chromium.org>
+
+ Web Inspector: should be possible to open function declaration from script popover
+ https://bugs.webkit.org/show_bug.cgi?id=76913
+
+ Added display function name and source location to the popover in scripts panel.
+ Now when a function is hovered user can navigate to its definition.
+
+ Reviewed by Pavel Feldman.
+
+ * JavaScriptCore/JavaScriptCore.exp
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSFunction.h:
+ (JSFunction):
+
+2012-01-26 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
+
+ * runtime/DatePrototype.cpp:
+ ():
+
+2012-01-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Merge AllocationSpace into MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=77116
+
+ Reviewed by Geoffrey Garen.
+
+ Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to
+ MarkedSpace allocation.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * heap/AllocationSpace.cpp: Removed.
+ * heap/AllocationSpace.h: Removed.
+ * heap/BumpSpace.h:
+ (BumpSpace):
+ * heap/Heap.h:
+ (JSC::Heap::objectSpace):
+ (Heap):
+ ():
+ * heap/HeapBlock.h:
+ ():
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::tryAllocateHelper):
+ (JSC):
+ (JSC::MarkedSpace::tryAllocate):
+ (JSC::MarkedSpace::allocateSlowCase):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::freeBlocks):
+ (TakeIfUnmarked):
+ (JSC::TakeIfUnmarked::TakeIfUnmarked):
+ (JSC::TakeIfUnmarked::operator()):
+ (JSC::TakeIfUnmarked::returnValue):
+ (JSC::MarkedSpace::shrink):
+ (GatherDirtyCells):
+ (JSC::GatherDirtyCells::returnValue):
+ (JSC::GatherDirtyCells::GatherDirtyCells):
+ (JSC::GatherDirtyCells::operator()):
+ (JSC::MarkedSpace::gatherDirtyCells):
+ * heap/MarkedSpace.h:
+ (MarkedSpace):
+ (JSC::MarkedSpace::blocks):
+ (JSC::MarkedSpace::forEachCell):
+ (JSC):
+ (JSC::MarkedSpace::allocate):
+
+2012-01-26 Oliver Hunt <oliver@apple.com>
+
+ MSVC bug fix.
+ <rdar://problem/10703671> MSVC generates bad code for enum compare.
+
+ RS=Geoff
+
+ Make bitfield large enough to work around MSVC's desire to make enums
+ signed types.
+
+ * bytecode/CallLinkInfo.h:
+ (CallLinkInfo):
+
+2012-01-26 Filip Pizlo <fpizlo@apple.com>
+
+ All DFG helpers that may call out to arbitrary JS code must know where they
+ were called from due to inlining and call stack walking
+ https://bugs.webkit.org/show_bug.cgi?id=77070
+ <rdar://problem/10750834>
+
+ Reviewed by Geoff Garen.
+
+ Changed the DFG to always record a code origin index in the tag of the argument
+ count (which we previously left blank for the benefit of LLInt, but is still
+ otherwise unused by the DFG), so that if we ever need to walk the stack accurately
+ we know where to start. In particular, if the current ExecState* points several
+ semantic call frames away from the true semantic call frame because we had
+ performed inlining, having the code origin index recorded means that we can reify
+ those call frames as necessary to give runtime/library code an accurate view of
+ the current JS state.
+
+ This required several large but mechanical changes:
+
+ - Calling a function from the DFG now plants a store32 instruction to store the
+ code origin index. But the indices of code origins were previously picked by
+ the DFG::JITCompiler after code generation completed. I changed this somewhat;
+ even though the code origins are put into the CodeBlock after code gen, the
+ code gen now knows a priori what their indices will be. Extensive assertions
+ are in place to ensure that the two don't get out of sync, in the form of the
+ DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
+ those don't need the code origin index set in the call frame because we can get
+ it by doing a binary search on the return PC.
+
+ - Stack walking now always calls trueCallFrame() first before beginning the walk,
+ since even the top call frame may be wrong. It still calls trueCallerFrame() as
+ before to get to the next frame, though trueCallerFrame() is now mostly a
+ wrapper around callerFrame()->trueCallFrame().
+
+ - Because the mechanism for getting the code origin of a call frame is bimodal
+ (either the call frame knows its code origin because the code origin index was
+ set, or it's necessary to use the callee frame's return PC), I put in extra
+ mechanisms to determine whether your caller, or your callee, corresponds to
+ a call out of C++ code. Previously we just had the host call flag, but this is
+ insufficient as it does not cover the case of someone calling JSC::call(). But
+ luckily we can determine this just by looking at the return PC: if the return
+ PC is in range of the ctiTrampiline, then two things are true: this call
+ frame's PC will tell you nothing about where you came from in your caller, and
+ the caller already knows where it's at because it must have set the code origin
+ index (unless it's not DFG code, in which case we don't care because there is
+ no inlining to worry about).
+
+ - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
+ inlining code, so I fixed it.
+
+ - Finally because I was tired of doing random #if's for checking if I should be
+ passing around an Instruction* or a ReturnAddressPtr, I created a class called
+ AbstractPC that holds whatever notion of a PC is appropriate for the current
+ execution environment. It's designed to work gracefully even if both the
+ interpreter and the JIT are compiled in, and should integrate nicely with the
+ LLInt.
+
+ This is neutral on all benchmarks and fixes some nasty corner-case regressions of
+ evil code that uses combinations of getters/setters and function.arguments.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::codeOrigin):
+ (CodeBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (CallBeginToken):
+ (JSC::DFG::CallBeginToken::CallBeginToken):
+ (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
+ (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
+ (DFG):
+ (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
+ (CallExceptionRecord):
+ (JSC::DFG::JITCompiler::JITCompiler):
+ (JITCompiler):
+ (JSC::DFG::JITCompiler::nextCallBeginToken):
+ (JSC::DFG::JITCompiler::beginCall):
+ (JSC::DFG::JITCompiler::notifyCall):
+ (JSC::DFG::JITCompiler::addExceptionCheck):
+ (JSC::DFG::JITCompiler::addFastExceptionCheck):
+ * dfg/DFGOperations.cpp:
+ ():
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDList):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * interpreter/AbstractPC.cpp: Added.
+ (JSC):
+ (JSC::AbstractPC::AbstractPC):
+ * interpreter/AbstractPC.h: Added.
+ (JSC):
+ (AbstractPC):
+ (JSC::AbstractPC::AbstractPC):
+ (JSC::AbstractPC::hasJITReturnAddress):
+ (JSC::AbstractPC::jitReturnAddress):
+ (JSC::AbstractPC::hasInterpreterReturnAddress):
+ (JSC::AbstractPC::interpreterReturnAddress):
+ (JSC::AbstractPC::isSet):
+ (JSC::AbstractPC::operator!):
+ ():
+ * interpreter/CallFrame.cpp:
+ (JSC):
+ (JSC::CallFrame::trueCallFrame):
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::abstractReturnPC):
+ (JSC::ExecState::codeOriginIndexForDFGWithInlining):
+ (ExecState):
+ (JSC::ExecState::trueCallFrame):
+ (JSC::ExecState::trueCallFrameFromVMCode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::retrieveArgumentsFromVMCode):
+ (JSC::Interpreter::retrieveCallerFromVMCode):
+ (JSC::Interpreter::findFunctionCallFrameFromVMCode):
+ * interpreter/Interpreter.h:
+ (Interpreter):
+ ():
+ * jit/JITStubs.cpp:
+ (JSC):
+ ():
+ * jit/JITStubs.h:
+ (JSC):
+ (JSC::returnAddressIsInCtiTrampoline):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::argumentsGetter):
+ (JSC::JSFunction::callerGetter):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+
+2012-01-26 Peter Varga <pvarga@webkit.org>
+
+ Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
+ https://bugs.webkit.org/show_bug.cgi?id=77104
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGOperations.cpp:
+ ():
+
+2012-01-26 Michael Saboff <msaboff@apple.com>
+
+ String::latin1() should take advantage of 8 bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=76646
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/text/WTFString.cpp:
+ (WTF::String::latin1): For 8 bit strings, use existing buffer
+ without conversion.
+
+2012-01-26 Michael Saboff <msaboff@apple.com>
+
+ Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
+ https://bugs.webkit.org/show_bug.cgi?id=76645
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::equalIgnoringCase): New LChar version.
+ (WTF::findInner): New helper function.
+ (WTF::StringImpl::find): Added 8 bit path.
+ (WTF::reverseFindInner): New helper funciton.
+ (WTF::StringImpl::reverseFind): Added 8 bit path.
+ (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
+ * wtf/text/StringImpl.h:
+ (WTF):
+
+2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
+
+ [Qt][Win] One more speculative buildfix after r105970.
+
+ * JavaScriptCore.pri:
+
+2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
+
+ [Qt][Win] Speculative buildfix after r105970.
+
+ * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().
+
+2012-01-26 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r105982.
+ http://trac.webkit.org/changeset/105982
+ https://bugs.webkit.org/show_bug.cgi?id=77090
+
+ breaks the world (Requested by WildFox on #webkit).
+
+ * wtf/MainThread.cpp:
+ (WTF):
+ * wtf/Platform.h:
+ * wtf/mac/MainThreadMac.mm:
+ (WTF):
+ (WTF::registerGCThread):
+ (WTF::isMainThreadOrGCThread):
+
+2012-01-26 Roland Takacs <takacs.roland@stud.u-szeged.hu>
+
+ [Qt] GC should be parallel on Qt platform
+ https://bugs.webkit.org/show_bug.cgi?id=73309
+
+ Reviewed by Zoltan Herczeg.
+
+ These changes made the parallel gc feature available for Qt port.
+ The implementation of "registerGCThread" and "isMainThreadOrGCThread"
+ is moved from MainThreadMac.mm to the common MainThread.cpp to make
+ them available for other platforms.
+
+ Measurement results:
+ V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ]
+ WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms]
+ V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ]
+
+ Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
+
+ * wtf/MainThread.cpp:
+ (WTF):
+ (WTF::registerGCThread):
+ (WTF::isMainThreadOrGCThread):
+ * wtf/Platform.h:
+ * wtf/mac/MainThreadMac.mm:
+
+2012-01-26 Andy Estes <aestes@apple.com>
+
+ REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
+ https://bugs.webkit.org/show_bug.cgi?id=77073
+
+ Reviewed by Ryosuke Niwa.
+
+ r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
+ This should have been changed to OS(WINDOWS). This causes the
+ preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
+ causing allocations made by Win32 to be deleted by fastmalloc.
+
+ * wtf/OwnPtrCommon.h:
+ (WTF): Use OS(WINDOWS) instead of OS(WIN).
+
+2012-01-25 Mark Rowe <mrowe@apple.com>
+
+ Attempted Mac build fix after r105939.
+
+ * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
+ It isn't used on these platforms and isn't available in the ICU headers
+ for Mac.
+
+2012-01-25 Mark Rowe <mrowe@apple.com>
+
+ Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
+
+ <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH
+
+ Reviewed by David Kilzer.
+
+ * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
+ the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
+ to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
+ * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
+ the normal framework location. This prevents an incorrect install name from being used when
+ installing in to the staged frameworks directory.
+
+2012-01-25 Eli Fidler <efidler@rim.com>
+
+ Implement Date.toLocaleString() using ICU
+ https://bugs.webkit.org/show_bug.cgi?id=76714
+
+ Reviewed by Darin Adler.
+
+ * runtime/DatePrototype.cpp:
+ (JSC::formatLocaleDate):
+
+2012-01-25 Hajime Morita <morrita@google.com>
+
+ ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
+ https://bugs.webkit.org/show_bug.cgi?id=76863
+
+ Reviewed by Dimitri Glazkov.
+
+ Added a feature flag.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2012-01-25 Yong Li <yoli@rim.com>
+
+ [BlackBerry] Implement OSAllocator::commit/decommit.
+ BlackBerry port should support virtual memory decommiting.
+ https://bugs.webkit.org/show_bug.cgi?id=77013
+
+ Reviewed by Rob Buis.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::commit):
+ (WTF::OSAllocator::decommit):
+ * wtf/Platform.h:
+
+2012-01-24 Oliver Hunt <oliver@apple.com>
+
+ Make DFG update topCallFrame
+ https://bugs.webkit.org/show_bug.cgi?id=76969
+
+ Reviewed by Filip Pizlo.
+
+ Add NativeCallFrameTracer to manage topCallFrame assignment
+ in the DFG operations, and make use of it.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationPutByValInternal):
+ ():
+ * interpreter/Interpreter.h:
+ (JSC):
+ (NativeCallFrameTracer):
+ (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
+
+2012-01-24 Filip Pizlo <fpizlo@apple.com>
+
+ Inlining breaks call frame walking when the walking is done from outside the inlinee,
+ but inside a code block that had inlining
+ https://bugs.webkit.org/show_bug.cgi?id=76978
+ <rdar://problem/10720904>
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::codeOriginForReturn):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrame):
+
+2012-01-24 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=76855
+ Implement a JIT-code aware sampling profiler for JSC
+
+ Reviewed by Oliver Hunt.
+
+ Add support to MetaAllocator.cpp to track all live handles in a map,
+ allowing lookup based on any address within the allocation.
+
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocatorTracker::notify):
+ (WTF::MetaAllocatorTracker::release):
+ - Track live handle objects in a map.
+ (WTF::MetaAllocator::release):
+ - Removed support for handles with null m_allocator (no longer used).
+ - Notify the tracker of handles being released.
+ (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
+ - Moved functionality out into MetaAllocator::release.
+ (WTF::MetaAllocatorHandle::shrink):
+ - Removed support for handles with null m_allocator (no longer used).
+ (WTF::MetaAllocator::MetaAllocator):
+ - Initialize m_tracker.
+ (WTF::MetaAllocator::allocate):
+ - Notify the tracker of new allocations.
+ * wtf/MetaAllocator.h:
+ (WTF::MetaAllocatorTracker::find):
+ - Lookup a MetaAllocatorHandle based on an address inside the allocation.
+ (WTF::MetaAllocator::trackAllocations):
+ - Register a callback object to track allocation state.
+ * wtf/MetaAllocatorHandle.h:
+ - Remove unused createSelfManagedHandle/constructor.
+ (WTF::MetaAllocatorHandle::key):
+ - Added, for use in RedBlackTree.
+
+2012-01-24 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Use copying collector for out-of-line JSObject property storage
+ https://bugs.webkit.org/show_bug.cgi?id=76665
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
+ Also added a temporary variable to avoid warnings from GCC.
+ (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
+ operator new. Also added a temporary variable to avoid warnings from GCC.
+ * runtime/JSObject.h:
+
+2012-01-24 Geoffrey Garen <ggaren@apple.com>
+
+ JSValue::toString() should return a JSString* instead of a UString
+ https://bugs.webkit.org/show_bug.cgi?id=76861
+
+ Fixed two failing layout tests after my last patch.
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
+ in all other cases.
+
+ I missed this case because the JSString* type has a valid operator<,
+ so the compiler didn't complain.
+
+2012-01-24 Kenichi Ishibashi <bashi@chromium.org>
+
+ [V8] Add Uint8ClampedArray support
+ https://bugs.webkit.org/show_bug.cgi?id=76803
+
+ Reviewed by Kenneth Russell.
+
+ * wtf/ArrayBufferView.h:
+ (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added.
+ * wtf/Uint8ClampedArray.h:
+ (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true.
+
+2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Add WebKitDownload to WebKit2 GTK+ API
+ https://bugs.webkit.org/show_bug.cgi?id=72949
+
+ Reviewed by Martin Robinson.
+
+ * wtf/gobject/GOwnPtr.cpp:
+ (WTF::GTimer): Use g_timer_destroy() to free a GTimer.
+ * wtf/gobject/GOwnPtr.h: Add GTimer template.
+ * wtf/gobject/GTypedefs.h: Add GTimer forward declaration.
+
+2012-01-24 Ilya Tikhonovsky <loislo@chromium.org>
+
+ Unreviewed build fix for Qt LinuxSH4 build after r105698.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2012-01-23 Geoffrey Garen <ggaren@apple.com>
+
+ JSValue::toString() should return a JSString* instead of a UString
+ https://bugs.webkit.org/show_bug.cgi?id=76861
+
+ Reviewed by Gavin Barraclough.
+
+ This makes the common case -- toString() on a string -- faster and
+ inline-able. (Not a measureable speedup, but we can now remove a bunch
+ of duplicate hand-rolled code for this optimization.)
+
+ This also clarifies the boundary between "C++ strings" and "JS strings".
+
+ In all cases other than true, false, null, undefined, and multi-digit
+ numbers, the JS runtime was just retrieving a UString from a JSString,
+ so returning a JSString* is strictly better. In the other cases, we can
+ optimize to avoid creating a new JSString if we care to, but it doesn't
+ seem to be a big deal.
+
+ * JavaScriptCore.exp: Export!
+
+ * jsc.cpp:
+ (functionPrint):
+ (functionDebug):
+ (functionRun):
+ (functionLoad):
+ (functionCheckSyntax):
+ (runWithScripts):
+ (runInteractive):
+ * API/JSValueRef.cpp:
+ (JSValueToStringCopy):
+ * bytecode/CodeBlock.cpp:
+ (JSC::valueToSourceString): Call value() after calling toString(), to
+ convert from "JS string" (JSString*) to "C++ string" (UString), since
+ toString() no longer returns a "C++ string".
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationValueAddNotNumber):
+ * jit/JITStubs.cpp:
+ (op_add): Updated for removal of toPrimitiveString():
+ all '+' operands can use toString(), except for object operands, which
+ need to take a slow path to call toPrimitive().
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncPush):
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::opIn):
+ * runtime/DateConstructor.cpp:
+ (JSC::dateParse):
+ * runtime/DatePrototype.cpp:
+ (JSC::formatLocaleDate): Call value() after calling toString(), as above.
+
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::create): Simplified down to one canonical create()
+ function, to make string handling easier.
+
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::createInvalidParamError):
+ (JSC::createNotAConstructorError):
+ (JSC::createNotAFunctionError):
+ (JSC::createNotAnObjectError):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncBind):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sort): Call value() after calling toString(), as above.
+
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
+ job now. Doing it in JSCell is slower (requires extra type checking), and
+ creates the misimpression that language-defined toString() behavior is
+ an implementation detail of JSCell.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::encode):
+ (JSC::decode):
+ (JSC::globalFuncEval):
+ (JSC::globalFuncParseInt):
+ (JSC::globalFuncParseFloat):
+ (JSC::globalFuncEscape):
+ (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
+
+ * runtime/JSONObject.cpp:
+ (JSC::unwrapBoxedPrimitive):
+ (JSC::Stringifier::Stringifier):
+ (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
+ takes care of.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::toString):
+ * runtime/JSObject.h: Updated to return JSString*.
+
+ * runtime/JSString.cpp:
+ * runtime/JSString.h:
+ (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
+
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
+ spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
+ basically did what we want all the time. (Note that the toPrimitive()
+ preference changes from NoPreference to PreferString, because that's
+ how ToString is defined in the language. op_add does not want this behavior.)
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToString):
+ (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
+ returns a JSString*.
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetOwnPropertyDescriptor):
+ (JSC::objectConstructorDefineProperty):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncHasOwnProperty):
+ (JSC::objectProtoFuncDefineGetter):
+ (JSC::objectProtoFuncDefineSetter):
+ (JSC::objectProtoFuncLookupGetter):
+ (JSC::objectProtoFuncLookupSetter):
+ (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
+
+ * runtime/Operations.cpp:
+ (JSC::jsAddSlowCase): Need to check for object before taking the toString()
+ fast path becuase adding an object to a string requires calling toPrimitive()
+ on the object, not toString(). (They differ in their preferred conversion
+ type.)
+
+ * runtime/Operations.h:
+ (JSC::jsString):
+ (JSC::jsStringFromArguments): This code gets simpler, now that toString()
+ does the right thing.
+
+ (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
+
+ * runtime/RegExpConstructor.cpp:
+ (JSC::setRegExpConstructorInput):
+ (JSC::constructRegExp):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::match):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncCompile):
+ (JSC::regExpProtoFuncToString): More calls to value(), as above.
+
+ * runtime/StringConstructor.cpp:
+ (JSC::constructWithStringConstructor):
+ (JSC::callStringConstructor): This code gets simpler, now that toString()
+ does the right thing.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::replaceUsingRegExpSearch):
+ (JSC::replaceUsingStringSearch):
+ (JSC::stringProtoFuncReplace):
+ (JSC::stringProtoFuncCharAt):
+ (JSC::stringProtoFuncCharCodeAt):
+ (JSC::stringProtoFuncConcat):
+ (JSC::stringProtoFuncIndexOf):
+ (JSC::stringProtoFuncLastIndexOf):
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ (JSC::stringProtoFuncSlice):
+ (JSC::stringProtoFuncSplit):
+ (JSC::stringProtoFuncSubstr):
+ (JSC::stringProtoFuncSubstring):
+ (JSC::stringProtoFuncToLowerCase):
+ (JSC::stringProtoFuncToUpperCase):
+ (JSC::stringProtoFuncLocaleCompare):
+ (JSC::stringProtoFuncBig):
+ (JSC::stringProtoFuncSmall):
+ (JSC::stringProtoFuncBlink):
+ (JSC::stringProtoFuncBold):
+ (JSC::stringProtoFuncFixed):
+ (JSC::stringProtoFuncItalics):
+ (JSC::stringProtoFuncStrike):
+ (JSC::stringProtoFuncSub):
+ (JSC::stringProtoFuncSup):
+ (JSC::stringProtoFuncFontcolor):
+ (JSC::stringProtoFuncFontsize):
+ (JSC::stringProtoFuncAnchor):
+ (JSC::stringProtoFuncLink):
+ (JSC::trimString): Some of this code gets simpler, now that toString()
+ does the right thing. More calls to value(), as above.
+
+2012-01-23 Luke Macpherson <macpherson@chromium.org>
+
+ Unreviewed, rolling out r105676.
+ http://trac.webkit.org/changeset/105676
+ https://bugs.webkit.org/show_bug.cgi?id=76665
+
+ Breaks build on max due to compile warnings.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::finalize):
+ (JSC::JSObject::visitChildren):
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+
+2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Use copying collector for out-of-line JSObject property storage
+ https://bugs.webkit.org/show_bug.cgi?id=76665
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
+ (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
+ operator new.
+ * runtime/JSObject.h:
+
+2012-01-23 Brian Weinstein <bweinstein@apple.com>
+
+ More build fixing after r105646.
+
+ * JavaScriptCore.exp:
+
+2012-01-23 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=76855
+ Implement a JIT-code aware sampling profiler for JSC
+
+ Reviewed by Geoff Garen.
+
+ Step 2: generalize RedBlackTree. The profiler is going to want tio use
+ a RedBlackTree, allow this class to work with subclasses of
+ RedBlackTree::Node, Node should not need to know the names of the m_key
+ and m_value fields (the subclass can provide a key() accessor), and
+ RedBlackTree does not need to know anything about ValueType.
+
+ * JavaScriptCore.exp:
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocator::findAndRemoveFreeSpace):
+ (WTF::MetaAllocator::debugFreeSpaceSize):
+ (WTF::MetaAllocator::addFreeSpace):
+ * wtf/MetaAllocator.h:
+ (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
+ (WTF::MetaAllocator::FreeSpaceNode::key):
+ * wtf/MetaAllocatorHandle.h:
+ (WTF::MetaAllocatorHandle::key):
+ * wtf/RedBlackTree.h:
+ (WTF::RedBlackTree::Node::successor):
+ (WTF::RedBlackTree::Node::predecessor):
+ (WTF::RedBlackTree::Node::parent):
+ (WTF::RedBlackTree::Node::setParent):
+ (WTF::RedBlackTree::Node::left):
+ (WTF::RedBlackTree::Node::setLeft):
+ (WTF::RedBlackTree::Node::right):
+ (WTF::RedBlackTree::Node::setRight):
+ (WTF::RedBlackTree::insert):
+ (WTF::RedBlackTree::remove):
+ (WTF::RedBlackTree::findExact):
+ (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
+ (WTF::RedBlackTree::findGreatestLessThanOrEqual):
+ (WTF::RedBlackTree::first):
+ (WTF::RedBlackTree::last):
+ (WTF::RedBlackTree::size):
+ (WTF::RedBlackTree::treeMinimum):
+ (WTF::RedBlackTree::treeMaximum):
+ (WTF::RedBlackTree::treeInsert):
+ (WTF::RedBlackTree::leftRotate):
+ (WTF::RedBlackTree::rightRotate):
+ (WTF::RedBlackTree::removeFixup):
+
+2012-01-23 Andy Estes <aestes@apple.com>
+
+ Fix the build after r105635.
+
+ * JavaScriptCore.exp:
+
+2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove StackBounds from JSGlobalData
+ https://bugs.webkit.org/show_bug.cgi?id=76310
+
+ Reviewed by Sam Weinig.
+
+ Removed StackBounds and the stack() function from JSGlobalData since it no
+ longer accessed any members of JSGlobalData.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::addCurrentThread):
+ (JSC::MachineThreads::gatherFromCurrentThread):
+ * parser/Parser.cpp:
+ (JSC::::Parser):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+
+2012-01-23 Gavin Barraclough <barraclough@apple.com>
+
+ Implement a JIT-code aware sampling profiler for JSC
+ https://bugs.webkit.org/show_bug.cgi?id=76855
+
+ Rubber stanmped by Geoff Garen.
+
+ Mechanical change - pass CodeBlock through to the executable allocator,
+ such that we will be able to map ranges of JIT code back to their owner.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::executableCopy):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ (JSC::AssemblerBufferWithConstantPool::executableCopy):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::executableCopy):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::executableCopy):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGThunks.cpp:
+ (JSC::DFG::osrExitGenerationThunkGenerator):
+ * jit/ExecutableAllocator.cpp:
+ (JSC::ExecutableAllocator::allocate):
+ * jit/ExecutableAllocator.h:
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::ExecutableAllocator::allocate):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITStubs.cpp:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+2012-01-23 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Basic enhancements to StringBuilder
+ https://bugs.webkit.org/show_bug.cgi?id=67081
+
+ This change contains the following enhancements to StringBuilder,
+ for convenience, performance, testability, etc.:
+ - Change toStringPreserveCapacity() to const
+ - new public methods: capacity(), swap(), toAtomicString(), canShrink()
+ and append(const StringBuilder&)
+ - == and != opearators to compare StringBuilders and a StringBuilder/String
+
+ Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/AtomicString.cpp:
+ (WTF::SubstringTranslator::hash):
+ (WTF::SubstringTranslator::equal):
+ (WTF::SubstringTranslator::translate):
+ (WTF::AtomicString::add):
+ (WTF::AtomicString::addSlowCase):
+ * wtf/text/AtomicString.h:
+ (WTF::AtomicString::AtomicString):
+ (WTF::AtomicString::add):
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::reifyString):
+ (WTF::StringBuilder::resize):
+ (WTF::StringBuilder::canShrink):
+ (WTF::StringBuilder::shrinkToFit):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::append):
+ (WTF::StringBuilder::toString):
+ (WTF::StringBuilder::toStringPreserveCapacity):
+ (WTF::StringBuilder::toAtomicString):
+ (WTF::StringBuilder::isEmpty):
+ (WTF::StringBuilder::capacity):
+ (WTF::StringBuilder::is8Bit):
+ (WTF::StringBuilder::swap):
+ (WTF::equal):
+ (WTF::operator==):
+ (WTF::operator!=):
+ * wtf/text/StringImpl.h:
+
+2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Add missing files, remove deleted files and
+ fix indentation.
+
+2012-01-22 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix for non-DFG platforms that error out on warn-unused-parameter.
+
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::computeFor):
+ * bytecode/GetByIdStatus.cpp:
+ (JSC::GetByIdStatus::computeFor):
+ * bytecode/MethodCallLinkStatus.cpp:
+ (JSC::MethodCallLinkStatus::computeFor):
+ * bytecode/PutByIdStatus.cpp:
+ (JSC::PutByIdStatus::computeFor):
+
+2012-01-22 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix for non-DFG platforms.
+
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::computeFor):
+ * bytecode/GetByIdStatus.cpp:
+ (JSC::GetByIdStatus::computeFor):
+ * bytecode/MethodCallLinkStatus.cpp:
+ (JSC::MethodCallLinkStatus::computeFor):
+ * bytecode/PutByIdStatus.cpp:
+ (JSC::PutByIdStatus::computeFor):
+
+2012-01-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not have code that directly decodes the states of old JIT inline
+ cache data structures
+ https://bugs.webkit.org/show_bug.cgi?id=76768
+
+ Reviewed by Sam Weinig.
+
+ Introduced new classes (like GetByIdStatus) that encapsulate the set of things
+ that the DFG would like to know about property accesses and calls. Whereas it
+ previously got this information by directly decoding the data structures used
+ by the old JIT for inline caching, it now uses these classes, which do the work
+ for it. This should make it somewhat more straight forward to introduce new
+ ways of profiling the same information.
+
+ Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by
+ code in bytecode/.
+
+ Making this work right involved carefully ensuring that the heuristics for
+ choosing how to handle property accesses was at least as good as what we had
+ before, since I completely restructured that code. Currently the performance
+ looks neutral. Since I rewrote the code I did change some things that I never
+ liked before, like previously if a put_bu_id had executed exactly once then
+ we'd compile it as if it had taken slow-path. Executing once is special because
+ then the inline cache is not baked in, so there is no information about how the
+ DFG should optimize the code. Now this is rationalized: if the put_by_id does
+ not offer enough information to be optimized (i.e. had executed 0 or 1 times)
+ then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id
+ still has the old behavior; I left it that way because I didn't want to make
+ too many changes at once.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CallLinkStatus.cpp: Added.
+ (JSC::CallLinkStatus::computeFor):
+ * bytecode/CallLinkStatus.h: Added.
+ (JSC::CallLinkStatus::CallLinkStatus):
+ (JSC::CallLinkStatus::isSet):
+ (JSC::CallLinkStatus::operator!):
+ (JSC::CallLinkStatus::couldTakeSlowPath):
+ (JSC::CallLinkStatus::callTarget):
+ * bytecode/GetByIdStatus.cpp: Added.
+ (JSC::GetByIdStatus::computeFor):
+ * bytecode/GetByIdStatus.h: Added.
+ (JSC::GetByIdStatus::GetByIdStatus):
+ (JSC::GetByIdStatus::state):
+ (JSC::GetByIdStatus::isSet):
+ (JSC::GetByIdStatus::operator!):
+ (JSC::GetByIdStatus::isSimpleDirect):
+ (JSC::GetByIdStatus::takesSlowPath):
+ (JSC::GetByIdStatus::makesCalls):
+ (JSC::GetByIdStatus::structureSet):
+ (JSC::GetByIdStatus::offset):
+ * bytecode/MethodCallLinkStatus.cpp: Added.
+ (JSC::MethodCallLinkStatus::computeFor):
+ * bytecode/MethodCallLinkStatus.h: Added.
+ (JSC::MethodCallLinkStatus::MethodCallLinkStatus):
+ (JSC::MethodCallLinkStatus::isSet):
+ (JSC::MethodCallLinkStatus::operator!):
+ (JSC::MethodCallLinkStatus::needsPrototypeCheck):
+ (JSC::MethodCallLinkStatus::structure):
+ (JSC::MethodCallLinkStatus::prototypeStructure):
+ (JSC::MethodCallLinkStatus::function):
+ (JSC::MethodCallLinkStatus::prototype):
+ * bytecode/PutByIdStatus.cpp: Added.
+ (JSC::PutByIdStatus::computeFor):
+ * bytecode/PutByIdStatus.h: Added.
+ (JSC::PutByIdStatus::PutByIdStatus):
+ (JSC::PutByIdStatus::state):
+ (JSC::PutByIdStatus::isSet):
+ (JSC::PutByIdStatus::operator!):
+ (JSC::PutByIdStatus::isSimpleReplace):
+ (JSC::PutByIdStatus::isSimpleTransition):
+ (JSC::PutByIdStatus::takesSlowPath):
+ (JSC::PutByIdStatus::oldStructure):
+ (JSC::PutByIdStatus::newStructure):
+ (JSC::PutByIdStatus::structureChain):
+ (JSC::PutByIdStatus::offset):
+ * bytecode/StructureSet.h: Added.
+ (JSC::StructureSet::StructureSet):
+ (JSC::StructureSet::clear):
+ (JSC::StructureSet::add):
+ (JSC::StructureSet::addAll):
+ (JSC::StructureSet::remove):
+ (JSC::StructureSet::contains):
+ (JSC::StructureSet::isSubsetOf):
+ (JSC::StructureSet::isSupersetOf):
+ (JSC::StructureSet::size):
+ (JSC::StructureSet::at):
+ (JSC::StructureSet::operator[]):
+ (JSC::StructureSet::last):
+ (JSC::StructureSet::predictionFromStructures):
+ (JSC::StructureSet::operator==):
+ (JSC::StructureSet::dump):
+ * dfg/DFGAbstractValue.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGStructureSet.h: Removed.
+
+2012-01-20 Filip Pizlo <fpizlo@apple.com>
+
+ JIT compilation should not require ExecState
+ https://bugs.webkit.org/show_bug.cgi?id=76729
+ <rdar://problem/10731545>
+
+ Reviewed by Gavin Barraclough.
+
+ Changed the relevant JIT driver functions to take JSGlobalData& instead of
+ ExecState*, since really they just needed the global data.
+
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGDriver.h:
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * jit/JITDriver.h:
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2012-01-20 David Levin <levin@chromium.org>
+
+ Make OwnPtr<HDC> work for the Chromium Windows port.
+ https://bugs.webkit.org/show_bug.cgi?id=76738
+
+ Reviewed by Jian Li.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the
+ Chromium Windows build.
+ * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for
+ OwnPtr<HDC> and similar constructs.
+
+2012-01-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed some regexp entry boilerplate code
+ https://bugs.webkit.org/show_bug.cgi?id=76687
+
+ Reviewed by Darin Adler.
+
+ 1% - 2% speedup on regexp tests, no change overall.
+
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match):
+ - ASSERT that our startIndex is non-negative, because anything less
+ would be uncivilized.
+
+ - ASSERT that our input is not the null string for the same reason.
+
+ - No need to test for startOffset being past the end of the string,
+ since the regular expression engine will do this test for us.
+
+ - No need to initialize the output vector, since the regular expression
+ engine will fill it in for us.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::interpret):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+ RegExp used to do these jobs for us, but now we do them for ourselves
+ because it's a better separation of concerns, and the JIT can do them
+ more efficiently than C++ code:
+
+ - Test for "past the end" before doing any matching -- otherwise
+ a* will match with zero length past the end of the string, which is wrong.
+
+ - Initialize the output vector before doing any matching.
+
+2012-01-20 Filip Pizlo <fpizlo@apple.com>
+
+ Build fix for no-DFG configuration.
+ Needed for <rdar://problem/10727689>.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitProfiledOpcode):
+ * jit/JIT.h:
+ (JSC::JIT::emitValueProfilingSite):
+
+2012-01-19 Filip Pizlo <fpizlo@apple.com>
+
+ Bytecode instructions that may have value profiling should have a direct inline
+ link to the ValueProfile instance
+ https://bugs.webkit.org/show_bug.cgi?id=76682
+ <rdar://problem/10727689>
+
+ Reviewed by Sam Weinig.
+
+ Each opcode that gets value profiled now has a link to its ValueProfile. This
+ required rationalizing the emission of value profiles for opcode combos, like
+ op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
+ sense for one of them to have a value profile link, and it makes most sense
+ for it to be the one that actually sets the result. The previous behavior was
+ to have op_method_check profile for op_get_by_id when they were used together,
+ but otherwise for op_get_by_id to have its own profiles. op_call already did
+ the right thing; all profiling was done by op_call_put_result.
+
+ But rationalizing this code required breaking some of the natural boundaries
+ that the code had; for instance the code in DFG that emits a GetById in place
+ of both op_method_check and op_get_by_id must now know that it's the latter of
+ those that has the value profile, while the first of those constitutes the OSR
+ target. Hence each CodeOrigin must now have two bytecode indices - one for
+ OSR exit and one for profiling.
+
+ Finally this change required some refiddling of our optimization heuristics,
+ because now all code blocks have "more instructions" due to the value profile
+ slots.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::printGetByIdOp):
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::valueProfileForBytecodeOffset):
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::CodeOrigin):
+ (JSC::CodeOrigin::bytecodeIndexForValueProfile):
+ * bytecode/Instruction.h:
+ (JSC::Instruction::Instruction):
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitProfiledOpcode):
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitGetScopedVar):
+ (JSC::BytecodeGenerator::emitResolveBase):
+ (JSC::BytecodeGenerator::emitResolveBaseForPut):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitResolveWithThis):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitGetByVal):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitCallVarargs):
+ (JSC::BytecodeGenerator::emitConstruct):
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::currentCodeOrigin):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueProfileFor):
+ * jit/JIT.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITCall.cpp:
+ (JSC::JIT::emit_op_call_put_result):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emit_op_call_put_result):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ (JSC::JIT::emitSlow_op_resolve_global_dynamic):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::emitSlow_op_method_check):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::emitSlow_op_method_check):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::callWithValueProfiling):
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions):
+
+2012-01-20 ChangSeok Oh <shivamidow@gmail.com>
+
+ undefined reference to symbol eina_module_free
+ https://bugs.webkit.org/show_bug.cgi?id=76681
+
+ Reviewed by Martin Robinson.
+
+ eina_module_free has been used without including eina libraries after r104936.
+
+ * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES.
+
+2012-01-19 Tony Chang <tony@chromium.org>
+
+ [chromium] Remove an obsolete comment about features.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=76643
+
+ There can be only one features.gypi.
+
+ Reviewed by James Robinson.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2012-01-19 Geoffrey Garen <ggaren@apple.com>
+
+ Implicit creation of a regular expression should eagerly check for syntax errors
+ https://bugs.webkit.org/show_bug.cgi?id=76642
+
+ Reviewed by Oliver Hunt.
+
+ This is a correctness fix and a slight optimization.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
+ correct behavior.
+
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
+ of code change, many lines of indentation change.)
+
+ Since we have no clients that try to match a RegExp that is a syntax error,
+ let's optimize out the check.
+
+2012-01-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Implement a new allocator for backing stores
+ https://bugs.webkit.org/show_bug.cgi?id=75181
+
+ Reviewed by Filip Pizlo.
+
+ We want to move away from using fastMalloc for the backing stores for
+ some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing
+ stores have a nice property in that they only have a single owner (i.e. a
+ single pointer to them at any one time). One way that we can take advantage
+ of this property is to implement a simple bump allocator/copying collector,
+ which will run alongside our normal mark/sweep collector, that only needs to
+ update the single owner pointer rather than having to redirect an arbitrary
+ number of pointers in from-space to to-space.
+
+ This plan can give us a number of benefits. We can beat fastMalloc in terms
+ of both performance and memory usage, we can track how much memory we're using
+ far more accurately than our rough estimation now through the use of
+ reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed
+ to being limited to size classes like we have been historically). This is also
+ another step toward moving away from lazy destruction, which will improve our memory footprint.
+
+ We start by creating said allocator and moving the ArrayStorage for JSArray
+ to use it rather than fastMalloc.
+
+ The design of the collector is as follows:
+ Allocation:
+ -The collector allocates 64KB chunks from the OS to use for object allocation.
+ -Each chunk contains an offset, a flag indicating if the block has been pinned,
+ and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
+ -Any allocation greater than 64KB gets its own separate oversize block, which
+ is managed separately from the rest.
+ -If the allocator receives a request for more than the remaining amount in the
+ current block, it grabs a fresh block.
+ -Grabbing a fresh block means grabbing one off of the global free list (which is now
+ shared between the mark/sweep allocator and the bump allocator) if there is one.
+ If there isn't a new one we do one of two things: allocate a new block from the OS
+ if we're not ready for a GC yet, or run a GC and then try again. If we still don't
+ have enough space after the GC, we allocate a new block from the OS.
+
+ Garbage collection:
+ -At the start of garbage collection during conservative stack scanning, if we encounter
+ what appears to be a pointer to a bump-allocated block of memory, we pin that block so
+ that it will not be copied for this round of collection.
+ -We also pin any oversize blocks that we encounter, which effectively doubles as a
+ "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying
+ are given back to the OS.
+ -Marking threads are now also responsible for copying bump-allocated objects to newSpace
+ -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
+ -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
+ -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
+ -At the conclusion of copying (which is done by the end of the marking phase), we un-pin
+ any pinned blocks and give any blocks left in from-space to the global free list.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * heap/AllocationSpace.cpp:
+ (JSC::AllocationSpace::allocateSlowCase):
+ (JSC::AllocationSpace::allocateBlock):
+ (JSC::AllocationSpace::freeBlocks):
+ * heap/AllocationSpace.h:
+ (JSC::AllocationSpace::waterMark):
+ * heap/BumpBlock.h: Added.
+ (JSC::BumpBlock::BumpBlock):
+ * heap/BumpSpace.cpp: Added.
+ (JSC::BumpSpace::tryAllocateSlowCase):
+ * heap/BumpSpace.h: Added.
+ (JSC::BumpSpace::isInCopyPhase):
+ (JSC::BumpSpace::totalMemoryAllocated):
+ (JSC::BumpSpace::totalMemoryUtilized):
+ * heap/BumpSpaceInlineMethods.h: Added.
+ (JSC::BumpSpace::BumpSpace):
+ (JSC::BumpSpace::init):
+ (JSC::BumpSpace::contains):
+ (JSC::BumpSpace::pin):
+ (JSC::BumpSpace::startedCopying):
+ (JSC::BumpSpace::doneCopying):
+ (JSC::BumpSpace::doneFillingBlock):
+ (JSC::BumpSpace::recycleBlock):
+ (JSC::BumpSpace::getFreshBlock):
+ (JSC::BumpSpace::borrowBlock):
+ (JSC::BumpSpace::addNewBlock):
+ (JSC::BumpSpace::allocateNewBlock):
+ (JSC::BumpSpace::fitsInBlock):
+ (JSC::BumpSpace::fitsInCurrentBlock):
+ (JSC::BumpSpace::tryAllocate):
+ (JSC::BumpSpace::tryAllocateOversize):
+ (JSC::BumpSpace::allocateFromBlock):
+ (JSC::BumpSpace::tryReallocate):
+ (JSC::BumpSpace::tryReallocateOversize):
+ (JSC::BumpSpace::isOversize):
+ (JSC::BumpSpace::isPinned):
+ (JSC::BumpSpace::oversizeBlockFor):
+ (JSC::BumpSpace::blockFor):
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::ConservativeRoots):
+ (JSC::ConservativeRoots::genericAddPointer):
+ (JSC::ConservativeRoots::add):
+ * heap/ConservativeRoots.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::blockFreeingThreadMain):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ (JSC::Heap::releaseFreeBlocks):
+ * heap/Heap.h:
+ (JSC::Heap::waterMark):
+ (JSC::Heap::highWaterMark):
+ (JSC::Heap::setHighWaterMark):
+ (JSC::Heap::tryAllocateStorage):
+ (JSC::Heap::tryReallocateStorage):
+ * heap/HeapBlock.h: Added.
+ (JSC::HeapBlock::HeapBlock):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::SlotVisitor::drain):
+ (JSC::SlotVisitor::drainFromShared):
+ (JSC::SlotVisitor::startCopying):
+ (JSC::SlotVisitor::allocateNewSpace):
+ (JSC::SlotVisitor::copy):
+ (JSC::SlotVisitor::copyAndAppend):
+ (JSC::SlotVisitor::doneCopying):
+ * heap/MarkStack.h:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::recycle):
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h:
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::forEachBlock):
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::SlotVisitor):
+ * heap/TinyBloomFilter.h:
+ (JSC::TinyBloomFilter::reset):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ (JSC::JSArray::finishCreation):
+ (JSC::JSArray::tryFinishCreationUninitialized):
+ (JSC::JSArray::~JSArray):
+ (JSC::JSArray::enterSparseMode):
+ (JSC::JSArray::defineOwnNumericProperty):
+ (JSC::JSArray::setLengthWritable):
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ (JSC::JSArray::deletePropertyByIndex):
+ (JSC::JSArray::getOwnPropertyNames):
+ (JSC::JSArray::increaseVectorLength):
+ (JSC::JSArray::unshiftCountSlowCase):
+ (JSC::JSArray::setLength):
+ (JSC::JSArray::pop):
+ (JSC::JSArray::unshiftCount):
+ (JSC::JSArray::visitChildren):
+ (JSC::JSArray::sortNumeric):
+ (JSC::JSArray::sort):
+ (JSC::JSArray::compactForSorting):
+ (JSC::JSArray::subclassData):
+ (JSC::JSArray::setSubclassData):
+ (JSC::JSArray::checkConsistency):
+ * runtime/JSArray.h:
+ (JSC::JSArray::inSparseMode):
+ (JSC::JSArray::isLengthWritable):
+ * wtf/CheckedBoolean.h: Added.
+ (CheckedBoolean::CheckedBoolean):
+ (CheckedBoolean::~CheckedBoolean):
+ (CheckedBoolean::operator bool):
+ * wtf/DoublyLinkedList.h:
+ (WTF::::push):
+ * wtf/StdLibExtras.h:
+ (WTF::isPointerAligned):
+
+2012-01-19 Joi Sigurdsson <joi@chromium.org>
+
+ Enable use of precompiled headers in Chromium port on Windows.
+
+ Bug 76381 - Use precompiled headers in Chromium port on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=76381
+
+ Reviewed by Tony Chang.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi.
+
+2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
+
+ Cross-platform processor core counter fix
+ https://bugs.webkit.org/show_bug.cgi?id=76540
+
+ Reviewed by Zoltan Herczeg.
+
+ I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)"
+ and I removed the OS checking macros from ParallelJobsGeneric.cpp because
+ the NumberOfCores.cpp contains them for counting CPU cores.
+ The processor core counter patch located at
+ https://bugs.webkit.org/show_bug.cgi?id=76530
+
+ * wtf/NumberOfCores.cpp:
+ * wtf/ParallelJobsGeneric.cpp:
+
+2012-01-18 Csaba Osztrogonác <ossy@webkit.org>
+
+ Cross-platform processor core counter
+ https://bugs.webkit.org/show_bug.cgi?id=76530
+
+ Unreviewed cross-MinGW buildfix after r105270.
+
+ * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h.
+
+2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
+
+ Cross-platform processor core counter
+ https://bugs.webkit.org/show_bug.cgi?id=76530
+
+ Reviewed by Zoltan Herczeg.
+
+ Two files have been created that include the processor core counter function.
+ It used to be in ParallelJobsGeneric.h/cpp before.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions):
+ * wtf/CMakeLists.txt:
+ * wtf/NumberOfCores.cpp: Added.
+ (WTF::numberOfProcessorCores):
+ * wtf/NumberOfCores.h: Added.
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ * wtf/ParallelJobsGeneric.h:
+
+2012-01-18 Balazs Kelemen <kbalazs@webkit.org>
+
+ [Qt] Consolidate layout test crash logging
+ https://bugs.webkit.org/show_bug.cgi?id=75088
+
+ Reviewed by Simon Hausmann.
+
+ Move backtrace generating logic into WTFReportBacktrace
+ and add a way to deinstall signal handlers if we know
+ that we have already printed the backtrace.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/Assertions.cpp:
+ (WTFLogLocker::WTFReportBacktrace):
+ (WTFLogLocker::WTFSetCrashHook):
+ (WTFLogLocker::WTFInvokeCrashHook):
+ * wtf/Assertions.h:
+
+2012-01-17 Geoffrey Garen <ggaren@apple.com>
+
+ Factored out some code into a helper function.
+
+ I think this might help getting rid of omit-frame-pointer.
+
+ Reviewed by Sam Weinig.
+
+ No benchmark change.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::removeUsingRegExpSearch): Moved to here...
+ (JSC::replaceUsingRegExpSearch): ...from here.
+
+2012-01-17 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
+
+ Uint8ClampedArray support
+ https://bugs.webkit.org/show_bug.cgi?id=74455
+
+ Reviewed by Filip Pizlo.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC::isUint8ClampedArrayPrediction):
+ (JSC::isActionableMutableArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::clampDoubleToByte):
+ (JSC::DFG::compileClampIntegerToByte):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.h:
+ * wtf/Forward.h:
+ * wtf/Uint8Array.h:
+ * wtf/Uint8ClampedArray.h: Added.
+ (WTF::Uint8ClampedArray::set):
+ (WTF::Uint8ClampedArray::create):
+ (WTF::Uint8ClampedArray::Uint8ClampedArray):
+ (WTF::Uint8ClampedArray::subarray):
+
+2012-01-17 Sam Weinig <sam@webkit.org>
+
+ Add helper macro for forward declaring objective-c classes
+ https://bugs.webkit.org/show_bug.cgi?id=76485
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Compiler.h:
+ Add OBJC_CLASS macro which helps reduce code when forward declaring an
+ objective-c class in a header which can be included from both Objective-C
+ and non-Objective-C files.
+
+2012-01-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should be able to do JS and custom getter caching
+ https://bugs.webkit.org/show_bug.cgi?id=76361
+
+ Reviewed by Csaba Osztrogonác.
+
+ Fix for 32-bit.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDList):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-01-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should be able to do JS and custom getter caching
+ https://bugs.webkit.org/show_bug.cgi?id=76361
+ <rdar://problem/10698060>
+
+ Reviewed by Geoff Garen.
+
+ Added the ability to cache JS getter calls and custom getter calls in the DFG.
+ Most of this is pretty mundane, since the old JIT supported this functionality
+ as well. But a couple interesting things had to happen:
+
+ - There are now two variants of GetById: GetById, which works as before, and
+ GetByIdFlush, which flushes registers prior to doing the GetById. Only
+ GetByIdFlush can be used for caching getters. We detect which GetById style
+ to use by looking at the inline caches of the old JIT.
+
+ - Exception handling for getter calls planted in stubs uses a separate lookup
+ handler routine, which uses the CodeOrigin stored in the StructureStubInfo.
+
+ This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of
+ the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and
+ Kraken.
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::willNeedFlush):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCCallHelpers.h:
+ (JSC::DFG::CCallHelpers::setupResults):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
+ (JSC::DFG::JITCompiler::addExceptionCheck):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-01-16 Jon Lee <jonlee@apple.com>
+
+ Build fix for r105086.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2012-01-16 Jon Lee <jonlee@apple.com>
+
+ Remove HTML notifications support on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=76401
+ <rdar://problem/10589881>
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro.
+
+2012-01-16 Zeno Albisser <zeno@webkit.org>
+
+ [Qt] Fix QT_VERSION related warnings when building on Mac OS X
+ https://bugs.webkit.org/show_bug.cgi?id=76340
+
+ This bug was caused by r104826.
+ As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239
+ we should not use "using namespace WebCore" in header files,
+ because it might cause ambiguous references.
+ This patch reverts the changes from r104826 and r104981
+ and removes the "using namespace WebCore" statement from
+ two header files.
+
+ Reviewed by Tor Arne Vestbø.
+
+ * wtf/Platform.h:
+
+2012-01-16 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck.
+
+ * GNUmakefile.list.am: Fix typo.
+
+2012-01-16 Pavel Heimlich <tropikhajma@gmail.com>
+
+ Solaris Studio supports alignment macros too
+ https://bugs.webkit.org/show_bug.cgi?id=75453
+
+ Reviewed by Hajime Morita.
+
+ * wtf/Alignment.h:
+
+2012-01-16 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Build fix on 32bit if verbose debug is enabled in DFG
+ https://bugs.webkit.org/show_bug.cgi?id=76351
+
+ Reviewed by Hajime Morita.
+
+ Mostly change "%lu" to "%zu" to print a "size_t" variable.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::endBasicBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+
+2012-01-15 Filip Pizlo <fpizlo@apple.com>
+
+ The C calling convention logic in DFG::SpeculativeJIT should be available even
+ when not generating code for the DFG speculative path
+ https://bugs.webkit.org/show_bug.cgi?id=76355
+
+ Reviewed by Dan Bernstein.
+
+ Moved all of the logic for placing C call arguments into the right place (stack
+ or registers) into a new class, DFG::CCallHelpers. This class inherits from
+ AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved
+ this code into AssemblyHelpers, but decided against it, because I wanted to
+ limit the number of methods each class in the JIT has. Hence now we have a
+ slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction
+ emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers
+ (understands calls to C functions) <= JITCompiler (can compile a graph to machine
+ code). Each of these except for JITCompiler can be reused for stub compilation.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGCCallHelpers.h: Added.
+ (JSC::DFG::CCallHelpers::CCallHelpers):
+ (JSC::DFG::CCallHelpers::resetCallArguments):
+ (JSC::DFG::CCallHelpers::addCallArgument):
+ (JSC::DFG::CCallHelpers::setupArguments):
+ (JSC::DFG::CCallHelpers::setupArgumentsExecState):
+ (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
+ (JSC::DFG::CCallHelpers::setupTwoStubArgs):
+ (JSC::DFG::CCallHelpers::setupStubArguments):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::JITCompiler):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callOperation):
+
+2012-01-15 Pablo Flouret <pablof@motorola.com>
+
+ Fix compilation errors on build-webkit --debug --no-video on mac.
+ https://bugs.webkit.org/show_bug.cgi?id=75867
+
+ Reviewed by Philippe Normand.
+
+ Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature
+ doesn't build without video.
+
+ * wtf/Platform.h:
+
+2012-01-14 David Levin <levin@chromium.org>
+
+ HWndDC should be in platform/win instead of wtf.
+ https://bugs.webkit.org/show_bug.cgi?id=76314
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+
+2012-01-13 David Levin <levin@chromium.org>
+
+ check-webkit-style: should encourage the use of Own* classes for Windows DC.
+ https://bugs.webkit.org/show_bug.cgi?id=76227
+
+ Reviewed by Dirk Pranke.
+
+ * wtf/win/HWndDCWin.h:
+ (WTF::HwndDC::HwndDC): Add a way to do GetDCEx.
+ There are no users, but I want to catch this in check-webkit-style
+ and tell any users to use HwndDC to avoid leaks.
+
+2012-01-13 David Levin <levin@chromium.org>
+
+ Header file is missing header guard.
+
+ Reviewed by Dirk Pranke.
+
+ * wtf/win/HWndDCWin.h: Added the guards.
+
+2012-01-13 Andy Wingo <wingo@igalia.com>
+
+ Eval in strict mode does not need dynamic checks
+ https://bugs.webkit.org/show_bug.cgi?id=76286
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation):
+ Eval in strict mode cannot introduce variables, so it not impose
+ the need for dynamic checks.
+
+2012-01-13 David Levin <levin@chromium.org>
+
+ HWndDC is a better name than HwndDC.
+ https://bugs.webkit.org/show_bug.cgi?id=76281
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h.
+ (WTF::HWndDC::HWndDC):
+ (WTF::HWndDC::~HWndDC):
+ (WTF::HWndDC::operator HDC):
+
+2012-01-13 YoungTaeck Song <youngtaeck.song@samsung.com>
+
+ [EFL] Add OwnPtr specialization for Eina_Module.
+ https://bugs.webkit.org/show_bug.cgi?id=76255
+
+ Reviewed by Andreas Kling.
+
+ Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port.
+
+ * wtf/OwnPtrCommon.h:
+ * wtf/efl/OwnPtrEfl.cpp:
+ (WTF::deleteOwnedPtr):
+
+2012-01-13 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2012-01-12 Hajime Morrita <morrita@chromium.org>
+
+ JavaScriptCore: Mark all exported symbols in the header file automatically.
+ https://bugs.webkit.org/show_bug.cgi?id=72855
+
+ Reviewed by Darin Adler.
+
+ Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files.
+ The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables)
+
+ * API/OpaqueJSString.h:
+ * bytecode/CodeBlock.h:
+ * bytecode/SamplingTool.h:
+ * debugger/Debugger.h:
+ * debugger/DebuggerActivation.h:
+ * debugger/DebuggerCallFrame.h:
+ * heap/AllocationSpace.h:
+ * heap/HandleHeap.h:
+ * heap/Heap.h:
+ * heap/MachineStackMarker.h:
+ * heap/MarkStack.h:
+ * heap/VTableSpectrum.h:
+ * heap/WriteBarrierSupport.h:
+ * parser/Nodes.h:
+ * parser/ParserArena.h:
+ * profiler/Profile.h:
+ * runtime/ArgList.h:
+ * runtime/CallData.h:
+ * runtime/Completion.h:
+ * runtime/ConstructData.h:
+ * runtime/DateInstance.h:
+ * runtime/Error.h:
+ * runtime/ExceptionHelpers.h:
+ * runtime/FunctionConstructor.h:
+ * runtime/Identifier.h:
+ * runtime/InitializeThreading.h:
+ * runtime/InternalFunction.h:
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalThis.h:
+ * runtime/JSLock.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ * runtime/JSValue.h:
+ * runtime/JSVariableObject.h:
+ * runtime/Lookup.h:
+ * runtime/MemoryStatistics.h:
+ * runtime/ObjectPrototype.h:
+ * runtime/Options.h:
+ * runtime/PropertyDescriptor.h:
+ * runtime/PropertyNameArray.h:
+ * runtime/PropertySlot.h:
+ * runtime/RegExp.h:
+ * runtime/RegExpObject.h:
+ * runtime/SamplingCounter.h:
+ * runtime/SmallStrings.h:
+ * runtime/StringObject.h:
+ * runtime/Structure.h:
+ * runtime/TimeoutChecker.h:
+ * runtime/UString.h:
+ * runtime/WriteBarrier.h:
+ * wtf/ArrayBufferView.h:
+ * wtf/ByteArray.h:
+ * wtf/CryptographicallyRandomNumber.h:
+ * wtf/CurrentTime.h:
+ * wtf/DateMath.h:
+ * wtf/DecimalNumber.h:
+ * wtf/FastMalloc.cpp:
+ * wtf/FastMalloc.h:
+ * wtf/MD5.h:
+ * wtf/MainThread.h:
+ * wtf/MetaAllocator.h:
+ * wtf/MetaAllocatorHandle.h:
+ * wtf/OSAllocator.h:
+ * wtf/PageBlock.h:
+ * wtf/RandomNumber.h:
+ * wtf/RefCountedLeakCounter.h:
+ * wtf/SHA1.h:
+ * wtf/Threading.cpp:
+ * wtf/Threading.h:
+ * wtf/ThreadingPrimitives.h:
+ * wtf/WTFThreadData.h:
+ * wtf/dtoa.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/CString.h:
+ * wtf/text/StringBuilder.h:
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.h:
+ * wtf/unicode/Collator.h:
+ * wtf/unicode/UTF8.h:
+ * yarr/Yarr.h:
+ * yarr/YarrPattern.h:
+
+2012-01-12 MORITA Hajime <morrita@google.com>
+
+ [Chromium] JSExportMacros.h should be visible.
+ https://bugs.webkit.org/show_bug.cgi?id=76147
+
+ Reviewed by Tony Chang.
+
+ * config.h:
+
+2012-01-12 David Levin <levin@chromium.org>
+
+ HwndDC is a better name than OwnGetDC.
+ https://bugs.webkit.org/show_bug.cgi?id=76235
+
+ Reviewed by Dmitry Titov.
+
+ This is a better name for two reasons:
+ 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC).
+ 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr)
+ classes always take something to hold on to. In this case, the object (the DC)
+ is created by the class once it is given a Window to ensure that the HDC
+ was actually created using GetDC.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h.
+ (WTF::HwndDC::HwndDC):
+ (WTF::HwndDC::~HwndDC):
+ (WTF::HwndDC::operator HDC):
+
+2012-01-12 Gavin Barraclough <barraclough@apple.com>
+
+ Clean up putDirect (part 2)
+ https://bugs.webkit.org/show_bug.cgi?id=76232
+
+ Reviewed by Sam Weinig.
+
+ Rename putWithAttributes to putDirectVirtual, to identify that this
+ has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
+ to be templated on an enum indicating which behaviour it is supposed to be
+ implementing, and change clients that are defining properties to call
+ putDirectInternal correctly.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectSetProperty):
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::putDirectVirtual):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * runtime/ClassInfo.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::putDirectVirtual):
+ * runtime/JSActivation.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putDirectVirtual):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::putDirectVirtual):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::putDirectVirtual):
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::initializeGetterSetterProperty):
+ (JSC::JSObject::defineSetter):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putOwnDataProperty):
+ (JSC::JSObject::putDirect):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::putDirectVirtual):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::putDirectVirtual):
+ * runtime/JSVariableObject.h:
+
+2012-01-12 Gavin Barraclough <barraclough@apple.com>
+
+ Clean up putDirect (part 1)
+ https://bugs.webkit.org/show_bug.cgi?id=76232
+
+ Reviewed by Sam Weinig.
+
+ putDirect has ambiguous semantics, clean these up a bit.
+
+ putDirect generally behaves a bit like a fast defineOwnProperty, but one that
+ always creates the property, with no checking to validate the put it permitted.
+
+ It also encompasses two slightly different behaviors.
+ (1) a fast form of put for JSActivation, which doesn't have to handle searching
+ the prototype chain, getter/setter properties, or the magic __proto__ value.
+ Break this out as a new method, 'putOwnDataProperty'.
+ (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
+ values, in strict mode. This is, however, not so smart on a few level, since
+ it is only called from op_put_by_id with direct set, which is only used with
+ an object as the base, and is only used to put new properties onto objects.
+
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::put):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSObject.h:
+ (JSC::JSObject::putOwnDataProperty):
+ * runtime/JSValue.h:
+
+2012-01-12 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=76141
+ defineSetter/defineGetter may fail to update Accessor attribute
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::initializeGetterSetterProperty):
+ (JSC::JSObject::defineSetter):
+ * runtime/Structure.cpp:
+ (JSC::Structure::attributeChangeTransition):
+ * runtime/Structure.h:
+
+2012-01-12 David Levin <levin@chromium.org>
+
+ [chromium] Fix DC leak in WebScreenInfoFactory.
+ https://bugs.webkit.org/show_bug.cgi?id=76203
+
+ Reviewed by Dmitry Titov.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h
+ * JavaScriptCore.gypi: Added OwnGetDCWin.h
+ * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC.
+
+2012-01-11 Gavin Barraclough <barraclough@apple.com>
+
+ Allow accessor get/set property to be set to undefined
+ https://bugs.webkit.org/show_bug.cgi?id=76148
+
+ Reviewed by Oliver Hunt.
+
+ AccessorDescriptor properties may have their get & set properties defined to reference a function
+ (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
+ (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
+ three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).
+
+ On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
+ any JSObject* (with a constraint that this must be callable).
+
+ Logically the get/set property of an accessor descriptor on an object might be in any of the three
+ states above, but in practice there is no way to distinguish between the first two states. As such
+ we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
+ undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.
+
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::setGetter):
+ (JSC::GetterSetter::setSetter):
+ - Allow the getter/setter to be cleared.
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putDescriptor):
+ - Changed to call getterObject/setterObject.
+ (JSC::JSArray::defineOwnNumericProperty):
+ - Added ASSERT.
+ * runtime/JSObject.cpp:
+ (JSC::putDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ - Changed to call getterObject/setterObject.
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetOwnPropertyDescriptor):
+ - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
+ (JSC::toPropertyDescriptor):
+ - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::getterObject):
+ (JSC::PropertyDescriptor::setterObject):
+ - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
+ (JSC::PropertyDescriptor::setDescriptor):
+ (JSC::PropertyDescriptor::setAccessorDescriptor):
+ - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
+ * runtime/PropertyDescriptor.h:
+ - Declare getterObject/setterObject.
+
+2012-01-12 Zeno Albisser <zeno@webkit.org>
+
+ [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560.
+ https://bugs.webkit.org/show_bug.cgi?id=76175
+
+ Defining ENABLE_CSS_FILTERS leads to ambiguous references
+ due to MacTypes.h being included.
+ Defining CF_OPEN_SOURCE works around this problem.
+
+ Reviewed by Simon Hausmann.
+
+ * wtf/Platform.h:
+
+2012-01-12 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Make the new WTF module build on Qt
+ https://bugs.webkit.org/show_bug.cgi?id=76163
+
+ Reviewed by Tor Arne Vestbø.
+
+ * JavaScriptCore.pro: Removed wtf from the subdirs to build.
+
+2012-01-11 Filip Pizlo <fpizlo@apple.com>
+
+ CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter
+ https://bugs.webkit.org/show_bug.cgi?id=76144
+ <rdar://problem/10681711>
+
+ Rubber stamped by Gavin Barraclough.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addressOfJITExecuteCounter):
+ (JSC::CodeBlock::offsetOfJITExecuteCounter):
+ (JSC::CodeBlock::jitExecuteCounter):
+ (JSC::CodeBlock::optimizeNextInvocation):
+ (JSC::CodeBlock::dontOptimizeAnytimeSoon):
+ (JSC::CodeBlock::optimizeAfterWarmUp):
+ (JSC::CodeBlock::optimizeAfterLongWarmUp):
+ (JSC::CodeBlock::optimizeSoon):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+
+2012-01-11 Gavin Barraclough <barraclough@apple.com>
+
+ Merge 'Getter'/'Setter' attributes into 'Accessor'
+ https://bugs.webkit.org/show_bug.cgi?id=76141
+
+ Reviewed by Filip Pizlo.
+
+ These are currently ambiguous (and used inconsistently). It would logically appear
+ that either being bit set implies that the corresponding type of accessor is present
+ but (a) we don't correctly enforce this, and (b) this means the attributes would not
+ be able to distinguish between a data descriptor and an accessor descriptor with
+ neither a getter nor setter defined (which is a descriptor permissible under the spec).
+ This ambiguity would lead to unsafe property caching behavior (though this does not
+ represent an actual current bug, since we are currently unable to create descriptors
+ that have neither a getter nor setter, it just prevents us from doing so).
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::createStrictModeCallerIfNecessary):
+ (JSC::Arguments::createStrictModeCalleeIfNecessary):
+ * runtime/JSArray.cpp:
+ (JSC::SparseArrayValueMap::put):
+ (JSC::JSArray::putDescriptor):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::finishCreation):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::initializeGetterSetterProperty):
+ (JSC::JSObject::defineSetter):
+ (JSC::putDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorDefineProperty):
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::setDescriptor):
+ (JSC::PropertyDescriptor::setAccessorDescriptor):
+ (JSC::PropertyDescriptor::setSetter):
+ (JSC::PropertyDescriptor::setGetter):
+ (JSC::PropertyDescriptor::attributesOverridingCurrent):
+
+2012-01-11 Gavin Barraclough <barraclough@apple.com>
+
+ Object.defineProperty([], 'length', {}) should not make length read-only
+ https://bugs.webkit.org/show_bug.cgi?id=76097
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::defineOwnProperty):
+ - We should be checking writablePresent().
+
+2012-01-11 Filip Pizlo <fpizlo@apple.com>
+
+ Code duplication for invoking the JIT and DFG should be reduced
+ https://bugs.webkit.org/show_bug.cgi?id=76117
+ <rdar://problem/10680189>
+
+ Rubber stamped by Geoff Garen.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jit/JITDriver.h: Added.
+ (JSC::jitCompileIfAppropriate):
+ (JSC::jitCompileFunctionIfAppropriate):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2012-01-11 Geoffrey Garen <ggaren@apple.com>
+
+ Bytecode dumping is broken for call opcodes (due to two new operands)
+ https://bugs.webkit.org/show_bug.cgi?id=75886
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
+ to fix this more than once. The helper function skips the extra two operands
+ at the end of the opcode, used for optimization.
+
+ (JSC::CodeBlock::dump): Used the helper function.
+
+ * bytecode/CodeBlock.h: Declared the helper function.
+
+2012-01-09 Geoffrey Garen <ggaren@apple.com>
+
+ REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
+ https://bugs.webkit.org/show_bug.cgi?id=75911
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
+ explicitly cast to our return type in C++.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::FunctionCallResolveNode::emitBytecode):
+ (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
+ into a temporary register before evaluating our arguments, since argument
+ evaluation might include function calls or assignments that overwrite our callee by name.
+
+2012-01-11 Michael Saboff <msaboff@apple.com>
+
+ v8-regexp spends 35% of its time allocating and copying internal regexp results data
+ https://bugs.webkit.org/show_bug.cgi?id=76079
+
+ Reviewed by Geoffrey Garen.
+
+ Added a new RegExpResults struct that has the input string, the number of
+ subexpressions and the output vector. Changed RegExpConstructor to
+ include a RegExpConstructorPrivate instead of having a reference to one.
+ Changed RegExpMatchesArray to include a RegExpResults instead of a
+ reference to a RegExpConstructorPrivate. Created an overloaded assignment
+ operator to assign a RegExpConstructorPrivate to a RegExpResults.
+ Collectively this change is worth 24% performance improvement to v8-regexp.
+
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpResult::operator=):
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ (JSC::RegExpMatchesArray::finishCreation):
+ (JSC::RegExpMatchesArray::~RegExpMatchesArray):
+ (JSC::RegExpMatchesArray::fillArrayInstance):
+ (JSC::RegExpConstructor::arrayOfMatches):
+ (JSC::RegExpConstructor::getBackref):
+ (JSC::RegExpConstructor::getLastParen):
+ (JSC::RegExpConstructor::getLeftContext):
+ (JSC::RegExpConstructor::getRightContext):
+ (JSC::RegExpConstructor::setInput):
+ (JSC::RegExpConstructor::input):
+ (JSC::RegExpConstructor::setMultiline):
+ (JSC::RegExpConstructor::multiline):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpResult::RegExpResult):
+ (JSC::RegExpConstructor::performMatch):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ (JSC::RegExpMatchesArray::getOwnPropertySlot):
+ (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+ (JSC::RegExpMatchesArray::put):
+ (JSC::RegExpMatchesArray::putByIndex):
+ (JSC::RegExpMatchesArray::deleteProperty):
+ (JSC::RegExpMatchesArray::deletePropertyByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyNames):
+
+2012-01-11 Eugene Girard <girard@google.com>
+
+ Typo in error message: Unexpected token 'defualt'
+ https://bugs.webkit.org/show_bug.cgi?id=75105
+
+ Reviewed by Simon Fraser.
+
+ * parser/Parser.h:
+ (JSC::Parser::getTokenName):
+
+2012-01-11 Anders Carlsson <andersca@apple.com>
+
+ Assertion failure in JSC::allocateCell trying to allocate a JSString
+ https://bugs.webkit.org/show_bug.cgi?id=76101
+
+ Reviewed by Adam Roben.
+
+ Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and
+ export them explicitly using the JS_EXPORTDATA macro.
+
+ member variables explicitly using
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Executable.h:
+ * runtime/JSString.h:
+
+2012-01-10 Mark Rowe <mrowe@apple.com>
+
+ <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder
+
+ This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT
+ as JavaScriptCore.framework or in to a different one.
+
+ Rubber-stamped by Dan Bernstein.
+
+ * Configurations/JSC.xcconfig: Update INSTALL_PATH.
+
+2012-01-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG inlining block linking compares BlockIndex against bytecode index
+ https://bugs.webkit.org/show_bug.cgi?id=76018
+ <rdar://problem/10671979>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+
+2012-01-10 Filip Pizlo <fpizlo@apple.com>
+
+ CodeBlock.h declares too many things
+ https://bugs.webkit.org/show_bug.cgi?id=76001
+
+ Rubber stamped by Gavin Barraclough.
+
+ Removed all non-CodeBlock type declarations from CodeBlock.h, and put them
+ into separate header files. Also removed all non-CodeBlock method implementations
+ from CodeBlock.cpp and put them into corresponding cpp files.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * assembler/RepatchBuffer.h:
+ * bytecode/CallLinkInfo.cpp: Added.
+ (JSC::CallLinkInfo::unlink):
+ * bytecode/CallLinkInfo.h: Added.
+ (JSC::CallLinkInfo::callTypeFor):
+ (JSC::CallLinkInfo::CallLinkInfo):
+ (JSC::CallLinkInfo::~CallLinkInfo):
+ (JSC::CallLinkInfo::isLinked):
+ (JSC::CallLinkInfo::seenOnce):
+ (JSC::CallLinkInfo::setSeen):
+ (JSC::getCallLinkInfoReturnLocation):
+ (JSC::getCallLinkInfoBytecodeIndex):
+ * bytecode/CallReturnOffsetToBytecodeOffset.h: Added.
+ (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset):
+ (JSC::getCallReturnOffset):
+ * bytecode/CodeBlock.cpp:
+ * bytecode/CodeBlock.h:
+ * bytecode/CodeType.h: Added.
+ * bytecode/ExpressionRangeInfo.h: Added.
+ * bytecode/GlobalResolveInfo.h: Added.
+ (JSC::GlobalResolveInfo::GlobalResolveInfo):
+ * bytecode/HandlerInfo.h: Added.
+ * bytecode/LineInfo.h: Added.
+ * bytecode/MethodCallLinkInfo.cpp: Added.
+ (JSC::MethodCallLinkInfo::reset):
+ * bytecode/MethodCallLinkInfo.h: Added.
+ (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
+ (JSC::MethodCallLinkInfo::seenOnce):
+ (JSC::MethodCallLinkInfo::setSeen):
+ (JSC::getMethodCallLinkInfoReturnLocation):
+ (JSC::getMethodCallLinkInfoBytecodeIndex):
+ * bytecode/StructureStubInfo.h:
+ (JSC::getStructureStubInfoReturnLocation):
+ (JSC::getStructureStubInfoBytecodeIndex):
+
+2012-01-10 Anders Carlsson <andersca@apple.com>
+
+ Hang opening movie that requires authentication
+ https://bugs.webkit.org/show_bug.cgi?id=75989
+ <rdar://problem/9601915>
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Functional.h:
+ Add function wrapper for a function that takes three parameters.
+
+2012-01-10 Filip Pizlo <fpizlo@apple.com>
+
+ CodeBlock::m_numParameters should be encapsulated
+ https://bugs.webkit.org/show_bug.cgi?id=75985
+ <rdar://problem/10671020>
+
+ Reviewed by Oliver Hunt.
+
+ Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
+ into it. This appears to be performance neutral.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::setNumParameters):
+ (JSC::CodeBlock::addParameter):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::numParameters):
+ (JSC::CodeBlock::addressOfNumParameters):
+ (JSC::CodeBlock::offsetOfNumParameters):
+ (JSC::CodeBlock::numberOfArgumentValueProfiles):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::addParameter):
+ (JSC::BytecodeGenerator::emitReturn):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::AbstractState):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::slideRegisterWindowForCall):
+ (JSC::Interpreter::dumpRegisters):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::prepareForRepeatCall):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITStubs.cpp:
+ (JSC::arityCheckFor):
+ (JSC::lazyLinkFor):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2012-01-10 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935
+
+ Fix 32-bit builds.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertyNames):
+ (JSC::JSArray::setLength):
+
+2012-01-10 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-01-10 Gavin Barraclough <barraclough@apple.com>
+
+ Do not allow Array length to be set if it is non-configurable
+ https://bugs.webkit.org/show_bug.cgi?id=75935
+
+ Reviewed by Sam Weinig.
+
+ Do not allow Array length to be set if it is non-configurable, and if the new
+ length is less than the old length then intervening properties should removed
+ in reverse order. Removal of properties should cease if an intervening indexed
+ property being removed is non-configurable.
+
+ * JavaScriptCore.exp:
+ - Removed export for setLength.
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncConcat):
+ - JSArray::setLength now takes an ExecState*
+ (JSC::arrayProtoFuncSlice):
+ - JSArray::setLength now takes an ExecState*
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::defineOwnProperty):
+ - JSArray::setLength now takes an ExecState*
+ (JSC::JSArray::put):
+ - JSArray::setLength now takes an ExecState*
+ (JSC::compareKeysForQSort):
+ - Keys extracted from the map can be stored as unsigneds.
+ (JSC::JSArray::getOwnPropertyNames):
+ - Keys extracted from the map can be stored as unsigneds.
+ (JSC::JSArray::setLength):
+ - Check lengthIsReadOnly(), rather than copying the entire map to iterate
+ over to determine which keys to remove, instead just copy the keys from
+ the map to a Vector. When inSparseMode sort the keys in the Vector so
+ that we can remove properties in reverse order.
+ * runtime/JSArray.h:
+ - JSArray::setLength now takes an ExecState*
+
+2012-01-10 Gavin Barraclough <barraclough@apple.com>
+
+ Use SameValue to compare property descriptor values
+ https://bugs.webkit.org/show_bug.cgi?id=75975
+
+ Reviewed by Sam Weinig.
+
+ Rather than strictEqual.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::defineOwnNumericProperty):
+ - Missing configurablePresent() check.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+ - call sameValue.
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::sameValue):
+ - Moved from JSArray.cpp, fix NaN comparison.
+ (JSC::PropertyDescriptor::equalTo):
+ - call sameValue.
+ * runtime/PropertyDescriptor.h:
+ - Added declaration for sameValue.
+2012-01-09 Gavin Barraclough <barraclough@apple.com>
+
+ Error handling : in ISO8601 timezone
+ https://bugs.webkit.org/show_bug.cgi?id=75919
+
+ Reviewed by Sam Weinig.
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+ - need to increment the string position.
+
+2012-01-09 Mark Rowe <mrowe@apple.com>
+
+ JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target
+ <http://webkit.org/b/75907> / <rdar://problem/10659862>
+
+ We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit
+ dependencies prevent this.
+
+ Reviewed by Dan Bernstein.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-01-09 Adam Treat <atreat@rim.com>
+
+ Log is a little to verbose for blackberry port
+ https://bugs.webkit.org/show_bug.cgi?id=75728
+
+ The BlackBerry::Platform::Log* functions take care of the call to vfprintf
+ which is resulting in unintentional noise in our logs. Add a conditional
+ directive to fix.
+
+ Change to using BlackBerry::Platform::logStreamV which does not insert
+ threading info and newlines unlike BlackBerry::Platform::log.
+
+ Finally, add log locking and unlocking which the BlackBerry platform
+ uses to ensure that N threads do not trample on each other's logs.
+
+ Reviewed by Rob Buis.
+
+ * wtf/Assertions.cpp:
+ (WTFLogLocker::WTFReportAssertionFailure):
+ (WTFLogLocker::WTFReportAssertionFailureWithMessage):
+ (WTFLogLocker::WTFReportArgumentAssertionFailure):
+ (WTFLogLocker::WTFReportFatalError):
+ (WTFLogLocker::WTFReportError):
+ (WTFLogLocker::WTFLog):
+ (WTFLogLocker::WTFLogVerbose):
+
+2012-01-09 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75789
+ defineOwnProperty not implemented for Array objects
+
+ Reviewed by Sam Weinig.
+
+ Implements support for getter/setter & non-default attribute properties on arrays,
+ by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
+ test failures.
+
+ * JavaScriptCore.exp:
+ - Updated exports.
+ * dfg/DFGOperations.cpp:
+ - JSArray::pop now requires an exec state.
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPop):
+ - JSArray::pop now requires an exec state.
+ * runtime/JSArray.cpp:
+ (JSC::SparseArrayValueMap::add):
+ - Add a potentially empty entry into the map.
+ (JSC::SparseArrayValueMap::put):
+ - Changed to call setter.
+ (JSC::SparseArrayEntry::get):
+ - calls getters.
+ (JSC::SparseArrayEntry::getNonSparseMode):
+ - does not call getters.
+ (JSC::JSArray::enterSparseMode):
+ - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
+ (JSC::JSArray::putDescriptor):
+ - Create a numeric property based on a descriptor.
+ (JSC::sameValue):
+ - See ES5.1 9.12.
+ (JSC::reject):
+ - Helper for the [[DefineOwnProperty]] algorithm.
+ (JSC::JSArray::defineOwnNumericProperty):
+ - Define an indexed property on an array object.
+ (JSC::JSArray::setLengthWritable):
+ - Marks the length read-only, enters SparseMode as necessary.
+ (JSC::JSArray::defineOwnProperty):
+ - Defines either an indexed property or 'length' on an array object.
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ - Updated to correctly handle accessor descriptors & attributes.
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ - Updated to correctly handle accessor descriptors & attributes.
+ (JSC::JSArray::put):
+ - Pass strict mode flag to setLength.
+ (JSC::JSArray::putByIndex):
+ - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ - Pass exec to SparseArrayValueMap::put.
+ (JSC::JSArray::deletePropertyByIndex):
+ - Do not allow deletion of non-configurable properties.
+ (JSC::compareKeysForQSort):
+ - used in implementation of getOwnPropertyNames.
+ (JSC::JSArray::getOwnPropertyNames):
+ - Properties in the sparse map should be iterated in order.
+ (JSC::JSArray::setLength):
+ - Updated to take a 'shouldThrow' flag, return a result indicating error.
+ (JSC::JSArray::pop):
+ - pop should throw an error if length is not writable, even if the array is empty.
+ (JSC::JSArray::push):
+ - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
+ (JSC::JSArray::sort):
+ - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
+ (JSC::JSArray::compactForSorting):
+ - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
+ * runtime/JSArray.h:
+ (JSC::SparseArrayValueMap::lengthIsReadOnly):
+ - Check if the length is read only.
+ (JSC::SparseArrayValueMap::setLengthIsReadOnly):
+ - Mark the length as read only.
+ (JSC::SparseArrayValueMap::find):
+ - Moved into header.
+ (JSC::JSArray::isLengthWritable):
+ - Wraps SparseArrayValueMap::lengthIsReadOnly.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+ - Should be returning the result of putDescriptor.
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::attributesOverridingCurrent):
+ - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
+ * runtime/PropertyDescriptor.h:
+ - Added attributesOverridingCurrent.
+
+2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
+
+ There is no support for fastcall in Solaris Studio.
+ Fixes build on Solaris.
+ https://bugs.webkit.org/show_bug.cgi?id=75736
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JITStubs.h:
+
+2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
+
+ Fix build failure on Solaris
+ https://bugs.webkit.org/show_bug.cgi?id=75733
+
+ Reviewed by Gavin Barraclough.
+
+ * wtf/ByteArray.h:
+
+2012-01-01 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Clean up some cruft from WTF's CMakeLists.txt
+ https://bugs.webkit.org/show_bug.cgi?id=75420
+
+ Reviewed by Daniel Bates.
+
+ * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add
+ all needed paths to WTF_INCLUDE_DIRECTORIES in a single place.
+
+2012-01-08 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Fix compilation error about ListHashSetReverseIterator
+ https://bugs.webkit.org/show_bug.cgi?id=75372
+
+ Reviewed by Darin Adler.
+
+ There is a typo in class ListHashSetReverseIterator:
+ typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
+ Should be
+ typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
+
+ * wtf/ListHashSet.h:
+
+2012-01-08 Ryosuke Niwa <rniwa@webkit.org>
+
+ WinCE build fix after r104415.
+
+ * jit/JITExceptions.cpp:
+ * jit/JITExceptions.h:
+
+2012-01-08 Filip Pizlo <fpizlo@apple.com>
+
+ The JIT's protocol for exception handling should be available to other parts of the system
+ https://bugs.webkit.org/show_bug.cgi?id=75808
+ <rdar://problem/10661025>
+
+ Reviewed by Oliver Hunt.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * jit/JITExceptions.cpp: Added.
+ (JSC::genericThrow):
+ (JSC::jitThrow):
+ * jit/JITExceptions.h: Added.
+ * jit/JITStubs.cpp:
+ * runtime/JSGlobalData.h:
+
+2012-01-06 Hajime Morrita <morrita@chromium.org>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75296
+ JSString should not have JS_EXPORTCLASS annotation
+
+ Reviewed by Kevin Ollivier.
+
+ * runtime/JSString.h: Removed JS_EXPORTCLASS annotation.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Added missing symbols which were hidden by JS_EXPORTCLASS.
+
+2012-01-06 Michael Saboff <msaboff@apple.com>
+
+ JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound()
+ https://bugs.webkit.org/show_bug.cgi?id=75757
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::pop): Changed map->end() to map->notFound().
+
+2012-01-06 Filip Pizlo <fpizlo@apple.com>
+
+ JIT stub slow paths that would be identical to that of an interpreter should be factored out
+ https://bugs.webkit.org/show_bug.cgi?id=75743
+ <rdar://problem/10657024>
+
+ Reviewed by Geoff Garen.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/CommonSlowPaths.h: Added.
+ (JSC::CommonSlowPaths::opInstanceOfSlow):
+ (JSC::CommonSlowPaths::opIn):
+ (JSC::CommonSlowPaths::opResolve):
+ (JSC::CommonSlowPaths::opResolveSkip):
+ (JSC::CommonSlowPaths::opResolveWithBase):
+ (JSC::CommonSlowPaths::opResolveWithThis):
+
+2012-01-06 Sam Weinig <sam@webkit.org>
+
+ Fix windows build.
+
+ * wtf/TypeTraits.cpp:
+
+2012-01-05 Michael Saboff <msaboff@apple.com>
+
+ Default HashTraits for Opcode don't work for Opcode = 0
+ https://bugs.webkit.org/show_bug.cgi?id=75595
+
+ Reviewed by Oliver Hunt.
+
+ Removed the populating of the m_opcodeIDTable table in the
+ case where the OpcodeID and Opcode are the same (m_enabled is false).
+ Instead we just cast the one type to the other.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::initialize):
+ (JSC::Interpreter::isOpcode):
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::getOpcodeID):
+
+2012-01-06 Sam Weinig <sam@webkit.org>
+
+ Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr
+ https://bugs.webkit.org/show_bug.cgi?id=75737
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/TypeTraits.cpp:
+ * wtf/TypeTraits.h:
+ Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray
+ is composed of some helpers which are also exposed, Conditional<>, which
+ can provide one type or another based on a boolean predicate, IsArray<>
+ which can deduce array types, and RemoveExtent<>, which removes the extent
+ from an array type.
+
+2012-01-06 Oliver Hunt <oliver@apple.com>
+
+ GetByteArrayLength is incorrect
+ https://bugs.webkit.org/show_bug.cgi?id=75735
+
+ Reviewed by Filip Pizlo.
+
+ Load the byte array length from the correct location.
+ This stops an existing test from hanging.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2012-01-06 Filip Pizlo <fpizlo@apple.com>
+
+ Fix build.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-01-06 Oliver Hunt <oliver@apple.com>
+
+ DFG no longer optimises CanvasPixelArray
+ https://bugs.webkit.org/show_bug.cgi?id=75729
+
+ Reviewed by Gavin Barraclough.
+
+ Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match
+ the future name when we switch over to the new typed-array based
+ ImageData specification.
+
+ * runtime/JSByteArray.cpp:
+
+2012-01-06 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
+
+ Use HashMap<OwnPtr> for SourceProviderCache items
+ https://bugs.webkit.org/show_bug.cgi?id=75346
+
+ Reviewed by Daniel Bates.
+
+ * parser/Parser.cpp:
+ * parser/SourceProviderCache.cpp:
+ (JSC::SourceProviderCache::clear):
+ (JSC::SourceProviderCache::add):
+ * parser/SourceProviderCache.h:
+
+2012-01-06 Sam Weinig <sam@webkit.org>
+
+ Remove unused OwnFastMallocPtr class.
+ https://bugs.webkit.org/show_bug.cgi?id=75722
+
+ Reviewed by Geoffrey Garen.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/OwnFastMallocPtr.h: Removed.
+ * wtf/text/StringImpl.h:
+ * wtf/wtf.pro:
+
+2012-01-06 Benjamin Poulain <bpoulain@webkit.org>
+
+ [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates
+ https://bugs.webkit.org/show_bug.cgi?id=75631
+
+ Reviewed by Andreas Kling.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2012-01-06 Eric Seidel <eric@webkit.org> and Gustavo Noronha Silva <gustavo.noronha@collabora.com>
+
+ Make the new WTF module build on Gtk
+ https://bugs.webkit.org/show_bug.cgi?id=75669
+
+ * GNUmakefile.am:
+
+2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Remove un-needed VPATHs from project includes
+
+ Reviewed by Simon Hausmann.
+
+ * JavaScriptCore.pri:
+ * wtf/wtf.pri:
+
+2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Move listing of include paths and libs to pri files in sources
+
+ Includepaths are sometimes modified by non-Qt contributors so keeping
+ them in files inside Sources makes it more likely that they are updated
+ along with project files for the other ports.
+
+ Using pri files instead of prf files for this also has the benefit that
+ the include() from the main target file can be parsed and followed by
+ Qt Creator -- something that does not work with load().
+
+ Dependency from a target to a library through the WEBKIT variable are
+ handled through forwarding-files in Tools/qmake/mkspecs/modules, which
+ set the source root of the module and include the right pri file.
+
+ Ideally we'd use the variant of include() that takes an optional
+ namespace to read the variables into, or the fromfile() function,
+ but both of these add an overhead of about 40% on the total qmake
+ runtime, due to making a deep copy of all the variables in the
+ project or re-reading all the prf files from scratch.
+
+ Reviewed by Simon Hausmann.
+ Reviewed by Ossy.
+
+ * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf.
+ * Target.pri:
+ * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf.
+ * wtf/wtf.pro:
+
+2012-01-06 Hajime Morrita <morrita@chromium.org>
+
+ WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE
+ https://bugs.webkit.org/show_bug.cgi?id=75612
+
+ Reviewed by Kevin Ollivier.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::findIgnoringCase):
+ (WTF::String::append):
+ (WTF::String::fromUTF8):
+ (WTF::String::fromUTF8WithLatin1Fallback):
+ (WTF::String::isHashTableDeletedValue):
+
+2012-01-05 Dan Bernstein <mitz@apple.com>
+
+ <rdar://problem/10633760> Update copyright strings
+
+ Reviewed by Mark Rowe.
+
+ * Info.plist:
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Date constructor handles infinite values incorrectly.
+ https://bugs.webkit.org/show_bug.cgi?id=70998
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ - should be checking !finite rather then isnan.
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ date.toISOString produces incorrect results for dates with ms prior to 1970
+ https://bugs.webkit.org/show_bug.cgi?id=75684
+
+ Reviewed by Sam Weinig.
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Array.prototype.lastIndexOf ignores undefined fromIndex.
+ https://bugs.webkit.org/show_bug.cgi?id=75678
+
+ Reviewed by Sam Weinig.
+
+ array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x)
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncLastIndexOf):
+ - should check argumnet count, rather than checking agument value for undefined.
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Date parsing is too restrictive.
+ https://bugs.webkit.org/show_bug.cgi?id=75671
+
+ Reviewed by Oliver Hunt.
+
+ ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15).
+ The spec allow a date to be date only, or date + time.
+
+ The date portion on the should match: (pseudocode!:)
+ [(+|-)YY]YYYY[-MM[-DD]]
+ though we are slightly more liberal (permitted by the spec), allowing:
+ [+|-]Y+[-MM[-DD]]
+ The time portion should match:
+ THH:mm[:ss[.sss]][Z|(+|-)HH:mm]
+ again we're slightly more liberal, allowing:
+ THH:mm[:ss[.s+]][Z|(+|-)HH:mm]
+
+ * wtf/DateMath.cpp:
+ (WTF::parseES5DatePortion):
+ - Month/day fields are optional, default to 01.
+ (WTF::parseES5TimePortion):
+ - Hours/Minutes are requires, seconds/timezone are optional.
+ (WTF::parseES5DateFromNullTerminatedCharacters):
+ - Dates may be date only, or date + time.
+
+2012-01-05 Bruno Dilly <bdilly@profusion.mobi>
+
+ [EFL] Undefined references to ICU_I18N symbols on WTF
+ https://bugs.webkit.org/show_bug.cgi?id=75642
+
+ Unreviewed build fix.
+
+ Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake.
+ Some undefined references were ucol_setAttribute_44, ucol_close_44,
+ ucol_getAttribute_44...
+
+ * wtf/PlatformEfl.cmake:
+
+2012-01-05 Geoffrey Garen <ggaren@apple.com>
+
+ Refined the fast path for StringImpl::hash()
+ https://bugs.webkit.org/show_bug.cgi?id=75178
+
+ Reviewed by Darin Adler.
+
+ Moved the hash calculation code into an out-of-line function to clean up
+ the hot path.
+
+ No measurable benchmark change, but this knocks some samples off in
+ Instruments, and I think this is a step toward removing -fomit-frame-pointer.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::hashSlowCase):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::hash): The patch.
+
+ * wtf/text/StringStatics.cpp:
+ (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build
+ scheme, which requires all out-of-line StringImpl functions used by
+ WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.)
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ Literal tab in JSONString fails
+ https://bugs.webkit.org/show_bug.cgi?id=71772
+
+ Reviewed by Oliver Hunt.
+
+ rfc4627 does not allow literal tab characters in JSON source.
+
+ * runtime/LiteralParser.cpp:
+ (JSC::isSafeStringCharacter):
+ - do not allow literal tab in StrictJSON mode.
+
+2012-01-05 Gavin Barraclough <barraclough@apple.com>
+
+ push/shift fifo may consume excessive memory
+ https://bugs.webkit.org/show_bug.cgi?id=75610
+
+ Reviewed by Sam Weinig.
+
+ Array object commonly store data in a vector, consisting of a portion that is
+ in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
+ m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
+ the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
+ never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
+ amount of memory, whilst having a relatively small active length.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::increaseVectorLength):
+ - If m_indexBias is non-zero, decay it over time.
+
+2012-01-05 Csaba Osztrogonác <ossy@webkit.org>
+
+ unshift/pop fifo may consume excessive memory
+ https://bugs.webkit.org/show_bug.cgi?id=75588
+
+ Reviewed by Zoltan Herczeg.
+
+ Buildfix after r104120.
+
+ * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true
+ (JSC::JSArray::unshiftCount):
+
+2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
+
+ Unreviewed gardening after r104134.
+
+ * wtf/Assertions.cpp:
+
+2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
+
+ Unreviewed gardening after r75605.
+
+ Rubber stamped by NOBODY Csaba Osztrogonác.
+
+ * wtf/Assertions.cpp:
+
+2012-01-05 Benjamin Poulain <benjamin@webkit.org>
+
+ Improve charactersAreAllASCII() to compare multiple characters at a time
+ https://bugs.webkit.org/show_bug.cgi?id=74063
+
+ Reviewed by Darin Adler.
+
+ A new header ASCIIFastPath.h contains the functions related to
+ the detection of ASCII by using machine words. Part of it comes from
+ WebCore's TextCodecASCIIFastPath.h.
+
+ The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h
+ and is implemented with computer word comparison.
+ The gain over the previous implementation of charactersAreAllASCII() is of
+ the order of how many comparison are avoided (4x, 8x, 16x depending on the
+ format and the CPU type).
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/text/ASCIIFastPath.h: Added.
+ (WTF::isAlignedToMachineWord):
+ (WTF::alignToMachineWord):
+ (WTF::isAllASCII):
+ (WTF::charactersAreAllASCII):
+ * wtf/text/WTFString.h:
+ * wtf/wtf.pro:
+
+2012-01-05 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
+
+ We should always log to both ASL and stderr on platforms where this won't result in launchd
+ duplicating the messages.
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/Assertions.cpp:
+ (vprintf_stderr_common):
+
+2012-01-05 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line
+
+ Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a
+ single line of text. This results in strangely formatted output if vprintf_stderr_common is
+ retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented
+ like stderr.
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/Assertions.cpp:
+ (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format
+ string before handing it off to vprintf_stderr_common. This requires disabling warnings about
+ calling a printf-like function with a non-literal format string for this piece of code. It's
+ safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix.
+ (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the
+ given format string if one does not already exist. It requires the same treatment with regards
+ to the non-literal format string warning.
+ (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix.
+ (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common.
+ (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix.
+ (WTFReportError): Ditto.
+ (WTFLog): Switch to using vprintf_stderr_with_trailing_newline.
+ (WTFLogVerbose): Ditto.
+
+2012-01-04 Gavin Barraclough <barraclough@apple.com>
+
+ unshift/pop fifo may consume excessive memory
+ https://bugs.webkit.org/show_bug.cgi?id=75588
+
+ Reviewed by Sam Weinig.
+
+ The Array object commonly store data in a vector, consisting of a portion that
+ is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
+ m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
+ current algorithm for increasePrefixVectorLength (used by unshift) will never
+ stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
+ of memory, whilst having a relatively small active length.
+
+ * runtime/JSArray.cpp:
+ (JSC::storageSize):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
+ (JSC::SparseArrayValueMap::put):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
+ (JSC::JSArray::increaseVectorLength):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
+ (JSC::JSArray::unshiftCountSlowCase):
+ - renamed from increaseVectorPrefixLength (this was a bad name, since it
+ also moved the ArrayStorage header), rewritten.
+ (JSC::JSArray::shiftCount):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
+ (JSC::JSArray::unshiftCount):
+ - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
+ increaseVectorPrefixLength renamed to unshiftCountSlowCase
+ (JSC::JSArray::sortNumeric):
+ * runtime/JSArray.h:
+ - Updated function declarations, m_indexBias should be unsigned.
+
+2012-01-04 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments
+
+ Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
+ to ensure that the correct destructor is invoked. This is necessary because
+ JSCell subclasses all intentionally have non-virtual destructors.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::destroy):
+ * runtime/Arguments.h:
+
+2012-01-04 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, accidentally turned off the JIT in previous commit. Turning
+ it back on.
+
+ * wtf/Platform.h:
+
+2012-01-04 Filip Pizlo <fpizlo@apple.com>
+
+ Changed "return" to "break" in some macrology I introduced in
+ http://trac.webkit.org/changeset/104086. This is a benign change, as
+ "return" was technically correct for all uses of the macro.
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGGraph.cpp:
+ * wtf/Platform.h:
+
+2012-01-04 Michael Saboff <msaboff@apple.com>
+
+ StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset
+ https://bugs.webkit.org/show_bug.cgi?id=75583
+
+ Reviewed by Filip Pizlo.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding
+ StructureStubInfo and reset the appropriate JIT and
+ the StructureStubInfo itself when reseting a MethodCallLinkInfo.
+
+2012-01-04 Michael Saboff <msaboff@apple.com>
+
+ Invalid ASSERT() in DFGRepatch.cpp near line 385
+ https://bugs.webkit.org/show_bug.cgi?id=75584
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==.
+
+2012-01-04 Filip Pizlo <fpizlo@apple.com>
+
+ Incorrect use of DFG node reference counts when mutating the graph
+ https://bugs.webkit.org/show_bug.cgi?id=75580
+ <rdar://problem/10644607>
+
+ Reviewed by Oliver Hunt.
+
+ Made deref(node) follow the pattern of ref(node), which it should have
+ to begin with.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::refChildren):
+ (JSC::DFG::Graph::derefChildren):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::deref):
+ (JSC::DFG::Graph::clearAndDerefChild1):
+ (JSC::DFG::Graph::clearAndDerefChild2):
+ (JSC::DFG::Graph::clearAndDerefChild3):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::deref):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixupNode):
+
+2012-01-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies
+
+ The custom qmake variable 'WEBKIT' is used for signaling that a
+ target depends in some way on other subproject of the WebKit
+ project. For now this is limited to the set of intermediate
+ libraries: wtf, javascriptcore, webcore, and webkit2.
+
+ This replaces the previous convension of using load(foo) for
+ just include paths, and CONFIG += foo to also link against foo.
+
+ Adding a dependency results in additional include paths being
+ available, and potentially linking to the library. This is
+ decided by the build system based on conditions such as what
+ kind of target is being built and the general build config.
+
+ An advantage to his approach is that it simplifies the individual
+ foo.prf files, for example by allowing us to use INCLUDEPATH +=
+ and LIBS += as normal instead of prepending.
+
+ Reviewed by Simon Hausmann.
+
+ * Target.pri:
+ * jsc.pro:
+ * wtf/wtf.pro:
+
+2012-01-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=75516
+ <rdar://problem/10640266>
+
+ Reviewed by Gavin Barraclough.
+
+ Removed the offending assertion, since it was wrong. Also hardened the code to make
+ this case less likely by first having the propagator fixpoint converge, and then doing
+ double voting combined with a second fixpoint. This is neutral on benchmarks and
+ fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double
+ until we've converged to the conclusion that it really is double).
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagatePredictions):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
+
+2012-01-03 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds
+ https://bugs.webkit.org/show_bug.cgi?id=75303
+ <rdar://problem/10633533>
+
+ Reviewed by Gavin Barraclough.
+
+ The this argument was not being kept alive in some cases during inlining and intrinsic
+ optimizations.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::emitFunctionCheck):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75140
+
+ Reviewed by Sam Weinig.
+
+ Rewrite JSArray::putSlowCase to be much cleaner & simpler.
+
+ This rewrite only significantly changes behaviour for sparse array, specifically
+ in how sparse arrays are reified back to vector form. This does not affect arrays
+ with less than 10000 entries (since these always use a vector). The more common
+ cases of sparse array behavior (though large sparse arrays are rare) - arrays that
+ always remain sparse, and arrays that are filled in reverse sequential order -
+ should be just as fast or faster (since reification is simpler & no longer
+ requires map lookups) after these changes.
+
+ Simplifying this code allows all cases of putByIndex that need to grow the vector
+ to do so via increaseVectorLength, which means that this method can encapsulate
+ the policy of determining how the vector should be grown.
+
+ No performance impact.
+
+ * runtime/JSArray.cpp:
+ (JSC::isDenseEnoughForVector):
+ - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
+ (JSC::JSArray::putByIndex):
+ - simplify & comment.
+ (JSC::JSArray::putByIndexBeyondVectorLength):
+ - Re-written to be much clearer & simpler.
+ (JSC::JSArray::increaseVectorLength):
+ (JSC::JSArray::increaseVectorPrefixLength):
+ - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
+ (JSC::JSArray::push):
+ - simplify & comment.
+ * runtime/JSArray.h:
+ - removed SparseArrayValueMap::take.
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75140
+
+ Reviewed by Sam Weinig.
+
+ Simplify JSArray creation - remove ArgsList/JSValue* create methods
+ (this functionality can be implemented in terms of tryCreateUninitialized).
+
+ * JavaScriptCore.exp:
+ * runtime/ArrayConstructor.cpp:
+ - use constructArray/constructEmptyArray instead of calling JSArray::create directly
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ - removed ArgsList/JSValue* create methods
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ (JSC::constructArray):
+ - changed to be implemented in terms of JSArray::tryCreateUninitialized
+
+2012-01-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75429
+ ThrowTypeError should be a singleton object
+
+ Reviewed by Sam Weinig.
+
+ Per section 13.2.3 of the spec.
+ We could change setAccessorDescriptor to be able to share the global
+ GetterSetter object, rather than storing the accessor functions and
+ creating a new GetterSetter in defineProperty - but this won't be a
+ small change to PropertyDescriptors (and would probably mean making
+ GetterSetter objects immutable?) - so I'll leave that for another
+ patch.
+
+ * JavaScriptCore.exp:
+ - don't export setAccessorDescriptor
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::createStrictModeCallerIfNecessary):
+ (JSC::Arguments::createStrictModeCalleeIfNecessary):
+ - call throwTypeErrorGetterSetter instead of createTypeErrorFunction
+ * runtime/Error.cpp:
+ * runtime/Error.h:
+ - remove createTypeErrorFunction
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ - remove unused createDescriptorForThrowingProperty
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ - removed m_strictModeTypeErrorFunctionStructure.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::internalFunctionStructure):
+ - removed m_strictModeTypeErrorFunctionStructure.
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::setAccessorDescriptor):
+ - changed to take a GetterSetter
+ * runtime/PropertyDescriptor.h:
+ - changed to take a GetterSetter
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ Check in fixes for jsc tests following bug #75455.
+
+ * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
+ * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js:
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75452
+ If argument to Error is undefined, message is not set
+
+ Reviewed by Sam Weinig.
+
+ Per section 15.11.1.1 of the spec.
+
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::create):
+ (JSC::ErrorInstance::finishCreation):
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ ES5 prohibits parseInt from supporting octal
+ https://bugs.webkit.org/show_bug.cgi?id=75455
+
+ Reviewed by Sam Weinig.
+
+ See sections 15.1.2.2 and annex E.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::parseInt):
+
+2012-01-02 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=55343
+ Global JSON should be configurable but isn't
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ - make JSON configurable
+
+2012-01-01 Filip Pizlo <fpizlo@apple.com>
+
+ Call instructions should leave room for linking information
+ https://bugs.webkit.org/show_bug.cgi?id=75422
+ <rdar://problem/10633985>
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+
+2011-12-31 Dan Bernstein <mitz@apple.com>
+
+ Continue trying to fix the Windows build after r103823.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-12-31 Dan Bernstein <mitz@apple.com>
+
+ Start trying to fix the Windows build after r103823.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-12-30 Anders Carlsson <andersca@apple.com>
+
+ Add a ParamStorageTraits specialization for RetainPtr
+ https://bugs.webkit.org/show_bug.cgi?id=75392
+
+ Reviewed by Daniel Bates.
+
+ * wtf/Functional.h:
+ Add a partial specialization of ParamStorageTraits for RetainPtr<T>.
+
+ * wtf/RetainPtr.h:
+ Bring in the retainPtr function template from WTF.
+
+2011-12-29 Sam Weinig <sam@webkit.org>
+
+ It should be easier to iterate a Vector backwards
+ https://bugs.webkit.org/show_bug.cgi?id=75359
+
+ Reviewed by Anders Carlsson.
+
+ Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(),
+ a new proxy driven way to access a vector backwards. One can use
+ reversed() in a range-based for loop like so:
+
+ for (auto val: myVector.reversed())
+ doSomething(val)
+
+ * wtf/Vector.h:
+ (WTF::Vector::~Vector):
+ Fix style.
+
+ (WTF::Vector::rbegin):
+ (WTF::Vector::rend):
+ Added using standard adaptor std::reverse_iterator.
+
+ (WTF::Vector::reversed):
+ (WTF::Vector::VectorReverseProxy::begin):
+ (WTF::Vector::VectorReverseProxy::end):
+ Add proxy similar to one used in HashMap for keys() and values()
+ which allows access to a Vector backwards for use in range-based
+ for loops.
+
+2011-12-29 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75140
+
+ Reviewed by Oliver Hunt.
+
+ Start cleaning up JSArray construction. JSArray has a set of create methods,
+ one of which (currently) takes a 'creation mode' enum parameter. Based on that
+ parameter, the constructor does one of two completely different things. If the
+ parameter is 'CreateInitialized' it creates an array, setting the length, but
+ does not eagerly allocate a storage vector of the specified length. A small
+ (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
+ access to the vector will read the hole value (return undefined). The alternate
+ usage of this method ('CreateCompact') does something very different. It tries
+ to create an array of the requested length, and also allocates a storage vector
+ large enough to hold all properties. It does not clear the storage vector,
+ leaving the memory uninitialized and requiring the user to call a method
+ 'uncheckedSetIndex' to initialize values in the vector.
+
+ This patch factors out these two behaviours, moving the 'CreateCompact' mode
+ into its own method, 'tryCreateUninitialized' (matching the naming for this
+ functionality in the string classes). 'tryCreateUninitialized' may return 0 if
+ memory allocation fails during construction of the object. The construction
+ pattern changes such that values added during initialization will be marked if
+ a GC is triggered during array allocation. 'CreateInitialized' no longer need
+ be passed to create a normal, fully constructed array with a length, and this
+ method is merged with the version of 'create' that does not take an initial
+ length (length parameter defaults to 0).
+
+ * JavaScriptCore.exp:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::constructArrayWithSizeQuirk):
+ - removed 'CreateInitialized' argument
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSplice):
+ - changed to call 'tryCreateUninitialized'
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncBind):
+ - changed to call 'tryCreateUninitialized'
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ - initialize m_storage to null; if construction fails, make destruction safe
+ (JSC::JSArray::finishCreation):
+ - merge versions of this method, takes an initialLength parameter defaulting to zero
+ (JSC::JSArray::tryFinishCreationUninitialized):
+ - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
+ (JSC::JSArray::~JSArray):
+ - check for null m_storage, in case array construction failed.
+ (JSC::JSArray::increaseVectorPrefixLength):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ - merge versions of this method, takes an initialLength parameter defaulting to zero
+ (JSC::JSArray::tryCreateUninitialized):
+ - version of 'create' that tries to eagerly allocate storage; may fail & return 0
+ (JSC::JSArray::initializeIndex):
+ (JSC::JSArray::completeInitialization):
+ - used in conjunction with 'tryCreateUninitialized' to initialize the array
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ - removed 'CreateInitialized' argument
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::finishCreation):
+ - removed 'CreateInitialized' argument
+
+2011-12-29 Anders Carlsson <andersca@apple.com>
+
+ Add a retainPtr function template
+ https://bugs.webkit.org/show_bug.cgi?id=75365
+
+ Reviewed by Dan Bernstein.
+
+ This makes it easier to make a RetainPtr using template argument deduction, which
+ is useful when passing RetainPtr objects as function arguments.
+
+ * wtf/RetainPtr.h:
+ (WTF::retainPtr):
+
+2011-12-28 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ spill unboxed values in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=75291
+
+ Reviewed by Filip Pizlo.
+
+ Currently all the values are spilled as boxed in DFG 32_64, which is
+ not necessary and introduces additional stores/loads. Instead we
+ can spill them as unboxed if feasible. It can be applied to the
+ Integers, Cells and Booleans in DFG 32_64. Doubles are left as is
+ because they don't need to be boxed at all. The modifications to the
+ spill/fill and the OSR exit are required, as well as a bug fix to the
+ "isUnknownJS" logic.
+
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::displacedInRegisterFile):
+ (JSC::ValueRecovery::virtualRegister):
+ (JSC::ValueRecovery::dump):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::isUnknownJS):
+ (JSC::DFG::GenerationInfo::spill):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::isKnownNotBoolean):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentFillGPR):
+ (JSC::DFG::SpeculativeJIT::spill):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::fillDouble):
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-28 Anders Carlsson <andersca@apple.com>
+
+ Add an implicit block conversion operator to WTF::Function
+ https://bugs.webkit.org/show_bug.cgi?id=75325
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/Compiler.h:
+ Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation
+ is buggy, especially when it comes to C++.
+
+ * wtf/Functional.h:
+ Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed.
+
+2011-12-27 Anders Carlsson <andersca@apple.com>
+
+ Add a new WTF::bind overload that takes 6 parameters
+ https://bugs.webkit.org/show_bug.cgi?id=75287
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Functional.h:
+
+2011-12-27 Sam Weinig <sam@webkit.org>
+
+ Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro
+ https://bugs.webkit.org/show_bug.cgi?id=75268
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Compiler.h:
+ Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
+
+ * wtf/Noncopyable.h:
+ Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
+
+ * wtf/NullPtr.cpp:
+ * wtf/NullPtr.h:
+ Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR).
+
+ * wtf/RefPtr.h:
+ * wtf/RetainPtr.h:
+ Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR).
+
+2011-12-27 Anders Carlsson <andersca@apple.com>
+
+ Misc fixes and cleanups in Functional.h
+ https://bugs.webkit.org/show_bug.cgi?id=75281
+
+ Reviewed by Andreas Kling.
+
+ - Reformat template declarations so that the class begins on a new line.
+ - Change the parameter template parameters to start at P1 instead of P0.
+ - Add function wrappers and bind overloads for 4 and 5 parameter functions.
+ - Change the Function call operator to be const so const functions can be called.
+
+ * wtf/Functional.h:
+
+2011-12-27 Tony Chang <tony@chromium.org>
+
+ [chromium] Minor cleanup of gyp files.
+ https://bugs.webkit.org/show_bug.cgi?id=75269
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed
+ and vim/emacs specific hooks should be added by the user.
+
+2011-12-27 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75260
+ Null name for host function can result in dereference of uninitialize memory
+
+ Reviewed by Filip Pizlo.
+
+ This is a recent regression in ToT, if the name passed to finishCreation of a host function is null,
+ we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the
+ aspect of the change that introduced the issue. It might be better if functions that don't have a
+ name don't have this property at all, but that's change should be separate from fixing the bug.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::finishCreation):
+ - Always initialize the name property.
+
+2011-12-27 Anders Carlsson <andersca@apple.com>
+
+ Function should handle wrapping/unwrapping RefPtr and PassRefPtr
+ https://bugs.webkit.org/show_bug.cgi?id=75266
+
+ Reviewed by Sam Weinig.
+
+ Add ParamStorageTraits that can be used for deciding how bound parameters should be stored
+ and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn.
+ For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking.
+
+ * wtf/Functional.h:
+ (WTF::ParamStorageTraits::wrap):
+ (WTF::ParamStorageTraits::unwrap):
+
+2011-12-27 Tony Chang <tony@chromium.org>
+
+ [chromium] really enable wpo for WebCore libs and for WTF
+ https://bugs.webkit.org/show_bug.cgi?id=75264
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr.
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ Errk! OS X build fix.
+
+ * JavaScriptCore.exp:
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSObject.h:
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75231
+ Fail to throw in strict mode on assign to read only static properties
+
+ Reviewed by Filip Pizlo.
+
+ There are three bugs here:
+ * symbolTablePut should throw for strict mode accesses.
+ * lookupPut should throw for strict mode accesses.
+ * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::put):
+ * runtime/JSActivation.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::symbolTablePut):
+ * runtime/Lookup.h:
+ (JSC::lookupPut):
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::put):
+ * runtime/NumberConstructor.h:
+
+2011-12-26 Gavin Barraclough <barraclough@apple.com>
+
+ Fix miss-commit of utf8 change.
+
+ Reviewed by Filip Pizlo
+
+ Eeep, patch as landed a while ago had no effect! - acidentally landed
+ modified version of patch used for performance testing.
+
+ (This isn't covered by layout tests because layour tests don't use jsc,
+ and the tests/mozilla tests use latin1, which was already supported!)
+
+ Landing changes as intended (and as originally reviewed).
+
+ * jsc.cpp:
+ (jscSource):
+
+2011-12-26 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for ARMv7.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load16Signed):
+ (JSC::MacroAssemblerARMv7::load8Signed):
+
+2011-12-26 Hajime Morrita <morrita@google.com>
+
+ Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE
+ https://bugs.webkit.org/show_bug.cgi?id=74990
+
+ Reviewed by Kevin Ollivier.
+
+ * runtime/JSExportMacros.h: Removed JS_INLINE
+ * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE
+
+2011-12-24 Filip Pizlo <fpizlo@apple.com>
+
+ The ArgumentCount field in the CallFrame should have its tag left blank for other uses
+ https://bugs.webkit.org/show_bug.cgi?id=75199
+ <rdar://problem/10625105>
+ <rdar://problem/10625106>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::argumentCountIncludingThis):
+ (JSC::ExecState::setArgumentCountIncludingThis):
+ * interpreter/Register.h:
+ (JSC::Register::unboxedInt32):
+ (JSC::Register::unboxedBoolean):
+ (JSC::Register::unboxedCell):
+ (JSC::Register::payload):
+ (JSC::Register::tag):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ (JSC::JIT::compileOpCall):
+
+2011-12-25 Andreas Kling <awesomekling@apple.com>
+
+ Yarr: Avoid copying vectors in CharacterClassConstructor.
+ <http://webkit.org/b/75206>
+
+ Reviewed by Darin Adler.
+
+ Yarr::CharacterClassConstructor::charClass() was hot when loading twitter
+ feeds (1.2%), replace the usage of Vector::append() by swap() since we're
+ always clearing the source vector afterwards anyway.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::CharacterClassConstructor::charClass):
+
+2011-12-24 Darin Adler <darin@apple.com>
+
+ Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn
+ https://bugs.webkit.org/show_bug.cgi?id=72476
+
+ Reviewed by Sam Weinig.
+
+ * wtf/HashTraits.h: Defined PassInType and store function in HashTraits<RefPtr>.
+
+2011-12-23 Geoffrey Garen <ggaren@apple.com>
+
+ Inlined Yarr::execute
+ https://bugs.webkit.org/show_bug.cgi?id=75180
+
+ Reviewed reluctantly by Beth Dakin.
+
+ Tiny speedup on SunSpider string tests. Removes some samples from
+ Instruments. A step toward removing -fomit-frame-pointer.
+
+ * yarr/YarrJIT.cpp:
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?!
+
+2011-12-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG loads from signed 8-bit and 16-bit typed arrays are broken
+ https://bugs.webkit.org/show_bug.cgi?id=75163
+
+ Reviewed by Geoffrey Garen.
+
+ Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm
+ currently disabling Int8Array and Int16Array optimizations on ARM.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load8Signed):
+ (JSC::MacroAssemblerX86Common::load16Signed):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movswl_mr):
+ (JSC::X86Assembler::movsbl_mr):
+ * bytecode/PredictedType.h:
+ (JSC::isActionableMutableArrayPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInt8Array):
+ (JSC::DFG::Node::shouldSpeculateInt16Array):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+
+2011-12-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does double-to-int conversion incorrectly when storing into int typed arrays
+ https://bugs.webkit.org/show_bug.cgi?id=75164
+ <rdar://problem/10557547>
+
+ Reviewed by Geoffrey Garen.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32):
+ (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+
+2011-12-23 Geoffrey Garen <ggaren@apple.com>
+
+ Refactored String.prototype.replace
+ https://bugs.webkit.org/show_bug.cgi?id=75114
+
+ Reviewed by Darin Adler.
+
+ No performance difference.
+
+ I think this is a step toward removing -fomit-frame-pointer.
+
+ * runtime/JSString.cpp:
+ * runtime/JSString.h: Removed the test and special case for a single-character
+ search string because the standard path does this test and special case
+ for us. (As an aside, if we do come up with a unique single-character
+ replace optimization in future, it probably belongs in the replace function,
+ and not in JSString.)
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace): Split this mega-sized function into:
+ (JSC::replaceUsingStringSearch): - This reasonably sized function, and
+ (JSC::replaceUsingRegExpSearch): - This still mega-sized function.
+
+2011-12-23 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html
+ https://bugs.webkit.org/show_bug.cgi?id=75087
+
+ monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds.
+
+ Reviewed by Darin Adler.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::monotonicallyIncreasingTime):
+
+2011-12-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not speculate array even when predictions say that the base is not an array
+ https://bugs.webkit.org/show_bug.cgi?id=75160
+ <rdar://problem/10622646>
+ <rdar://problem/10622649>
+
+ Reviewed by Oliver Hunt.
+
+ Added the ability to call slow path when the base is known to not be an array.
+ Also rationalized the logic for deciding when the index is not an int, and
+ cleaned up the logic for deciding when to speculate typed array.
+
+ Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can
+ likely be mitigated by having the notion of a polymorphic array access, where we
+ try, but don't speculate, to access the array one way before either trying some
+ other ways or calling slow path.
+
+ * bytecode/PredictedType.h:
+ (JSC::isActionableMutableArrayPrediction):
+ (JSC::isActionableArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInt8Array):
+ (JSC::DFG::Node::shouldSpeculateInt16Array):
+ (JSC::DFG::Node::shouldSpeculateInt32Array):
+ (JSC::DFG::Node::shouldSpeculateUint8Array):
+ (JSC::DFG::Node::shouldSpeculateUint16Array):
+ (JSC::DFG::Node::shouldSpeculateUint32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat64Array):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::byValIsPure):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-22 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed - fix stylebot issues from last patch.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putSlowCase):
+
+2011-12-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=75151
+ Add attributes field to JSArray's SparseMap
+
+ Reviewed by Sam Weinig.
+
+ This will be necessary to be able to support non- writable/configurable/enumerable
+ properties, and helpful for getters/setters.
+
+ Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSort):
+ - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
+ (must fall back to generic sort alogrithm).
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation):
+ - moved reportedMapCapacity into the SparseArrayValueMap object.
+ (JSC::SparseArrayValueMap::find):
+ (JSC::SparseArrayValueMap::put):
+ (JSC::SparseArrayValueMap::visitChildren):
+ - Added.
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ (JSC::JSArray::putSlowCase):
+ (JSC::JSArray::deletePropertyByIndex):
+ (JSC::JSArray::getOwnPropertyNames):
+ (JSC::JSArray::setLength):
+ (JSC::JSArray::pop):
+ (JSC::JSArray::visitChildren):
+ - Updated for changes in SparseArrayValueMap.
+ (JSC::JSArray::sortNumeric):
+ (JSC::JSArray::sort):
+ (JSC::JSArray::compactForSorting):
+ - Disallow on 'SparseMode' arrays.
+ * runtime/JSArray.h:
+ (JSC::SparseArrayEntry::SparseArrayEntry):
+ - An entry in the sparse array - value (WriteBarrier) + attributes.
+ (JSC::SparseArrayValueMap::SparseArrayValueMap):
+ (JSC::SparseArrayValueMap::sparseMode):
+ (JSC::SparseArrayValueMap::setSparseMode):
+ - Flags to track whether an Array is forced into SparseMode.
+ (JSC::SparseArrayValueMap::remove):
+ (JSC::SparseArrayValueMap::notFound):
+ (JSC::SparseArrayValueMap::isEmpty):
+ (JSC::SparseArrayValueMap::contains):
+ (JSC::SparseArrayValueMap::size):
+ (JSC::SparseArrayValueMap::begin):
+ (JSC::SparseArrayValueMap::end):
+ - accessors to the map
+ (JSC::SparseArrayValueMap::take):
+ - only for use on non-SpareMode arrays.
+ (JSC::JSArray::inSparseMode):
+ - Added.
+
+2011-12-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array
+ https://bugs.webkit.org/show_bug.cgi?id=75150
+ <rdar://problem/10621900>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+
+2011-12-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does exactly the wrong thing when doing strict equality on two known cells
+ https://bugs.webkit.org/show_bug.cgi?id=75138
+ <rdar://problem/10621526>
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+
+2011-12-22 Balazs Kelemen <kbalazs@webkit.org>
+
+ Fix debug build with assertions disabled
+ https://bugs.webkit.org/show_bug.cgi?id=75075
+
+ Reviewed by Darin Adler.
+
+ Check whether assertions are disabled instead of NDEBUG
+ where appropriate to avoid "defined but not used" warnings.
+
+ * wtf/DateMath.cpp:
+ (WTF::initializeDates):
+
+2011-12-22 Mariusz Grzegorczyk <mariusz.g@samsung.com>
+
+ [EFL] Missing plugins support for efl port
+ https://bugs.webkit.org/show_bug.cgi?id=44505
+
+ Reviewed by Anders Carlsson.
+
+ Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port.
+
+ * wtf/Platform.h:
+
+2011-12-22 Wei Charles <charles.wei@torchmobile.com.cn>
+
+ Remove un-used data member of LiteralParser::Lex::m_string
+ https://bugs.webkit.org/show_bug.cgi?id=68216
+
+ Reviewed by George Staikos.
+
+ * runtime/LiteralParser.h:
+
+2011-12-21 Dan Bernstein <mitz@apple.com>
+
+ OS X build fix after r103488.
+
+ * JavaScriptCore.exp:
+
+2011-12-21 Konrad Piascik <kpiascik@rim.com>
+
+ Implement the JavaScriptCore bindings for eventListenerHandlerLocation
+ https://bugs.webkit.org/show_bug.cgi?id=74313
+
+ Reviewed by Eric Seidel.
+
+ Updated project files to get Windows and Mac builds working.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-12-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object
+ https://bugs.webkit.org/show_bug.cgi?id=75058
+ <rdar://problem/10616612>
+ <rdar://problem/10617500>
+
+ Reviewed by Oliver Hunt.
+
+ Added a call to toThisObject() in the DFG when planting a direct reference to the global this object.
+ Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed
+ a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState*
+ is optional.
+
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::globalThisObjectFor):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSObject.h:
+
+2011-12-21 Pierre Rossi <pierre.rossi@gmail.com>
+
+ Implement montonicallyIncreasingClock() on Qt
+ https://bugs.webkit.org/show_bug.cgi?id=62159
+
+ Reviewed by Darin Adler.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::monotonicallyIncreasingTime):
+
+2011-12-20 Filip Pizlo <fpizlo@apple.com>
+
+ 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails
+ https://bugs.webkit.org/show_bug.cgi?id=74997
+ <rdar://problem/10612389>
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_div):
+
+2011-12-20 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore should be consistent about how it reads and writes ArgumentCount
+ https://bugs.webkit.org/show_bug.cgi?id=74989
+ <rdar://problem/10612006>
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_get_arguments_length):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+
+2011-12-20 Filip Pizlo <fpizlo@apple.com>
+
+ Value Profiles for arguments should be more easily accessible to the interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=74984
+ <rdar://problem/10611364>
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setArgumentValueProfileSize):
+ (JSC::CodeBlock::numberOfArgumentValueProfiles):
+ (JSC::CodeBlock::valueProfileForArgument):
+ (JSC::CodeBlock::addValueProfile):
+ (JSC::CodeBlock::valueProfile):
+ (JSC::CodeBlock::valueProfileForBytecodeOffset):
+ (JSC::CodeBlock::totalNumberOfValueProfiles):
+ (JSC::CodeBlock::getFromAllValueProfiles):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+
+2011-12-20 Gavin Barraclough <barraclough@apple.com>
+
+ JSC shell should accept utf8 input.
+
+ Reviewed by Filip Pizlo.
+
+ * jsc.cpp:
+ (jscSource):
+ (functionRun):
+ (functionLoad):
+ (functionCheckSyntax):
+ (runWithScripts):
+ (runInteractive):
+
+2011-12-20 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber Stamped by Sam Weinig
+
+ * runtime/JSGlobalData.cpp:
+ - removed some dead code.
+
+2011-12-19 Geoffrey Garen <ggaren@apple.com>
+
+ Tightened up Vector<T>::append
+ https://bugs.webkit.org/show_bug.cgi?id=74906
+
+ Reviewed by Sam Weinig.
+
+ Not a measurable speedup, but code inspection shows better code generated,
+ and I believe this is a step toward turning off -fomit-frame-pointer.
+
+ * wtf/Vector.h:
+ (WTF::::append):
+ (WTF::::appendSlowCase): Split out the slow case into a separate function
+ to keep unnecessary instructions off the hot path. This means the hot
+ path can now be inlined more often.
+
+ Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a
+ compiler work-around from 2007.
+
+2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Temporary GPR should not be lazily allocated in DFG JIT on X86
+ https://bugs.webkit.org/show_bug.cgi?id=74908
+
+ Reviewed by Filip Pizlo.
+
+ On X86, we used to allocate a temporary GPR lazily when it's really
+ used rather than defined. This may cause potential issues of
+ allocating registers inside control flow and result in problems in
+ subsequent code generation, for example the DFG JIT may think an
+ operand already being spilled (to satisfy the allocation request) and
+ generate code to read the data from memory, but the allocation and
+ spilling are in a branch which is not taken at runtime, so the
+ generated code is incorrect.
+
+ Although current DFG JIT code doesn't have this problematic pattern,
+ it's better to cut-off the root to avoid any potential issues in the
+ future.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::GPRTemporary::gpr):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove unused code for non-speculative Arith operations from DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=74905
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ * dfg/DFGSpeculativeJIT64.cpp:
+
+2011-12-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=74903
+ Exceptions not thrown correctly from DFG JIT on 32bit
+
+ Reviewed by Oliver Hunt.
+
+ Arguments for lookupExceptionHandler are not setup correctly.
+ In the case of ARMv7 we rely on lr being preserved over a call,
+ this in invalid. On x86 we don't should be poking the arguments onto the stack!
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
+ * dfg/DFGGPRInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addExceptionCheck):
+ (JSC::DFG::JITCompiler::addFastExceptionCheck):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+
+2011-12-19 Filip Pizlo <fpizlo@apple.com>
+
+ If we detect that we can use the JIT, don't use computed opcode lookups
+ https://bugs.webkit.org/show_bug.cgi?id=74899
+ <rdar://problem/10604551>
+
+ Reviewed by Gavin Barraclough.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::Interpreter):
+ (JSC::Interpreter::initialize):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::getOpcode):
+ (JSC::Interpreter::getOpcodeID):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+
+2011-12-19 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Qt build.
+
+ Unreviewed.
+
+ * wtf/ThreadSpecific.h: #include!
+
+2011-12-18 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to change the value of an Options variable without recompiling the world
+ https://bugs.webkit.org/show_bug.cgi?id=74807
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h:
+
+2011-12-19 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r103250.
+ http://trac.webkit.org/changeset/103250
+ https://bugs.webkit.org/show_bug.cgi?id=74877
+
+ it still breaks codegen (Requested by olliej on #webkit).
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::byValIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-16 Oliver Hunt <oliver@apple.com>
+
+ Rolling r103120 back in with merge errors corrected.
+
+ PutByVal[Alias] unnecessarily reloads the storage buffer
+ https://bugs.webkit.org/show_bug.cgi?id=74747
+
+ Reviewed by Gavin Barraclough.
+
+ Make PutByVal use GetIndexedStorage to load the storage buffer.
+ This required switching PutByVal to a vararg node (which is
+ responsible for most of the noise in this patch). This fixes the
+ remaining portion of the kraken regression caused by the GetByVal
+ storage load elimination, and a 1-5% win on some of the sub tests of
+ the typed array benchmark at:
+ http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::byValIndexIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-15 Geoffrey Garen <ggaren@apple.com>
+
+ Placement new does an unnecessary NULL check
+ https://bugs.webkit.org/show_bug.cgi?id=74676
+
+ Reviewed by Sam Weinig.
+
+ We can define our own version, which skips the NULL check.
+
+ Not a measurable speedup, but code inspection shows better code generated,
+ and I believe this is a step toward turning off -fomit-frame-pointer.
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::create): Use the NotNull version of placement
+ new to skip the NULL check.
+
+ * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
+
+ (JSC::JSCallbackObject::create):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::grow):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::allocate):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::create):
+ (JSC::MarkedBlock::recycle):
+ * jit/JITCode.h:
+ (JSC::JITCode::clear):
+ * jsc.cpp:
+ (GlobalObject::create):
+ * profiler/CallIdentifier.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::create):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::create):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::create):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::create):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::create):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::create):
+ (JSC::TerminatedExecutionError::create):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::create):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::create):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::create):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::create):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::create):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::create): Use the NotNull version of placement
+ new to skip the NULL check.
+
+ * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ * runtime/JSGlobalThis.h:
+ (JSC::JSGlobalThis::create):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::create):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::create):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createNull):
+ (JSC::RopeBuilder::create):
+ (JSC::RopeBuilder::createHasOtherOwner):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::create):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::create):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::create):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::create):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::createWithoutCaching):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::create):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::create):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::create):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::create):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::createStructure):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ * testRegExp.cpp:
+ (GlobalObject::create):
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
+ new to skip the NULL check.
+
+ * wtf/BumpPointerAllocator.h:
+ (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
+
+ * wtf/ByteArray.cpp:
+ (WTF::ByteArray::create):
+ * wtf/Deque.h:
+ (WTF::::append):
+ (WTF::::prepend): Use NotNull, as above.
+
+ * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
+ hide the name of the global placement new.
+
+ (WTF::fastNew): Standardized spacing. Most of these functions don't need
+ NotNull, since they check for NULL, and the optimizer can see that.
+
+ * wtf/HashTable.h:
+ * wtf/HashTraits.h:
+ (WTF::SimpleClassHashTraits::constructDeletedValue):
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
+
+ * wtf/StdLibExtras.h:
+ (throw): This is our NotNull placement new. Declaring that we throw is
+ the C++ way to say that operator new will not return NULL.
+
+ * wtf/ThreadSpecific.h:
+ (WTF::T):
+ * wtf/Vector.h:
+ (WTF::::append):
+ (WTF::::tryAppend):
+ (WTF::::uncheckedAppend):
+ (WTF::::insert):
+ * wtf/text/AtomicStringHash.h:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::createUninitialized):
+ (WTF::StringImpl::reallocate):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::tryCreateUninitialized):
+ * wtf/text/StringStatics.cpp:
+ (WTF::AtomicString::init): Use NotNull, as above.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::allocDisjunctionContext):
+ (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
+ (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
+ spacing for easy grep.
+
+2011-12-19 Eric Carlson <eric.carlson@apple.com>
+
+ Enable <track> for Mac build
+ https://bugs.webkit.org/show_bug.cgi?id=74838
+
+ Reviewed by Darin Adler.
+
+ * wtf/Platform.h:
+
+2011-12-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG is too sloppy with register allocation
+ https://bugs.webkit.org/show_bug.cgi?id=74835
+
+ Reviewed by Gavin Barraclough.
+
+ Added assertions that at the end of a successfully generated basic block,
+ all use counts should be zero. This revealed a number of bugs:
+
+ - Array length optimizations were turning a must-generate node into one
+ that is not must-generate, but failing to change the ref count
+ accordingly.
+
+ - Indexed property storage optimizations were failing to deref their
+ children, or to deref the indexed property storage node itself. Also,
+ they used the Phantom node as a replacement. But the Phantom node is
+ must-generate, which was causing bizarre issues. So this introduces a
+ Nop node, which should be used in cases where you want a node that is
+ skipped and has no children.
+
+ This does not have any significant performance effect, but it should
+ relieve some register pressure. The main thing this patch adds, though,
+ are the assertions, which should make it easier to do register allocation
+ related changes in the future.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::initConstant):
+ (JSC::DFG::GenerationInfo::initInteger):
+ (JSC::DFG::GenerationInfo::initJSValue):
+ (JSC::DFG::GenerationInfo::initCell):
+ (JSC::DFG::GenerationInfo::initBoolean):
+ (JSC::DFG::GenerationInfo::initDouble):
+ (JSC::DFG::GenerationInfo::initStorage):
+ (JSC::DFG::GenerationInfo::use):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::clearAndDerefChild1):
+ (JSC::DFG::Graph::clearAndDerefChild2):
+ (JSC::DFG::Graph::clearAndDerefChild3):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::deref):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-18 Benjamin Poulain <bpoulain@apple.com>
+
+ Remove the duplicated code from ASCIICType.h
+ https://bugs.webkit.org/show_bug.cgi?id=74771
+
+ Reviewed by Andreas Kling.
+
+ Use isASCIIDigit() and isASCIIAlpha() instead of copying the code.
+
+ * wtf/ASCIICType.h:
+ (WTF::isASCIIDigit):
+ (WTF::isASCIIAlphanumeric):
+ (WTF::isASCIIHexDigit):
+
+2011-12-18 Anders Carlsson <andersca@apple.com>
+
+ Set the main frame view scroll position asynchronously
+ https://bugs.webkit.org/show_bug.cgi?id=74823
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.exp:
+
+2011-12-10 Andreas Kling <kling@webkit.org>
+
+ OpaqueJSClass: Remove RVCT2 workarounds.
+ <http://webkit.org/b/74250>
+
+ Reviewed by Benjamin Poulain.
+
+ We no longer need workarounds for the RVCT2 compiler since it was
+ only used for the Symbian port of WebKit which is now defunct.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::OpaqueJSClass):
+ (OpaqueJSClassContextData::OpaqueJSClassContextData):
+
+2011-12-16 Benjamin Poulain <bpoulain@apple.com>
+
+ Remove the duplicated code from ASCIICType.h
+ https://bugs.webkit.org/show_bug.cgi?id=74771
+
+ Reviewed by Andreas Kling.
+
+ The functions were sharing similar code and were defined for the various input types.
+ Use templates instead to avoid code duplication.
+
+ * wtf/ASCIICType.h:
+ (WTF::isASCII):
+ (WTF::isASCIIAlpha):
+ (WTF::isASCIIAlphanumeric):
+ (WTF::isASCIIDigit):
+ (WTF::isASCIIHexDigit):
+ (WTF::isASCIILower):
+ (WTF::isASCIIOctalDigit):
+ (WTF::isASCIIPrintable):
+ (WTF::isASCIISpace):
+ (WTF::isASCIIUpper):
+ (WTF::toASCIILower):
+ (WTF::toASCIIUpper):
+ (WTF::toASCIIHexValue):
+ (WTF::lowerNibbleToASCIIHexDigit):
+ (WTF::upperNibbleToASCIIHexDigit):
+
+2011-12-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit may get confused about where in the scratch buffer it stored a value
+ https://bugs.webkit.org/show_bug.cgi?id=74695
+
+ Reviewed by Oliver Hunt.
+
+ The code that reads from the scratch buffer now explicitly knows which locations to
+ read from. No new tests, since this patch covers a case so uncommon that I don't know
+ how to make a test for it.
+
+ * dfg/DFGOSRExitCompiler.h:
+ (JSC::DFG::OSRExitCompiler::badIndex):
+ (JSC::DFG::OSRExitCompiler::initializePoisoned):
+ (JSC::DFG::OSRExitCompiler::poisonIndex):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2011-12-16 Oliver Hunt <oliver@apple.com>
+
+ PutByVal[Alias] unnecessarily reloads the storage buffer
+ https://bugs.webkit.org/show_bug.cgi?id=74747
+
+ Reviewed by Gavin Barraclough.
+
+ Make PutByVal use GetIndexedStorage to load the storage buffer.
+ This required switching PutByVal to a vararg node (which is
+ responsible for most of the noise in this patch). This fixes the
+ remaining portion of the kraken regression caused by the GetByVal
+ storage load elimination, and a 1-5% win on some of the sub tests of
+ the typed array benchmark at:
+ http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::byValIndexIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-16 Daniel Bates <dbates@rim.com>
+
+ Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h
+
+ Rubber-stamped by Antonio Gomes.
+
+ BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't
+ declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h
+ instead of BlackBerryPlatformMisc.h.
+
+ * wtf/Assertions.cpp:
+
+2011-12-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize destructors
+ https://bugs.webkit.org/show_bug.cgi?id=74331
+
+ Reviewed by Geoffrey Garen.
+
+ This is a megapatch which frees us from the chains of virtual destructors.
+
+ In order to remove the virtual destructors, which are the last of the virtual
+ functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to
+ the cell rather than to the structure because in order to be able to lazily call
+ the static destroy() functions that will replace the virtual destructors, we
+ need to be able to access the ClassInfo without the danger of the object's
+ Structure being collected before the object itself.
+
+ After adding the ClassInfo to the cell, we can then begin to remove our use
+ of vptrs for optimizations within the JIT and the GC. When we have removed
+ all of the stored vptrs from JSGlobalData, we can then also remove all of
+ the related VPtrStealingHack code.
+
+ The replacement for virtual destructors will be to add a static destroy function
+ pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has
+ a non-trivial destructor will require its own static destroy function to static
+ call its corresponding destructor, which will now be non-virtual. In future
+ patches we will slowly move away from destructors altogether as we make more and
+ more objects backed by GC memory rather than malloc-ed memory. The GC will now
+ call the static destroy method rather than the virtual destructor.
+
+ As we go through the hierarchy and add static destroy functions to classes,
+ we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes
+ to which it applies. The future goal is to eventually have every class have that assert.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call
+ ~JSCallbackConstructor because it has some extra destruction logic.
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction.
+ * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject
+ because it has a member OwnPtr that needs destruction.
+ (JSC::::destroy):
+ * API/JSCallbackObject.h:
+ * JavaScriptCore.exp: Add/remove necessary symbols for JSC.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols.
+ * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't
+ have its own ClassInfo despite the fact that it overrides a number of MethodTable
+ methods. Added the ClassInfo, along with an assertion that its destructor is trivial.
+ * debugger/DebuggerActivation.h:
+ * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray,
+ isJSString, as it is no longer necessary.
+ (JSC::DFG::putByVal):
+ * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the
+ JSArray ClassInfo pointer.
+ (JSC::DFG::tryCacheGetByID):
+ * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo
+ comparisons since we don't have vptrs anymore.
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileStrictEq):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h: Ditto.
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ * dfg/DFGSpeculativeJIT32_64.cpp: Ditto.
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp: Ditto.
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with
+ ClassInfo comparisons.
+ (JSC::Heap::Heap):
+ * heap/MarkStack.cpp: Ditto.
+ (JSC::MarkStackThreadSharedData::markingThreadMain):
+ (JSC::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/MarkStack.h: Ditto.
+ (JSC::MarkStack::MarkStack):
+ * heap/MarkedBlock.cpp: Ditto.
+ (JSC::MarkedBlock::callDestructor):
+ (JSC::MarkedBlock::specializedSweep):
+ * heap/MarkedBlock.h: Ditto.
+ * heap/SlotVisitor.h: Ditto.
+ (JSC::SlotVisitor::SlotVisitor):
+ * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them.
+ We'll have to rename this class and make it use ClassInfo ptrs in a future patch.
+ (JSC::VTableSpectrum::count):
+ * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray,
+ etc. functions.
+ (JSC::loadVarargs):
+ (JSC::Interpreter::tryCacheGetByID):
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject
+ * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting,
+ remove all vtable related code.
+ (JSC::JIT::emitLoadCharacterString):
+ (JSC::JIT::emitAllocateBasicJSObject):
+ (JSC::JIT::emitAllocateJSFinalObject):
+ (JSC::JIT::emitAllocateJSFunction):
+ * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo.
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emit_op_convert_this):
+ * jit/JITOpcodes32_64.cpp: Ditto.
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emitSlow_op_eq):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_convert_this):
+ * jit/JITPropertyAccess.cpp: Ditto.
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ * jit/JITPropertyAccess32_64.cpp: Ditto.
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ * jit/JITStubs.cpp: Remove global data argument from isJSString, etc.
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff.
+ (JSC::SpecializedThunkJIT::loadJSStringArgument):
+ * runtime/ArrayConstructor.cpp: Add trivial destructor assert.
+ * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray.
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ * runtime/BooleanConstructor.cpp: Add trivial destructor assert.
+ * runtime/BooleanObject.cpp: Ditto.
+ * runtime/BooleanPrototype.cpp: Ditto.
+ * runtime/ClassInfo.h: Add destroy function pointer to MethodTable.
+ * runtime/DateConstructor.cpp: Add trivial destructor assert.
+ * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr
+ that needs destruction.
+ (JSC::DateInstance::destroy):
+ * runtime/DateInstance.h:
+ * runtime/Error.cpp: Ditto (because of UString member).
+ (JSC::StrictModeTypeErrorFunction::destroy):
+ * runtime/Error.h:
+ * runtime/ErrorConstructor.cpp: Add trivial destructor assert.
+ * runtime/ErrorInstance.cpp: Ditto.
+ * runtime/ExceptionHelpers.cpp: Ditto.
+ * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses.
+ (JSC::ExecutableBase::destroy):
+ (JSC::NativeExecutable::destroy):
+ (JSC::ScriptExecutable::destroy):
+ (JSC::EvalExecutable::destroy):
+ (JSC::ProgramExecutable::destroy):
+ (JSC::FunctionExecutable::destroy):
+ * runtime/Executable.h:
+ * runtime/FunctionConstructor.cpp: Add trivial destructor assert.
+ * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray.
+ (JSC::functionProtoFuncApply):
+ * runtime/GetterSetter.cpp: Ditto.
+ * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no
+ longer exists.
+ (JSC::initializeThreadingOnce):
+ * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert,
+ remove first arg from isJSString.
+ (JSC::InternalFunction::displayName):
+ * runtime/InternalFunction.h: Remove VPtrStealingHack.
+ * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert.
+ * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in
+ destructor with ClassInfo checks.
+ (JSC::JSArray::~JSArray):
+ (JSC::JSArray::destroy):
+ * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray
+ and change them to check the ClassInfo rather than the vptrs.
+ (JSC::isJSArray):
+ * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray.
+ (JSC::boundFunctionCall):
+ (JSC::boundFunctionConstruct):
+ * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks.
+ (JSC::JSByteArray::~JSByteArray):
+ (JSC::JSByteArray::destroy):
+ * runtime/JSByteArray.h: Remove VPtrStealingHack code.
+ (JSC::isJSByteArray):
+ * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function.
+ (JSC::JSCell::destroy):
+ * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset
+ of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to
+ the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions,
+ as they are no longer used. Add a validatedClassInfo function to JSCell for any clients
+ that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the
+ same one as that contained in the Structure. This isn't used too often, because most of
+ the places where we compare the ClassInfo to things can be called during destruction.
+ Since the Structure is unreliable during the phase when destructors are being called,
+ we can't call validatedClassInfo.
+ (JSC::JSCell::classInfoOffset):
+ (JSC::JSCell::structure):
+ (JSC::JSCell::classInfo):
+ * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor,
+ remove first arg from call to isJSString.
+ (JSC::JSFunction::destroy):
+ (JSC::JSFunction::displayName):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs,
+ as these vptrs are no longer needed in the codebase.
+ * runtime/JSGlobalData.h:
+ (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use
+ ClassInfo rather than the vptr.
+ * runtime/JSGlobalObject.cpp: Add static destroy function.
+ (JSC::JSGlobalObject::destroy):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalThis.cpp: Add trivial destructor assert.
+ * runtime/JSNotAnObject.cpp: Ditto.
+ * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls.
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSFinalObject::destroy):
+ (JSC::JSNonFinalObject::destroy):
+ (JSC::JSObject::destroy):
+ * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor
+ from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and
+ JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code.
+ (JSC::JSObject::finishCreation):
+ (JSC::JSNonFinalObject::finishCreation):
+ (JSC::JSFinalObject::finishCreation):
+ (JSC::isJSFinalObject):
+ * runtime/JSPropertyNameIterator.cpp: Add static destroy.
+ (JSC::JSPropertyNameIterator::destroy):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp: Ditto.
+ (JSC::JSStaticScopeObject::destroy):
+ * runtime/JSStaticScopeObject.h: Ditto.
+ * runtime/JSString.cpp:
+ (JSC::JSString::destroy):
+ * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code,
+ since we no longer need to fixup vptrs.
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsNontrivialString):
+ (JSC::jsString):
+ (JSC::jsSubstring8):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString):
+ (JSC::jsStringBuilder):
+ (JSC::isJSString):
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::destroy):
+ * runtime/JSVariableObject.h: Ditto.
+ * runtime/JSWrapperObject.cpp:
+ * runtime/JSWrapperObject.h: Add trivial destructor assert.
+ * runtime/MathObject.cpp: Ditto.
+ * runtime/NativeErrorConstructor.cpp: Ditto.
+ * runtime/NumberConstructor.cpp: Ditto.
+ * runtime/NumberObject.cpp: Ditto.
+ * runtime/NumberPrototype.cpp: Ditto.
+ * runtime/ObjectConstructor.cpp: Ditto.
+ * runtime/ObjectPrototype.cpp: Ditto.
+ * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString.
+ (JSC::jsString):
+ (JSC::jsLess):
+ (JSC::jsLessEq):
+ * runtime/RegExp.cpp: Add static destroy.
+ (JSC::RegExp::destroy):
+ * runtime/RegExp.h:
+ * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray.
+ (JSC::RegExpConstructor::destroy):
+ (JSC::RegExpMatchesArray::destroy):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.cpp: Add static destroy.
+ (JSC::RegExpObject::destroy):
+ * runtime/RegExpObject.h:
+ * runtime/ScopeChain.cpp: Add trivial destructor assert.
+ * runtime/ScopeChain.h:
+ * runtime/StrictEvalActivation.cpp: Ditto.
+ * runtime/StringConstructor.cpp:
+ * runtime/StringObject.cpp: Ditto. Remove vtableAnchor.
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp: Ditto.
+ * runtime/Structure.cpp: Add static destroy.
+ (JSC::Structure::destroy):
+ * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h
+ because they need to have the full Structure type to access the ClassInfo to store in the JSCell.
+ (JSC::JSCell::setStructure):
+ (JSC::JSCell::validatedClassInfo):
+ (JSC::JSCell::JSCell):
+ (JSC::JSCell::finishCreation):
+ * runtime/StructureChain.cpp: Add static destroy.
+ (JSC::StructureChain::destroy):
+ * runtime/StructureChain.h:
+ * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs
+ ability to tell us when a class has a trivial destructor. We will use this assert
+ more in future patches as we move toward having all JSC objects backed by GC memory,
+ which means moving away from using destructors/finalizers.
+
+2011-12-15 Martin Robinson <mrobinson@igalia.com>
+
+ Fix 'make dist' in preparation for the GTK+ release.
+
+ * GNUmakefile.list.am: Add missing header.
+
+2011-12-15 Sam Weinig <sam@webkit.org>
+
+ <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly
+
+ Reviewed by Gavin Barraclough.
+
+ Original patch by Jim Grosbach.
+
+ * jit/JITStubs.cpp:
+ (JSC::ctiTrampoline):
+ (JSC::ctiVMThrowTrampoline):
+ Replace uses of the 'cpy' mnemonic with 'mov'.
+
+2011-12-15 Filip Pizlo <fpizlo@apple.com>
+
+ Value profiling should distinguished between NaN and non-NaN doubles
+ https://bugs.webkit.org/show_bug.cgi?id=74682
+
+ Reviewed by Gavin Barraclough.
+
+ Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
+ of the two.
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromValue):
+ * bytecode/PredictedType.h:
+ (JSC::isDoubleRealPrediction):
+ (JSC::isDoublePrediction):
+
+2011-12-15 Anders Carlsson <andersca@apple.com>
+
+ Regression (r102866): Navigating away from or closing a page with a plugin crashes
+ https://bugs.webkit.org/show_bug.cgi?id=74655
+ <rdar://problem/10590024>
+
+ Reviewed by Sam Weinig.
+
+ Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes,
+ using a modified version of the technique described here:
+ http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699
+
+ * wtf/Functional.h:
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Warnings fixes in Interpreter.cpp and PrivateExecute.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=74624
+
+ Reviewed by Darin Adler.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Fix variables unused in
+ release mode.
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment): Fix
+ signed/unsigned comparison warning, with a cast.
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Use more macrology in JSC::Options
+ https://bugs.webkit.org/show_bug.cgi?id=72938
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/Options.cpp:
+ (JSC::Options::initializeOptions):
+ * runtime/Options.h: Use macros to ensure that all heuristics are
+ declared and have initializers.
+
+2011-12-15 Anders Carlsson <andersca@apple.com>
+
+ Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define
+ https://bugs.webkit.org/show_bug.cgi?id=74639
+
+ Reviewed by Andreas Kling.
+
+ Add ENABLE_THREADED_SCROLLING #define.
+
+ * wtf/Platform.h:
+
+2011-12-15 Anders Carlsson <andersca@apple.com>
+
+ EventDispatcher should handle wheel events on the connection queue
+ https://bugs.webkit.org/show_bug.cgi?id=74627
+
+ Reviewed by Andreas Kling.
+
+ Add a BoundFunctionImpl specialization that takes three parameters.
+
+ * wtf/Functional.h:
+ (WTF::C::):
+ (WTF::R):
+ (WTF::bind):
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Add WTF::Function to wtf/Forward.h
+ https://bugs.webkit.org/show_bug.cgi?id=74576
+
+ Reviewed by Adam Roben.
+
+ * jsc.cpp:
+ Work around a name conflict in the readline library.
+
+ * wtf/Forward.h:
+ Add Function.
+
+2011-12-15 Igor Oliveira <igor.oliveira@openbossa.org>
+
+ [Qt] Support requestAnimationFrame API
+ https://bugs.webkit.org/show_bug.cgi?id=74528
+
+ Let Qt port use REQUEST_ANIMATION_FRAME_TIMER.
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * wtf/Platform.h:
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Minor refactor to Parser::parseTryStatement
+ https://bugs.webkit.org/show_bug.cgi?id=74507
+
+ Reviewed by Geoffrey Garen.
+
+ * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the
+ Parser's declareVariable instead of going directly to the scope.
+ This will facilitate future checks related to harmony block
+ scoping.
+
+2011-12-15 Andy Wingo <wingo@igalia.com>
+
+ Rename JSC::Heuristics to JSC::Options
+ https://bugs.webkit.org/show_bug.cgi?id=72889
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp.
+ * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ (JSC::CodeBlock::reoptimizationRetryCounter):
+ (JSC::CodeBlock::countReoptimization):
+ (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
+ (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
+ (JSC::CodeBlock::optimizeNextInvocation):
+ (JSC::CodeBlock::dontOptimizeAnytimeSoon):
+ (JSC::CodeBlock::optimizeSoon):
+ (JSC::CodeBlock::largeFailCountThreshold):
+ (JSC::CodeBlock::largeFailCountThresholdForLoop):
+ (JSC::CodeBlock::shouldReoptimizeNow):
+ (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::mightInlineFunctionForCall):
+ (JSC::DFG::mightInlineFunctionForConstruct):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackSegmentAllocator::allocate):
+ (JSC::MarkStackSegmentAllocator::shrinkReserve):
+ (JSC::MarkStackArray::MarkStackArray):
+ (JSC::MarkStackArray::donateSomeCellsTo):
+ (JSC::MarkStackArray::stealSomeCellsFrom):
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::SlotVisitor::donateSlow):
+ (JSC::SlotVisitor::drain):
+ (JSC::SlotVisitor::drainFromShared):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStackArray::canDonateSomeCells):
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::donate):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce): Adapt callers and build systems.
+
+ * testRegExp.cpp:
+ (CommandLine::CommandLine):
+ * jsc.cpp:
+ (CommandLine::CommandLine):
+ Rename from Options, to avoid name conflict.
+
+2011-12-14 Sam Weinig <sam@webkit.org>
+
+ Revert unintentional change to JavaScriptCore.def
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-12-14 Sam Weinig <weinig@apple.com>
+
+ Remove whitespace from InheritedPropertySheets attributes in
+ vsprops files to appease the Visual Studio project migrator.
+
+ Reviewed by Adam Roben.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscDebug.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ binding a member function should ref/deref the object pointer if needed
+ https://bugs.webkit.org/show_bug.cgi?id=74552
+
+ Reviewed by Sam Weinig.
+
+ Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref
+ member functions which the right type. Use this to determine if we should ref/deref the first parameter.
+
+ * wtf/Functional.h:
+ (WTF::R):
+ (WTF::C::):
+ (WTF::RefAndDeref::ref):
+ (WTF::RefAndDeref::deref):
+
+2011-12-14 Hajime Morrita <morrita@chromium.org>
+
+ JS_INLINE and WTF_INLINE should be visible from WebCore
+ https://bugs.webkit.org/show_bug.cgi?id=73191
+
+ - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
+ - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
+ - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
+
+ Reviewed by Kevin Ollivier.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * config.h:
+ * runtime/JSExportMacros.h: Added.
+ * wtf/ExportMacros.h:
+ * wtf/Platform.h:
+ * wtf/WTFThreadData.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringStatics.cpp:
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Work around a bug in the MSVC2005 compiler
+ https://bugs.webkit.org/show_bug.cgi?id=74550
+
+ Reviewed by Sam Weinig.
+
+ Add template parameters for the return types of the partial specializations of BoundFunctionImpl.
+
+ * wtf/Functional.h:
+ (WTF::R):
+
+2011-12-13 Jon Lee <jonlee@apple.com>
+
+ Enable notifications on Mac.
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-12-14 David Kilzer <ddkilzer@apple.com>
+
+ Remove definition of old ENABLE(YARR) macro
+ <http://webkit.org/b/74532>
+
+ Reviewed by Darin Adler.
+
+ * wtf/Platform.h: Removed ENABLE_YARR macros.
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ bind should handle member functions
+ https://bugs.webkit.org/show_bug.cgi?id=74529
+
+ Reviewed by Sam Weinig.
+
+ Add FunctionWrapper partial specializations for member function pointers.
+
+ * wtf/Functional.h:
+ (WTF::C::):
+
+2011-12-14 Gavin Barraclough <barraclough@apple.com>
+
+ DFG relies on returning a struct in registers
+ https://bugs.webkit.org/show_bug.cgi?id=74527
+
+ Reviewed by Geoff Garen.
+
+ This will not work on all platforms. Returning a uint64_t will more reliably achieve
+ what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
+
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ (JSC::DFG::DFGHandler::dfgHandlerEncoded):
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Add unary and binary bind overloads
+ https://bugs.webkit.org/show_bug.cgi?id=74524
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Functional.h:
+ (WTF::R):
+ (WTF::FunctionWrapper::ResultType):
+ (WTF::bind):
+
+2011-12-14 Anders Carlsson <andersca@apple.com>
+
+ Add back the callOnMainThread overload that takes a WTF::Function
+ https://bugs.webkit.org/show_bug.cgi?id=74512
+
+ Reviewed by Darin Adler.
+
+ Add back the overload; the changes to WebCore should hopefully keep Windows building.
+
+ * wtf/MainThread.cpp:
+ (WTF::callFunctionObject):
+ (WTF::callOnMainThread):
+ * wtf/MainThread.h:
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should infer when local variables are doubles
+ https://bugs.webkit.org/show_bug.cgi?id=74480
+
+ Reviewed by Oliver Hunt.
+
+ Introduced the notion that a local variable (though not an argument, yet!) can
+ be stored as a double, and will be guaranteed to always contain a double. This
+ requires more magic in the OSR (conversion in both entry and exit). The inference
+ is quite unorthodox: all uses of a variable vote on whether they think it should
+ be a double or a JSValue, based on how they use it. If they use it in an integer
+ or boxed value context, they vote JSValue. If they use it in a double context,
+ they vote double. This voting is interleaved in the propagator's fixpoint, so
+ that variables voted double then have a double prediction propagated from them.
+ This interleaving is needed because a variable that actually always contains an
+ integer that always gets used in arithmetic that involves doubles may end up
+ being voted double, which then means that all uses of the variable will see a
+ double rather than an integer.
+
+ This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7%
+ to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to
+ Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial.
+ It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar
+ results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall
+ win on SunSpider.
+
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble):
+ (JSC::ValueRecovery::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::boxDouble):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::vote):
+ (JSC::DFG::Propagator::doRoundOfDoubleVoting):
+ (JSC::DFG::Propagator::propagatePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGVariableAccessData.h:
+ (JSC::DFG::VariableAccessData::VariableAccessData):
+ (JSC::DFG::VariableAccessData::clearVotes):
+ (JSC::DFG::VariableAccessData::vote):
+ (JSC::DFG::VariableAccessData::doubleVoteRatio):
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
+ (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
+ (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::tearOff):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-12-13 Anders Carlsson <andersca@apple.com>
+
+ Try to fix the Windows build.
+
+ Remove the callOnMainThread overload that takes a WTF::Function since it's not being used.
+
+ * wtf/MainThread.cpp:
+ * wtf/MainThread.h:
+
+2011-12-13 Anders Carlsson <andersca@apple.com>
+
+ Add a very bare-bones implementation of bind and Function to WTF
+ https://bugs.webkit.org/show_bug.cgi?id=74462
+
+ Reviewed by Sam Weinig.
+
+ In order to make it easier to package up function calls and send them across
+ threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new
+ wtf/Functional.h header.
+
+ Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied,
+ but I'll add more as the need arises.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Functional.h: Added.
+ (WTF::R):
+ (WTF::FunctionImplBase::~FunctionImplBase):
+ (WTF::FunctionWrapper::ResultType):
+ (WTF::FunctionBase::isNull):
+ (WTF::FunctionBase::FunctionBase):
+ (WTF::FunctionBase::impl):
+ (WTF::bind):
+ * wtf/MainThread.cpp:
+ (WTF::callFunctionObject):
+ (WTF::callOnMainThread):
+ * wtf/MainThread.h:
+ * wtf/wtf.pro:
+
+2011-12-13 Geoffrey Garen <ggaren@apple.com>
+
+ <rdar://problem/10577239> GC Crash introduced in r102545
+
+ Reviewed by Gavin Barraclough.
+
+ MarkedArgumentBuffer was still marking items in forwards order, even though
+ the argument order has been reversed.
+
+ I fixed this bug, and replaced address calculation code with some helper
+ functions -- mallocBase() and slotFor() -- so it stays fixed everywhere.
+
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
+ (JSC::MarkedArgumentBuffer::at):
+ (JSC::MarkedArgumentBuffer::append):
+ (JSC::MarkedArgumentBuffer::last):
+ (JSC::MarkedArgumentBuffer::slotFor):
+ (JSC::MarkedArgumentBuffer::mallocBase):
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit for UInt32ToNumber should roll forward, not roll backward
+ https://bugs.webkit.org/show_bug.cgi?id=74463
+
+ Reviewed by Gavin Barraclough.
+
+ Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
+ how to execute the slow path of UInt32ToNumber.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::lastOSRExit):
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::operator!=):
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::uint32InGPR):
+ (JSC::ValueRecovery::gpr):
+ (JSC::ValueRecovery::dump):
+ * dfg/DFGAssemblyHelpers.cpp:
+ * dfg/DFGAssemblyHelpers.h:
+ * dfg/DFGOSRExit.h:
+ (JSC::DFG::OSRExit::valueRecoveryForOperand):
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-13 Oliver Hunt <oliver@apple.com>
+
+ Arguments object doesn't handle mutation of length property correctly
+ https://bugs.webkit.org/show_bug.cgi?id=74454
+
+ Reviewed by Gavin Barraclough.
+
+ Correct handling of arguments objects with overridden length property
+
+ * interpreter/Interpreter.cpp:
+ (JSC::loadVarargs):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::copyToArguments):
+ (JSC::Arguments::fillArgList):
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG GetByVal CSE rule should match PutByValAlias
+ https://bugs.webkit.org/show_bug.cgi?id=74390
+
+ Reviewed by Geoff Garen.
+
+ Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getByValLoadElimination):
+
+2011-12-13 Andy Wingo <wingo@igalia.com>
+
+ Fix interpreter debug build.
+ https://bugs.webkit.org/show_bug.cgi?id=74439
+
+ Reviewed by Geoffrey Garen.
+
+ * bytecode/ValueRecovery.h: Include stdio.h on debug builds.
+
+2011-12-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should know exactly why recompilation was triggered
+ https://bugs.webkit.org/show_bug.cgi?id=74362
+
+ Reviewed by Oliver Hunt.
+
+ Each OSR exit is now individually counted, as well as counting the total number
+ of OSR exits that occurred in a code block. If recompilation is triggered, we
+ check to see if there are OSR exit sites that make up a sufficiently large
+ portion of the total OSR exits that occurred. For any such OSR exit sites, we
+ add a description of the site (bytecode index, kind) to a data structure in the
+ corresponding baseline CodeBlock. Then, when we recompile the code, we immediately
+ know which speculations would be unwise based on the fact that previous such
+ speculations proved to be fruitless.
+
+ This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue,
+ and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less
+ than 0.5%.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::tallyFrequentExitSites):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addFrequentExitSite):
+ (JSC::CodeBlock::exitProfile):
+ (JSC::CodeBlock::reoptimize):
+ (JSC::CodeBlock::tallyFrequentExitSites):
+ * bytecode/DFGExitProfile.cpp: Added.
+ (JSC::DFG::ExitProfile::ExitProfile):
+ (JSC::DFG::ExitProfile::~ExitProfile):
+ (JSC::DFG::ExitProfile::add):
+ (JSC::DFG::QueryableExitProfile::QueryableExitProfile):
+ (JSC::DFG::QueryableExitProfile::~QueryableExitProfile):
+ * bytecode/DFGExitProfile.h: Added.
+ (JSC::DFG::exitKindToString):
+ (JSC::DFG::exitKindIsCountable):
+ (JSC::DFG::FrequentExitSite::FrequentExitSite):
+ (JSC::DFG::FrequentExitSite::operator!):
+ (JSC::DFG::FrequentExitSite::operator==):
+ (JSC::DFG::FrequentExitSite::hash):
+ (JSC::DFG::FrequentExitSite::bytecodeOffset):
+ (JSC::DFG::FrequentExitSite::kind):
+ (JSC::DFG::FrequentExitSite::isHashTableDeletedValue):
+ (JSC::DFG::FrequentExitSiteHash::hash):
+ (JSC::DFG::FrequentExitSiteHash::equal):
+ (JSC::DFG::QueryableExitProfile::hasExitSite):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock):
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGOSRExit.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
+ * dfg/DFGOSRExit.h:
+ (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-12-13 Michael Saboff <msaboff@apple.com>
+
+ Cleanup of StringImpl::equal in r102631 post commit
+ https://bugs.webkit.org/show_bug.cgi?id=74421
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/AtomicString.h:
+ (WTF::operator==): Removed cast no longer needed.
+ * wtf/text/StringImpl.h:
+ (WTF::equal): Changed template to several overloaded methods.
+
+2011-12-12 Michael Saboff <msaboff@apple.com>
+
+ Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h
+ https://bugs.webkit.org/show_bug.cgi?id=73622
+
+ Reviewed by Oliver Hunt.
+
+ Moved equal(charType1 *, charType2, unsigned) template methods
+ from static StringImpl.cpp to StringImpl.h and then replaced the
+ processor specific character comparison code in StringHash::equal
+ with calls to these methods.
+
+ This change is worth 3% on SunSpider string-unpack-code as reported
+ by the SunSpider command line harness. No other tests appear to
+ have measurable performance changes.
+
+ * wtf/text/AtomicString.h:
+ (WTF::operator==):
+ * wtf/text/StringHash.h:
+ (WTF::StringHash::equal):
+ * wtf/text/StringImpl.cpp:
+ * wtf/text/StringImpl.h:
+ (WTF::LChar):
+ (WTF::UChar):
+ (WTF::equal):
+
+2011-12-12 Filip Pizlo <fpizlo@apple.com>
+
+ ARMv7 version of DFG soft modulo does register allocation inside of control flow
+ https://bugs.webkit.org/show_bug.cgi?id=74354
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+
+2011-12-12 Andy Wingo <wingo@igalia.com>
+
+ Simplify autotools configure.ac
+ https://bugs.webkit.org/show_bug.cgi?id=74312
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags.
+
+2011-12-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber
+ https://bugs.webkit.org/show_bug.cgi?id=74329
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getByValLoadElimination):
+
+2011-12-09 Alexander Pavlov <apavlov@chromium.org>
+
+ WebKit does not enumerate over CSS properties in HTMLElement.style
+ https://bugs.webkit.org/show_bug.cgi?id=23946
+
+ Reviewed by Darin Adler.
+
+ Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
+ introduce an std::sort() comparator function.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/WTFString.h:
+ (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
+
+2011-12-12 Alexander Pavlov <apavlov@chromium.org>
+
+ Unreviewed, build fix.
+
+ Revert r102570 which broke SnowLeopard builders.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/WTFString.h:
+
+2011-12-09 Alexander Pavlov <apavlov@chromium.org>
+
+ WebKit does not enumerate over CSS properties in HTMLElement.style
+ https://bugs.webkit.org/show_bug.cgi?id=23946
+
+ Reviewed by Darin Adler.
+
+ Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
+ introduce an std::sort() comparator function.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/WTFString.h:
+ (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
+
+2011-12-12 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck issues.
+
+ * GNUmakefile.list.am:
+
+2011-12-11 Sam Weinig <sam@webkit.org>
+
+ Fix another signed vs. unsigned warning
+
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
+
+2011-12-11 Sam Weinig <sam@webkit.org>
+
+ Fix a signed vs. unsigned warning.
+
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ Cast inlineCapacity to an int to appease the warning. This is known OK
+ since inlineCapacity is defined to be 8.
+
+2011-12-11 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out *another* debugging change I committed accidentally.
+
+ Unreviewed.
+
+ * Configurations/Base.xcconfig:
+
+2011-12-11 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out a debug counter I committed accidentally.
+
+ Unreviewed.
+
+ * jit/JITStubs.cpp:
+ (JSC::arityCheckFor):
+
+2011-12-10 Geoffrey Garen <ggaren@apple.com>
+
+ v8 benchmark takes 12-13 million function call slow paths due to extra arguments
+ https://bugs.webkit.org/show_bug.cgi?id=74244
+
+ Reviewed by Filip Pizlo.
+
+ .arguments function of order the Reversed
+
+ 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
+ and SunSpider.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
+ to this function is an argument number.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
+ helper functions for computing offsets for arguments, rather than doing
+ the math by hand.
+
+ Switched to iterating argument offsets backwards (--) instead of forwards (++).
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::CallArguments::thisRegister):
+ (JSC::CallArguments::argumentRegister):
+ (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
+
+ * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::flush):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
+ that just-in-time convert to bytecode operands (i.e., indexes in the register
+ file) through helper functions. This means only one piece of code needs
+ to know how arguments are laid out in the register file.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump): Ditto.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueProfileFor): Ditto.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
+ Treat too many arguments as an arity match.
+
+ * dfg/DFGOSRExit.h:
+ (JSC::DFG::OSRExit::variableForIndex):
+ (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
+
+ * dfg/DFGOperands.h:
+ (JSC::DFG::operandToArgument):
+ (JSC::DFG::argumentToOperand): These are now the only two lines of code in
+ the DFG compiler that know how arguments are laid out in memory.
+
+ (JSC::DFG::Operands::operand):
+ (JSC::DFG::Operands::setOperand): Use helper functions, as above.
+
+ * dfg/DFGOperations.cpp: The whole point of this patch:
+ Treat too many arguments as an arity match.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
+
+ Also, don't tag the caller frame slot as a cell, because it's not a cell.
+
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
+
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
+ argument virtual register instead of recomputing by hand.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::callFrameSlot):
+ (JSC::DFG::SpeculativeJIT::argumentSlot):
+ (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
+ (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
+ (JSC::DFG::SpeculativeJIT::argumentTagSlot):
+ (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
+ functions for dealing with callee arguments specifically. These still
+ build on top of our other helper functions, and have no direct knowledge
+ of how arguments are laid out in the register file.
+
+ (JSC::DFG::SpeculativeJIT::resetCallArguments):
+ (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
+ argumentOffset to match CallFrame naming.
+
+ (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
+ functions, as above.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::argumentOffset):
+ (JSC::ExecState::argumentOffsetIncludingThis):
+ (JSC::ExecState::argument):
+ (JSC::ExecState::setArgument):
+ (JSC::ExecState::thisArgumentOffset):
+ (JSC::ExecState::thisValue):
+ (JSC::ExecState::setThisValue):
+ (JSC::ExecState::offsetFor):
+ (JSC::ExecState::hostThisRegister):
+ (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
+ computing where an argument is in the register file. Anything in the
+ runtime that needs to access arguments should use these helpers.
+
+ * interpreter/CallFrameClosure.h:
+ (JSC::CallFrameClosure::setThis):
+ (JSC::CallFrameClosure::setArgument):
+ (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
+ that too many arguments counts as an arity match and doesn't require
+ preserving two copies of our arguments.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
+ special if the caller provided too few arguments.
+
+ Key simplification: We never need to maintain two copies of our arguments
+ anymore.
+
+ (JSC::eval):
+ (JSC::loadVarargs): Use helper functions.
+
+ (JSC::Interpreter::unwindCallFrame): Updated for new interface.
+
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
+ functions.
+
+ (JSC::Interpreter::privateExecute): No need to check for stack overflow
+ when calling host functions because they have zero callee registers.
+
+ (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
+ object, since there's no special constructor for this anymore.
+
+ * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
+ workers tests were hitting stack overflow in some of my testing. We should
+ make this test more exact in future.
+
+ * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
+ location that does not belong to the CallFrame class!
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
+
+ Also, the whole point of this patch: Treat too many arguments as an arity match.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
+ helper functions, for backwards-correctness. Removed the condition
+ pertaining to declared argument count because, now that arguments are
+ always in just one place, this optimization is valid for all functions.
+ Standardized the if predicate for each line of the optimization. This might
+ fix a bug, but I couldn't get the bug to crash in practice.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_create_arguments):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::emitSlow_op_get_argument_by_val):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_create_arguments):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
+ optimization because it's no longer an optimization, now that arguments
+ are always contiguous in a known location.
+
+ Updated argument access opcode math for backwards-correctness.
+
+ * jit/JITStubs.cpp:
+ (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
+ function is slightly different because it copies the call frame in
+ addition to the arguments. (In the Interpreter, the call frame is not
+ set up by this point.)
+
+ (JSC::lazyLinkFor): The whole point of this patch: Treat too many
+ arguments as an arity match.
+
+ (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
+
+ * jit/JITStubs.h:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::loadDoubleArgument):
+ (JSC::SpecializedThunkJIT::loadCellArgument):
+ (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
+ build strong bones and teeth!
+
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice):
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
+ (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
+ (JSC::MarkedArgumentBuffer::at):
+ (JSC::MarkedArgumentBuffer::clear):
+ (JSC::MarkedArgumentBuffer::append):
+ (JSC::MarkedArgumentBuffer::removeLast):
+ (JSC::MarkedArgumentBuffer::last):
+ (JSC::ArgList::ArgList):
+ (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
+ play nice with backwards-ness, so I changed to using manual allocation.
+
+ Fixed a FIXME about not all values being marked in the case of out-of-line
+ arguments. I had to rewrite the loop anyway, and I didn't feel like
+ maintaining fidelity to its old bugs.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ (JSC::Arguments::copyToArguments):
+ (JSC::Arguments::fillArgList):
+ (JSC::Arguments::getOwnPropertySlotByIndex):
+ (JSC::Arguments::getOwnPropertySlot):
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ (JSC::Arguments::putByIndex):
+ (JSC::Arguments::put):
+ (JSC::Arguments::tearOff):
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::Arguments):
+ (JSC::Arguments::argument):
+ (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
+ lots of tricky code designed to maintain two different copies of function
+ arguments. Now that arguments are always contiguous in one place in memory,
+ this complexity can go away.
+
+ Reduced down to one create function for the Arguments class, from three.
+
+ Moved tearOff() into an out-of-line function because it's huge.
+
+ Moved logic about whether to tear off eagerly into the Arguments class,
+ so we didn't have to duplicate it elsewhere.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
+ m_numCapturedArgs because if the value really were m_numParametersMinusThis
+ we would be marking too much. (We shouldn't mark 'this' because it can't
+ be captured.) Also, use helper functions.
+
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::tearOff): Use helper functions.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::copyToArguments):
+ * runtime/JSArray.h: Use helper functions, as above.
+
+2011-12-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSC testapi is crashing on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=74233
+
+ Reviewed by Sam Weinig.
+
+ Same error we've encountered before where we are calling the wrong version of
+ visitChildren and objects that are still reachable aren't getting marked.
+ This problem will go away soon with the removal of vptrs for these sorts of
+ optimizations in favor of using the ClassInfo, but for now we can simply give
+ JSFinalObject a bogus virtual method that Visual Studio can't optimize away to
+ ensure that JSFinalObject will always have a unique vptr. We don't have to worry
+ about JSString or JSArray right now, which are the other two special cases for
+ visitChildren, since they already have their own virtual functions.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSObject.cpp:
+ (JSC::JSFinalObject::vtableAnchor):
+ * runtime/JSObject.h:
+
+2011-12-10 Alexis Menard <alexis.menard@openbossa.org>
+
+ Unused variable in YarrJIT.cpp.
+ https://bugs.webkit.org/show_bug.cgi?id=74237
+
+ Reviewed by Andreas Kling.
+
+ Variable is set but not used so we can remove it.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
+2011-12-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ArithMul power-of-two case does not check for overflow
+ https://bugs.webkit.org/show_bug.cgi?id=74230
+
+ Reviewed by Gavin Barraclough.
+
+ Disabled power-of-2 peephole optimization for multiplication, because it was wrong,
+ and any attempt to fix it would likely introduce code bloat and register pressure.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+
+2011-12-09 David Levin <levin@chromium.org>
+
+ REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock
+ https://bugs.webkit.org/show_bug.cgi?id=73886
+
+ Reviewed by Darin Adler.
+
+ * runtime/SymbolTable.h:
+ (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for
+ another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads.
+ Bug 58091 is about changing these deprecated calls to something else but that something
+ else will still need to be in all of these places.
+
+2011-12-09 Konrad Piascik <kpiascik@rim.com>
+
+ Remove unnecessary file DissasemblerARM.cpp from build system
+ https://bugs.webkit.org/show_bug.cgi?id=74184
+
+ Reviewed by Daniel Bates.
+
+ * PlatformBlackBerry.cmake:
+
+2011-12-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG's interpretation of rare case profiles should be frequency-based not count-based
+ https://bugs.webkit.org/show_bug.cgi?id=74170
+
+ Reviewed by Geoff Garen.
+
+ DFG optimizes for rare cases only when the rare case counter is above some threshold
+ and it also constitutes a large enough fraction of total function executions. Also
+ added some minor debug logic.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ (JSC::CodeBlock::executionEntryCount):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-12-09 Oliver Hunt <oliver@apple.com>
+
+ PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage
+ https://bugs.webkit.org/show_bug.cgi?id=74223
+
+ Reviewed by Geoffrey Garen.
+
+ Don't clobber GetIndexedPropertyStorage when we see PutByValAlias
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+
+2011-12-09 David Levin <levin@chromium.org>
+
+ Hash* iterators should allow comparison between const and const versions.
+ https://bugs.webkit.org/show_bug.cgi?id=73370
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashTable.h: Add the operators needed to do this.
+ (WTF::HashTableConstIterator::operator==):
+ (WTF::HashTableConstIterator::operator!=):
+ (WTF::HashTableIterator::operator==):
+ (WTF::HashTableIterator::operator!=):
+ (WTF::operator==):
+ (WTF::operator!=):
+
+2011-12-09 Michael Saboff <msaboff@apple.com>
+
+ YARR: Multi-character read optimization for 8bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=74191
+
+ Reviewed by Oliver Hunt.
+
+ Changed generatePatternCharacterOnce to generate
+ code for 1 to 4 characters in the 8 bit case.
+ This is worth 29% improvement on SunSpider regexp-dna test.
+ It provides no benefit to v8-regexp.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment.
+
+2011-12-09 David Levin <levin@chromium.org>
+
+ Regression(r53595): Sync xhr requests in workers aren't terminated on worker close.
+ https://bugs.webkit.org/show_bug.cgi?id=71695
+
+ Reviewed by Zoltan Herczeg.
+
+ * wtf/MessageQueue.h:
+ (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages
+ even after the queue has been killed. This is useful when one wants to
+ kill a queue but then go through it to run clean up tasks from it.
+
+2011-12-09 Adrienne Walker <enne@google.com>
+
+ Fix HashMap<..., OwnPtr<...> >::add compilation errors
+ https://bugs.webkit.org/show_bug.cgi?id=74159
+
+ Reviewed by Darin Adler.
+
+ Add a constructor to OwnPtr that takes the empty value (nullptr_t)
+ from HashTraits so that this function can compile.
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::OwnPtr):
+
+2011-12-09 Oliver Hunt <oliver@apple.com>
+
+ Avoid reloading storage pointer for indexed properties unnecessarily
+ https://bugs.webkit.org/show_bug.cgi?id=74136
+
+ Reviewed by Filip Pizlo.
+
+ Add a node to represent loading property storage for indexed properties.
+ This allows us to reduce code generated for sequential access of arrays,
+ strings, etc. This results in up to 5% improvement in code that is
+ very heavy on indexed reads, such as matrix operations in typed arrays
+ and 20% faster on microbenchmarks.
+
+ Currently this is only supported by GetByVal and other similar indexed reads.
+
+ * bytecode/PredictedType.h:
+ (JSC::isFixedIndexedStorageObjectPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-08 Fady Samuel <fsamuel@chromium.org>
+
+ [Chromium] Enable viewport metatag
+ https://bugs.webkit.org/show_bug.cgi?id=73495
+
+ Reviewed by Darin Fisher.
+
+ * wtf/Platform.h: Added ENABLE(VIEWPORT) tag.
+
+2011-12-08 Adam Klein <adamk@chromium.org>
+
+ Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
+ https://bugs.webkit.org/show_bug.cgi?id=73964
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs.
+
+2011-12-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=74005
+ fix unaligned access memory in generatePatternCharacterOnce function
+ for SH4 platforms.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load16Unaligned):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load16Unaligned):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load16Unaligned):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::lshift32):
+ (JSC::MacroAssemblerSH4::load8):
+ (JSC::MacroAssemblerSH4::load16):
+ (JSC::MacroAssemblerSH4::load16Unaligned):
+ (JSC::MacroAssemblerSH4::branch8):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load16Unaligned):
+ * jit/JIT.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
+2011-12-08 Michael Saboff <msaboff@apple.com>
+
+ Add 8 bit paths for StringTypeAdapter classes
+ https://bugs.webkit.org/show_bug.cgi?id=73882
+
+ Reviewed by Darin Adler.
+
+ Added is8Bit() method and writeTo(LChar*) methods
+ to StringTypeAdapter<> classes. The writeTo(LChar*)
+ method can be used if is8Bit() returns true. The
+ non-native 8 bit classes contain ASSERT(is8Bit())
+ in their writeTo(LChar*).
+
+ Updated all of the various versions of tryMakeString() to
+ use 8 bit processing in the updated StringTypeAdapter<>
+ classes.
+
+ This has slight if any performance improvement on kraken.
+
+ * runtime/UStringConcatenate.h:
+ * wtf/text/StringConcatenate.h:
+ (WTF::tryMakeString):
+ * wtf/text/StringOperators.h:
+ (WTF::StringAppend::is8Bit):
+ (WTF::StringAppend::writeTo):
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CSE should know that CheckFunction is pure
+ https://bugs.webkit.org/show_bug.cgi?id=74044
+
+ Reviewed by Oliver Hunt.
+
+ Possible slight win on V8, no regressions.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::checkFunctionElimination):
+
+2011-12-07 Michael Saboff <msaboff@apple.com>
+
+ StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing.
+ https://bugs.webkit.org/show_bug.cgi?id=73995
+
+ Reviewed by Geoffrey Garen.
+
+ Problem was that a call to characters on an StringImpl associated
+ with a StringBuilder that is being appended to gets stale.
+ Added a new m_valid16BitShadowlen that keeps the length of
+ the 16 bit shadow that has been upconverted or will be up converted
+ with the first getCharacters(). When StringBuilder::characters or
+ ::reifyString is called, further characters are upconverted if
+ we have a shadow16bit copy and the m_valid16BitShadowlen is updated.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::reifyString):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::StringBuilder):
+ (WTF::StringBuilder::characters):
+ (WTF::StringBuilder::clear): Cleaned up as part of the change.
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::getData16SlowCase):
+ (WTF::StringImpl::upconvertCharacters):
+ * wtf/text/StringImpl.h:
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ Compare and Swap should be enabled on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=74023
+
+ Reviewed by Geoff Garen.
+
+ Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC.
+ It gives the expected speed-up on multi-core ARMv7 devices.
+
+ * wtf/Atomics.h:
+ (WTF::weakCompareAndSwap):
+ * wtf/Platform.h:
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CSE is overzealous with GetByVal
+ https://bugs.webkit.org/show_bug.cgi?id=74042
+
+ Reviewed by Oliver Hunt.
+
+ Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal
+ is tested in all places that matter.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::byValIsPure):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-12-07 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r102267.
+ http://trac.webkit.org/changeset/102267
+ https://bugs.webkit.org/show_bug.cgi?id=74032
+
+ Breaks build on Chromium Mac Debug (Requested by aklein on
+ #webkit).
+
+ * wtf/HashTraits.h:
+
+2011-12-07 Adam Klein <adamk@chromium.org>
+
+ Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
+ https://bugs.webkit.org/show_bug.cgi?id=73964
+
+ Reviewed by Ryosuke Niwa.
+
+ * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null.
+
+2011-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ Non-Mac devices should benefit from a larger heap
+ https://bugs.webkit.org/show_bug.cgi?id=74015
+
+ Reviewed by Geoff Garen.
+
+ Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in
+ Heap.cpp, and got in the way of having more granular, per-platform control over
+ what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB).
+
+ * heap/Heap.cpp:
+ (JSC::GCTimer::heapSizeForHint):
+ * wtf/Platform.h:
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] V8 build fixes.
+
+ Reviewed by Tor Arne Vestbø.
+
+ * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in
+ VPATH. Prefix SOURCES correctly and make sure that runtime/ is
+ in the include search path when building with v8.
+
+2011-12-06 Filip Pizlo <fpizlo@apple.com>
+
+ Zapping a block that is Marked leads to dead objects being mistaken for live ones
+ https://bugs.webkit.org/show_bug.cgi?id=73982
+
+ Reviewed by Geoff Garen.
+
+ Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
+ the code asserts that:
+
+ - If we zap a Marked or Zapped block then the free list is empty, because this
+ can only happen if the block was never free-listed.
+
+ - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
+ blocks are those that cannot be referred to by SizeClass::currentBlock (since
+ SizeClass::currentBlock only refers to blocks that are candidates for allocation,
+ and Allocated blocks are those who have been exhausted by allocation and will not
+ be allocated from again), and New blocks cannot be referred to by anything except
+ during a brief window inside the allocation slow-path.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::zapFreeList):
+
+2011-12-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG 32_64 call linking does not handle non-cell callees correctly
+ https://bugs.webkit.org/show_bug.cgi?id=73965
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+
+2011-12-06 Sam Weinig <sam@webkit.org>
+
+ Remove unintentional type name shadowing in the Interpreter
+ https://bugs.webkit.org/show_bug.cgi?id=73963
+
+ Reviewed by Oliver Hunt.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable,
+ which shadows the FunctionExecutable type name, with functionExecutable.
+
+2011-12-06 Michael Saboff <msaboff@apple.com>
+
+ r102146 from 73875 broke fast/js/encode-URI-test.html
+ https://bugs.webkit.org/show_bug.cgi?id=73950
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncUnescape): Restructured to handle
+ the %uHHHH case to output the resulting character
+ and continue so that a failure in finding 4 hex
+ digits will fall through and output the '%'.
+ Due to style check, changed the temporary
+ character variable to a more descriptive name.
+
+2011-12-06 Filip Pizlo <fpizlo@apple.com>
+
+ GC zapping logic could benefit from some more assertions
+ https://bugs.webkit.org/show_bug.cgi?id=73947
+
+ Reviewed by Gavin Barraclough.
+
+ - If you're in a zapped block and you're zapped, then your mark bit should
+ never be set.
+
+ - If you're being marked, then you should never be zapped.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isLive):
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+
+2011-12-06 Oliver Hunt <oliver@apple.com>
+
+ Don't allocate register in typedarray control flow
+ https://bugs.webkit.org/show_bug.cgi?id=73944
+
+ Reviewed by Gavin Barraclough.
+
+ Move a temporary allocation outside of control flow.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+
+2011-12-06 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=68328
+ The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant
+
+ Reviewed by Geoff Garen.
+
+ Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions
+ that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the
+ hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select
+ a thunk genertaor to use based on the Intrinsic.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGCapabilities.h:
+ * dfg/DFGIntrinsic.h: Removed.
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::intrinsic):
+ (JSC::NativeExecutable::intrinsic):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::intrinsicFor):
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h.
+ * runtime/JSGlobalData.cpp:
+ (JSC::thunkGeneratorForIntrinsic):
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/Lookup.cpp:
+ (JSC::HashTable::createTable):
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::HashEntry::initialize):
+ (JSC::HashEntry::intrinsic):
+
+2011-12-06 Michael Saboff <msaboff@apple.com>
+
+ Add 8 bit paths to global object functions
+ https://bugs.webkit.org/show_bug.cgi?id=73875
+
+ Added 8 bit paths for converions methods.
+
+ This is worth 1.5% on kraken audio-oscillator,
+ 1.6% on stanford-crypto-ccm and 2.5% on
+ stanford-crypto-sha256-iterative. See bug for
+ a full report.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::decode): Split into a templated helper.
+ (JSC::parseInt): Split into a templated helper.
+ (JSC::parseFloat): Added an 8 bit path
+ (JSC::globalFuncEscape): Added 8 bit path
+ (JSC::globalFuncUnescape): Added 8 bit path
+ * runtime/JSStringBuilder.h:
+ (JSC::JSStringBuilder::append): New append for LChar
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::append): New append for LChar
+
+2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
+
+ Enable ParallelJobs by default
+ https://bugs.webkit.org/show_bug.cgi?id=70032
+
+ Reviewed by Zoltan Herczeg.
+
+ According to measurements on Mac and Linux it is a
+ considerable speedup for SVG on multicore.
+
+ Remove the ENABLE(PARALLEL_JOBS) guard.
+ Fix build on Windows and Chromium.
+
+ * JavaScriptCore.gypi: Add the files to the build. It was
+ missing for the gyp build system.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Export symbols.
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ Deinline these to avoid exporting a lot of symbols.
+ These are non-trivial and called only once on a given object
+ so it doesn't seems to be worthwile to inline them.
+ Additionally fix a signed-unsigned comparison in the constructor.
+ * wtf/ParallelJobsGeneric.h:
+ * wtf/Platform.h:
+
+2011-12-06 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] build-jsc script doesn't work
+ https://bugs.webkit.org/show_bug.cgi?id=73910
+
+ Reviewed by Tor Arne Vestbø.
+
+ * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC
+ (moved from top-level WebKit.pro). Also add v8 scopes to only build
+ WTF during v8 builds.
+
+2011-12-05 Anders Carlsson <andersca@apple.com>
+
+ Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11.
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashMap.h:
+
+2011-12-05 Michael Saboff <msaboff@apple.com>
+
+ Create StringImpl::empty() as an 8 bit string
+ https://bugs.webkit.org/show_bug.cgi?id=73871
+
+ Reviewed by Oliver Hunt.
+
+ * wtf/text/StringStatics.cpp:
+ (WTF::StringImpl::empty): Changed to be an 8 bit string.
+
+2011-12-05 Darin Adler <darin@apple.com>
+
+ Convert JSClassRef to use HashMap<OwnPtr>
+ https://bugs.webkit.org/show_bug.cgi?id=73780
+
+ Reviewed by Andreas Kling.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map
+ entries because the hash map now has an OwnPtr instead of a raw pointer.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and
+ m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating.
+ Removed the code that gets and deletes existing entries, and just use set,
+ which now handles deletion automatically due to it being OwnPtr.
+ (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion
+ with assertion-only NDEBUG-only code.
+ (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when
+ allocating. Use OwnPtr when adding. Removed unneeded code to set
+ staticValues and staticFunctions to 0. Removed unneeded destructor.
+ (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local.
+ (OpaqueJSClass::staticFunctions): Ditto.
+ (OpaqueJSClass::prototype): Added use of adoptPtr.
+
+ * API/JSClassRef.h: Made the static values and static functions tables
+ use OwnPtr for the entries. Also used OwnPtr for the pointers to the
+ tables themselves. Also removed ~OpaqueJSClassContextData(), letting
+ the compiler generate it.
+
+2011-12-05 Oliver Hunt <oliver@apple.com>
+
+ Land uncommitted bit of float array support
+ https://bugs.webkit.org/show_bug.cgi?id=73873
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+
+2011-12-05 Benjamin Poulain <benjamin@webkit.org>
+
+ Update String::containsOnlyASCII() to handle 8 bits strings
+ https://bugs.webkit.org/show_bug.cgi?id=73799
+
+ Reviewed by Darin Adler.
+
+ Implement String::containsOnlyASCII() so that it does not
+ call String::characters().
+
+ * wtf/text/WTFString.h:
+ (WTF::String::containsOnlyASCII):
+
+2011-12-05 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for non-DFG platforms.
+
+ * dfg/DFGRepatch.h:
+
+2011-12-05 Filip Pizlo <fpizlo@apple.com>
+
+ Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they
+ were compact offsets
+ https://bugs.webkit.org/show_bug.cgi?id=73861
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::resetPatchPutById):
+
+2011-12-05 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fixes for ARM.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::unreachableForPlatform):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::loadDouble):
+ (JSC::MacroAssemblerARMv7::loadFloat):
+ (JSC::MacroAssemblerARMv7::storeFloat):
+ (JSC::MacroAssemblerARMv7::convertFloatToDouble):
+ (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
+
+2011-12-05 Benjamin Poulain <benjamin@webkit.org>
+
+ Update String::containsOnlyLatin1() to avoid converting to 16 bits
+ https://bugs.webkit.org/show_bug.cgi?id=73797
+
+ Reviewed by Andreas Kling.
+
+ When the String use 8bits StringImpl, there is no need to iterate
+ over the string.
+
+ The function charactersAreAllLatin1() is removed because it is not
+ used anywhere.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::containsOnlyLatin1):
+
+2011-12-05 Michael Saboff <msaboff@apple.com>
+
+ 8 bit string work slows down Kraken json-stringify-tinderbox
+ https://bugs.webkit.org/show_bug.cgi?id=73457
+
+ Added 8 bit path to StringBuilder. StringBuilder starts
+ assuming 8 bit contents and gets converted to 16 bit upon
+ seeing the first 16 bit character or string. Split
+ appendUninitialiezed into an inlined fast and function call
+ slow case.
+
+ Factored out the processing of the UString argument from
+ Stringifier::appendQuotedString() to a static templated function
+ based on character size.
+
+ This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox.
+ This change introduces a 4.8% slowdown to json-parse-financial.
+ This slowdown will be addressed in a subsequent patch to StringImpl::equal.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSONObject.cpp:
+ (JSC::appendStringToUStringBuilder):
+ (JSC::Stringifier::appendQuotedString):
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::resize):
+ (WTF::StringBuilder::allocateBuffer):
+ (WTF::StringBuilder::allocateBufferUpConvert):
+ (WTF::LChar):
+ (WTF::UChar):
+ (WTF::StringBuilder::reserveCapacity):
+ (WTF::StringBuilder::appendUninitialized):
+ (WTF::StringBuilder::appendUninitializedSlow):
+ (WTF::StringBuilder::append):
+ (WTF::StringBuilder::shrinkToFit):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::StringBuilder):
+ (WTF::StringBuilder::append):
+ (WTF::StringBuilder::operator[]):
+ (WTF::StringBuilder::characters8):
+ (WTF::StringBuilder::characters16):
+ (WTF::StringBuilder::charactersBlah):
+ (WTF::LChar):
+ (WTF::UChar):
+
+2011-12-01 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=73624
+ JIT + INTERPRETER builds are broken
+
+ Reviewed by Geoff Garen, Sam Weinig.
+
+ These don't fallback to the interpreter correctly.
+ Thunk creation assumes that is the JIT is compiled in, then it is enabled.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+
+2011-12-05 Zoltan Herczeg <zherczeg@webkit.org>
+
+ MacroAssemblerSH4 does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73434
+
+ Reviewed by Csaba Osztrogonác.
+
+ * assembler/MacroAssemblerSH4.h: Support for SH4.
+ (JSC::MacroAssemblerSH4::readCallTarget):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::readCallTarget):
+
+2011-12-04 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should optimize strict equality
+ https://bugs.webkit.org/show_bug.cgi?id=73764
+
+ Reviewed by Oliver Hunt.
+
+ 1% speed-up on V8.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
+ (JSC::DFG::SpeculativeJIT::compileStrictEq):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
+ (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
+ (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-03 Darin Adler <darin@apple.com>
+
+ Use HashMap<OwnPtr> for ScriptSampleRecordMap
+ https://bugs.webkit.org/show_bug.cgi?id=73758
+
+ Reviewed by Andreas Kling.
+
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingTool::notifyOfScope): Added adoptPtr.
+ (JSC::SamplingTool::dump): Added get.
+ * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr.
+
+2011-12-03 Darin Adler <darin@apple.com>
+
+ Use HashMap<OwnPtr> for the opaqueJSClassData map
+ https://bugs.webkit.org/show_bug.cgi?id=73759
+
+ Reviewed by Andreas Kling.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::contextData): Update types.
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the
+ timing the same. If we didn't care about the order of operations, we could remove this, too.
+ * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the
+ opaqueJSClassData map.
+
+2011-12-03 Darin Adler <darin@apple.com>
+
+ Change HashMap implementation to use the pass type and peek type from traits for the mapped value
+ https://bugs.webkit.org/show_bug.cgi?id=72474
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType,
+ and PeekType from the traits of the mapped value instead of hard-coding them here.
+ Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself,
+ to accomodate a PassInType that can't be copied. Use the store, peek, and passOut
+ functions from the traits as well.
+
+ * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include
+ PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had
+ an earlier version that was just PassType, PeekType, pass, and peek. Also commented
+ the HashTraits for RefPtr to foreshadow some work we can do there.
+
+ * wtf/RefPtrHashMap.h: Same changes as HashMap.h.
+
+2011-12-02 David Levin <levin@chromium.org>
+
+ Rename WTF class from TemporarilyChange to TemporaryChange.
+ https://bugs.webkit.org/show_bug.cgi?id=73479
+
+ Reviewed by Eric Seidel.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h.
+ (WTF::TemporaryChange::TemporaryChange):
+ (WTF::TemporaryChange::~TemporaryChange):
+
+2011-12-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ REGRESSION (r99754): All layout tests crash on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=72305
+
+ Reviewed by Geoffrey Garen.
+
+ Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in
+ JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of
+ a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an
+ incorrect version of visitChildren on the object, which left its children unmarked, causing them to be
+ collected when they were still reachable.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away.
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization
+ purposes are distinct from one another.
+
+2011-12-02 Oliver Hunt <oliver@apple.com>
+
+ Improve float array support in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=73722
+
+ Reviewed by Gavin Barraclough.
+
+ Add basic support for float typed arrays in JSC. This is currently
+ less optimal than it could be in the following ways:
+ * float32Array1[0] = float32Array2[0] (eg. an element by element copy)
+ promotes float to double and then back to float.
+ * float64Array[0] will always perform NaN tests in order to prevent
+ signalling NaNs from entering the engine.
+
+ We also don't support Float32Array on ARMv7
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::loadDouble):
+ (JSC::MacroAssemblerARMv7::loadFloat):
+ (JSC::MacroAssemblerARMv7::storeDouble):
+ (JSC::MacroAssemblerARMv7::storeFloat):
+ (JSC::MacroAssemblerARMv7::convertFloatToDouble):
+ (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::loadDouble):
+ (JSC::MacroAssemblerX86Common::loadFloat):
+ (JSC::MacroAssemblerX86Common::storeDouble):
+ (JSC::MacroAssemblerX86Common::storeFloat):
+ (JSC::MacroAssemblerX86Common::convertDoubleToFloat):
+ (JSC::MacroAssemblerX86Common::convertFloatToDouble):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::cvtsd2ss_rr):
+ (JSC::X86Assembler::cvtss2sd_rr):
+ (JSC::X86Assembler::movsd_rm):
+ (JSC::X86Assembler::movss_rm):
+ (JSC::X86Assembler::movsd_mr):
+ (JSC::X86Assembler::movss_mr):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateFloat32Array):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-12-02 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r101801.
+ http://trac.webkit.org/changeset/101801
+ https://bugs.webkit.org/show_bug.cgi?id=73667
+
+ Build is still broken (Requested by Ossy on #webkit).
+
+ * assembler/SH4Assembler.h:
+
+2011-12-01 Darin Adler <darin@apple.com>
+
+ Prepare to deploy pass and peek types in the HashMap class
+ https://bugs.webkit.org/show_bug.cgi?id=73477
+
+ Reviewed by Adam Roben.
+
+ This patch adds private typedefs inside the HashMap class,
+ and uses them as appropriate. A future patch will actually
+ tie those typedefs to hash traits, which will allow us to
+ make HashMap work with OwnPtr mapped values and to optimize
+ how HashMap works with RefPtr mapped values.
+
+ Also changed the hash translator and adapter struct templates
+ to use template functions to simplify them and make them more
+ flexible.
+
+ Also removed some unused template arguments.
+
+ This goes out of its way to not change behavior. Future patches
+ will change the peek type to be a reference type, which will
+ reduce reference count churn a bit for hash tables with RefPtr
+ mapped values, and then do further optimizations for RefPtr
+ and OwnPtr by getting types from the hash traits.
+
+ * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType,
+ and MappedPeekType typedefs, and used them for the arguments
+ and return types of the get, set, add, take, and inlineAdd
+ functions.
+ (WTF::HashMapTranslator): Changed this struct template to take
+ fewer arguments, and changed its member functions to be
+ function templates instead. This allows the compiler to
+ determine types more flexibly and also simplifies use of it.
+ (WTF::HashMapTranslatorAdapter): Ditto.
+ (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter.
+ Also reduced the arguments passed to the HashTable function template.
+ (WTF::HashMap::contains): Ditto.
+ (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
+ (WTF::HashMap::set): Ditto.
+ (WTF::HashMap::add): Ditto.
+ (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
+ (WTF::HashMap::get): Ditto.
+ (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
+ that type in the implementation.
+ (WTF::deleteAllValues): Removed unneeded template arguments from
+ call to deleteAllPairSeconds.
+ (WTF::deleteAllKeys): Removed unneeded template arguments from
+ call to deleteAllPairFirsts.
+
+ * wtf/HashSet.h:
+ (WTF::IdentityExtractor): Changed this to be a struct rather than
+ a struct template, and replaced the extract function with a function
+ template. This allows the compiler to deduce the type.
+ (WTF::HashSetTranslatorAdapter): Changed this struct template to take
+ fewer arguments, and changed its member functions to be
+ function templates instead. This allows the compiler to
+ determine types more flexibly and also simplifies use of it.
+ (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter.
+ Also reduced the arguments passed to the HashTable function template.
+ (WTF::HashSet::contains): Ditto.
+ (WTF::HashSet::add): Ditto.
+
+ * wtf/HashTable.h:
+ (WTF::IdentityHashTranslator): Changed this struct template to take
+ fewer arguments, and changed its member functions to be
+ function templates instead. This allows the compiler to
+ determine types more flexibly and also simplifies use of it.
+ (WTF::HashTable::add): Reduced arguments passed to the function template.
+ (WTF::HashTable::find): Ditto, also reversed the template arguments so the
+ translator comes first so the compiler can deduce the other type.
+ (WTF::HashTable::contains): Ditto.
+ (WTF::HashTable::lookup): Ditto.
+ (WTF::HashTable::lookupForWriting): Ditto.
+ (WTF::HashTable::checkKey): Ditto.
+ (WTF::HashTable::fullLookupForWriting): Ditto.
+ (WTF::HashTable::add): Ditto.
+ (WTF::HashTable::addPassingHashCode): Ditto.
+ (WTF::HashTable::find): Ditto.
+ (WTF::HashTable::contains): Ditto.
+
+ * wtf/ListHashSet.h:
+ (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take
+ fewer arguments, and changed its member functions to be function templates
+ instead. This allows the compiler to determine types more flexibly and
+ also simplifies use of it.
+ (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable
+ functon template.
+ (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the
+ same way we changed ListHashSetNodeHashFunctions above.
+ (WTF::ListHashSetTranslatorAdapter::equal):
+ (WTF::::contains):
+ (WTF::::add):
+ (WTF::::insertBefore):
+
+ * wtf/RefPtrHashMap.h: Updated comments. Removed the
+ RefPtrHashMapRawKeyTranslator struct template; we can use the
+ HashMapTranslator struct template from HashMap.h instead now that
+ it is more flexible. Added MappedPassInType, MappedPassOutType,
+ and MappedPeekType typedefs, and used them for the arguments
+ and return types of the get, inlineGet, set, add, take, and inlineAdd
+ functions. Changed the name of the RawKeyTranslator type to
+ Translator since it's now a class that can handle both raw keys
+ and conventional keys.
+ (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator.
+ Reduced the arguments passed to the HashTable function template.
+ (WTF::HashMap::contains): Ditto.
+ (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
+ (WTF::HashMap::set): Ditto.
+ (WTF::HashMap::add): Ditto.
+ (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
+ (WTF::HashMap::get): Ditto.
+ (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
+ that type in the implementation.
+ (WTF::deleteAllValues): Removed unneeded template arguments from
+ call to deleteAllPairSeconds.
+ (WTF::deleteAllKeys): Removed unneeded template arguments from
+ call to deleteAllPairFirsts.
+
+2011-12-02 Zoltan Herczeg <zherczeg@webkit.org>
+
+ MacroAssemblerSH4 does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73434
+
+ Reviewed by Csaba Osztrogonác.
+
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::readCallTarget): Support for SH4.
+
+2011-12-02 Hajime Morrita <morrita@chromium.org>
+
+ Unreviewed, rolling out r101751 and r101775.
+ http://trac.webkit.org/changeset/101751
+ http://trac.webkit.org/changeset/101775
+ https://bugs.webkit.org/show_bug.cgi?id=73191
+
+ breaks Windows build
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * config.h:
+ * runtime/JSExportMacros.h: Removed.
+ * wtf/ExportMacros.h:
+ * wtf/Platform.h:
+ * wtf/WTFThreadData.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringStatics.cpp:
+
+2011-12-01 Hajime Morrita <morrita@chromium.org>
+
+ JS_INLINE and WTF_INLINE should be visible from WebCore
+ https://bugs.webkit.org/show_bug.cgi?id=73191
+
+ - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
+ - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
+ - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
+
+ Reviewed by Kevin Ollivier.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * config.h:
+ * runtime/JSExportMacros.h: Added.
+ * wtf/ExportMacros.h:
+ * wtf/Platform.h:
+ * wtf/WTFThreadData.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringStatics.cpp:
+
+2011-12-01 Michael Saboff <msaboff@apple.com>
+
+ Changes proposed for 73457 slow down Kraken json-parse-financial
+ https://bugs.webkit.org/show_bug.cgi?id=73584
+
+ Restructured StringImpl::equal to take advantage of 8 or 4 bytes
+ at a time when possible.
+
+ This is worth ~3% on Kraken json-parse-financial. It provides
+ ~2% on SunSpider string-unpack-code.
+
+ Reviewed by Sam Weinig.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::equal):
+
+2011-12-01 Oliver Hunt <oliver@apple.com>
+
+ Support integer typed arrays in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=73608
+
+ Reviewed by Filip Pizlo.
+
+ Add support for all the integral typed arrays in the DFG JIT.
+ Currently this loads the contents of Uint32 arrays as doubles,
+ which is clearly not as efficient as it could be, but this is
+ still in the order of 10-20x faster than the existing behaviour.
+
+ This needed us to add support for writing 16bit values to the
+ macroassembler, and also to support double<->unsigned conversion.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::strh):
+ (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::store16):
+ (JSC::MacroAssemblerARMv7::truncateDoubleToUint32):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store16):
+ (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movw_rm):
+ (JSC::X86Assembler::cvttsd2siq_rr):
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC::isInt8ArrayPrediction):
+ (JSC::isInt16ArrayPrediction):
+ (JSC::isInt32ArrayPrediction):
+ (JSC::isUint8ArrayPrediction):
+ (JSC::isUint16ArrayPrediction):
+ (JSC::isUint32ArrayPrediction):
+ (JSC::isFloat32ArrayPrediction):
+ (JSC::isFloat64ArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInt8Array):
+ (JSC::DFG::Node::shouldSpeculateInt16Array):
+ (JSC::DFG::Node::shouldSpeculateInt32Array):
+ (JSC::DFG::Node::shouldSpeculateUint8Array):
+ (JSC::DFG::Node::shouldSpeculateUint16Array):
+ (JSC::DFG::Node::shouldSpeculateUint32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat32Array):
+ (JSC::DFG::Node::shouldSpeculateFloat64Array):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSGlobalData.h:
+
+2011-12-01 Benjamin Poulain <benjamin@webkit.org>
+
+ URLs are encoded in UTF-8, then decoded as if they are Latin1
+ https://bugs.webkit.org/show_bug.cgi?id=71758
+
+ Reviewed by Darin Adler.
+
+ Add the operator == between a String and a Vector of char. The implementation
+ is the same as the comparison of String and char* but adds the length as a
+ parameter for comparing the strings.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.h:
+ (WTF::equal):
+ * wtf/text/WTFString.h:
+ (WTF::operator==):
+ (WTF::operator!=):
+
+2011-12-01 Martin Robinson <mrobinson@igalia.com>
+
+ [GTK] Read fonts from the jhbuild root
+ https://bugs.webkit.org/show_bug.cgi?id=73487
+
+ Reviewed by Gustavo Noronha Silva.
+
+ Read fonts from the jhbuild root instead of from the system. This will ensure
+ that all testers use the same fonts instead of leaving this up to luck.
+
+ * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner.
+
+2011-12-01 Martin Robinson <mrobinson@igalia.com>
+
+ [GTK] Add a helper function to find the current executable's path
+ https://bugs.webkit.org/show_bug.cgi?id=73473
+
+ Reviewed by Gustavo Noronha Silva.
+
+ Add a WTF helper which gets the binary path. This is currently only used
+ in WebKit2.
+
+ * GNUmakefile.list.am: Add the new file to the source list.
+ * wtf/gobject/GlibUtilities.cpp: Added.
+ (getCurrentExecutablePath):
+ * wtf/gobject/GlibUtilities.h: Added.
+
+2011-12-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r101691.
+ http://trac.webkit.org/changeset/101691
+ https://bugs.webkit.org/show_bug.cgi?id=73588
+
+ Tests fail on Chromium bots, early warning system warned
+ committer, please adjust test_expectations in patch (Requested
+ by scheib on #webkit).
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.h:
+
+2011-12-01 Filip Pizlo <fpizlo@apple.com>
+
+ ARMv7 only allows for one-shot patching of compact offsets, while the
+ JIT expects to be able to repatch
+ https://bugs.webkit.org/show_bug.cgi?id=73548
+
+ Reviewed by Oliver Hunt.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::setUInt7ForLoad):
+
+2011-11-30 Benjamin Poulain <benjamin@webkit.org>
+
+ URLs are encoded in UTF-8, then decoded as if they are Latin1
+ https://bugs.webkit.org/show_bug.cgi?id=71758
+
+ Reviewed by Darin Adler.
+
+ Add the operator == between a String and a Vector of char. The implementation
+ is the same as the comparison of String and char* but adds the length as a
+ parameter for comparing the strings.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.h:
+ (WTF::equal):
+ * wtf/text/WTFString.h:
+ (WTF::operator==):
+ (WTF::operator!=):
+
+2011-11-30 Dmitry Lomov <dslomov@google.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=73503
+ [Chromium][V8] Implement ArrayBuffer transfer in chromium.
+ Portions of this patch come from Luke Zarko.
+
+ Reviewed by David Levin.
+
+ * wtf/ArrayBuffer.cpp:
+ (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr.
+ * wtf/ArrayBuffer.h:
+ (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr.
+ (WTF::ArrayBuffer::isNeutered):
+ * wtf/TypedArrayBase.h:
+ (WTF::TypedArrayBase::neuter):
+
+2011-12-01 Chao-ying Fu <fu@mips.com>
+
+ MacroAssemblerMIPS does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73432
+
+ Reviewed by Zoltan Herczeg.
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readCallTarget):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::readCallTarget):
+
+2011-12-01 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects
+ https://bugs.webkit.org/show_bug.cgi?id=73527
+
+ Reviewed by Simon Hausmann.
+
+ wtf/qt/ThreadingQt.cpp was removed in r101477
+
+ * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp
+
+2011-12-01 Filip Pizlo <fpizlo@apple.com>
+
+ BitVector isInline check could fail
+ https://bugs.webkit.org/show_bug.cgi?id=70691
+
+ Reviewed by Gavin Barraclough.
+
+ Switch back to using the high bit as the inline marker, to make
+ all of the bit indexing operations simpler. Computing the size in
+ words and in bytes of a bitvector, using the number of bits as
+ input is error-prone enough; and with the current approach to
+ solving the X86 bug we end up getting it wrong. Making it right
+ seems hard.
+
+ So instead, to solve the original problem (the high bit may be
+ meaningful on 32-bit systems), the out-of-line storage pointer is
+ right-shifted by 1. Compared to the original BitVector code, this
+ is a much smaller change (just three lines).
+
+ This solves a bug where the DFG was corrupting its call frame
+ because BitVector lost track of some bits.
+
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::setSlow):
+ (WTF::BitVector::resizeOutOfLine):
+ * wtf/BitVector.h:
+ (WTF::BitVector::quickGet):
+ (WTF::BitVector::quickSet):
+ (WTF::BitVector::quickClear):
+ (WTF::BitVector::makeInlineBits):
+ (WTF::BitVector::isInline):
+ (WTF::BitVector::outOfLineBits):
+
+2011-11-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should make it easier to notice node boundaries in disassembly
+ https://bugs.webkit.org/show_bug.cgi?id=73509
+
+ Rubber-stamped by Gavin Barraclough
+
+ If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will
+ be emitted at node boundaries, where the immediate being xor'd is the
+ node index.
+
+ * dfg/DFGCommon.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-30 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ArgList iterators.
+
+ Reviewed by Gavin Barraclough.
+
+ Another step toward reversing the argument order.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct): Switched from iterator to int.
+
+ * runtime/ArgList.h:
+ (JSC::ArgList::ArgList):
+ (JSC::ArgList::isEmpty): Removed iterators.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation): Switched from iterator to int.
+
+2011-11-30 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ 32 bit DFG should handle logicalNot slow case instead of simply bailing out
+ https://bugs.webkit.org/show_bug.cgi?id=73515
+
+ Reviewed by Filip Pizlo.
+
+ This improves Kraken performance by 14%, mainly due to ~3X improvement
+ on imaging-desaturate.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+
+2011-11-30 Max Vujovic <mvujovic@adobe.com>
+
+ Some date values not handled consistently with IE/Firefox
+ https://bugs.webkit.org/show_bug.cgi?id=14176
+
+ Reviewed by Gavin Barraclough.
+
+ Changed time zone offset parsing behavior to match IE/Firefox/Opera's in
+ implementation dependent cases like "GMT-4".
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+
+2011-11-30 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback
+ https://bugs.webkit.org/show_bug.cgi?id=73368
+
+ Reviewed by Darin Adler.
+
+ We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever
+ happens to be in the first class of the chain, which potentially could be null.
+
+ <rdar://problem/10493218>
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::toStringCallback):
+ (JSC::JSCallbackFunction::valueOfCallback):
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Add adoptCF and adoptNS convenience functions to RetainPtr.h
+ https://bugs.webkit.org/show_bug.cgi?id=73399
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RetainPtr.h:
+ (WTF::adoptCF):
+ (WTF::adoptNS):
+ These adoption functions match the pattern we use in other
+ smart pointer classes.
+
+2011-11-30 Adam Roben <aroben@apple.com>
+
+ Fix RetainPtr's move assignment operators
+
+ Fixes <http://webkit.org/b/73449> RetainPtr's move assignment operators don't modify the
+ pointer being assigned to
+
+ I didn't write a test for this because we don't have a way of unit testing C++11 code (see
+ <http://webkit.org/b/73448>).
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RetainPtr.h:
+ (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own
+ pointer.
+
+2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed rolling out incorrect r101481.
+
+ * assembler/MIPSAssembler.h:
+ * assembler/MacroAssemblerMIPS.h:
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Fix compilation with MingW.
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for
+ the time being make the thread name setting unimplemented for MingW.
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed propective build fix for Qt/Windows part 2 after r101477.
+
+ * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific<T>::Data
+
+2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed propective build fix for Qt/Windows after r101477.
+
+ * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's
+ only referenced from within another OS(WINDOWS) section.
+
+2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed speculative buildfix after r101457.
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readCallTarget):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::readCallTarget):
+
+2011-11-30 Andrew Wason <rectalogic@rectalogic.com>
+
+ Replace Qt QThread threading back-end with pthread/Win32 threading back-ends
+ https://bugs.webkit.org/show_bug.cgi?id=72155
+
+ Reviewed by Simon Hausmann.
+
+ Use ThreadingPthreads and ThreadingWin instead of ThreadingQt.
+
+ * heap/MachineStackMarker.cpp:
+ * wtf/MainThread.cpp:
+ (WTF::initializeMainThread):
+ * wtf/Platform.h:
+ * wtf/ThreadSpecific.h: Drop QThreadStorage related code.
+ (WTF::::destroy):
+ * wtf/ThreadingPrimitives.h:
+ * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread().
+ (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread.
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+ * wtf/qt/ThreadingQt.cpp: Removed.
+ * wtf/wtf.pro:
+
+2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
+
+ MacroAssemblerARM does not implement readCallTarget
+ https://bugs.webkit.org/show_bug.cgi?id=73413
+
+ Based on Filip Pizlo's patch.
+
+ Buildfix. Rubber-stamped by Gabor Loki.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readCallTarget):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::readCallTarget):
+
+2011-11-29 Filip Pizlo <fpizlo@apple.com>
+
+ Resetting a put_by_id inline cache should preserve the "isDirect" bit
+ https://bugs.webkit.org/show_bug.cgi?id=73375
+
+ Reviewed by Gavin Barraclough.
+
+ For the replace case, we can find out if it was direct by looking at the
+ slow call. For the transition case, we explicitly remember if it was
+ direct.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::printStructureStubInfo):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::visitWeakReferences):
+ * bytecode/StructureStubInfo.h:
+ (JSC::isPutByIdAccess):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::resetPatchPutById):
+ (JSC::JIT::isDirectPutById):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::resetPatchPutById):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Remove RetainPtr::releaseRef
+ https://bugs.webkit.org/show_bug.cgi?id=73396
+
+ Reviewed by Dan Bernstein.
+
+ * wtf/RetainPtr.h:
+ Be gone releaseRef! Long live leakRef!
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Add move semantics to RetainPtr
+ https://bugs.webkit.org/show_bug.cgi?id=73393
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RetainPtr.h:
+ (WTF::RetainPtr::RetainPtr):
+ Add a move constructor and move enabled assignment operators
+ to RetainPtr if the compiler being used supports rvalue
+ references. If the compiler does not support it, we fallback
+ to the copy semantics we have always had.
+
+2011-11-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG local CSE may cause incorrect reference counting for a node
+ https://bugs.webkit.org/show_bug.cgi?id=73390
+
+ Reviewed by Filip Pizlo.
+
+ When performing a node substitution, the ref count of the replaced
+ child will be increased, no matter whether the user node is skipped in
+ code generation or not. This will cause the reference count of the
+ replaced child never get the chance to become zero and so the
+ registers occupied by it cannot be reused simply without spilling, if
+ it's used by a "skipped" node.
+ This is a 1% gain on V8 benchmark, tested on IA32 Linux.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::performSubstitution):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-11-29 David Levin <levin@chromium.org>
+
+ Add a way to revert a variable to its previous value after leaving a scope.
+ https://bugs.webkit.org/show_bug.cgi?id=73371
+
+ Reviewed by Adam Barth.
+
+ In case anyone from Chromium sees this, it is nearly identical to AutoReset
+ but if the same name were used, it causes unnecessary ambiguity.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/TemporarilyChange.h: Added.
+ (WTF::TemporarilyChange::TemporarilyChange):
+ (WTF::TemporarilyChange::~TemporarilyChange):
+
+2011-11-29 Sam Weinig <sam@webkit.org>
+
+ Add COMPILER_SUPPORTS macro to allow for compiler feature testing
+ https://bugs.webkit.org/show_bug.cgi?id=73386
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Compiler.h:
+ Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and
+ rvalue references for Clang.
+
+2011-11-29 Oliver Hunt <oliver@apple.com>
+
+ Allow WebCore to describe typed arrays to JSC
+ https://bugs.webkit.org/show_bug.cgi?id=73355
+
+ Reviewed by Gavin Barraclough.
+
+ Allow globaldata to track the structure of typed arrays.
+
+ * runtime/JSGlobalData.h:
+ (JSC::TypedArrayDescriptor::TypedArrayDescriptor):
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG debugCall() mechanism only works on X86 and X86-64
+ https://bugs.webkit.org/show_bug.cgi?id=73282
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::debugCall):
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-X86 ArithDiv does speculation failure after mutating state,
+ without a value recovery
+ https://bugs.webkit.org/show_bug.cgi?id=73286
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fixes for ARM.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::readCallTarget):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
+
+2011-11-20 Roland Steiner <rolandsteiner@chromium.org>
+
+ <style scoped>: add ENABLE(STYLE_SCOPED) flag to WebKit
+ https://bugs.webkit.org/show_bug.cgi?id=72848
+
+ Add ENABLE_STYLE_SCOPED flag.
+
+ Reviewed by Dimitri Glazkov.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-28 Jon Lee <jonlee@apple.com>
+
+ Create skeleton framework for notifications support in WK2
+ https://bugs.webkit.org/show_bug.cgi?id=73253
+ <rdar://problem/10356943>
+
+ * Configurations/FeatureDefines.xcconfig: Split out ENABLE_NOTIFICATIONS based on platform.
+
+2011-11-28 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-28 Oliver Hunt <oliver@apple.com>
+
+ Fix gyp build
+
+ * JavaScriptCore.gypi:
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ GetById should not always speculate cell
+ https://bugs.webkit.org/show_bug.cgi?id=73181
+
+ Reviewed by Gavin Barraclough.
+
+ GetById will now speculate cell if the predictions of the base are cell.
+ Otherwise it will do like the old JIT (and like the old non-speculative
+ DFG JIT): if not cell, go straight to slow-path but otherwise don't OSR
+ out. This is a 1% speed-up on SunSpider.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-28 Oliver Hunt <oliver@apple.com>
+
+ Move typed array implementations into wtf
+ https://bugs.webkit.org/show_bug.cgi?id=73248
+
+ Reviewed by Sam Weinig.
+
+ Move typed array implementation files from WebCore to wtf. Inline the
+ .cpp files for each of the array views to cut down on unnecessary exports
+ and function call overhead for trivial operations.
+
+ Added files to all the project files.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/ArrayBuffer.cpp: Renamed from Source/WebCore/html/canvas/Float32Array.cpp.
+ (WTF::ArrayBuffer::transfer):
+ (WTF::ArrayBuffer::addView):
+ (WTF::ArrayBuffer::removeView):
+ * wtf/ArrayBuffer.h: Renamed from Source/WebCore/html/canvas/ArrayBuffer.cpp.
+ (WTF::ArrayBufferContents::ArrayBufferContents):
+ (WTF::ArrayBufferContents::data):
+ (WTF::ArrayBufferContents::sizeInBytes):
+ (WTF::ArrayBufferContents::transfer):
+ (WTF::ArrayBuffer::~ArrayBuffer):
+ (WTF::ArrayBuffer::clampValue):
+ (WTF::ArrayBuffer::create):
+ (WTF::ArrayBuffer::ArrayBuffer):
+ (WTF::ArrayBuffer::data):
+ (WTF::ArrayBuffer::byteLength):
+ (WTF::ArrayBuffer::slice):
+ (WTF::ArrayBuffer::sliceImpl):
+ (WTF::ArrayBuffer::clampIndex):
+ (WTF::ArrayBufferContents::tryAllocate):
+ (WTF::ArrayBufferContents::~ArrayBufferContents):
+ * wtf/ArrayBufferView.cpp: Copied from Source/WebCore/bindings/js/JSArrayBufferCustom.cpp.
+ (WTF::ArrayBufferView::ArrayBufferView):
+ (WTF::ArrayBufferView::~ArrayBufferView):
+ (WTF::ArrayBufferView::neuter):
+ * wtf/ArrayBufferView.h: Renamed from Source/WebCore/html/canvas/ArrayBufferView.h.
+ (WTF::ArrayBufferView::isByteArray):
+ (WTF::ArrayBufferView::isUnsignedByteArray):
+ (WTF::ArrayBufferView::isShortArray):
+ (WTF::ArrayBufferView::isUnsignedShortArray):
+ (WTF::ArrayBufferView::isIntArray):
+ (WTF::ArrayBufferView::isUnsignedIntArray):
+ (WTF::ArrayBufferView::isFloatArray):
+ (WTF::ArrayBufferView::isDoubleArray):
+ (WTF::ArrayBufferView::isDataView):
+ (WTF::ArrayBufferView::buffer):
+ (WTF::ArrayBufferView::baseAddress):
+ (WTF::ArrayBufferView::byteOffset):
+ (WTF::ArrayBufferView::verifySubRange):
+ (WTF::ArrayBufferView::clampOffsetAndNumElements):
+ (WTF::ArrayBufferView::setImpl):
+ (WTF::ArrayBufferView::setRangeImpl):
+ (WTF::ArrayBufferView::zeroRangeImpl):
+ (WTF::ArrayBufferView::calculateOffsetAndLength):
+ * wtf/CMakeLists.txt:
+ * wtf/Float32Array.h: Renamed from Source/WebCore/html/canvas/Float32Array.h.
+ (WTF::Float32Array::set):
+ (WTF::Float32Array::item):
+ (WTF::Float32Array::isFloatArray):
+ (WTF::Float32Array::create):
+ (WTF::Float32Array::Float32Array):
+ (WTF::Float32Array::subarray):
+ * wtf/Float64Array.h: Renamed from Source/WebCore/html/canvas/Float64Array.h.
+ (WTF::Float64Array::set):
+ (WTF::Float64Array::item):
+ (WTF::Float64Array::isDoubleArray):
+ (WTF::Float64Array::create):
+ (WTF::Float64Array::Float64Array):
+ (WTF::Float64Array::subarray):
+ * wtf/Int16Array.h: Renamed from Source/WebCore/html/canvas/Int16Array.cpp.
+ (WTF::Int16Array::set):
+ (WTF::Int16Array::isShortArray):
+ (WTF::Int16Array::create):
+ (WTF::Int16Array::Int16Array):
+ (WTF::Int16Array::subarray):
+ * wtf/Int32Array.h: Renamed from Source/WebCore/html/canvas/Int32Array.cpp.
+ (WTF::Int32Array::set):
+ (WTF::Int32Array::isIntArray):
+ (WTF::Int32Array::create):
+ (WTF::Int32Array::Int32Array):
+ (WTF::Int32Array::subarray):
+ * wtf/Int8Array.h: Renamed from Source/WebCore/html/canvas/Int8Array.cpp.
+ (WTF::Int8Array::set):
+ (WTF::Int8Array::isByteArray):
+ (WTF::Int8Array::create):
+ (WTF::Int8Array::Int8Array):
+ (WTF::Int8Array::subarray):
+ * wtf/IntegralTypedArrayBase.h: Renamed from Source/WebCore/html/canvas/IntegralTypedArrayBase.h.
+ (WTF::IntegralTypedArrayBase::set):
+ (WTF::IntegralTypedArrayBase::item):
+ (WTF::IntegralTypedArrayBase::IntegralTypedArrayBase):
+ * wtf/TypedArrayBase.h: Renamed from Source/WebCore/html/canvas/TypedArrayBase.h.
+ (WTF::TypedArrayBase::data):
+ (WTF::TypedArrayBase::set):
+ (WTF::TypedArrayBase::setRange):
+ (WTF::TypedArrayBase::zeroRange):
+ (WTF::TypedArrayBase::length):
+ (WTF::TypedArrayBase::byteLength):
+ (WTF::TypedArrayBase::TypedArrayBase):
+ (WTF::TypedArrayBase::create):
+ (WTF::TypedArrayBase::subarrayImpl):
+ * wtf/Uint16Array.h: Renamed from Source/WebCore/html/canvas/Uint16Array.cpp.
+ (WTF::Uint16Array::set):
+ (WTF::Uint16Array::isUnsignedShortArray):
+ (WTF::Uint16Array::create):
+ (WTF::Uint16Array::Uint16Array):
+ (WTF::Uint16Array::subarray):
+ * wtf/Uint32Array.h: Renamed from Source/WebCore/html/canvas/Uint32Array.cpp.
+ (WTF::Uint32Array::set):
+ (WTF::Uint32Array::isUnsignedIntArray):
+ (WTF::Uint32Array::create):
+ (WTF::Uint32Array::Uint32Array):
+ (WTF::Uint32Array::subarray):
+ * wtf/Uint8Array.h: Renamed from Source/WebCore/html/canvas/Uint8Array.h.
+ (WTF::Uint8Array::set):
+ (WTF::Uint8Array::isUnsignedByteArray):
+ (WTF::Uint8Array::create):
+ (WTF::Uint8Array::Uint8Array):
+ (WTF::Uint8Array::subarray):
+ * wtf/wtf.pro:
+
+2011-11-27 Filip Pizlo <fpizlo@apple.com>
+
+ Don't try to optimize huge code blocks
+ https://bugs.webkit.org/show_bug.cgi?id=73187
+
+ Reviewed by Oliver Hunt.
+
+ This unifies the heuristics used for deciding if a code block is too big
+ to optimize, and sets this heuristic to 1000, which is intuitively better
+ than numeric_limits<unsigned>::max(). It also results in what looks like
+ a speed-up on both SunSpider and V8 (in Tools/Scripts/bencher).
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-11-28 Filip Pizlo <fpizlo@apple.com>
+
+ Either remove the GetMethod node from the DFG backend, or find a use for it
+ https://bugs.webkit.org/show_bug.cgi?id=73178
+
+ Reviewed by Gavin Barraclough.
+
+ More testing seemed to imply that the GetMethod code was indeed not profitable
+ in any major test. So, it's probably best to just remove it.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::MethodCallLinkInfo::reset):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGRepatch.cpp:
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-28 Michael Saboff <msaboff@apple.com>
+
+ Change set 101187 from bug 73154 removed already lower case optimization
+ https://bugs.webkit.org/show_bug.cgi?id=73174
+
+ Added back the "string is already lower case" optimization.
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncToLowerCase):
+
+2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed prospective build fix. Touch the file to trigger correct
+ rebuild on the Qt mips/sh4/sl bot.
+
+ * wtf/unicode/qt4/UnicodeQt4.h:
+
+2011-11-28 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Remove cruft from project file
+
+ Reviewed by Simon Hausmann.
+
+ * Target.pri:
+
+2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] WTF should be built as separate static library
+ https://bugs.webkit.org/show_bug.cgi?id=73201
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Don't claim to build WTF, as that would cause
+ the debug-with-shlibs build to not link in wtf.
+ * jsc.pro: Require wtf.
+ * wtf/wtf.pri: Removed.
+ * wtf/wtf.pro: Added. Pro file to build wtf statically.
+
+2011-11-28 Martin Robinson <mrobinson@igalia.com>
+
+ [GTK] JavaScriptCore generated sources should build in the DerivedSources directory
+ https://bugs.webkit.org/show_bug.cgi?id=73197
+
+ Reviewed by Philippe Normand.
+
+ Build all JavaScriptCore generated sources in DerivedSources.
+
+ * GNUmakefile.am: Update generation rules.
+ * GNUmakefile.list.am: Update source lists.
+
+2011-11-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not emit GetMethod node
+ https://bugs.webkit.org/show_bug.cgi?id=73175
+
+ Reviewed by Gavin Barraclough.
+
+ Replaces all instances of the GetMethod node with GetById. This appears to
+ be a slight win on V8. This patch leaves GetMethod support in the code-base,
+ making this decision easy to reverse, for now.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-11-26 Hajime Morrita <morrita@chromium.org>
+
+ Needs WTF_INLINE and JS_INLINE
+ https://bugs.webkit.org/show_bug.cgi?id=72853
+
+ Reviewed by Kevin Ollivier.
+
+ Added WTF_HIDDEN, WTF_INLINE and JS_INLINE which
+ indirect __attribute__((visibility("hidden"))
+
+ * config.h:
+ * wtf/ExportMacros.h:
+
+2011-11-25 Michael Saboff <msaboff@apple.com>
+
+ String.prototype.toLower should be optimized for 8 bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=73154
+
+ Changed stringProtoFuncToLowerCase to use StringImpl::lower() which has
+ been optimized for 8 bit strings.
+
+ This is worth ~7% to sunspider string.tagcloud.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncToLowerCase):
+
+2011-11-25 Michael Saboff <msaboff@apple.com>
+
+ Array.toString always uses StringImpl::characters()
+ https://bugs.webkit.org/show_bug.cgi?id=72969
+
+ If all component strings are 8 bit, create an 8 bit result string for toString().
+
+ This appears to be performance neutral to sunspider and v8.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ UString methods are not character size aware
+ https://bugs.webkit.org/show_bug.cgi?id=72975
+
+ Changed the UString number constructors to build 8 bit strings.
+ Modified the other methods to check string bitness and process
+ with 8 bits wherre appropriate.
+
+ * runtime/UString.cpp:
+ (JSC::UString::number):
+ (JSC::operator==):
+ (JSC::operator<):
+ (JSC::UString::ascii):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ JavaScript string to number conversion functions use characters()
+ https://bugs.webkit.org/show_bug.cgi?id=72974
+
+ Change the various JS to number routines to process strings
+ using characters8() or characters16() as appropriate.
+ Implemented using static template methods.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::isInfinity):
+ (JSC::jsHexIntegerLiteral):
+ (JSC::jsStrDecimalLiteral):
+ (JSC::toDouble):
+ (JSC::jsToNumber):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ Empty JSStrings are created as 16 bit
+ https://bugs.webkit.org/show_bug.cgi?id=72968
+
+ Clear m_is8Bit flag for empty strings.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::finishCreation):
+
+2011-11-24 Michael Saboff <msaboff@apple.com>
+
+ Tune JSStringBuilder for 8 bit Strings
+ https://bugs.webkit.org/show_bug.cgi?id=72683
+
+ Changed JSStringBuilder to use 8 bit buffers until 16 bit data is added.
+ When 16 bit data is to be added, the 8 bit buffer is converted to 16 bit
+ and building continues with a 16 bit buffer.
+
+ Reviewed by Filip Pizlo.
+
+ * runtime/JSStringBuilder.h:
+ (JSC::JSStringBuilder::JSStringBuilder):
+ (JSC::JSStringBuilder::append):
+ (JSC::JSStringBuilder::upConvert):
+ (JSC::JSStringBuilder::build):
+ * runtime/UString.h:
+ (JSC::UString::adopt):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::adopt):
+
+2011-11-24 Zeno Albisser <zeno@webkit.org>
+
+ [Qt]WK2][Mac] Use Mac port's IPC implementation instead of Unix sockets
+ https://bugs.webkit.org/show_bug.cgi?id=72495
+
+ Update defines to not use Unix Domain Sockets for platform Qt on Mac.
+ This enables Qt to reuse existing code for mach ports and Grand
+ Central Dispatch based IPC.
+
+ Reviewed by Simon Hausmann.
+
+ * wtf/Platform.h:
+
+2011-11-24 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] REGRESSION(r101131): WTF::scheduleDispatchFunctionsOnMainThread() doesn't work reliably
+
+ Reviewed by Andreas Kling.
+
+ We must make sure that the MainThreadInvoker object lives in the gui thread. There are a few
+ ways of doing that and this fix seems like the least intrusive one by simply pushing the
+ invoker to the gui thread if it's not there already.
+
+ * wtf/qt/MainThreadQt.cpp:
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2011-11-24 Patrick Gansterer <paroga@webkit.org>
+
+ [Qt] Use QEvent for dispatchFunctionsFromMainThread()
+ https://bugs.webkit.org/show_bug.cgi?id=72704
+
+ Reviewed by Simon Hausmann.
+
+ Replace QMetaObject::invokeMethod with QCoreApplication::postEvent.
+ This is the same as what invokeMethod does internally, but reduces
+ the dependency on some internal QThread stuff.
+
+ * wtf/qt/MainThreadQt.cpp:
+ (WTF::MainThreadInvoker::MainThreadInvoker):
+ (WTF::MainThreadInvoker::event):
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2011-11-23 George Staikos <staikos@webkit.org>
+
+ Remove BlackBerry OS support from RandomNumberSeed, making QNX=UNIX.
+ https://bugs.webkit.org/show_bug.cgi?id=73028
+
+ Reviewed by Daniel Bates.
+
+ * wtf/RandomNumberSeed.h:
+ (WTF::initializeRandomNumberGenerator):
+
+2011-11-23 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Add flags/precision arguments to String::number(double) to allow fine-grained control over the result string
+ https://bugs.webkit.org/show_bug.cgi?id=72793
+
+ Reviewed by Zoltan Herczeg.
+
+ This new code will be used in follow-up patches to replace the String::format("%.2f") usage in
+ platform/text/TextStream.cpp, and String::format("%.6lg") usage in svg/SVGPathStringBuilder.cpp.
+
+ The String::number(double) currently calls String::format("%.6lg") in trunk. In order to replace
+ this by a variant that properly rounds to six significant figures, JSC code could be refactored.
+ JSCs Number.toPrecision/toFixed uses wtf/dtoa/double-conversion which provides all features we need,
+ except truncating trailing zeros, needed to mimic the "g" format, which is either f or e but with
+ trailing zeros removed, producing shorter results. Changed the default signature to:
+
+ "static String number(double, unsigned = ShouldRoundSignificantFigures | ShouldTruncateTrailingZeros, unsigned precision = 6);".
+
+ In WebCore we can now replace String::format() calls like this:
+ String::format("%.2f", f) -> String::number(f, ShouldRoundDecimalPlaces, 2)
+ String::format("%.6lg", f) -> String::number(f)
+
+ The default parameters for precison & flags exactly match the format of the string produced now, except that the result
+ is rounded according to the rounding mode / formatting mode and precision. This paves the way towards reliable results
+ in the d="" attribute dumps of SVG paths across platforms. The dtoa rounding code enforces a unique zero, resolving
+ all 0.0 vs. -0.0 issues currently seen on Windows, and some Gtk/Qt bots.
+
+ This patch needs a rebaseline of svg/dom/length-list-parser.html as we don't perfecly mimic the String::format() "lg" mode
+ result for exponentials, we used to return eg. "e-7" and now return "e-07" - the trailing zero truncation hasn't been
+ implemented for exponentials, as this really affects only this test and thus wasn't worth the trouble - in contrary the
+ trailing zero truncation is needed for thousands of other results in "f" notation, and thus needed to match the DRT results.
+
+ Here's a performance comparision using a JSC release build and some arbitary numbers:
+ Converting 123.456 using old approach took 95.527100ms. avg 0.000955ms/call.
+ Converting 123.456 using new approach took 28.126953ms. avg 0.000281ms/call.
+
+ Converting 123 using old approach took 85.411133ms. avg 0.000854ms/call.
+ Converting 123 using new approach took 24.190186ms. avg 0.000242ms/call.
+
+ Converting 0.1 using old approach took 92.622803ms. avg 0.000926ms/call.
+ Converting 0.1 using new approach took 23.317871ms. avg 0.000233ms/call.
+
+ Converting 1/i using old approach took 106.893066ms. avg 0.001069ms/call.
+ Converting 1/i using new approach took 27.164062ms. avg 0.000272ms/call.
+
+ For all numbers I've tested in RoundingSignificantFigures mode and 6 digit precision the speedup was at least 250%.
+
+ * JavaScriptCore.exp: Change String::number(double) signature.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Ditto.
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToFixed): Refactor this into numberToFixedPrecisionString(), move to wtf/dtoa.cpp.
+ (JSC::numberProtoFuncToPrecision): Ditto, refactor this into numberToFixedWidthString.
+ * wtf/dtoa.cpp: Moved fixedWidth/Precision helpers into dtoa, extend numberToFixedPrecisionString(). Add a mode which allows to truncate trailing zeros/decimal point.
+ to make it possible to use them to generate strings that match the output from String::format("%6.lg"), while using our dtoas rounding facilities.
+ * wtf/dtoa.h:
+ * wtf/dtoa/utils.h: Expose new helper method, which allows us to truncate the result, before generating the output const char*.
+ (WTF::double_conversion::StringBuilder::SetPosition):
+ * wtf/text/WTFString.cpp:
+ (WTF::String::number): Remove String::format("%6.lg") usage! Switch to rounding to six significant figures, while matching the output of String::format.
+ * wtf/text/WTFString.h:
+
+2011-11-23 Hajime Morrita <morrita@chromium.org>
+
+ WTF::String has extra WTF_EXPORT_PRIVATE
+ https://bugs.webkit.org/show_bug.cgi?id=72858
+
+ Reviewed by Kevin Ollivier.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::String):
+
+2011-11-23 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ [CMake] Move the top-level logic to the top-level directory.
+ https://bugs.webkit.org/show_bug.cgi?id=72685
+
+ Reviewed by Brent Fulgham.
+
+ * CMakeLists.txt: Point to the right Source/ directory.
+ * wtf/CMakeLists.txt: Ditto.
+
+2011-11-22 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Strength reduction for Mul and Mod operations for known constants in DFG
+ https://bugs.webkit.org/show_bug.cgi?id=72878
+
+ Reviewed by Filip Pizlo.
+
+ Also the code should be commonly shared by both 32_64 and 64.
+
+ * dfg/DFGNode.h:
+ (JSC::DFG::nodeMayOverflow):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::fmodAsDFGOperation):
+ (JSC::DFG::SpeculativeJIT::compileInstanceOf):
+ (JSC::DFG::isPowerOfTwo):
+ (JSC::DFG::logTwo):
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+ (JSC::DFG::SpeculativeJIT::compileArithMod):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-22 Daniel Bates <dbates@rim.com>
+
+ Add WTF infrastructure for the BlackBerry port
+ https://bugs.webkit.org/show_bug.cgi?id=72970
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/Assertions.cpp: Added BlackBerry-specific logging directive.
+ * wtf/MathExtras.h:
+ (abs): Added; stdlib doesn't contain abs() on QNX.
+ * wtf/Platform.h: Define WTF_PLATFORM_BLACKBERRY and enable some platform features.
+ * wtf/RandomNumberSeed.h:
+ (WTF::initializeRandomNumberGenerator): For the BlackBerry port, we initialize
+ the bad pseudo random number generator using time(3) before initializing the
+ Mersenne Twister random number generator.
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::createThreadInternal): Added.
+ * wtf/blackberry: Added.
+ * wtf/blackberry/MainThreadBlackBerry.cpp: Added.
+ (WTF::initializeMainThreadPlatform):
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+ * wtf/text/WTFString.h: Added constructor and conversion operator for
+ BlackBerry WebString string object.
+
+2011-11-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r100988.
+ http://trac.webkit.org/changeset/100988
+ https://bugs.webkit.org/show_bug.cgi?id=72941
+
+ "Broke pixel tests on Chromium-Linux" (Requested by kbalazs on
+ #webkit).
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ * wtf/ParallelJobsGeneric.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ * wtf/Platform.h:
+
+2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
+
+ Enable ParallelJobs by default
+ https://bugs.webkit.org/show_bug.cgi?id=70032
+
+ Reviewed by Zoltan Herczeg.
+
+ According to measurements on Mac and Linux it is a
+ considerable speedup for SVG on multicore.
+
+ Remove the ENABLE(PARALLEL_JOBS) guard.
+ Fix build on Windows and Chromium.
+
+ * JavaScriptCore.gypi: Add the files to the build. It was
+ missing for the gyp build system.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Export symbols.
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ Deinline these to avoid exporting a lot of symbols.
+ These are non-trivial and called only once on a given object
+ so it doesn't seems to be worthwile to inline them.
+ Additionally fix a signed-unsigned comparison in the constructor.
+ * wtf/ParallelJobsGeneric.h:
+ * wtf/Platform.h:
+
+2011-11-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have richer debug output for CFA and phi processing
+ https://bugs.webkit.org/show_bug.cgi?id=72922
+
+ Reviewed by Gavin Barraclough.
+
+ In the default verbose mode, we now print information about variable
+ state at the bottom of basic blocks in addition to the top, and we
+ also print local variable linking. In the verbose propagation mode,
+ the state of phi processing is dumped more richly and CFA merging (the
+ most subtle part of CFA) is traced as well.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::StructureAbstractValue::dump):
+ (JSC::DFG::AbstractValue::dump):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCommon.h:
+ (JSC::DFG::NodeIndexTraits::dump):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::dumpChildren):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOperands.h:
+ (JSC::DFG::OperandValueTraits::dump):
+ (JSC::DFG::dumpOperands):
+
+2011-11-21 Filip Pizlo <fpizlo@apple.com>
+
+ Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+ https://bugs.webkit.org/show_bug.cgi?id=71505
+
+ Reviewed by Gavin Barraclough.
+
+ It turns out that we were corrupting phi nodes in case of overflow. The bug is
+ really obvious, but producing a test case that causes the badness is hard. Even
+ when the phi nodes do get corrupt, there's more that has to happen before it
+ causes incorrect execution - and I wasn't able to reproduce in any kind of
+ sensible reduced case.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+
+2011-11-21 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Speed up debug builds.
+ https://bugs.webkit.org/show_bug.cgi?id=72882
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Make BUILDING_JavaScriptCore available earlier, so it can be
+ used by the build system.
+
+2011-11-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r100913.
+ http://trac.webkit.org/changeset/100913
+ https://bugs.webkit.org/show_bug.cgi?id=72885
+
+ "Break Windows build" (Requested by kbalazs on #webkit).
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ * wtf/ParallelJobsGeneric.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ * wtf/Platform.h:
+
+2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
+
+ Enable ParallelJobs by default
+ https://bugs.webkit.org/show_bug.cgi?id=70032
+
+ Reviewed by Zoltan Herczeg.
+
+ According to measurements on Mac and Linux it is a
+ considerable speedup for SVG on multicore.
+
+ Remove the ENABLE(PARALLEL_JOBS) guard.
+ Fix build on Windows and Chromium.
+
+ * JavaScriptCore.gypi: Add the files to the build. It was
+ missing for the gyp build system.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Export symbols.
+ * wtf/ParallelJobs.h:
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+ Deinline these to avoid exporting a lot of symbols.
+ These are non-trivial and called only once on a given object
+ so it doesn't seems to be worthwile to inline them.
+ Additionally fix a signed-unsigned comparison in the constructor.
+ * wtf/ParallelJobsGeneric.h:
+ * wtf/Platform.h:
+
+2011-11-21 Andy Wingo <wingo@igalia.com>
+
+ Add .dir-locals.el file for better Emacs defaults
+ https://bugs.webkit.org/show_bug.cgi?id=72483
+
+ Reviewed by Xan Lopez.
+
+ * .dir-locals.el: Set appropriate directory-local variables for Emacs.
+
+2011-11-21 Filip Pizlo <fpizlo@apple.com>
+
+ Another attempt at a build fix.
+
+ * dfg/DFGRepatch.h:
+ (JSC::DFG::dfgResetGetByID):
+ (JSC::DFG::dfgResetPutByID):
+
+2011-11-20 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed interpreter build fix.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finalizeUnconditionally):
+ * dfg/DFGRepatch.h:
+
+2011-11-20 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Improve modulo operation on 32bit platforms
+ https://bugs.webkit.org/show_bug.cgi?id=72501
+
+ Reviewed by Filip Pizlo.
+
+ Extend softModulo to support X86 and MIPS in baseline JIT.
+ Apply the same optimization to 32bit DFG JIT.
+ 1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit.
+
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileSoftModulo):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_mod):
+ (JSC::JIT::emitSlow_op_mod):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::softModulo):
+ * wtf/Platform.h:
+
+2011-11-18 Filip Pizlo <fpizlo@apple.com>
+
+ Inline caches that refer to otherwise dead objects should be cleared
+ https://bugs.webkit.org/show_bug.cgi?id=72311
+
+ Reviewed by Geoff Garen.
+
+ DFG code blocks now participate in the weak reference harvester fixpoint
+ so that they only consider themselves to be live if either they are
+ currently executing, or their owner is live and all of their weak references
+ are live. If not, the relevant code blocks are jettisoned.
+
+ Inline caches in both the old JIT and the DFG are now cleared if any of
+ their references are not marked at the end of a GC.
+
+ This is performance-neutral on SunSpider, V8, and Kraken. With the clear-
+ all-code-on-GC policy that we currently have, it shows a slight reduction
+ in memory usage. If we turn that policy off, it's pretty easy to come up
+ with an example program that will cause ToT to experience linear heap
+ growth, while with this patch, the heap stays small and remains at a
+ constant size.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::readCallTarget):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::readCallTarget):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::readCallTarget):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::readCallTarget):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::performTracingFixpointIteration):
+ (JSC::CodeBlock::visitWeakReferences):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ (JSC::CodeBlock::stronglyVisitStrongReferences):
+ (JSC::MethodCallLinkInfo::reset):
+ (JSC::ProgramCodeBlock::jettison):
+ (JSC::EvalCodeBlock::jettison):
+ (JSC::FunctionCodeBlock::jettison):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::reoptimize):
+ (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::visitWeak):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::visitWeakReferences):
+ * bytecode/StructureStubInfo.h:
+ (JSC::isGetByIdAccess):
+ (JSC::isPutByIdAccess):
+ (JSC::StructureStubInfo::reset):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchByIdSelfAccess):
+ (JSC::DFG::dfgResetGetByID):
+ (JSC::DFG::dfgResetPutByID):
+ * dfg/DFGRepatch.h:
+ (JSC::DFG::dfgResetGetByID):
+ (JSC::DFG::dfgResetPutByID):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::resetPatchGetById):
+ (JSC::JIT::resetPatchPutById):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::resetPatchGetById):
+ (JSC::JIT::resetPatchPutById):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITWriteBarrier.h:
+ (JSC::JITWriteBarrierBase::clearToMaxUnsigned):
+
+2011-11-20 Filip Pizlo <fpizlo@apple.com>
+
+ Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+ https://bugs.webkit.org/show_bug.cgi?id=71505
+
+ Reviewed by Oliver Hunt.
+
+ The bytecode generator was assuming that call_varargs never reuses the base register
+ (i.e. the function being called) for the result. This is no longer true.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCallVarargs):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ApplyFunctionCallDotNode::emitBytecode):
+
+2011-11-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG 32_64 should directly store double virtual registers on SetLocal
+ https://bugs.webkit.org/show_bug.cgi?id=72845
+
+ Reviewed by Oliver Hunt.
+
+ 2% win on Kraken.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-20 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove DFG::JITCodeGenerator from the gyp projects
+ https://bugs.webkit.org/show_bug.cgi?id=72842
+
+ Reviewed by Filip Pizlo.
+
+ dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244
+
+ * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp}
+
+2011-11-18 Daniel Bates <dbates@rim.com>
+
+ Add CMake build infrastructure for the BlackBerry port
+ https://bugs.webkit.org/show_bug.cgi?id=72768
+
+ Reviewed by Antonio Gomes.
+
+ * PlatformBlackBerry.cmake: Added.
+ * shell/PlatformBlackBerry.cmake: Added.
+ * wtf/PlatformBlackBerry.cmake: Added.
+
+2011-11-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT fails speculation on InstanceOf if the base is not an object
+ https://bugs.webkit.org/show_bug.cgi?id=72709
+
+ Reviewed by Geoff Garen.
+
+ InstanceOf already leverages the fact that we only allow the default
+ hasInstance implementation. So, if the base is predicted to possibly
+ be not an object and the CFA has not yet proven otherwise, InstanceOf
+ will abstain from speculating cell and instead return false if the
+ base is not a cell.
+
+ This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so
+ speed-up in earley-boyer. Neutral according to bencher on SunSpider,
+ V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9%
+ win on V8 even on my harness, due to a 12.5% win on earley-boyer.
+
+ I also took this opportunity to make the code for InstanceOf common
+ between the two JITs. This was partially successful, in that the
+ "common code" has a bunch of #if's, but overall it seems like a code
+ size reduction.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
+ (JSC::DFG::SpeculativeJIT::compileInstanceOf):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Forgot to completely de-virtualize isDynamicScope
+ https://bugs.webkit.org/show_bug.cgi?id=72763
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSActivation.h: Removed virtual keyword.
+
+2011-11-18 Filip Pizlo <fpizlo@apple.com>
+
+ Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
+ https://bugs.webkit.org/show_bug.cgi?id=72292
+
+ Reviewed by Darin Adler.
+
+ Fix this for 32_64.
+
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize ExecutableBase::intrinsic
+ https://bugs.webkit.org/show_bug.cgi?id=72548
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value.
+ * runtime/Executable.h:
+ * runtime/JSCell.h:
+ (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo
+ rather than requiring C++ RTTI.
+
+2011-11-18 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Remove duplicate dtoa files from CMakeLists.txt
+ https://bugs.webkit.org/show_bug.cgi?id=72711
+
+ Reviewed by Brent Fulgham.
+
+ * wtf/CMakeLists.txt:
+
+2011-11-17 Michael Saboff <msaboff@apple.com>
+
+ [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=72602
+
+ Fixed StringImpl::foldCase by adding return in the case we need to handle
+ folding of 8 bit strings with Latin-1 characters.
+
+ Fixed case where StringImpl::replace was using a char temp instead of an
+ LChar temp.
+
+ Because of the second change, I changed other uses of char or
+ unsigned char to LChar.
+
+ Reviewed by Zoltan Herczeg.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::upper):
+ (WTF::StringImpl::foldCase):
+ (WTF::equal):
+ (WTF::equalIgnoringCase):
+ (WTF::StringImpl::replace):
+
+2011-11-17 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt
+ https://bugs.webkit.org/show_bug.cgi?id=72644
+
+ Reviewed by Brent Fulgham.
+
+ All ports need to do the same determination about fast malloc. Move the CMake code from
+ platform specific files into the generic one, so that additional ports can reuse it.
+
+ * wtf/CMakeLists.txt:
+ * wtf/PlatformEfl.cmake:
+ * wtf/PlatformWinCE.cmake:
+
+2011-11-17 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add finalizer to JSActivation
+ https://bugs.webkit.org/show_bug.cgi?id=72575
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation.
+ (JSC::JSActivation::finalize):
+ * runtime/JSActivation.h: Replaced virtual destructor with static finalize function.
+
+2011-11-15 Filip Pizlo <fpizlo@apple.com>
+
+ Code block jettisoning should be part of the GC's transitive closure
+ https://bugs.webkit.org/show_bug.cgi?id=72467
+
+ Reviewed by Geoff Garen.
+
+ Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all
+ DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak
+ references) and helps track what state each of those code blocks is in during
+ GC. The state consists of two flags; mayBeExecuting, which tells if the code block
+ is live from call frames; and isJettisoned, which tells if the code block is
+ not owned by any executable and thus should be deleted as soon as it is not
+ mayBeExecuting.
+
+ - Not executing, Not jettisoned: The code block may or may not be reachable from
+ any executables, but it is owned by an executable, and hence should be
+ kept alive if its executable is live and if all of its weak references are
+ live. Otherwise it should be deleted during the current GC cycle, and its
+ outgoing references should not be scanned.
+
+ - Not executing but jettisoned: The code block should be deleted as soon as
+ possible and none of its outgoing references should be scanned.
+
+ - Executing but not jettisoned: The code block should be kept alive during this
+ GC cycle, and all of its outgoing references (including the weak ones)
+ should be scanned and marked strongly. The mayBeExecuting bit will be cleared at
+ the end of the GC cycle.
+
+ - Executing and jettisoned: The code block should be kept alive during this
+ GC cycle, and all of its outgoing references (including the weak ones)
+ should be scanned and marked strongly. However, on the next GC cycle, it
+ will have its mayBeExecuting bit cleared and hence it will become a candidate
+ for immediate deletion provided it is not executing again.
+
+ This is performance-neutral.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setJITCode):
+ (JSC::CodeBlock::DFGData::DFGData):
+ (JSC::DFGCodeBlocks::mark):
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::add):
+ * heap/ConservativeRoots.h:
+ * heap/DFGCodeBlocks.cpp: Added.
+ (JSC::DFGCodeBlocks::DFGCodeBlocks):
+ (JSC::DFGCodeBlocks::~DFGCodeBlocks):
+ (JSC::DFGCodeBlocks::jettison):
+ (JSC::DFGCodeBlocks::clearMarks):
+ (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
+ (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
+ * heap/DFGCodeBlocks.h: Added.
+ * heap/Heap.cpp:
+ (JSC::Heap::jettisonDFGCodeBlock):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/JettisonedCodeBlocks.cpp: Removed.
+ * heap/JettisonedCodeBlocks.h: Removed.
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h:
+ * runtime/Executable.cpp:
+ (JSC::jettisonCodeBlock):
+
+2011-11-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed, build fix for 32-bit.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-16 Geoffrey Garen <ggaren@apple.com>
+
+ Some CachedCall cleanup, in preparation for reversing argument order.
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter,
+ so I can test it.
+
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because
+ we are not that desperate for character saving.
+
+ (JSC::CachedCall::setThis):
+ (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for
+ CallFrameClosure.
+
+ * interpreter/CallFrameClosure.h:
+ (JSC::CallFrameClosure::setThis):
+ (JSC::CallFrameClosure::setArgument):
+ (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing,
+ with an explicit setter for 'this', since that's how most clients think.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::prepareForRepeatCall):
+ * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis,
+ for clarity.
+
+2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize ScriptExecutable::unlinkCalls
+ https://bugs.webkit.org/show_bug.cgi?id=72546
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error
+ due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which
+ didn't have complete type information on the things that needed to be destructed in the implicit destructor.
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::createStructure): Used new type value from JSType
+ (JSC::ProgramExecutable::createStructure): Ditto
+ (JSC::FunctionExecutable::createStructure): Ditto
+ (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation.
+ * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable. Remove explicit numbers, since
+ that just adds noise to patches and they currently have no significance.
+
+2011-11-16 Filip Pizlo <fpizlo@apple.com>
+
+ JSC::CodeBlock should know which references generated by the DFG are weak
+ https://bugs.webkit.org/show_bug.cgi?id=72563
+
+ Reviewed by Geoff Garen.
+
+ CodeBlock::m_dfgData now tracks weak references and weak reference transitions
+ (like ephemerons) generated by the DFG. The DFG makes sure to notify the
+ CodeBlock of all uses of weak references and weak reference transitions.
+ CodeBlock currently marks them strongly, since the weak marking logic is not
+ in place, yet.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::stronglyVisitWeakReferences):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::appendWeakReference):
+ (JSC::CodeBlock::shrinkWeakReferencesToFit):
+ (JSC::CodeBlock::appendWeakReferenceTransition):
+ (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
+ (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::codeOriginOwner):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addWeakReference):
+ (JSC::DFG::JITCompiler::addWeakReferenceTransition):
+ (JSC::DFG::JITCompiler::branchWeakPtr):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-16 Michael Saboff <msaboff@apple.com>
+
+ LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185)
+ https://bugs.webkit.org/show_bug.cgi?id=72561
+
+ Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED().
+ Simplified the code in the process.
+
+ Reviewed by James Robinson.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::CharAccess::CharAccess):
+ (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
+
+2011-11-16 Geoffrey Garen <ggaren@apple.com>
+
+ Interpreter build fixes.
+
+ * bytecode/CodeBlock.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-11-16 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r100363.
+
+ * bytecode/CodeBlock.h:
+
+2011-11-16 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled back in r100375 and r100385 with 32-bit build fixed.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice):
+ * runtime/ArgList.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::constructArray):
+
+2011-11-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG global variable CSE mishandles the cross-global-object inlining corner case
+ https://bugs.webkit.org/show_bug.cgi?id=72542
+
+ Reviewed by Geoff Garen.
+
+ Moved code to get the global object for a code origin into CodeBlock, so it is
+ more broadly accessible. Fixed CSE to compare both the variable number, and the
+ global object, before deciding to perform elimination.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::globalObjectFor):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::globalObjectFor):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::globalVarLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-11-16 Michael Saboff <msaboff@apple.com>
+
+ Enable 8 Bit Strings in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=71337
+
+ This patch turns on 8 bit strings in StringImpl and enables
+ their use in JavaScriptCore. Some of the changes are to
+ turn on code that had been staged (Lexer.cpp, Identifier.cpp,
+ SmallStrings.cpp and some of StringImpl.{h,cpp}).
+ Other changes are minor fixes to make 8 bit strings work
+ (UString.h, StringImpl::getData16SlowCase()).
+ Changed StringBuffer to be a templated class based on character
+ type. This change rippled into WebCore code as well.
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp:
+ * parser/Lexer.cpp:
+ (JSC::::append8): Changed to use 8 bit buffers.
+ (JSC::::parseIdentifier): Changed to use 8 bit buffers.
+ (JSC::::parseString): Changed to use 8 bit buffers.
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit
+ (JSC::Identifier::toUInt32FromCharacters): Templated helper.
+ (JSC::Identifier::toUInt32): Added 8 bit optimized path.
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings
+ * runtime/UString.h:
+ (JSC::UString::characters): Now calls StringImpl::characters()
+ * wtf/Forward.h:
+ * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type.
+ (WTF::StringBuffer::StringBuffer):
+ (WTF::StringBuffer::characters):
+ (WTF::StringBuffer::release):
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::create):
+ (WTF::StringImpl::getData16SlowCase): Fixed null terminated case.
+ (WTF::StringImpl::removeCharacters): Added 8 bit path.
+ (WTF::StringImpl::simplifyMatchedCharactersToSpace):
+ (WTF::StringImpl::simplifyWhiteSpace):
+ (WTF::equal): Removed bug from code copied from null terminated version.
+ (WTF::StringImpl::adopt): Added 8 bit path.
+ (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation.
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl): Added new 8 bit constructor.
+ (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED().
+ (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings.
+ (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings.
+ * wtf/text/WTFString.h:
+ (WTF::String::adopt): Changed to use StringBuffer template.
+
+2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize ExecutableBase::clearCodeVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=72337
+
+ Reviewed by Darin Adler.
+
+ Added static finalize functions to the subclasses of ExecutableBase that provide an implementation
+ of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method,
+ and had the finalize functions call the corresponding clearCode methods.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::NativeExecutable::finalize):
+ (JSC::EvalExecutable::finalize):
+ (JSC::EvalExecutable::clearCode):
+ (JSC::ProgramExecutable::finalize):
+ (JSC::ProgramExecutable::clearCode):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::finalize):
+ (JSC::FunctionExecutable::clearCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::finishCreation):
+ (JSC::NativeExecutable::create):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+
+2011-11-16 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral
+ https://bugs.webkit.org/show_bug.cgi?id=71572
+
+ Reviewed by Gavin Barraclough and Darin Adler.
+
+ * runtime/RegExpObject.cpp:
+ (JSC::regExpObjectSource):
+
+2011-11-16 Darin Adler <darin@apple.com>
+
+ Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer
+ https://bugs.webkit.org/show_bug.cgi?id=72475
+
+ Reviewed by Adam Roben.
+
+ * wtf/HashTraits.h: Specialize HashTraits for OwnPtr.
+ Do overloads so we can pass a nullptr and also be sure to get the
+ raw pointer type from the OwnPtr template so we handle both forms
+ of OwnPtr: OwnPtr<T> and OwnPtr<T*>.
+
+2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
+
+2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Unreviewed, rolling out r100266.
+ http://trac.webkit.org/changeset/100266
+
+ Broke WTR.
+
+ * Target.pri:
+
+2011-11-16 Darin Adler <darin@apple.com>
+
+ Add a "pass type" and "peek type" concept to HashTraits
+ https://bugs.webkit.org/show_bug.cgi?id=72473
+
+ Reviewed by Filip Pizlo.
+
+ * wtf/HashTraits.h: Added the pass type and peek type.
+ For OwnPtr, the pass type will be PassOwnPtr and the peek
+ type will be a raw pointer.
+
+2011-11-16 Darin Adler <darin@apple.com>
+
+ Fix some hash traits that don't derive from the base hash traits
+ https://bugs.webkit.org/show_bug.cgi?id=72470
+
+ Reviewed by Filip Pizlo.
+
+ Hash traits structures need to derive from the base hash traits in
+ HashTraits.h, but some were not. This is needed for compatibility with
+ some additional traits we will be adding to make OwnPtr work with HashMap.
+
+ * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from
+ HashTraits<int>. This enabled removal of all the members except for the
+ ones that control the empty value, because this is otherwise the same
+ as the standard int hash.
+
+ * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive
+ from HashTraits<SymbolTableEntry> and removed redundant members.
+
+2011-11-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r100375 and r100385.
+ http://trac.webkit.org/changeset/100375
+ http://trac.webkit.org/changeset/100385
+ https://bugs.webkit.org/show_bug.cgi?id=72465
+
+ They broke 32 bit builds on Qt (Requested by ossy on #webkit).
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice):
+ * runtime/ArgList.h:
+ (JSC::ArgList::ArgList):
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ * runtime/JSGlobalObject.h:
+
+2011-11-15 George Staikos <staikos@webkit.org>
+
+ Remove the guard page from the addressable stack region on QNX.
+ https://bugs.webkit.org/show_bug.cgi?id=72455
+
+ Reviewed by Daniel Bates.
+
+ * wtf/StackBounds.cpp:
+ (WTF::StackBounds::initialize):
+
+2011-11-15 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings
+ https://bugs.webkit.org/show_bug.cgi?id=72323
+
+ Added 8 bit optimized paths for String and UString ascii() and utf8() methods.
+
+ Added String::characters8(), characters16() and is8Bit() helper methods.
+
+ Added an new Unicode::convertLatin1ToUTF8() method that works on
+ LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8().
+
+ Reviewed by Geoff Garen.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/UString.cpp:
+ (JSC::UString::utf8):
+ * wtf/text/WTFString.cpp:
+ (WTF::String::ascii):
+ (WTF::String::utf8):
+ * wtf/text/WTFString.h:
+ (WTF::String::characters8):
+ (WTF::String::characters16):
+ (WTF::String::is8Bit):
+ (WTF::LChar):
+ (WTF::UChar):
+ * wtf/unicode/UTF8.cpp:
+ (WTF::Unicode::convertLatin1ToUTF8):
+ * wtf/unicode/UTF8.h:
+ * wtf/unicode/Unicode.h:
+
+2011-11-15 Darin Adler <darin@apple.com>
+
+ REGRESSION (r98887): ParserArena and Keywords leaking
+ https://bugs.webkit.org/show_bug.cgi?id=72428
+
+ Reviewed by Sam Weinig.
+
+ * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr
+ need to be able to destroy it.
+
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members.
+
+ * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr.
+
+2011-11-15 Geoffrey Garen <ggaren@apple.com>
+
+ Removed another use of ArgList that baked in the assumption that arguments
+ are forward in the regiter file.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of
+ working through ArgList.
+
+ * runtime/ArgList.h: Removed!
+
+2011-11-15 Geoffrey Garen <ggaren@apple.com>
+
+ Removed a use of ArgList that baked in the assumption that arguments
+ are forward in the regiter file.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION): Use new API.
+
+ * runtime/ArgList.cpp:
+ (JSC::ArgList::getSlice): No need to provide an arbitrary constructor --
+ getSlice can do the right thing by using its rights to private data.
+
+ * runtime/ArgList.h: Removed constructor that took a forward-contiguous
+ set of arguments.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::finishCreation):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::constructArray): Added explicit support for creating an array from
+ a pre-allocated set of values, so we could stop relying on the ArgList
+ API we want to remove.
+
+2011-11-15 Filip Pizlo <fpizlo@apple.com>
+
+ Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
+ https://bugs.webkit.org/show_bug.cgi?id=72292
+
+ Reviewed by Geoff Garen.
+
+ We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling
+ an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion()
+ instead of CodeBlock::alternative().
+
+ No performance effect.
+
+ No tests because all of our heuristics work very hard to make sure that this never happens in
+ the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation)
+ is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still
+ because the whole point of jettisoning is to bring the probability of future OSR exits to as
+ close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR
+ exit after a jettison to be the first of its kind; our whole design tries to ensure that
+ CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning
+ is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR
+ compilation. So this is a truly evil case, and any test for it would be quite fragile.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::specializationKind):
+ (JSC::CodeBlock::largeFailCountThreshold):
+ (JSC::CodeBlock::largeFailCountThresholdForLoop):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
+ (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2011-11-15 Geoffrey Garen <ggaren@apple.com>
+
+ Use MarkedArgumentBuffer to avoid making assumptions about argument order
+ https://bugs.webkit.org/show_bug.cgi?id=72418
+
+ Reviewed by Sam Weinig.
+
+ A step toward reversing the argument order.
+
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ (JSC::Walker::callReviver): Don't assume that ArgList wants to point
+ at arguments in forward order. Instead, use MarkedArgumentBuffer, which
+ will make the decision for us.
+
+2011-11-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should distinguish between constants in the constant pool and weak
+ constants added as artifacts of code generation
+ https://bugs.webkit.org/show_bug.cgi?id=72367
+
+ Reviewed by Geoff Garen.
+
+ Added the notion of a WeakJSConstant, which is like a JSConstant except that
+ it can only refer to JSCell*. Currently all WeakJSConstants are also backed
+ by constants in the constant pool, since weak references originated from
+ machine code are not yet properly handled.
+
+ Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant
+ and CheckStructure. This results in improved CSE, leading to a 1% win on V8.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::prepareToParseBlock):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::getJSConstantPrediction):
+ (JSC::DFG::Graph::valueOfJSConstant):
+ (JSC::DFG::Graph::valueOfInt32Constant):
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::isWeakConstant):
+ (JSC::DFG::Node::hasConstant):
+ (JSC::DFG::Node::weakConstant):
+ (JSC::DFG::Node::valueOfJSConstant):
+ (JSC::DFG::Node::isInt32Constant):
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::isNumberConstant):
+ (JSC::DFG::Node::isBooleanConstant):
+ (JSC::DFG::Node::hasIdentifier):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-15 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit Strings - Initial JS String Tuning
+ https://bugs.webkit.org/show_bug.cgi?id=72326
+
+ Added 8 bit optimized paths for the methods below.
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSString.h:
+ (JSC::jsSubstring8):
+ * runtime/StringPrototype.cpp:
+ (JSC::jsSpliceSubstrings):
+ (JSC::jsSpliceSubstringsWithSeparators):
+ (JSC::stringProtoFuncReplace):
+ (JSC::stringProtoFuncCharCodeAt):
+
+2011-11-15 Gavin Barraclough <barraclough@apple.com>
+
+ Result of Error.prototype.toString not ES5 conformant
+ https://bugs.webkit.org/show_bug.cgi?id=70889
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+
+2011-11-15 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
+
+ Reviewed by Tor Arne Vestbø.
+
+ * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
+
+2011-11-15 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove DFGJITCompilerInlineMethods
+ https://bugs.webkit.org/show_bug.cgi?id=72366
+
+ Reviewed by Filip Pizlo.
+
+ Those methods are actually seldom used. Modify the few such places and
+ remove DFGJITCompilerInlineMethods stuffs totally.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addressOfDoubleConstant):
+ * dfg/DFGJITCompilerInlineMethods.h: Removed.
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::silentFillFPR):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::cachedGetMethod):
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined
+ https://bugs.webkit.org/show_bug.cgi?id=72348
+
+ Reviewed by Gavin Barraclough.
+
+ Moved all of JITCodeGenerator into SpeculativeJIT.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGJITCodeGenerator.cpp: Removed.
+ * dfg/DFGJITCodeGenerator.h: Removed.
+ * dfg/DFGJITCodeGenerator32_64.cpp: Removed.
+ * dfg/DFGJITCodeGenerator64.cpp: Removed.
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::clearGenerationInfo):
+ (JSC::DFG::SpeculativeJIT::fillStorage):
+ (JSC::DFG::SpeculativeJIT::useChildren):
+ (JSC::DFG::SpeculativeJIT::isStrictInt32):
+ (JSC::DFG::SpeculativeJIT::isKnownInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::SpeculativeJIT::isKnownCell):
+ (JSC::DFG::SpeculativeJIT::isKnownNotCell):
+ (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
+ (JSC::DFG::SpeculativeJIT::isKnownBoolean):
+ (JSC::DFG::SpeculativeJIT::writeBarrier):
+ (JSC::DFG::SpeculativeJIT::markCellCard):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
+ (JSC::DFG::dataFormatString):
+ (JSC::DFG::SpeculativeJIT::dump):
+ (JSC::DFG::SpeculativeJIT::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::GPRTemporary::adopt):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::at):
+ (JSC::DFG::SpeculativeJIT::lock):
+ (JSC::DFG::SpeculativeJIT::unlock):
+ (JSC::DFG::SpeculativeJIT::canReuse):
+ (JSC::DFG::SpeculativeJIT::reuse):
+ (JSC::DFG::SpeculativeJIT::allocate):
+ (JSC::DFG::SpeculativeJIT::tryAllocate):
+ (JSC::DFG::SpeculativeJIT::fprAllocate):
+ (JSC::DFG::SpeculativeJIT::isFilled):
+ (JSC::DFG::SpeculativeJIT::isFilledDouble):
+ (JSC::DFG::SpeculativeJIT::use):
+ (JSC::DFG::SpeculativeJIT::selectScratchGPR):
+ (JSC::DFG::SpeculativeJIT::silentSpillGPR):
+ (JSC::DFG::SpeculativeJIT::silentSpillFPR):
+ (JSC::DFG::SpeculativeJIT::silentFillGPR):
+ (JSC::DFG::SpeculativeJIT::silentFillFPR):
+ (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
+ (JSC::DFG::SpeculativeJIT::boxDouble):
+ (JSC::DFG::SpeculativeJIT::unboxDouble):
+ (JSC::DFG::SpeculativeJIT::spill):
+ (JSC::DFG::SpeculativeJIT::isConstant):
+ (JSC::DFG::SpeculativeJIT::isJSConstant):
+ (JSC::DFG::SpeculativeJIT::isInt32Constant):
+ (JSC::DFG::SpeculativeJIT::isDoubleConstant):
+ (JSC::DFG::SpeculativeJIT::isNumberConstant):
+ (JSC::DFG::SpeculativeJIT::isBooleanConstant):
+ (JSC::DFG::SpeculativeJIT::isFunctionConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
+ (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
+ (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
+ (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
+ (JSC::DFG::SpeculativeJIT::isNullConstant):
+ (JSC::DFG::SpeculativeJIT::identifier):
+ (JSC::DFG::SpeculativeJIT::flushRegisters):
+ (JSC::DFG::SpeculativeJIT::isFlushed):
+ (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr):
+ (JSC::DFG::SpeculativeJIT::bitOp):
+ (JSC::DFG::SpeculativeJIT::shiftOp):
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::addressOfCallData):
+ (JSC::DFG::SpeculativeJIT::tagOfCallData):
+ (JSC::DFG::SpeculativeJIT::payloadOfCallData):
+ (JSC::DFG::SpeculativeJIT::integerResult):
+ (JSC::DFG::SpeculativeJIT::noResult):
+ (JSC::DFG::SpeculativeJIT::cellResult):
+ (JSC::DFG::SpeculativeJIT::booleanResult):
+ (JSC::DFG::SpeculativeJIT::jsValueResult):
+ (JSC::DFG::SpeculativeJIT::storageResult):
+ (JSC::DFG::SpeculativeJIT::doubleResult):
+ (JSC::DFG::SpeculativeJIT::initConstantInfo):
+ (JSC::DFG::SpeculativeJIT::resetCallArguments):
+ (JSC::DFG::SpeculativeJIT::addCallArgument):
+ (JSC::DFG::SpeculativeJIT::setupArguments):
+ (JSC::DFG::SpeculativeJIT::setupArgumentsExecState):
+ (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
+ (JSC::DFG::SpeculativeJIT::setupTwoStubArgs):
+ (JSC::DFG::SpeculativeJIT::setupStubArguments):
+ (JSC::DFG::SpeculativeJIT::callOperation):
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
+ (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
+ (JSC::DFG::SpeculativeJIT::setupResults):
+ (JSC::DFG::SpeculativeJIT::appendCallSetResult):
+ (JSC::DFG::SpeculativeJIT::addBranch):
+ (JSC::DFG::SpeculativeJIT::linkBranches):
+ (JSC::DFG::SpeculativeJIT::block):
+ (JSC::DFG::SpeculativeJIT::checkConsistency):
+ (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
+ (JSC::DFG::IntegerOperand::IntegerOperand):
+ (JSC::DFG::IntegerOperand::~IntegerOperand):
+ (JSC::DFG::IntegerOperand::index):
+ (JSC::DFG::IntegerOperand::format):
+ (JSC::DFG::IntegerOperand::gpr):
+ (JSC::DFG::IntegerOperand::use):
+ (JSC::DFG::DoubleOperand::DoubleOperand):
+ (JSC::DFG::DoubleOperand::~DoubleOperand):
+ (JSC::DFG::DoubleOperand::index):
+ (JSC::DFG::DoubleOperand::fpr):
+ (JSC::DFG::DoubleOperand::use):
+ (JSC::DFG::JSValueOperand::JSValueOperand):
+ (JSC::DFG::JSValueOperand::~JSValueOperand):
+ (JSC::DFG::JSValueOperand::index):
+ (JSC::DFG::JSValueOperand::gpr):
+ (JSC::DFG::JSValueOperand::jsValueRegs):
+ (JSC::DFG::JSValueOperand::isDouble):
+ (JSC::DFG::JSValueOperand::fill):
+ (JSC::DFG::JSValueOperand::tagGPR):
+ (JSC::DFG::JSValueOperand::payloadGPR):
+ (JSC::DFG::JSValueOperand::fpr):
+ (JSC::DFG::JSValueOperand::use):
+ (JSC::DFG::StorageOperand::StorageOperand):
+ (JSC::DFG::StorageOperand::~StorageOperand):
+ (JSC::DFG::StorageOperand::index):
+ (JSC::DFG::StorageOperand::gpr):
+ (JSC::DFG::StorageOperand::use):
+ (JSC::DFG::GPRTemporary::~GPRTemporary):
+ (JSC::DFG::GPRTemporary::gpr):
+ (JSC::DFG::FPRTemporary::~FPRTemporary):
+ (JSC::DFG::FPRTemporary::fpr):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ (JSC::DFG::GPRResult::GPRResult):
+ (JSC::DFG::GPRResult2::GPRResult2):
+ (JSC::DFG::FPRResult::FPRResult):
+ (JSC::DFG::FPRResult::lockedResult):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::fillDouble):
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::cachedGetMethod):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillInteger):
+ (JSC::DFG::SpeculativeJIT::fillDouble):
+ (JSC::DFG::SpeculativeJIT::fillJSValue):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::cachedGetMethod):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * runtime/JSFunction.h:
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ Weak reference harvesters should run to fixpoint
+ https://bugs.webkit.org/show_bug.cgi?id=72346
+
+ Reviewed by Oliver Hunt.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/ListableHandler.h:
+ (JSC::ListableHandler::next):
+ (JSC::ListableHandler::List::head):
+ (JSC::ListableHandler::List::removeNext):
+ (JSC::ListableHandler::List::removeAll):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::reset):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::isEmpty):
+
+2011-11-14 Oliver Hunt <oliver@apple.com>
+
+ Start migrating typed array impl types to WTF
+ https://bugs.webkit.org/show_bug.cgi?id=72336
+
+ Reviewed by Geoffrey Garen.
+
+ Add typed array impls to WTF forwarding header.
+
+ * wtf/Forward.h:
+
+2011-11-14 Julien Chaffraix <jchaffraix@webkit.org>
+
+ Add --css-grid-layout to build-webkit and the build systems
+ https://bugs.webkit.org/show_bug.cgi?id=72320
+
+ Reviewed by Ojan Vafai.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ A little bit of arguments / activation cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=72339
+
+ Reviewed by Gavin Barraclough.
+
+ Renamed copyRegisters => tearOff to match bytecode and other terminology.
+
+ Renamed setActivation => didTearOffActivation to indicate that this is a
+ notification the object may choose to ignore. Moved "Should I ignore?"
+ code into the arguments object to avoid duplication elsewhere.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveArguments):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createAndTearOff):
+ (JSC::Arguments::didTearOffActivation):
+ (JSC::Arguments::finishCreationButDontTearOff):
+ (JSC::Arguments::finishCreation):
+ (JSC::Arguments::finishCreationAndTearOff):
+ (JSC::Arguments::tearOff):
+
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::tearOff): Moved Activation's code into its own header
+ because that's where it belongs.
+
+2011-11-14 Gavin Barraclough <barraclough@apple.com>
+
+ Should sign the jsc binary
+ https://bugs.webkit.org/show_bug.cgi?id=72332
+
+ Reviewed by David Kilzer.
+
+ * Configurations/JSC.xcconfig:
+ * entitlements.plist: Added.
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG's inline references to objects should be tracked
+ https://bugs.webkit.org/show_bug.cgi?id=72313
+
+ Reviewed by Gavin Barraclough.
+
+ Added a pinCell() method in the parser that currently creates a
+ dummy constant in CodeBlock. Added calls to pinCell() wherever the
+ DFG would inline a constant reference that the original code would
+ not have referred to.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getCellConstantIndex):
+ (JSC::DFG::ByteCodeParser::pinCell):
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-11-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG put_by_id transition optimizations test the wrong structures
+ https://bugs.webkit.org/show_bug.cgi?id=72324
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::structureChainIsStillValid):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Further changes and cleanup to JSString.h and cpp.
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr. Eliminated exec in slow case calls.
+ (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name.
+ (JSC::JSString::resolveRopeSlowCase): Removed exec parameter.
+ * runtime/JSString.h:
+
+2011-11-14 Adam Barth <abarth@webkit.org>
+
+ DateMath.cpp should not depend on JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=71747
+
+ Reviewed by Darin Adler.
+
+ This patch moves the JSC-specific parts of DateMath into JSDateMath in
+ JavaScriptCore. There shouldn't be any behavior change.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConversion.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DateInstanceCache.h:
+ * runtime/DatePrototype.cpp:
+ * runtime/InitializeThreading.cpp:
+ * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp.
+ (JSC::timeToMS):
+ (JSC::msToSeconds):
+ * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h.
+ * wtf/DateMath.cpp:
+ (WTF::isLeapYear):
+ (WTF::msToDays):
+ (WTF::msToMinutes):
+ (WTF::msToHours):
+ (WTF::parseDateFromNullTerminatedCharacters):
+ (WTF::makeRFC2822DateString):
+ * wtf/DateMath.h:
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit strings - Add 8 bit handling to JSString Ropes
+ https://bugs.webkit.org/show_bug.cgi?id=72317
+
+ Added bit to track that a rope is made up of all 8 bit fibers.
+ Created an 8 bit path (fast and slow cases) to handle 8 bit
+ only ropes.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase8):
+ (JSC::JSString::resolveRopeSlowCase16):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::finishCreation):
+ (JSC::RopeBuilder::is8Bit):
+ (JSC::jsSubstring8):
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ A little bit of function call cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=72314
+
+ Reviewed by Oliver Hunt.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset
+ because this value doesn't give you the offset of the callee's call frame.
+
+ (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead
+ of greater-than. Removed comment since its reasoning was wrong.
+
+ (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above.
+
+ (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way
+ to ask this question, giving the bytecode generator more freedom to change
+ internal implementation details.
+
+ * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because
+ 16 was overkill.
+ (JSC::CallArguments::registerOffset): Updated for rename mentioned above.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::CallArguments::CallArguments):
+ (JSC::CallArguments::newArgument): Factored out argument allocation into
+ a helper function, so I can change it later.
+
+ (JSC::CallFunctionCallDotNode::emitBytecode):
+ (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above.
+
+2011-11-14 Tony Chang <tony@chromium.org>
+
+ Remove the CSS3_FLEXBOX compile time flag and enable on all ports
+ https://bugs.webkit.org/show_bug.cgi?id=72196
+
+ Reviewed by Ojan Vafai.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-14 Mark Rowe <mrowe@apple.com>
+
+ <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore
+
+ testRegExp and testapi.js were being installed in the JavaScriptCore framework.
+ As test-only tools they shouldn't be installed there by default, only when
+ FORCE_TOOL_INSTALL is set to YES.
+
+ This patch incorprorates a few related changes:
+ 1) Make the jsc and testRegExp targets be configured via .xcconfig files.
+ 2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when
+ FORCE_TOOL_INSTALL is YES.
+ 3) Switches the testapi target to using a script build phase to install testapi.js
+ so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure
+ why this isn't the built-in behavior when a Copy Files build phase has "Copy only
+ when installing" checked, but it doesn't seem to be.
+ 4) Other random cleanup such as removing a bogus group that refers to files that do
+ not exist, moving testRegExp.cpp in to the tests group, etc.
+
+ Reviewed by Geoff Garen.
+
+ * Configurations/JSC.xcconfig: Added.
+ * Configurations/TestRegExp.xcconfig: Added.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 bit strings - Add 8 bit paths to StringImpl methods
+ https://bugs.webkit.org/show_bug.cgi?id=72290
+
+ Added 8 bit patchs to StringImpl to number and find methods.
+
+ Reviewed by Oliver Hunt.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::toIntStrict):
+ (WTF::StringImpl::toUIntStrict):
+ (WTF::StringImpl::toInt64Strict):
+ (WTF::StringImpl::toUInt64Strict):
+ (WTF::StringImpl::toIntPtrStrict):
+ (WTF::StringImpl::toInt):
+ (WTF::StringImpl::toUInt):
+ (WTF::StringImpl::toInt64):
+ (WTF::StringImpl::toUInt64):
+ (WTF::StringImpl::toIntPtr):
+ (WTF::StringImpl::toDouble):
+ (WTF::StringImpl::toFloat):
+ (WTF::StringImpl::find):
+ (WTF::StringImpl::reverseFind):
+ * wtf/text/WTFString.cpp:
+ (WTF::toIntegralType):
+ (WTF::lengthOfCharactersAsInteger):
+ (WTF::charactersToIntStrict):
+ (WTF::charactersToUIntStrict):
+ (WTF::charactersToInt64Strict):
+ (WTF::charactersToUInt64Strict):
+ (WTF::charactersToIntPtrStrict):
+ (WTF::charactersToInt):
+ (WTF::charactersToUInt):
+ (WTF::charactersToInt64):
+ (WTF::charactersToUInt64):
+ (WTF::charactersToIntPtr):
+ (WTF::toDoubleType):
+ (WTF::charactersToDouble):
+ (WTF::charactersToFloat):
+ * wtf/text/WTFString.h:
+ (WTF::find):
+ (WTF::reverseFind):
+
+2011-11-14 Vincent Scheib <scheib@chromium.org>
+
+ Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags
+ https://bugs.webkit.org/show_bug.cgi?id=72286
+
+ Reviewed by Adam Barth.
+
+ * wtf/Platform.h:
+
+2011-11-14 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=72280
+
+ Rubber stamped by Geoff Garen.
+
+ Fix 32-bit Lion.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ 32-bit Build fix: declare virtual register indices to be int rather than
+ unsigned, since they can be positive or negative.
+
+ For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
+ state, since we'll never load and operate on the ReturnPC as a JS value.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadTag):
+ (JSC::JIT::emitLoadPayload):
+ (JSC::JIT::emitLoad):
+ (JSC::JIT::emitLoad2):
+ (JSC::JIT::emitLoadDouble):
+ (JSC::JIT::emitLoadInt32ToDouble):
+ (JSC::JIT::emitStore):
+ (JSC::JIT::emitStoreInt32):
+ (JSC::JIT::emitStoreAndMapInt32):
+ (JSC::JIT::emitStoreCell):
+ (JSC::JIT::emitStoreBool):
+ (JSC::JIT::emitStoreDouble):
+ (JSC::JIT::map):
+ (JSC::JIT::unmap):
+ (JSC::JIT::isMapped):
+ (JSC::JIT::getMappedPayload):
+ (JSC::JIT::getMappedTag):
+ (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Remove unused m_data member from UStringSourceProvider
+ https://bugs.webkit.org/show_bug.cgi?id=72289
+
+ Removed unused m_data member from UStringSourceProvider.
+
+ Reviewed by Oliver Hunt.
+
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::UStringSourceProvider):
+
+2011-11-14 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize YARR Parser
+ https://bugs.webkit.org/show_bug.cgi?id=72288
+
+ Changed Yarr::Parser to be a template based on character type.
+
+ Reviewed by Oliver Hunt.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::Parser):
+ (JSC::Yarr::parse):
+
+2011-11-14 Geoffrey Garen <ggaren@apple.com>
+
+ 32-bit build fix: Removed unused declaration.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-11-12 Geoffrey Garen <ggaren@apple.com>
+
+ Standardized the JS calling convention
+ https://bugs.webkit.org/show_bug.cgi?id=72221
+
+ Reviewed by Oliver Hunt.
+
+ This patch standardizes the calling convention so that the caller always
+ sets up the callee's CallFrame. Adjustments for call type, callee type,
+ argument count, etc. now always take place after that initial setup.
+
+ This is a step toward reversing the argument order, but also has these
+ immediate benefits (measured on x64):
+
+ (1) 1% benchmark speedup across the board.
+
+ (2) 50% code size reduction in baseline JIT function calls.
+
+ (3) 1.5x speedup for single-dispatch .apply forwarding.
+
+ (4) 1.1x speedup for multi-dispatch .apply forwarding.
+
+ This change affected the baseline JIT most, since the baseline JIT had
+ lots of ad hoc calling conventions for different caller / callee types.
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::branchPtr):
+ (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
+ a test, like other assemblers do. (I added some compares to 0, and didn't
+ want them to be slow.)
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
+ op_call_varargs could share code generation with other forms of op_call.
+ This is also a small optimization, since op_*varargs no longer have to
+ pass arguments to each other through the register file.
+
+ (JSC::CallLinkInfo::unlink):
+ * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
+ us to link functions called through .apply syntax. We need to distinguish
+ CallVarargs from Call because CallVarargs changes its argument count
+ on each inovcation, so we must always link to the argument count checking
+ version of the callee.
+
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCallVarargs):
+ * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
+ some of this bytecode generation to remove redundant copies.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
+ DFG doesn't support this type, but its code needs to change slightly
+ to accomodate a 3-state variable.
+
+ Stopped passing the argument count in regT1 because this is non-standard.
+ (The argument count goes in the CallFrame. This trades speed on the slow
+ path for speed and code size on the fast path, and simplicity on all paths.
+ A good trade, in my opinion.)
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
+ setup more obvious when single-stepping. Also, updated for argument count
+ not being in regT1.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addJSCall):
+ (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
+ type: CallVarargs.
+
+ * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
+ doing anything else. Don't check for stack overflow because we have no callee
+ registers, and our caller has already checked for its own registers.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
+ count doesn't match -- we just need to link to the argument count checking
+ version.
+
+ * interpreter/CallFrameClosure.h:
+ (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
+ arguments from C++, we need to supply a full copy of the arguments prior
+ to the subset copy that matches our callee's argument count. (That is what
+ the standard calling convention would have produced in JS.) I would have
+ split this into its own patch, but I couldn't find a way to get the JIT
+ to fail a regression test in this area without my patch applied.
+
+ * interpreter/Interpreter.cpp: Let the true code bomb begin!
+
+ (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
+ and not eval()'s caller frame. We no longer leave the CallFrame pointing
+ to eval()'s caller during a call to eval(), since that is not standard.
+
+ (JSC::loadVarargs): Factored out a shared helper function for use by JIT
+ and interpreter because half the code means one quarter the bugs -- in my
+ programming, at least.
+
+ (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
+
+ (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
+ putDirect, because it got in the way of my testing. (When putting a
+ function, the cached base of a PutPropertySlot can be 0 to signify "do
+ not optimize".)
+
+ op_call_eval: Updated for new, standard eval calling convention.
+
+ op_load_varargs: Merged op_load_varargs into op_call_varargs.
+
+ op_call_varags: Updated for new, standard eval calling convention. Don't
+ check for stack overflow because the loadVarargs helper function already
+ checked.
+
+ * interpreter/Interpreter.h:
+ (JSC::Interpreter::execute): Headers are fun and educational!
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::growSlowCase):
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::grow): Factored out the slow case into a slow
+ case because it was cramping the style of my fast case.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile): Moved initialization of
+ RegisterFile::CodeBlock to make it more obvious when debugging. Removed
+ assumption that argument count is in regT1, as above. Removed call to
+ restoreArgumentReference() because the JITStubCall abstraction does this for us.
+
+ (JSC::JIT::linkFor): Link even if we miss on argument count, as above.
+
+ * jit/JIT.h:
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emitSlow_op_call):
+ (JSC::JIT::emitSlow_op_call_eval):
+ (JSC::JIT::emitSlow_op_call_varargs):
+ (JSC::JIT::emitSlow_op_construct):
+ (JSC::JIT::emit_op_call_eval):
+ (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
+ Don't count call_eval when accounting for linkable function calls because
+ eval doesn't link. (Its fast path is to perform the eval.)
+
+ (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
+ to our new calling convention. The key to this optimization is the
+ observation that, in a function that declares no arguments, if any
+ arguments are passed, they all end up right behind 'this'.
+
+ (JSC::JIT::compileCallEval):
+ (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
+
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
+ this is the whole point of my patch. The caller now unconditionally moves
+ the CallFrame forward and fills in the data it knows before taking any
+ branches to deal with weird caller/callee pairs.
+
+ This also means that there is almost no slow path for calls -- it all
+ gets folded into the shared virtual call stub. The only things remaining
+ in the slow path are the rare case counter and a call to the stub.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
+ different registers or in memory, based on our new standard calling
+ convention.
+
+ Added a shared path for calling out to CTI helper functions for non-JS
+ calls.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check): method_check emits its own code and
+ the following get_by_id's code, so it needs to add both when informing
+ result chaining of its result. This is important because the standard
+ calling convention can now take advantage of this chaining.
+
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileLoadVarargs):
+ (JSC::JIT::compileCallEval):
+ (JSC::JIT::compileCallEvalSlowCase):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::emit_op_call_eval):
+ (JSC::JIT::emit_op_call_varargs):
+ (JSC::JIT::emitSlow_op_call):
+ (JSC::JIT::emitSlow_op_call_eval):
+ (JSC::JIT::emitSlow_op_call_varargs):
+ (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
+ second time, now with 64 bits.
+
+ * jit/JITStubs.cpp:
+ (JSC::throwExceptionFromOpCall):
+ (JSC::jitCompileFor):
+ (JSC::arityCheckFor):
+ (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
+ Exceptions thrown in the middle of a function call now use a shared helper
+ function (throwExceptionFromOpCall). This function understands that the
+ CallFrame currently points to the callEE, and the exception must be
+ thrown by the callER. (The old calling convention would often still have
+ the CallFrame pointing at the callER at the point of an exception. That
+ is not the way of our new, standard calling convention.)
+
+ (JSC::op_call_eval): Finish standard CallFrame setup before calling
+ our eval helper function, which now depends on that setup.
+
+ * runtime/Arguments.h:
+ (JSC::Arguments::length): Renamed numProvidedArguments() to length()
+ because that's what other objects call it, and the difference made our
+ new loadVarargs helper function hard to read.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
+ fixes.
+
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
+ the .apply call_varargs optimization fails. (This bug appears on layout
+ tests when you disable the optimization.)
+
+2011-11-11 Jer Noble <jer.noble@apple.com>
+
+ Implement MediaController.
+ https://bugs.webkit.org/show_bug.cgi?id=71408
+
+ Reviewed by Eric Carlson.
+
+ Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as
+ CoreAudioClock.h is not available there.
+
+ * wtf/Platform.h:
+
+2011-11-14 Patrick Gansterer <paroga@webkit.org>
+
+ [WIN] Remove dependency on pthread from FastMalloc
+ https://bugs.webkit.org/show_bug.cgi?id=72098
+
+ Reviewed by Adam Roben.
+
+ All pthread calls are already ported to native Windows calls.
+ Use the native version for all OS(WINDOWS) to remove the
+ runtime dependency on the pthread dll.
+
+ * wtf/FastMalloc.cpp:
+
+2011-11-14 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Replace use of QApplication with QGuiApplication.
+
+ Reviewed by Tor Arne Vestbø.
+
+ * wtf/qt/compat/qguiapplication.h:
+ (QGuiApplication::styleHints): Introduce styleHints wrapper hack.
+
+2011-11-14 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck build.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2011-11-11 Yury Semikhatsky <yurys@chromium.org>
+
+ Web Inspector: function remote objetct should provide access to function position in the script
+ https://bugs.webkit.org/show_bug.cgi?id=71808
+
+ Exposed accessor for function source code.
+
+ Reviewed by Pavel Feldman.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::sourceCode):
+ * runtime/JSFunction.h:
+
+2011-11-13 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix silent spilling/filling GPRs in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=72201
+
+ Reviewed by Gavin Barraclough.
+
+ Current silentSpillGPR/silentFillGPR may not work as expected for some
+ cases in 32_64. If there's a JSValue which was retained by two GPRs,
+ we may end up failing to spill/fill some GPRs or redundantly
+ spilling/filling some GPRs. For example, if we tend to exclude "eax"
+ from spilling while a JSValue is retained by both "eax" and "edx",
+ then "edx" won't be spilled as well (wrong). And if another JSValue is
+ retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
+ twice. The similar problem applies to silentFillGPR.
+ The fix is to make silentSpillGPR/silentFillGPR more straightforward,
+ i.e., spilling/filling based on the GPR instead of the virtual
+ register. FPR spilling/filling is also modified accordingly to make it
+ consistent with GPR spilling/filling.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
+
+2011-11-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ [Qt][Symbian] Remove support for WINSCW compiler
+ https://bugs.webkit.org/show_bug.cgi?id=70178
+
+ Reviewed by Chang Shu.
+
+ * API/JSStringRef.h:
+ * create_hash_table: Revert r45553.
+ * runtime/JSGlobalData.cpp: Revert r45553.
+ * runtime/LiteralParser.cpp: Remove WINSCW comment.
+ (JSC::LiteralParser::Lexer::lexString):
+ * runtime/Lookup.h: Revert r45553.
+ * runtime/Structure.h: Revert r48461.
+ * wtf/Alignment.h:
+ * wtf/Assertions.h: Revert r52337.
+ * wtf/Compiler.h:
+ * wtf/ListRefPtr.h: Revert r48988.
+ (WTF::ListRefPtr::~ListRefPtr):
+ * wtf/OwnArrayPtr.h: Revert r45911.
+ (WTF::OwnArrayPtr::operator UnspecifiedBoolType):
+ * wtf/PassOwnArrayPtr.h:
+ (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType):
+ * wtf/PassRefPtr.h:
+ * wtf/StaticConstructors.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+
+2011-11-12 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code.
+
+ * dfg/DFGCorrectableJumpPoint.cpp:
+ * dfg/DFGCorrectableJumpPoint.h:
+
+2011-11-12 Patrick Gansterer <paroga@webkit.org>
+
+ [CMake] Move list of DFG source files into correct file
+ https://bugs.webkit.org/show_bug.cgi?id=72212
+
+ Reviewed by Daniel Bates.
+
+ The DFG files are platform independent. So move them from
+ the EFL specific file into the general CMakeLists.txt.
+
+ * CMakeLists.txt:
+ * PlatformEfl.cmake:
+
+2011-11-12 Patrick Gansterer <paroga@webkit.org>
+
+ Fix "unused variable" warning in JSLock
+ https://bugs.webkit.org/show_bug.cgi?id=72213
+
+ Reviewed by Anders Carlsson.
+
+ Use ASSERT_UNUSED() instead of ASSERT() to make sure
+ that the variable is also used in the release build.
+
+ * runtime/JSLock.cpp:
+ (JSC::JSLock::lock):
+ (JSC::JSLock::unlock):
+
+2011-11-11 Gavin Barraclough <barraclough@apple.com>
+
+ Update iOS compiler version.
+
+ Reviewed by David Kilzer.
+
+ * Configurations/CompilerVersion.xcconfig:
+ - Update compiler version.
+
+2011-11-11 Gavin Barraclough <barraclough@apple.com>
+
+ Update iOS port's configuration setting, particularly in Platform.h
+ https://bugs.webkit.org/show_bug.cgi?id=72187
+
+ Reviewed by David Kilzer.
+
+ * interpreter/Interpreter.h:
+ - Lower the reentry depth.
+ * runtime/DatePrototype.cpp:
+ - iOS also uses CF.
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::IncrementalScavenge):
+ - Update fastmalloc configuration for iOS.
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+ - Added flag.
+ * wtf/Platform.h:
+ - Update platform configuration for iOS.
+
+2011-11-11 David Kilzer <ddkilzer@apple.com>
+
+ Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X
+ <http://webkit.org/b/72175>
+
+ Reviewed by Joseph Pecoraro.
+
+ * wtf/Platform.h: Move the definition of the BUILDING_ON_* and
+ TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined
+ so that they're only defined on Mac OS X builds. Also include
+ Availability.h, which is needed on iOS builds.
+
+2011-11-11 Darin Adler <darin@apple.com>
+
+ Remove all releaseRef implementations except for RetainPtr
+ https://bugs.webkit.org/show_bug.cgi?id=71423
+
+ Reviewed by Julien Chaffraix.
+
+ * API/JSRetainPtr.h: Removed releaseRef.
+ * wtf/PassRefPtr.h: Removed releaseRef.
+
+2011-11-11 Darin Adler <darin@apple.com>
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
+ If an older Xcode downgrades this file and we have a risk of some kind of
+ oscillating commit situation, please contact me so I know not to do this again.
+
+2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add jsCast to replace static_cast
+ https://bugs.webkit.org/show_bug.cgi?id=72071
+
+ Reviewed by Geoffrey Garen.
+
+ Added new jsCast and changed all of the static_cast sites in functions that
+ are in the MethodTable to use jsCast instead.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::toStringCallback):
+ (JSC::JSCallbackFunction::valueOfCallback):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::visitChildren):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::className):
+ (JSC::::getOwnPropertySlot):
+ (JSC::::getOwnPropertyDescriptor):
+ (JSC::::put):
+ (JSC::::deleteProperty):
+ (JSC::::deletePropertyByIndex):
+ (JSC::::getConstructData):
+ (JSC::::hasInstance):
+ (JSC::::getCallData):
+ (JSC::::getOwnPropertyNames):
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ (JSC::DebuggerActivation::className):
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ (JSC::DebuggerActivation::put):
+ (JSC::DebuggerActivation::putWithAttributes):
+ (JSC::DebuggerActivation::deleteProperty):
+ (JSC::DebuggerActivation::getOwnPropertyNames):
+ (JSC::DebuggerActivation::getOwnPropertyDescriptor):
+ (JSC::DebuggerActivation::defineGetter):
+ (JSC::DebuggerActivation::defineSetter):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ (JSC::Arguments::getOwnPropertySlotByIndex):
+ (JSC::Arguments::getOwnPropertySlot):
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ (JSC::Arguments::getOwnPropertyNames):
+ (JSC::Arguments::putByIndex):
+ (JSC::Arguments::put):
+ (JSC::Arguments::deletePropertyByIndex):
+ (JSC::Arguments::deleteProperty):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertySlot):
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertySlot):
+ (JSC::DatePrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ (JSC::JSActivation::getOwnPropertyNames):
+ (JSC::JSActivation::getOwnPropertySlot):
+ (JSC::JSActivation::put):
+ (JSC::JSActivation::putWithAttributes):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ (JSC::JSArray::getOwnPropertySlot):
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ (JSC::JSArray::put):
+ (JSC::JSArray::putByIndex):
+ (JSC::JSArray::deleteProperty):
+ (JSC::JSArray::deletePropertyByIndex):
+ (JSC::JSArray::getOwnPropertyNames):
+ (JSC::JSArray::visitChildren):
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ (JSC::JSBoundFunction::visitChildren):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlot):
+ (JSC::JSByteArray::getOwnPropertyDescriptor):
+ (JSC::JSByteArray::getOwnPropertySlotByIndex):
+ (JSC::JSByteArray::put):
+ (JSC::JSByteArray::putByIndex):
+ (JSC::JSByteArray::getOwnPropertyNames):
+ * runtime/JSCell.h:
+ (JSC::JSCell::visitChildren):
+ (JSC::jsCast):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ (JSC::JSFunction::getCallData):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::getOwnPropertyNames):
+ (JSC::JSFunction::put):
+ (JSC::JSFunction::deleteProperty):
+ (JSC::JSFunction::getConstructData):
+ * runtime/JSGlobalData.cpp:
+ (JSC::StackPreservingRecompiler::operator()):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ (JSC::JSGlobalObject::putWithAttributes):
+ (JSC::JSGlobalObject::defineGetter):
+ (JSC::JSGlobalObject::defineSetter):
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ (JSC::JSGlobalObject::clearRareData):
+ * runtime/JSGlobalThis.cpp:
+ (JSC::JSGlobalThis::visitChildren):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::getOwnPropertySlot):
+ (JSC::JSONObject::getOwnPropertyDescriptor):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::finalize):
+ (JSC::JSObject::visitChildren):
+ (JSC::JSObject::getOwnPropertySlotByIndex):
+ (JSC::JSObject::put):
+ (JSC::JSObject::putByIndex):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::deletePropertyByIndex):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ (JSC::JSStaticScopeObject::put):
+ (JSC::JSStaticScopeObject::putWithAttributes):
+ (JSC::JSStaticScopeObject::getOwnPropertySlot):
+ * runtime/JSString.cpp:
+ (JSC::JSString::visitChildren):
+ (JSC::JSString::toThisObject):
+ (JSC::JSString::getOwnPropertySlot):
+ (JSC::JSString::getOwnPropertySlotByIndex):
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deleteProperty):
+ (JSC::JSVariableObject::getOwnPropertyNames):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertySlot):
+ (JSC::MathObject::getOwnPropertyDescriptor):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertySlot):
+ (JSC::ObjectConstructor::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertySlot):
+ (JSC::RegExpConstructor::getOwnPropertyDescriptor):
+ (JSC::RegExpConstructor::put):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlot):
+ (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+ (JSC::RegExpMatchesArray::put):
+ (JSC::RegExpMatchesArray::putByIndex):
+ (JSC::RegExpMatchesArray::deleteProperty):
+ (JSC::RegExpMatchesArray::deletePropertyByIndex):
+ (JSC::RegExpMatchesArray::getOwnPropertyNames):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ (JSC::RegExpObject::getOwnPropertySlot):
+ (JSC::RegExpObject::getOwnPropertyDescriptor):
+ (JSC::RegExpObject::put):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertySlot):
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlot):
+ (JSC::StringObject::getOwnPropertySlotByIndex):
+ (JSC::StringObject::getOwnPropertyDescriptor):
+ (JSC::StringObject::deleteProperty):
+ (JSC::StringObject::getOwnPropertyNames):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertySlot):
+ (JSC::StringPrototype::getOwnPropertyDescriptor):
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildren):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+
+2011-11-11 Gavin Barraclough <barraclough@apple.com>
+
+ Enable DFG JIT for ARMv7/iOS.
+
+ Rubber stamped by Oliver Hunt.
+
+ * wtf/Platform.h:
+ - enable DFG JIT for ARMv7/iOS.
+
+2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
+ https://bugs.webkit.org/show_bug.cgi?id=72035
+
+ Reviewed by Geoffrey Garen.
+
+ De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable.
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * interpreter/Interpreter.cpp: Ditto.
+ (JSC::Interpreter::execute):
+ * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers.
+ * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table.
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers.
+ (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table.
+ (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto.
+ (JSC::JSGlobalObject::shouldInterruptScript): Ditto.
+ * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup.
+ (JSC::TimeoutChecker::didTimeOut):
+
+2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSGlobalObject::allowsAccessFrom
+ https://bugs.webkit.org/show_bug.cgi?id=71969
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to
+ JSDOMWindowBase and WebScriptObject.
+
+2011-11-11 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99950.
+ http://trac.webkit.org/changeset/99950
+ https://bugs.webkit.org/show_bug.cgi?id=72117
+
+ "Landed wrong patch by mistake" (Requested by yurys on
+ #webkit).
+
+ * JavaScriptCore.exp:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+
+2011-11-11 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r99898.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+
+2011-11-10 Dan Bernstein <mitz@apple.com>
+
+ Disabling assertions breaks the debug build
+ https://bugs.webkit.org/show_bug.cgi?id=72091
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGNode.h: Made hasIdentifier() available when assertions are
+ disabled. It is used in Graph::dump().
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation
+ only if assertions are enabled.
+ * wtf/Deque.h:
+ (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED.
+ * wtf/ThreadRestrictionVerifier.h:
+ (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of
+ a local variable that is only used in an assertion.
+
+2011-11-10 Filip Pizlo <fpizlo@apple.com>
+
+ JSString forgets to clear m_fibers when resolving ropes
+ https://bugs.webkit.org/show_bug.cgi?id=72089
+
+ Reviewed by Geoff Garen.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRopeSlowCase):
+
+2011-11-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG byte array support sometimes clamps values incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=71975
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+
+2011-11-10 Filip Pizlo <fpizlo@apple.com>
+
+ ValueProfile/PredictedType contains dead code, and doesn't recognize functions
+ https://bugs.webkit.org/show_bug.cgi?id=72065
+
+ Reviewed by Gavin Barraclough and Geoff Garen.
+
+ Added PredictFunction support, and did some cleaning up along the way.
+ ValueProfile no longer has statistics machinery, because we never used
+ it. Rearranged some bits in PredictedType to more easily make room for
+ one more object type. Changed some debug code to use more consistent
+ conventions (ByteArray becomes Bytearray so that if we ever have a
+ "Byte" prediction we don't get confused between a prediction that is
+ the union of Byte and Array and a prediction that indicates precisely
+ a ByteArray).
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC::isFunctionPrediction):
+ * bytecode/ValueProfile.cpp:
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-11-10 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
+
+ Reviewed by Joseph Pecoraro.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
+ script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
+ for installation. Also removed "Versions/A/" from the path
+ since this is unneeded due the default symlinks present in the
+ framework.
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Add ARMv7 support to the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=72061
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
+ (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
+ (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
+ (JSC::DFG::AssemblyHelpers::boxDouble):
+ (JSC::DFG::AssemblyHelpers::unboxDouble):
+ - Add CPU(ARM) copies of these functions.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::spill):
+ - Fix matching of '}' re #if blocks, makes some tools happy.
+ (JSC::DFG::JITCodeGenerator::setupArguments):
+ (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState):
+ (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult):
+ (JSC::DFG::JITCodeGenerator::appendCallSetResult):
+ - Add CPU(ARM) / 4 argument register copies of these functions.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ - Should use callOperation to plant a call to a DFG_OPERATION.
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ - These methods need to plant a relinkable jump; we currently do so
+ using beginUninterruptedSequence() / endUninterruptedSequence().
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ - Should use callOperation to plant a call to a DFG_OPERATION.
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ - This method needs to plant a relinkable jump; we currently do so
+ using beginUninterruptedSequence() / endUninterruptedSequence().
+ (JSC::DFG::JITCompiler::compileBody):
+ - Add abstraction to retrieve the pc after a call.
+ * dfg/DFGOSRExitCompiler.cpp:
+ - Fix a bug - CodeLocationLabel needs a data address rather than an
+ executable one, but can just take a MacroAssemblerCodePtr instead!
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::compileClampDoubleToByte):
+ - Add FIXME comment to come back to! - bug#72054.
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ - Add missing method (ooops, required by bug#72047)
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ - Need to wrap fmod on ARMv7.
+
+
+2011-11-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not reparse code that was just parsed
+ https://bugs.webkit.org/show_bug.cgi?id=71977
+
+ Reviewed by Geoff Garen.
+
+ The instruction stream of a code block is now kept around until
+ the next GC. When doing either an optimizing compilation of an
+ executable, or inlining of an executable, we now try to find the
+ already preexisting bytecode. If we find it, we don't have to parse.
+ If we don't find it, we parse as before. Inlining takes the extra
+ step of caching code blocks, so if the same executable gets inlined
+ multiple times into the same caller, then we parse it at most once
+ even if prior to inlining that executable did not have any code
+ blocks with an instruction stream.
+
+ Also fixed a silly bug where the strict mode for various operations
+ was being determined by looking at the machine code block rather
+ than the inlinee.
+
+ To enable the delete-on-next-GC policy, I introduced the notion
+ of an ultra weak finalizer, which anyone can register during
+ tracing. This is thread-safe (for parallel GC) and
+ stop-the-world-safe (so calls to free() are postponed until the
+ world is resumed). This required reusing some facilities previously
+ created for WeakReferenceHarvester, so I created a common utility
+ class. I also retweaked the handling of WeakReferenceHarvesters,
+ since they should be executed during stop-the-world since in the
+ future we may want to allow them to call drain().
+
+ 2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
+ elsewhere.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::copyPostParseDataFrom):
+ (JSC::CodeBlock::copyPostParseDataFromAlternative):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::canProduceCopyWithBytecode):
+ (JSC::CodeBlock::discardBytecodeLater):
+ (JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
+ (JSC::GlobalCodeBlock::GlobalCodeBlock):
+ (JSC::ProgramCodeBlock::ProgramCodeBlock):
+ (JSC::EvalCodeBlock::EvalCodeBlock):
+ (JSC::FunctionCodeBlock::FunctionCodeBlock):
+ (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
+ (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::strictModeFor):
+ * dfg/DFGByteCodeCache.h: Added.
+ (JSC::DFG::CodeBlockKey::CodeBlockKey):
+ (JSC::DFG::CodeBlockKey::operator==):
+ (JSC::DFG::CodeBlockKey::hash):
+ (JSC::DFG::CodeBlockKey::executable):
+ (JSC::DFG::CodeBlockKey::kind):
+ (JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
+ (JSC::DFG::CodeBlockKeyHash::hash):
+ (JSC::DFG::CodeBlockKeyHash::equal):
+ (JSC::DFG::ByteCodeCache::ByteCodeCache):
+ (JSC::DFG::ByteCodeCache::~ByteCodeCache):
+ (JSC::DFG::ByteCodeCache::get):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/Heap.cpp:
+ (JSC::Heap::finalizeUnconditionally):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/ListableHandler.h: Added.
+ (JSC::ListableHandler::ListableHandler):
+ (JSC::ListableHandler::~ListableHandler):
+ (JSC::ListableHandler::List::List):
+ (JSC::ListableHandler::List::addNotThreadSafe):
+ (JSC::ListableHandler::List::addThreadSafe):
+ (JSC::ListableHandler::List::hasNext):
+ (JSC::ListableHandler::List::removeNext):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ (JSC::SlotVisitor::finalizeUnconditionally):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::addWeakReferenceHarvester):
+ (JSC::MarkStack::addUnconditionalFinalizer):
+ * heap/SlotVisitor.h:
+ * heap/UnconditionalFinalizer.h: Added.
+ (JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
+ * heap/WeakReferenceHarvester.h:
+ (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
+ (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::baselineCodeBlockFor):
+ (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::profiledCodeBlockFor):
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Add ARMv7 register info for the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=72050
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGFPRInfo.h:
+ (JSC::DFG::FPRInfo::toRegister):
+ (JSC::DFG::FPRInfo::toIndex):
+ (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64
+ https://bugs.webkit.org/show_bug.cgi?id=72047
+
+ Reviewed by Geoff Garen.
+
+ We currently don't attempt to abstract divide through the macro assembler,
+ due to these instructions commonly having specific requirements. This means
+ there is architecture specific code in the JIT - #ifdef it, and provide a
+ common implementation.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::fmodAsDFGOperation):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Add ENABLE_VALUE_PROFILER support for ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=72043
+
+ Reviewed by Geoff Garen.
+
+ This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitSlow_op_mod):
+ - cleanup location of UNUSED_PARAM
+ * jit/JITStubs.cpp:
+ (JSC::ctiTrampoline):
+ (JSC::ctiVMThrowTrampoline):
+ (JSC::ctiOpThrowNotCaught):
+ (JSC::JITThunks::JITThunks):
+ * jit/JITStubs.h:
+ - Update JITStackFrame structure & asm code to spill more registers.
+ * jit/JSInterfaceJIT.h:
+ - Assign a bucketCounterRegister.
+
+2011-11-10 Gavin Barraclough <barraclough@apple.com>
+
+ Fix sampling counters on ARMv7, move add64 functionality to macro assembler
+ https://bugs.webkit.org/show_bug.cgi?id=72040
+
+ Reviewed by Geoff Garen.
+
+ The ability to add an integer to a uint64_t in memory is poorly copied in
+ multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly
+ designed interface since add32 is not required to set flags (we have no
+ concept of flags in the macro assembler interface).
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::add64):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::add64):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::add64):
+ * dfg/DFGAssemblyHelpers.cpp:
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::emitCount):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitCount):
+
+011-11-10 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake
+ https://bugs.webkit.org/show_bug.cgi?id=56705
+
+ Reviewed by Adam Roben.
+
+ * CMakeLists.txt:
+ * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt.
+ * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt.
+ * shell/CMakeLists.txt:
+ * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt.
+ * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt.
+ * wtf/CMakeLists.txt:
+ * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt.
+ * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt.
+
+2011-11-10 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix make distcheck build.
+
+ * GNUmakefile.list.am: Add missing files.
+
+2011-11-09 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type
+ https://bugs.webkit.org/show_bug.cgi?id=71862
+
+ Changed LiteralParser to be templatized of character type.
+
+ Moved five enums out of class definition to work around a clang compiler defect.
+
+ Added lexIdentifier templated method to break out character specific versions.
+ Added static setParserTokenString templated method to handle setting approriately
+ sized string pointer.
+
+ To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two
+ flavors of LiteralParser are explicitly instantiated at the end of
+ LiteralParser.cpp.
+
+ Reviewed by Oliver Hunt.
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::isJSONWhiteSpace):
+ (JSC::::tryJSONPParse):
+ (JSC::::makeIdentifier):
+ (JSC::::Lexer::lex):
+ (JSC::::Lexer::lexIdentifier):
+ (JSC::::Lexer::next):
+ (JSC::LChar):
+ (JSC::UChar):
+ (JSC::isSafeStringCharacter):
+ (JSC::::Lexer::lexString):
+ (JSC::::Lexer::lexNumber):
+ (JSC::::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::getErrorMessage):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+ (JSC::LiteralParser::Lexer::currentToken):
+ (JSC::LiteralParser::Lexer::getErrorMessage):
+ * runtime/UString.h:
+ (JSC::LChar):
+ (JSC::UChar):
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::append):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::append):
+
+2011-11-09 Filip Pizlo <fpizlo@apple.com>
+
+ Multiple CodeBlock should be able to share the same instruction
+ stream without copying
+ https://bugs.webkit.org/show_bug.cgi?id=71978
+
+ Reviewed by Oliver Hunt.
+
+ This refactors CodeBlock::m_instructions to be a Vector boxed in a
+ ref-counted object, but otherwise does not take advantage of this.
+
+ This is performance neutral.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::printStructure):
+ (JSC::CodeBlock::printStructures):
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::shrinkToFit):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::hasInstructions):
+ (JSC::CodeBlock::numberOfInstructions):
+ (JSC::CodeBlock::instructions):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ Renovate ARMv7 assembler/macro-assembler
+ https://bugs.webkit.org/show_bug.cgi?id=71982
+
+ Reviewed by Geoff Garen.
+
+ ARMv7Assembler:
+ * add support for strb (byte stores)
+ * rename the VMOV_CtoS opcodes (there are currently backwards!)
+ * add support for adc (add with carry)
+ * add support for vsqrt, vabs
+ * add support for vmov (between FPRs, and to/from GPR pairs).
+ * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures).
+ * rename vcvt_F64_S32 to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32).
+ * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates).
+
+ MacroAssemblerARMv7:
+ * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32,
+ * add store8, and store32 imm to base-index.
+ * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code).
+ * Update supportsFloating* flags (all features now supported).
+ * add moveDouble, storeDouble to absolute address, addDouble to absolute address
+ * add 3-operand double operations.
+ * implement sqrtDouble/absDouble
+ * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32
+ * move should do nothing if src == dest
+ * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed).
+ * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address.
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Incrementally re-landing these changes, trying to determine what went wrong.
+ (The whole patch failed tests on the build bot but worked locally.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+
+2011-11-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit code should be lazily generated
+ https://bugs.webkit.org/show_bug.cgi?id=71744
+
+ Reviewed by Gavin Barraclough.
+
+ The OSR exit code is now generated the first time it is executed,
+ rather than right after speculative compilation. Because most OSR
+ exits are never taken, this should greatly reduce both code size
+ and compilation time.
+
+ This is a 1% win on SunSpider, and a 1% win on V8 when running in
+ my harness. No change in V8 in V8's harness (due to the long runs,
+ so compile time is not an issue) and no change in Kraken (again,
+ long runs of small code so compile time has no measurable effect).
+
+ * CMakeListsEfl.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::jump):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::jump):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::jmp_m):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::createDFGDataIfNecessary):
+ (JSC::CodeBlock::appendDFGOSREntryData):
+ (JSC::CodeBlock::numberOfDFGOSREntries):
+ (JSC::CodeBlock::dfgOSREntryData):
+ (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
+ (JSC::CodeBlock::appendOSRExit):
+ (JSC::CodeBlock::appendSpeculationRecovery):
+ (JSC::CodeBlock::numberOfOSRExits):
+ (JSC::CodeBlock::numberOfSpeculationRecoveries):
+ (JSC::CodeBlock::osrExit):
+ (JSC::CodeBlock::speculationRecovery):
+ * dfg/DFGAssemblyHelpers.h:
+ (JSC::DFG::AssemblyHelpers::debugCall):
+ * dfg/DFGCorrectableJumpPoint.cpp: Added.
+ (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
+ * dfg/DFGCorrectableJumpPoint.h: Added.
+ (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
+ (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
+ (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
+ (JSC::DFG::CorrectableJumpPoint::correctLateJump):
+ (JSC::DFG::CorrectableJumpPoint::initialJump):
+ (JSC::DFG::CorrectableJumpPoint::lateJump):
+ (JSC::DFG::CorrectableJumpPoint::correctJump):
+ (JSC::DFG::CorrectableJumpPoint::getJump):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGOSRExit.cpp: Added.
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::dump):
+ * dfg/DFGOSRExit.h:
+ * dfg/DFGOSRExitCompiler.cpp: Added.
+ * dfg/DFGOSRExitCompiler.h:
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ * dfg/DFGThunks.cpp: Added.
+ (JSC::DFG::osrExitGenerationThunkGenerator):
+ * dfg/DFGThunks.h: Added.
+ * jit/JITCode.h:
+ (JSC::JITCode::dataAddressAtOffset):
+ * runtime/JSGlobalData.h:
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing build breakage
+
+ Unreviewed build fix
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSVariableObject::isDynamicScope
+ https://bugs.webkit.org/show_bug.cgi?id=71933
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope
+ (JSC::JSActivation::isDynamicScope):
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope
+ (JSC::JSGlobalObject::isDynamicScope):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope
+ (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType
+ (JSC::JSStaticScopeObject::isDynamicScope):
+ * runtime/JSType.h: Added new type for JSStaticScopeObject
+ * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the
+ object's type and calls the corresponding implementation.
+ (JSC::JSVariableObject::isDynamicScope):
+ * runtime/JSVariableObject.h:
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSGlobalObject::hasOwnPropertyForWrite
+ https://bugs.webkit.org/show_bug.cgi?id=71934
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it.
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Incrementally re-landing these changes, trying to determine what went wrong.
+ (The whole patch failed tests on the build bot but worked locally.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::absDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::absDouble):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::absDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::absDouble):
+ * assembler/MacroAssemblerX86Common.h:
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::absDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/ThunkGenerators.cpp:
+ (JSC::absThunkGenerator):
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::getOwnPropertyDescriptor
+ https://bugs.webkit.org/show_bug.cgi?id=71523
+
+ Reviewed by Sam Weinig.
+
+ Added getOwnPropertyDescriptor to the MethodTable, changed all of the
+ virtual versions of getOwnPropertyDescriptor to static ones, and
+ changed all of the call sites to the corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertyDescriptor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertyDescriptor):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.h:
+ * runtime/ClassInfo.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertyDescriptor):
+ * runtime/DatePrototype.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertyDescriptor):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertyDescriptor):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertyDescriptor):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertyDescriptor):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::getOwnPropertyDescriptor):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::vtableAnchor):
+ (JSC::JSObject::propertyIsEnumerable):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ (JSC::JSObject::getPropertyDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a
+ bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject. There were
+ no call sites for this version of getOwnPropertyDescriptor in the entire project.
+ * runtime/JSString.h:
+ * runtime/Lookup.h:
+ (JSC::getStaticPropertyDescriptor):
+ (JSC::getStaticFunctionDescriptor):
+ (JSC::getStaticValueDescriptor):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertyDescriptor):
+ * runtime/MathObject.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertyDescriptor):
+ (JSC::objectConstructorGetOwnPropertyDescriptor):
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertyDescriptor):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::getOwnPropertyDescriptor):
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
+ (JSC::StringObject::getOwnPropertyDescriptor):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertyDescriptor):
+ * runtime/StringPrototype.h:
+
+2011-11-09 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Incrementally re-landing these changes, trying to determine what went wrong.
+ (The whole patch failed tests on the build bot but worked locally.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPoint):
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsFloatingPoint):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
+ * jit/ThunkGenerators.cpp:
+ (JSC::absThunkGenerator):
+
+2011-11-08 Darin Adler <darin@apple.com>
+
+ Add code path in HashTable for emptyValueIsZero that does not require copying the empty value
+ https://bugs.webkit.org/show_bug.cgi?id=71875
+
+ Reviewed by Anders Carlsson.
+
+ This is a step along the path of making OwnPtr work as HashMap value types.
+
+ * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here.
+ Also fixed include style. To include other WTF headers inside WTF, we use "" includes.
+ I did not change the code to fix style checker complaints.
+
+ * wtf/HashTable.h: Added includes as needed and fixed include style.
+ (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which
+ gave it internal linkage for no good reason.
+ (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid
+ construction/destruction problems instead of doing the trick where we construct and destroy
+ an empty value twice. It's cleaner and simpler and avoids copying the empty value.
+ (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the
+ empty value is zero rather than copying an empty value.
+
+ * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h.
+
+2011-11-09 Gabor Rapcsanyi <rgabor@webkit.org>
+
+ Buildfix for 32bit debug mode.
+
+ Reviewed by Csaba Osztrogonác.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::dump):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+
+2011-11-09 Andy Wingo <wingo@igalia.com>
+
+ Enable the DFG JIT on X86-64 Linux platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71373
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
+ x86-64 GNU/Linux platform.
+ * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
+
+2011-11-09 Csaba Osztrogonác <ossy@webkit.org>
+
+ Enable the DFG JIT on x86-64 Linux platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71373
+
+ Enable DFG JIT by default on X86 Linux and Mac platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71686
+
+ Buildfix for stricter compilers: -Werror=unused-but-set-variable
+
+ Reviewed by Zoltan Herczeg.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-09 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99678.
+ http://trac.webkit.org/changeset/99678
+ https://bugs.webkit.org/show_bug.cgi?id=71882
+
+ broke the build with -Werror=unused-but-set-variable
+ (Requested by tronical_ on #webkit).
+
+ * CMakeListsEfl.txt:
+ * wtf/Platform.h:
+
+2011-11-09 Andy Wingo <wingo@igalia.com>
+
+ Enable the DFG JIT on X86-64 Linux platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71373
+
+ Reviewed by Filip Pizlo.
+
+ * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
+ x86-64 GNU/Linux platform.
+ * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
+
+2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defineOwnProperty
+ https://bugs.webkit.org/show_bug.cgi?id=71429
+
+ Reviewed by Geoffrey Garen.
+
+ Added defineOwnProperty to the MethodTable, changed all the virtual
+ implementations of defineOwnProperty to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::createStrictModeCallerIfNecessary):
+ (JSC::Arguments::createStrictModeCalleeIfNecessary):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defineOwnProperty):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorDefineProperty):
+ (JSC::defineProperties):
+
+2011-11-09 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Build system cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=71815
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf.
+
+2011-11-08 Simon Hausmann <simon.hausmann@nokia.com>
+
+ [Qt] Replace use of QApplication with QGuiApplication
+ https://bugs.webkit.org/show_bug.cgi?id=71794
+
+ Reviewed by Andreas Kling.
+
+ Add compat headers for use when building with Qt 4: QGuiApplication
+ is typedef'ed to QApplication.
+
+ * wtf/qt/compat/QGuiApplication: Added.
+ * wtf/qt/compat/qguiapplication.h: Added.
+
+2011-11-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99647.
+ http://trac.webkit.org/changeset/99647
+ https://bugs.webkit.org/show_bug.cgi?id=71876
+
+ It broke jsc and layout tests on all bot (Requested by
+ Ossy_night on #webkit).
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPoint):
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::supportsDoubleBitops):
+ (JSC::MacroAssemblerARM::andnotDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::andnotDouble):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsFloatingPoint):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerSH4::supportsDoubleBitops):
+ (JSC::MacroAssemblerSH4::andnotDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::MacroAssemblerX86):
+ (JSC::MacroAssemblerX86::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86::supportsDoubleBitops):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::andnotDouble):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
+ * assembler/X86Assembler.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/ThunkGenerators.cpp:
+ (JSC::absThunkGenerator):
+ * runtime/JSGlobalData.cpp:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Better abstract 'abs' operation through the MacroAssembler.
+ https://bugs.webkit.org/show_bug.cgi?id=71873
+
+ Reviewed by Geoff Garen.
+
+ Currently the x86 specific instruction sequence to perform a double abs
+ is duplicated throughout the JITs / thunk generators.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPoint):
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
+ (JSC::MacroAssemblerARM::absDouble):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::absDouble):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsFloatingPoint):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
+ (JSC::MacroAssemblerSH4::absDouble):
+ - Renamed supportsFloatingPointAbs, make these methods static so that
+ we can check the JIT's capabilites before we begin compilation.
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::absDouble):
+ (JSC::MacroAssemblerX86::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
+ - Made supports* methods static so that we can check the JIT's
+ capabilites before we begin compilation. Added absDouble.
+ * assembler/MacroAssemblerX86Common.h:
+ - Removed andnotDouble, added s_maskSignBit.
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::absDouble):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
+ - Made supports* methods static so that we can check the JIT's
+ capabilites before we begin compilation. Added absDouble.
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::andpd_rr):
+ (JSC::X86Assembler::andpd_mr):
+ - Added support for andpd instruction.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Switched to use doubleAbs, we can now also reuse the operand register for the result.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Switched to use doubleAbs, we can now also reuse the operand register for the result.
+ * jit/ThunkGenerators.cpp:
+ - Switched to use doubleAbs.
+ (JSC::absThunkGenerator):
+ * runtime/JSGlobalData.cpp:
+ - Declared MacroAssemblerX86Common::s_maskSignBit here.
+ This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
+ to the compile for just one constant.
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Move duplicates of SYMBOL_STRING* macros to the single location
+ https://bugs.webkit.org/show_bug.cgi?id=71456
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ * wtf/InlineASM.h: Added.
+ - Moved asm related macros.
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Move code to handle 8bit regs from X86Assembler to MacroAssembler
+ https://bugs.webkit.org/show_bug.cgi?id=71867
+
+ Reviewed by Oliver Hunt.
+
+ This code is fine, but is in the wrong place really. X86 assembler should
+ basically just format up exactly the instruction you request - not expand
+ out to a set of instructions (that is what the macro assembler layer is
+ for!). For other 8-bit ops, on X86 we don't guard against clients accessing
+ the XH registers.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movb_rm):
+ - moved some code.
+
+2011-11-08 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for GTK.
+
+ * GNUmakefile.list.am:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix.
+
+ * assembler/X86Assembler.h:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk, failed to commit this in last change.
+
+ * assembler/X86Assembler.h:
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Remove an unused method.
+
+ Rubber stamped by Geoff Garen.
+
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/AssemblerBuffer.h:
+ - removed rewindToLabel.
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
+ https://bugs.webkit.org/show_bug.cgi?id=71864
+
+ Reviewed by Filip Pizlo.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::offsetOf):
+ - We use this to return the offsets into the code of the entry points.
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ - Move the construction of the speculative JIT outside of
+ compileBody, such that it is still available to link the
+ OSR entry points at the point we are linking.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ - Pass the label of the block & linkbuffer into noticeOSREntry.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::linkOSREntries):
+ - Moved call to noticeOSREntry until we we linking.
+ * dfg/DFGSpeculativeJIT.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ - Moved calculation of entries until we we linking.
+ * jit/JIT.h:
+ - Removed some members.
+
+2011-11-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exit code should be generated by a separate compiler, not
+ related to DFG::JITCompiler
+ https://bugs.webkit.org/show_bug.cgi?id=71787
+
+ Reviewed by Gavin Barraclough.
+
+ Moves the exitSpeculativeWithOSR() method from JITCompiler to
+ OSRExitCompiler::compileExit().
+
+ * CMakeListsEfl.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Target.pri:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ * dfg/DFGJITCompiler32_64.cpp: Removed.
+ * dfg/DFGOSRExitCompiler.h: Added.
+ (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
+ * dfg/DFGOSRExitCompiler32_64.cpp: Added.
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp: Added.
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * runtime/JSValue.h:
+
+2011-11-08 Filip Pizlo <fpizlo@apple.com>
+
+ Basic DFG definitions should be moved out of DFGNode.h
+ https://bugs.webkit.org/show_bug.cgi?id=71861
+
+ Rubber-stamped by Gavin Barraclough.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGCommon.h: Added.
+ (JSC::DFG::NodeIndexTraits::defaultValue):
+ * dfg/DFGNode.h:
+ * dfg/DFGOSRExit.h:
+ * dfg/DFGRegisterBank.h:
+
+2011-11-08 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
+ https://bugs.webkit.org/show_bug.cgi?id=71761
+
+ Templatized Parser based on Lexer<T>. Moved two enums,
+ SourceElementsMode and FunctionRequirements out of Parser definition
+ to work around a clang compiler defect.
+
+ Cleaned up SourceCode data() to return StringImpl* and eliminated
+ the recently added stringData() virtual method.
+
+ To keep code in Parser.cpp and keep Parser.h small, the two flavors
+ of Parser are explicitly instantiated at the end of Parser.cpp.
+
+ Reviewed by Gavin Barraclough.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::appendSourceToError):
+ * parser/Lexer.cpp:
+ (JSC::::setCode):
+ (JSC::::sourceCode):
+ * parser/Parser.cpp:
+ (JSC::::Parser):
+ (JSC::::~Parser):
+ (JSC::::parseInner):
+ (JSC::::didFinishParsing):
+ (JSC::::allowAutomaticSemicolon):
+ (JSC::::parseSourceElements):
+ (JSC::::parseVarDeclaration):
+ (JSC::::parseConstDeclaration):
+ (JSC::::parseDoWhileStatement):
+ (JSC::::parseWhileStatement):
+ (JSC::::parseVarDeclarationList):
+ (JSC::::parseConstDeclarationList):
+ (JSC::::parseForStatement):
+ (JSC::::parseBreakStatement):
+ (JSC::::parseContinueStatement):
+ (JSC::::parseReturnStatement):
+ (JSC::::parseThrowStatement):
+ (JSC::::parseWithStatement):
+ (JSC::::parseSwitchStatement):
+ (JSC::::parseSwitchClauses):
+ (JSC::::parseSwitchDefaultClause):
+ (JSC::::parseTryStatement):
+ (JSC::::parseDebuggerStatement):
+ (JSC::::parseBlockStatement):
+ (JSC::::parseStatement):
+ (JSC::::parseFormalParameters):
+ (JSC::::parseFunctionBody):
+ (JSC::::parseFunctionInfo):
+ (JSC::::parseFunctionDeclaration):
+ (JSC::::parseExpressionOrLabelStatement):
+ (JSC::::parseExpressionStatement):
+ (JSC::::parseIfStatement):
+ (JSC::::parseExpression):
+ (JSC::::parseAssignmentExpression):
+ (JSC::::parseConditionalExpression):
+ (JSC::::isBinaryOperator):
+ (JSC::::parseBinaryExpression):
+ (JSC::::parseProperty):
+ (JSC::::parseObjectLiteral):
+ (JSC::::parseStrictObjectLiteral):
+ (JSC::::parseArrayLiteral):
+ (JSC::::parsePrimaryExpression):
+ (JSC::::parseArguments):
+ (JSC::::parseMemberExpression):
+ (JSC::::parseUnaryExpression):
+ * parser/Parser.h:
+ (JSC::::parse):
+ (JSC::parse):
+ * parser/SourceCode.h:
+ (JSC::SourceCode::data):
+ (JSC::SourceCode::subExpression):
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::data):
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
+ https://bugs.webkit.org/show_bug.cgi?id=71855
+
+ Reviewed by Filip Pizlo.
+
+ The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
+ This won't work on ARMv7.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::locationOf):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+
+2011-11-08 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT calculation of OSR entry points is not THUMB2 safe
+ https://bugs.webkit.org/show_bug.cgi?id=71852
+
+ Reviewed by Oliver Hunt.
+
+ Executable addresses are tagged with a low bit set to distinguish
+ between THUMB2 and traditional ARM.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * jit/JITCode.h:
+ (JSC::JITCode::executableAddressAtOffset):
+ (JSC::JITCode::start):
+ (JSC::JITCode::size):
+
+2011-11-08 Michael Saboff <msaboff@apple.com>
+
+ JSC::Parser::Parser leaks Lexer member
+ https://bugs.webkit.org/show_bug.cgi?id=71847
+
+ Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
+
+ Reviewed by Oliver Hunt.
+
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser):
+ (JSC::Parser::parseFunctionBody):
+ * parser/Parser.h:
+
+2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Enable DFG JIT by default on X86 Linux and Mac platforms
+ https://bugs.webkit.org/show_bug.cgi?id=71686
+
+ Reviewed by Filip Pizlo.
+
+ We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
+
+ * wtf/Platform.h:
+
+2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
+ https://bugs.webkit.org/show_bug.cgi?id=71768
+
+ Reviewed by Geoffrey Garen.
+
+ Also includes a fix to make the newly introduced AssemblyHelpers
+ friend of JSValue as we need the Tag definitions.
+
+ * CMakeListsEfl.txt:
+ * GNUmakefile.list.am:
+ * Target.pri:
+ * runtime/JSValue.h:
+
+2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix gcc 4.4 compilation warnings in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=71762
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::registersMatched):
+
+2011-11-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG code base should allow for classes not related to DFG::JITCompiler
+ to use DFG idioms
+ https://bugs.webkit.org/show_bug.cgi?id=71746
+
+ Reviewed by Gavin Barraclough.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAssemblyHelpers.cpp: Added.
+ (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
+ (JSC::DFG::AssemblyHelpers::emitCount):
+ (JSC::DFG::AssemblyHelpers::setSamplingFlag):
+ (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
+ (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
+ * dfg/DFGAssemblyHelpers.h: Added.
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::JITCompiler):
+ (JSC::DFG::JITCompiler::graph):
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGOSRExit.h: Added.
+ (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
+ (JSC::DFG::SpeculationRecovery::type):
+ (JSC::DFG::SpeculationRecovery::dest):
+ (JSC::DFG::SpeculationRecovery::src):
+ (JSC::DFG::OSRExit::numberOfRecoveries):
+ (JSC::DFG::OSRExit::valueRecovery):
+ (JSC::DFG::OSRExit::isArgument):
+ (JSC::DFG::OSRExit::isVariable):
+ (JSC::DFG::OSRExit::argumentForIndex):
+ (JSC::DFG::OSRExit::variableForIndex):
+ (JSC::DFG::OSRExit::operandForArgument):
+ (JSC::DFG::OSRExit::operandForIndex):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-11-07 Filip Pizlo <fpizlo@apple.com>
+
+ Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
+ but it appears to help on other benchmarks.
+
+ Rubber stamped by Oliver Hunt.
+
+ * bytecode/ValueProfile.h:
+
+2011-11-07 Ariya Hidayat <ariya@sencha.com>
+
+ "use strict" can not contain escape sequences or line continuation
+ https://bugs.webkit.org/show_bug.cgi?id=71532
+
+ Reviewed by Darin Adler.
+
+ Store the actual literal length (before the escapes and line
+ continuation are encoded) while parsing the directive and use it
+ for the directive comparison.
+
+ * parser/Parser.cpp:
+ (JSC::Parser::parseSourceElements):
+ (JSC::Parser::parseStatement):
+ * parser/Parser.h:
+
+2011-11-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG operationCreateThis slow path may get the wrong callee in case of inlining
+ https://bugs.webkit.org/show_bug.cgi?id=71647
+
+ Reviewed by Oliver Hunt.
+
+ No new tests because I only saw this manifest itself when I had other bugs
+ leading to spurious slow path executions.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::putWithAttributes
+ https://bugs.webkit.org/show_bug.cgi?id=71716
+
+ Reviewed by Darin Adler.
+
+ Added putWithAttributes to the MethodTable, changed all the virtual
+ implementations of putWithAttributes to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectSetProperty):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::putWithAttributes):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * runtime/ClassInfo.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::putWithAttributes):
+ * runtime/JSActivation.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putWithAttributes):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::putWithAttributes):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putWithAttributes):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::putWithAttributes):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::putWithAttributes):
+ * runtime/JSVariableObject.h:
+
+2011-11-07 Dmitry Lomov <dslomov@google.com>
+
+ Unreviewed. Release build fix.
+
+ * parser/Lexer.cpp:
+ (JSC::assertCharIsIn8BitRange):
+
+2011-11-07 Filip Pizlo <fpizlo@apple.com>
+
+ Switch the value profiler back to 8 buckets, because we suspect that while this
+ is more expensive it's also more stable.
+
+ Rubber stamped by Geoff Garen.
+
+ * bytecode/ValueProfile.h:
+
+2011-11-07 Andrew Wason <rectalogic@rectalogic.com>
+
+ Uninitialized Heap member var
+ https://bugs.webkit.org/show_bug.cgi?id=71722
+
+ Reviewed by Filip Pizlo.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
+
+2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
+ https://bugs.webkit.org/show_bug.cgi?id=71684
+
+ Reviewed by Filip Pizlo.
+
+ Currently in DFG JIT, we try to reuse the physical register of an
+ operand for temporary usage if the current use of the operand is the
+ last use. But sometimes this can be wrong, for example if there are
+ possible speculation failures and we need to fallback to baseline JIT,
+ the value of the operand which is supposed to be hold in the physical
+ register can be modified by register reusing. The fixes the last
+ inspector failures in layout test on Mac 32-bit if switching on DFG.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-07 Ryosuke Niwa <rniwa@webkit.org>
+
+ REGRESSION(r99436): Broke Snow Leopard debug build
+ https://bugs.webkit.org/show_bug.cgi?id=71713
+
+ Reviewed by Darin Adler.
+
+ Put the assertion in a template and use template specialization
+ to avoid warning when instantiated with UChar or LChar.
+
+ In the long term, we should have traits for unsigned integral types
+ and use that to specialize template instead of specializing it for UChar and LChar.
+
+ * parser/Lexer.cpp:
+ (JSC::assertCharIsIn8BitRange):
+ (JSC::::append8):
+
+2011-11-07 ChangSeok Oh <shivamidow@gmail.com>
+
+ [EFL] Support requestAnimationFrame API
+ https://bugs.webkit.org/show_bug.cgi?id=67112
+
+ Reviewed by Andreas Kling.
+
+ Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
+
+ * wtf/Platform.h:
+
+2011-11-07 Michael Saboff <msaboff@apple.com>
+
+ Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
+ https://bugs.webkit.org/show_bug.cgi?id=71331
+
+ Change the Lexer class to be a template class based on the character
+ type of the source. In the process updated the parseIdentifier()
+ and parseString() methods to create 8 bit strings where possible.
+ Also added some helper methods for accumulating temporary string
+ data in the 8 and 16 bit vectors.
+
+ Changed the SourceProvider::data() virtual method to return a
+ StringImpl* instead of a UChar*.
+
+ Updated the KeywordLookup generator to create code to match keywords
+ for both 8 and 16 bit source strings.
+
+ Due to a compiler bug (<rdar://problem/10194295>) moved enum
+ definition outside of Lexer class declaration. Remove second enum
+ no longer needed.
+
+ Reviewed by Darin Adler.
+
+ * KeywordLookupGenerator.py:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ * parser/Lexer.cpp:
+ (JSC::::Lexer):
+ (JSC::::~Lexer):
+ (JSC::::getInvalidCharMessage):
+ (JSC::::currentCharacter):
+ (JSC::::setCode):
+ (JSC::::internalShift):
+ (JSC::::shift):
+ (JSC::::peek):
+ (JSC::::getUnicodeCharacter):
+ (JSC::::shiftLineTerminator):
+ (JSC::::lastTokenWasRestrKeyword):
+ (JSC::::record8):
+ (JSC::::append8):
+ (JSC::::append16):
+ (JSC::::record16):
+ (JSC::::parseIdentifier):
+ (JSC::::parseIdentifierSlowCase):
+ (JSC::::parseString):
+ (JSC::::parseStringSlowCase):
+ (JSC::::parseHex):
+ (JSC::::parseOctal):
+ (JSC::::parseDecimal):
+ (JSC::::parseNumberAfterDecimalPoint):
+ (JSC::::parseNumberAfterExponentIndicator):
+ (JSC::::parseMultilineComment):
+ (JSC::::nextTokenIsColon):
+ (JSC::::lex):
+ (JSC::::scanRegExp):
+ (JSC::::skipRegExp):
+ (JSC::::clear):
+ (JSC::::sourceCode):
+ * parser/Lexer.h:
+ (JSC::Lexer::append16):
+ (JSC::Lexer::currentOffset):
+ (JSC::Lexer::setOffsetFromCharOffset):
+ (JSC::::isWhiteSpace):
+ (JSC::::isLineTerminator):
+ (JSC::::convertHex):
+ (JSC::::convertUnicode):
+ (JSC::::makeIdentifier):
+ (JSC::::setCodeStart):
+ (JSC::::makeIdentifierLCharFromUChar):
+ (JSC::::lexExpectIdentifier):
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser):
+ (JSC::Parser::parseProperty):
+ (JSC::Parser::parseMemberExpression):
+ * parser/Parser.h:
+ (JSC::Parser::next):
+ (JSC::Parser::nextExpectIdentifier):
+ * parser/ParserArena.h:
+ (JSC::IdentifierArena::makeIdentifier):
+ (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
+ * parser/SourceCode.h:
+ (JSC::SourceCode::subExpression):
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::stringData):
+ * parser/SourceProviderCache.h:
+ * parser/SyntaxChecker.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::insertSemicolonIfNeeded):
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierTable::add):
+ (JSC::IdentifierLCharFromUCharTranslator::hash):
+ (JSC::IdentifierLCharFromUCharTranslator::equal):
+ (JSC::IdentifierLCharFromUCharTranslator::translate):
+ (JSC::Identifier::add8):
+ * runtime/Identifier.h:
+ (JSC::Identifier::Identifier):
+ (JSC::Identifier::createLCharFromUChar):
+ (JSC::Identifier::canUseSingleCharacterString):
+ (JSC::IdentifierCharBufferTranslator::hash):
+ (JSC::IdentifierCharBufferTranslator::equal):
+ (JSC::IdentifierCharBufferTranslator::translate):
+ (JSC::Identifier::add):
+ (JSC::Identifier::equal):
+ (JSC::IdentifierTable::add):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::decode):
+ (JSC::parseIntOverflow):
+ (JSC::globalFuncUnescape):
+ * runtime/JSGlobalObjectFunctions.h:
+ (JSC::parseIntOverflow):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::Lexer::lexString):
+ * wtf/text/StringImpl.h:
+
+2011-11-07 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
+
+ Allows us to not package up the whole Source/JavaScriptCore directory for the
+ buildbots.
+
+ Reviewed-by Simon Hausmann.
+
+ * jsc.pro:
+
+2011-11-06 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
+ to initializeMainThread, and crashes
+ https://bugs.webkit.org/show_bug.cgi?id=71643
+
+ Reviewed by Sam Weinig.
+
+ * jsc.cpp:
+ (main):
+
+2011-11-06 Sam Weinig <sam@webkit.org>
+
+ Add space missing from some class declarations
+ https://bugs.webkit.org/show_bug.cgi?id=71632
+
+ Reviewed by Anders Carlsson.
+
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * bytecode/CodeBlock.h:
+ * dfg/DFGVariableAccessData.h:
+ * heap/VTableSpectrum.h:
+ * jit/ExecutableAllocator.cpp:
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ * wtf/MetaAllocatorHandle.h:
+ * wtf/UnionFind.h:
+
+2011-11-06 Sam Weinig <sam@webkit.org>
+
+ Allow use of FINAL in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=71630
+
+ Reviewed by Anders Carlsson.
+
+ * Configurations/Base.xcconfig:
+ Don't warn about C++11 extensions used in C++98 mode.
+
+2011-11-05 Filip Pizlo <fpizlo@apple.com>
+
+ Value profiling should just use two buckets
+ https://bugs.webkit.org/show_bug.cgi?id=71619
+
+ Reviewed by Gavin Barraclough.
+
+ Added one more configuration options (like Heuristics::minimumOptimizationDelay),
+ improved debugging in JIT optimization support, changed the number of buckets
+ in the value profile from 9 to 2, and wrote a more optimal value profiling path
+ in the old JIT to take advantage of this. It's still possible to play around with
+ larger numbers of buckets, and we should probably keep this for a little while
+ until we convince ourselves that using just two buckets is the right call.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ * bytecode/ValueProfile.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-11-03 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should be able to sample itself in a more flexible way than just sampling flags
+ https://bugs.webkit.org/show_bug.cgi?id=71522
+
+ Reviewed by Gavin Barraclough.
+
+ Added a construct that looks like SamplingRegion samplingRegion("name").
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingRegion::Locker::Locker):
+ (JSC::SamplingRegion::Locker::~Locker):
+ (JSC::SamplingRegion::sample):
+ (JSC::SamplingRegion::dump):
+ (JSC::SamplingRegion::dumpInternal):
+ (JSC::SamplingThread::threadStartFunc):
+ * bytecode/SamplingTool.h:
+ (JSC::SamplingRegion::SamplingRegion):
+ (JSC::SamplingRegion::~SamplingRegion):
+ (JSC::SamplingRegion::exchangeCurrent):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/VTableSpectrum.cpp:
+ (JSC::VTableSpectrum::countVPtr):
+ (JSC::VTableSpectrum::dump):
+ * heap/VTableSpectrum.h:
+ * jsc.cpp:
+ (main):
+ (runWithScripts):
+ * parser/Parser.h:
+ (JSC::parse):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * wtf/Atomics.h:
+ (WTF::weakCompareAndSwap):
+ * wtf/Platform.h:
+ * wtf/Spectrum.h: Added.
+ (WTF::Spectrum::Spectrum):
+ (WTF::Spectrum::add):
+ (WTF::Spectrum::get):
+ (WTF::Spectrum::begin):
+ (WTF::Spectrum::end):
+ (WTF::Spectrum::KeyAndCount::KeyAndCount):
+ (WTF::Spectrum::KeyAndCount::operator<):
+ (WTF::Spectrum::buildList):
+ * wtf/wtf.pri:
+
+2011-11-05 Sam Weinig <sam@webkit.org>
+
+ Fix windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-04 Sam Weinig <sam@webkit.org>
+
+ Reduce the number of putWithAttributes
+ https://bugs.webkit.org/show_bug.cgi?id=71597
+
+ Reviewed by Adam Roben.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Remove exports of removed functions.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::putWithAttributes):
+ Calling the overload without the extra parameters does the same thing.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putWithAttributes):
+ * runtime/JSObject.h:
+ Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
+ two overloads not virtual, since no one overrides it.
+
+2011-11-04 Pratik Solanki <psolanki@apple.com>
+
+ sqrtDouble and andnotDouble should be declared noreturn
+ https://bugs.webkit.org/show_bug.cgi?id=71592
+
+ Reviewed by Sam Weinig.
+
+ * assembler/MacroAssemblerARMv7.h:
+
+2011-11-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::hasInstance
+ https://bugs.webkit.org/show_bug.cgi?id=71430
+
+ Reviewed by Darin Adler.
+
+ Added hasInstance to the MethodTable, changed all the virtual
+ implementations of hasInstance to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::hasInstance):
+ * API/JSValueRef.cpp:
+ (JSValueIsInstanceOfConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::hasInstance):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasInstance):
+ * runtime/JSObject.h:
+
+2011-11-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Refactor and clean up the qmake build system
+
+ The qmake build system has accumulated a bit of cruft and redundancy
+ over time. There's also a fairly tight coupling between how to build
+ the various targets, and _what_ to build, making it harder to add new
+ rules or sources. This patch aims to elevate these issues somewhat.
+
+ This is a short-list of the changes:
+
+ * The rules for how to build targets are now mostly contained as
+ prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
+ allows us to do pre- and post-processing of each project file,
+ which helps to clean up the actual project files.
+
+ * Derived sources are no longer generated as a separate make-step
+ but is part of each target's project file as a subdir. Makefile
+ rules are used to ensure that we run make on the derived sources
+ before running qmake on the actual target makefile. This makes
+ it easier to keep a proper dependency between derived sources
+ and the target.
+
+ * We use GNU make and the compiler to generate dependencies on
+ UNIX-based systems running Qt 5. This allows us to lessen the
+ need to run qmake, which should reduce compile time.
+
+ * WebKit2 is now build by default if building with Qt 5. It can
+ be disabled by passing --no-webkit2 to build-webkit.
+
+ The result of these changes are hopefully a cleaner and easier
+ build system to modify, and faster build times due to no longer
+ running qmake on every single build. It's also a first step
+ towards possibly generating the list of sources using another
+ build system.
+
+ https://bugs.webkit.org/show_bug.cgi?id=71222
+
+ Reviewed by Simon Hausmann.
+
+ * DerivedSources.pri: Added.
+ * DerivedSources.pro: Removed.
+ * JavaScriptCore.pro:
+ * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
+ * headers.pri: Removed.
+ * jsc.pro:
+ * wtf/wtf.pri:
+ * yarr/yarr.pri:
+
+2011-11-04 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ More code clean-up in DFG 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=71540
+
+ Remove unnecessary code duplications, and fix compilation warnings.
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::emitCount):
+ (JSC::DFG::JITCompiler::setSamplingFlag):
+ (JSC::DFG::JITCompiler::clearSamplingFlag):
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-04 Csaba Osztrogonác <ossy@webkit.org>
+
+ De-virtualize JSObject::hasInstance
+ https://bugs.webkit.org/show_bug.cgi?id=71430
+
+ Unreviewed rolling out r99238, because it made a test crash on all platform.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::hasInstance):
+ * API/JSValueRef.cpp:
+ (JSValueIsInstanceOfConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasInstance):
+ * runtime/JSObject.h:
+
+2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::getPropertyNames
+ https://bugs.webkit.org/show_bug.cgi?id=71306
+
+ Reviewed by Darin Adler.
+
+ Added getPropertyNames to the MethodTable, changed all the virtual
+ implementations of getPropertyNames to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectCopyPropertyNames):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertyNames):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getPropertyNames):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPropertyNames):
+ (JSC::JSObject::getOwnPropertyNames):
+ * runtime/JSObject.h:
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::print):
+ * runtime/Structure.cpp:
+ (JSC::Structure::getPropertyNamesFromStructure):
+ * runtime/Structure.h:
+
+2011-11-03 Darin Adler <darin@apple.com>
+
+ Change remaining callers of releaseRef to call leakRef
+ https://bugs.webkit.org/show_bug.cgi?id=71422
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
+
+2011-11-02 Darin Adler <darin@apple.com>
+
+ Change remaining callers of releaseRef to call leakRef
+ https://bugs.webkit.org/show_bug.cgi?id=71422
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
+
+2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::hasInstance
+ https://bugs.webkit.org/show_bug.cgi?id=71430
+
+ Reviewed by Darin Adler.
+
+ Added hasInstance to the MethodTable, changed all the virtual
+ implementations of hasInstance to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::hasInstance):
+ * API/JSValueRef.cpp:
+ (JSValueIsInstanceOfConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::hasInstance):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::hasInstance):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasInstance):
+ * runtime/JSObject.h:
+
+2011-11-03 Filip Pizlo <fpizlo@apple.com>
+
+ JIT-specific code should be able to refer to register types even on JIT-disabled builds
+ https://bugs.webkit.org/show_bug.cgi?id=71498
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssembler.h:
+ (MacroAssembler::MacroAssembler):
+
+2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::className
+ https://bugs.webkit.org/show_bug.cgi?id=71428
+
+ Reviewed by Sam Weinig.
+
+ Added className to the MethodTable, changed all the virtual
+ implementations of className to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::className):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::className):
+ * debugger/DebuggerActivation.h:
+ * jsc.cpp:
+ (GlobalObject::createStructure):
+ * profiler/Profiler.cpp:
+ (JSC::Profiler::createCallIdentifier):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::className):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::className):
+ * runtime/JSObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncToString):
+ * testRegExp.cpp:
+ (GlobalObject::createStructure):
+
+2011-11-02 Jer Noble <jer.noble@apple.com>
+
+ Add Clock class and platform-specific implementations.
+ https://bugs.webkit.org/show_bug.cgi?id=71341
+
+ Reviewed by Sam Weinig.
+
+ Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
+
+ * wtf/Platform.h:
+
+2011-11-03 Pavel Feldman <pfeldman@chromium.org>
+
+ Not reviewed: fixing win build. step2.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-03 Pavel Feldman <pfeldman@chromium.org>
+
+ Not reviewed: fix windows build, step1
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-11-03 Pavel Feldman <pfeldman@google.com>
+
+ Web Inspector: preserve script location for inline handlers.
+ https://bugs.webkit.org/show_bug.cgi?id=71367
+
+ Makes SourceCode factories receive TextPosition instead of the line number;
+ Stores consistent position values in SourceCode and SourceProvider;
+
+ Reviewed by Yury Semikhatsky.
+
+ * API/JSBase.cpp:
+ (JSEvaluateScript):
+ (JSCheckScriptSyntax):
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeFunction):
+ * parser/SourceCode.h:
+ (JSC::makeSource):
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider):
+ (JSC::SourceProvider::startPosition):
+ (JSC::UStringSourceProvider::create):
+ (JSC::UStringSourceProvider::UStringSourceProvider):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionConstructor.h:
+
+2011-11-03 Kentaro Hara <haraken@chromium.org>
+
+ Fixed wrong implementation of doubleValue % 2^{64}.
+ https://bugs.webkit.org/show_bug.cgi?id=67980
+
+ Reviewed by Hajime Morita.
+
+ fast/events/constructors/progress-event-constructor.html was failing
+ because of the wrong implementation of conversion from an ECMAScript value
+ to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
+ In particular, the calculation of doubleValue % 2^{64} was wrong.
+ This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
+
+ * wtf/MathExtras.h:
+ (doubleToInteger): Implemented the spec correctly.
+
+2011-11-03 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r99089.
+ http://trac.webkit.org/changeset/99089
+ https://bugs.webkit.org/show_bug.cgi?id=71448
+
+ @plt postfix for math functions cause crash on Linux 32 (the
+ symbol is defined but it points to NULL) (Requested by
+ zherczeg on #webkit).
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ * jit/ThunkGenerators.cpp:
+
+2011-11-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG inlining breaks function.arguments[something] if the argument being
+ retrieved was subjected to DFG's unboxing optimizations
+ https://bugs.webkit.org/show_bug.cgi?id=71436
+
+ Reviewed by Oliver Hunt.
+
+ This makes inlined arguments retrieval use some of the same machinery as
+ OSR to determine where from, and how, to retrieve a value that the DFG
+ might have somehow squirreled away while the old JIT would put it in its
+ obvious location, using an obvious format.
+
+ To that end, previously DFG-internal notions such as DataFormat,
+ VirtualRegister, and ValueRecovery are now in bytecode/ since they are
+ stored as part of InlineCallFrames.
+
+ * bytecode/CodeOrigin.h:
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::inlineCallFrame):
+ * interpreter/Register.h:
+ (JSC::Register::asInlineCallFrame):
+ (JSC::Register::unboxedInt32):
+ (JSC::Register::unboxedBoolean):
+ (JSC::Register::unboxedCell):
+ * runtime/Arguments.h:
+ (JSC::Arguments::finishCreationAndCopyRegisters):
+
+2011-11-02 Filip Pizlo <fpizlo@apple.com>
+
+ ValueRecovery should be moved out of the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=71439
+
+ Reviewed by Oliver Hunt.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/DataFormat.h: Added.
+ (JSC::dataFormatToString):
+ (JSC::needDataFormatConversion):
+ (JSC::isJSFormat):
+ (JSC::isJSInteger):
+ (JSC::isJSDouble):
+ (JSC::isJSCell):
+ (JSC::isJSBoolean):
+ * bytecode/ValueRecovery.h: Added.
+ (JSC::ValueRecovery::ValueRecovery):
+ (JSC::ValueRecovery::alreadyInRegisterFile):
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
+ (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
+ (JSC::ValueRecovery::inGPR):
+ (JSC::ValueRecovery::inPair):
+ (JSC::ValueRecovery::inFPR):
+ (JSC::ValueRecovery::displacedInRegisterFile):
+ (JSC::ValueRecovery::constant):
+ (JSC::ValueRecovery::technique):
+ (JSC::ValueRecovery::isInRegisters):
+ (JSC::ValueRecovery::gpr):
+ (JSC::ValueRecovery::tagGPR):
+ (JSC::ValueRecovery::payloadGPR):
+ (JSC::ValueRecovery::fpr):
+ (JSC::ValueRecovery::virtualRegister):
+ (JSC::ValueRecovery::dump):
+ * bytecode/VirtualRegister.h: Added.
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::isJSFormat):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGVariableAccessData.h:
+
+2011-11-02 Sam Weinig <sam@webkit.org>
+
+ Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
+ https://bugs.webkit.org/show_bug.cgi?id=71333
+
+ Reviewed by Gavin Barraclough.
+
+ Tested by fast/dom/getter-on-window-object2.html
+
+ * runtime/PropertyDescriptor.cpp:
+ (JSC::PropertyDescriptor::setDescriptor):
+ The attributes returned from Structure::get do not include Getter or Setter, so
+ instead check if the value is a GetterSetter like we do elsewhere. If it is, update
+ the descriptor's attributes accordingly.
+
+2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ FunctionPtr should accept FASTCALL functions on X86
+ https://bugs.webkit.org/show_bug.cgi?id=71434
+
+ Reviewed by Filip Pizlo.
+
+ On X86 we sometimes use FASTCALL convention functions, for example the
+ cti functions, and we may need the pointers to such functions, e.g.,
+ in current DFG register file check and arity check, though long term
+ we may avoid such usage of cti calls in DFG.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+
+2011-11-02 Filip Pizlo <fpizlo@apple.com>
+
+ Inlined uses of the global object should use the right global object
+ https://bugs.webkit.org/show_bug.cgi?id=71427
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::globalObjectFor):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove some unnecessary loads/stores in DFG JIT 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=71090
+
+ Reviewed by Filip Pizlo.
+
+ In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
+ be eliminated.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+
+2011-11-02 Adam Klein <adamk@chromium.org>
+
+ Replace usage of StringImpl with String where possible in CharacterData and Text
+ https://bugs.webkit.org/show_bug.cgi?id=71383
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/WTFString.h:
+ (WTF::String::containsOnlyWhitespace): Added new method.
+
+2011-11-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::getOwnPropertyNames
+ https://bugs.webkit.org/show_bug.cgi?id=71307
+
+ Reviewed by Darin Adler.
+
+ Added getOwnPropertyNames to the MethodTable, changed all the virtual
+ implementations of getOwnPropertyNames to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertyNames):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertyNames):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertyNames):
+ * runtime/Arguments.h:
+ * runtime/ClassInfo.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertyNames):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertyNames):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertyNames):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertyNames):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyNames):
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertyNames):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPropertyNames):
+ (JSC::JSObject::getOwnPropertyNames):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::~JSVariableObject):
+ (JSC::JSVariableObject::getOwnPropertyNames):
+ * runtime/JSVariableObject.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetOwnPropertyNames):
+ (JSC::objectConstructorKeys):
+ (JSC::defineProperties):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertyNames):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertyNames):
+ * runtime/StringObject.h:
+ * runtime/Structure.h:
+
+2011-11-02 Dean Jackson <dino@apple.com>
+
+ Add ENABLE_CSS_SHADERS flag
+ https://bugs.webkit.org/show_bug.cgi?id=71394
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-11-02 Alexey Shabalin <a.shabalin@gmail.com>
+
+ TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
+ https://bugs.webkit.org/show_bug.cgi?id=70610
+
+ Reviewed by Martin Robinson.
+
+ Properly annotate ASM on BSD and Linux x86 systems.
+
+ * dfg/DFGOperations.cpp: Add annotation for X86.
+ * jit/JITStubs.cpp: Ditto.
+ * jit/ThunkGenerators.cpp: Ditto.
+
+2011-11-02 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
+ https://bugs.webkit.org/show_bug.cgi?id=71347
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::reallocate):
+
+2011-11-01 Darin Adler <darin@apple.com>
+
+ Cut down on malloc/free a bit in the parser arena
+ https://bugs.webkit.org/show_bug.cgi?id=71343
+
+ Reviewed by Oliver Hunt.
+
+ * parser/ParserArena.cpp:
+ (JSC::ParserArena::deallocateObjects): Call the destructors of
+ the deletable objects before freeing the pools. Don't call
+ fastFree on the deletable objects any more.
+
+ * parser/ParserArena.h:
+ (JSC::ParserArena::allocateDeletable): Use allocateFreeable
+ instead of fastMalloc here.
+
+2011-11-01 Sam Weinig <sam@webkit.org>
+
+ Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
+ https://bugs.webkit.org/show_bug.cgi?id=71336
+
+ Reviewed by Darin Adler.
+
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ Remove overrides of lookupGetter/lookupSetter, which are no longer needed
+ due to implementing getPropertyDescriptor.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::lookupGetter):
+ (JSC::JSObject::lookupSetter):
+ * runtime/JSObject.h:
+ De-virtualize lookupGetter/lookupSetter, and implement them in terms of
+ getPropertyDescriptor.
+
+2011-11-01 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defineSetter
+ https://bugs.webkit.org/show_bug.cgi?id=71303
+
+ Reviewed by Darin Adler.
+
+ Added defineSetter to the MethodTable, changed all the virtual
+ implementations of defineSetter to static ones, and replaced
+ all call sites with corresponding lookups in the MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::defineSetter):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defineSetter):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::defineSetter):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineSetter):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncDefineSetter):
+
+2011-11-01 Filip Pizlo <fpizlo@apple.com>
+
+ DFG inlining breaks function.arguments
+ https://bugs.webkit.org/show_bug.cgi?id=71329
+
+ Reviewed by Oliver Hunt.
+
+ The DFG was forgetting to store code origin mappings for inlined
+ call sites. Some of the fast-path optimizations for
+ CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
+ was wrong.
+
+ I also took the opportunity to decrease code duplication between
+ DFG64 and DFG32_64, because I didn't feel like writing the same
+ code twice.
+
+ * bytecode/CodeBlock.h:
+ (JSC::ExecState::isInlineCallFrame):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGNode.h:
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::getArgumentsData):
+
+2011-11-01 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ StringImpl::reallocate() should have a 8-bit version
+ https://bugs.webkit.org/show_bug.cgi?id=71210
+
+ Reviewed by Geoffrey Garen.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::reallocate):
+ * wtf/text/StringImpl.h:
+
+2011-10-31 Filip Pizlo <fpizlo@apple.com>
+
+ The GC should be parallel
+ https://bugs.webkit.org/show_bug.cgi?id=70995
+
+ Reviewed by Geoff Garen.
+
+ Added parallel tracing to the GC. This works by having local mark
+ stacks per thread, and a global shared one. Threads sometimes
+ donate cells from the mark stack to the global one if the heuristics
+ tell them that it's affordable to do so. Threads that have depleted
+ their local mark stacks try to steal some from the shared one.
+
+ Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
+
+ This is a 23% speed-up on V8-splay when I use 4 marking threads,
+ leading to a 3.5% speed-up on V8.
+
+ It also appears that this reduces GC pause times on real websites by
+ more than half.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::~Heap):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
+ (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
+ (JSC::MarkStackSegmentAllocator::allocate):
+ (JSC::MarkStackSegmentAllocator::release):
+ (JSC::MarkStackSegmentAllocator::shrinkReserve):
+ (JSC::MarkStackArray::MarkStackArray):
+ (JSC::MarkStackArray::~MarkStackArray):
+ (JSC::MarkStackArray::expand):
+ (JSC::MarkStackArray::refill):
+ (JSC::MarkStackArray::donateSomeCellsTo):
+ (JSC::MarkStackArray::stealSomeCellsFrom):
+ (JSC::MarkStackThreadSharedData::markingThreadMain):
+ (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
+ (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
+ (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
+ (JSC::MarkStackThreadSharedData::reset):
+ (JSC::MarkStack::reset):
+ (JSC::SlotVisitor::donateSlow):
+ (JSC::SlotVisitor::drain):
+ (JSC::SlotVisitor::drainFromShared):
+ (JSC::MarkStack::mergeOpaqueRoots):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ * heap/MarkStack.h:
+ (JSC::MarkStackSegment::data):
+ (JSC::MarkStackSegment::capacityFromSize):
+ (JSC::MarkStackSegment::sizeFromCapacity):
+ (JSC::MarkStackArray::postIncTop):
+ (JSC::MarkStackArray::preDecTop):
+ (JSC::MarkStackArray::setTopForFullSegment):
+ (JSC::MarkStackArray::setTopForEmptySegment):
+ (JSC::MarkStackArray::top):
+ (JSC::MarkStackArray::validatePrevious):
+ (JSC::MarkStack::addWeakReferenceHarvester):
+ (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
+ (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStack::containsOpaqueRoot):
+ (JSC::MarkStack::opaqueRootCount):
+ (JSC::MarkStackArray::append):
+ (JSC::MarkStackArray::canRemoveLast):
+ (JSC::MarkStackArray::removeLast):
+ (JSC::MarkStackArray::isEmpty):
+ (JSC::MarkStackArray::canDonateSomeCells):
+ (JSC::MarkStackArray::size):
+ (JSC::ParallelModeEnabler::ParallelModeEnabler):
+ (JSC::ParallelModeEnabler::~ParallelModeEnabler):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::testAndSetMarked):
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::donate):
+ (JSC::SlotVisitor::donateAndDrain):
+ (JSC::SlotVisitor::donateKnownParallel):
+ (JSC::SlotVisitor::SlotVisitor):
+ * heap/WeakReferenceHarvester.h:
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+ * wtf/Atomics.h:
+ (WTF::weakCompareAndSwap):
+ * wtf/Bitmap.h:
+ (WTF::::Bitmap):
+ (WTF::::get):
+ (WTF::::set):
+ (WTF::::testAndSet):
+ (WTF::::testAndClear):
+ (WTF::::concurrentTestAndSet):
+ (WTF::::concurrentTestAndClear):
+ (WTF::::clear):
+ (WTF::::clearAll):
+ (WTF::::nextPossiblyUnset):
+ (WTF::::findRunOfZeros):
+ (WTF::::count):
+ (WTF::::isEmpty):
+ (WTF::::isFull):
+ * wtf/MainThread.h:
+ (WTF::isMainThreadOrGCThread):
+ * wtf/Platform.h:
+ * wtf/ThreadSpecific.h:
+ (WTF::::isSet):
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::initializeGCThreads):
+ (WTF::initializeMainThreadPlatform):
+ (WTF::initializeMainThreadToProcessMainThreadPlatform):
+ (WTF::registerGCThread):
+ (WTF::isMainThreadOrGCThread):
+
+2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defaultValue
+ https://bugs.webkit.org/show_bug.cgi?id=71146
+
+ Reviewed by Sam Weinig.
+
+ Added defaultValue to the MethodTable. Replaced all virtual versions of
+ defaultValue with static versions. Replaced all call sites with lookups in the
+ MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::defaultValue):
+ (JSC::TerminatedExecutionError::defaultValue):
+ * runtime/ExceptionHelpers.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defaultValue):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::defaultValue):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPrimitiveNumber):
+ (JSC::JSObject::defaultValue):
+ * runtime/JSObject.h:
+ (JSC::JSObject::toPrimitive):
+
+2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Interpreter build fix
+
+ Unreviewed build fix
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-10-31 Filip Pizlo <fpizlo@apple.com>
+
+ DFG OSR exits should add to value profiles
+ https://bugs.webkit.org/show_bug.cgi?id=71202
+
+ Reviewed by Oliver Hunt.
+
+ Value profiles now have an extra special slot not used by the old JIT's
+ profiling, which is reserved for OSR exits.
+
+ The DFG's OSR exit code now knows which register, node index, and value
+ profiling site was responsible for the (possibly flawed) information that
+ led to the OSR failure. This is somewhat opportunistic and imperfect;
+ if there's a lot of control flow between the value profiling site and the
+ OSR failure point, then this mechanism simply gives up. It also gives up
+ if the OSR failure is caused by either known deficiencies in the DFG
+ (like that we always assume that the index in a strict charCodeAt access
+ is within bounds) or where the OSR failure would be catalogues and
+ profiled through other means (like slow case counters).
+
+ This patch also adds the notion of a JSValueRegs, which is either a
+ single register in JSVALUE64 or a pair in JSVALUE32_64. We should
+ probably move the 32_64 DFG towards using this, since it often makes it
+ easier to share code between 64 and 32_64.
+
+ Also fixed a number of pathologies that this uncovered. op_method_check
+ didn't have a value profiling site on the slow path. GetById should not
+ always force OSR exit if it never executed in the old JIT; we may be
+ able to infer its type if it's a array or string length get. Finally,
+ these changes benefit from a slight tweak to optimization delay
+ heuristics (profile fullness is now 0.35 instead of 0.25).
+
+ 3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
+ and imaging-darkroom.
+
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeStatistics):
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::specFailBucket):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfCells):
+ (JSC::ValueProfile::numberOfObjects):
+ (JSC::ValueProfile::numberOfFinalObjects):
+ (JSC::ValueProfile::numberOfStrings):
+ (JSC::ValueProfile::numberOfArrays):
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::dump):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::JSValueRegs::JSValueRegs):
+ (JSC::DFG::JSValueRegs::operator!):
+ (JSC::DFG::JSValueRegs::gpr):
+ (JSC::DFG::JSValueSource::JSValueSource):
+ (JSC::DFG::JSValueSource::unboxedCell):
+ (JSC::DFG::JSValueSource::operator!):
+ (JSC::DFG::JSValueSource::isAddress):
+ (JSC::DFG::JSValueSource::offset):
+ (JSC::DFG::JSValueSource::base):
+ (JSC::DFG::JSValueSource::gpr):
+ (JSC::DFG::JSValueSource::asAddress):
+ (JSC::DFG::JSValueSource::notAddress):
+ (JSC::DFG::JSValueRegs::tagGPR):
+ (JSC::DFG::JSValueRegs::payloadGPR):
+ (JSC::DFG::JSValueSource::tagGPR):
+ (JSC::DFG::JSValueSource::payloadGPR):
+ (JSC::DFG::JSValueSource::hasKnownTag):
+ (JSC::DFG::JSValueSource::tag):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::jsValueRegs):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueProfileFor):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::JSValueOperand::jsValueRegs):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::valueProfileFor):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitSlow_op_method_check):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emitSlow_op_method_check):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/JSValue.h:
+
+2011-10-31 Sam Weinig <sam@webkit.org>
+
+ Remove need for virtual JSObject::unwrappedObject
+ https://bugs.webkit.org/show_bug.cgi?id=71034
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp:
+ Update exports.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Add JSGlobalThis.cpp.
+
+ * runtime/JSGlobalThis.cpp: Added.
+ (JSC::JSGlobalThis::visitChildren):
+ (JSC::JSGlobalThis::unwrappedObject):
+ * runtime/JSGlobalThis.h:
+ (JSC::JSGlobalThis::createStructure):
+ Move underlying object from JSDOMWindowShell down to JSGlobalThis
+ and corresponding visitChildren method.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::unwrappedObject):
+ Change unwrappedObject from virtual, to just needing an if check.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::isGlobalThis):
+ * runtime/JSType.h:
+ Add isGlobalThis predicate and type.
+
+2011-10-31 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ WTF::StringImpl::create(const char*, unsigned) calls itself
+ https://bugs.webkit.org/show_bug.cgi?id=71206
+
+ The original implementation just calls itself, causing infinite recursion.
+ Cast the first parameter to const LChar* to fix that.
+
+ Reviewed by Ryosuke Niwa.
+
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::create):
+
+2011-10-31 Andy Wingo <wingo@igalia.com>
+
+ Fix DFG JIT compilation on Linux targets.
+ https://bugs.webkit.org/show_bug.cgi?id=70904
+
+ Reviewed by Darin Adler.
+
+ * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
+ macro.
+
+ * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
+ simplified definition from jit/JITStubs.cpp.
+ (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
+ Use the macro to access trampoline targets through the PLT on PIC
+ systems, instead of introducing a text relocation. Otherwise, the
+ library fails to link.
+
+2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSObject::defineGetter
+ https://bugs.webkit.org/show_bug.cgi?id=71134
+
+ Reviewed by Darin Adler.
+
+ Added defineGetter to the MethodTable. Replaced all virtual versions of defineGetter
+ with static versions. Replaced all call sites with lookups in the MethodTable.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::defineGetter):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ClassInfo.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::defineGetter):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::defineGetter):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncDefineGetter):
+
+2011-10-31 Michael Saboff <msaboff@apple.com>
+
+ Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
+ https://bugs.webkit.org/show_bug.cgi?id=71138
+
+ Restructure and movement of Lexer and Parser code.
+ Moved Lexer and Parser objects out of JSGlobalData.
+ Added a new ParserTokens class and instance to JSGlobalData that
+ have JavaScript token related definitions.
+ Replaced JSGlobalData arguments to Node classes with lineNumber,
+ as that was the only use of the JSGlobalData.
+ Combined JSParser and Parser classes into one class,
+ eliminating JSParser.h and .cpp.
+ Various supporting #include changes.
+
+ These mostly mechanical changes are done in preparation to
+ making the Lexer and Parser template classes.
+
+ Reviewed by Darin Adler.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::toArgumentList):
+ (JSC::ApplyFunctionCallDotNode::emitBytecode):
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::ASTBuilder):
+ (JSC::ASTBuilder::createSourceElements):
+ (JSC::ASTBuilder::createCommaExpr):
+ (JSC::ASTBuilder::createLogicalNot):
+ (JSC::ASTBuilder::createUnaryPlus):
+ (JSC::ASTBuilder::createVoid):
+ (JSC::ASTBuilder::thisExpr):
+ (JSC::ASTBuilder::createResolve):
+ (JSC::ASTBuilder::createObjectLiteral):
+ (JSC::ASTBuilder::createArray):
+ (JSC::ASTBuilder::createNumberExpr):
+ (JSC::ASTBuilder::createString):
+ (JSC::ASTBuilder::createBoolean):
+ (JSC::ASTBuilder::createNull):
+ (JSC::ASTBuilder::createBracketAccess):
+ (JSC::ASTBuilder::createDotAccess):
+ (JSC::ASTBuilder::createRegExp):
+ (JSC::ASTBuilder::createNewExpr):
+ (JSC::ASTBuilder::createConditionalExpr):
+ (JSC::ASTBuilder::createAssignResolve):
+ (JSC::ASTBuilder::createFunctionExpr):
+ (JSC::ASTBuilder::createFunctionBody):
+ (JSC::ASTBuilder::createGetterOrSetterProperty):
+ (JSC::ASTBuilder::createArguments):
+ (JSC::ASTBuilder::createArgumentsList):
+ (JSC::ASTBuilder::createPropertyList):
+ (JSC::ASTBuilder::createElementList):
+ (JSC::ASTBuilder::createFormalParameterList):
+ (JSC::ASTBuilder::createClause):
+ (JSC::ASTBuilder::createClauseList):
+ (JSC::ASTBuilder::createFuncDeclStatement):
+ (JSC::ASTBuilder::createBlockStatement):
+ (JSC::ASTBuilder::createExprStatement):
+ (JSC::ASTBuilder::createIfStatement):
+ (JSC::ASTBuilder::createForLoop):
+ (JSC::ASTBuilder::createForInLoop):
+ (JSC::ASTBuilder::createEmptyStatement):
+ (JSC::ASTBuilder::createVarStatement):
+ (JSC::ASTBuilder::createReturnStatement):
+ (JSC::ASTBuilder::createBreakStatement):
+ (JSC::ASTBuilder::createContinueStatement):
+ (JSC::ASTBuilder::createTryStatement):
+ (JSC::ASTBuilder::createSwitchStatement):
+ (JSC::ASTBuilder::createWhileStatement):
+ (JSC::ASTBuilder::createDoWhileStatement):
+ (JSC::ASTBuilder::createLabelStatement):
+ (JSC::ASTBuilder::createWithStatement):
+ (JSC::ASTBuilder::createThrowStatement):
+ (JSC::ASTBuilder::createDebugger):
+ (JSC::ASTBuilder::createConstStatement):
+ (JSC::ASTBuilder::appendConstDecl):
+ (JSC::ASTBuilder::combineCommaNodes):
+ (JSC::ASTBuilder::appendBinaryOperation):
+ (JSC::ASTBuilder::createAssignment):
+ (JSC::ASTBuilder::createNumber):
+ (JSC::ASTBuilder::makeTypeOfNode):
+ (JSC::ASTBuilder::makeDeleteNode):
+ (JSC::ASTBuilder::makeNegateNode):
+ (JSC::ASTBuilder::makeBitwiseNotNode):
+ (JSC::ASTBuilder::makeMultNode):
+ (JSC::ASTBuilder::makeDivNode):
+ (JSC::ASTBuilder::makeModNode):
+ (JSC::ASTBuilder::makeAddNode):
+ (JSC::ASTBuilder::makeSubNode):
+ (JSC::ASTBuilder::makeLeftShiftNode):
+ (JSC::ASTBuilder::makeRightShiftNode):
+ (JSC::ASTBuilder::makeURightShiftNode):
+ (JSC::ASTBuilder::makeBitOrNode):
+ (JSC::ASTBuilder::makeBitAndNode):
+ (JSC::ASTBuilder::makeBitXOrNode):
+ (JSC::ASTBuilder::makeFunctionCallNode):
+ (JSC::ASTBuilder::makeBinaryNode):
+ (JSC::ASTBuilder::makeAssignNode):
+ (JSC::ASTBuilder::makePrefixNode):
+ (JSC::ASTBuilder::makePostfixNode):
+ * parser/JSParser.cpp: Removed.
+ * parser/JSParser.h: Removed.
+ * parser/Lexer.cpp:
+ (JSC::Keywords::Keywords):
+ (JSC::Lexer::Lexer):
+ (JSC::Lexer::~Lexer):
+ (JSC::Lexer::setCode):
+ (JSC::Lexer::parseIdentifier):
+ * parser/Lexer.h:
+ (JSC::Keywords::isKeyword):
+ (JSC::Keywords::getKeyword):
+ (JSC::Keywords::~Keywords):
+ (JSC::Lexer::setIsReparsing):
+ (JSC::Lexer::isReparsing):
+ (JSC::Lexer::lineNumber):
+ (JSC::Lexer::setLastLineNumber):
+ (JSC::Lexer::lastLineNumber):
+ (JSC::Lexer::prevTerminator):
+ (JSC::Lexer::sawError):
+ (JSC::Lexer::getErrorMessage):
+ (JSC::Lexer::currentOffset):
+ (JSC::Lexer::setOffset):
+ (JSC::Lexer::setLineNumber):
+ (JSC::Lexer::sourceProvider):
+ (JSC::Lexer::isWhiteSpace):
+ (JSC::Lexer::isLineTerminator):
+ (JSC::Lexer::convertHex):
+ (JSC::Lexer::convertUnicode):
+ (JSC::Lexer::makeIdentifier):
+ (JSC::Lexer::lexExpectIdentifier):
+ * parser/NodeConstructors.h:
+ (JSC::ParserArenaFreeable::operator new):
+ (JSC::ParserArenaDeletable::operator new):
+ (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
+ (JSC::Node::Node):
+ (JSC::ExpressionNode::ExpressionNode):
+ (JSC::StatementNode::StatementNode):
+ (JSC::NullNode::NullNode):
+ (JSC::BooleanNode::BooleanNode):
+ (JSC::NumberNode::NumberNode):
+ (JSC::StringNode::StringNode):
+ (JSC::RegExpNode::RegExpNode):
+ (JSC::ThisNode::ThisNode):
+ (JSC::ResolveNode::ResolveNode):
+ (JSC::ElementNode::ElementNode):
+ (JSC::ArrayNode::ArrayNode):
+ (JSC::PropertyNode::PropertyNode):
+ (JSC::PropertyListNode::PropertyListNode):
+ (JSC::ObjectLiteralNode::ObjectLiteralNode):
+ (JSC::BracketAccessorNode::BracketAccessorNode):
+ (JSC::DotAccessorNode::DotAccessorNode):
+ (JSC::ArgumentListNode::ArgumentListNode):
+ (JSC::ArgumentsNode::ArgumentsNode):
+ (JSC::NewExprNode::NewExprNode):
+ (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
+ (JSC::FunctionCallValueNode::FunctionCallValueNode):
+ (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
+ (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
+ (JSC::FunctionCallDotNode::FunctionCallDotNode):
+ (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
+ (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
+ (JSC::PrePostResolveNode::PrePostResolveNode):
+ (JSC::PostfixResolveNode::PostfixResolveNode):
+ (JSC::PostfixBracketNode::PostfixBracketNode):
+ (JSC::PostfixDotNode::PostfixDotNode):
+ (JSC::PostfixErrorNode::PostfixErrorNode):
+ (JSC::DeleteResolveNode::DeleteResolveNode):
+ (JSC::DeleteBracketNode::DeleteBracketNode):
+ (JSC::DeleteDotNode::DeleteDotNode):
+ (JSC::DeleteValueNode::DeleteValueNode):
+ (JSC::VoidNode::VoidNode):
+ (JSC::TypeOfResolveNode::TypeOfResolveNode):
+ (JSC::TypeOfValueNode::TypeOfValueNode):
+ (JSC::PrefixResolveNode::PrefixResolveNode):
+ (JSC::PrefixBracketNode::PrefixBracketNode):
+ (JSC::PrefixDotNode::PrefixDotNode):
+ (JSC::PrefixErrorNode::PrefixErrorNode):
+ (JSC::UnaryOpNode::UnaryOpNode):
+ (JSC::UnaryPlusNode::UnaryPlusNode):
+ (JSC::NegateNode::NegateNode):
+ (JSC::BitwiseNotNode::BitwiseNotNode):
+ (JSC::LogicalNotNode::LogicalNotNode):
+ (JSC::BinaryOpNode::BinaryOpNode):
+ (JSC::MultNode::MultNode):
+ (JSC::DivNode::DivNode):
+ (JSC::ModNode::ModNode):
+ (JSC::AddNode::AddNode):
+ (JSC::SubNode::SubNode):
+ (JSC::LeftShiftNode::LeftShiftNode):
+ (JSC::RightShiftNode::RightShiftNode):
+ (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
+ (JSC::LessNode::LessNode):
+ (JSC::GreaterNode::GreaterNode):
+ (JSC::LessEqNode::LessEqNode):
+ (JSC::GreaterEqNode::GreaterEqNode):
+ (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
+ (JSC::InstanceOfNode::InstanceOfNode):
+ (JSC::InNode::InNode):
+ (JSC::EqualNode::EqualNode):
+ (JSC::NotEqualNode::NotEqualNode):
+ (JSC::StrictEqualNode::StrictEqualNode):
+ (JSC::NotStrictEqualNode::NotStrictEqualNode):
+ (JSC::BitAndNode::BitAndNode):
+ (JSC::BitOrNode::BitOrNode):
+ (JSC::BitXOrNode::BitXOrNode):
+ (JSC::LogicalOpNode::LogicalOpNode):
+ (JSC::ConditionalNode::ConditionalNode):
+ (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
+ (JSC::AssignResolveNode::AssignResolveNode):
+ (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
+ (JSC::AssignBracketNode::AssignBracketNode):
+ (JSC::AssignDotNode::AssignDotNode):
+ (JSC::ReadModifyDotNode::ReadModifyDotNode):
+ (JSC::AssignErrorNode::AssignErrorNode):
+ (JSC::CommaNode::CommaNode):
+ (JSC::ConstStatementNode::ConstStatementNode):
+ (JSC::SourceElements::SourceElements):
+ (JSC::EmptyStatementNode::EmptyStatementNode):
+ (JSC::DebuggerStatementNode::DebuggerStatementNode):
+ (JSC::ExprStatementNode::ExprStatementNode):
+ (JSC::VarStatementNode::VarStatementNode):
+ (JSC::IfNode::IfNode):
+ (JSC::IfElseNode::IfElseNode):
+ (JSC::DoWhileNode::DoWhileNode):
+ (JSC::WhileNode::WhileNode):
+ (JSC::ForNode::ForNode):
+ (JSC::ContinueNode::ContinueNode):
+ (JSC::BreakNode::BreakNode):
+ (JSC::ReturnNode::ReturnNode):
+ (JSC::WithNode::WithNode):
+ (JSC::LabelNode::LabelNode):
+ (JSC::ThrowNode::ThrowNode):
+ (JSC::TryNode::TryNode):
+ (JSC::ParameterNode::ParameterNode):
+ (JSC::FuncExprNode::FuncExprNode):
+ (JSC::FuncDeclNode::FuncDeclNode):
+ (JSC::CaseClauseNode::CaseClauseNode):
+ (JSC::ClauseListNode::ClauseListNode):
+ (JSC::CaseBlockNode::CaseBlockNode):
+ (JSC::SwitchNode::SwitchNode):
+ (JSC::ConstDeclNode::ConstDeclNode):
+ (JSC::BlockNode::BlockNode):
+ (JSC::ForInNode::ForInNode):
+ * parser/NodeInfo.h:
+ * parser/Nodes.cpp:
+ (JSC::StatementNode::setLoc):
+ (JSC::ScopeNode::ScopeNode):
+ (JSC::ProgramNode::ProgramNode):
+ (JSC::ProgramNode::create):
+ (JSC::EvalNode::EvalNode):
+ (JSC::EvalNode::create):
+ (JSC::FunctionBodyNode::FunctionBodyNode):
+ (JSC::FunctionBodyNode::create):
+ * parser/Nodes.h:
+ (JSC::Node::lineNo):
+ * parser/Parser.cpp:
+ (JSC::Parser::Parser):
+ (JSC::Parser::~Parser):
+ (JSC::Parser::parseInner):
+ (JSC::Parser::allowAutomaticSemicolon):
+ (JSC::Parser::parseSourceElements):
+ (JSC::Parser::parseVarDeclaration):
+ (JSC::Parser::parseConstDeclaration):
+ (JSC::Parser::parseDoWhileStatement):
+ (JSC::Parser::parseWhileStatement):
+ (JSC::Parser::parseVarDeclarationList):
+ (JSC::Parser::parseConstDeclarationList):
+ (JSC::Parser::parseForStatement):
+ (JSC::Parser::parseBreakStatement):
+ (JSC::Parser::parseContinueStatement):
+ (JSC::Parser::parseReturnStatement):
+ (JSC::Parser::parseThrowStatement):
+ (JSC::Parser::parseWithStatement):
+ (JSC::Parser::parseSwitchStatement):
+ (JSC::Parser::parseSwitchClauses):
+ (JSC::Parser::parseSwitchDefaultClause):
+ (JSC::Parser::parseTryStatement):
+ (JSC::Parser::parseDebuggerStatement):
+ (JSC::Parser::parseBlockStatement):
+ (JSC::Parser::parseStatement):
+ (JSC::Parser::parseFormalParameters):
+ (JSC::Parser::parseFunctionBody):
+ (JSC::Parser::parseFunctionInfo):
+ (JSC::Parser::parseFunctionDeclaration):
+ (JSC::LabelInfo::LabelInfo):
+ (JSC::Parser::parseExpressionOrLabelStatement):
+ (JSC::Parser::parseExpressionStatement):
+ (JSC::Parser::parseIfStatement):
+ (JSC::Parser::parseExpression):
+ (JSC::Parser::parseAssignmentExpression):
+ (JSC::Parser::parseConditionalExpression):
+ (JSC::isUnaryOp):
+ (JSC::Parser::isBinaryOperator):
+ (JSC::Parser::parseBinaryExpression):
+ (JSC::Parser::parseProperty):
+ (JSC::Parser::parseObjectLiteral):
+ (JSC::Parser::parseStrictObjectLiteral):
+ (JSC::Parser::parseArrayLiteral):
+ (JSC::Parser::parsePrimaryExpression):
+ (JSC::Parser::parseArguments):
+ (JSC::Parser::parseMemberExpression):
+ (JSC::Parser::parseUnaryExpression):
+ * parser/Parser.h:
+ (JSC::isEvalNode):
+ (JSC::EvalNode):
+ (JSC::DepthManager::DepthManager):
+ (JSC::DepthManager::~DepthManager):
+ (JSC::ScopeLabelInfo::ScopeLabelInfo):
+ (JSC::Scope::Scope):
+ (JSC::Scope::startSwitch):
+ (JSC::Scope::endSwitch):
+ (JSC::Scope::startLoop):
+ (JSC::Scope::endLoop):
+ (JSC::Scope::inLoop):
+ (JSC::Scope::breakIsValid):
+ (JSC::Scope::continueIsValid):
+ (JSC::Scope::pushLabel):
+ (JSC::Scope::popLabel):
+ (JSC::Scope::getLabel):
+ (JSC::Scope::setIsFunction):
+ (JSC::Scope::isFunction):
+ (JSC::Scope::isFunctionBoundary):
+ (JSC::Scope::declareVariable):
+ (JSC::Scope::declareWrite):
+ (JSC::Scope::preventNewDecls):
+ (JSC::Scope::allowsNewDecls):
+ (JSC::Scope::declareParameter):
+ (JSC::Scope::useVariable):
+ (JSC::Scope::setNeedsFullActivation):
+ (JSC::Scope::collectFreeVariables):
+ (JSC::Scope::getUncapturedWrittenVariables):
+ (JSC::Scope::getCapturedVariables):
+ (JSC::Scope::setStrictMode):
+ (JSC::Scope::strictMode):
+ (JSC::Scope::isValidStrictMode):
+ (JSC::Scope::shadowsArguments):
+ (JSC::Scope::copyCapturedVariablesToVector):
+ (JSC::Scope::saveFunctionInfo):
+ (JSC::Scope::restoreFunctionInfo):
+ (JSC::ScopeRef::ScopeRef):
+ (JSC::ScopeRef::operator->):
+ (JSC::ScopeRef::index):
+ (JSC::ScopeRef::hasContainingScope):
+ (JSC::ScopeRef::containingScope):
+ (JSC::Parser::AllowInOverride::AllowInOverride):
+ (JSC::Parser::AllowInOverride::~AllowInOverride):
+ (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
+ (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
+ (JSC::Parser::AutoPopScopeRef::setPopped):
+ (JSC::Parser::currentScope):
+ (JSC::Parser::pushScope):
+ (JSC::Parser::popScopeInternal):
+ (JSC::Parser::popScope):
+ (JSC::Parser::declareVariable):
+ (JSC::Parser::declareWrite):
+ (JSC::Parser::findCachedFunctionInfo):
+ (JSC::Parser::isFunctionBodyNode):
+ (JSC::Parser::next):
+ (JSC::Parser::nextExpectIdentifier):
+ (JSC::Parser::nextTokenIsColon):
+ (JSC::Parser::consume):
+ (JSC::Parser::getToken):
+ (JSC::Parser::match):
+ (JSC::Parser::tokenStart):
+ (JSC::Parser::tokenLine):
+ (JSC::Parser::tokenEnd):
+ (JSC::Parser::getTokenName):
+ (JSC::Parser::updateErrorMessageSpecialCase):
+ (JSC::Parser::updateErrorMessage):
+ (JSC::Parser::updateErrorWithNameAndMessage):
+ (JSC::Parser::startLoop):
+ (JSC::Parser::endLoop):
+ (JSC::Parser::startSwitch):
+ (JSC::Parser::endSwitch):
+ (JSC::Parser::setStrictMode):
+ (JSC::Parser::strictMode):
+ (JSC::Parser::isValidStrictMode):
+ (JSC::Parser::declareParameter):
+ (JSC::Parser::breakIsValid):
+ (JSC::Parser::continueIsValid):
+ (JSC::Parser::pushLabel):
+ (JSC::Parser::popLabel):
+ (JSC::Parser::getLabel):
+ (JSC::Parser::autoSemiColon):
+ (JSC::Parser::canRecurse):
+ (JSC::Parser::lastTokenEnd):
+ (JSC::Parser::DepthManager::DepthManager):
+ (JSC::Parser::DepthManager::~DepthManager):
+ (JSC::Parser::parse):
+ (JSC::parse):
+ * parser/ParserTokens.h: Added.
+ (JSC::JSTokenInfo::JSTokenInfo):
+ * parser/SourceCode.h:
+ (JSC::SourceCode::subExpression):
+ * parser/SourceProviderCacheItem.h:
+ * parser/SyntaxChecker.h:
+ (JSC::SyntaxChecker::SyntaxChecker):
+ (JSC::SyntaxChecker::makeFunctionCallNode):
+ (JSC::SyntaxChecker::createCommaExpr):
+ (JSC::SyntaxChecker::makeAssignNode):
+ (JSC::SyntaxChecker::makePrefixNode):
+ (JSC::SyntaxChecker::makePostfixNode):
+ (JSC::SyntaxChecker::makeTypeOfNode):
+ (JSC::SyntaxChecker::makeDeleteNode):
+ (JSC::SyntaxChecker::makeNegateNode):
+ (JSC::SyntaxChecker::makeBitwiseNotNode):
+ (JSC::SyntaxChecker::createLogicalNot):
+ (JSC::SyntaxChecker::createUnaryPlus):
+ (JSC::SyntaxChecker::createVoid):
+ (JSC::SyntaxChecker::thisExpr):
+ (JSC::SyntaxChecker::createResolve):
+ (JSC::SyntaxChecker::createObjectLiteral):
+ (JSC::SyntaxChecker::createArray):
+ (JSC::SyntaxChecker::createNumberExpr):
+ (JSC::SyntaxChecker::createString):
+ (JSC::SyntaxChecker::createBoolean):
+ (JSC::SyntaxChecker::createNull):
+ (JSC::SyntaxChecker::createBracketAccess):
+ (JSC::SyntaxChecker::createDotAccess):
+ (JSC::SyntaxChecker::createRegExp):
+ (JSC::SyntaxChecker::createNewExpr):
+ (JSC::SyntaxChecker::createConditionalExpr):
+ (JSC::SyntaxChecker::createAssignResolve):
+ (JSC::SyntaxChecker::createFunctionExpr):
+ (JSC::SyntaxChecker::createFunctionBody):
+ (JSC::SyntaxChecker::createArguments):
+ (JSC::SyntaxChecker::createArgumentsList):
+ (JSC::SyntaxChecker::createProperty):
+ (JSC::SyntaxChecker::createPropertyList):
+ (JSC::SyntaxChecker::createFuncDeclStatement):
+ (JSC::SyntaxChecker::createBlockStatement):
+ (JSC::SyntaxChecker::createExprStatement):
+ (JSC::SyntaxChecker::createIfStatement):
+ (JSC::SyntaxChecker::createForLoop):
+ (JSC::SyntaxChecker::createForInLoop):
+ (JSC::SyntaxChecker::createEmptyStatement):
+ (JSC::SyntaxChecker::createVarStatement):
+ (JSC::SyntaxChecker::createReturnStatement):
+ (JSC::SyntaxChecker::createBreakStatement):
+ (JSC::SyntaxChecker::createContinueStatement):
+ (JSC::SyntaxChecker::createTryStatement):
+ (JSC::SyntaxChecker::createSwitchStatement):
+ (JSC::SyntaxChecker::createWhileStatement):
+ (JSC::SyntaxChecker::createWithStatement):
+ (JSC::SyntaxChecker::createDoWhileStatement):
+ (JSC::SyntaxChecker::createLabelStatement):
+ (JSC::SyntaxChecker::createThrowStatement):
+ (JSC::SyntaxChecker::createDebugger):
+ (JSC::SyntaxChecker::createConstStatement):
+ (JSC::SyntaxChecker::appendConstDecl):
+ (JSC::SyntaxChecker::createGetterOrSetterProperty):
+ (JSC::SyntaxChecker::combineCommaNodes):
+ (JSC::SyntaxChecker::operatorStackPop):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::checkSyntax):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+
+2011-10-31 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
+ https://bugs.webkit.org/show_bug.cgi?id=71227
+
+ Reviewed by Oliver Hunt.
+
+ No new tests, since while I can see exactly where the DFG went wrong on the
+ site in question from looking at the generated machine code, and while I can
+ certainly believe that such a scenario would happen, I cannot visualize how
+ to make it happen reproducibly. It requires an odd combination of double
+ values getting spilled and then refilled, but then reboxed at just the right
+ time so that the spilled value is an unboxed double while the in-register
+ value is a boxed double.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-30 Filip Pizlo <fpizlo@apple.com>
+
+ JSParser::parsePrimaryExpression should have an overflow check
+ https://bugs.webkit.org/show_bug.cgi?id=71197
+
+ Reviewed by Geoff Garen.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::parsePrimaryExpression):
+
+2011-10-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ValueAdd(string, int) should not fail speculation
+ https://bugs.webkit.org/show_bug.cgi?id=71195
+
+ Reviewed by Geoff Garen.
+
+ 1% speed-up on V8.
+
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldNotSpeculateInteger):
+ (JSC::DFG::Node::shouldSpeculateInteger):
+
+2011-10-30 Filip Pizlo <fpizlo@apple.com>
+
+ The DFG inliner should not flush the callee
+ https://bugs.webkit.org/show_bug.cgi?id=71191
+
+ Reviewed by Oliver Hunt.
+
+ 0.6% speed-up on V8.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeOrigin.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::flush):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrameSlow):
+
+2011-10-28 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
+ https://bugs.webkit.org/show_bug.cgi?id=70968
+
+ Reviewed by Geoffrey Garen.
+
+ * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
+ TypeInfo. Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that
+ needed it because Windows wouldn't build without it.
+ (JSC::::createStructure):
+ * API/JSCallbackObject.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure.
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.h: Ditto
+ (JSC::ErrorPrototype::createStructure):
+ * runtime/JSActivation.h: Ditto
+ (JSC::JSActivation::createStructure):
+ * runtime/JSGlobalObject.h: Ditto
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSObject.h: De-virtualized functions. They now check the JSType of the object for the corresponding type.
+ (JSC::JSObject::isGlobalObject):
+ (JSC::JSObject::isVariableObject):
+ (JSC::JSObject::isActivationObject):
+ (JSC::JSObject::isErrorInstance):
+ * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
+ * runtime/JSVariableObject.cpp: Removed virtual function.
+ * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
+ (JSC::JSVariableObject::createStructure):
+
+2011-10-28 Pavel Feldman <pfeldman@google.com>
+
+ Reset line numbers for scripts generated with document.write.
+ https://bugs.webkit.org/show_bug.cgi?id=71099
+
+ Reviewed by Yury Semikhatsky.
+
+ * wtf/text/TextPosition.h:
+ (WTF::OrdinalNumber::OrdinalNumber):
+
+2011-10-27 Daniel Bates <dbates@rim.com>
+
+ CMake: Add support to optionally install the built JavaScript shell
+ https://bugs.webkit.org/show_bug.cgi?id=71062
+
+ Reviewed by Antonio Gomes.
+
+ Generate an installation rule for installing the JavaScript shell in
+ /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
+ is defined.
+
+ * shell/CMakeLists.txt:
+
+2011-10-27 Kentaro Hara <haraken@chromium.org>
+
+ Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
+ https://bugs.webkit.org/show_bug.cgi?id=70215
+
+ Reviewed by Adam Barth.
+
+ Added a method that judges if a given JSValue is empty.
+
+ Tests: transforms/svg-vs-css.xhtml
+ transforms/cssmatrix-2d-interface.xhtml
+ transforms/cssmatrix-3d-interface.xhtml
+
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::isEmpty):
+
+2011-10-27 Michael Saboff <msaboff@apple.com>
+
+ ENH: Add 8 bit string support to JSC JIT
+ https://bugs.webkit.org/show_bug.cgi?id=71073
+
+ Changed the JIT String character access generation to create code
+ to check the character size and load8() or load16() as approriate.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movzbl_mr):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadCharacterString):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/JSInterfaceJIT.h:
+ (JSC::ThunkHelpers::stringImplFlagsOffset):
+ (JSC::ThunkHelpers::stringImpl8BitFlag):
+ * jit/ThunkGenerators.cpp:
+ (JSC::stringCharLoad):
+
+2011-10-27 Filip Pizlo <fpizlo@apple.com>
+
+ If the bytecode generator emits code after the return in the first basic block,
+ DFG's inliner crashes
+ https://bugs.webkit.org/show_bug.cgi?id=71071
+
+ Reviewed by Gavin Barraclough.
+
+ Removed some cruft dealing with parsing failures due to unsupported functionality
+ (that's never reached anymore due to it being caught in DFGCapabilities). This
+ allowed me to repurpose the bool return from parseBlock() to mean: true if we
+ should continue to parse, or false if we've already parsed all live code.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+
+2011-10-27 Joseph Pecoraro <pecoraro@apple.com>
+
+ Reviewed by David Kilzer.
+
+ Make FeatureDefines Identical Across OS X Projects
+ https://bugs.webkit.org/show_bug.cgi?id=71051
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-27 Filip Pizlo <fpizlo@apple.com>
+
+ Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
+ https://bugs.webkit.org/show_bug.cgi?id=71045
+
+ Reviewed by Geoff Garen.
+
+ Make sure that if a structure is pinned, it also has a property map.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::pin):
+ (JSC::Structure::copyPropertyTableForPinning):
+ * runtime/Structure.h:
+ (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
+
+2011-10-27 Michael Saboff <msaboff@apple.com>
+
+ 32bit build failure after r98624
+ https://bugs.webkit.org/show_bug.cgi?id=71064
+
+ Disambiguated operator overload with unsigned index (0u).
+
+ Reviewed by Sam Weinig.
+
+ * runtime/UString.h:
+ (JSC::operator==):
+
+2011-10-27 Gustavo Noronha Silva <gns@gnome.org>
+
+ Fix building on GNU/kFreeBSD
+ https://bugs.webkit.org/show_bug.cgi?id=71005
+
+ Reviewed by Darin Adler.
+
+ * config.h:
+ * wtf/Platform.h:
+
+2011-10-27 Michael Saboff <msaboff@apple.com>
+
+ Investigate storing strings in 8-bit buffers when possible
+ https://bugs.webkit.org/show_bug.cgi?id=66161
+
+ Investigate storing strings in 8-bit buffers when possible
+ https://bugs.webkit.org/show_bug.cgi?id=66161
+
+ Added support for 8 bit string data in StringImpl. Changed
+ (UChar*) m_data to m_data16. Added char* m_data8 as a union
+ with m_data16. Added UChar* m_copyData16 to the other union
+ to store a 16 bit copy of an 8 bit string when needed.
+ Added characters8() and characters16() accessor methods
+ that assume the caller has checked the underlying string type
+ via the new is8Bit() method. The characters() method will
+ return a UChar* of the string, materializing a 16 bit copy if the
+ string is an 8 bit string. Added two flags, one for 8 bit buffer
+ and a second for a 16 bit copy for an 8 bit string.
+
+ Fixed method name typo (StringHasher::defaultCoverter()).
+
+ Over time the goal is to eliminate calls to characters() and
+ us the character8() and characters16() accessors.
+
+ This patch does not include changes that actually create 8 bit
+ strings. This is the first of at least 8 patches. Subsequent
+ patches will be submitted for JIT changes, making the JSC lexer,
+ parser and literal parser, JavaScript string changes and
+ then changes in webcore to take advantage of the 8 bit strings.
+
+ This change is performance neutral for SunSpider and V8 when
+ run from the command line with "jsc".
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ * parser/SourceProvider.h:
+ (JSC::UStringSourceProvider::data):
+ (JSC::UStringSourceProvider::UStringSourceProvider):
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierCStringTranslator::hash):
+ (JSC::IdentifierCStringTranslator::equal):
+ (JSC::IdentifierCStringTranslator::translate):
+ (JSC::Identifier::add):
+ (JSC::Identifier::toUInt32):
+ * runtime/Identifier.h:
+ (JSC::Identifier::equal):
+ (JSC::operator==):
+ (JSC::operator!=):
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match):
+ * runtime/StringPrototype.cpp:
+ (JSC::jsSpliceSubstringsWithSeparators):
+ * runtime/UString.cpp:
+ (JSC::UString::UString):
+ (JSC::equalSlowCase):
+ (JSC::UString::utf8):
+ * runtime/UString.h:
+ (JSC::UString::characters):
+ (JSC::UString::characters8):
+ (JSC::UString::characters16):
+ (JSC::UString::is8Bit):
+ (JSC::UString::operator[]):
+ (JSC::UString::find):
+ (JSC::operator==):
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::computeHash):
+ (WTF::StringHasher::defaultConverter):
+ * wtf/text/AtomicString.cpp:
+ (WTF::CStringTranslator::hash):
+ (WTF::CStringTranslator::equal):
+ (WTF::CStringTranslator::translate):
+ (WTF::AtomicString::add):
+ * wtf/text/AtomicString.h:
+ (WTF::AtomicString::AtomicString):
+ (WTF::AtomicString::contains):
+ (WTF::AtomicString::find):
+ (WTF::AtomicString::add):
+ (WTF::operator==):
+ (WTF::operator!=):
+ (WTF::equalIgnoringCase):
+ * wtf/text/StringConcatenate.h:
+ * wtf/text/StringHash.h:
+ (WTF::StringHash::equal):
+ (WTF::CaseFoldingHash::hash):
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::~StringImpl):
+ (WTF::StringImpl::createUninitialized):
+ (WTF::StringImpl::create):
+ (WTF::StringImpl::getData16SlowCase):
+ (WTF::StringImpl::containsOnlyWhitespace):
+ (WTF::StringImpl::substring):
+ (WTF::StringImpl::characterStartingAt):
+ (WTF::StringImpl::lower):
+ (WTF::StringImpl::upper):
+ (WTF::StringImpl::fill):
+ (WTF::StringImpl::foldCase):
+ (WTF::StringImpl::stripMatchedCharacters):
+ (WTF::StringImpl::removeCharacters):
+ (WTF::StringImpl::simplifyMatchedCharactersToSpace):
+ (WTF::StringImpl::toIntStrict):
+ (WTF::StringImpl::toUIntStrict):
+ (WTF::StringImpl::toInt64Strict):
+ (WTF::StringImpl::toUInt64Strict):
+ (WTF::StringImpl::toIntPtrStrict):
+ (WTF::StringImpl::toInt):
+ (WTF::StringImpl::toUInt):
+ (WTF::StringImpl::toInt64):
+ (WTF::StringImpl::toUInt64):
+ (WTF::StringImpl::toIntPtr):
+ (WTF::StringImpl::toDouble):
+ (WTF::StringImpl::toFloat):
+ (WTF::equal):
+ (WTF::equalIgnoringCase):
+ (WTF::StringImpl::find):
+ (WTF::StringImpl::findIgnoringCase):
+ (WTF::StringImpl::reverseFind):
+ (WTF::StringImpl::replace):
+ (WTF::StringImpl::defaultWritingDirection):
+ (WTF::StringImpl::adopt):
+ (WTF::StringImpl::createWithTerminatingNullCharacter):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl):
+ (WTF::StringImpl::create):
+ (WTF::StringImpl::create8):
+ (WTF::StringImpl::tryCreateUninitialized):
+ (WTF::StringImpl::flagsOffset):
+ (WTF::StringImpl::flagIs8Bit):
+ (WTF::StringImpl::dataOffset):
+ (WTF::StringImpl::is8Bit):
+ (WTF::StringImpl::characters8):
+ (WTF::StringImpl::characters16):
+ (WTF::StringImpl::characters):
+ (WTF::StringImpl::has16BitShadow):
+ (WTF::StringImpl::setHash):
+ (WTF::StringImpl::hash):
+ (WTF::StringImpl::copyChars):
+ (WTF::StringImpl::operator[]):
+ (WTF::StringImpl::find):
+ (WTF::StringImpl::findIgnoringCase):
+ (WTF::equal):
+ (WTF::equalIgnoringCase):
+ (WTF::StringImpl::isolatedCopy):
+ * wtf/text/WTFString.cpp:
+ (WTF::String::String):
+ (WTF::String::append):
+ (WTF::String::format):
+ (WTF::String::fromUTF8):
+ (WTF::String::fromUTF8WithLatin1Fallback):
+ * wtf/text/WTFString.h:
+ (WTF::String::find):
+ (WTF::String::findIgnoringCase):
+ (WTF::String::contains):
+ (WTF::String::append):
+ (WTF::String::fromUTF8):
+ (WTF::String::fromUTF8WithLatin1Fallback):
+ (WTF::operator==):
+ (WTF::operator!=):
+ (WTF::equalIgnoringCase):
+ * wtf/unicode/Unicode.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::execute):
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::YarrCodeBlock::execute):
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::Parser):
+
+2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing windows build
+
+ Unreviewed build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add ability to check for presence of static members at compile time
+ https://bugs.webkit.org/show_bug.cgi?id=70986
+
+ Reviewed by Geoffrey Garen.
+
+ Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the
+ HAS_MEMBER_NAMED macro to use that template to check if the specified class
+ does indeed have a method with that name. This mechanism is not currently
+ used anywhere, but will be in the future when adding virtual methods from
+ JSObject to the MethodTable.
+
+ * runtime/ClassInfo.h:
+
+2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::toThisObject
+ https://bugs.webkit.org/show_bug.cgi?id=70958
+
+ Reviewed by Geoffrey Garen.
+
+ Converted all instances of toThisObject to static functions,
+ added toThisObject to the MethodTable, and replaced all call sites
+ with a corresponding lookup in the MethodTable.
+
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::toThisObject):
+ * runtime/JSActivation.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toThisObject):
+ * runtime/JSCell.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::toThisObject):
+ * runtime/JSObject.h:
+ (JSC::JSValue::toThisObject):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::toThisObject):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::toThisObject):
+ * runtime/JSString.h:
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::toThisObject):
+ * runtime/StrictEvalActivation.h:
+
+2011-10-27 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix a small bug in callOperation after r98431
+ https://bugs.webkit.org/show_bug.cgi?id=70984
+
+ Reviewed by Geoffrey Garen.
+
+ TrustedImmPtr is not expecting "int" type parameters.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+
+2011-10-26 Oliver Hunt <oliver@apple.com>
+
+ Restore structure-clearing behaviour of allocateCell<>
+ https://bugs.webkit.org/show_bug.cgi?id=70976
+
+ Reviewed by Geoffrey Garen.
+
+ This restores the logic that allows the markstack to filter
+ live objects that have not yet been initialised.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::clearStructure):
+ Validation-safe method to clear a cell's structure.
+ (JSC::allocateCell):
+ Call the above method.
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+ Don't visit cells that haven't been initialised.
+
+2011-10-26 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r97030): Cannot log in to progressive.com
+ https://bugs.webkit.org/show_bug.cgi?id=70094
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+
+2011-10-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getOwnPropertySlotVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70741
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all declarations and definitions of getOwnPropertySlotVirtual.
+ Also replaced all call sites to getOwnPropertyVirtualVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertyDescriptor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/ErrorPrototype.cpp:
+ * runtime/ErrorPrototype.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::getOwnPropertyNames):
+ (JSC::JSFunction::put):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::Walker::walk):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlotByIndex):
+ (JSC::JSObject::hasOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSCell::fastGetOwnPropertySlot):
+ (JSC::JSObject::getPropertySlot):
+ (JSC::JSValue::get):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ * runtime/JSString.h:
+ * runtime/MathObject.cpp:
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::createStructure):
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ * runtime/StringPrototype.h:
+
+2011-10-26 Alejandro G. Castro <alex@igalia.com>
+
+ [GTK] [WK2] Add WebKit2 distcheck support
+ https://bugs.webkit.org/show_bug.cgi?id=70933
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
+
+2011-10-26 Michael Saboff <msaboff@apple.com>
+
+ Increase StringImpl Flag Bits for 8 bit Strings
+ https://bugs.webkit.org/show_bug.cgi?id=70937
+
+ Increased the number of bits used for flags in StringImpl
+ from 6 to 8 bits. This frees up 2 flag bits that will be
+ used for 8-bit string support. Updated hash methods accordingly.
+ Changed hash value masking from the low bits to the high
+ bits.
+
+ Reviewed by Darin Adler.
+
+ * create_hash_table:
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::hash):
+ * wtf/text/StringImpl.h:
+
+2011-10-26 Dan Bernstein <mitz@apple.com>
+
+ Build fix.
+
+ Reverted r98488, which caused the scripts’ status messages to be included in the generated
+ files.
+
+ * create_hash_table:
+ * create_jit_stubs:
+
+2011-10-26 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ Don't print regular output to STDERR when generating hashtables and JIT stubs
+
+ Reviewed by Simon Hausmann.
+
+ * create_hash_table:
+ * create_jit_stubs:
+
+2011-10-25 Gavin Barraclough <barraclough@apple.com>
+
+ Split DFGJITCodeGenerator::callOperation methods
+ https://bugs.webkit.org/show_bug.cgi?id=70870
+
+ Reviewed by Filip Pizlo.
+
+ The DFGJITCodeGenerator currently contains two sets of callOperation methods.
+ One set works with the JSVALUE64 value representation and passes arguments in
+ registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
+ value representation and passes arguments in memory (suitable for use on x86).
+ By refactoring out the representation and calling convention specific aspects
+ of the code we can also configure the DFG JIT to operator on platforms that use
+ the JSVALUE32_64 value representation but pass arguments in registers.
+
+ On platforms supported by the JIT, the payload precedes the tag of a value in
+ argument/result ordering, as such, in order to make the setupResults method
+ generally applicable to return the results of a function that are returned in
+ two registers, the ordering of arguments to this function has been reversed -
+ as is the ordering of augments passed to setupArguments methods, with respect
+ to the ordering with which they are passed in to callOperation.
+ This inconsistency will be resolved in a later change when we combine the pairs
+ of arguments passed into callOperation, such that the function signatures can
+ be made consistent across the two value representations (the callOperation
+ methods will be passed a reference to a struct representing the JSValue
+ temporary, this will consist of two gprs on 32_64 and one on 64).
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::resetCallArguments):
+ (JSC::DFG::addCallArgument):
+ - moved, removed tag,payload version of this method.
+ (JSC::DFG::setupArguments):
+ (JSC::DFG::setupArgumentsExecState):
+ (JSC::DFG::setupArgumentsWithExecState):
+ - Calling convention specific portion of callOperation refactored out into these methods.
+ (JSC::DFG::callOperation):
+ - updated these methods to use setupArguments* methods.
+ (JSC::DFG::setupResults):
+ - setupResults is now passed payload,tag.
+ (JSC::DFG::appendCallWithExceptionCheckSetResult):
+ - Added fpr versions of this function.
+ (JSC::DFG::appendCallSetResult):
+ - Added versions of this function without exception check.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ - setupResults is now passed payload,tag.
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove deletePropertyVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70738
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all declarations and definitions of deletePropertyVirtual.
+ Also replaced all call sites to deletePropertyVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deletePropertyByIndex):
+ * API/JSObjectRef.cpp:
+ (JSObjectDeleteProperty):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::deleteProperty):
+ * debugger/DebuggerActivation.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deleteProperty):
+ (JSC::JSArray::deletePropertyByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deleteProperty):
+ (JSC::JSCell::deletePropertyByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deletePropertyByIndex):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ * runtime/JSVariableObject.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/StrictEvalActivation.cpp:
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove putVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70740
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all declarations and definitions of putVirtual.
+ Also replaced all call sites to putVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectSetProperty):
+ (JSObjectSetPropertyAtIndex):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::put):
+ * debugger/DebuggerActivation.h:
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::privateExecute):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::putProperty):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putSlowCase):
+ (JSC::JSArray::push):
+ (JSC::JSArray::shiftCount):
+ (JSC::JSArray::unshiftCount):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::put):
+ (JSC::JSCell::putByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putByIndex):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSValue::put):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+
+2011-10-25 Gavin Barraclough <barraclough@apple.com>
+
+ Separate out function linking & exception check data structures.
+ https://bugs.webkit.org/show_bug.cgi?id=70858
+
+ Reviewed by Oliver Hunt.
+
+ This will make it easier to refactor the callOperation methods to spilt the value
+ representation specific handling from the cpu/calling-convention implementation.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::appendCallWithExceptionCheck):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::CallLinkRecord::CallLinkRecord):
+ (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
+ (JSC::DFG::JITCompiler::JITCompiler):
+ (JSC::DFG::JITCompiler::notifyCall):
+ (JSC::DFG::JITCompiler::appendCall):
+ (JSC::DFG::JITCompiler::addExceptionCheck):
+ (JSC::DFG::JITCompiler::addFastExceptionCheck):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+
+2011-10-25 Filip Pizlo <fpizlo@apple.com>
+
+ Tiered compilation may introduce dangling pointers in constant buffers
+ https://bugs.webkit.org/show_bug.cgi?id=70854
+
+ Reviewed by Oliver Hunt.
+
+ Tiered compilation now copies constant buffers, which fixes the regression in
+ https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
+ regression relies on a subtle interleaving of optimized compilation and garbage
+ collection, and cannot be reproduced in a simple test.
+
+ This also adds some new debug support, which was used to fix this bug and is
+ likely to be useful in the future.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::copyDataFrom):
+ (JSC::CodeBlock::usesOpcode):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing Windows build after r98367
+
+ Unreviewed build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-25 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add missing DFG file entries to the make lists for GTK and Qt ports
+ https://bugs.webkit.org/show_bug.cgi?id=70806
+
+ Reviewed by Darin Adler.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+
+2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add getOwnPropertySlot to MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=69807
+
+ Reviewed by Oliver Hunt.
+
+ * JavaScriptCore.exp:
+ * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
+ * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can
+ reference it in their MethodTables.
+
+2011-10-25 Oliver Hunt <oliver@apple.com>
+
+ Need to support marking of multiple nested codeblocks when compiling
+ https://bugs.webkit.org/show_bug.cgi?id=70832
+
+ Reviewed by Gavin Barraclough.
+
+ When inlining a function we end up with multiple codeblocks being
+ compiled at the same time, so we need to support a list of live
+ codeblocks.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::startedCompiling):
+ (JSC::JSGlobalData::finishedCompiling):
+
+2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
+ https://bugs.webkit.org/show_bug.cgi?id=70798
+
+ Reviewed by Filip Pizlo.
+
+ When filling an integer for a known integer node (not speculated), it
+ should accept DataFormatJSInteger as well.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+
+2011-10-24 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: removed some cases of threadsafeCopy() that I missed in
+ my previous patch.
+
+ * JavaScriptCore.order:
+
+2011-10-24 Geoffrey Garen <ggaren@apple.com>
+
+ Removed SharedUChar and tightened language around its previous uses
+ https://bugs.webkit.org/show_bug.cgi?id=70698
+
+ Reviewed by David Levin.
+
+ - Removed SharedUChar because most of its functionality has moved into
+ other abstraction layers, and we want remaining clients to choose their
+ abstractions explicitly instead of relying on StringImpl to provide this
+ behavior implicitly, since we think they can sometimes make more efficient
+ choices.
+
+ - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
+ the former names could give the impression that the resulting object was
+ thread-safe, but actually it's just an isolated copy, which is not
+ thread-safe by itself, but can be used to implement a thread-safe
+ algorithm through isolation.
+
+ * wtf/CrossThreadRefCounted.h: Removed.
+
+ * JavaScriptCore.exp: Export!
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
+
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::length): Ditto.
+
+ (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
+
+ * wtf/text/WTFString.cpp:
+ (WTF::String::isolatedCopy):
+ * wtf/text/WTFString.h: Updated for StringImpl changes.
+
+ * API/OpaqueJSString.h:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/OwnFastMallocPtr.h:
+ * wtf/RefCounted.h:
+ * wtf/SizeLimits.cpp:
+ * wtf/ThreadSafeRefCounted.h:
+ * wtf/wtf.pri:
+ * yarr/YarrPattern.h: Updated these files to accomodate removal of
+ CrossThreadRefCounted.h.
+
+2011-10-24 Oliver Hunt <oliver@apple.com>
+
+ Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
+ https://bugs.webkit.org/show_bug.cgi?id=70689
+
+ Reviewed by Filip Pizlo.
+
+ While performing codegen we need to make the GlobalData explicitly
+ aware of the codeblock being compiled, as compilation may trigger GC
+ and CodeBlock holds GC values, but has not yet been assigned to its
+ owner executable.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::~BytecodeGenerator):
+ * bytecompiler/BytecodeGenerator.h:
+ * heap/AllocationSpace.cpp:
+ (JSC::AllocationSpace::allocateSlowCase):
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::startedCompiling):
+ (JSC::JSGlobalData::finishedCompiling):
+
+2011-10-24 Filip Pizlo <fpizlo@apple.com>
+
+ Object-or-other branch speculation may corrupt the state for OSR if the child of the
+ branch is an integer
+ https://bugs.webkit.org/show_bug.cgi?id=70777
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+
+2011-10-24 Filip Pizlo <fpizlo@apple.com>
+
+ op_new_array_buffer is not inlined correctly
+ https://bugs.webkit.org/show_bug.cgi?id=70770
+
+ Reviewed by Oliver Hunt.
+
+ Disabled inlining of op_new_array_buffer, for now.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canInlineOpcode):
+
+2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add boolean speculations to DFG JIT 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=70706
+
+ Reviewed by Filip Pizlo.
+
+ Different from the boolean speculations in DFG 64, the boolean
+ speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
+ boolean instead of a JSBoolean. This choice is not only for
+ performance, but also to save a register as we're short of registers on
+ X86.
+ To accomplish this we make use of DataFormatBoolean, allow a value to
+ be represented as a primitive boolean and converted from/to a
+ JSBoolean.
+ This patch also fixes SpillOrder in 32_64, which should be different
+ from 64, and fixes needDataFormatConversion logic in 32_64.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ We don't expect byte test actually as it doesn't work for registers
+ esp..edi on X86.
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::needDataFormatConversion):
+ (JSC::DFG::GenerationInfo::initBoolean):
+ (JSC::DFG::GenerationInfo::gpr):
+ (JSC::DFG::GenerationInfo::fillInteger):
+ (JSC::DFG::GenerationInfo::fillBoolean):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::cellResult):
+ (JSC::DFG::booleanResult):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
+ (JSC::DFG::ValueRecovery::inGPR):
+ (JSC::DFG::ValueRecovery::gpr):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing Windows build
+
+ Unreviewed build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ BitVector isInline check could fail
+ https://bugs.webkit.org/show_bug.cgi?id=70691
+
+ Reviewed by Geoffrey Garen.
+
+ Current BitVector uses the highest bit of m_bitsOrPointer to indicate
+ whether it's an inlined bit set or a pointer to an outOfLine bit set.
+ This check may fail in case the pointer also has the highest bit set,
+ which is surely possible on IA32 (Linux).
+ In this case the check failure can result in unexpected behaviors,
+ for example if the BitVector is incorrectly determined as having an
+ inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
+ modify the memory adjacent to the BitVector object.
+ This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
+ or outofline, based on the assumption that the pointer to OutOfLineBits
+ should be 4 or 8 byte aligned.
+ We could mark the lowest bit (bit 0) with 1 for inlined bit set,
+ and bits 1~bitsInPointer are used for bit set/test.
+ In this case we need do one bit more shift for bit set/test.
+
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::resizeOutOfLine):
+ * wtf/BitVector.h:
+ (WTF::BitVector::quickGet):
+ (WTF::BitVector::quickSet):
+ (WTF::BitVector::quickClear):
+ (WTF::BitVector::makeInlineBits):
+ (WTF::BitVector::isInline):
+
+2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
+ https://bugs.webkit.org/show_bug.cgi?id=70271
+
+ Reviewed by Darin Adler.
+
+ Renaming versions of getOwnPropertySlot that use an unsigned as the property
+ name to "getOwnPropertySlotByIndex" in preparation for adding them to the
+ MethodTable, which requires unique names for each method.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlotVirtual):
+ (JSC::Arguments::getOwnPropertySlotByIndex):
+ * runtime/Arguments.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotVirtual):
+ (JSC::JSArray::getOwnPropertySlotByIndex):
+ (JSC::JSArray::getOwnPropertySlot):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlotVirtual):
+ (JSC::JSByteArray::getOwnPropertySlotByIndex):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlotVirtual):
+ (JSC::JSCell::getOwnPropertySlotByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
+ (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlotVirtual):
+ (JSC::JSObject::getOwnPropertySlotByIndex):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlotVirtual):
+ (JSC::JSString::getOwnPropertySlotByIndex):
+ * runtime/JSString.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
+ (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
+ (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlotVirtual):
+ (JSC::StringObject::getOwnPropertySlotByIndex):
+ * runtime/StringObject.h:
+
+2011-10-24 Patrick Gansterer <paroga@webkit.org>
+
+ Interpreter build fix after r98179.
+
+ * bytecode/CodeBlock.h:
+ Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
+ since it is only used there.
+
+2011-10-23 Geoffrey Garen <ggaren@apple.com>
+
+ Fixed a typo Darin spotted.
+
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::hash): Expelliarmus!
+
+2011-10-23 Geoffrey Garen <ggaren@apple.com>
+
+ Removed StringImpl::createStrippingNullCharacters
+ https://bugs.webkit.org/show_bug.cgi?id=70700
+
+ Reviewed by David Levin.
+
+ It was unused.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.cpp:
+ * wtf/text/StringImpl.h:
+
+2011-10-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should inline constructors
+ https://bugs.webkit.org/show_bug.cgi?id=70675
+
+ Reviewed by Oliver Hunt.
+
+ Adds support for inlining constructors. Also fixes two pathologies
+ uncovered along the way: CheckMethod claimed that it never returned a
+ result (causing CheckMethod -> SetLocal -> GetLocal sequences to
+ result in the GetLocal doing OSR exit), and get_by_id parsing never
+ checked if it was hot in slow path. Also fiddled with inlining
+ heuristics; it appears that for now, the more inlining, the happier
+ V8 is. Finally, a bug was uncovered where a silent spill of a boxed
+ integer that had previously been spilled unboxed causes the silent
+ fill to forget to unbox.
+
+ This appears to be a 4% speed-up on V8 in their harness, or a 1%
+ speed-up in my harness. The difference is due to warm-up: in my
+ harness we see significant amounts of time spent in compilation, but
+ in V8's harness compilation gets amortizes. Profiling indicates that
+ we have the potential for a 5% win from basic optimizations like
+ generating OSR exits lazily and holding onto bytecode longer.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleCall):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightInlineFunctionForConstruct):
+ (JSC::DFG::canInlineOpcode):
+ (JSC::DFG::mightInlineFunctionFor):
+ (JSC::DFG::canInlineFunctionFor):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ * runtime/Executable.h:
+ (JSC::isCall):
+ (JSC::ExecutableBase::intrinsicFor):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+
+2011-10-23 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
+ https://bugs.webkit.org/show_bug.cgi?id=70703
+
+ Reviewed by Kent Tamura.
+
+ runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
+ to these files from the gyp project files.
+
+ * JavaScriptCore.gypi:
+
+2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add deleteProperty to the MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=70162
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.exp:
+ * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
+ * runtime/JSFunction.h: Changed JSFunction::deleteProperty to
+ be protected rather than private for subclasses who don't provide their own
+ implementation.
+
+2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getConstructDataVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=70638
+
+ Reviewed by Darin Adler.
+
+ Removed all declarations and definitions of getConstructDataVirtual.
+ Also replaced all call sites to getConstructDataVirtual with a
+ corresponding lookup in the MethodTable.
+
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectIsConstructor):
+ (JSObjectCallAsConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSObject.h:
+ (JSC::getConstructData):
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+
+2011-10-23 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the SL build.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
+ away int vs unisgned warning.
+
+2011-10-21 Geoffrey Garen <ggaren@apple.com>
+
+ Separated string lifetime bits from character buffer state bits
+ https://bugs.webkit.org/show_bug.cgi?id=70673
+
+ Reviewed by Anders Carlsson.
+
+ Moved the static/immortal bit into the bottom bit of the refcount, and
+ moved all other bits into the high bits of the hash code.
+
+ This is the first step toward a new Characters/PassString class, and it
+ makes ref/deref slightly more efficient.
+
+ * create_hash_table:
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::hash): Tweaked the string hashing function to leave
+ the top bits clear, so they can be used as flags.
+
+ Fixed some small differences between the PERL copy of this function and
+ the C++ copy of this function, which could have in theory caused subtle
+ crashes.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::sharedBuffer):
+ (WTF::StringImpl::createWithTerminatingNullCharacter):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl):
+ (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
+ s_didReportExtraCost, since the original name was both self-contradictory
+ and used as a double-negative.
+
+ (WTF::StringImpl::isIdentifier):
+ (WTF::StringImpl::setIsIdentifier):
+ (WTF::StringImpl::hasTerminatingNullCharacter):
+ (WTF::StringImpl::isAtomic):
+ (WTF::StringImpl::setIsAtomic):
+ (WTF::StringImpl::setHash):
+ (WTF::StringImpl::rawHash):
+ (WTF::StringImpl::hasHash):
+ (WTF::StringImpl::existingHash):
+ (WTF::StringImpl::hash):
+ (WTF::StringImpl::hasOneRef):
+ (WTF::StringImpl::ref):
+ (WTF::StringImpl::deref):
+ (WTF::StringImpl::bufferOwnership):
+ (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
+ bit of the refcount. Now, all lifetime information lives in the refcount
+ field. Moved the other bits into the hash code field.
+
+2011-10-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG inlining sometimes fails to reset constant references
+ https://bugs.webkit.org/show_bug.cgi?id=70668
+
+ Reviewed by Anders Carlsson.
+
+ Reset constant references when we need to (new block created) and not
+ when we don't (change of inlining depth).
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::prepareToParseBlock):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+
+2011-10-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should have inlining
+ https://bugs.webkit.org/show_bug.cgi?id=69996
+
+ Reviewed by Oliver Hunt.
+
+ Implements inlining that's hooked into the bytecode parser. Only
+ works for calls, for now, though nothing fundamentally prevents us
+ from inlining constructor calls. 2% overall speed-up on all
+ benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
+ richards respectively), neutral on Kraken and SunSpider.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::baselineVersion):
+ (JSC::CodeBlock::setInstructionCount):
+ (JSC::CodeBlock::likelyToTakeSlowCase):
+ (JSC::CodeBlock::couldTakeSlowCase):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::likelyToTakeAnySlowCase):
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::inlineDepthForCallFrame):
+ (JSC::CodeOrigin::inlineDepth):
+ (JSC::CodeOrigin::operator==):
+ (JSC::CodeOrigin::inlineStack):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::beginBasicBlock):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ * dfg/DFGBasicBlock.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::ensureLocals):
+ (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getDirect):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::setDirect):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::flush):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
+ (JSC::DFG::ByteCodeParser::handleInlining):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::linkBlock):
+ (JSC::DFG::ByteCodeParser::linkBlocks):
+ (JSC::DFG::ByteCodeParser::handleSuccessor):
+ (JSC::DFG::ByteCodeParser::determineReachability):
+ (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::canHandleOpcodes):
+ (JSC::DFG::canCompileOpcodes):
+ (JSC::DFG::canInlineOpcodes):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::mightInlineFunctionForCall):
+ (JSC::DFG::mightInlineFunctionForConstruct):
+ (JSC::DFG::canInlineOpcode):
+ (JSC::DFG::canInlineOpcodes):
+ (JSC::DFG::canInlineFunctionForCall):
+ (JSC::DFG::canInlineFunctionForConstruct):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::printWhiteSpace):
+ (JSC::DFG::Graph::dumpCodeOrigin):
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::GetBytecodeBeginForBlock::operator()):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::decodedCodeMapFor):
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::debugCall):
+ (JSC::DFG::JITCompiler::baselineCodeBlockFor):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVariableAccessData):
+ (JSC::DFG::Node::shouldGenerate):
+ * dfg/DFGOperands.h:
+ (JSC::DFG::Operands::ensureLocals):
+ (JSC::DFG::Operands::setLocal):
+ (JSC::DFG::Operands::getLocal):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::trueCallerFrameSlow):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::baselineCodeBlockFor):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::profiledCodeBlockFor):
+ (JSC::FunctionExecutable::parameterCount):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h:
+ * runtime/JSFunction.h:
+
+2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add put to the MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=70439
+
+ Reviewed by Oliver Hunt.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
+ * runtime/JSFunction.h: Changed access modifier for put to protected since some
+ subclasses of JSFunction need to reference it in their MethodTables.
+
+2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add finalizer to JSObject
+ https://bugs.webkit.org/show_bug.cgi?id=70336
+
+ Reviewed by Darin Adler.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::callDestructor): Skip the call to the destructor
+ if we're a JSFinalObject, since the finalizer takes care of things.
+ * runtime/JSCell.h:
+ (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with
+ future changes and the fact that we no longer always call the destructor, making
+ the information provided less useful.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::finalize): Add finalizer for JSObject.
+ (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
+ property storage, we add a finalizer to ourself.
+ * runtime/JSObject.h:
+
+2011-10-21 Simon Hausmann <simon.hausmann@nokia.com>
+
+ Remove QtScript source code from WebKit.
+ https://bugs.webkit.org/show_bug.cgi?id=64088
+
+ Reviewed by Tor Arne Vestbø.
+
+ Removed dead code that isn't developed anymore.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pri:
+ * qt/api/QtScript.pro: Removed.
+ * qt/api/qscriptconverter_p.h: Removed.
+ * qt/api/qscriptengine.cpp: Removed.
+ * qt/api/qscriptengine.h: Removed.
+ * qt/api/qscriptengine_p.cpp: Removed.
+ * qt/api/qscriptengine_p.h: Removed.
+ * qt/api/qscriptfunction.cpp: Removed.
+ * qt/api/qscriptfunction_p.h: Removed.
+ * qt/api/qscriptoriginalglobalobject_p.h: Removed.
+ * qt/api/qscriptprogram.cpp: Removed.
+ * qt/api/qscriptprogram.h: Removed.
+ * qt/api/qscriptprogram_p.h: Removed.
+ * qt/api/qscriptstring.cpp: Removed.
+ * qt/api/qscriptstring.h: Removed.
+ * qt/api/qscriptstring_p.h: Removed.
+ * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
+ * qt/api/qscriptsyntaxcheckresult.h: Removed.
+ * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
+ * qt/api/qscriptvalue.cpp: Removed.
+ * qt/api/qscriptvalue.h: Removed.
+ * qt/api/qscriptvalue_p.h: Removed.
+ * qt/api/qscriptvalueiterator.cpp: Removed.
+ * qt/api/qscriptvalueiterator.h: Removed.
+ * qt/api/qscriptvalueiterator_p.h: Removed.
+ * qt/api/qtscriptglobal.h: Removed.
+ * qt/benchmarks/benchmarks.pri: Removed.
+ * qt/benchmarks/benchmarks.pro: Removed.
+ * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
+ * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
+ * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
+ * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
+ * qt/tests/qscriptengine/qscriptengine.pro: Removed.
+ * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
+ * qt/tests/qscriptstring/qscriptstring.pro: Removed.
+ * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
+ * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
+ * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
+ * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
+ * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
+ * qt/tests/tests.pri: Removed.
+ * qt/tests/tests.pro: Removed.
+
+2011-10-21 Zheng Liu <zheng.z.liu@intel.com>
+
+ bytecompiler sometimes generates incorrect bytecode for put_by_id
+ https://bugs.webkit.org/show_bug.cgi?id=70403
+
+ Reviewed by Filip Pizlo.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::AssignDotNode::emitBytecode):
+ (JSC::AssignBracketNode::emitBytecode):
+
+2011-10-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not try to predict argument types by looking at the values of
+ argument registers at the time of compilation
+ https://bugs.webkit.org/show_bug.cgi?id=70578
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/CodeBlock.cpp:
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGDriver.h:
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileOptimizedForCall):
+ (JSC::FunctionExecutable::compileOptimizedForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct):
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+
+2011-10-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG call optimization handling will fail if the call had been unlinked due
+ to the callee being optimized
+ https://bugs.webkit.org/show_bug.cgi?id=70468
+
+ Reviewed by Geoff Garen.
+
+ If a call had ever been linked, we remember this fact as well as the function
+ to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
+ called.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * jit/JIT.cpp:
+ (JSC::JIT::linkFor):
+
+2011-10-20 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - Fix ByteArray speculation
+ https://bugs.webkit.org/show_bug.cgi?id=70571
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-20 Vincent Scheib <scheib@chromium.org>
+
+ MouseLock compile and run time flags.
+ https://bugs.webkit.org/show_bug.cgi?id=70530
+
+ Reviewed by Darin Fisher.
+
+ * wtf/Platform.h:
+
+2011-10-20 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename static deleteProperty to deletePropertyByIndex
+ https://bugs.webkit.org/show_bug.cgi?id=70257
+
+ Reviewed by Geoffrey Garen.
+
+ Renaming versions of deleteProperty that use an unsigned as the property
+ name to "deletePropertyByIndex" in preparation for adding them to the
+ MethodTable, which requires unique names for each method.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deletePropertyVirtual):
+ (JSC::::deletePropertyByIndex):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::deletePropertyVirtual):
+ (JSC::Arguments::deletePropertyByIndex):
+ * runtime/Arguments.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deletePropertyVirtual):
+ (JSC::JSArray::deletePropertyByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deletePropertyVirtual):
+ (JSC::JSCell::deletePropertyByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::deletePropertyVirtual):
+ (JSC::JSNotAnObject::deletePropertyByIndex):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deletePropertyVirtual):
+ (JSC::JSObject::deletePropertyByIndex):
+ * runtime/JSObject.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::deletePropertyVirtual):
+ (JSC::RegExpMatchesArray::deletePropertyByIndex):
+
+2011-10-20 Filip Pizlo <fpizlo@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=70482
+ DFG-related stubs in the old JIT should not be built if the DFG is disabled
+
+ Reviewed by Zoltan Herczeg.
+
+ Aiming for a slight code size/build time reduction if the DFG is not in
+ play. This should also make further DFG development slightly easier since
+ the bodies of these JIT stubs can now safely refer to things that are only
+ declared when the DFG is enabled.
+
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+
+2011-10-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ConvertThis emits slow code when the source node is known to be,
+ but not predicted to be, a final object
+ https://bugs.webkit.org/show_bug.cgi?id=70466
+
+ Reviewed by Oliver Hunt.
+
+ Added a new case in ConvertThis compilation.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-19 Filip Pizlo <fpizlo@apple.com>
+
+ Optimization triggers in the old JIT may sometimes fire repeatedly even
+ though there is no optimization to be done
+ https://bugs.webkit.org/show_bug.cgi?id=70467
+
+ Reviewed by Oliver Hunt.
+
+ If optimize_from_ret does nothing, it delays the next optimization trigger.
+ This is performance-neutral.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Heuristics.cpp:
+ (JSC::Heuristics::initializeHeuristics):
+
+2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
+ https://bugs.webkit.org/show_bug.cgi?id=70460
+
+ Reviewed by Filip Pizlo.
+
+ As pointed out by Gavin in bug #70418, when a value is already in memory
+ we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
+ This gives 9% improvement on Kraken if without the change in bug #70418,
+ and 1% if based on the code with bug #70418 change.
+ Performance is neutral in V8 and SunSpider.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-10-19 Gavin Barraclough <barraclough@apple.com>
+
+ Poisoning of strict caller,arguments inappropriately poisoning "in"
+ https://bugs.webkit.org/show_bug.cgi?id=63398
+
+ Reviewed by Oliver Hunt.
+
+ This fixes the problem by correctly implementing the spec -
+ the error should actually be being thrown from a standard JS getter/setter.
+ This implements spec correct behaviour for strict mode JS functions & bound
+ functions, I'll follow up with a patch to do the same for arguments.
+
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::finishCreation):
+ - Add the poisoned caller/arguments properties.
+ * runtime/JSBoundFunction.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::finishCreation):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::put):
+ - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::createThrowTypeError):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
+ - Add a ThrowTypeError type, per ES5 13.2.3.
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncThrowTypeError):
+ * runtime/JSGlobalObjectFunctions.h:
+ - Implementation of ThrowTypeError.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::initializeGetterSetterProperty):
+ * runtime/JSObject.h:
+ - This function adds a new property (must not exist already) that is an initialized getter/setter.
+
+2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - improve double boxing/unboxing
+ https://bugs.webkit.org/show_bug.cgi?id=70418
+
+ Reviewed by Gavin Barraclough.
+
+ Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
+ which tries to exchange data through memory.
+ On X86 some SSE instructions can help us on such operations with better performance.
+ This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
+ and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::lshiftPacked):
+ (JSC::MacroAssemblerX86Common::rshiftPacked):
+ (JSC::MacroAssemblerX86Common::orPacked):
+ (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
+ (JSC::MacroAssemblerX86Common::movePackedToInt32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movd_rr):
+ (JSC::X86Assembler::psllq_i8r):
+ (JSC::X86Assembler::psrlq_i8r):
+ (JSC::X86Assembler::por_rr):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::boxDouble):
+ (JSC::DFG::JITCompiler::unboxDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-19 Gyuyoung Kim <gyuyoung.kim@samsung.com>
+
+ [EFL] Fix DSO linkage of wtf_efl.
+
+ Unreviewed build fix.
+
+ Need to add -ldl to jsc_efl (requested by dladdr).
+
+ * wtf/CMakeListsEfl.txt:
+
+2011-10-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed StringImplBase, fusing it into StringImpl
+ https://bugs.webkit.org/show_bug.cgi?id=70443
+
+ Reviewed by Gavin Barraclough.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::StringImpl):
+ (WTF::StringImpl::ref):
+ (WTF::StringImpl::length):
+ * wtf/text/StringImplBase.h: Removed.
+ * wtf/wtf.pri: Removed!
+
+2011-10-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add getConstructData to the MethodTable
+ https://bugs.webkit.org/show_bug.cgi?id=70163
+
+ Reviewed by Geoffrey Garen.
+
+ Adding getConstructData to the MethodTable in order to be able to
+ remove all calls to getConstructDataVirtual soon. Part of the process
+ of de-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/ClassInfo.h:
+
+2011-10-18 Oliver Hunt <oliver@apple.com>
+
+ Support CanvasPixelArray in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=70384
+
+ Reviewed by Filip Pizlo.
+
+ Add support for the old CanvasPixelArray optimisations to the
+ DFG. This removes the regression seen in the DFG when using
+ a CPA.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store8):
+ (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movb_rm):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ (JSC::predictionFromClassInfo):
+ * bytecode/PredictedType.h:
+ (JSC::isByteArrayPrediction):
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::execute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateByteArray):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::compileClampDoubleToByte):
+ (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::offsetOfStorage):
+ * wtf/ByteArray.cpp:
+ * wtf/ByteArray.h:
+ (WTF::ByteArray::offsetOfSize):
+ (WTF::ByteArray::offsetOfData):
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Some rope cleanup following r97827
+ https://bugs.webkit.org/show_bug.cgi?id=70398
+
+ Reviewed by Oliver Hunt.
+
+ 9% speedup on date-format-xparb, neutral overall.
+
+ - Removed RopeImpl*.
+ - Removed JSString::m_fiberCount, since this can be deduced from other data.
+ - Renamed a jsString() variant to jsStringFromArguments for clarity.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.order:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadCharacterString):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::loadJSStringArgument):
+ * jit/ThunkGenerators.cpp:
+ (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
+ of testing m_fiberCount, since m_fiberCount is gone now.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::RopeBuilder::expand):
+ (JSC::JSString::visitChildren):
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
+ in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::finishCreation):
+ (JSC::RopeBuilder::offsetOfLength):
+ (JSC::RopeBuilder::isRope):
+ (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
+ jsString => jsStringFromArguments for clarity.
+
+ * runtime/Operations.h:
+ (JSC::jsStringFromArguments): Renamed.
+
+ * runtime/RopeImpl.cpp: Removed.
+ * runtime/RopeImpl.h: Removed.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
+ which is slightly faster.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncConcat): Updated for rename.
+
+ * wtf/text/StringImplBase.h:
+ (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
+ StringImpl, since this was only used by RopeImpl, which is now gone.
+
+2011-10-19 Rafael Antognolli <antognolli@profusion.mobi>
+
+ [EFL] Fix DSO linkage of jsc_efl.
+ https://bugs.webkit.org/show_bug.cgi?id=70412
+
+ Unreviewed build fix.
+
+ Need to add -ldl to jsc_efl (requested by dladdr).
+
+ * shell/CMakeListsEfl.txt:
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out last Windows build fix because it was wrong.
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out last Windows build fix because it was wrong.
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix part of the Windows build.
+
+ Export!
+
+2011-10-18 Geoffrey Garen <ggaren@apple.com>
+
+ Switched ropes from malloc memory to GC memory
+ https://bugs.webkit.org/show_bug.cgi?id=70364
+
+ Reviewed by Gavin Barraclough.
+
+ ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
+ having C++ destructors.
+
+ * heap/MarkStack.cpp:
+ (JSC::visitChildren): Call the JSString visitChildren function now,
+ since it's no longer a no-op.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::~JSString): Moved this destructor out of line because
+ it's called virtually, so there's no value to inlining.
+
+ (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
+ initializing wrapper around JSString. JSString now represents ropes
+ directly, rather than relying on an underlying malloc object.
+
+ (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
+ objects now.
+
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
+ of malloc objects.
+
+ (JSC::JSString::replaceCharacter): Removed optimizations for substringing
+ ropes and replacing subsections of ropes. We want to reimplement versions
+ of these optimizations in the future, but this patch already has good
+ performance without them.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::finishCreation):
+ (JSC::RopeBuilder::createNull):
+ (JSC::RopeBuilder::create):
+ (JSC::RopeBuilder::createHasOtherOwner):
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsNontrivialString):
+ (JSC::jsString):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString): Lots of mechanical changes here. The two important
+ things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
+ malloc objects; (2) I simplified the JSString constructor interface to
+ only accept PassRefPtr<StringImpl>, instead of variations on that like
+ UString, reducing refcount churn.
+
+ * runtime/JSValue.h:
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toPrimitiveString): Updated this function to return a
+ JSString instead of a UString, since that's what clients want now.
+
+ * runtime/Operations.cpp:
+ (JSC::jsAddSlowCase):
+ * runtime/Operations.h:
+ (JSC::jsString):
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
+
+ * runtime/StringConstructor.cpp:
+ (JSC::constructWithStringConstructor):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create): Don't create a new JSString if we already
+ have a JSString.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncConcat): Updated for interface changes above.
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk, fix partial commit of r97825!
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Date.prototype.toISOString fails to throw exception
+ https://bugs.webkit.org/show_bug.cgi?id=70394
+
+ Reviewed by Sam Weinig.
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+ - Should throw a range error if the internal value is not finite.
+
+2011-10-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename static put to putByIndex
+ https://bugs.webkit.org/show_bug.cgi?id=70281
+
+ Reviewed by Geoffrey Garen.
+
+ Renaming versions of deleteProperty that use an unsigned as the property
+ name to "deletePropertyByIndex" in preparation for adding them to the
+ MethodTable, which requires unique names for each method.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::putVirtual):
+ (JSC::Arguments::putByIndex):
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncMap):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::put):
+ (JSC::JSArray::putVirtual):
+ (JSC::JSArray::putByIndex):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::putVirtual):
+ (JSC::JSByteArray::putByIndex):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putVirtual):
+ (JSC::JSCell::putByIndex):
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::putVirtual):
+ (JSC::JSNotAnObject::putByIndex):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putVirtual):
+ (JSC::JSObject::putByIndex):
+ * runtime/JSObject.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::fillArrayInstance):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::putVirtual):
+ (JSC::RegExpMatchesArray::putByIndex):
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Array.prototype methods missing exception checks
+ https://bugs.webkit.org/show_bug.cgi?id=70360
+
+ Reviewed by Geoff Garen.
+
+ Missing exception checks after calls to the static getProperty helper,
+ these may result in the wrong exception being thrown (or an ASSERT being hit,
+ as is currently the case running test-262).
+
+ No performance impact.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+
+2011-10-18 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(XPATH)
+ https://bugs.webkit.org/show_bug.cgi?id=70217
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-18 Gavin Barraclough <barraclough@apple.com>
+
+ Indexed arguments on the Arguments object should be enumerable.
+ https://bugs.webkit.org/show_bug.cgi?id=70302
+
+ Reviewed by Sam Weinig.
+
+ See ECMA-262 5.1 chapter 10.6 step 11b.
+ This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
+
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ - The 'enumerable' property should be true for indexed arguments.
+ (JSC::Arguments::getOwnPropertyNames):
+ - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
+
+2011-10-18 Gustavo Noronha Silva <gns@gnome.org>
+
+ Fix distcheck.
+
+ * GNUmakefile.list.am: fix a typo and add a missing header to the
+ list.
+
+2011-10-18 Balazs Kelemen <kbalazs@webkit.org>
+
+ ParallelJobs: maximum number of threads should be determined dynamically
+ https://bugs.webkit.org/show_bug.cgi?id=68540
+
+ Reviewed by Zoltan Herczeg.
+
+ Add logic to determine the number of cores and use this as
+ the maximum number of threads. The implementation currently
+ covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
+ The patch was tested on Linux, Mac and Windows which was enough to
+ cover all code path. It should work on the rest accoring to the
+ documentation of those OS's. The hard coded constant is still used
+ on uncovered OS's which should be fixed in the future.
+
+ * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
+ argument because clients should always fill it and the 0 default value
+ was incorrect anyway.
+ (WTF::ParallelJobs::ParallelJobs):
+ * wtf/ParallelJobsGeneric.cpp:
+ (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
+ * wtf/ParallelJobsGeneric.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Reverted r997709, this caused test failures.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasProperty):
+ (JSC::JSObject::hasOwnProperty):
+
+2011-10-17 Ryosuke Niwa <rniwa@webkit.org>
+
+ Rename deregister* to unregister*
+ https://bugs.webkit.org/show_bug.cgi?id=70272
+
+ Reviewed by Darin Adler.
+
+ Renamed deregisterWeakMap to unregisterWeakMap.
+
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::unregisterWeakMap):
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Poisoning of strict caller/arguments inappropriately poisoning "in"
+ https://bugs.webkit.org/show_bug.cgi?id=63398
+
+ Reviewed by Sam Weinig.
+
+ The problem here is that the has[Own]Property methods get the slot rather than
+ the descriptor, and getting the slot may cause the property to be eagerly accessed.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - We don't expect hasProperty to ever throw. If it does, it won't get caught
+ (since it is after the exception check), so ASSERT to guard against this.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::hasProperty):
+ (JSC::JSObject::hasOwnProperty):
+ - These methods should not check for the presence of the descriptor; never get the value.
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Exception ordering in String.prototype.replace
+ https://bugs.webkit.org/show_bug.cgi?id=70290
+
+ If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+
+2011-10-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG bytecode parser should understand inline stacks
+ https://bugs.webkit.org/show_bug.cgi?id=70278
+
+ Reviewed by Oliver Hunt.
+
+ The DFG bytecode parser is now capable of parsing multiple code blocks at
+ once. This remains turned off since not all inlining functionality is
+ implemented.
+
+ This required making a few changes elsewhere in the system. The bytecode
+ parser now may do some of the same things that the bytecode generator does,
+ like allocating constants and identifiers. Basic block linking relies on
+ bytecode indices, which are only meaningful within the context of one basic
+ block. This is fine, so long as linking is done eagerly whenever switching
+ from one code block to another.
+
+ * bytecode/CodeOrigin.h:
+ (JSC::CodeOrigin::CodeOrigin):
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGBasicBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getThis):
+ (JSC::DFG::ByteCodeParser::setThis):
+ (JSC::DFG::ByteCodeParser::currentCodeOrigin):
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::linkBlock):
+ (JSC::DFG::ByteCodeParser::linkBlocks):
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
+ (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
+ (JSC::DFG::ByteCodeParser::parseCodeBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
+ (JSC::DFG::GetBytecodeBeginForBlock::operator()):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ * dfg/DFGNode.h:
+ * runtime/Identifier.h:
+ (JSC::IdentifierMapIndexHashTraits::emptyValue):
+ * runtime/JSValue.h:
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearchWithFunctor):
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ Incorrect behavior from String match/search & undefined pattern
+ https://bugs.webkit.org/show_bug.cgi?id=70286
+
+ Reviewed by Sam weinig.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ - In case of undefined, pattern is "".
+ (JSC::stringProtoFuncSearch):
+ - In case of undefined, pattern is "".
+
+2011-10-17 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=70207
+ After deleting __defineSetter__, it is absent but appears in name list
+
+ Reviewed by Darin Adler.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertyNames):
+ - This should check whether static functions have been reified.
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Mac build fix.
+
+ * JavaScriptCore.exp: Export!
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix.
+
+ * heap/HandleStack.cpp: Added a missing #include.
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
+ longer existant symbol.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
+
+2011-10-17 Geoffrey Garen <ggaren@apple.com>
+
+ Simplified GC marking logic
+ https://bugs.webkit.org/show_bug.cgi?id=70258
+
+ Reviewed by Filip Pizlo.
+
+ No perf. change.
+
+ This is a first step toward GC allocating string backing stores, starting
+ with ropes. It also enables future simplifications and optimizations.
+
+ - Replaced some complex mark stack logic with a simple linear stack of
+ JSCell pointers.
+
+ - Replaced logic for short-circuiting marking based on JSType and/or
+ Structure flags with special cases for object, array, and string.
+
+ - Fiddled with inlining for better codegen.
+
+ * JavaScriptCore.exp:
+ * heap/HandleStack.cpp: Build!
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
+
+ * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStackArray::MarkStackArray):
+ (JSC::MarkStackArray::~MarkStackArray):
+ (JSC::MarkStackArray::expand):
+ (JSC::MarkStackArray::shrinkAllocation):
+ (JSC::MarkStack::reset):
+ (JSC::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::~MarkStack):
+ (JSC::MarkStackArray::append):
+ (JSC::MarkStackArray::removeLast):
+ (JSC::MarkStackArray::isEmpty):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::appendUnbarrieredPointer):
+ (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
+ simple linear stack.
+
+ * heap/SlotVisitor.h:
+ (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSArray.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSObject.h: Don't inline visitChildren; it's too big.
+
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
+ because it prevented strings from owning GC pointers.
+
+ * runtime/WriteBarrier.h:
+ (JSC::MarkStack::appendValues): No need to validate; internalAppend will
+ do that for us.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r97536, part 3
+
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSObject.h:
+ Use JS_EXPORTDATA to export the s_info members.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Interpreter build fix after r97564
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
+ there.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r97536, part 2
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
+ JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
+ was at it.
+
+2011-10-17 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r97536
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
+ JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
+ s_info members, which need to be exported via JS_EXPORTDATA instead.
+
+2011-10-17 Patrick Gansterer <paroga@webkit.org>
+
+ Interpreter build fix after r97436, r97506, r97532 and r97537.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-10-16 Adam Barth <abarth@webkit.org>
+
+ Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
+ https://bugs.webkit.org/show_bug.cgi?id=70216
+
+ Reviewed by Eric Seidel.
+
+ * wtf/Platform.h:
+
+2011-10-16 Noel Gordon <noel.gordon@gmail.com>
+
+ [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
+ https://bugs.webkit.org/show_bug.cgi?id=70205
+
+ Reviewed by James Robinson.
+
+ wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
+ wtf/gtk/ThreadingGtk.cpp was removed in r97269.
+
+ * JavaScriptCore.gypi:
+
+2011-10-16 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(DOM_STORAGE)
+ https://bugs.webkit.org/show_bug.cgi?id=70189
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-15 Dan Horák <dan@danny.cz>
+
+ The s390 and s390x architectures both use 64-bit double type
+ that conforms to the IEEE-754 standard.
+
+ https://bugs.webkit.org/show_bug.cgi?id=69940
+
+ Reviewed by Gavin Barraclough.
+
+ * wtf/dtoa/utils.h:
+
+2011-10-14 Filip Pizlo <fpizlo@apple.com>
+
+ FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
+ https://bugs.webkit.org/show_bug.cgi?id=70157
+
+ Reviewed by Geoff Garen.
+
+ Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
+ and compileForConstructInternal() to use this method. This required more cleanly
+ exposing some of CodeBlock's tiering functionality and moving the CompilationKind
+ enum to Executable.h, as this was the easiest way to make it available to the
+ declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::copyDataFrom):
+ (JSC::CodeBlock::copyDataFromAlternative):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setAlternative):
+ * bytecompiler/BytecodeGenerator.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::produceCodeBlockFor):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::codeBlockFor):
+
+2011-10-15 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
+ https://bugs.webkit.org/show_bug.cgi?id=69920
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+ * heap/MarkStack.h:
+ (JSC::::shrinkAllocation):
+ * jit/ExecutableAllocator.cpp:
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+ * jit/JITStubs.cpp:
+ * jsc.pro:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ * runtime/DatePrototype.cpp:
+ (JSC::formatLocaleDate):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncLastIndexOf):
+ * runtime/TimeoutChecker.cpp:
+ (JSC::getCPUTime):
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+ * wtf/Atomics.h:
+ * wtf/MathExtras.h:
+ * wtf/OSAllocator.h:
+ (WTF::OSAllocator::decommitAndRelease):
+ * wtf/OSAllocatorSymbian.cpp: Removed.
+ * wtf/OSRandomSource.cpp:
+ (WTF::cryptographicallyRandomValuesFromOS):
+ * wtf/PageAllocation.h:
+ * wtf/PageAllocatorSymbian.h: Removed.
+ * wtf/PageBlock.cpp:
+ * wtf/Platform.h:
+ * wtf/StackBounds.cpp:
+ * wtf/wtf.pri:
+
+2011-10-15 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Trivial fix for a missing change in r97512
+ https://bugs.webkit.org/show_bug.cgi?id=70166
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::link):
+
+2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename getOwnPropertySlot to getOwnPropertySlotVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69810
+
+ Reviewed by Geoffrey Garen.
+
+ Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
+ in preparation for when we add the static getOwnPropertySlot to the MethodTable
+ in ClassInfo.
+
+ Also added a few static getOwnPropertySlot functions where they had been overlooked
+ before (especially in CodeGeneratorJS.pm).
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertySlotVirtual):
+ (JSC::::getOwnPropertySlot):
+ (JSC::::getOwnPropertyDescriptor):
+ (JSC::::staticFunctionGetter):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertySlotVirtual):
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlotVirtual):
+ (JSC::Arguments::getOwnPropertySlot):
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getOwnPropertySlotVirtual):
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlotVirtual):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertySlotVirtual):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertySlotVirtual):
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertySlotVirtual):
+ * runtime/DatePrototype.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertySlotVirtual):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertySlotVirtual):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlotVirtual):
+ (JSC::JSArray::getOwnPropertySlot):
+ * runtime/JSArray.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::getOwnPropertySlotVirtual):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlotVirtual):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlotVirtual):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlotVirtual):
+ (JSC::JSFunction::getOwnPropertyDescriptor):
+ (JSC::JSFunction::getOwnPropertyNames):
+ (JSC::JSFunction::put):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::getOwnPropertySlotVirtual):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::hasOwnPropertyForWrite):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Holder::appendNextProperty):
+ (JSC::JSONObject::getOwnPropertySlotVirtual):
+ (JSC::Walker::walk):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlotVirtual):
+ (JSC::JSObject::getOwnPropertySlot):
+ (JSC::JSObject::hasOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getOwnPropertySlotVirtual):
+ (JSC::JSCell::fastGetOwnPropertySlot):
+ (JSC::JSObject::getPropertySlot):
+ (JSC::JSValue::get):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlotVirtual):
+ (JSC::JSString::getOwnPropertySlot):
+ * runtime/JSString.h:
+ * runtime/Lookup.h:
+ (JSC::getStaticPropertySlot):
+ (JSC::getStaticFunctionSlot):
+ (JSC::getStaticValueSlot):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertySlotVirtual):
+ * runtime/MathObject.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlotVirtual):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertySlotVirtual):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertySlotVirtual):
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertySlotVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::getOwnPropertySlotVirtual):
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertySlotVirtual):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertySlotVirtual):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlotVirtual):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertySlotVirtual):
+ * runtime/StringPrototype.h:
+
+2011-10-14 Gavin Barraclough <baraclough@apple.com>
+
+ Most built-in properties are not deletable
+ https://bugs.webkit.org/show_bug.cgi?id=61014
+
+ Reviewed by Filip Pizlo.
+
+ Our static hash tables don't allow for deleting properties.
+ This is the cause of a bunch of expected failures in LayoutTests/sputnik.
+
+ This fixes the problem by reifying all static functions immediately prior
+ to the first deletion. Reification is tracked by a flag on the structure,
+ so properties will no longer 'bounce-back' on later access.
+
+ Theoretically there could probably also be an issue with custom accessor
+ properties, but we probably do not really require any of these to be
+ Configurable anyway. I'll follow up with a separate patch to address this.
+
+ * runtime/ClassInfo.h:
+ (JSC::ClassInfo::hasStaticProperties):
+ - detects static property tables.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deleteProperty):
+ - call reifyStaticFunctions before deletion.
+ (JSC::JSObject::reifyStaticFunctions):
+ - If the class has static functions, set them up now.
+ * runtime/JSObject.h:
+ (JSC::JSObject::staticFunctionsReified):
+ - returns true if static functions have been reified,
+ and as such should no longer be added.
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ - If static functions have been reified do not add.
+ * runtime/Lookup.h:
+ (JSC::HashTable::ConstIterator::ConstIterator):
+ (JSC::HashTable::ConstIterator::operator->):
+ (JSC::HashTable::ConstIterator::operator*):
+ (JSC::HashTable::ConstIterator::operator!=):
+ (JSC::HashTable::ConstIterator::operator++):
+ (JSC::HashTable::ConstIterator::skipInvalidKeys):
+ (JSC::HashTable::begin):
+ (JSC::HashTable::end):
+ (JSC::getStaticPropertySlot):
+ (JSC::getStaticPropertyDescriptor):
+ (JSC::getStaticFunctionSlot):
+ (JSC::getStaticFunctionDescriptor):
+ - setUpStaticFunctionSlot may not add, returns a bool.
+ (JSC::lookupPut):
+ - remove redundant branch.
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ - initialize new flag in constructors.
+ * runtime/Structure.h:
+ (JSC::Structure::staticFunctionsReified):
+ (JSC::Structure::setStaticFunctionsReified):
+ - added flag
+
+2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename virtual put to putVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69851
+
+ Reviewed by Darin Adler.
+
+ Renamed virtual versions of put to putVirtual in prepration for
+ adding the static put to the MethodTable in ClassInfo since the
+ compiler gets mad if the virtual and static versions have the same
+ name.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::putVirtual):
+ * API/JSObjectRef.cpp:
+ (JSObjectSetProperty):
+ (JSObjectSetPropertyAtIndex):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::putVirtual):
+ (JSC::DebuggerActivation::put):
+ * debugger/DebuggerActivation.h:
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::putVirtual):
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::putProperty):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::putVirtual):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::putVirtual):
+ (JSC::JSArray::putSlowCase):
+ (JSC::JSArray::push):
+ (JSC::JSArray::shiftCount):
+ (JSC::JSArray::unshiftCount):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::putVirtual):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::putVirtual):
+ (JSC::JSCell::put):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::putVirtual):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::putVirtual):
+ (JSC::JSGlobalObject::putWithAttributes):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::putVirtual):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::putVirtual):
+ (JSC::JSObject::put):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSValue::put):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::putVirtual):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/Lookup.h:
+ (JSC::lookupPut):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::putVirtual):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::fillArrayInstance):
+ (JSC::RegExpConstructor::putVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::putVirtual):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::putVirtual):
+ * runtime/RegExpObject.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::putVirtual):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+
+2011-10-13 Filip Pizlo <fpizlo@apple.com>
+
+ Reflective Arguments retrieval should be hardened for the
+ possibility of inlining
+ https://bugs.webkit.org/show_bug.cgi?id=70068
+
+ Reviewed by Oliver Hunt.
+
+ CodeBlock can now track, as part of its RareData, the virtual inline
+ stack at callsites. CallFrame walking can now rematerialize "inline"
+ CallFrames by combining the meta-data in CodeBlock with the information
+ already in the JS stack. Arguments can now safely retrieve the
+ arguments from inline CallFrames.
+
+ The DFG already had the notion of a "CodeOrigin" in preparation for
+ inlining. This notion will now be saved into the CodeBlock, if the DFG
+ had done inlining. So, CodeOrigin has been moved to bytecode/ and has
+ been changed to behave more like a struct since that is how it's
+ meant to be used.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::inlineCallFrames):
+ (JSC::CodeBlock::codeOrigins):
+ (JSC::CodeBlock::hasCodeOrigins):
+ (JSC::CodeBlock::codeOriginForReturn):
+ * bytecode/CodeOrigin.h: Added.
+ (JSC::CodeOrigin::CodeOrigin):
+ (JSC::CodeOrigin::isSet):
+ (JSC::getCallReturnOffsetForCodeOrigin):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGNode.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::isInlineCallFrame):
+ (JSC::CallFrame::trueCallerFrame):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::inlineCallFrame):
+ (JSC::ExecState::setInlineCallFrame):
+ (JSC::ExecState::isInlineCallFrame):
+ (JSC::ExecState::trueCallerFrame):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::findFunctionCallFrame):
+ * interpreter/Register.h:
+ (JSC::Register::operator=):
+ (JSC::Register::inlineCallFrame):
+ * runtime/Arguments.h:
+ (JSC::Arguments::getArgumentsData):
+ (JSC::Arguments::finishCreationButDontCopyRegisters):
+ (JSC::Arguments::finishCreation):
+ (JSC::Arguments::finishCreationAndCopyRegisters):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::parameterCount):
+
+2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename virtual deleteProperty to deletePropertyVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69884
+
+ Reviewed by Darin Adler.
+
+ Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for
+ adding the static deleteProperty to the MethodTable in ClassInfo since the
+ compiler gets mad if the virtual and static versions have the same name.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deletePropertyVirtual):
+ (JSC::::deleteProperty):
+ * API/JSObjectRef.cpp:
+ (JSObjectDeleteProperty):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::deletePropertyVirtual):
+ (JSC::DebuggerActivation::deleteProperty):
+ * debugger/DebuggerActivation.h:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::deletePropertyVirtual):
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::deletePropertyVirtual):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deletePropertyVirtual):
+ (JSC::JSArray::deleteProperty):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deletePropertyVirtual):
+ (JSC::JSCell::deleteProperty):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::deletePropertyVirtual):
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::deletePropertyVirtual):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Walker::walk):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deletePropertyVirtual):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deletePropertyVirtual):
+ * runtime/JSVariableObject.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::deletePropertyVirtual):
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::deletePropertyVirtual):
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::deletePropertyVirtual):
+ * runtime/StringObject.h:
+
+2011-10-14 Peter Beverloo <peter@chromium.org>
+
+ [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo
+ https://bugs.webkit.org/show_bug.cgi?id=70028
+
+ Reviewed by Adam Barth.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-10-14 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - Performance fix for ResolveGlobal
+ https://bugs.webkit.org/show_bug.cgi?id=70096
+
+ Reviewed by Gavin Barraclough.
+
+ Structure check of global object should be a pointer comparison
+ instead of a tag and payload pair comparison. This fix improves
+ SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X.
+ Also two trivial fixes for successful 32-bit build are included.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-13 Filip Pizlo <fpizlo@apple.com>
+
+ Speculation failures in ValueToInt32 are causing a 2x slow-down
+ in Kraken/stanford-crypto-pbkdf2
+ https://bugs.webkit.org/show_bug.cgi?id=70089
+
+ Reviewed by Gavin Barraclough.
+
+ If we can't truncate to Int32 using machine code, then don't fail
+ speculation. Just call JSC::toInt32.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Rename virtual getConstructData to getConstructDataVirtual
+ https://bugs.webkit.org/show_bug.cgi?id=69872
+
+ Reviewed by Geoffrey Garen.
+
+ Renamed virtual getConstructData functions to getConstructDataVirtual to
+ avoid conflicts when we add static getConstructData to the MethodTable.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::getConstructDataVirtual):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getConstructDataVirtual):
+ * API/JSObjectRef.cpp:
+ (JSObjectIsConstructor):
+ (JSObjectCallAsConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getConstructDataVirtual):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getConstructDataVirtual):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getConstructDataVirtual):
+ * runtime/DateConstructor.h:
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getConstructDataVirtual):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getConstructDataVirtual):
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getConstructDataVirtual):
+ * runtime/JSCell.h:
+ (JSC::getConstructData):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getConstructDataVirtual):
+ * runtime/JSFunction.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getConstructDataVirtual):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getConstructDataVirtual):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getConstructDataVirtual):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getConstructDataVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getConstructDataVirtual):
+ * runtime/StringConstructor.h:
+
+2011-10-13 Filip Pizlo <fpizlo@apple.com>
+
+ Rubber stamped Stephanie Lewis.
+
+ DFG_ENABLE() macro was always returning false.
+
+ * dfg/DFGNode.h:
+
+2011-10-13 Gavin Barraclough <baraclough@apple.com>
+
+ Speculative build fix for !DFG builds.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-10-13 Oliver Hunt <oliver@apple.com>
+
+ Fix performance of ValueToInt32 node when predicting double
+ https://bugs.webkit.org/show_bug.cgi?id=70063
+
+ Reviewed by Filip Pizlo.
+
+ Currently we fail to inline double to int conversion when
+ performing a ValueToInt32 operation on a value we predict
+ to be a double.
+
+ * dfg/DFGAbstractState.cpp:
+ (JSC::DFG::AbstractState::execute):
+ Apply correct filter for the double prediction path
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ Support double parameters even when value has been spilled.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ Moved old valueToInt32 code to this function, and added
+ path for double prediction
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ Made the two implementations of ValueToInt32 call a single
+ shared compileValueToInt32 function.
+
+2011-10-13 Chris Marrin <cmarrin@apple.com>
+
+ Sync requestAnimationFrame callback to CVDisplayLink on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=68911
+
+ Reviewed by Simon Fraser.
+
+ Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations
+ that use the DisplayRefreshMonitor logic.
+
+ * wtf/Platform.h:
+
+2011-10-13 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT should not be using ENABLE macro to enable features
+ https://bugs.webkit.org/show_bug.cgi?id=70060
+
+ Reviewed by Oliver Hunt.
+
+ The ENABLE macro is only intended to be used to detect features that are configured
+ in Platform.h. Using its to detect settings defined in other headers is an error.
+
+ The problem is that the ENABLE macro checks if the value is defined, so will silently
+ return false if you fail to include the header defining the switch. This is not a problem
+ if (1) the settings are defined in the same header that defines the macro that tests them,
+ or (2) the header is included everywhere. In the case of ENABLE settings defined in
+ Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro.
+
+ * bytecode/CodeBlock.cpp:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGNode.h:
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::propagatePredictionsForward):
+ (JSC::DFG::Propagator::propagatePredictionsBackward):
+ (JSC::DFG::Propagator::propagatePredictions):
+ (JSC::DFG::Propagator::toDouble):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::fixup):
+ (JSC::DFG::Propagator::startIndexForChildren):
+ (JSC::DFG::Propagator::endIndexForPureCSE):
+ (JSC::DFG::Propagator::setReplacement):
+ (JSC::DFG::Propagator::eliminate):
+ (JSC::DFG::Propagator::performNodeCSE):
+ (JSC::DFG::Propagator::localCSE):
+ (JSC::DFG::Propagator::allocateVirtualRegisters):
+ (JSC::DFG::Propagator::performBlockCFA):
+ (JSC::DFG::Propagator::performForwardCFA):
+ (JSC::DFG::Propagator::globalCFA):
+ * dfg/DFGScoreBoard.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-10-13 Gavin Barraclough <baraclough@apple.com>
+
+ terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell
+
+ Rubber stamped by Filip Pizlo
+
+ This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualized JSCell::toNumber
+ https://bugs.webkit.org/show_bug.cgi?id=69858
+
+ Reviewed by Sam Weinig.
+
+
+ Removed JSCallbackObject::toNumber because its no longer necessary since
+ JSObject::toNumber now suffices since we implicitly add valueOf to an object's
+ prototype whenever a convertToType callback is provided.
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber.
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toNumber):
+ * runtime/JSCell.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+
+ Removed JSNotAnObject::toNumber because its result doesn't matter and it implements
+ defaultValue, therefore JSObject::toNumber can cover its case.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+
+2011-10-13 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Use realloc() to expand/shrink StringBuilder buffer
+ https://bugs.webkit.org/show_bug.cgi?id=69913
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::reserveCapacity):
+ (WTF::StringBuilder::reallocateBuffer):
+ (WTF::StringBuilder::appendUninitialized):
+ (WTF::StringBuilder::shrinkToFit):
+ * wtf/text/StringBuilder.h:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer.
+ * wtf/text/StringImpl.h:
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ If an Arguments object is being used to copy the arguments, then
+ make this explicit
+ https://bugs.webkit.org/show_bug.cgi?id=69995
+
+ Reviewed by Sam Weinig.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::retrieveArguments):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createAndCopyRegisters):
+ (JSC::Arguments::finishCreationButDontCopyRegisters):
+ (JSC::Arguments::finishCreation):
+ (JSC::Arguments::finishCreationAndCopyRegisters):
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG CFA does not filter structures aggressively enough.
+ https://bugs.webkit.org/show_bug.cgi?id=69989
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::AbstractValue::clear):
+ (JSC::DFG::AbstractValue::makeTop):
+ (JSC::DFG::AbstractValue::clobberStructures):
+ (JSC::DFG::AbstractValue::set):
+ (JSC::DFG::AbstractValue::merge):
+ (JSC::DFG::AbstractValue::filter):
+ (JSC::DFG::AbstractValue::checkConsistency):
+
+2011-10-12 Adam Barth <abarth@webkit.org>
+
+ Remove ENABLE(XHTMLMP) and associated code
+ https://bugs.webkit.org/show_bug.cgi?id=69729
+
+ Reviewed by David Levin.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-12 Gavin Barraclough <baraclough@apple.com>
+
+ MacroAssemblerX86 8-bit register ops unsafe on CPU(X86)
+ https://bugs.webkit.org/show_bug.cgi?id=69978
+
+ Reviewed by Filip Pizlo.
+
+ Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ).
+
+ compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding
+ a couple of xchg instructions.
+
+ branchTest8 with a register argument is also affected. In all cases this is currently used
+ this is testing a value that is correct to 32 or more bits, so we can simply switch these
+ to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the
+ 32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction).
+
+ This fixes the remaining fast/js failures with the DFG JIT 32_64.
+
+ * assembler/MacroAssemblerARMv7.h
+ - removed branchTest8.
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::compare32):
+ (JSC::MacroAssemblerX86Common::test8):
+ (JSC::MacroAssemblerX86Common::test32):
+ (JSC::MacroAssemblerX86Common::set32):
+ - added set32 helper that is 'h' register safe.
+ - removed branchTest8.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ - switch uses of branchTest8 to branchTest32.
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ - switch uses of branchTest8 to branchTest32.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ - switch uses of branchTest8 to branchTest32.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ - switch uses of branchTest8 to branchTest32.
+
+2011-10-12 Gavin Barraclough <baraclough@apple.com>
+
+ Errrk, revert accidental commit!
+
+ * wtf/Platform.h:
+
+2011-10-12 Gavin Barraclough <baraclough@apple.com>
+
+ Unreviewed, re-land changes from #69890, #69903.
+
+ These were reverted due to bug #69897, but #69903 fixed this problem.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly
+ https://bugs.webkit.org/show_bug.cgi?id=69906
+
+ Reviewed by Gavin Barraclough.
+
+ It turns out that the simplest fix is to switch computeUpdatedPredictions()
+ to using predictionFromValue() combined with mergePrediction(). Doing so
+ allowed me to kill off weakBuckets and visitWeakReferences(). Hence this
+ not only fixes a performance bug but kills off a lot of code that I never
+ liked to begin with.
+
+ This appears to be a 1% win on V8.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionFromValue):
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeStatistics):
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::dump):
+
+2011-10-12 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::toString
+ https://bugs.webkit.org/show_bug.cgi?id=69677
+
+ Reviewed by Sam Weinig.
+
+ Removed toString from JSCallbackObject, since it is no
+ longer necessary since we now implicitly add toString and valueOf
+ functions to object prototypes when a convertToType callback
+ is provided, which is now the standard way to override toString
+ and valueOf in the JSC C API.
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ Removed toString from InterruptedExecutionError and
+ TerminatedExecutionError and replaced it with defaultValue,
+ which JSObject::toString calls. We'll probably have to de-virtualize
+ defaultValue eventually, but we'll cross that bridge when we
+ come to it.
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::defaultValue):
+ (JSC::TerminatedExecutionError::defaultValue):
+ * runtime/ExceptionHelpers.h:
+
+ Removed toString from JSNotAnObject, since its return value doesn't
+ actually matter and JSObject::toString can cover it.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+
+ De-virtualized JSCell::toString, JSObject::toString and JSString::toString.
+ Added handling of all cases for JSCell to JSCell::toString.
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toString):
+ * runtime/JSCell.h:
+
+2011-10-12 Oliver Hunt <oliver@apple.com>
+
+ Global stringStructure caches its prototype chain, abandoning a web page
+ https://bugs.webkit.org/show_bug.cgi?id=69952
+
+ Reviewed by Filip Pizlo.
+
+ When visiting a structure, we don't keep the prototype chain
+ alive if we're not the structure for an object type.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildren):
+
+2011-10-12 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT 32_64 - Fix ArrayPop
+ https://bugs.webkit.org/show_bug.cgi?id=69918
+
+ Reviewed by Filip Pizlo.
+
+ The storageLengthGPR is polluted by EmptyValueTag and later used to
+ index the array, which results in abnormal behaviors in execution.
+ This fix makes 32_64 DFG pass v8-deltablue and kraken
+ crypto-sha256-iterative on Linux ia32.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movl_i32m):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-12 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
+
+ Fix build with GLib 2.31
+ https://bugs.webkit.org/show_bug.cgi?id=69840
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am: removed ThreadingGtk.cpp.
+ * wtf/ThreadingPrimitives.h: remove GTK+-specific definitions.
+ * wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations.
+ * wtf/gobject/GOwnPtr.h: ditto.
+ * wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations.
+ * wtf/gtk/ThreadingGtk.cpp: Removed.
+
+2011-10-12 Filip Pizlo <fpizlo@apple.com>
+
+ Layout tests crashing in DFG JIT code
+ https://bugs.webkit.org/show_bug.cgi?id=69897
+
+ Reviewed by Gavin Barraclough.
+
+ Abstract value filtration didn't take into account cases where a structure
+ set filter, combined with predicted type knowledge, could lead to a stronger
+ filter for the structure abstract value.
+
+ This bug would have been benign in release builds; it would have just meant
+ that the analysis was less precise and some optimization opportunities would
+ be missed. I have an ASSERT that is meant to catch such cases, and it was
+ triggering sporadically in one of the LayoutTests.
+
+ * dfg/DFGAbstractValue.h:
+ (JSC::DFG::AbstractValue::filter):
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ Unreviewed, temporarily reverted r97216 due to bug #69897.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG 32_64 - fix silentFillGPR
+ https://bugs.webkit.org/show_bug.cgi?id=69903
+
+ Reviewed by Filip Pizlo.
+
+ Fix a small bug in silentFillGPR,
+ and add the newly introduced DFG file to CMakeListsEfl.
+
+ * CMakeListsEfl.txt:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not have flow-sensitive intraprocedural control flow analysis
+ https://bugs.webkit.org/show_bug.cgi?id=69690
+
+ Reviewed by Gavin Barraclough.
+
+ Implemented a control flow analysis (CFA). It currently propagates type
+ proofs only. For example, if all predecessors to a basic block have
+ checks that variable X is a JSFinalObject with structure 0xabcdef, then
+ this basic block will now know this fact and will know that it does not
+ have to emit either JSFinalObject checks or any structure checks since
+ the structure is precisely known. The CFA takes heap side-effects into
+ account (though somewhat conservatively), so that if the object pointed
+ to by variable X could have possibly undergone a structure transition
+ then this is reflected: the analysis may simply say that X's structure
+ is unknown.
+
+ This also propagates a wealth of other type information which is
+ currently not being used. For example, we now know when a variable can
+ only hold doubles. Even if a variable may hold other types at different
+ points in its live range, we can still prove exactly when it will only
+ be double.
+
+ There's a bunch of stuff that the CFA could do that it still does not
+ do, like precise handling of PutStructure (i.e. structure transitions),
+ precise handling of CheckFunction and CheckMethod, etc. So this is
+ very much intended to be a starting point rather than an end unto
+ itself.
+
+ This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue)
+ and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate).
+ Neutral on SunSpider.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/ActionablePrediction.h: Removed.
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ * dfg/DFGAbstractState.cpp: Added.
+ (JSC::DFG::AbstractState::AbstractState):
+ (JSC::DFG::AbstractState::~AbstractState):
+ (JSC::DFG::AbstractState::beginBasicBlock):
+ (JSC::DFG::AbstractState::initialize):
+ (JSC::DFG::AbstractState::endBasicBlock):
+ (JSC::DFG::AbstractState::reset):
+ (JSC::DFG::AbstractState::execute):
+ (JSC::DFG::AbstractState::clobberStructures):
+ (JSC::DFG::AbstractState::mergeStateAtTail):
+ (JSC::DFG::AbstractState::merge):
+ (JSC::DFG::AbstractState::mergeToSuccessors):
+ (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
+ (JSC::DFG::AbstractState::dump):
+ * dfg/DFGAbstractState.h: Added.
+ (JSC::DFG::AbstractState::forNode):
+ (JSC::DFG::AbstractState::isValid):
+ * dfg/DFGAbstractValue.h: Added.
+ (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
+ (JSC::DFG::StructureAbstractValue::clear):
+ (JSC::DFG::StructureAbstractValue::makeTop):
+ (JSC::DFG::StructureAbstractValue::top):
+ (JSC::DFG::StructureAbstractValue::add):
+ (JSC::DFG::StructureAbstractValue::addAll):
+ (JSC::DFG::StructureAbstractValue::contains):
+ (JSC::DFG::StructureAbstractValue::isSubsetOf):
+ (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
+ (JSC::DFG::StructureAbstractValue::isSupersetOf):
+ (JSC::DFG::StructureAbstractValue::filter):
+ (JSC::DFG::StructureAbstractValue::isClear):
+ (JSC::DFG::StructureAbstractValue::isTop):
+ (JSC::DFG::StructureAbstractValue::size):
+ (JSC::DFG::StructureAbstractValue::at):
+ (JSC::DFG::StructureAbstractValue::operator[]):
+ (JSC::DFG::StructureAbstractValue::last):
+ (JSC::DFG::StructureAbstractValue::predictionFromStructures):
+ (JSC::DFG::StructureAbstractValue::operator==):
+ (JSC::DFG::StructureAbstractValue::dump):
+ (JSC::DFG::AbstractValue::AbstractValue):
+ (JSC::DFG::AbstractValue::clear):
+ (JSC::DFG::AbstractValue::isClear):
+ (JSC::DFG::AbstractValue::makeTop):
+ (JSC::DFG::AbstractValue::clobberStructures):
+ (JSC::DFG::AbstractValue::isTop):
+ (JSC::DFG::AbstractValue::top):
+ (JSC::DFG::AbstractValue::set):
+ (JSC::DFG::AbstractValue::operator==):
+ (JSC::DFG::AbstractValue::merge):
+ (JSC::DFG::AbstractValue::filter):
+ (JSC::DFG::AbstractValue::validate):
+ (JSC::DFG::AbstractValue::dump):
+ * dfg/DFGBasicBlock.h: Added.
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::getBytecodeBegin):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::block):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGNode.h:
+ (JSC::DFG::NodeIndexTraits::defaultValue):
+ (JSC::DFG::Node::variableAccessData):
+ (JSC::DFG::Node::takenBytecodeOffsetDuringParsing):
+ (JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing):
+ (JSC::DFG::Node::setTakenBlockIndex):
+ (JSC::DFG::Node::setNotTakenBlockIndex):
+ (JSC::DFG::Node::takenBlockIndex):
+ (JSC::DFG::Node::notTakenBlockIndex):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ * dfg/DFGOperands.h: Added.
+ (JSC::DFG::operandIsArgument):
+ (JSC::DFG::OperandValueTraits::defaultValue):
+ (JSC::DFG::Operands::Operands):
+ (JSC::DFG::Operands::numberOfArguments):
+ (JSC::DFG::Operands::numberOfLocals):
+ (JSC::DFG::Operands::argument):
+ (JSC::DFG::Operands::local):
+ (JSC::DFG::Operands::setLocal):
+ (JSC::DFG::Operands::setArgumentFirstTime):
+ (JSC::DFG::Operands::setLocalFirstTime):
+ (JSC::DFG::Operands::operand):
+ (JSC::DFG::Operands::setOperand):
+ (JSC::DFG::Operands::clear):
+ (JSC::DFG::dumpOperands):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::propagatePredictions):
+ (JSC::DFG::Propagator::performBlockCFA):
+ (JSC::DFG::Propagator::performForwardCFA):
+ (JSC::DFG::Propagator::globalCFA):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStructureSet.h:
+ (JSC::DFG::StructureSet::clear):
+ (JSC::DFG::StructureSet::predictionFromStructures):
+ (JSC::DFG::StructureSet::operator==):
+ (JSC::DFG::StructureSet::dump):
+ * dfg/DFGVariableAccessData.h: Added.
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT 32_64 - Fix silentFillGPR for non-integer constants.
+ https://bugs.webkit.org/show_bug.cgi?id=69890
+
+ Reviewed by Oliver Hunt.
+
+ Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+
+2011-10-11 Ryosuke Niwa <rniwa@webkit.org>
+
+ GTK build fix attempt after r97197.
+
+ * wtf/BitVector.h:
+
+2011-10-11 Oliver Hunt <oliver@apple.com>
+
+ Remove unintentional logging.
+
+ * heap/Heap.cpp:
+
+2011-10-11 Oliver Hunt <oliver@apple.com>
+
+ Tidy up card walking logic
+ https://bugs.webkit.org/show_bug.cgi?id=69883
+
+ Reviewed by Gavin Barraclough.
+
+ Special case common cell sizes when walking a block's
+ cards.
+
+ * heap/CardSet.h:
+ (JSC::::testAndClear):
+ * heap/Heap.cpp:
+ (JSC::GCTimer::GCCounter::GCCounter):
+ (JSC::GCTimer::GCCounter::count):
+ (JSC::GCTimer::GCCounter::~GCCounter):
+ (JSC::Heap::markRoots):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::reset):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::visitCount):
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::append):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::gatherDirtyCellsWithSize):
+ (JSC::MarkedBlock::gatherDirtyCells):
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+
+2011-10-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG virtual register allocator should be more aggressive in
+ reusing temporary slots
+ https://bugs.webkit.org/show_bug.cgi?id=69868
+
+ Reviewed by Oliver Hunt.
+
+ 1.2% win on V8, neutral elsewhere. The win is probably because it
+ increases precision of GC conservative scans.
+
+ This required making the DFG::ScoreBoard operate over a bitvector
+ of preserved variables, rather than just a preserved variable
+ threshold. To do this, I improved the WTF::BitVector class to make
+ it more user-friendly. It still retains all previous functionality.
+ Also made changes to PackedIntVector to accomodate those changes.
+ Finally, this adds more debugging to the virtual register allocator
+ and to the OSR exit code, as this was necessary to track down bugs
+ in an earlier version of this patch.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::allocateVirtualRegisters):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::ScoreBoard):
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::allocate):
+ (JSC::DFG::ScoreBoard::use):
+ (JSC::DFG::ScoreBoard::highWatermark):
+ (JSC::DFG::ScoreBoard::dump):
+ (JSC::DFG::ScoreBoard::max):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueRecovery::dump):
+ * wtf/BitVector.cpp:
+ (WTF::BitVector::setSlow):
+ (WTF::BitVector::resizeOutOfLine):
+ (WTF::BitVector::dump):
+ * wtf/BitVector.h:
+ (WTF::BitVector::BitVector):
+ (WTF::BitVector::operator=):
+ (WTF::BitVector::quickGet):
+ (WTF::BitVector::quickSet):
+ (WTF::BitVector::quickClear):
+ (WTF::BitVector::get):
+ (WTF::BitVector::set):
+ (WTF::BitVector::clear):
+ * wtf/PackedIntVector.h:
+ (WTF::PackedIntVector::get):
+ (WTF::PackedIntVector::set):
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT 32_64 - Switch to cdecl calling convention.
+ https://bugs.webkit.org/show_bug.cgi?id=69863
+
+ Reviewed by Oliver Hunt.
+
+ This makes it easier to keep the stack correctly aligned, which is required on OS X.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+ - Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Switch calls to poke arguments rather than pushing them.
+ (JSC::DFG::resetCallArguments):
+ (JSC::DFG::addCallArgument):
+ (JSC::DFG::addCallArgumentBoxed):
+ - Helper functions to stack up call arguments on X86.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ - Don't push, poke!
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::compileBody):
+ - Don't push, poke!
+ * dfg/DFGOperations.cpp:
+ - Switch ReturnAddress wrappers to push return address last, update asm trampolines.
+ * dfg/DFGOperations.h:
+ - switch DFG_OPERATION to assert CDECL on STDCALL platforms.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::fmodWithCDecl):
+ (JSC::DFG::SpeculativeJIT::compile):
+ - On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL.
+
+2011-10-11 Gavin Barraclough <baraclough@apple.com>
+
+ Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t
+ https://bugs.webkit.org/show_bug.cgi?id=69821
+
+ Reviewed by Filip Pizlo.
+
+ Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an
+ intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building.
+
+ dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for
+ JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary
+ move), so by switching all associated operations to return a size_t we can fix the type
+ problem on Linux & make it a small tweak that removes an unnecessary instruction.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ - comparisons now return a size_t.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Removed Z_DFGOperation_EJ form.
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ - comparisons now return a size_t.
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ - comparisons now return a size_t.
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t,
+ Both need to return values zero extended to fill a register.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ - comparisons now return a size_t.
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ - comparisons now return a size_t.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ - comparisons now return a size_t.
+
+2011-10-11 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+ [Qt] Remove all references to QTDIR_build and standalone_package
+
+ Qt is now modularized, which means we no longer import WebKit into
+ the Qt source tree. Instead we use git submodules, and building
+ QtWebKit as "part of Qt" is really building QtWebKit as from trunk.
+
+ To decrease the number of buildsystem configurations we also remove
+ the standalone_package code-path used when we were providing tarballs
+ with the derived sources pre-generated.
+
+ Reviewed by Simon Hausmann.
+
+ * DerivedSources.pro:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+
+2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add missing copyright notice in DFG JIT files
+ https://bugs.webkit.org/show_bug.cgi?id=69809
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCompiler32_64.cpp:
+ * dfg/DFGJITCompilerInlineMethods.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+
+2011-10-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JSVALUE64 spill/fill code should not box integers and doubles
+ https://bugs.webkit.org/show_bug.cgi?id=69782
+
+ Reviewed by Oliver Hunt.
+
+ Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat.
+ This required changing all of the places that spill registers (both silently
+ and not) and filling registers (both silently and on demand). It also required
+ changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile)
+ may have the wrong format for the old JIT (unboxed int or double).
+
+ This is a slight win on Kraken (0.25%) and neutral elsewhere.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::spill):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::spill):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueRecovery::displacedInRegisterFile):
+ (JSC::DFG::ValueRecovery::virtualRegister):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ DFG JIT switch dfgConvert methods to use callOperation
+ https://bugs.webkit.org/show_bug.cgi?id=69806
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ * dfg/DFGOperations.h:
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ Remove some unused methods from the DFG JIT.
+
+ Rubber stamped by Oliver Hunt
+
+ Thee methods were only used by the non-speculative JIT, and can be removed.
+
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCodeGenerator64.cpp:
+ - removed:
+ nonSpeculativeAdd
+ nonSpeculativeArithSub
+ nonSpeculativeArithMod
+ nonSpeculativeCheckHasInstance
+ nonSpeculativeInstanceOf
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - removed:
+ operationArithMod
+ operationInstanceOf
+ operationThrowHasInstanceError
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ Switch most calls in DFGJITCodeGenerator to use callOperation.
+ https://bugs.webkit.org/show_bug.cgi?id=69802
+
+ Reviewed by Oliver Hunt.
+
+ Compares, add, mod are the easy cases.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+
+2011-10-10 Gavin Barraclough <baraclough@apple.com>
+
+ DFG: Switch GetById / PutById to use callOperation
+ https://bugs.webkit.org/show_bug.cgi?id=69795
+
+ Reviewed by Oliver Hunt.
+
+ Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::appropriatePutByIdFunction):
+
+2011-10-10 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
+ https://bugs.webkit.org/show_bug.cgi?id=69412
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+
+2011-10-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getCallDataVirtual methods
+ https://bugs.webkit.org/show_bug.cgi?id=69186
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all getCallDataVirtual methods and replaced their call sites
+ with an explicit lookup in the MethodTable.
+
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+
+ Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
+ the class definition in JSGlobalObject.cpp.
+ * runtime/Error.cpp:
+ (JSC::createTypeErrorFunction):
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+ To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
+ to declare their own ClassInfo if they don't override getCallData, provided
+ an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
+ functionality as of the pure virtual method InternalFunction used to have.
+ Also made this new implementation protected rather than private for the same reason.
+ Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
+ object is being created provides their own implementation of getCallData. This
+ just makes execution fail earlier in a place where the source of the error is
+ easy to trace. These ASSERTs are better than putting a null in the MethodTable because
+ they appear much more intentional to anybody who fails to provide their own
+ implementation or who tries to explicitly call InternalFunction::getCallData.
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::finishCreation):
+ (JSC::InternalFunction::getCallData):
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+
+ Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
+ it to be reused rather than creating a new Structure every time we instantiate it.
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ (JSC::getCallData):
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ * runtime/Structure.h:
+
+2011-10-10 Gavin Barraclough <barraclough@apple.com>
+
+ Switch last calls from DFGSpeculativeJIT to use callOperation.
+ https://bugs.webkit.org/show_bug.cgi?id=69780
+
+ Reviewed by Oliver Hunt.
+
+ Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * wtf/Platform.h:
+
+2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace"
+ https://bugs.webkit.org/show_bug.cgi?id=69748
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+
+2011-10-10 Adam Roben <aroben@apple.com>
+
+ Build fix
+
+ * wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros.
+
+2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - Bug fix for BranchNull
+ https://bugs.webkit.org/show_bug.cgi?id=69743
+
+ Reviewed by Darin Adler.
+
+ This fixes the error in access-binary-trees. All SunSpider cases passed.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+
+2011-10-07 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT: callOperation should return the Call.
+ https://bugs.webkit.org/show_bug.cgi?id=69682
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ (JSC::DFG::appendCallWithExceptionCheckSetResult):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::appendCall):
+ * wtf/Platform.h:
+
+2011-10-10 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r97045.
+ http://trac.webkit.org/changeset/97045
+ https://bugs.webkit.org/show_bug.cgi?id=69746
+
+ makes apple bots very crashy :( (Requested by kling on
+ #webkit).
+
+ * config.h:
+
+2011-10-10 Andreas Kling <kling@webkit.org>
+
+ Shrink BorderValue.
+ https://bugs.webkit.org/show_bug.cgi?id=69521
+
+ Reviewed by Antti Koivisto.
+
+ * config.h: Touch to force full rebuild.
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Improve Null or Undefined test in 32_64 DFG
+ https://bugs.webkit.org/show_bug.cgi?id=69734
+
+ Reviewed by Darin Adler.
+
+ Currently Null or Undefined value test in 32_64 DFG will check
+ Null and Undefined tag separately and introduce one more branch.
+ It can be improved in the way how the baseline JIT is doing - by
+ relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1".
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - Bug fix for ConvertThis
+ https://bugs.webkit.org/show_bug.cgi?id=69721
+
+ Reviewed by Darin Adler.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove unused callOperation code of DFG JIT on X86
+ https://bugs.webkit.org/show_bug.cgi?id=69722
+
+ Reviewed by Filip Pizlo.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble
+ https://bugs.webkit.org/show_bug.cgi?id=69720
+
+ Reviewed by Filip Pizlo.
+
+ In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by
+ a FPR and will be used for further optimizations, though we currently
+ don't fully utilize it. For now when filling a JS value which was
+ spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat
+ to DataFormatJS to avoid compilation errors.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+
+2011-10-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not always speculate that a ByVal access has an integer index
+ https://bugs.webkit.org/show_bug.cgi?id=69716
+
+ Reviewed by Oliver Hunt.
+
+ 1% win on SunSpider, neutral elsewhere.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::byValHasIntBase):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix value profiling in 32_64 JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69717
+
+ Reviewed by Filip Pizlo.
+
+ Current value profiling for 32_64 JIT is broken and cannot record
+ correct predicated types, which results in many speculation failures
+ in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
+ again and again.
+ With this fix 32_64 DFG JIT can demonstrate real performance gains.
+
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeStatistics):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::dump):
+ Empty value check should be performed on decoded JSValue,
+ as for 32_64 empty value is not identical to encoded 0.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::callWithValueProfiling):
+ Record the right profiling result for 32_64.
+
+2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Remove 32 bit restrictions in DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69711
+
+ Reviewed by Filip Pizlo.
+
+ op_call/op_construct support was disabled for 32 bit DFG JIT because
+ there was regression in javascriptcore tests. Now the bugs are fixed
+ and there should be no regression. This makes 32 bit DFG have the same
+ capability as 64 bit DFG, and improves the coverage.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+
+2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::getConstructData
+ https://bugs.webkit.org/show_bug.cgi?id=69673
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of getConstructData to all classes that
+ override it and changed the virtual versions to call the static
+ versions. This is the first step in de-virtualizing JSCell::getConstructData.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::getConstructData):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getConstructData):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getConstructData):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getConstructData):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getConstructData):
+ * runtime/DateConstructor.h:
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getConstructData):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getConstructData):
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getConstructData):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getConstructData):
+ * runtime/JSFunction.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getConstructData):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getConstructData):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getConstructData):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getConstructData):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getConstructData):
+ * runtime/StringConstructor.h:
+
+2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::getOwnPropertySlot
+ https://bugs.webkit.org/show_bug.cgi?id=69593
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of getOwnPropertySlot to every class that overrides
+ JSCell::getOwnPropertySlot. The virtual versions now call the static versions.
+ This is the first step in de-virtualizing JSCell::getOwnPropertySlot.
+
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::getOwnPropertySlot):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlot):
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getOwnPropertySlot):
+ * runtime/DateConstructor.h:
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::getOwnPropertySlot):
+ * runtime/DatePrototype.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertySlot):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::getOwnPropertySlot):
+ * runtime/JSArray.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::getOwnPropertySlot):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::getOwnPropertySlot):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlot):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::getOwnPropertySlot):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::getOwnPropertySlot):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getOwnPropertySlot):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::getOwnPropertySlot):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getOwnPropertySlot):
+ * runtime/JSString.h:
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::getOwnPropertySlot):
+ * runtime/MathObject.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getOwnPropertySlot):
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getOwnPropertySlot):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::getOwnPropertySlot):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::getOwnPropertySlot):
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getOwnPropertySlot):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::getOwnPropertySlot):
+ * runtime/StringObject.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::getOwnPropertySlot):
+ * runtime/StringPrototype.h:
+
+2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions
+ https://bugs.webkit.org/show_bug.cgi?id=69699
+
+ Reviewed by Filip Pizlo.
+
+ It should match SetLocal where only payload is stored for array predictions.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot
+ https://bugs.webkit.org/show_bug.cgi?id=69702
+
+ Reviewed by Filip Pizlo.
+
+ There are some errors in generating code for Branch and LogicalNot,
+ when the operand is predicted as ObjectOrOther.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+
+2011-10-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96996.
+ http://trac.webkit.org/changeset/96996
+ https://bugs.webkit.org/show_bug.cgi?id=69697
+
+ It broke all tests on the Qt bot (Requested by Ossy_night on
+ #webkit).
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::getCallDataVirtual):
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getCallDataVirtual):
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getCallDataVirtual):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getCallDataVirtual):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getCallDataVirtual):
+ * runtime/DateConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ (JSC::createTypeErrorFunction):
+ * runtime/Error.h:
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getCallDataVirtual):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getCallDataVirtual):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::getCallDataVirtual):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::finishCreation):
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getCallDataVirtual):
+ * runtime/JSCell.h:
+ (JSC::getCallData):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getCallDataVirtual):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getCallDataVirtual):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getCallDataVirtual):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getCallDataVirtual):
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getCallDataVirtual):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getCallDataVirtual):
+ * runtime/StringConstructor.h:
+ * runtime/Structure.h:
+
+2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT - only Array predictions can result in unboxed cells in register file
+ https://bugs.webkit.org/show_bug.cgi?id=69695
+
+ Reviewed by Filip Pizlo.
+
+ In current DFG JIT, only array predictions can result in unboxed cells
+ in register file, not for the other cell predictions.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+
+2011-10-07 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69696
+
+ Reviewed by Filip Pizlo.
+
+ On 32-bit, we should use TimesEight (8) instead of ScalePtr (4)
+ to compute the address of a JS array element.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::deleteProperty
+ https://bugs.webkit.org/show_bug.cgi?id=69659
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of both versions of put to all classes that
+ override them and changed the virtual versions to call the static
+ versions. This is the first step in de-virtualizing JSCell::deleteProperty.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::deleteProperty):
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::deleteProperty):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::deleteProperty):
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::deleteProperty):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::deleteProperty):
+ * runtime/JSArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::deleteProperty):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::deleteProperty):
+ * runtime/JSFunction.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::deleteProperty):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::deleteProperty):
+ * runtime/JSObject.h:
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::deleteProperty):
+ * runtime/JSVariableObject.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::deleteProperty):
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::deleteProperty):
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::deleteProperty):
+ * runtime/StringObject.h:
+
+2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getCallDataVirtual methods
+ https://bugs.webkit.org/show_bug.cgi?id=69186
+
+ Reviewed by Geoffrey Garen.
+
+ Removed all getCallDataVirtual methods and replaced their call sites
+ with an explicit lookup in the MethodTable.
+
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::createTypeErrorFunction):
+
+ Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
+ the class definition in JSGlobalObject.cpp.
+ * runtime/Error.h:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getConstructData):
+ (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+ To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
+ to declare their own ClassInfo if they don't override getCallData, provided
+ an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
+ functionality as of the pure virtual method InternalFunction used to have.
+ Also made this new implementation protected rather than private for the same reason.
+ Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
+ object is being created provides their own implementation of getCallData. This
+ just makes execution fail earlier in a place where the source of the error is
+ easy to trace. These ASSERTs are better than putting a null in the MethodTable because
+ they appear much more intentional to anybody who fails to provide their own
+ implementation or who tries to explicitly call InternalFunction::getCallData.
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::finishCreation):
+ (JSC::InternalFunction::getCallData):
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+
+ Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
+ it to be reused rather than creating a new Structure every time we instantiate it.
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ (JSC::getCallData):
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ * runtime/Structure.h:
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Add missing break statement.
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Support some string intrinsics in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69678
+
+ Reviewed by Gavin Barraclough.
+
+ Add support for charAt and charCodeAt intrinsics in the DFG.
+
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGIntrinsic.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::put
+ https://bugs.webkit.org/show_bug.cgi?id=69382
+
+ Reviewed by Geoffrey Garen.
+
+ Added static version of both versions of put to all classes that
+ override them and changed the virtual versions to call the static
+ versions.
+
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::put):
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::put):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::put):
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::put):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::put):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::put):
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::put):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::put):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::put):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/JSObject.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::put):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::put):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::put):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::put):
+ * runtime/RegExpObject.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::put):
+ * runtime/StringObject.h:
+
+2011-10-07 Gavin Barraclough <barraclough@apple.com>
+
+ Refactor DFG to make for use of callOperation
+ https://bugs.webkit.org/show_bug.cgi?id=69672
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too).
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Switch operationNewObject/operationCreateThis to return Cells,
+ - Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Replace code plating calls to operations to with calls to callOperation.
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Replace code plating calls to operations to with calls to callOperation.
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Support string indexing in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=69671
+
+ Reviewed by Gavin Barraclough.
+
+ Emit code to support inline indexing of strings
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ Shared code to perform string indexing.
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ Use compileGetByValOnString if we predict that the base object
+ is a string in GetByVal.
+ * runtime/JSString.h:
+ (JSC::JSString::offsetOfFiberCount):
+ (JSC::JSString::offsetOfValue):
+
+2011-10-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG ConvertThis speculation logic is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=69663
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Verify that our call speculation is valid.
+
+ Reviewed by Filip Pizlo.
+
+ Before specialising an intrinsic we need to verify that
+ we our speculation is correct.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-10-07 Brent Fulgham <bfulgham@webkit.org>
+
+ [WinCairo] Unreviewed build correction for the build bot.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing
+ Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that
+ build-jsc can find the target it needs to run the JSC tests.
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Fix 32-bit build.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+
+2011-10-07 Oliver Hunt <oliver@apple.com>
+
+ Support direct calls to intrinsic functions
+ https://bugs.webkit.org/show_bug.cgi?id=69646
+
+ Reviewed by Gavin Barraclough.
+
+ Add support for optimising non-method_check calls
+ to intrinsic functions (eg. when Math.abs, etc are
+ cached in local variables).
+
+ * bytecode/CodeBlock.h:
+ (JSC::getCallLinkInfoBytecodeIndex):
+ Support searching CallLinkInfos by bytecode index
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ Add support for linked calls in addition to method_check
+ when searching for intrinsics
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasFunctionCheckData):
+ (JSC::DFG::Node::function):
+ Add ability to store a JSFunction* in a node - this is safe
+ as the function will be marked by the codeblock we're compiling
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::checkFunctionElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ Add support for new CheckFunction node, and implement CSE pass.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ Rather trivial implementation of CheckFunction
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+ Need to propagate bytecode index for calls now.
+
+2011-10-07 Dominic Cooney <dominicc@chromium.org>
+
+ [JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles
+ https://bugs.webkit.org/show_bug.cgi?id=69599
+
+ Reviewed by Sam Weinig.
+
+ DFG JIT manipulates MetaAllocatorHandles across threads, eg in
+ allocating JITCode buffers on a background thread to execute a
+ proxy autoconfiguration PAC file but garbage collecting it in
+ response to allocation on the main thread. Disabling
+ ThreadRestrictionVerification until there is a verification scheme
+ that understands this handoff.
+
+ * wtf/MetaAllocator.cpp:
+ (WTF::MetaAllocator::allocate):
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not always speculate that ConvertThis is operating on an object
+ https://bugs.webkit.org/show_bug.cgi?id=69570
+
+ Reviewed by Oliver Hunt.
+
+ Mostly neutral, but with a slight regression in Kraken since it increases
+ coverage in DFG and thus reveals some performance pathologies (which I
+ prefer to think of as performance opportunities, in a good way).
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ (JSC::isOtherPrediction):
+ (JSC::mergePredictions):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Windows build fix
+
+ Unreviewed build fix. Weird runtime failures on Windows due to
+ linking issues caused by the ClassInfo struct in JSByteArray not
+ being declared with JS_EXPORTDATA.
+
+ * runtime/JSByteArray.h:
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ Structure does not reset m_previous when pinning the property map
+ https://bugs.webkit.org/show_bug.cgi?id=69583
+
+ Reviewed by Gavin Barraclough.
+
+ This is an 0.6% performance improvement in V8, and 0.2% overall.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::pin):
+ * runtime/Structure.h:
+
+2011-10-06 Anders Carlsson <andersca@apple.com>
+
+ When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors
+ https://bugs.webkit.org/show_bug.cgi?id=69586
+
+ Reviewed by Darin Adler.
+
+ * Configurations/Base.xcconfig:
+ Add -Wglobal-constructors and -Wexit-time-destructors when building with clang.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ When building with clang, we don't need to run the check-for-global-initializers and
+ check-for-exit-time-destructors anymore.
+
+ * jsc.cpp:
+ (runInteractive):
+ Move interpreterName into runInteractive.
+
+ * wtf/StdLibExtras.h:
+ When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors
+ warnings around the variable declaration.
+
+2011-10-06 Anders Carlsson <andersca@apple.com>
+
+ Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds
+ https://bugs.webkit.org/show_bug.cgi?id=69584
+
+ Reviewed by Darin Adler.
+
+ Add DEFINE_DEBUG_ONLY_GLOBAL macro.
+
+ * wtf/StdLibExtras.h:
+
+2011-10-06 Oliver Hunt <oliver@apple.com>
+
+ Write barrier shouldn't allocate temporaries inside control flow
+ https://bugs.webkit.org/show_bug.cgi?id=69582
+
+ Reviewed by Gavin Barraclough.
+
+ Reorder the code to avoid spill-related badness.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::shouldSpeculate methods are too complicated
+ https://bugs.webkit.org/show_bug.cgi?id=69560
+
+ Reviewed by Geoffrey Garen.
+
+ Moved shouldSpeculate methods to DFG::Node, and cleaned them up to
+ just use node predictions.
+
+ By itself this would have meant that SpeculativeJIT code would have
+ had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ().
+ So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced
+ all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex).
+
+ This is an 0.4% progression overall that shows up in all benchmarks,
+ for reasons unknown.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::at):
+ (JSC::DFG::JITCodeGenerator::canReuse):
+ (JSC::DFG::JITCodeGenerator::isFilled):
+ (JSC::DFG::JITCodeGenerator::isFilledDouble):
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::detectPeepHoleBranch):
+ (JSC::DFG::integerResult):
+ (JSC::DFG::noResult):
+ (JSC::DFG::cellResult):
+ (JSC::DFG::jsValueResult):
+ (JSC::DFG::storageResult):
+ (JSC::DFG::doubleResult):
+ (JSC::DFG::initConstantInfo):
+ (JSC::DFG::appendCallWithExceptionCheck):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::shouldSpeculateInteger):
+ (JSC::DFG::Node::shouldSpeculateDouble):
+ (JSC::DFG::Node::shouldSpeculateNumber):
+ (JSC::DFG::Node::shouldNotSpeculateInteger):
+ (JSC::DFG::Node::shouldSpeculateFinalObject):
+ (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
+ (JSC::DFG::Node::shouldSpeculateArray):
+ (JSC::DFG::Node::shouldSpeculateArrayOrOther):
+ (JSC::DFG::Node::shouldSpeculateObject):
+ (JSC::DFG::Node::shouldSpeculateCell):
+ (JSC::DFG::Node::canSpeculateInteger):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownArray):
+ (JSC::DFG::SpeculativeJIT::isKnownString):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-06 Gavin Peters <gavinp@chromium.org>
+
+ REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1"
+ https://bugs.webkit.org/show_bug.cgi?id=69556
+
+ Reviewed by Adam Roben.
+
+ * wtf/Assertions.cpp:
+
+2011-10-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG implementation of UInt32ToNumber is missing a break statement
+ https://bugs.webkit.org/show_bug.cgi?id=69552
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-06 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed build fix for DFG JIT 32_64 release builds.
+
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGJITCompiler32_64.cpp:
+ - Remove three unused methods.
+
+2011-10-06 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT 32_64 should check type of values being filled by fillSpeculateInt
+ https://bugs.webkit.org/show_bug.cgi?id=69549
+
+ Reviewed by Oliver Hunt.
+
+ This breaks sunspider/3d-cube.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ - Speculation check on the tag.
+
+2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Snow Leopard build fix
+
+ Unreviewed build fix
+
+ * JavaScriptCore.exp:
+
+2011-10-05 Gavin Barraclough <barraclough@apple.com>
+
+ Add explicit JSGlobalThis type.
+ https://bugs.webkit.org/show_bug.cgi?id=69478
+
+ Reviewed by Darin Adler.
+
+ JSC supports a split global object, as used by WebCore for the Window. As a stage
+ of making this visible to JSC, make it so that if the global this value is not the
+ global object itself, it must be a subclass of JSGlobalThis.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::finishCreation):
+ - Don't pass the thisValue to JSGlobalObject::finishCreation.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added JSGlobalThis.h
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ - Don't pass the thisValue to JSGlobalObject::finishCreation.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::finishCreation):
+ - finishCreation takes a JSGlobalThis, or thisValue is implicit.
+ * runtime/JSGlobalThis.h: Added.
+ (JSC::JSGlobalThis::create):
+ (JSC::JSGlobalThis::JSGlobalThis):
+ (JSC::JSGlobalThis::finishCreation):
+ - Thin wrapper on JSNonFinalObject to allow type checking.
+ * testRegExp.cpp:
+ (GlobalObject::finishCreation):
+ - Don't pass the thisValue to JSGlobalObject::finishCreation.
+
+2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSC objects need to know their own cell size at runtime.
+ https://bugs.webkit.org/show_bug.cgi?id=69390
+
+ Reviewed by Geoffrey Garen.
+
+ Added the cellSize field to ClassInfo and the static calculation of
+ size of each class to the CREATE_METHOD_TABLE macro, which will be
+ renamed in a followup patch to make its name match its broader use.
+
+ Also added a few ClassInfo structs so that each object that is allocated has its
+ correct size.
+
+ * JavaScriptCore.exp:
+ * runtime/ClassInfo.h:
+
+ Changed JSByteArray s_defaultInfo to s_info so that the template will get the
+ correct ClassInfo struct from it when it's allocated.
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.h:
+ (JSC::allocateCell):
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+ (JSC::JSCell::cellSize):
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/StrictEvalActivation.cpp:
+ * runtime/StrictEvalActivation.h:
+
+2011-10-06 Gavin Peters <gavinp@chromium.org>
+
+ export new stack dumping method
+ https://bugs.webkit.org/show_bug.cgi?id=69018
+
+ The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use
+ of this function, many builds broke. So here we add the exports, so that the function is usable.
+
+ Reviewed by Adam Roben.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-06 Csaba Osztrogonác <ossy@webkit.org>
+
+ REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS)
+ https://bugs.webkit.org/show_bug.cgi?id=69413
+
+ Reviewed by Darin Adler.
+
+ * assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way.
+
+2011-10-05 Filip Pizlo <fpizlo@apple.com>
+
+ SpeculativeJIT::isKnownString() is wrong
+ https://bugs.webkit.org/show_bug.cgi?id=69501
+
+ Reviewed by Oliver Hunt.
+
+ Removed the wrong case (GetLocal predicted String) and added a case that
+ works (StrCat).
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownString):
+
+2011-10-05 Ryosuke Niwa <rniwa@webkit.org>
+
+ Windows build fix attempt after r96760.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-10-05 Chris Rogers <crogers@google.com>
+
+ Define a log2f() function for Windows in wtf/MathExtras.h
+ https://bugs.webkit.org/show_bug.cgi?id=69491
+
+ Reviewed by Darin Adler.
+
+ * wtf/MathExtras.h:
+ (log2f):
+
+2011-10-05 Jer Noble <jer.noble@apple.com>
+
+ Enable WEB_AUDIO by default in the WebKit/mac port.
+ https://bugs.webkit.org/show_bug.cgi?id=68587
+
+ Reviewed by Simon Fraser.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-10-05 Filip Pizlo <fpizlo@apple.com>
+
+ Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots
+ https://bugs.webkit.org/show_bug.cgi?id=69346
+
+ Reviewed by Oliver Hunt.
+
+ Removed the assertion, since it was completely wrong for op_post_inc.
+ Short of having specialized PostInc nodes in the DFG, there is no
+ robust way of asserting what this assertion was trying to assert while
+ also supporting op_post_inc.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-05 Geoffrey Garen <ggaren@apple.com>
+
+ Added a simpler mechanism for registering one-off finalizers
+ https://bugs.webkit.org/show_bug.cgi?id=69466
+
+ Reviewed by Oliver Hunt.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::addFinalizer):
+ (JSC::Heap::FinalizerOwner::finalize):
+ * heap/Heap.h: New function for adding an arbitrary finalizer for an
+ arbitrary cell without declaring any special classes or Handles yourself.
+
+ * JavaScriptCore.exp: Fix build.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::ExecutableBase::clearCodeVirtual):
+ (JSC::EvalExecutable::clearCodeVirtual):
+ (JSC::ProgramExecutable::clearCodeVirtual):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::clearCodeVirtual):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::finishCreation): Use the new mechanism for eager
+ finalization of executables.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::clearRareData):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::createRareDataIfNeeded):
+ (JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager
+ finalization of weak maps.
+
+2011-10-05 Adam Roben <aroben@apple.com>
+
+ Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer
+
+ RetainPtr's behavior of allowing the template parameter to be either a pointer type or a
+ pointed-to type confused us when we implemented hashTableDeletedValue.
+
+ Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type
+ in HashMap/HashSet fails to compile
+
+ Reviewed by John Sullivan.
+
+ * wtf/RetainPtr.h:
+ (WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*,
+ since T might itself be a pointer.
+
+ (WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't
+ seem to be causing a problem.
+
+2011-10-05 Oliver Hunt <oliver@apple.com>
+
+ Remove last vestiges of anonymous storage.
+
+ Reviewed by Gavin Barraclough.
+
+ One anonymous storage function escaped my prior purge of
+ this feature, this patch removes it.
+
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::finishCreation):
+ * runtime/JSObject.h:
+
+2011-10-04 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should be capable of a broader range of speculations on branch and not
+ https://bugs.webkit.org/show_bug.cgi?id=69322
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/PredictedType.h:
+ (JSC::isFinalObjectOrOtherPrediction):
+ (JSC::isArrayOrOtherPrediction):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+
+2011-10-05 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96733.
+ http://trac.webkit.org/changeset/96733
+ https://bugs.webkit.org/show_bug.cgi?id=69454
+
+ Broke GCC for some reason (Requested by andersca on #webkit).
+
+ * wtf/ListHashSet.h:
+ (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
+ (WTF::ListHashSetReverseIterator::get):
+ (WTF::ListHashSetReverseIterator::operator*):
+ (WTF::ListHashSetReverseIterator::operator->):
+ (WTF::ListHashSetReverseIterator::operator++):
+ (WTF::ListHashSetReverseIterator::operator--):
+ (WTF::ListHashSetReverseIterator::operator==):
+ (WTF::ListHashSetReverseIterator::operator!=):
+ (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
+ (WTF::ListHashSetReverseIterator::node):
+ (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
+ (WTF::ListHashSetConstReverseIterator::get):
+ (WTF::ListHashSetConstReverseIterator::operator*):
+ (WTF::ListHashSetConstReverseIterator::operator->):
+ (WTF::ListHashSetConstReverseIterator::operator++):
+ (WTF::ListHashSetConstReverseIterator::operator--):
+ (WTF::ListHashSetConstReverseIterator::operator==):
+ (WTF::ListHashSetConstReverseIterator::operator!=):
+ (WTF::ListHashSetConstReverseIterator::node):
+ (WTF::::rbegin):
+ (WTF::::rend):
+ (WTF::::makeReverseIterator):
+ (WTF::::makeConstReverseIterator):
+
+2011-10-04 Oliver Hunt <oliver@apple.com>
+
+ Add rudimentary filtering to write barriers
+ https://bugs.webkit.org/show_bug.cgi?id=69392
+
+ Reviewed by Filip Pizlo.
+
+ Add approximate filtering for write barriers based on the
+ target's mark bit. Also add some macros to support dumping
+ GC phase timings.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ * heap/Heap.cpp:
+ (JSC::GCTimer::GCTimerScope::GCTimerScope):
+ (JSC::GCTimer::GCTimerScope::~GCTimerScope):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ Add phase timing information.
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::offsetOfMarks):
+ (JSC::MarkedBlock::gatherDirtyCells):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier):
+
+2011-10-05 Anders Carlsson <andersca@apple.com>
+
+ Use std::reverse_iterator for ListHashSet reverse iterators
+ https://bugs.webkit.org/show_bug.cgi?id=69446
+
+ Reviewed by Darin Adler.
+
+ * wtf/ListHashSet.h:
+ Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators
+ and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes.
+
+2011-10-04 Gavin Barraclough <barraclough@apple.com>
+
+ Make Object.prototype getter/setter methods match ES5 behaviour
+ https://bugs.webkit.org/show_bug.cgi?id=69393
+
+ Reviewed by Sam Weinig.
+
+ The rest of Object.prototype no longer substitute Null/Undefined with the global object,
+ this is old ES3 behaviour. Remove it here too.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncDefineGetter):
+ (JSC::objectProtoFuncDefineSetter):
+ (JSC::objectProtoFuncLookupGetter):
+ (JSC::objectProtoFuncLookupSetter):
+
+2011-10-05 Patrick Gansterer <paroga@webkit.org>
+
+ Get rid of posixThread in MachineStackMarker::Thread
+ https://bugs.webkit.org/show_bug.cgi?id=54836
+
+ Reviewed by Oliver Hunt.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::Thread::Thread):
+ (JSC::getCurrentPlatformThread):
+ (JSC::equalThread):
+ (JSC::MachineThreads::addCurrentThread):
+ (JSC::MachineThreads::removeCurrentThread):
+ (JSC::MachineThreads::gatherConservativeRoots):
+
+2011-10-04 Geoffrey Garen <ggaren@apple.com>
+
+ Removed JSValue::toJSNumber
+ https://bugs.webkit.org/show_bug.cgi?id=69399
+
+ No perf. change.
+
+ toJSNumber() used to provide an implicit fast path for immediate numbers,
+ but those fast paths are all explicit now, so it's just cruft.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+
+2011-10-05 Gavin Peters <gavinp@chromium.org>
+
+ REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces
+ https://bugs.webkit.org/show_bug.cgi?id=69424
+
+ Skip an extra frame in WTFReportBacktrace. As well, I now don't count skipped frames in maxFrames,
+ so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively
+ 31 reported frames.
+
+ Reviewed by Adam Roben.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
+2011-10-05 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed WinCE build fix for r96595.
+
+ * wtf/Assertions.cpp:
+ RtlCaptureStackBackTrace() isn't available on WinCE.
+
+2011-10-04 Kent Tamura <tkent@chromium.org>
+
+ Introduce feature flags for incomplete input types
+ https://bugs.webkit.org/show_bug.cgi?id=68971
+
+ Reviewed by Hajime Morita.
+
+ * Configurations/FeatureDefines.xcconfig:
+ Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS.
+
+2011-10-04 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening.
+
+2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static ClassInfo structs to classes that override JSCell::getCallData
+ https://bugs.webkit.org/show_bug.cgi?id=69311
+
+ Reviewed by Darin Adler.
+
+ Added ClassInfo structs to each class that defined its own getCallData
+ function but did not already have its own ClassInfo struct. This is a
+ necessary addition for when we switch over to looking up getCallData from
+ the MethodTable in ClassInfo rather than doing the virtual call (which we
+ are removing). These new ClassInfo structs are public because we often
+ use these structs in other areas of the code to uniquely identify JSC classes and
+ to enforce runtime invariants based on those class identities using ASSERTs.
+ Also added new createStructure methods to those classes that didn't have
+ them so that the new ClassInfo structs would be used when creating the Structures
+ in these classes.
+
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::createStructure):
+
+ getCallData was not marked as static in StrictModeTypeErrorFunction.
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ (JSC::StrictModeTypeErrorFunction::createStructure):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::createStructure):
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::createStructure):
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+2011-10-03 Geoffrey Garen <ggaren@apple.com>
+
+ Some JSValue cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=69320
+
+ Reviewed by Darin Adler.
+
+ No measurable performance change.
+
+ Removed some JSValue::get* functions. get* used to be an optimization
+ when every value operation was a virtual function call: get* would combine
+ two virtual calls into one. Now, with non-virtual, inlined functions, get*
+ isn't faster, and may be slightly slower.
+
+ Merged getBoolean(bool&) and getBoolean() into asBoolean().
+
+ Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
+ asNumber().
+
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::asNumber):
+ (JSC::JSValue::asBoolean): As promised!
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::toThisNumber):
+ (JSC::numberProtoFuncToExponential):
+ (JSC::numberProtoFuncToFixed):
+ (JSC::numberProtoFuncToPrecision):
+ (JSC::numberProtoFuncToString):
+ (JSC::numberProtoFuncToLocaleString):
+ (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
+ by switching to toThisNumber().
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::toNumber):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::internalNumber):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncBind):
+ * runtime/JSArray.cpp:
+ (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
+ getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
+
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h: Nixed getJSNumber().
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ * runtime/JSONObject.cpp:
+ (JSC::gap):
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/NumberObject.cpp:
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/Operations.h:
+ (JSC::JSValue::equalSlowCaseInline):
+ (JSC::JSValue::strictEqual):
+ (JSC::jsLess):
+ (JSC::jsLessEq):
+ (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
+ getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
+
+2011-10-04 Scott Graham <scottmg@chromium.org>
+
+ Add GAMEPAD feature flag
+ https://bugs.webkit.org/show_bug.cgi?id=66859
+
+ Reviewed by Darin Fisher.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ JITCodeGenerator should no longer have code that tries too hard
+ to be both speculative and non-speculative
+ https://bugs.webkit.org/show_bug.cgi?id=69321
+
+ Reviewed by Gavin Barraclough.
+
+ Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
+ This required moving emitBranch() to SpeculativeJIT, since it was
+ the main user of that field and method. Other than trvial clean-ups
+ in emitBranch(), the code is unchanged (and still has some disparity
+ between 64 and 32_64, and still lacks some obvious optimizations).
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitBranch):
+
+2011-10-04 David Hyatt <hyatt@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=69372
+
+ [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
+
+ Add support for reverse iteration to ListHashSet to support being able to walk them
+ backwards easily.
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/ListHashSet.h:
+ (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
+ (WTF::ListHashSetReverseIterator::get):
+ (WTF::ListHashSetReverseIterator::operator*):
+ (WTF::ListHashSetReverseIterator::operator->):
+ (WTF::ListHashSetReverseIterator::operator++):
+ (WTF::ListHashSetReverseIterator::operator--):
+ (WTF::ListHashSetReverseIterator::operator==):
+ (WTF::ListHashSetReverseIterator::operator!=):
+ (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
+ (WTF::ListHashSetReverseIterator::node):
+ (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
+ (WTF::ListHashSetConstReverseIterator::get):
+ (WTF::ListHashSetConstReverseIterator::operator*):
+ (WTF::ListHashSetConstReverseIterator::operator->):
+ (WTF::ListHashSetConstReverseIterator::operator++):
+ (WTF::ListHashSetConstReverseIterator::operator--):
+ (WTF::ListHashSetConstReverseIterator::operator==):
+ (WTF::ListHashSetConstReverseIterator::operator!=):
+ (WTF::ListHashSetConstReverseIterator::node):
+ (WTF::::rbegin):
+ (WTF::::rend):
+ (WTF::::makeReverseIterator):
+ (WTF::::makeConstReverseIterator):
+ (WTF::::makeConstIterator):
+
+2011-10-04 Gavin Peters <gavinp@chromium.org>
+
+ fix gtk breakage caused by changeset 96595
+ https://bugs.webkit.org/show_bug.cgi?id=69371
+
+ ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
+ the pretty printer on gtk, which should fix the build on that platform.
+
+ Reviewed by NOBODY, this is a build fix.
+
+ * wtf/Assertions.cpp:
+
+2011-10-04 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96630.
+ http://trac.webkit.org/changeset/96630
+ https://bugs.webkit.org/show_bug.cgi?id=69368
+
+ Caused assertion failures in validateCell (Requested by
+ mhahnenberg on #webkit).
+
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static ClassInfo structs to classes that override JSCell::getCallData
+ https://bugs.webkit.org/show_bug.cgi?id=69311
+
+ Reviewed by Darin Adler.
+
+ Added ClassInfo structs to each class that defined its own getCallData
+ function but did not already have its own ClassInfo struct. This is a
+ necessary addition for when we switch over to looking up getCallData from
+ the MethodTable in ClassInfo rather than doing the virtual call (which we
+ are removing). These new ClassInfo structs are public because we often
+ use these structs in other areas of the code to uniquely identify JSC classes and
+ to enforce runtime invariants based on those class identities using ASSERTs.
+
+ * runtime/BooleanConstructor.cpp:
+ * runtime/BooleanConstructor.h:
+
+ getCallData was not marked as static is StrictModeTypeErrorFunction.
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ * runtime/ErrorConstructor.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+
+2011-10-04 Ryosuke Niwa <rniwa@webkit.org>
+
+ Leopard build fix after r96613.
+
+ * wtf/Platform.h:
+
+2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Implicitly add toString and valueOf to prototype when convertToType callback is provided
+ https://bugs.webkit.org/show_bug.cgi?id=69156
+
+ Reviewed by Geoffrey Garen.
+
+ Added callbacks for toString and valueOf which are implicitly added to a client object's
+ prototype if they provide a convertToType callback when declaring their class through
+ the JSC API.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::toStringCallback):
+ (JSC::JSCallbackFunction::valueOfCallback):
+ * API/JSCallbackFunction.h:
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/tests/testapi.js:
+
+2011-10-03 Jon Lee <jonlee@apple.com>
+
+ Extend DOM WheelEvent to differentiate between physical and logical scroll directions
+ https://bugs.webkit.org/show_bug.cgi?id=68959
+ <rdar://problem/10036688>
+
+ Reviewed by Sam Weinig.
+
+ * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.
+
+2011-10-04 Csaba Osztrogonác <ossy@webkit.org>
+
+ MinGW warning fix after r96286.
+
+ Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:
+ #define __stdcall __attribute__((stdcall))
+ #define STDCALL __stdcall
+
+ Reviewed by Tor Arne Vestbø.
+
+ * assembler/MacroAssemblerCodeRef.h:
+
+2011-10-04 Gavin Peters <gavinp@chromium.org>
+
+ add more stack dumping methods
+ https://bugs.webkit.org/show_bug.cgi?id=69018
+
+ In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
+ WebKit programmatically retrieve the current stack. This is useful if you need to add more
+ reporting to field crash report uploads, if you're tracking down an irreproducable bug,
+ for instance.
+
+ Reviewed by Darin Adler.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should inline Array.push and Array.pop
+ https://bugs.webkit.org/show_bug.cgi?id=69314
+
+ Reviewed by Geoff Garen.
+
+ Fix 32-bit.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should inline Array.push and Array.pop
+ https://bugs.webkit.org/show_bug.cgi?id=69314
+
+ Reviewed by Oliver Hunt.
+
+ 1% speed-up in V8 due to 6% speed-up in V8-deltablue.
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::storePtr):
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGIntrinsic.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasHeapPrediction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ JSC ASSERT Opening the Web Inspector
+ https://bugs.webkit.org/show_bug.cgi?id=69293
+
+ Reviewed by Oliver Hunt.
+
+ If a polymorphic access structure list has a duplicated structure, then
+ don't crash.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
+2011-10-03 Gavin Barraclough <barraclough@apple.com>
+
+ On X86, switch bucketCount into a register, timeoutCheck into memory
+ https://bugs.webkit.org/show_bug.cgi?id=69299
+
+ Reviewed by Geoff Garen.
+
+ We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
+ it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
+ but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
+ function too frequently (regressing performance). This patch has no perf impact on sunspider.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::branchAdd32):
+ (JSC::MacroAssemblerX86::branchSub32):
+ - Added branchSub32 with AbsoluteAddress.
+ * jit/JIT.cpp:
+ (JSC::JIT::emitTimeoutCheck):
+ - Keep timeout count in memory on X86.
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ - remove X86 specific code, switch bucket count back into a register.
+ * jit/JITStubs.cpp:
+ - Stop initializing esi (it is no longer the timeoutCheck!)
+ * jit/JSInterfaceJIT.h:
+ - change definition of esi to be the bucketCountRegister.
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ - Add timeoutCount as a property to global data (the counter should be per-thread).
+
+2011-10-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG backends don't have access to per-node predictions from the propagator
+ https://bugs.webkit.org/show_bug.cgi?id=69291
+
+ Reviewed by Oliver Hunt.
+
+ Nodes now have two notion of predictions: the heap prediction, which is
+ what came directly from value profiling, and the propagator's predictions,
+ which arise out of abstract interpretation. Every node has a propagator
+ prediction, but not every node has a heap prediction; and there is no
+ guarantee that a node that has both will keep them consistent as the
+ propagator may have additional information available to it.
+
+ This is performance neutral.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasHeapPrediction):
+ (JSC::DFG::Node::getHeapPrediction):
+ (JSC::DFG::Node::predictHeap):
+ (JSC::DFG::Node::prediction):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::setPrediction):
+ (JSC::DFG::Propagator::mergePrediction):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::isPredictedNumerical):
+ (JSC::DFG::Propagator::logicalNotIsPure):
+ (JSC::DFG::Propagator::setReplacement):
+
+2011-10-03 Jer Noble <jer.noble@apple.com>
+
+ Unreviewed, rolling out r96526.
+ http://trac.webkit.org/changeset/96526
+ https://bugs.webkit.org/show_bug.cgi?id=68587
+
+ WEB_AUDIO has numerous 64->32 bit casting warnings, causing
+ build breakages where -Wall is enabled.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-10-03 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed build fix for DFG JIT 32_64.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-10-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should speculate more aggressively on obvious cases on
+ polymorphic get_by_id
+ https://bugs.webkit.org/show_bug.cgi?id=69235
+
+ Reviewed by Oliver Hunt.
+
+ This implements trivial polymorphic get_by_id. It also fixes
+ problems in the CSE for CheckStructure in the put_by_id
+ transition case.
+
+ Doing this required knowing whether a polymorphic get_by_id stub
+ was doing a direct access rather than a call of some kind.
+
+ Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
+ scaled mean of all benchmarks.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::addStructureSet):
+ (JSC::DFG::Graph::addStructureTransitionData):
+ * dfg/DFGNode.h:
+ (JSC::DFG::StructureTransitionData::StructureTransitionData):
+ (JSC::DFG::Node::hasStructureTransitionData):
+ (JSC::DFG::Node::structureTransitionData):
+ (JSC::DFG::Node::hasStructureSet):
+ (JSC::DFG::Node::structureSet):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryBuildGetByIDProtoList):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStructureSet.h: Added.
+ (JSC::DFG::StructureSet::StructureSet):
+ (JSC::DFG::StructureSet::add):
+ (JSC::DFG::StructureSet::addAll):
+ (JSC::DFG::StructureSet::remove):
+ (JSC::DFG::StructureSet::contains):
+ (JSC::DFG::StructureSet::isSubsetOf):
+ (JSC::DFG::StructureSet::isSupersetOf):
+ (JSC::DFG::StructureSet::size):
+ (JSC::DFG::StructureSet::at):
+ (JSC::DFG::StructureSet::operator[]):
+ (JSC::DFG::StructureSet::last):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::getPolymorphicAccessStructureListSlot):
+
+2011-10-03 Jer Noble <jer.noble@apple.com>
+
+ Enable WEB_AUDIO by default in the WebKit/mac port.
+ https://bugs.webkit.org/show_bug.cgi?id=68587
+
+ Reviewed by Simon Fraser.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-10-03 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Fix make distcheck build
+ https://bugs.webkit.org/show_bug.cgi?id=69243
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am:
+
+2011-10-03 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] Build fix: Qt::escape is deprecated in Qt5
+ https://bugs.webkit.org/show_bug.cgi?id=69162
+
+ Use QString::toHtmlEscaped in the Qt5 case.
+
+ Reviewed by Andreas Kling.
+
+ * JavaScriptCore.pri:
+ * wtf/qt/UtilsQt.h: Added.
+ (escapeHtml):
+ * wtf/wtf.pri:
+
+2011-10-03 Balazs Kelemen <kbalazs@webkit.org>
+
+ libdispatch based ParallelJobs is not enough parallel
+ https://bugs.webkit.org/show_bug.cgi?id=66378
+
+ Reviewed by Zoltan Herczeg.
+
+ Use the appropriate libdispatch API for our use case.
+ Throw away the hard coded limit of parallel threads
+ and use dispatch_apply with the default priority normal
+ queue istead of using our own custom serial queue (which
+ was a misuse of the API). Enabling PARALLEL_JOBS is now
+ a 60% win (2.63x as fast) on the methanol benchmark
+ (https://gitorious.org/methanol) with an SVG centric test set
+ while the old implementation was almost identical (less than 5% win).
+
+ * wtf/ParallelJobsLibdispatch.h:
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::execute):
+
+2011-10-02 Zoltan Herczeg <zherczeg@webkit.org>
+
+ [Qt]REGRESSION(r95912): It made sputnik tests flakey
+ https://bugs.webkit.org/show_bug.cgi?id=68990
+
+ Reviewed by Geoffrey Garen.
+
+ Changing signed char to int in r96354 solved the
+ problem. However transitionCount still returns
+ with a signed char and should be changed to int.
+
+ * runtime/Structure.h:
+ (JSC::Structure::transitionCount):
+
+2011-10-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG misses some obvious opportunities for common subexpression elimination
+ https://bugs.webkit.org/show_bug.cgi?id=69233
+
+ Reviewed by Oliver Hunt.
+
+ 0.7% speed-up on SunSpider.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+
+2011-10-02 Gavin Barraclough <barraclough@apple.com>
+
+ Bug 67455 - Different regular expression result
+
+ Reviewed by Darin Adler.
+
+ Fix a regression introduced in r72140. A return was added to the backtracking loop for
+ backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
+ This is incorrect. The additional return should only trigger to force an early return if
+ an error has occured.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::matchParentheses):
+ - Simplify some nested if else logic.
+ (JSC::Yarr::Interpreter::backtrackParentheses):
+ - Simplify some nested if else logic.
+ - Only return early from backtrackParentheses on success/error, not on failure.
+
+2011-10-01 Geoffrey Garen <ggaren@apple.com>
+
+ Removed redundant helper functions for allocating Strong handles
+ https://bugs.webkit.org/show_bug.cgi?id=69218
+
+ Reviewed by Sam Weinig.
+
+ * heap/Heap.h:
+ (JSC::Heap::handleHeap):
+ * runtime/JSGlobalData.h: Removed these helper functions, since they
+ just created indirection.
+
+ * heap/StrongInlines.h: Added. Broke out a header for inline functions
+ to resolve circular dependencies created by inlining. I'm told this is
+ the future for JavaScriptCore.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * heap/Local.h:
+ (JSC::::Local):
+ * heap/Strong.h:
+ (JSC::::Strong):
+ (JSC::::set):
+ * heap/Weak.h:
+ (JSC::Weak::Weak):
+ (JSC::Weak::set): Allocate handles directly instead of going through a
+ chain of forwarding functions.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ * runtime/JSGlobalData.cpp:
+ * runtime/LiteralParser.cpp:
+ * runtime/RegExpCache.cpp: Updated for header changes.
+
+2011-09-30 Filip Pizlo <fpizlo@apple.com>
+
+ All of JSC's heuristics should be in one place for easier tuning
+ https://bugs.webkit.org/show_bug.cgi?id=69201
+
+ Reviewed by Oliver Hunt.
+
+ This makes it possible to change tiered compilation heuristics in
+ one place (Heuristics.cpp) without recompiling the whole project.
+
+ It also makes it possible to enable setting heuristics using
+ environment variables. This is off by default. When turned on, it
+ makes tuning the system much easier.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ * runtime/Heuristics.cpp: Added.
+ (JSC::Heuristics::parse):
+ (JSC::Heuristics::setHeuristic):
+ (JSC::Heuristics::initializeHeuristics):
+ * runtime/Heuristics.h: Added.
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+
+2011-10-01 Oliver Hunt <oliver@apple.com>
+
+ Support string length in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=69215
+
+ Reviewed by Geoff Garen.
+
+ Adds a GetStringLength node to the DFG so that we can support
+ string.length inline.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownString):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSString.h:
+ (JSC::JSString::offsetOfLength):
+
+2011-10-01 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69205
+
+ Reviewed by Gavin Barraclough.
+
+ If there are unboxed integers and cells in register file (e.g. by SetLocal),
+ they must be reboxed before exiting from the speculative DFG JIT execution.
+ This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
+ ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::forPrediction):
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
+
+2011-10-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96421.
+ http://trac.webkit.org/changeset/96421
+ https://bugs.webkit.org/show_bug.cgi?id=69206
+
+ It broke Qt-WK2 build (Requested by ossy on #webkit).
+
+ * JavaScriptCore.pri:
+ * wtf/qt/UtilsQt.h: Removed.
+ * wtf/wtf.pri:
+
+2011-09-30 Daniel Bates <dbates@webkit.org>
+
+ Attempt to fix the Apple Windows and WinCairo Debug builds after
+ <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
+ ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
+ corresponding function, JSValue::toStrictThisObject(), was removed.
+
+2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG operation results are not set correctly in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69126
+
+ Reviewed by Gavin Barraclough.
+
+ The setupResults routine has the bug of reversing the source and destination.
+ Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::setupTwoStubArgs):
+ (JSC::DFG::setupResults):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ Remove toStrictThisObject, toThisString, toThisJSString
+ https://bugs.webkit.org/show_bug.cgi?id=69203
+
+ Rubber stamped by Sam Weinig
+
+ These are no longer used.
+
+ * JavaScriptCore.exp:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSValue.h:
+ * runtime/StrictEvalActivation.cpp:
+ * runtime/StrictEvalActivation.h:
+
+2011-09-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not speculate aggressively enough on put_by_id
+ https://bugs.webkit.org/show_bug.cgi?id=69114
+
+ Reviewed by Oliver Hunt.
+
+ This adds new nodes along with optimizations for those nodes:
+
+ GetPropertyStorage: CheckStructure used to do both the structure
+ check and retrieve the storage pointer. Now CheckStructure just
+ checks the structure, and GetPropertyStorage retrieves the
+ storage pointer.
+
+ PutStructure: Changes the structure, and has the expected store
+ to load optimization with CheckStructure.
+
+ PutByOffset: Directly sets the value. Has store to load
+ optimization with GetByOffset.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::cellConstant):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasStructure):
+ (JSC::DFG::Node::hasStorageAccessData):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::impureCSE):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
+ (JSC::DFG::Propagator::eliminate):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ StringRecursionChecker should not work in terms of EncodedJSValue
+ https://bugs.webkit.org/show_bug.cgi?id=69188
+
+ Reviewed by Oliver Hunt.
+
+ 0 is not the empty value on 32_64.
+ Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::errorProtoFuncToString):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+ * runtime/StringRecursionChecker.cpp:
+ (JSC::StringRecursionChecker::throwStackOverflowError):
+ (JSC::StringRecursionChecker::emptyString):
+ * runtime/StringRecursionChecker.h:
+ (JSC::StringRecursionChecker::performCheck):
+ (JSC::StringRecursionChecker::earlyReturnValue):
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT, Branch on integer can always be a 32-bit compare.
+ https://bugs.webkit.org/show_bug.cgi?id=69174
+
+ Reviewed by Sam Weinig.
+
+ if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
+ the JSVALUE64 JIT will currently compare all 64bits in the register, but in
+ these cases the DataFormat is always a JS boxed integer. In these cases we
+ can just compare the low 32bits anyway - no need to check the tag.
+ This allows the code to be unified with the JSVALUE32_64 JIT.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-30 Oliver Hunt <oliver@apple.com>
+
+ Need a sensible GGC policy
+
+ Reviewed by Geoff Garen.
+
+ This replaces the existing random collection policy
+ with a deterministic policy based on nursery size.
+
+ * heap/AllocationSpace.cpp:
+ (JSC::AllocationSpace::allocateSlowCase):
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocator):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::nurseryWaterMark):
+ (JSC::MarkedSpace::allocate):
+
+2011-09-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG 32-bit support for op_call and op_construct causes
+ run-javascriptcore-tests to fail
+ https://bugs.webkit.org/show_bug.cgi?id=69171
+
+ Reviewed by Gavin Barraclough.
+
+ This fixes one obvious bug that was causing test failures (no
+ support for dummy slow case for op_add in 32_64), and disables
+ op_call and op_construct by default.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_add):
+ (JSC::JIT::emitSlow_op_add):
+
+2011-09-30 Geoffrey Garen <ggaren@apple.com>
+
+ Crash due to out of bounds read/write in MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=69148
+
+ This was a case of being surprised by a poorly aritulcated cell size limit,
+ plus an incorrect ASSERT guarding the cell size limit.
+
+ Reviewed by Oliver Hunt.
+
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive,
+ since it makes the ranges easier to understand.
+
+ Bumped up the max cell size to support the use case in this bug. Since the
+ atomSize is much bigger than it used to be, there isn't much accounting
+ cost to handling more size classes.
+
+ Switched to FixedArray, to help catch SizeClass indexing bugs in the future.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::resetAllocator):
+ (JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges
+ being inclusive.
+
+2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] Build fix: Qt::escape is deprecated in Qt5
+ https://bugs.webkit.org/show_bug.cgi?id=69162
+
+ Use QString::toHtmlEscaped in the Qt5 case.
+
+ Reviewed by Andreas Kling.
+
+ * JavaScriptCore.pri:
+ * wtf/qt/UtilsQt.h: Added.
+ (escapeHtml):
+ * wtf/wtf.pri:
+
+2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Fix bug in getHostCallReturnValue of DFG JIT on X86
+ https://bugs.webkit.org/show_bug.cgi?id=69133
+
+ Reviewed by Gavin Barraclough.
+
+ We need to insert the additional argument in the stack slot before
+ return address instead of simply pushing it afterwards.
+ Also getHostCallReturnValue* should be attributed as stdcall
+ to make the stack cleaned up by the callee.
+
+ * dfg/DFGOperations.cpp:
+
+2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
+
+ [Qt] wtf header files are unknown to Qt Creator
+ https://bugs.webkit.org/show_bug.cgi?id=69158
+
+ Adding the HEADERS variable in wtf.pri so that
+ the header files can be accessed easily.
+
+ Reviewed by Andreas Kling.
+
+ * wtf/wtf.pri:
+
+2011-09-30 Gavin Barraclough <barraclough@apple.com>
+
+ Merge some more of DFGSpeculativeJIT 32_64/64
+ https://bugs.webkit.org/show_bug.cgi?id=69164
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCodeGenerator64.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileValueAdd):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compileValueAdd):
+ (JSC::DFG::SpeculativeJIT::compileLogicalNot):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-30 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add getCallData to MethodTable in ClassInfo
+ https://bugs.webkit.org/show_bug.cgi?id=69024
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ Added the getCallData to the MethodTable in the ClassInfo struct.
+ * runtime/ClassInfo.h:
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add op_call/op_constructor support to JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69120
+
+ Reviewed by Gavin Barraclough.
+
+ Improve the coverage of JSVALUE32_64 DFG JIT.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::tagOfCallData):
+ (JSC::DFG::payloadOfCallData):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG JIT - register not unlocked after usage in ArithDiv
+ https://bugs.webkit.org/show_bug.cgi?id=69122
+
+ Reviewed by Geoffrey Garen.
+
+ Some allocated register is not unlocked after the usage in ArithDiv.
+ Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK".
+
+ * dfg/DFGNode.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::toObject
+ https://bugs.webkit.org/show_bug.cgi?id=68937
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ De-virtualized JSCell::toObject and changed its implementation to manually check the
+ cases for JSString and JSObject rather than leaving it up to the virtual method call.
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toObject):
+ * runtime/JSCell.h:
+
+ Removed JSNotAnObject::toObject because the case for JSObject works for it.
+ Also removed JSObject::toObject because it was essentially the identity function,
+ which is not necessary since toObject is no longer virtual.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+
+ De-virtualized JSObject::toObject and JSString::toObject.
+ * runtime/JSString.h:
+
+2011-09-29 Gavin Barraclough <barraclough@apple.com>
+
+ Start refactoring DFGSpeculativeJIT
+ https://bugs.webkit.org/show_bug.cgi?id=69112
+
+ Reviewed by Oliver Hunt.
+
+ Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::dump):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ * dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp.
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-29 Gavin Barraclough <barraclough@apple.com>
+
+ Refactor out trivially duplicated code in DFGJITCodeGenerator.
+ https://bugs.webkit.org/show_bug.cgi?id=69109
+
+ Reviewed by Oliver Hunt.
+
+ Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp
+
+ Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code
+ in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp.
+
+ For some function differences are trivial & make more sense to ifdef individually, and some
+ Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ * dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::branchIfNotCell):
+ * dfg/DFGJITCompilerInlineMethods.h:
+
+2011-09-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should infer which uses of a variable are not aliased
+ https://bugs.webkit.org/show_bug.cgi?id=68593
+
+ Reviewed by Oliver Hunt.
+
+ This separates how a variable is stored (i.e. its virtual register)
+ from how it's predicted. Each variable now takes a
+ VariableAccessData as its operand, instead of the virtual register.
+ The VariableAccessData stores the operand and the prediction. If
+ multiple uses of a variable are aliased, their VariableAccessDatas
+ are unified.
+
+ This also adds tracking of which argument values are used. It
+ correctly observes that an argument value is not used, if the
+ argument is assigned to inside the function before being used.
+
+ This also adds tracking of which variables are live at the head of
+ a basic block, and separates that from a variable being live at the
+ tail.
+
+ Finally, this communicates to both OSR entry and OSR exit code how
+ a variable is predicted at a particular point in the code, rather
+ than just communicating how it was predicted in the entire code
+ block (since with this patch there is no longer the notion of a
+ variable having just one prediction for a code block).
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/ActionablePrediction.h: Added.
+ (JSC::actionablePredictionFromPredictedType):
+ (JSC::valueObeysPrediction):
+ (JSC::actionablePredictionToString):
+ (JSC::ActionablePredictions::ActionablePredictions):
+ (JSC::ActionablePredictions::setArgument):
+ (JSC::ActionablePredictions::argument):
+ (JSC::ActionablePredictions::setVariable):
+ (JSC::ActionablePredictions::variable):
+ (JSC::ActionablePredictions::argumentUpperBound):
+ (JSC::ActionablePredictions::variableUpperBound):
+ (JSC::ActionablePredictions::pack):
+ (JSC::ActionablePredictions::packVector):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictionTracker.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::newVariableAccessData):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::nameOfVariableAccessData):
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::operandIsArgument):
+ (JSC::DFG::VariableRecord::setFirstTime):
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVariableAccessData):
+ (JSC::DFG::Node::hasLocal):
+ (JSC::DFG::Node::variableAccessData):
+ (JSC::DFG::Node::local):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::ValueSource):
+ (JSC::DFG::ValueSource::forPrediction):
+ (JSC::DFG::ValueSource::isSet):
+ (JSC::DFG::ValueSource::kind):
+ (JSC::DFG::ValueSource::nodeIndex):
+ (JSC::DFG::ValueSource::nodeIndexFromKind):
+ (JSC::DFG::ValueSource::kindFromNodeIndex):
+ (JSC::DFG::SpeculativeJIT::isKnownArray):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * wtf/PackedIntVector.h: Added.
+ (WTF::PackedIntVector::PackedIntVector):
+ (WTF::PackedIntVector::operator=):
+ (WTF::PackedIntVector::size):
+ (WTF::PackedIntVector::ensureSize):
+ (WTF::PackedIntVector::resize):
+ (WTF::PackedIntVector::clearAll):
+ (WTF::PackedIntVector::get):
+ (WTF::PackedIntVector::set):
+ (WTF::PackedIntVector::mask):
+ * wtf/Platform.h:
+ * wtf/UnionFind.h: Added.
+ (WTF::UnionFind::UnionFind):
+ (WTF::UnionFind::find):
+ (WTF::UnionFind::unify):
+
+2011-09-29 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * heap/AllocationSpace.h:
+
+2011-09-29 Oliver Hunt <oliver@apple.com>
+
+ Add logic to collect dirty objects as roots
+ https://bugs.webkit.org/show_bug.cgi?id=69100
+
+ Reviewed by Geoff Garen.
+
+ This gives us the ability to walk all the MarkedBlocks in an
+ AllocationSpace and collect the dirty objects, and then use
+ them as GC roots.
+
+ I also rearranged the order of these instructions because it
+ makes them smaller on some platforms with some card sizes.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ * heap/AllocationSpace.cpp:
+ Tidy up the write barrier logic a bit.
+ (JSC::MarkedBlock::gatherDirtyObjects):
+ (JSC::TakeIfDirty::returnValue):
+ (JSC::TakeIfDirty::TakeIfDirty):
+ (JSC::TakeIfDirty::operator()):
+ (JSC::AllocationSpace::gatherDirtyObjects):
+ * heap/AllocationSpace.h:
+ * heap/CardSet.h:
+ (JSC::::isCardMarked):
+ (JSC::::clearCard):
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier):
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::setDirtyObject):
+ (JSC::MarkedBlock::addressOfCardFor):
+ * heap/SlotVisitor.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier):
+ Tidy the write barrier a bit.
+
+2011-09-29 Gavin Barraclough <barraclough@apple.com>
+
+ Unreviewed windows build fix.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ * dfg/DFGOperations.h:
+
+2011-09-29 Filip Pizlo <fpizlo@apple.com>
+
+ Structure transitions involving many (> 64) properties sometimes cause structure corruption
+ https://bugs.webkit.org/show_bug.cgi?id=69102
+
+ Reviewed by Darin Adler.
+
+ Made m_offset an int instead of a signed char. Changed the code to ensure that transitions
+ don't lead to the dictionary kind being forgotten.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69058
+
+ Reviewed by Gavin Barraclough.
+
+ Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+
+2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods
+ https://bugs.webkit.org/show_bug.cgi?id=68839
+
+ Reviewed by Geoffrey Garen.
+
+ Removed the remaining visitChildrenVirtual methods. This patch completes the process of
+ de-virtualizing visitChildren.
+
+ * API/JSCallbackObject.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ * runtime/GetterSetter.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSPropertyNameIterator.cpp:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSValue.h:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/Structure.cpp:
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ * runtime/StructureChain.h:
+
+ Inlined the method table access and call to the visitChildren function (the only call sites
+ to visitChildren are here).
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+
+ Changed the field name for the visitChildren function pointer to visitChildren (from
+ visitChildrenFunctionPtr) to make call sites less verbose.
+ * runtime/ClassInfo.h:
+
+ Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but
+ overrides visitChildren, so it needs to have its own ClassInfo.
+ * runtime/JSBoundFunction.cpp:
+ * runtime/JSBoundFunction.h:
+
+ Had to move className up to make sure that the virtual destructor in JSObject wasn't
+ the first non-inline virtual method in JSObject (as per the comment in the file).
+ Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
+ to mitigate the cost of an extra method call.
+
+ Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make
+ call sites more concise. Implementation is inline in JSObject.h.
+ * runtime/JSObject.h:
+ (JSC::JSCell::methodTable):
+ * runtime/JSCell.h:
+
+ Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to
+ appease the vtable gods. It refused to compile if there were no virtual methods in
+ both of these classes due to the presence of a weak vtable pointer.
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::~JSWrapperObject):
+ * runtime/JSWrapperObject.h:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::~ScopeChainNode):
+ * runtime/ScopeChain.h:
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69075
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor
+ https://bugs.webkit.org/show_bug.cgi?id=69054
+
+ Reviewed by Gavin Barraclough.
+
+ size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS.
+
+ * dfg/DFGNode.h:
+
+2011-09-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG checkArgumentTypes fails to check boolean predictions
+ https://bugs.webkit.org/show_bug.cgi?id=69059
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix pt 2 for r96286.
+
+ * assembler/MacroAssemblerCodeRef.h:
+
+2011-09-28 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix attempt for r96286.
+
+ * assembler/MacroAssemblerCodeRef.h:
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT Operations on 32_64 should use stdcall calling convention.
+ https://bugs.webkit.org/show_bug.cgi?id=69046
+
+ Reviewed by Sam Weinig.
+
+ All calls out are expecting stdcall conventions, but the default on OS X are cdecl.
+ Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link
+ directly to std library functions like fmod - leave these calls obeying the default
+ platform calling convention.
+
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+ - Add implicit constructors for std calls.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ - Make this work non-Mac platforms.
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationPutByValInternal):
+ * dfg/DFGOperations.h:
+ - Mark all operations as stdcalls.
+
+2011-09-28 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT falls back on numerical comparisons when it does not
+ recognize a prediction
+ https://bugs.webkit.org/show_bug.cgi?id=68977
+
+ Reviewed by Geoffrey Garen.
+
+ This fixes both the way comparison implementations are selected. It
+ also fixes a bug where comparisons other than equality (like < or >)
+ on objects are compiled as if the comparison was equality.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64
+ https://bugs.webkit.org/show_bug.cgi?id=69026
+
+ Reviewed by Sam Weinig.
+
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::fstpl):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64
+ https://bugs.webkit.org/show_bug.cgi?id=69017
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-28 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64679
+ Fix bugs in Array.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+ - These methods should throw if this value is undefined.
+
+2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Value profiling in baseline JIT for JSVALUE32_64
+ https://bugs.webkit.org/show_bug.cgi?id=68750
+
+ Reviewed by Geoff Garen.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_mul):
+ (JSC::JIT::emit_op_div):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emit_op_call_put_result):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::callWithValueProfiling):
+
+2011-09-28 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Wrong integer checks in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68985
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-09-28 Adam Barth <abarth@webkit.org>
+
+ Remove empty directories.
+
+ * wtf/brew: Removed.
+ * wtf/unicode/brew: Removed.
+
+2011-09-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT cannot compile op_new_object, op_new_array,
+ op_new_array_buffer, or op_new_regexp
+ https://bugs.webkit.org/show_bug.cgi?id=68580
+
+ Reviewed by Oliver Hunt.
+
+ This implements all four opcodes, but has op_new_regexp turns off
+ by default because it unveils some bad speculation logic when
+ compiling string-validate-input.
+
+ With op_new_regexp turned off, this is a 5% win on Kraken and a
+ 0.7% speed-up on V8. Neutral on SunSpider.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::callOperation):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasConstantBuffer):
+ (JSC::DFG::Node::startConstant):
+ (JSC::DFG::Node::numConstants):
+ (JSC::DFG::Node::hasRegexpIndex):
+ (JSC::DFG::Node::regexpIndex):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownArray):
+
+2011-09-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should speculate more aggressively on reads of array.length
+ https://bugs.webkit.org/show_bug.cgi?id=68932
+
+ Reviewed by Oliver Hunt.
+
+ This is a 2% speed-up on Kraken, neutral elsewhere.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-27 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT - merge changes between 95905 - 96175
+ https://bugs.webkit.org/show_bug.cgi?id=68963
+
+ Reviewed by Sam Weinig.
+
+ Merge missing changes from bug#68677, bug#68784, bug#68785.
+
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-27 Gavin Barraclough <barraclough@apple.com>
+
+ Get JSVALUE32_64 DFG JIT building on OS X.
+ https://bugs.webkit.org/show_bug.cgi?id=68961
+
+ Reviewed by Geoff Garen.
+
+ * Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file).
+ * Forward-declare functions in DFGOperations.cpp
+ * UNUSED_PARAM for unused arguments
+ * NO_RETURN for unimplemented function that ASSERT_NOT_REACHED
+ * Fix argument types handled by OpInfo constructor.
+ * Use SYMBOL_STRING instead of STRINGIZE for asm symbols.
+ * Add files to Xcode project.
+
+2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68755
+
+ Reviewed by Gavin Barraclough.
+
+ We need to load/store and repatch both tag and payload of a property
+ for GetById/PutById. Also reorder the loads of tag and payload for
+ GetByOffset as the result tag GPR could reuse the storage GPR.
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchByIdSelfAccess):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-24 Gavin Barraclough <barraclough@apple.com>
+
+ Macro assembler branch8 & 16 methods vary in treatment of upper bits
+ https://bugs.webkit.org/show_bug.cgi?id=68301
+
+ Reviewed by Sam Weinig.
+
+ Fix for branch16 - remove it!
+ No performance impact.
+
+ * assembler/MacroAssembler.h:
+ * assembler/MacroAssemblerARM.h:
+ * assembler/MacroAssemblerARMv7.h:
+ * assembler/MacroAssemblerMIPS.h:
+ * assembler/MacroAssemblerSH4.h:
+ * assembler/MacroAssemblerX86Common.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+
+2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::getCallData
+ https://bugs.webkit.org/show_bug.cgi?id=68741
+
+ Reviewed by Darin Adler.
+
+ In this patch we just extract the bodies of the virtual getCallData methods
+ throughout the JSCell inheritance hierarchy out into static methods, which are
+ now called from the virtual methods. This is an intermediate step in trying to
+ move the virtual-ness of getCallData into our own method table stored in
+ ClassInfo. We need to convert the methods to static methods because static methods
+ can be represented as function pointers rather than pointers to member functions, and
+ function pointers are smaller and faster to call than pointers to member functions.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::getCallDataVirtual):
+ (JSC::JSCallbackFunction::getCallData):
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getCallDataVirtual):
+ (JSC::::getCallData):
+ * API/JSObjectRef.cpp:
+ (JSObjectIsFunction):
+ (JSObjectCallAsFunction):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::getCallDataVirtual):
+ (JSC::ArrayConstructor::getCallData):
+ * runtime/ArrayConstructor.h:
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::getCallDataVirtual):
+ (JSC::BooleanConstructor::getCallData):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::getCallDataVirtual):
+ (JSC::DateConstructor::getCallData):
+ * runtime/DateConstructor.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
+ (JSC::StrictModeTypeErrorFunction::getCallData):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::getCallDataVirtual):
+ (JSC::ErrorConstructor::getCallData):
+ * runtime/ErrorConstructor.h:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::getCallDataVirtual):
+ (JSC::FunctionConstructor::getCallData):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::getCallDataVirtual):
+ (JSC::FunctionPrototype::getCallData):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getCallDataVirtual):
+ (JSC::JSCell::getCallData):
+ * runtime/JSCell.h:
+ (JSC::getCallData):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getCallDataVirtual):
+ (JSC::JSFunction::getCallData):
+ * runtime/JSFunction.h:
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::toJSON):
+ (JSC::Stringifier::appendStringifiedValue):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::getCallDataVirtual):
+ (JSC::NativeErrorConstructor::getCallData):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getCallDataVirtual):
+ (JSC::NumberConstructor::getCallData):
+ * runtime/NumberConstructor.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::getCallDataVirtual):
+ (JSC::ObjectConstructor::getCallData):
+ * runtime/ObjectConstructor.h:
+ * runtime/Operations.cpp:
+ (JSC::jsTypeStringForValue):
+ (JSC::jsIsObjectType):
+ (JSC::jsIsFunctionType):
+ * runtime/PropertySlot.cpp:
+ (JSC::PropertySlot::functionGetter):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::getCallDataVirtual):
+ (JSC::RegExpConstructor::getCallData):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::getCallDataVirtual):
+ (JSC::StringConstructor::getCallData):
+ * runtime/StringConstructor.h:
+
+2011-09-27 Tim Horton <timothy_horton@apple.com>
+
+ Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption
+ https://bugs.webkit.org/show_bug.cgi?id=68816
+ <rdar://problem/10186468>
+
+ Reviewed by Simon Fraser.
+
+ Add ByteArray::clear, which zeros the memory in the ByteArray.
+
+ * wtf/ByteArray.h:
+ (WTF::ByteArray::clear): Added.
+
+2011-09-27 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r96131.
+ http://trac.webkit.org/changeset/96131
+ https://bugs.webkit.org/show_bug.cgi?id=68927
+
+ It made 18+ tests crash on all platform (Requested by
+ Ossy_night on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ * parser/Parser.h:
+ (JSC::Parser::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+
+2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::getPrimitiveNumber
+ https://bugs.webkit.org/show_bug.cgi?id=68851
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+ Changed JSCell::getPrimitiveNumber to manually handle the dispatch for
+ JSCells (JSObject and JSString in this case).
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getPrimitiveNumber):
+ * runtime/JSCell.h:
+
+ Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't
+ matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
+ can cover the case for JSNotAnObject.
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+
+ De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber
+ and changed them to be const. Also made JSString::getPrimitiveNumber public
+ because it needs to be called from JSCell::getPrimitiveNumber and also since it's
+ no longer virtual, we want people who have a more specific pointer (JSString*
+ instead of JSCell*) to not have to pay the cost of a virtual method call.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getPrimitiveNumber):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp:
+ (JSC::JSString::getPrimitiveNumber):
+ * runtime/JSString.h:
+
+2011-09-27 Juan Carlos Montemayor Elosua <j.mont@me.com>
+
+ Implement Error.stack
+ https://bugs.webkit.org/show_bug.cgi?id=66994
+
+ Reviewed by Oliver Hunt.
+
+ This patch utilizes topCallFrame to create a stack trace when
+ an error is thrown. Users will also be able to use the stack()
+ command in jsc to get arrays with stack trace information.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::getCallerLine):
+ (JSC::getSourceURLFromCallFrame):
+ (JSC::getStackFrameCodeType):
+ (JSC::Interpreter::getStackTrace):
+ (JSC::Interpreter::throwException):
+ * interpreter/Interpreter.h:
+ (JSC::StackFrame::toString):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (functionJSCStack):
+ * parser/Parser.h:
+ (JSC::Parser::parse):
+ * runtime/CommonIdentifiers.h:
+ * runtime/Error.cpp:
+ (JSC::addErrorInfo):
+ * runtime/Error.h:
+
+2011-09-27 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Reorganize header files
+ https://bugs.webkit.org/show_bug.cgi?id=65616
+
+ Reviewed by Martin Robinson.
+
+ Install header files under $libwebkitgtkincludedir/JavaScriptCore.
+
+ * GNUmakefile.am: Use $libwebkitgtkincludedir.
+ * javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir.
+
+2011-09-26 Geoffrey Garen <ggaren@apple.com>
+
+ REGRESSION (r95912): Conservative marking doesn't filter out pointers to
+ MarkedBlock metadata
+ https://bugs.webkit.org/show_bug.cgi?id=68860
+
+ Reviewed by Oliver Hunt.
+
+ Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask
+ because the mask doesn't produce the actual atom number.
+
+ (JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good
+ enough; we also need to test that a pointer is beyond the metadata section
+ of a MarkedBlock, to avoid treating random metadata as a JSCell.
+
+2011-09-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Make JSCell::toBoolean non-virtual
+ https://bugs.webkit.org/show_bug.cgi?id=67727
+
+ Reviewed by Geoffrey Garen.
+
+ JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
+ before it was simply virtual and would crash if its implementation was called).
+ Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
+ explicitly covers all cases of toBoolean, so having a virtual implementation of
+ JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ (JSC::JSCell::toBoolean):
+ (JSC::JSValue::toBoolean):
+
+2011-09-26 Chris Marrin <cmarrin@apple.com>
+
+ Enable requestAnimationFrame on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=68397
+
+ Reviewed by Simon Fraser.
+
+ Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows
+
+ * wtf/Platform.h:
+
+2011-09-26 Noel Gordon <noel.gordon@gmail.com>
+
+ [Chromium] Remove DFGAliasTracker.h references from gyp project files
+ https://bugs.webkit.org/show_bug.cgi?id=68787
+
+ Reviewed by Geoffrey Garen.
+
+ DFG/DFGAliasTracker.h was removed in r95389. Cleanup (remove) references
+ to that file from the gyp project files.
+
+ * JavaScriptCore.gypi:
+
+2011-09-26 Zoltan Herczeg <zherczeg@webkit.org>
+
+ [Qt]REGRESSION(r95865): It made 4 tests crash
+ https://bugs.webkit.org/show_bug.cgi?id=68780
+
+ Reviewed by Oliver Hunt.
+
+ emitJumpSlowCaseIfNotJSCell(...) cannot be moved
+ away since the next load depends on it.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+
+2011-09-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add custom vtable struct to ClassInfo struct
+ https://bugs.webkit.org/show_bug.cgi?id=68567
+
+ Reviewed by Oliver Hunt.
+
+ Declared/defined the MethodTable struct and added it to the ClassInfo struct.
+ Also defined the CREATE_METHOD_TABLE macro to generate these method tables
+ succinctly where they need to be defined.
+
+ Also added to it the first function to use this macro, visitChildren.
+
+ This is part of the process of getting rid of all C++ virtual methods in JSCell.
+ Eventually all virtual functions in JSCell that can't easily be converted to
+ non-virtual functions will be put into this custom vtable structure.
+ * runtime/ClassInfo.h:
+
+ Added the CREATE_METHOD_TABLE macro call as the last argument to each of the
+ ClassInfo structs declared in these classes. This saves us from having to visit
+ each s_info definition in the future when we add more methods to the MethodTable.
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackObject.cpp:
+ * JavaScriptCore.exp:
+ * runtime/Arguments.cpp:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/BooleanObject.cpp:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DatePrototype.cpp:
+ * runtime/ErrorInstance.cpp:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/ExceptionHelpers.cpp:
+ * runtime/Executable.cpp:
+ * runtime/GetterSetter.cpp:
+ * runtime/InternalFunction.cpp:
+ * runtime/JSAPIValueWrapper.cpp:
+ * runtime/JSActivation.cpp:
+ * runtime/JSArray.cpp:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSFunction.cpp:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSONObject.cpp:
+ * runtime/JSObject.cpp:
+ * runtime/JSPropertyNameIterator.cpp:
+ * runtime/JSString.cpp:
+ * runtime/MathObject.cpp:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberObject.cpp:
+ * runtime/NumberPrototype.cpp:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/RegExp.cpp:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/ScopeChain.cpp:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringObject.cpp:
+ * runtime/StringPrototype.cpp:
+ * runtime/Structure.cpp:
+ * runtime/StructureChain.cpp:
+
+ Had to make visitChildren and visitChildrenVirtual protected instead of private
+ because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
+ visitChildren function pointer in their vtable since they don't provide their own
+ implementation. Same for RegExpObject.
+ * runtime/JSWrapperObject.h:
+ * runtime/RegExpObject.h:
+
+2011-09-25 Adam Barth <abarth@webkit.org>
+
+ Finish removing PLATFORM(BREWMP) by removing associated code
+ https://bugs.webkit.org/show_bug.cgi?id=68779
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+ * wscript:
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMallocSize):
+ * wtf/Vector.h:
+ * wtf/brew: Removed.
+ * wtf/brew/MainThreadBrew.cpp: Removed.
+ * wtf/brew/OwnPtrBrew.cpp: Removed.
+ * wtf/brew/RefPtrBrew.h: Removed.
+ * wtf/brew/ShellBrew.h: Removed.
+ * wtf/brew/StringBrew.cpp: Removed.
+ * wtf/brew/SystemMallocBrew.h: Removed.
+ * wtf/unicode/brew: Removed.
+ * wtf/unicode/brew/UnicodeBrew.cpp: Removed.
+ * wtf/unicode/brew/UnicodeBrew.h: Removed.
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not count speculation successes correctly
+ https://bugs.webkit.org/show_bug.cgi?id=68785
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGOperations.cpp:
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG support for op_resolve_global is not enabled
+ https://bugs.webkit.org/show_bug.cgi?id=68786
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG static prediction code is no longer needed and should be removed
+ https://bugs.webkit.org/show_bug.cgi?id=68784
+
+ Reviewed by Oliver Hunt.
+
+ This gets rid of static prediction code, and ensures that we do not
+ try to compile code where dynamic predictions are not available.
+ This is accomplished by immediately performing an OSR exit wherever
+ a value is retrieved for which no predictions exist.
+
+ This also adds value profiling for this on functions used for calls.
+
+ The heuristics for deciding when to optimize code are also tweaked,
+ since it is now profitable to optimize sooner. This may need to be
+ tweaked further, but this patch only makes minimal changes.
+
+ This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
+ overall win on Kraken. It's neutral elsewhere.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ (JSC::isCellPrediction):
+ (JSC::isObjectPrediction):
+ (JSC::isFinalObjectPrediction):
+ (JSC::isStringPrediction):
+ (JSC::isArrayPrediction):
+ (JSC::isInt32Prediction):
+ (JSC::isDoublePrediction):
+ (JSC::isNumberPrediction):
+ (JSC::isBooleanPrediction):
+ (JSC::mergePredictions):
+ * bytecode/PredictionTracker.h:
+ (JSC::PredictionTracker::predictArgument):
+ (JSC::PredictionTracker::predict):
+ (JSC::PredictionTracker::predictGlobalVar):
+ * bytecode/ValueProfile.cpp:
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::getPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::getMethodCheckPrediction):
+ (JSC::DFG::Graph::getJSConstantPrediction):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::valueOfJSConstantNode):
+ (JSC::DFG::Node::isInt32Constant):
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::isNumberConstant):
+ (JSC::DFG::Node::isBooleanConstant):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::isPredictedNumerical):
+ (JSC::DFG::Propagator::logicalNotIsPure):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
+ (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT Construct opcode takes a this argument even though it's
+ not passed
+ https://bugs.webkit.org/show_bug.cgi?id=68782
+
+ Reviewed by Oliver Hunt.
+
+ This is performance-neutral, mostly. It's a slight speed-up on
+ v8-splay.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-09-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG tracking of the value in cachedResultRegister does not handle
+ op_mov correctly
+ https://bugs.webkit.org/show_bug.cgi?id=68781
+
+ Reviewed by Oliver Hunt.
+
+ This takes the simplest approach: it makes the old JIT dumber rather
+ than making the DFG JIT smarter. This is performance-neutral.
+
+ * jit/JIT.h:
+ (JSC::JIT::canBeOptimized):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_mov):
+
+2011-09-25 Adam Barth <abarth@webkit.org>
+
+ Remove PLATFORM(HAIKU) and associated code
+ https://bugs.webkit.org/show_bug.cgi?id=68774
+
+ Reviewed by Sam Weinig.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+ * heap/MachineStackMarker.cpp:
+ * wtf/PageAllocation.h:
+ * wtf/Platform.h:
+ * wtf/StackBounds.cpp:
+ * wtf/haiku: Removed.
+ * wtf/haiku/MainThreadHaiku.cpp: Removed.
+ * wtf/haiku/StringHaiku.cpp: Removed.
+ * wtf/text/WTFString.h:
+
+2011-09-24 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(OFFLINE_WEB_APPLICATIONS)
+ https://bugs.webkit.org/show_bug.cgi?id=68767
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-24 Filip Pizlo <fpizlo@apple.com>
+
+ JIT implementation of put_by_val increments m_length instead of setting
+ it to index+1
+ https://bugs.webkit.org/show_bug.cgi?id=68766
+
+ Reviewed by Geoffrey Garen.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+
+2011-09-24 Geoffrey Garen <ggaren@apple.com>
+
+ More build fixage.
+
+ * heap/ConservativeRoots.cpp: Our system of #includes, it is chaos.
+
+2011-09-24 Filip Pizlo <fpizlo@apple.com>
+
+ The DFG should not attempt to guess types in the absence of value
+ profiles
+ https://bugs.webkit.org/show_bug.cgi?id=68677
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ForceOSRExit node, which is ignored by the propagator
+ and virtual register allocator (and hence ensuring that liveness analysis
+ works correctly), but forces terminateSpeculativeExecution() in the
+ back-end. This appears to be a slight speed-up on benchmark averages,
+ with ~5% swings on individual benchmarks, in both directions. But it's
+ never a regression on any average, and appears to be a ~1% progression
+ in the SunSpider average.
+
+ This also adds a bit better debugging support in the old JIT and in DFG,
+ as this was necessary to debug the much more frequent OSR transitions
+ that occur with this change.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+
+2011-09-24 Geoffrey Garen <ggaren@apple.com>
+
+ Some Windows build fixage.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::sweep):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isLive): Show the compiler that all control paths
+ return a value. There, there, compiler. Everything's going to be OK.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::setVPtr): Oops! Unrename this function.
+
+2011-09-24 Geoffrey Garen <ggaren@apple.com>
+
+ Allocate new objects unmarked
+ https://bugs.webkit.org/show_bug.cgi?id=68764
+
+ Reviewed by Oliver Hunt.
+
+ This is a pre-requisite to using the mark bit to determine object age.
+
+ ~2% v8 speedup, mostly due to a 12% v8-splay speedup.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isLive):
+ (JSC::MarkedBlock::isLiveCell): These two functions are the reason for
+ this patch. They can now determine object liveness without relying on
+ newly allocated objects having their mark bits set. Each MarkedBlock
+ now has a state variable that tells us how to determine whether its
+ cells are live. (This new state variable supercedes the old one about
+ destructor state. The rest of this patch is just refactoring to support
+ the invariants of this new state variable without introducing a
+ performance regression.)
+
+ (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
+ state when a block becomes fully allocated.
+
+ (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
+ this function because, logically, clearing all mark bits is the first
+ step in saying "mark bits now exactly reflect object liveness".
+
+ (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
+ that this function only tells you about the mark bits, so it's only
+ meaningful if you've put the mark bits into a meaningful state before
+ calling it.
+
+ (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
+ instead of testing mark bits, since mark bits are not always the right
+ way to find out if an object is live anymore. (New objects are live, but
+ not marked.)
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::recycle):
+ (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
+ initialization when recycling an old block -- into the MarkedBlock
+ constructor, for simplicity.
+
+ (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
+ a zapped cell before running a destructor, and always zap after
+ running a destructor. This does not seem to be expensive, and the
+ alternative just creates a too-confusing matrix of possible cell states
+ ((zombie undestructed cell + zombie destructed cell + zapped destructed
+ cell) * 5! permutations for progressing through block states = "Oh my!").
+
+ (JSC::MarkedBlock::specializedSweep):
+ (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
+ optimization to use template specialization to constant fold lots of
+ branches and elide certain operations entirely during a sweep. Merged
+ four or five functions that were logically about sweeping into this one
+ function pair, so there's only one way to do things now, it's
+ automatically correct, and it's always fast.
+
+ (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
+ about exactly what it does, and to honor the new block state system.
+
+ * heap/AllocationSpace.cpp:
+ (JSC::AllocationSpace::allocateBlock): Updated for rename.
+
+ (JSC::AllocationSpace::freeBlocks): Updated for changed interface.
+
+ (JSC::TakeIfUnmarked::TakeIfUnmarked):
+ (JSC::TakeIfUnmarked::operator()):
+ (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
+ to clarify that this functor only tests the mark bits, so it's only
+ valid if you've put the mark bits into a meaningful state before
+ calling it.
+
+ (JSC::AllocationSpace::shrink): Updated for rename.
+
+ * heap/AllocationSpace.h:
+ (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
+ little more specific about what we're making canonical.
+
+ (JSC::AllocationSpace::forEachCell): Updated for rename.
+
+ (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
+ liveness data before iterating blocks -- clients that want iterated
+ blocks to have valid cell lieveness data should make this call for
+ themselves. (And not all clients want it.)
+
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
+ obsolete comment.
+
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
+ because clearMarks() now does that implicitly.
+
+ (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
+ tear-down tests cell liveness when running destructors.
+
+ (JSC::Heap::markRoots):
+ (JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
+ and into collect, since it strictly depends on root marking, and does
+ not contribute to root marking.
+
+ (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
+ specific about what we're making canonical.
+
+ * heap/Heap.h:
+ (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
+ data before iterating protected cells, since we know they're all live,
+ and don't need to test for it.
+
+ * heap/Local.h:
+ (JSC::::set): Can't make the same ASSERT we used to because we just don't
+ have the mark bits for it anymore. Perhaps we can bring this ASSERT back
+ in a weaker form in the future.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::addBlock):
+ (JSC::MarkedSpace::removeBlock): Updated for interface change.
+ (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
+ specific about what we're making canonical.
+
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+ (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
+ functionality a bit. We now track only one block -- "currentBlock" --
+ and rely on its internal state to know whether it has more cells to
+ allocate.
+
+ * heap/Weak.h:
+ (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
+ have the mark bits for it anymore. Perhaps we can bring this ASSERT back
+ in a weaker form in the future.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::vptr):
+ (JSC::JSCell::zap):
+ (JSC::JSCell::isZapped):
+ (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
+ In the future, exactly how a JSCell zaps itself will change, as the
+ internal representation of JSCell changes.
+
+2011-09-24 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should not eagerly initialize integer tags in the register file
+ https://bugs.webkit.org/show_bug.cgi?id=68763
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
+ (JSC::DFG::OSRExit::operandForArgument):
+ (JSC::DFG::OSRExit::operandForIndex):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+
+2011-09-23 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ Add JSVALUE32_64 support to DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=67460
+
+ Reviewed by Gavin Barraclough.
+
+ This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
+ It's tested on IA32 Linux EFL port currently. It still cannot run
+ all the test cases and benchmarks so should be turned off now.
+
+ The major work includes:
+ 1) dealing with JSVALUE32_64 data format in DFG JIT;
+ 2) bindings between 64-bit JS Value and 32-bit registers;
+ 3) handling of function calls. Currently for DFG operation function
+ calls we follow the X86 cdecl calling convention on Linux, and the
+ implementation is in a naive way by pushing the arguments into stack
+ one by one.
+
+ The known issues include:
+ 1) some code duplicates unnecessarily, especially in Speculative JIT
+ code generation, where most of the operations on SpeculataInteger /
+ SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
+ is needed in the future;
+ 2) lack of op_call and op_construct support, comparing to current
+ JSVALUE64 DFG;
+ 3) currently integer speculations assume to be StrictInt32;
+ 4) lack of JSBoolean speculations;
+ 5) boxing and unboxing doubles could be improved;
+ 6) DFG X86 register description is different with the baseline JIT,
+ the timeoutCheckRegister is used for general purpose usage;
+ 7) calls to runtime functions with primitive double parameters (e.g.
+ fmod) don't work. Support needs to be added to the assembler to
+ implement the mechanism of passing double parameters for X86 cdecl
+ convention.
+
+ And there should be many other hidden bugs which should be exposed and
+ resolved in later debugging process.
+
+ * CMakeListsEfl.txt:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::loadDouble):
+ (JSC::MacroAssemblerX86::storeDouble):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movsd_rm):
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGFPRInfo.h:
+ (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::needDataFormatConversion):
+ (JSC::DFG::GenerationInfo::initJSValue):
+ (JSC::DFG::GenerationInfo::initDouble):
+ (JSC::DFG::GenerationInfo::gpr):
+ (JSC::DFG::GenerationInfo::tagGPR):
+ (JSC::DFG::GenerationInfo::payloadGPR):
+ (JSC::DFG::GenerationInfo::fpr):
+ (JSC::DFG::GenerationInfo::fillJSValue):
+ (JSC::DFG::GenerationInfo::fillCell):
+ (JSC::DFG::GenerationInfo::fillDouble):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::allocate):
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::registersMatched):
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::addressOfDoubleConstant):
+ (JSC::DFG::integerResult):
+ (JSC::DFG::jsValueResult):
+ (JSC::DFG::setupResults):
+ (JSC::DFG::callOperation):
+ (JSC::JSValueOperand::JSValueOperand):
+ (JSC::JSValueOperand::~JSValueOperand):
+ (JSC::JSValueOperand::isDouble):
+ (JSC::JSValueOperand::fill):
+ (JSC::JSValueOperand::tagGPR):
+ (JSC::JSValueOperand::payloadGPR):
+ (JSC::JSValueOperand::fpr):
+ (JSC::GPRTemporary::~GPRTemporary):
+ (JSC::GPRTemporary::gpr):
+ (JSC::GPRResult2::GPRResult2):
+ * dfg/DFGJITCodeGenerator32_64.cpp: Added.
+ (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::fillStorage):
+ (JSC::DFG::JITCodeGenerator::useChildren):
+ (JSC::DFG::JITCodeGenerator::isStrictInt32):
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ (JSC::DFG::JITCodeGenerator::isKnownCell):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ (JSC::DFG::JITCodeGenerator::speculationCheck):
+ (JSC::DFG::dataFormatString):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCompiler.cpp:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::tagForGlobalVar):
+ (JSC::DFG::JITCompiler::payloadForGlobalVar):
+ (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
+ (JSC::DFG::JITCompiler::addressOfDoubleConstant):
+ (JSC::DFG::JITCompiler::boxDouble):
+ (JSC::DFG::JITCompiler::unboxDouble):
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGJITCompiler32_64.cpp: Added.
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ (JSC::DFG::JITCompiler::jitAssertIsInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
+ (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ (JSC::DFG::JITCompiler::emitCount):
+ (JSC::DFG::JITCompiler::setSamplingFlag):
+ (JSC::DFG::JITCompiler::clearSamplingFlag):
+ * dfg/DFGJITCompilerInlineMethods.h: Added.
+ (JSC::DFG::JITCompiler::emitLoadTag):
+ (JSC::DFG::JITCompiler::emitLoadPayload):
+ (JSC::DFG::JITCompiler::emitLoad):
+ (JSC::DFG::JITCompiler::emitLoad2):
+ (JSC::DFG::JITCompiler::emitLoadDouble):
+ (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
+ (JSC::DFG::JITCompiler::emitStore):
+ (JSC::DFG::JITCompiler::emitStoreInt32):
+ (JSC::DFG::JITCompiler::emitStoreCell):
+ (JSC::DFG::JITCompiler::emitStoreBool):
+ (JSC::DFG::JITCompiler::emitStoreDouble):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueRecovery::inGPR):
+ (JSC::DFG::ValueRecovery::inPair):
+ (JSC::DFG::ValueRecovery::tagGPR):
+ (JSC::DFG::ValueRecovery::payloadGPR):
+ * dfg/DFGSpeculativeJIT32_64.cpp: Added.
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::OSRExit::dump):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileMovHint):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * runtime/JSValue.h:
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ wtf/BitVector.h has a variety of bugs which manifest when the
+ vector grows beyond 63 bits
+ https://bugs.webkit.org/show_bug.cgi?id=68746
+
+ Reviewed by Oliver Hunt.
+
+ Out-of-lined slow path code in BitVector so that not every user
+ of CodeBlock ends up having to compile it. Fixed a variety of
+ index computation and size computation bugs.
+
+ I have not seen these issues manifest themselves, but they are
+ blocking a patch that uses BitVector more aggressively.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/BitVector.cpp: Added.
+ (BitVector::BitVector):
+ (BitVector::operator=):
+ (BitVector::resize):
+ (BitVector::clearAll):
+ (BitVector::OutOfLineBits::create):
+ (BitVector::OutOfLineBits::destroy):
+ (BitVector::resizeOutOfLine):
+ * wtf/BitVector.h:
+ (WTF::BitVector::ensureSize):
+ (WTF::BitVector::get):
+ (WTF::BitVector::set):
+ (WTF::BitVector::clear):
+ (WTF::BitVector::byteCount):
+ (WTF::BitVector::OutOfLineBits::numWords):
+ (WTF::BitVector::OutOfLineBits::bits):
+ (WTF::BitVector::outOfLineBits):
+ * wtf/CMakeLists.txt:
+ * wtf/wtf.pri:
+
+2011-09-23 Adam Klein <adamk@chromium.org>
+
+ Add ENABLE_MUTATION_OBSERVERS feature flag
+ https://bugs.webkit.org/show_bug.cgi?id=68732
+
+ Reviewed by Ojan Vafai.
+
+ This flag will guard an implementation of the "Mutation Observers" proposed in
+ http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ De-virtualize JSCell::getJSNumber
+ https://bugs.webkit.org/show_bug.cgi?id=68651
+
+ Reviewed by Oliver Hunt.
+
+ Added a new JSType to check whether or not something is a
+ NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not
+ currently a better way to determine whether something is indeed a NumberObject.
+ Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo
+ for whether the object is a NumberObject or not. This patch is part of
+ the larger process of de-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getJSNumber):
+ * runtime/JSCell.h:
+ (JSC::JSValue::getJSNumber):
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::isNumberObject):
+ * runtime/JSValue.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::getJSNumber):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ Resolve opcodes should have value profiling.
+ https://bugs.webkit.org/show_bug.cgi?id=68723
+
+ Reviewed by Oliver Hunt.
+
+ This adds value profiling to all forms of op_resolve in the
+ old JIT, and patches that information into the DFG along with
+ performing the appropriate type propagation.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::resolveGlobalDataIndex):
+ (JSC::DFG::Node::hasPrediction):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_resolve_with_this):
+ (JSC::JIT::emitSlow_op_resolve_global_dynamic):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::callWithValueProfiling):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-23 Gavin Barraclough <barraclough@apple.com>
+
+ Strict mode does not work in non-trivial nested functions.
+ https://bugs.webkit.org/show_bug.cgi?id=68740
+
+ Reviewed by Oliver Hunt.
+
+ Function-info caching does not preserve all state that it should.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::Scope::saveFunctionInfo):
+ (JSC::JSParser::Scope::restoreFunctionInfo):
+ (JSC::JSParser::parseFunctionInfo):
+ * parser/SourceProviderCacheItem.h:
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED
+ https://bugs.webkit.org/show_bug.cgi?id=68724
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-09-23 Filip Pizlo <fpizlo@apple.com>
+
+ DFG implementation of PutScopedVar corrupts register allocation
+ https://bugs.webkit.org/show_bug.cgi?id=68735
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Make write barriers actually do something when enabled
+ https://bugs.webkit.org/show_bug.cgi?id=68717
+
+ Reviewed by Geoffrey Garen.
+
+ Add a basic card marking style write barrier to JSC (currently
+ turned off). This requires two scratch registers in the JIT
+ so there was some register re-arranging to satisfy that requirement.
+ Happily this produced a minor perf bump in sunspider (~0.5%).
+
+ Turning the barriers on causes an overall regression of around 1.5%
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::store8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movb_i8m):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotCell):
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::markCellCard):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/CardSet.h: Added.
+ (JSC::CardSet::CardSet):
+ (JSC::::cardForAtom):
+ (JSC::::cardMarkedForAtom):
+ (JSC::::markCardForAtom):
+ * heap/Heap.cpp:
+ * heap/Heap.h:
+ (JSC::Heap::addressOfCardFor):
+ (JSC::Heap::writeBarrierFastCase):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::setDirtyObject):
+ (JSC::MarkedBlock::addressOfCardFor):
+ (JSC::MarkedBlock::offsetOfCards):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+ (JSC::JIT::emitWriteBarrier):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+
+2011-09-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=68077
+ SH4 assemblers doesn't refer to executable memory handle.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::branch8):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::executableCopy):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ PutScopedVar nodes should report that it has a var number
+ https://bugs.webkit.org/show_bug.cgi?id=68721
+
+ Reviewed by Anders Carlsson.
+
+ Another assertion fix.
+
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVarNumber):
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Add a bunch of unhandled node types to the propagator
+ https://bugs.webkit.org/show_bug.cgi?id=68716
+
+ Reviewed by Darin Adler.
+
+ Remove the ASSERT_NOT_REACHED() default for debug builds in the
+ prediction propagator, this way unhandled nodes will just cause
+ compile time failures rather than failing at some point in the
+ future.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add static version of JSCell::visitChildren
+ https://bugs.webkit.org/show_bug.cgi?id=68404
+
+ Reviewed by Darin Adler.
+
+ In this patch we just extract the bodies of the virtual visitChildren methods
+ throughout the JSCell inheritance hierarchy out into static methods, which are
+ now called from the virtual methods. This is an intermediate step in trying to
+ move the virtual-ness of visitChildren into our own custom vtable stored in
+ ClassInfo. We need to convert the methods to static methods in order to be
+ able to more easily store and refer to them in our custom vtable since normal
+ member methods store some implicit information in their types, making it
+ impossible to store them generically in ClassInfo.
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::visitChildrenVirtual):
+ (JSC::JSCallbackObject::visitChildren):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildrenVirtual):
+ (JSC::DebuggerActivation::visitChildren):
+ * debugger/DebuggerActivation.h:
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildrenVirtual):
+ (JSC::Arguments::visitChildren):
+ * runtime/Arguments.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildrenVirtual):
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildrenVirtual):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildrenVirtual):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildrenVirtual):
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildrenVirtual):
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildrenVirtual):
+ (JSC::JSArray::visitChildren):
+ * runtime/JSArray.h:
+ * runtime/JSBoundFunction.cpp:
+ (JSC::JSBoundFunction::visitChildrenVirtual):
+ (JSC::JSBoundFunction::visitChildren):
+ * runtime/JSBoundFunction.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::visitChildrenVirtual):
+ (JSC::JSCell::visitChildren):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildrenVirtual):
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildrenVirtual):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildrenVirtual):
+ (JSC::JSObject::visitChildren):
+ * runtime/JSObject.h:
+ (JSC::JSObject::visitChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildrenVirtual):
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildrenVirtual):
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildrenVirtual):
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/JSWrapperObject.h:
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildrenVirtual):
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildrenVirtual):
+ (JSC::RegExpObject::visitChildren):
+ * runtime/RegExpObject.h:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildrenVirtual):
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::visitChildrenVirtual):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildrenVirtual):
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+
+2011-09-23 Oliver Hunt <oliver@apple.com>
+
+ Node propagation doesn't handle PutScopedVar
+ https://bugs.webkit.org/show_bug.cgi?id=68713
+
+ Reviewed by Sam Weinig.
+
+ This was causing assertion failures.
+
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+
+2011-09-23 Anders Carlsson <andersca@apple.com>
+
+ Make sure to define OVERRIDE and FINAL for older builds of clang.
+
+ * wtf/Compiler.h:
+
+2011-09-23 Gavin Barraclough <barraclough@apple.com>
+
+ Implement op_resolve_global in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68704
+
+ Reviewed by Oliver Hunt.
+
+ This is performance neutral, but increases coverage.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::resolveInfoIndex):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-23 Mark Rowe <mrowe@apple.com>
+
+ Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h.
+
+ * wtf/Platform.h:
+
+2011-09-22 Anders Carlsson <andersca@apple.com>
+
+ We should add support for OVERRIDE and FINAL annotations
+ https://bugs.webkit.org/show_bug.cgi?id=68654
+
+ Reviewed by David Hyatt.
+
+ Add OVERRIDE and FINAL macros for compilers that support them.
+
+ * wtf/Compiler.h:
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ GetScopedVar should have value profiling
+ https://bugs.webkit.org/show_bug.cgi?id=68676
+
+ Reviewed by Oliver Hunt.
+
+ Added GetScopedVar value profiling and predictin propagation.
+ Added GetScopeChain to CSE.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasPrediction):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::getScopeChainLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ PPC build fix, part 3.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ Another PPC build fix.
+
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+
+2011-09-22 Dean Jackson <dino@apple.com>
+
+ Add ENABLE_CSS_FILTERS
+ https://bugs.webkit.org/show_bug.cgi?id=68652
+
+ Reviewed by Simon Fraser.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Incorrect this value passed to callbacks.
+ https://bugs.webkit.org/show_bug.cgi?id=68668
+
+ Reviewed by Oliver Hunt.
+
+ From Array/String prototype function. Should be undefined, but
+ global object is passed instead (this is visible for strict callbacks).
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ * runtime/JSArray.cpp:
+ (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
+ (JSC::JSArray::sort):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Function.prototype.bind.length shoudl be 1.
+
+ Rubber stamped by Olier Hunt.
+
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ PPC build fix.
+
+ * bytecode/CodeBlock.h:
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix pt. 2
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix pt. 1
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not support to_primitive or strcat
+ https://bugs.webkit.org/show_bug.cgi?id=68582
+
+ Reviewed by Darin Adler.
+
+ This adds functional support for to_primitive and strcat. It focuses
+ on minimizing the amount of code emitted on to_primitive (if we know
+ that it is a primitive or can speculate cheaply, then we omit the
+ slow path) and on keeping the implementation of strcat simple while
+ leveraging whatever optimizations we have already. In particular,
+ unlike the Call and Construct nodes which require extending the size
+ of the DFG's callee registers, StrCat takes advantage of the fact
+ that no JS code can run while StrCat is in progress and uses a
+ scratch buffer, rather than the register file, to store the list of
+ values to concatenate. This was done mainly to keep the code simple,
+ but there are probably other benefits to keeping call frame sizes
+ down. Essentially, this patch ensures that the presence of an
+ op_strcat does not mess up any other optimizations we might do while
+ ensuring that if you do execute it, it'll work about as well as you'd
+ expect.
+
+ When combined with the previous patch for integer division, this is a
+ 14% speed-up on Kraken. Without it, it would have been a 2% loss.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::scratchBufferForSize):
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should support integer division
+ https://bugs.webkit.org/show_bug.cgi?id=68597
+
+ Reviewed by Darin Adler.
+
+ This adds support for ArithDiv speculating integer, and speculating
+ that the result is integer (i.e. remainder = 0).
+
+ This is a 4% win on Kraken and a 1% loss on V8.
+
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeDivSafe):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_div):
+
+2011-09-22 Oliver Hunt <oliver@apple.com>
+
+ Implement put_scoped_var in the DFG jit
+ https://bugs.webkit.org/show_bug.cgi?id=68653
+
+ Reviewed by Gavin Barraclough.
+
+ Naive implementation of put_scoped_var. Same story as the
+ get_scoped_var implementation, although I've hoisted scope
+ object acquisition into a separate dfg node. Ideally in the
+ future we would reuse the resolved scope chain object, but
+ for now we don't.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasScopeChainDepth):
+ (JSC::DFG::Node::scopeChainDepth):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-22 Gavin Barraclough <barraclough@apple.com>
+
+ Implement Function.prototype.bind
+ https://bugs.webkit.org/show_bug.cgi?id=26382
+
+ Reviewed by Sam Weinig.
+
+ This patch provides a basic functional implementation
+ for Function.bind. It should (hopefully!) be fully
+ functionally correct, and the bound functions can be
+ called to quickly (since they are a subclass of
+ JSFunction, not InternalFunction), but we'll probably
+ want to follow up with some optimization work to keep
+ bound calls in JIT code.
+
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * jsc.cpp:
+ (GlobalObject::addFunction):
+ * runtime/CommonIdentifiers.h:
+ * runtime/ConstructData.h:
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::NativeExecutable):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+ (JSC::functionProtoFuncBind):
+ * runtime/FunctionPrototype.h:
+ * runtime/JSBoundFunction.cpp: Added.
+ (JSC::boundFunctionCall):
+ (JSC::boundFunctionConstruct):
+ (JSC::JSBoundFunction::create):
+ (JSC::JSBoundFunction::hasInstance):
+ (JSC::JSBoundFunction::getOwnPropertySlot):
+ (JSC::JSBoundFunction::getOwnPropertyDescriptor):
+ (JSC::JSBoundFunction::JSBoundFunction):
+ (JSC::JSBoundFunction::finishCreation):
+ * runtime/JSBoundFunction.h: Added.
+ (JSC::JSBoundFunction::targetFunction):
+ (JSC::JSBoundFunction::boundThis):
+ (JSC::JSBoundFunction::boundArgs):
+ (JSC::JSBoundFunction::createStructure):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ (JSC::JSFunction::finishCreation):
+ (JSC::createDescriptorForThrowingProperty):
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::boundFunctionStructure):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+
+2011-09-22 Oliver Hunt <oliver@apple.com>
+
+ Implement get_scoped_var in the DFG
+ https://bugs.webkit.org/show_bug.cgi?id=68640
+
+ Reviewed by Gavin Barraclough.
+
+ Naive implementation of get_scoped_var in the DFG. Essentially this
+ is the bare minimum required to get correct behaviour, so there's no
+ load/store coalescing or type profiling involved, even though these
+ would be wins. No impact on SunSpider or V8.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVarNumber):
+ (JSC::DFG::Node::hasScopeChainDepth):
+ (JSC::DFG::Node::scopeChainDepth):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-22 Adam Roben <aroben@apple.com>
+
+ Remove FindSafari from all our .sln files
+
+ It isn't used anymore, so there's no point in building it.
+
+ Part of <http://webkit.org/b/68628> Remove FindSafari
+
+ Reviewed by Steve Falkenburg.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln:
+
+2011-09-22 Filip Pizlo <fpizlo@apple.com>
+
+ 32-bit call code clobbers the function cell tag
+ https://bugs.webkit.org/show_bug.cgi?id=68606
+
+ Reviewed by Csaba Osztrogonác.
+
+ This is a minimalistic fix: it simply emits code to restore the
+ cell tag on the slow path, if we know that we failed due to
+ emitCallIfNotType.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallVarargsSlowCase):
+ (JSC::JIT::compileOpCallSlowCase):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Add missing addPtr->add32 mapping for X86.
+
+ Rubber stamped by Sam Weinig.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::addPtr):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Add missing addDouble for AbsoluteAddress to X86
+
+ Rubber stamped by Geoff Garen.
+
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::addDouble):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::addsd_mr):
+ (JSC::X86Assembler::cvtsi2sd_rr):
+ (JSC::X86Assembler::cvtsi2sd_mr):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix following fix for bug #68586.
+
+ * jit/JIT.cpp:
+ * jit/JITInlineMethods.h:
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should be able to compile op_throw
+ https://bugs.webkit.org/show_bug.cgi?id=68571
+
+ Reviewed by Geoffrey Garen.
+
+ This compiles op_throw in the simplest way possible: it's an OSR
+ point back to the old JIT. This is a good step towards increasing
+ coverage, particularly on Kraken, but it's neutral because the
+ same functions that do throw also use some other unsupported
+ opcodes.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should support continuous optimization
+ https://bugs.webkit.org/show_bug.cgi?id=68329
+
+ Reviewed by Geoffrey Garen.
+
+ This adds the ability to reoptimize a code block if speculation
+ failures happen frequently. 6% speed-up on Kraken, 1% slow-down
+ on V8, neutral on SunSpider.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::ProgramCodeBlock::jettison):
+ (JSC::EvalCodeBlock::jettison):
+ (JSC::FunctionCodeBlock::jettison):
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h:
+ (JSC::DFG::getOSREntryDataBytecodeIndex):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::ConservativeRoots):
+ (JSC::ConservativeRoots::~ConservativeRoots):
+ (JSC::DummyMarkHook::mark):
+ (JSC::ConservativeRoots::genericAddPointer):
+ (JSC::ConservativeRoots::genericAddSpan):
+ (JSC::ConservativeRoots::add):
+ * heap/ConservativeRoots.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::addJettisonCodeBlock):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/JettisonedCodeBlocks.cpp: Added.
+ (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks):
+ (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks):
+ (JSC::JettisonedCodeBlocks::addCodeBlock):
+ (JSC::JettisonedCodeBlocks::clearMarks):
+ (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks):
+ (JSC::JettisonedCodeBlocks::traceCodeBlocks):
+ * heap/JettisonedCodeBlocks.h: Added.
+ (JSC::JettisonedCodeBlocks::mark):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.cpp:
+ (JSC::jettisonCodeBlock):
+ (JSC::EvalExecutable::jettisonOptimizedCode):
+ (JSC::ProgramExecutable::jettisonOptimizedCode):
+ (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
+ (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
+ * wtf/BitVector.h: Added.
+ (WTF::BitVector::BitVector):
+ (WTF::BitVector::~BitVector):
+ (WTF::BitVector::operator=):
+ (WTF::BitVector::size):
+ (WTF::BitVector::ensureSize):
+ (WTF::BitVector::resize):
+ (WTF::BitVector::clearAll):
+ (WTF::BitVector::get):
+ (WTF::BitVector::set):
+ (WTF::BitVector::clear):
+ (WTF::BitVector::bitsInPointer):
+ (WTF::BitVector::maxInlineBits):
+ (WTF::BitVector::byteCount):
+ (WTF::BitVector::makeInlineBits):
+ (WTF::BitVector::OutOfLineBits::numBits):
+ (WTF::BitVector::OutOfLineBits::numWords):
+ (WTF::BitVector::OutOfLineBits::bits):
+ (WTF::BitVector::OutOfLineBits::create):
+ (WTF::BitVector::OutOfLineBits::destroy):
+ (WTF::BitVector::OutOfLineBits::OutOfLineBits):
+ (WTF::BitVector::isInline):
+ (WTF::BitVector::outOfLineBits):
+ (WTF::BitVector::resizeOutOfLine):
+ (WTF::BitVector::bits):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Add X86 GPRInfo for DFG JIT.
+ https://bugs.webkit.org/show_bug.cgi?id=68586
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGGPRInfo.h:
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Should support value profiling on CPU(X86)
+ https://bugs.webkit.org/show_bug.cgi?id=68575
+
+ Reviewed by Sam Weinig.
+
+ Fix verbose profiling in ToT (SlowCaseProfile had been
+ partially renamed to RareCaseProfile), add in-memory
+ bucket counter for CPU(X86), move JIT::m_canBeOptimized
+ out of the DFG_JIT ifdef.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::resetRareCaseProfiles):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+
+2011-09-21 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not support compiling functions as constructors
+ https://bugs.webkit.org/show_bug.cgi?id=68500
+
+ Reviewed by Oliver Hunt.
+
+ This adds support for compiling constructors to the DFG. It's a
+ 1% speed-up on V8, mostly due to a 6% speed-up on early-boyer.
+ It's also a 13% win on access-binary-trees, but it's neutral in
+ the SunSpider and Kraken averages.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGNode.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileOptimizedForConstruct):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileForConstruct):
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+
+2011-09-21 Gavin Barraclough <barraclough@apple.com>
+
+ Replace jsFunctionVPtr compares with a type check on the Structure.
+ https://bugs.webkit.org/show_bug.cgi?id=68557
+
+ Reviewed by Oliver Hunt.
+
+ This will permit calls to still optimize to subclasses of JSFunction
+ that have the correct type (but a different C++ vptr).
+
+ This patch stops passing the globalData into numerous functions.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::isFunctionConstant):
+ (JSC::DFG::Graph::valueOfFunctionConstant):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isFunctionConstant):
+ (JSC::DFG::JITCompiler::valueOfFunctionConstant):
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfNotType):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.h:
+ (JSC::isHostFunction):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::putWithAttributes):
+ * runtime/JSObject.h:
+ (JSC::getJSFunction):
+ (JSC::JSObject::putDirect):
+ (JSC::JSObject::putDirectWithoutTransition):
+ * runtime/JSType.h:
+
+2011-09-21 Geoffrey Garen <ggaren@apple.com>
+
+ Removed WTFTHREADDATA_MULTITHREADED, making it always true
+ https://bugs.webkit.org/show_bug.cgi?id=68549
+
+ Reviewed by Darin Adler.
+
+ Another part of making threads exist in WebKit.
+
+ * wtf/WTFThreadData.cpp:
+ * wtf/WTFThreadData.h:
+ (WTF::wtfThreadData):
+
+2011-09-21 Dan Bernstein <mitz@apple.com>
+
+ JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes
+ https://bugs.webkit.org/show_bug.cgi?id=68451
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes
+ check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS".
+
+2011-09-20 Gavin Barraclough <barraclough@apple.com>
+
+ MacroAssembler fixes.
+ https://bugs.webkit.org/show_bug.cgi?id=68494
+
+ Reviewed by Sam Weinig.
+
+ Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::orPtr):
+ (JSC::MacroAssembler::loadPtr):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::or32):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::or32):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::or32):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::or32):
+ (JSC::MacroAssemblerSH4::load32):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::load32):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::load32):
+
+2011-09-20 Geoffrey Garen <ggaren@apple.com>
+
+ Some Heap cleanup.
+
+ Reviewed by Beth Dakin.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath()
+ because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock()
+ since there is only one now.
+
+ * heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused.
+ Updated mark bit overhead calculation. Deployed atomsPerBlock in one
+ place where we were recalculating it.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::addBlock): Updated for rename.
+
+2011-09-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT always speculates integer on modulo
+ https://bugs.webkit.org/show_bug.cgi?id=68485
+
+ Reviewed by Oliver Hunt.
+
+ Added support for double modulo, which is a call to fmod().
+ Also added support for recording the old JIT's statistics
+ on op_mod and propagating them along the graph. Finally,
+ fixed a goof in the ArithNodeFlags propagation logic that
+ was made obvious when I started testing ArithMod.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-20 ChangSeok Oh <shivamidow@gmail.com>
+
+ [GTK] requestAnimationFrame support for gtk port
+ https://bugs.webkit.org/show_bug.cgi?id=66280
+
+ Reviewed by Martin Robinson.
+
+ Let GTK port use REQUEST_ANIMATION_FRAME_TIMER.
+
+ * wtf/Platform.h:
+
+2011-09-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT performs too many negative zero checks, and too many
+ overflow checks
+ https://bugs.webkit.org/show_bug.cgi?id=68430
+
+ Reviewed by Oliver Hunt.
+
+ This adds comprehensive support for deciding how to perform an
+ arithmetic operations based on a combination of overflow profiling,
+ negative zero profiling, value profiling, and a static analysis of
+ how the results of these operations get used.
+
+ This is a 72% speed-up on stanford-crypto-sha256-iterative, and a
+ 2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8
+ geomean, and neutral on SunSpider. It's also an 8.5% speed-up on
+ V8-crypto, because apparenty everything we do speeds up crypto.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::toNumber):
+ (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
+ (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
+ (JSC::DFG::ByteCodeParser::weaklyPredictInt32):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ * dfg/DFGNode.h:
+ (JSC::DFG::nodeUsedAsNumber):
+ (JSC::DFG::nodeCanTruncateInteger):
+ (JSC::DFG::nodeCanIgnoreNegativeZero):
+ (JSC::DFG::nodeCanSpeculateInteger):
+ (JSC::DFG::arithNodeFlagsAsString):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasArithNodeFlags):
+ (JSC::DFG::Node::rawArithNodeFlags):
+ (JSC::DFG::Node::arithNodeFlags):
+ (JSC::DFG::Node::arithNodeFlagsForCompare):
+ (JSC::DFG::Node::setArithNodeFlag):
+ (JSC::DFG::Node::mergeArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::isNotNegZero):
+ (JSC::DFG::Propagator::isNotZero):
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
+ (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::propagatePredictionsForward):
+ (JSC::DFG::Propagator::propagatePredictionsBackward):
+ (JSC::DFG::Propagator::toDouble):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::fixup):
+ (JSC::DFG::Propagator::startIndexForChildren):
+ (JSC::DFG::Propagator::endIndexForPureCSE):
+ (JSC::DFG::Propagator::pureCSE):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::setReplacement):
+ (JSC::DFG::Propagator::performNodeCSE):
+ (JSC::DFG::Propagator::localCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Refactor Heap allocation logic into separate AllocationSpace class
+ https://bugs.webkit.org/show_bug.cgi?id=68409
+
+ Reviewed by Gavin Barraclough.
+
+ This patch hoists direct manipulation of the MarkedSpace and related
+ data out of Heap and into a separate class. This will allow us to
+ have multiple allocation spaces in future, so easing the way towards
+ having GC'd backing stores for objects.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions):
+ * heap/AllocationSpace.cpp: Added.
+ (JSC::AllocationSpace::tryAllocate):
+ (JSC::AllocationSpace::allocateSlowCase):
+ (JSC::AllocationSpace::allocateBlock):
+ (JSC::AllocationSpace::freeBlocks):
+ (JSC::TakeIfEmpty::TakeIfEmpty):
+ (JSC::TakeIfEmpty::operator()):
+ (JSC::TakeIfEmpty::returnValue):
+ (JSC::AllocationSpace::shrink):
+ * heap/AllocationSpace.h: Added.
+ (JSC::AllocationSpace::AllocationSpace):
+ (JSC::AllocationSpace::blocks):
+ (JSC::AllocationSpace::sizeClassFor):
+ (JSC::AllocationSpace::setHighWaterMark):
+ (JSC::AllocationSpace::highWaterMark):
+ (JSC::AllocationSpace::canonicalizeBlocks):
+ (JSC::AllocationSpace::resetAllocator):
+ (JSC::AllocationSpace::forEachCell):
+ (JSC::AllocationSpace::forEachBlock):
+ (JSC::AllocationSpace::allocate):
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::objectSpace):
+ (JSC::Heap::sizeClassForObject):
+ (JSC::Heap::allocate):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed BREWMP* platform #ifdefs
+ https://bugs.webkit.org/show_bug.cgi?id=68425
+
+ BREWMP* has no maintainer, and this is dead code.
+
+ Reviewed by Darin Adler.
+
+ * heap/MarkStack.h:
+ (JSC::::shrinkAllocation):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+ * runtime/TimeoutChecker.cpp:
+ (JSC::getCPUTime):
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+ * wtf/CurrentTime.cpp:
+ * wtf/DateMath.cpp:
+ (WTF::calculateUTCOffset):
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMalloc):
+ (WTF::fastCalloc):
+ (WTF::fastMallocSize):
+ * wtf/FastMalloc.h:
+ * wtf/MainThread.cpp:
+ * wtf/MathExtras.h:
+ * wtf/OwnPtrCommon.h:
+ * wtf/Platform.h:
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+ * wtf/RandomNumberSeed.h:
+ (WTF::initializeRandomNumberGenerator):
+ * wtf/text/WTFString.h:
+ * wtf/unicode/Unicode.h:
+
+2011-09-20 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r95523
+
+ * wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined.
+
+2011-09-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not speculate aggressively enough on GetById
+ https://bugs.webkit.org/show_bug.cgi?id=68320
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to access properties directly, by offset.
+ This optimization kicks in when at the time of DFG compilation,
+ it appears that the given get_by_id is self-cached by the old JIT.
+ Two new opcodes get introduced: CheckStructure and GetByOffset.
+ CheckStructure performs a speculation check on the object's
+ structure, and returns the storage pointer. GetByOffset performs
+ a direct read of the field from the storage pointer. Both
+ CheckStructure and GetByOffset can be CSE'd, so that we can
+ eliminate redundant structure checks, and redundant reads of the
+ same field.
+
+ This is a 4% speed-up on V8, a 2% slow-down on Kraken, and
+ neutral on SunSpider.
+
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionFromClassInfo):
+ (JSC::predictionFromStructure):
+ (JSC::predictionFromCell):
+ * bytecode/PredictedType.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::dataFormatToString):
+ (JSC::DFG::needDataFormatConversion):
+ (JSC::DFG::GenerationInfo::initStorage):
+ (JSC::DFG::GenerationInfo::spill):
+ (JSC::DFG::GenerationInfo::fillStorage):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::fillStorage):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::JITCodeGenerator::storageResult):
+ (JSC::DFG::StorageOperand::StorageOperand):
+ (JSC::DFG::StorageOperand::~StorageOperand):
+ (JSC::DFG::StorageOperand::index):
+ (JSC::DFG::StorageOperand::gpr):
+ (JSC::DFG::StorageOperand::use):
+ * dfg/DFGNode.h:
+ (JSC::DFG::OpInfo::OpInfo):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasPrediction):
+ (JSC::DFG::Node::hasStructure):
+ (JSC::DFG::Node::structure):
+ (JSC::DFG::Node::hasStorageAccessData):
+ (JSC::DFG::Node::storageAccessDataIndex):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::globalVarLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::checkStructureLoadElimination):
+ (JSC::DFG::Propagator::getByOffsetLoadElimination):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * wtf/StdLibExtras.h:
+ (WTF::safeCast):
+
+2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove toPrimitive from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=67875
+
+ Reviewed by Darin Adler.
+
+ Part of the refactoring process to un-virtualize JSCell. We move
+ all of the implicit functionality provided by the virtual toPrimitive method
+ in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
+ also de-virtualizing JSCell::toPrimitive.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toPrimitive):
+ * runtime/JSCell.h:
+
+ We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
+ JSObject. This pushes the virtual method further down, enabling us to get rid
+ of the virtual call in JSCell. Eventually we'll probably have to deal with this
+ again, but we'll cross that bridge when we come to it.
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::defaultValue):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs
+ https://bugs.webkit.org/show_bug.cgi?id=68424
+
+ As discussed on webkit-dev. All ports build with threads enabled in JSC now.
+
+ This may break WinCE and other ports that have not built and tested with
+ this configuration. I've filed bugs for port maintainers. It's time for
+ WebKit to move forward.
+
+ Reviewed by Mark Rowe.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::~Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::blockFreeingThreadMain):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::releaseFreeBlocks):
+ * heap/Heap.h:
+ * wtf/Platform.h:
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs
+ https://bugs.webkit.org/show_bug.cgi?id=68423
+
+ As discussed on webkit-dev. All ports build with threads enabled in WTF now.
+
+ This may break WinCE and other ports that have not built and tested with
+ this configuration. I've filed bugs for port maintainers. It's time for
+ WebKit to move forward.
+
+ Reviewed by Mark Rowe.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
+ * wtf/FastMalloc.cpp:
+ * wtf/Platform.h:
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+ * wtf/RefCountedLeakCounter.cpp:
+ (WTF::RefCountedLeakCounter::increment):
+ (WTF::RefCountedLeakCounter::decrement):
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeThreading):
+ * wtf/dtoa.cpp:
+ (WTF::pow5mult):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::initializeThreading):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::initializeThreading):
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs.
+ https://bugs.webkit.org/show_bug.cgi?id=68422
+
+ As discussed on webkit-dev. All ports build with threads enabled in JSC now.
+
+ This may break WinCE and other ports that have not built and tested with
+ this configuration. I've filed bugs for port maintainers. It's time for
+ WebKit to move forward.
+
+ Reviewed by Sam Weinig.
+
+ * API/APIShims.h:
+ (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
+ * API/JSContextRef.cpp:
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::MachineThreads):
+ (JSC::MachineThreads::~MachineThreads):
+ (JSC::MachineThreads::gatherConservativeRoots):
+ * heap/MachineStackMarker.h:
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ (JSC::initializeThreading):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::sharedInstance):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::makeUsableFromMultipleThreads):
+ * runtime/JSLock.cpp:
+ * runtime/Structure.cpp:
+ * wtf/Platform.h:
+
+2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95493 and r95496.
+ http://trac.webkit.org/changeset/95493
+ http://trac.webkit.org/changeset/95496
+ https://bugs.webkit.org/show_bug.cgi?id=68418
+
+ Broke Windows build (Requested by rniwa on #webkit).
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions):
+ * heap/AllocationSpace.cpp: Removed.
+ * heap/AllocationSpace.h: Removed.
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
+ (JSC::CountFunctor::TakeIfEmpty::operator()):
+ (JSC::CountFunctor::TakeIfEmpty::returnValue):
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::tryAllocate):
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::markedSpace):
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock):
+ (JSC::Heap::sizeClassFor):
+ (JSC::Heap::allocate):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-09-19 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk, missed stylebot comments in last commit.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncSplit):
+
+2011-09-19 Gavin Barraclough <barraclough@apple.com>
+
+ String#split is buggy
+ https://bugs.webkit.org/show_bug.cgi?id=68348
+
+ Reviewed by Sam Weinig.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::jsStringWithReuse):
+ - added helper function to reuse original JSString value.
+ (JSC::stringProtoFuncSplit):
+ - Rewritten from the spec.
+ * tests/mozilla/ecma/String/15.5.4.8-2.js:
+ (getTestCases):
+ - This test is not ES5 compliant.
+
+2011-09-19 Geoffrey Garen <ggaren@apple.com>
+
+ Removed lots of friend declarations from JSCell, so we can more
+ effectively make use of private and protected.
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of
+ confusion for not much safety.
+ (JSC::JSCell::operator new): Made this public because it is used by a
+ few clients, and not really dangerous.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::JSObject::getPropertySpecificValue):
+ (JSC::JSObject::getOwnPropertyNames):
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ (JSC::JSObject::removeDirect):
+ (JSC::JSObject::createInheritorID):
+ (JSC::JSObject::allocatePropertyStorage):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getDirect):
+ (JSC::JSObject::getDirectLocation):
+ (JSC::JSObject::hasCustomProperties):
+ (JSC::JSObject::hasGetterSetterProperties):
+ (JSC::JSObject::isSealed):
+ (JSC::JSObject::isFrozen):
+ (JSC::JSObject::isExtensible):
+ (JSC::JSObject::flattenDictionaryObject):
+ (JSC::JSObject::finishCreation):
+ (JSC::JSObject::prototype):
+ (JSC::JSObject::setPrototype):
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ (JSC::JSCell::fastGetOwnProperty):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to
+ structure() / setStructure(), so we don't have to be a friend of JSCell.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::setStructure): Added, to avoid direct access by JSObject
+ to JSCell::m_structure.
+
+2011-09-19 Adam Barth <abarth@webkit.org>
+
+ Always enable ENABLE(EVENTSOURCE)
+ https://bugs.webkit.org/show_bug.cgi?id=68414
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-19 Eli Fidler <efidler@rim.com>
+
+ Enable JSC_MULTIPLE_THREADS for OS(QNX).
+ https://bugs.webkit.org/show_bug.cgi?id=68047
+
+ Reviewed by Daniel Bates.
+
+ SA_RESTART was required for SIGUSR2-based debugging, but is not
+ present on QNX. This debugging doesn't seem critical to
+ JSC_MULTIPLE_THREADS, so allow it to proceed.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::Thread::Thread):
+ (JSC::getPlatformThreadRegisters):
+ (JSC::otherThreadStackPointer):
+ (JSC::freePlatformThreadRegisters):
+ * wtf/Platform.h: enable PTHREADS for OS(QNX)
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Refactor Heap allocation logic into separate AllocationSpace class
+ https://bugs.webkit.org/show_bug.cgi?id=68409
+
+ Reviewed by Gavin Barraclough.
+
+ This patch hoists direct manipulation of the MarkedSpace and related
+ data out of Heap and into a separate class. This will allow us to
+ have multiple allocation spaces in future, so easing the way towards
+ having GC'd backing stores for objects.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions):
+ * heap/AllocationSpace.cpp: Added.
+ (JSC::AllocationSpace::tryAllocate):
+ (JSC::AllocationSpace::allocateSlowCase):
+ (JSC::AllocationSpace::allocateBlock):
+ (JSC::AllocationSpace::freeBlocks):
+ (JSC::TakeIfEmpty::TakeIfEmpty):
+ (JSC::TakeIfEmpty::operator()):
+ (JSC::TakeIfEmpty::returnValue):
+ (JSC::AllocationSpace::shrink):
+ * heap/AllocationSpace.h: Added.
+ (JSC::AllocationSpace::AllocationSpace):
+ (JSC::AllocationSpace::blocks):
+ (JSC::AllocationSpace::sizeClassFor):
+ (JSC::AllocationSpace::setHighWaterMark):
+ (JSC::AllocationSpace::highWaterMark):
+ (JSC::AllocationSpace::canonicalizeBlocks):
+ (JSC::AllocationSpace::resetAllocator):
+ (JSC::AllocationSpace::forEachCell):
+ (JSC::AllocationSpace::forEachBlock):
+ (JSC::AllocationSpace::allocate):
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::getConservativeRegisterRoots):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::objectSpace):
+ (JSC::Heap::sizeClassForObject):
+ (JSC::Heap::allocate):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-09-19 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r95310
+
+ * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added
+ include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found.
+
+2011-09-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculation failures should act as additional value profiles
+ https://bugs.webkit.org/show_bug.cgi?id=68335
+
+ Reviewed by Oliver Hunt.
+
+ This adds slow-case counters to the old JIT. It also ensures that
+ negative zero in multiply is handled carefully. The old JIT
+ previously took slow path if the result of a multiply was zero,
+ which, without any changes, would cause the DFG to think that
+ every such multiply produced a double result.
+
+ This also fixes a bug in the old JIT's handling of decrements. It
+ would take the slow path if the result was zero, but not if it
+ underflowed.
+
+ By itself, this would be a 1% slow-down on V8 and Kraken. But then
+ I wrote optimizations in the DFG that take advantage of this new
+ information. It's no longer the case that every multiply needs to
+ do a check for negative zero; it only happens if the negative
+ zero is ignored.
+
+ This results in a 12% speed-up on v8-crypto, for a 1.4% geomean
+ speed-up in V8. It's mostly neutral on Kraken. I can see an
+ 0.5% slow-down and it appears to be significant.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::resetRareCaseProfiles):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * bytecode/ValueProfile.h:
+ (JSC::RareCaseProfile::RareCaseProfile):
+ (JSC::getRareCaseProfileBytecodeOffset):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::clobbersWorld):
+ (JSC::DFG::Propagator::performNodeCSE):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JSC::JIT::linkDummySlowCase):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_dec):
+ (JSC::JIT::compileBinaryArithOp):
+ (JSC::JIT::emit_op_add):
+ (JSC::JIT::emitSlow_op_add):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::addSlowCase):
+
+2011-09-19 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r94575
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp
+ now builds just before FindSafari.
+
+2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95466.
+ http://trac.webkit.org/changeset/95466
+ https://bugs.webkit.org/show_bug.cgi?id=68389
+
+ Incorrect version of the patch. (Requested by mhahnenberg on
+ #webkit).
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toPrimitive):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toPrimitive):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toPrimitive):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+
+2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove toPrimitive from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=67875
+
+ Reviewed by Geoffrey Garen.
+
+ Part of the refactoring process to un-virtualize JSCell. We move
+ all of the implicit functionality provided by the virtual toPrimitive method
+ in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
+ also de-virtualizing JSCell::toPrimitive.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toPrimitive):
+ * runtime/JSCell.h:
+
+ We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
+ JSObject. This pushes the virtual method further down, enabling us to get rid
+ of the virtual call in JSCell. Eventually we'll probably have to deal with this
+ again, but we'll cross that bridge when we come to it.
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::defaultValue):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ (JSC::JSValue::toPrimitive):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp}
+ https://bugs.webkit.org/show_bug.cgi?id=68376
+
+ Reviewed by Gavin Barraclough.
+
+ Renamed the the MarkedSpace files to match new name, and
+ updated the relevant references.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.h:
+ * heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp.
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::addBlock):
+ (JSC::MarkedSpace::removeBlock):
+ (JSC::MarkedSpace::resetAllocator):
+ (JSC::MarkedSpace::canonicalizeBlocks):
+ * heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h.
+ (JSC::MarkedSpace::waterMark):
+ (JSC::MarkedSpace::highWaterMark):
+ (JSC::MarkedSpace::setHighWaterMark):
+ (JSC::MarkedSpace::sizeClassFor):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::forEachBlock):
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+ (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
+ * runtime/JSCell.h:
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Rename NewSpace to MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=68375
+
+ Reviewed by Gavin Barraclough.
+
+ Rename NewSpace to a more accurate name, and update all uses.
+ This patch doesn't rename the files themselves as that will
+ just make the patch appear bigger than it is.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
+ (JSC::CountFunctor::TakeIfEmpty::operator()):
+ (JSC::Heap::Heap):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::tryAllocate):
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::isValidAllocation):
+ (JSC::Heap::shrink):
+ * heap/Heap.h:
+ (JSC::Heap::markedSpace):
+ (JSC::Heap::sizeClassFor):
+ (JSC::Heap::allocate):
+ * heap/NewSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::addBlock):
+ (JSC::MarkedSpace::removeBlock):
+ (JSC::MarkedSpace::resetAllocator):
+ (JSC::MarkedSpace::canonicalizeBlocks):
+ * heap/NewSpace.h:
+ (JSC::MarkedSpace::waterMark):
+ (JSC::MarkedSpace::highWaterMark):
+ (JSC::MarkedSpace::setHighWaterMark):
+ (JSC::MarkedSpace::sizeClassFor):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::forEachBlock):
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+ (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+
+2011-09-19 Peter Rybin <peter.rybin@gmail.com>
+
+ TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes
+ https://bugs.webkit.org/show_bug.cgi?id=63541
+
+ Reviewed by Adam Barth.
+
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::startPosition):
+ * wtf/text/TextPosition.h:
+ (WTF::OrdinalNumber::fromZeroBasedInt):
+ (WTF::OrdinalNumber::fromOneBasedInt):
+ (WTF::OrdinalNumber::OrdinalNumber):
+ (WTF::OrdinalNumber::zeroBasedInt):
+ (WTF::OrdinalNumber::oneBasedInt):
+ (WTF::OrdinalNumber::operator==):
+ (WTF::OrdinalNumber::operator!=):
+ (WTF::OrdinalNumber::first):
+ (WTF::OrdinalNumber::beforeFirst):
+ (WTF::TextPosition::TextPosition):
+ (WTF::TextPosition::minimumPosition):
+ (WTF::TextPosition::belowRangePosition):
+
+2011-09-19 Dan Bernstein <mitz@apple.com>
+
+ JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes
+ https://bugs.webkit.org/show_bug.cgi?id=68323
+
+ Reviewed by Sam Weinig.
+
+ Renamed WTFMainThreadCaller to JSWTFMainThreadCaller.
+
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::initializeMainThreadPlatform):
+ (WTF::initializeMainThreadToProcessMainThreadPlatform):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Remove direct property slot pointers from the instruction stream
+ https://bugs.webkit.org/show_bug.cgi?id=68373
+
+ Reviewed by Gavin Barraclough.
+
+ Use an indirect load to access prototype properties rather than directly
+ storing the property address in the instruction stream. This should allow
+ further optimisations in future, and also provides a 0.5% win to sunspider.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+ * runtime/JSObject.h:
+ (JSC::JSObject::addressOfPropertyStorage):
+
+2011-09-19 Oliver Hunt <oliver@apple.com>
+
+ Remove bump allocator
+ https://bugs.webkit.org/show_bug.cgi?id=68370
+
+ Reviewed by Sam Weinig.
+
+ Can't do anything with this allocator currently, and it's
+ increasing the complexity of the GC code. Slight progression
+ on SunSpider, slight regression (undoing the original progression)
+ in V8.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::allocate):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::visitChildrenDirect):
+ * runtime/StorageBarrier.h:
+ (JSC::StorageBarrier::set):
+
+2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Fix distcheck build
+ https://bugs.webkit.org/show_bug.cgi?id=68346
+
+ Reviewed by Philippe Normand.
+
+ * GNUmakefile.list.am:
+
+2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Fix distcheck build
+ https://bugs.webkit.org/show_bug.cgi?id=68241
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am:
+
+2011-09-18 Dan Bernstein <mitz@apple.com>
+
+ Removed ProfilerServer.
+
+ Reviewed by Mark Rowe.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * profiler/ProfilerServer.h: Removed.
+ * profiler/ProfilerServer.mm: Removed.
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * wscript:
+
+2011-09-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should inline Math.min, Math.max, and Math.sqrt
+ https://bugs.webkit.org/show_bug.cgi?id=68318
+
+ Reviewed by Gavin Barraclough.
+
+ Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for
+ a function to have an intrinsic but not a thunk generator. This is
+ a 7% speed-up on access-nbody, and neutral elsewhere, mainly because
+ we're still not DFG compiling the bulk of the hot code in Kraken audio
+ benchmarks.
+
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleMinMax):
+ (JSC::DFG::ByteCodeParser::handleIntrinsic):
+ * dfg/DFGIntrinsic.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+
+2011-09-18 Nico Weber <thakis@chromium.org>
+
+ Remove two files from JavaScriptCore.gypi that were removed in r95240
+ https://bugs.webkit.org/show_bug.cgi?id=68327
+
+ Unreviewed, build warning fix.
+
+ * JavaScriptCore.gypi:
+
+2011-09-17 Oliver Hunt <oliver@apple.com>
+
+ Remove special case handling of inline storage from the JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68319
+
+ Reviewed by Gavin Barraclough.
+
+ Simplify logic used for reading and writing to property storage
+ by removing the special cases for inline storage. This has no
+ perf impact.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryBuildGetByIDList):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compilePutDirectOffset):
+ (JSC::JIT::compileGetDirectOffset):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compilePutDirectOffset):
+ (JSC::JIT::compileGetDirectOffset):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+
+2011-09-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not have full block-local CSE
+ https://bugs.webkit.org/show_bug.cgi?id=68316
+
+ Reviewed by Oliver Hunt.
+
+ This adds block-local CSE to the DFG. CSE runs in the propagator just after
+ type propagation. It is part of the propagator itself because it needs to
+ use the propagator's internal data structures to determine which operations
+ may have side effects. Because it changes the live-ranges of nodes, the
+ virtual register allocator had to be moved into the propagator so that it
+ runs after CSE. To ensure that the back-end knows to keep the inputs to
+ any eliminated node alive for OSR, a new node type, Phantom, was introduced.
+ It is a no-op but prolonges the live-range of its inputs.
+
+ This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on
+ Kraken.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAliasTracker.h: Removed.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::MethodCheckData::operator==):
+ (JSC::DFG::MethodCheckData::operator!=):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasVirtualRegister):
+ (JSC::DFG::Node::setRefCount):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::canonicalize):
+ (JSC::DFG::Propagator::computeStartIndex):
+ (JSC::DFG::Propagator::startIndex):
+ (JSC::DFG::Propagator::pureCSE):
+ (JSC::DFG::Propagator::globalVarLoadElimination):
+ (JSC::DFG::Propagator::getByValLoadElimination):
+ (JSC::DFG::Propagator::getMethodLoadElimination):
+ (JSC::DFG::Propagator::performSubstitution):
+ (JSC::DFG::Propagator::setReplacement):
+ (JSC::DFG::Propagator::performNodeCSE):
+ (JSC::DFG::Propagator::performBlockCSE):
+ (JSC::DFG::Propagator::localCSE):
+ (JSC::DFG::Propagator::allocateVirtualRegisters):
+ (JSC::DFG::propagate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ method_check should repatch itself if it finds that the new structure(s)
+ are the result of transitions from the old structure(s)
+ https://bugs.webkit.org/show_bug.cgi?id=68294
+
+ Reviewed by Gavin Barraclough.
+
+ Previously a patched method_check would slow-path to get_by_id. Now it
+ slow-paths to method_check_update, which attempts to correct the
+ method_check due to structure transitions before bailing to get_by_id.
+
+ This is a 1-2% speed-up on some benchmarks and is not a slow-down
+ anywhere, leading to a 0.6% speed-up on the Kraken geomean.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * runtime/Structure.h:
+ (JSC::Structure::transitivelyTransitionedFrom):
+
+2011-09-16 Ryosuke Niwa <rniwa@webkit.org>
+
+ Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests).
+
+ * wtf/Platform.h:
+
+2011-09-16 Sam Weinig <sam@webkit.org>
+
+ Rename APIValueWrapper type to APIValueWrapperType for consistency
+ https://bugs.webkit.org/show_bug.cgi?id=68306
+
+ Reviewed by Anders Carlsson.
+
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ Update name.
+
+ * runtime/JSType.h:
+ Update name and un-indent.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::isAPIValueWrapper):
+ Update name.
+
+2011-09-16 Sam Weinig <sam@webkit.org>
+
+ Remove unused isStrictModeFunction function
+ https://bugs.webkit.org/show_bug.cgi?id=68305
+
+ Reviewed by Anders Carlsson.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::isStrictModeFunction):
+
+2011-09-16 Sam Weinig <sam@webkit.org>
+
+ Cleanup JSTypeInfo a bit
+ https://bugs.webkit.org/show_bug.cgi?id=68289
+
+ Reviewed by Anders Carlsson.
+
+ * dfg/DFGOperations.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ Replace direct access to flags() with predicate.
+
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::createStructure):
+ Pass FinalObjectType instead of using special IsJSFinalObject.
+
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set.
+
+ (JSC::TypeInfo::isFinalObject):
+ Added.
+
+ (JSC::TypeInfo::masqueradesAsUndefined):
+ (JSC::TypeInfo::implementsHasInstance):
+ (JSC::TypeInfo::isEnvironmentRecord):
+ (JSC::TypeInfo::overridesHasInstance):
+ (JSC::TypeInfo::implementsDefaultHasInstance):
+ (JSC::TypeInfo::overridesGetOwnPropertySlot):
+ (JSC::TypeInfo::overridesVisitChildren):
+ (JSC::TypeInfo::overridesGetPropertyNames):
+ (JSC::TypeInfo::prohibitsPropertyCaching):
+ (JSC::TypeInfo::isSetOnFlags1):
+ (JSC::TypeInfo::isSetOnFlags2):
+ Replace direct bit twiddling with helper functions.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ Use new isFinalObject() predicate.
+
+2011-09-16 Gavin Barraclough <barraclough@apple.com>
+
+ Unsigned bit shift fails under certain conditions in 32 bit builds
+ https://bugs.webkit.org/show_bug.cgi?id=68166
+
+ Reviewed by Geoff Garen.
+
+ The major bug here is that the slow case (which handles shifts of
+ doubles) doesn't check for negative results from an unsigned shift
+ (which should be unsigned, and as such can't be represented by a
+ signed integer immediate). The implementation is also flawed for
+ shifts by negative shift amounts (treats as shift by zero).
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emitRightShiftSlowCase):
+
+2011-09-16 Geoffrey Garen <ggaren@apple.com>
+
+ Removed undetectable style.filter.
+
+ Reviewed by Sam Weinig.
+
+ This feature was added in http://trac.webkit.org/changeset/15557 to
+ support housingmaps.com. But housingmaps.com no longer needs this hack,
+ we don't know of other websites that need it, and we don't know of
+ any other browsers that have implemented this feature.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/JSTypeInfo.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h: Removed.
+
+2011-09-15 Sam Weinig <sam@webkit.org>
+
+ Prepare JSTypes for more Object subtypes
+ https://bugs.webkit.org/show_bug.cgi?id=68200
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::branchIfNotObject):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfNotObject):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeForLookup):
+ * runtime/JSObject.h:
+ (JSC::JSObject::finishCreation):
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::type):
+ (JSC::TypeInfo::isObject):
+ (JSC::TypeInfo::isFinal):
+ (JSC::TypeInfo::prohibitsPropertyCaching):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::finishCreation):
+ * runtime/Operations.cpp:
+ (JSC::jsIsObjectType):
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC::Structure::isObject):
+ (JSC::JSCell::isObject):
+
+2011-09-16 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled back in r95201 with test failure fixed.
+
+ I missed two cases of jumpSlowToHot in rshift -- these cases need to be
+ sure to initialize regT1 to the int tag, since it will otherwise hold
+ the top 32 bits of a double.
+
+ * jit/JIT.h:
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emitRightShiftSlowCase):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitStoreAndMapInt32):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed Windows build fix after 95318.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-16 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r95310
+
+ * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the
+ include path so DFGIntrinsic.h can be found.
+
+2011-09-16 Gavin Barraclough <barraclough@apple.com>
+
+ Rationalize JSObject::putDirect* methods
+ https://bugs.webkit.org/show_bug.cgi?id=68274
+
+ Reviewed by Sam Weinig.
+
+ Delete the *Function variants. These are overall inefficient,
+ in the way they get the name back from the function rather
+ than just passing it in.
+
+ * JavaScriptCore.exp:
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::addFunction):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::putWithAttributes):
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirect):
+ (JSC::JSObject::putDirectWithoutTransition):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::lookupPut):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for Windows.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for non-DFG builds.
+
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::finishCreation):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should inline Math.abs
+ https://bugs.webkit.org/show_bug.cgi?id=68227
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to track intrinsic functions throughout the
+ host function infrastructure, so that the DFG can easily query
+ whether or not a call's target is intrinsic, and if so, which
+ intrinsic it is.
+
+ On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs)
+ is transformed into ValueToNumber<-ArithAbs nodes. These nodes
+ then get optimized using the usual tricks.
+
+ Also had to make a completely unrelated change to
+ DateInstanceCache.h in order to fix a preexisting alphabetical
+ sorting problem in JSGlobalData.h
+
+ This results in a big win in imaging-gaussian-blur: 61% faster
+ than before. The net win on Kraken is around 13%.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * create_hash_table:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::isFunctionConstant):
+ (JSC::DFG::Graph::valueOfFunctionConstant):
+ * dfg/DFGIntrinsic.h: Added.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isFunctionConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfFunctionConstant):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isFunctionConstant):
+ (JSC::DFG::JITCompiler::valueOfFunctionConstant):
+ * dfg/DFGNode.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/DateInstanceCache.h:
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::intrinsic):
+ (JSC::NativeExecutable::intrinsic):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/Lookup.cpp:
+ (JSC::HashTable::createTable):
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ (JSC::HashEntry::initialize):
+ (JSC::HashEntry::intrinsic):
+
+2011-09-16 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences
+ using Domino's online ordering
+ https://bugs.webkit.org/show_bug.cgi?id=68220
+
+ Reviewed by Oliver Hunt.
+
+ Weak handle processing can result in new objects being marked, which
+ results in new WeakReferencesHarvesters being added. But weak
+ reference harvesters are only processed before weak handle processing,
+ so there's the risk that a weak reference harvester will persist
+ until the next collection, by which time it may have been deleted.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+
+2011-09-16 Csaba Osztrogonác <ossy@webkit.org>
+
+ REGRESSION(r95201): It made two tests fail
+ https://bugs.webkit.org/show_bug.cgi?id=68230
+
+ Unreviewed rolling out r95201.
+
+ * jit/JIT.h:
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ * jit/JITInlineMethods.h:
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize method_check
+ https://bugs.webkit.org/show_bug.cgi?id=68215
+
+ Reviewed by Oliver Hunt.
+
+ MethodCallLinkInfo and StructureStubInfo are now searchable by
+ bytecodeIndex, so that DFG::ByteCodeParser can use that information
+ to determine how to optimize GetMethod.
+
+ A new node op has been added to DFG: CheckMethod. This is a variant
+ of GetMethod that has been optimized for the case that GetMethod
+ always takes the fast path. CheckMethod results in only a very
+ small amount of code (two loads and two branches in the worst case,
+ one load and one branch in the best case). CheckMethod behaves as
+ if it were a constant.
+
+ Introduced the notion that a DFG node that is not JSConstant
+ behaves as a constant. CheckMethod uses this functionality.
+
+ This is a 3% speed-up on Kraken, and a small speed-up on V8.
+ Appears to be neutral on SunSpider.
+
+ * bytecode/CodeBlock.h:
+ (JSC::getStructureStubInfoBytecodeIndex):
+ (JSC::getMethodCallLinkInfoBytecodeIndex):
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionFromCell):
+ (JSC::predictionFromValue):
+ * bytecode/PredictedType.h:
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordGetMethod):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::getMethodCheckPrediction):
+ (JSC::DFG::Graph::getPrediction):
+ (JSC::DFG::Graph::isConstant):
+ (JSC::DFG::Graph::isJSConstant):
+ (JSC::DFG::Graph::valueOfJSConstant):
+ (JSC::DFG::Graph::valueOfInt32Constant):
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ (JSC::DFG::Graph::valueOfJSConstantNode):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasConstant):
+ (JSC::DFG::Node::hasIdentifier):
+ (JSC::DFG::Node::hasMethodCheckData):
+ (JSC::DFG::Node::methodCheckDataIndex):
+ (JSC::DFG::Node::valueOfJSConstant):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
+ (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::structureAddress):
+
+2011-09-15 Adam Barth <abarth@webkit.org>
+
+ Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE)
+ https://bugs.webkit.org/show_bug.cgi?id=68205
+
+ Reviewed by Eric Seidel.
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-09-15 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (7/7)
+ https://bugs.webkit.org/show_bug.cgi?id=68122
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the seventh and final level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ JSCallbackObject was missed in previous patches due to the fact that
+ it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so
+ this is just a bit of retroactive cleanup.
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ The DFG non-speculative JIT is no longer used and should be removed.
+ https://bugs.webkit.org/show_bug.cgi?id=68177
+
+ Reviewed by Geoffrey Garen.
+
+ This removes the non-speculative JIT and everything that relied on it,
+ including the ability to turn on DFG but not tiered compilation the,
+ ability to perform speculation failure into non-speculative JIT code,
+ and the ability to statically terminate speculation.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitLoopHint):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGenerationInfo.h:
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp: Removed.
+ * dfg/DFGNonSpeculativeJIT.h: Removed.
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGPropagator.cpp:
+ * dfg/DFGPropagator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::osrExits):
+ (JSC::DFG::SpeculativeJIT::speculationRecovery):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITCode.h:
+ (JSC::JITCode::bottomTierJIT):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * wtf/Platform.h:
+
+2011-09-15 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default
+ https://bugs.webkit.org/show_bug.cgi?id=68182
+
+ Reviewed by Adam Barth.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT sometimes asserts that a value is not a number
+ even when it doesn't know anything about the number
+ https://bugs.webkit.org/show_bug.cgi?id=68189
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::isUnknownJS):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ All of the functionality in the non-speculative JIT should be
+ available to the speculative JIT via helper methods
+ https://bugs.webkit.org/show_bug.cgi?id=68186
+
+ Reviewed by Oliver Hunt.
+
+ Stole all of the goodness from NonSpeculativeJIT and placed it
+ in JITCodeGenerator. Left all of the badness (i.e. subtle code
+ duplication with SpeculativeJIT, etc). This is in preparation
+ for removing the NonSpeculativeJIT entirely, but having its
+ goodness available for reuse in the SpeculativeJIT if necessary.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+
+2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95167.
+ http://trac.webkit.org/changeset/95167
+ https://bugs.webkit.org/show_bug.cgi?id=68191
+
+ Patch needs further work. (Requested by mhahnenberg on
+ #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::toBoolean):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toBoolean):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toBoolean):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for platforms that expect a linkable symbol
+ for primitive static const's.
+
+ * bytecode/CodeBlock.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+
+2011-09-15 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for assertion on existence of alternative
+ CodeBlock.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Value profiles collect no information for global variables
+ https://bugs.webkit.org/show_bug.cgi?id=68143
+
+ Reviewed by Geoffrey Garen.
+
+ 17% speed-up on string-fasta. Neutral elsewhere.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getStrongPrediction):
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_global_var):
+
+2011-09-15 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE_SVG_ANIMATION as all major ports have it on by default
+ https://bugs.webkit.org/show_bug.cgi?id=68022
+
+ Reviewed by Ryosuke Niwa.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-15 Gavin Barraclough <barraclough@apple.com>
+
+ Ooops, revert accidentally commited unreviewed changes.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ * jit/JSInterfaceJIT.h:
+ * runtime/JSValue.h:
+
+2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95163.
+ http://trac.webkit.org/changeset/95163
+ https://bugs.webkit.org/show_bug.cgi?id=68180
+
+ [Qt] The QT_GCC_X variables were removed in Qt5 by accident.
+ (Requested by darktears on #webkit).
+
+ * JavaScriptCore.pro:
+
+2011-09-15 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix p1.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ * jit/JSInterfaceJIT.h:
+ * runtime/JSValue.h:
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Tiered compilation should be enabled by default on platforms
+ that support the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68136
+
+ Reviewed by Sam Weinig.
+
+ Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on
+ Kraken. Large progressions on some benchmarks, including
+ 3x on imaging-desaturate.
+
+ * wtf/Platform.h:
+
+2011-09-15 Gavin Barraclough <barraclough@apple.com>
+
+ devirtualize preventExtensions
+ https://bugs.webkit.org/show_bug.cgi?id=68176
+
+ Reviewed by Oliver Hunt.
+
+ This is virtual due to problems in JSFunction putting the prototype
+ property, but we can fix this problem a different way, just setting
+ the checkReadOnly flag to false in the put.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSObject.h:
+
+2011-09-15 Geoffrey Garen <ggaren@apple.com>
+
+ Value chaining for JSValue32_64 bitops.
+
+ Reviewed by Sam Weinig.
+
+ SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto).
+
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores
+ that can chain their results, which is the common case.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec): Deployed new function.
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec): Had to reorder these functions so they
+ computed their result values last, to make them elligible for chaining.
+
+2011-09-15 Adam Roben <aroben@apple.com>
+
+ Clang build fix after r95172
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
+ Added parentheses to make precendence clear.
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG does not speculate aggressively enough on comparisons
+ https://bugs.webkit.org/show_bug.cgi?id=68138
+
+ Reviewed by Oliver Hunt.
+
+ This is a 75% speed-up on Kraken/ai-astar. It's a 1% win on
+ V8 and an 8.5% win on Kraken. Neutral on SunSpider.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compileObjectEquality):
+ (JSC::DFG::SpeculativeJIT::compare):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not leverage integer speculations on branches
+ https://bugs.webkit.org/show_bug.cgi?id=68140
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isStrictInt32):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-14 Gavin Barraclough <barraclough@apple.com>
+
+ [n]stricteq code is bogus in JSValue32_64 JIT
+ https://bugs.webkit.org/show_bug.cgi?id=68141
+
+ Reviewed by Sam Weinig.
+
+ The code tries to check for both ints or cells, but this check also
+ catches cases where values that are undefined, null, etc (probably
+ was incorrectly assuming cell was the 2nd highest tag?).
+
+ Also, there is no need not to handle int on the fast path.
+ stricteq is just a case of comparing the payloads, if we:
+ * handle cases of differing tags on a slow path
+ * handle doubles a slow path
+ * handle both-are-string on a slow path
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emitSlow_op_stricteq):
+ (JSC::JIT::emitSlow_op_nstricteq):
+
+2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Make JSCell::toBoolean non-virtual
+ https://bugs.webkit.org/show_bug.cgi?id=67727
+
+ Reviewed by Sam Weinig.
+
+ JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
+ before it was simply virtual and would crash if its implementation was called).
+ Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
+ explicitly covers all cases of toBoolean, so having a virtual implementation of
+ JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSNotAnObject.cpp:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSString.h:
+ (JSC::JSCell::toBoolean):
+ (JSC::JSValue::toBoolean):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+
+2011-09-14 Alexis Menard <alexis.menard@openbossa.org>
+
+ [Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore.
+ https://bugs.webkit.org/show_bug.cgi?id=68114
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Use the new GCC_X variables defined in WebKit.pri to replace
+ the usage of QT_GCC_X.
+
+ * JavaScriptCore.pro:
+
+2011-09-14 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r95145.
+ http://trac.webkit.org/changeset/95145
+ https://bugs.webkit.org/show_bug.cgi?id=68139
+
+ The GTK+ build is working now, so revert this trial build fix.
+ (Requested by mrobinson on #webkit).
+
+ * GNUmakefile.list.am:
+
+2011-09-14 Patrick Gansterer <paroga@webkit.org>
+
+ Port MachineStackMarker to Windows ARM and MIPS
+ https://bugs.webkit.org/show_bug.cgi?id=68068
+
+ Reviewed by Geoffrey Garen.
+
+ Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS).
+ Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for
+ CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for
+ CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS).
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::getPlatformThreadRegisters):
+ (JSC::otherThreadStackPointer):
+
+2011-09-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT always speculates that ValueAdd is a numeric addition
+ https://bugs.webkit.org/show_bug.cgi?id=67956
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Stop building BinarySemaphore to see if that's what's breaking the GTK+ build.
+
+ * GNUmakefile.list.am:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ This is getting old. Yet another build fix attempt.
+
+ * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Yet another build fix attempt.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ How I &quot;love&quot; Visual Studio...
+
+ Try to fix build again.
+
+ * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Try to fix Windows build.
+
+ * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Add BinarySemaphore class from WebKit2 to WTF
+ https://bugs.webkit.org/show_bug.cgi?id=68132
+
+ Reviewed by Sam Weinig.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ Update build systems.
+
+ * wtf/threads: Added.
+ * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp.
+ * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h.
+ * wtf/threads/win: Added.
+ * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp.
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for Interpreter.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-09-14 Anders Carlsson <andersca@apple.com>
+
+ Add wtf/threads and wtf/threads/win, so we can be sure that the EWS
+ bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132
+
+ Rubber-stamped by Sam Weinig.
+
+ * wtf/threads: Added.
+ * wtf/threads/win: Added.
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT should not speculate integer if the value is always going to be
+ used as a double anyway
+ https://bugs.webkit.org/show_bug.cgi?id=68127
+
+ Reviewed by Oliver Hunt.
+
+ Added a ValueToDouble node, which is a variant of ValueToNumber that
+ hints that it will only be used as a double and never as an integer.
+ Thus, it turns off integer speculation even if the value profiler
+ told us that the value source is an int. The logic for converting a
+ ValueToNumber into a ValueToDouble is found in Propagator.
+
+ This appears to be a 22% speed-up in imaging-darkroom.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::toDouble):
+ (JSC::DFG::Propagator::fixupNode):
+ (JSC::DFG::Propagator::fixup):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Tiered compilation heuristics do not account for value profile fullness
+ https://bugs.webkit.org/show_bug.cgi?id=68116
+
+ Reviewed by Oliver Hunt.
+
+ Tiered compilation avoids invoking the DFG JIT if it finds that value
+ profiles contain insufficient information. Instead, it produces a
+ prediction from the current value profile, and then clears the value
+ profile. This allows the value profile to heat up from scratch for
+ some number of additional executions. The new profiles will then be
+ merged with the previous prediction. Once the amount of information
+ in predictions is enough according to heuristics in CodeBlock.cpp,
+ DFG optimization is allowed to proceed.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::visitWeakReferences):
+ (JSC::CodeBlock::shouldOptimizeNow):
+ (JSC::CodeBlock::dumpValueProfiles):
+ * bytecode/CodeBlock.h:
+ * bytecode/PredictedType.cpp:
+ (JSC::predictionToString):
+ * bytecode/PredictedType.h:
+ * bytecode/ValueProfile.cpp: Added.
+ (JSC::ValueProfile::computeStatistics):
+ (JSC::ValueProfile::computeUpdatedPrediction):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::totalNumberOfSamples):
+ (JSC::ValueProfile::isLive):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::dump):
+ (JSC::getValueProfileBytecodeOffset):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG should not speculate that the child of LogicalNot is a boolean if
+ predictions tell us otherwise
+ https://bugs.webkit.org/show_bug.cgi?id=68118
+
+ Reviewed by Geoffrey Garen.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-14 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix. Turn off tiered compilation.
+
+ * wtf/Platform.h:
+
+2011-09-13 Filip Pizlo <fpizlo@apple.com>
+
+ Prediction tracking is not precise enough
+ https://bugs.webkit.org/show_bug.cgi?id=67993
+
+ Reviewed by Oliver Hunt.
+
+ Added a richer set of type predictions, including JSFinalObject, JSString,
+ object that is not a JSFinalObject or JSArray (ObjectOther), some object
+ but we don't or care know what kind (SomeObject), definitely an object,
+ cell that is not an object or JSString, an value that is none of the above
+ (so either Undefined or Null). Made the propagator and value profiler work
+ with the new types.
+
+ Performance is neutral, because the DFG JIT does not take advantage of this
+ new knowledge yet.
+
+ In the process of writing predictionToString() (which is now considerably
+ more complex) I decided to finally add a BoundsCheckedPointer, which
+ should come in handy in other places, like at least the OSR scratch buffer
+ and the CompactJITCodeMap. It's great for cases where you want to
+ do pointer arithmetic, you want to have assertions about the
+ pointer not going out of bounds, but you don't want to write those
+ assertions yourself.
+
+ This also required refactoring inherits(), since the ValueProfiler may
+ want to do the equivalent of inherits() but given two ClassInfo's.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/PredictedType.cpp: Added.
+ (JSC::predictionToString):
+ (JSC::makePrediction):
+ (JSC::predictionFromValue):
+ * bytecode/PredictedType.h:
+ (JSC::isCellPrediction):
+ (JSC::isObjectPrediction):
+ (JSC::isFinalObjectPrediction):
+ (JSC::isStringPrediction):
+ (JSC::mergePredictions):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::numberOfObjects):
+ (JSC::ValueProfile::numberOfFinalObjects):
+ (JSC::ValueProfile::numberOfStrings):
+ (JSC::ValueProfile::probabilityOfObject):
+ (JSC::ValueProfile::probabilityOfFinalObject):
+ (JSC::ValueProfile::probabilityOfString):
+ (JSC::ValueProfile::dump):
+ (JSC::ValueProfile::Statistics::Statistics):
+ (JSC::ValueProfile::computeStatistics):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateNode):
+ * runtime/ClassInfo.h:
+ (JSC::ClassInfo::isSubClassOf):
+ * runtime/JSObject.h:
+ (JSC::JSCell::inherits):
+ * wtf/BoundsCheckedPointer.h: Added.
+ (WTF::BoundsCheckedPointer::BoundsCheckedPointer):
+ (WTF::BoundsCheckedPointer::operator=):
+ (WTF::BoundsCheckedPointer::operator+=):
+ (WTF::BoundsCheckedPointer::operator-=):
+ (WTF::BoundsCheckedPointer::operator+):
+ (WTF::BoundsCheckedPointer::operator-):
+ (WTF::BoundsCheckedPointer::operator++):
+ (WTF::BoundsCheckedPointer::operator--):
+ (WTF::BoundsCheckedPointer::operator<):
+ (WTF::BoundsCheckedPointer::operator<=):
+ (WTF::BoundsCheckedPointer::operator>):
+ (WTF::BoundsCheckedPointer::operator>=):
+ (WTF::BoundsCheckedPointer::operator==):
+ (WTF::BoundsCheckedPointer::operator!=):
+ (WTF::BoundsCheckedPointer::operator!):
+ (WTF::BoundsCheckedPointer::get):
+ (WTF::BoundsCheckedPointer::operator*):
+ (WTF::BoundsCheckedPointer::operator[]):
+ (WTF::BoundsCheckedPointer::strcat):
+ (WTF::BoundsCheckedPointer::validate):
+ * wtf/CMakeLists.txt:
+
+2011-09-14 Csaba Osztrogonác <ossy@webkit.org>
+
+ [Qt] Win32 builds with threads turned off
+ https://bugs.webkit.org/show_bug.cgi?id=67864
+
+ Reviewed by Geoffrey Garen.
+
+ * JavaScriptCore.pri: Link pthread library on Windows platform.
+ * wtf/Platform.h: Enable multiple threads.
+
+2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (6/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67692
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the sixth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the fifth level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::create):
+ * jsc.cpp:
+ (GlobalObject::create):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::create):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ (JSC::StrictModeTypeErrorFunction::create):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::create):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::finishCreation):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::create):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::create):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::create):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+
+2011-09-13 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE_SVG_USE as <use> is required by HTML5
+ https://bugs.webkit.org/show_bug.cgi?id=68019
+
+ Reviewed by Ryosuke Niwa.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-14 Iain Merrick <husky@google.com>
+
+ HashTraits.h should include template specialization for WTF::String
+ https://bugs.webkit.org/show_bug.cgi?id=67851
+
+ Ensure that the template specialization for HashTraits<String> is always
+ picked up. (Previously it was possible to include HashSet and String but
+ not the correct HashTraits, so you would get an inefficient template
+ instantiation.)
+
+ Reviewed by Darin Adler.
+
+ * wtf/HashTraits.h:
+ * wtf/text/StringHash.h:
+
+2011-09-13 Filip Pizlo <fpizlo@apple.com>
+
+ SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should
+ return false if either node can be double
+ https://bugs.webkit.org/show_bug.cgi?id=67985
+
+ Reviewed by Geoffrey Garen.
+
+ This is a 17% speed-up on 3d-cube.
+
+ This required allowing us to check if a constant is double but not
+ integer, and making the shouldSpeculateInteger() check test for
+ any hints of doubly-ness in its operands. This also required
+ changing some terminology: previously "isDouble" often meant
+ "isDouble or isInt32". Now "isDouble" means exactly what the name
+ suggests, and "isNumber" means "isDouble or isInt32".
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toNumber):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::isJSFormat):
+ (JSC::DFG::isJSInteger):
+ (JSC::DFG::isJSDouble):
+ (JSC::DFG::isJSCell):
+ (JSC::DFG::isJSBoolean):
+ (JSC::DFG::GenerationInfo::isJSFormat):
+ (JSC::DFG::GenerationInfo::isJSInteger):
+ (JSC::DFG::GenerationInfo::isJSDouble):
+ (JSC::DFG::GenerationInfo::isJSCell):
+ (JSC::DFG::GenerationInfo::isJSBoolean):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::isNumberConstant):
+ (JSC::DFG::Graph::valueOfNumberConstant):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ (JSC::DFG::JITCodeGenerator::isKnownCell):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::isNumberConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfNumberConstant):
+ (JSC::DFG::JITCodeGenerator::initConstantInfo):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillToJS):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isNumberConstant):
+ (JSC::DFG::JITCompiler::valueOfNumberConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::isNumberConstant):
+ (JSC::DFG::Node::valueOfNumberConstant):
+ (JSC::DFG::Node::hasNumberResult):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+
+2011-09-13 Anders Carlsson <andersca@apple.com>
+
+ Disable C++ exceptions when building with clang
+ https://bugs.webkit.org/show_bug.cgi?id=68031
+ <rdar://problem/9556880>
+
+ Reviewed by Mark Rowe.
+
+ * Configurations/Base.xcconfig:
+
+2011-09-13 Eric Seidel <eric@webkit.org>
+
+ Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5
+ https://bugs.webkit.org/show_bug.cgi?id=68018
+
+ Reviewed by Ryosuke Niwa.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-09-13 Sam Weinig <sam@webkit.org>
+
+ Object.getPrototypeOf should use JSValue::get()
+ https://bugs.webkit.org/show_bug.cgi?id=67973
+
+ Reviewed by Darin Adler.
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetPrototypeOf):
+ Pipe through JSValue::get() to allow overrides.
+
+2011-09-12 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore does not have baseline->speculative OSR
+ https://bugs.webkit.org/show_bug.cgi?id=67920
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to on-stack-replace (OSR) from code that is
+ running hot in the old JIT to code compiled by the new JIT. This
+ ensures that long-running loops benefit from DFG optimization.
+ It also ensures that if code experiences a speculation failure
+ in DFG code, it has an opportunity to reenter the DFG once every
+ 1,000 loop iterations or so.
+
+ This results in a 2.88x speed-up on Kraken/imaging-desaturate,
+ and is a pure win on the main three benchmark suites (SunSpider,
+ V8, Kraken), when tiered compilation is enabled.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::ProgramCodeBlock::compileOptimized):
+ (JSC::EvalCodeBlock::compileOptimized):
+ (JSC::FunctionCodeBlock::compileOptimized):
+ * bytecode/CodeBlock.h:
+ * bytecode/Opcode.h:
+ * bytecode/PredictedType.h: Added.
+ (JSC::isCellPrediction):
+ (JSC::isArrayPrediction):
+ (JSC::isInt32Prediction):
+ (JSC::isDoublePrediction):
+ (JSC::isNumberPrediction):
+ (JSC::isBooleanPrediction):
+ (JSC::isStrongPrediction):
+ (JSC::predictionToString):
+ (JSC::mergePredictions):
+ (JSC::mergePrediction):
+ (JSC::makePrediction):
+ * bytecode/PredictionTracker.h: Added.
+ (JSC::operandIsArgument):
+ (JSC::PredictionSlot::PredictionSlot):
+ (JSC::PredictionTracker::PredictionTracker):
+ (JSC::PredictionTracker::initializeSimilarTo):
+ (JSC::PredictionTracker::copyLocalsFrom):
+ (JSC::PredictionTracker::numberOfArguments):
+ (JSC::PredictionTracker::numberOfVariables):
+ (JSC::PredictionTracker::argumentOffsetForOperand):
+ (JSC::PredictionTracker::predictArgument):
+ (JSC::PredictionTracker::predict):
+ (JSC::PredictionTracker::predictGlobalVar):
+ (JSC::PredictionTracker::getArgumentPrediction):
+ (JSC::PredictionTracker::getPrediction):
+ (JSC::PredictionTracker::getGlobalVarPrediction):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitLoopHint):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::DoWhileNode::emitBytecode):
+ (JSC::WhileNode::emitBytecode):
+ (JSC::ForNode::emitBytecode):
+ (JSC::ForInNode::emitBytecode):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCapabilities.h:
+ (JSC::DFG::canCompileOpcode):
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::noticeOSREntry):
+ * dfg/DFGNode.h:
+ * dfg/DFGOSREntry.cpp: Added.
+ (JSC::DFG::predictionIsValid):
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGOSREntry.h: Added.
+ (JSC::DFG::prepareOSREntry):
+ * dfg/DFGPredictionTracker.h: Removed.
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::mergeUse):
+ (JSC::DFG::Propagator::mergePrediction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/CompactJITCodeMap.h:
+ (JSC::CompactJITCodeMap::numberOfEntries):
+ (JSC::CompactJITCodeMap::decode):
+ (JSC::CompactJITCodeMap::Decoder::Decoder):
+ (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining):
+ (JSC::CompactJITCodeMap::Decoder::read):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ (JSC::JIT::emitTimeoutCheck):
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ (JSC::JIT::emit_op_loop_hint):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-09-12 Sam Weinig <sam@webkit.org>
+
+ Don't allow setting __proto__ to be a getter or setter
+ https://bugs.webkit.org/show_bug.cgi?id=67982
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ Disallow setting a getter or setter on __proto__.
+
+2011-09-12 James Robinson <jamesr@chromium.org>
+
+ Unreviewed build fix for chromium.
+
+ Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which
+ is currently only compiled in by ports that use JavaScriptCore. This code is currently unreachable in builds so
+ no change in functionality.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::CharAccess::CharAccess):
+
+2011-09-09 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore does not have speculative->baseline OSR
+ https://bugs.webkit.org/show_bug.cgi?id=67826
+
+ Reviewed by Oliver Hunt.
+
+ This adds the ability to bail out of DFG speculative JIT execution by
+ performing an on-stack replacement (OSR) that results in the control
+ flow going to the equivalent code generated by the old JIT.
+
+ This required a number of new features, as well as taking advantage of
+ some features that happened to already be present:
+
+ We already had a policy of storing the bytecode index for which a DFG
+ node was generated inside the DFG::Node class. This was previously
+ called exceptionInfo. It's now renamed to codeOrigin to reflect that
+ it's used for more than just excpetions. OSR uses this to figure out
+ which bytecode index to use to look up the machine code location in
+ the code generated by the old JIT that we should be jumping to.
+
+ CodeBlock now stores a mapping between bytecode indices and machine
+ code offsets for code generated by the old JIT. This is implemented
+ by CompactJITCodeMap, which tries to compress this data a bit. The
+ OSR compiler decodes this and uses it to find the machine code
+ locations it should be jumping to.
+
+ We already had a mechanism that emitted SetLocal nodes in the DFG graph
+ that told us the time at which the old JIT would have stored something
+ into its register file, and the DFG::Node that corresponds to the value
+ that it would have stored. These SetLocal's were mostly dead-code-
+ eliminated, but our DCE leaves the nodes intact except for making them
+ have 0 as the ref count. This allows the OSR compiler to construct a
+ mapping between the state as it would have been seen by the old JIT
+ and the state as the DFG JIT sees it. The OSR compiler uses this to
+ generate code that reshapes the call frame so that it is like what the
+ old JIT would expect.
+
+ Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION)
+ we no longer emit the non-speculative path.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::currentCodeOrigin):
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ * dfg/DFGGPRInfo.h:
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::alive):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ (JSC::DFG::JITCompiler::linkOSRExits):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::CallRecord::CallRecord):
+ (JSC::DFG::JITCompiler::notifyCall):
+ (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
+ (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
+ (JSC::DFG::JITCompiler::addJSCall):
+ (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::CodeOrigin::CodeOrigin):
+ (JSC::DFG::CodeOrigin::isSet):
+ (JSC::DFG::CodeOrigin::bytecodeIndex):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::child1Unchecked):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::ValueSource::dump):
+ (JSC::DFG::ValueRecovery::dump):
+ (JSC::DFG::OSRExit::OSRExit):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileMovHint):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::ValueSource::ValueSource):
+ (JSC::DFG::ValueSource::isSet):
+ (JSC::DFG::ValueSource::nodeIndex):
+ (JSC::DFG::ValueRecovery::ValueRecovery):
+ (JSC::DFG::ValueRecovery::alreadyInRegisterFile):
+ (JSC::DFG::ValueRecovery::inGPR):
+ (JSC::DFG::ValueRecovery::inFPR):
+ (JSC::DFG::ValueRecovery::displacedInRegisterFile):
+ (JSC::DFG::ValueRecovery::constant):
+ (JSC::DFG::ValueRecovery::technique):
+ (JSC::DFG::ValueRecovery::gpr):
+ (JSC::DFG::ValueRecovery::fpr):
+ (JSC::DFG::ValueRecovery::virtualRegister):
+ (JSC::DFG::OSRExit::numberOfRecoveries):
+ (JSC::DFG::OSRExit::valueRecovery):
+ (JSC::DFG::OSRExit::isArgument):
+ (JSC::DFG::OSRExit::argumentForIndex):
+ (JSC::DFG::OSRExit::variableForIndex):
+ (JSC::DFG::OSRExit::operandForIndex):
+ (JSC::DFG::SpeculativeJIT::osrExits):
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+ (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
+ (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
+ (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
+ (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
+ (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ * jit/CompactJITCodeMap.h: Added.
+ (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset):
+ (JSC::BytecodeAndMachineOffset::getBytecodeIndex):
+ (JSC::BytecodeAndMachineOffset::getMachineCodeOffset):
+ (JSC::CompactJITCodeMap::~CompactJITCodeMap):
+ (JSC::CompactJITCodeMap::decode):
+ (JSC::CompactJITCodeMap::CompactJITCodeMap):
+ (JSC::CompactJITCodeMap::at):
+ (JSC::CompactJITCodeMap::decodeNumber):
+ (JSC::CompactJITCodeMap::Encoder::Encoder):
+ (JSC::CompactJITCodeMap::Encoder::~Encoder):
+ (JSC::CompactJITCodeMap::Encoder::append):
+ (JSC::CompactJITCodeMap::Encoder::finish):
+ (JSC::CompactJITCodeMap::Encoder::appendByte):
+ (JSC::CompactJITCodeMap::Encoder::encodeNumber):
+ (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::osrScratchBufferForSize):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::description):
+
+2011-09-12 Geoffrey Garen <ggaren@apple.com>
+
+ Re-enabled ENABLE(LAZY_BLOCK_FREEING).
+
+ Reviewed by Stephanie Lewis.
+
+ I accidentally disabled this in r94890, causing a big performance regression.
+
+ * wtf/Platform.h:
+
+2011-09-12 Michael Saboff <msaboff@apple.com>
+
+ Broken Build for ARM - lshift32() needs TrustedImm32 arg
+ https://bugs.webkit.org/show_bug.cgi?id=67965
+
+ Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1);
+
+ Reviewed by Anders Carlsson.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch16):
+
+2011-09-12 Michael Saboff <msaboff@apple.com>
+
+ Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h
+ https://bugs.webkit.org/show_bug.cgi?id=67961
+
+ Added missing semicolon.
+
+ Reviewed by Ryosuke Niwa.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch16):
+
+2011-09-12 Michael Saboff <msaboff@apple.com>
+
+ Update RegExp and related classes to use 8 bit strings when available
+ https://bugs.webkit.org/show_bug.cgi?id=67337
+
+ Modified both the Yarr interpreter and JIT to handle 8 bit subject strings.
+ The code paths are triggered by the UString::is8bit() method which currently
+ returns false. Implemented JIT changes for all current architectures.
+ Tested X86_64 and ARM v7.
+
+ This includes some code that will likely change as we complete the
+ 8 bit string changes. This includes the way the raw buffer pointers
+ are accessed as well as replacing the CharAccess class with a
+ string interator returned from UString.
+
+ Fixed build breakage in testRegExp.cpp due to globalObject construction
+ changes.
+
+ Reviewed by Gavin Barraclough.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * testRegExp.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::GlobalObject):
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::baseIndexTransfer32):
+ * assembler/ARMAssembler.h:
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ubfx):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load8):
+ (JSC::MacroAssemblerARM::branch8):
+ (JSC::MacroAssemblerARM::branch16):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load8):
+ (JSC::MacroAssemblerARMv7::branch16):
+ (JSC::MacroAssemblerARMv7::branch8):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load8):
+ (JSC::MacroAssemblerMIPS::branch8):
+ (JSC::MacroAssemblerMIPS::branch16):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::load8):
+ (JSC::MacroAssemblerSH4::branch8):
+ (JSC::MacroAssemblerSH4::branch16):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load8):
+ (JSC::MacroAssemblerX86Common::branch16):
+ (JSC::MacroAssemblerX86Common::branch8):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::extub):
+ (JSC::SH4Assembler::printInstr):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::cmpw_ir):
+ (JSC::X86Assembler::movzbl_mr):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::compileIfNecessary):
+ (JSC::RegExp::match):
+ (JSC::RegExp::matchCompareWithInterpreter):
+ * runtime/RegExp.h:
+ * runtime/UString.h:
+ (JSC::UString::is8Bit):
+ * yarr/Yarr.h:
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::CharAccess::CharAccess):
+ (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
+ (JSC::Yarr::Interpreter::CharAccess::operator[]):
+ (JSC::Yarr::Interpreter::InputStream::InputStream):
+ (JSC::Yarr::Interpreter::Interpreter):
+ (JSC::Yarr::interpret):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
+ (JSC::Yarr::YarrGenerator::readCharacter):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
+ (JSC::Yarr::YarrGenerator::YarrGenerator):
+ (JSC::Yarr::YarrGenerator::compile):
+ (JSC::Yarr::jitCompile):
+ (JSC::Yarr::execute):
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::YarrCodeBlock::has8BitCode):
+ (JSC::Yarr::YarrCodeBlock::has16BitCode):
+ (JSC::Yarr::YarrCodeBlock::set8BitCode):
+ (JSC::Yarr::YarrCodeBlock::set16BitCode):
+ (JSC::Yarr::YarrCodeBlock::execute):
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::Parser):
+
+2011-09-12 Andras Becsi <andras.becsi@nokia.com>
+
+ [Qt] Build fails after r94920 with strict compiler
+ https://bugs.webkit.org/show_bug.cgi?id=67928
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/RedBlackTree.h:
+ (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot.
+
+2011-09-12 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed build fix after r94871.
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * wtf/FastMalloc.cpp:
+ * wtf/RefCountedLeakCounter.h:
+
+2011-09-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFGNode.h has macros that indicate the enabling of a feature, but
+ they do not use the ENABLE() idiom.
+ https://bugs.webkit.org/show_bug.cgi?id=67907
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGJITCodeGenerator.cpp:
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::propagateForward):
+ (JSC::DFG::Propagator::propagateBackward):
+ (JSC::DFG::propagate):
+ * dfg/DFGScoreBoard.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-09-11 Fumitoshi Ukai <ukai@chromium.org>
+
+ Unreviewed build fix for chromium/mac & clang.
+
+ Fix the macro redefinition error by r94927, because chromium set
+ ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
+ it is not PLATFORM(QT).
+ ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
+ #define ENABLE_JSC_MULTIPLE_THREADS 1
+ <command line>:43:9: note: previous definition is here
+ #define ENABLE_JSC_MULTIPLE_THREADS 0
+ 1 error generated.
+
+ * wtf/Platform.h:
+
+2011-09-11 Sam Weinig <sam@webkit.org>
+
+ Remove JSCell::isPropertyNameIterator(), it is unused
+ https://bugs.webkit.org/show_bug.cgi?id=67911
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSCell.h:
+ * runtime/JSPropertyNameIterator.h:
+
+2011-09-11 Sam Weinig <sam@webkit.org>
+
+ De-virtualize JSCell::isAPIValueWrapper
+ https://bugs.webkit.org/show_bug.cgi?id=67909
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ Set the correct type on structure creation.
+
+ * runtime/JSCell.h:
+ Remove virtual keyword and default implementation.
+
+ * runtime/JSType.h:
+ Add type for APIValueWrapper. It must come after CompoundType since
+ the APIValueWrapper has children in need of marking.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::isAPIValueWrapper):
+ Implement predicate using type info.
+
+2011-09-10 Sam Weinig <sam@webkit.org>
+
+ De-virtualize JSCell::isGetterSetter, type information is available for it
+ https://bugs.webkit.org/show_bug.cgi?id=67902
+
+ Reviewed by Dan Bernstein.
+
+ * runtime/GetterSetter.cpp:
+ * runtime/GetterSetter.h:
+ Remove override of isGetterSetter.
+
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ De-virtualize and remove silly base implementation.
+
+ * runtime/Structure.h:
+ (JSC::JSCell::isGetterSetter):
+ Use type info to determine getter-setter-hood.
+
+2011-09-09 Oliver Hunt <oliver@apple.com>
+
+ Remove support for anonymous storage from jsobjects
+ https://bugs.webkit.org/show_bug.cgi?id=67881
+
+ Reviewed by Sam Weinig.
+
+ Remove all use of anonymous slots, essentially a mechanical change
+ in JavaScriptCore
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateValue):
+ * heap/MarkStack.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::finishCreation):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::finishCreation):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::createStructure):
+ (JSC::TerminatedExecutionError::createStructure):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::finishCreation):
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSFinalObject::createStructure):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::finishCreation):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExp.h:
+ (JSC::RegExp::createStructure):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::flattenDictionaryStructure):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::get):
+ (JSC::Structure::putSpecificValue):
+ (JSC::Structure::remove):
+ (JSC::Structure::checkConsistency):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-09-11 Jarred Nicholls <jarred@sencha.com>
+
+ [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
+ https://bugs.webkit.org/show_bug.cgi?id=67864
+
+ Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
+
+ Reviewed by Csaba Osztrogonác.
+
+ * wtf/Platform.h:
+
+2011-09-11 Filip Pizlo <fpizlo@apple.com>
+
+ ARM and MIPS assemblers still refer to executable pools.
+ https://bugs.webkit.org/show_bug.cgi?id=67903
+
+ Reviewed by Csaba Osztrogonác.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::executableCopy):
+
+2011-09-08 Filip Pizlo <fpizlo@apple.com>
+
+ The executable allocator makes it difficult to free individual
+ chunks of executable memory
+ https://bugs.webkit.org/show_bug.cgi?id=66363
+
+ Reviewed by Oliver Hunt.
+
+ Introduced a best-fit, balanced-tree based allocator. The allocator
+ required a balanced tree that does not allocate memory and that
+ permits the removal of individual nodes directly (as opposed to by
+ key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
+ Changed all references to executable code to use a reference counted
+ handle.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::executableCopy):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::finalizeCode):
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
+ (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
+ (JSC::MacroAssemblerCodeRef::executableMemory):
+ (JSC::MacroAssemblerCodeRef::code):
+ (JSC::MacroAssemblerCodeRef::size):
+ (JSC::MacroAssemblerCodeRef::operator!):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * bytecode/CodeBlock.h:
+ * bytecode/Instruction.h:
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::tryBuildGetByIDProtoList):
+ (JSC::DFG::tryCachePutByID):
+ * jit/ExecutableAllocator.cpp:
+ (JSC::ExecutableAllocator::initializeAllocator):
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutableAllocator::allocate):
+ (JSC::ExecutableAllocator::committedByteCount):
+ (JSC::ExecutableAllocator::dumpProfile):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::dumpProfile):
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::ExecutableAllocator::initializeAllocator):
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutableAllocator::isValid):
+ (JSC::ExecutableAllocator::underMemoryPressure):
+ (JSC::ExecutableAllocator::allocate):
+ (JSC::ExecutableAllocator::committedByteCount):
+ (JSC::ExecutableAllocator::dumpProfile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::compileCTIMachineTrampolines):
+ (JSC::JIT::compileCTINativeCall):
+ * jit/JITCode.h:
+ (JSC::JITCode::operator !):
+ (JSC::JITCode::addressForCall):
+ (JSC::JITCode::offsetOf):
+ (JSC::JITCode::execute):
+ (JSC::JITCode::start):
+ (JSC::JITCode::size):
+ (JSC::JITCode::getExecutableMemory):
+ (JSC::JITCode::HostFunction):
+ (JSC::JITCode::JITCode):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::JITThunks::ctiStub):
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+ (JSC::SpecializedThunkJIT::finalize):
+ * jit/ThunkGenerators.cpp:
+ (JSC::charCodeAtThunkGenerator):
+ (JSC::charAtThunkGenerator):
+ (JSC::fromCharCodeThunkGenerator):
+ (JSC::sqrtThunkGenerator):
+ (JSC::floorThunkGenerator):
+ (JSC::ceilThunkGenerator):
+ (JSC::roundThunkGenerator):
+ (JSC::expThunkGenerator):
+ (JSC::logThunkGenerator):
+ (JSC::absThunkGenerator):
+ (JSC::powThunkGenerator):
+ * jit/ThunkGenerators.h:
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::dumpSampleData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::getCTIStub):
+ * wtf/CMakeLists.txt:
+ * wtf/MetaAllocator.cpp: Added.
+ (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
+ (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
+ (WTF::MetaAllocatorHandle::shrink):
+ (WTF::MetaAllocator::MetaAllocator):
+ (WTF::MetaAllocator::allocate):
+ (WTF::MetaAllocator::currentStatistics):
+ (WTF::MetaAllocator::findAndRemoveFreeSpace):
+ (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
+ (WTF::MetaAllocator::addFreshFreeSpace):
+ (WTF::MetaAllocator::debugFreeSpaceSize):
+ (WTF::MetaAllocator::addFreeSpace):
+ (WTF::MetaAllocator::incrementPageOccupancy):
+ (WTF::MetaAllocator::decrementPageOccupancy):
+ (WTF::MetaAllocator::roundUp):
+ (WTF::MetaAllocator::allocFreeSpaceNode):
+ (WTF::MetaAllocator::freeFreeSpaceNode):
+ (WTF::MetaAllocator::dumpProfile):
+ * wtf/MetaAllocator.h: Added.
+ (WTF::MetaAllocator::bytesAllocated):
+ (WTF::MetaAllocator::bytesReserved):
+ (WTF::MetaAllocator::bytesCommitted):
+ (WTF::MetaAllocator::dumpProfile):
+ (WTF::MetaAllocator::~MetaAllocator):
+ * wtf/MetaAllocatorHandle.h: Added.
+ * wtf/RedBlackTree.h: Added.
+ (WTF::RedBlackTree::Node::Node):
+ (WTF::RedBlackTree::Node::successor):
+ (WTF::RedBlackTree::Node::predecessor):
+ (WTF::RedBlackTree::Node::reset):
+ (WTF::RedBlackTree::Node::parent):
+ (WTF::RedBlackTree::Node::setParent):
+ (WTF::RedBlackTree::Node::left):
+ (WTF::RedBlackTree::Node::setLeft):
+ (WTF::RedBlackTree::Node::right):
+ (WTF::RedBlackTree::Node::setRight):
+ (WTF::RedBlackTree::Node::color):
+ (WTF::RedBlackTree::Node::setColor):
+ (WTF::RedBlackTree::RedBlackTree):
+ (WTF::RedBlackTree::insert):
+ (WTF::RedBlackTree::remove):
+ (WTF::RedBlackTree::findExact):
+ (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
+ (WTF::RedBlackTree::findGreatestLessThanOrEqual):
+ (WTF::RedBlackTree::first):
+ (WTF::RedBlackTree::last):
+ (WTF::RedBlackTree::size):
+ (WTF::RedBlackTree::isEmpty):
+ (WTF::RedBlackTree::treeMinimum):
+ (WTF::RedBlackTree::treeMaximum):
+ (WTF::RedBlackTree::treeInsert):
+ (WTF::RedBlackTree::leftRotate):
+ (WTF::RedBlackTree::rightRotate):
+ (WTF::RedBlackTree::removeFixup):
+ * wtf/wtf.pri:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+ * yarr/YarrJIT.h:
+ (JSC::Yarr::YarrCodeBlock::execute):
+ (JSC::Yarr::YarrCodeBlock::getAddr):
+
+2011-09-10 Sam Weinig <sam@webkit.org>
+
+ Remove JSC::isZombie() function, it did nothing and was called by no-one.
+ https://bugs.webkit.org/show_bug.cgi?id=67901
+
+ Reviewed by Andy Estes.
+
+ * JavaScriptCore.exp:
+ * runtime/JSCell.cpp:
+ * runtime/JSValue.h:
+
+2011-09-10 Sam Weinig <sam@webkit.org>
+
+ Add isInterruptedExecutionException and isTerminatedExecutionException predicates
+ https://bugs.webkit.org/show_bug.cgi?id=67892
+
+ Reviewed by Andy "First Time Reviewer" Estes.
+
+ * JavaScriptCore.exp:
+ Add symbols.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ Use new predicates.
+
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::createInterruptedExecutionException):
+ (JSC::isInterruptedExecutionException):
+ (JSC::createTerminatedExecutionException):
+ (JSC::isTerminatedExecutionException):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ Add predicates.
+
+2011-09-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT completely undoes speculative compilation even in the case of
+ a partial static speculation failure
+ https://bugs.webkit.org/show_bug.cgi?id=67798
+
+ Reviewed by Geoffrey Garen.
+
+ This is a regression with static speculation, so it is turned off by
+ default. But it is a necessary prerequisite for further work on
+ dynamic speculation.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+
+2011-09-09 Chris Marrin <cmarrin@apple.com>
+
+ requestAnimationFrame doesn't throttle on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=67171
+
+ Reviewed by Simon Fraser.
+
+ Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
+ requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
+ Currently only enabled for PLATFORM(MAC)
+
+ * wtf/Platform.h:
+
+2011-09-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Removed ENABLE(SINGLE_THREADED) support, since it is always false
+ https://bugs.webkit.org/show_bug.cgi?id=67862
+
+ Next step toward making the baseline platform assumption that threads exist.
+
+ * wtf/wtf.pri:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
+ ThreadingNone.cpp, which was only compiled in single-threaded mode.
+
+ * wtf/Platform.h:
+ * wtf/ThreadSpecific.h:
+ (WTF::::destroy):
+ * wtf/qt/ThreadingQt.cpp: Removed now-dead code.
+
+ * wtf/ThreadingNone.cpp: Removed.
+
+2011-09-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (5/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67420
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the fifth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ (JSC::JSCallbackFunction::finishCreation):
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ (JSC::::finishCreation):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::finishCreation):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ (JSC::BooleanConstructor::finishCreation):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::finishCreation):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::finishCreation):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ (JSC::DatePrototype::finishCreation):
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ (JSC::ErrorConstructor::finishCreation):
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ (JSC::FunctionConstructor::finishCreation):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ (JSC::FunctionPrototype::finishCreation):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::JSGlobalObject):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::finishCreation):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::finishCreation):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ (JSC::NumberConstructor::finishCreation):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::finishCreation):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ (JSC::ObjectConstructor::finishCreation):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpConstructor::finishCreation):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::finishCreation):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ (JSC::StringPrototype::finishCreation):
+ * runtime/StringPrototype.h:
+
+2011-09-09 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Guard against double-#define for something already #defined
+ by the build system.
+
+ * wtf/Platform.h:
+
+2011-09-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
+ !ENABLE_WTF_MULTIPLE_THREADS
+ https://bugs.webkit.org/show_bug.cgi?id=67860
+
+ First step toward making the baseline platform assumption that threads
+ exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
+ or !ENABLE_WTF_MULTIPLE_THREADS.
+
+ * wtf/Platform.h:
+
+2011-09-09 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ [Qt] Remove common.pri
+ https://bugs.webkit.org/show_bug.cgi?id=67814
+
+ Reviewed by Andreas Kling.
+
+ * JavaScriptCore.pri:
+
+2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ REGRESSION(r94811): Assertion failure in 2 worker tests
+ https://bugs.webkit.org/show_bug.cgi?id=67829
+
+ Reviewed by Sam Weinig.
+
+ Fixing a couple tests that were broken due to the wrong values being
+ set in the parent class pointers in the ClassInfo structs for
+ TerminatedExecutionError and InterruptedExecutionError.
+
+ * runtime/ExceptionHelpers.cpp:
+
+2011-09-08 Oliver Hunt <oliver@apple.com>
+
+ Use bump allocator for initial property storage
+ https://bugs.webkit.org/show_bug.cgi?id=67494
+
+ Reviewed by Geoffrey Garen.
+
+ Use a bump allocator for initial allocation of property storage,
+ and promote to fastMalloc memory only if it survives a GC pass.
+
+ Comes out as a 1% win on v8, and is a useful step on the way to
+ GC allocation of all property storage.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (JSC::Heap::allocatePropertyStorage):
+ (JSC::Heap::inPropertyStorageNursery):
+ * heap/MarkedBlock.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::resetPropertyStorageNursery):
+ (JSC::NewSpace::allocatePropertyStorage):
+ (JSC::NewSpace::inPropertyStorageNursery):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::isUsingInlineStorage):
+ (JSC::JSObject::JSObject):
+ (JSC::JSObject::propertyStorage):
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect):
+ * runtime/StorageBarrier.h: Added.
+ (JSC::StorageBarrier::StorageBarrier):
+ (JSC::StorageBarrier::set):
+ (JSC::StorageBarrier::operator->):
+ (JSC::StorageBarrier::operator*):
+ (JSC::StorageBarrier::operator[]):
+ (JSC::StorageBarrier::get):
+
+2011-09-08 Sam Weinig <sam@webkit.org>
+
+ Remove the Completion object from JSC, I have never liked it
+ https://bugs.webkit.org/show_bug.cgi?id=67755
+
+ Reviewed by Gavin Barraclough.
+
+ - Removes the Completion object and replaces its use with out parameter exceptions.
+ - Remove ComplType and virtual exceptionType() function on JSObject. Replace with
+ ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
+
+ * API/JSBase.cpp:
+ (JSEvaluateScript):
+ (JSCheckScriptSyntax):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::throwException):
+ * jsc.cpp:
+ (functionLoad):
+ (functionCheckSyntax):
+ (runWithScripts):
+ (runInteractive):
+ * runtime/Completion.cpp:
+ (JSC::checkSyntax):
+ (JSC::evaluate):
+ * runtime/Completion.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::toString):
+ (JSC::TerminatedExecutionError::toString):
+ (JSC::createInterruptedExecutionException):
+ * runtime/ExceptionHelpers.h:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::InterruptedExecutionError::create):
+ (JSC::InterruptedExecutionError::createStructure):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ (JSC::TerminatedExecutionError::create):
+ (JSC::TerminatedExecutionError::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSObject.h:
+
+2011-09-08 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix.
+
+ * dfg/DFGCapabilities.cpp:
+
+2011-09-08 Filip Pizlo <fpizlo@apple.com>
+
+ Value profling and execution count profiling is performed even for
+ code that cannot be optimized
+ https://bugs.webkit.org/show_bug.cgi?id=67694
+
+ Reviewed by Gavin Barraclough.
+
+ This is a 2% speed-up on V8 when tiered compilation is enabled.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::ProgramCodeBlock::canCompileWithDFG):
+ (JSC::EvalCodeBlock::canCompileWithDFG):
+ (JSC::FunctionCodeBlock::canCompileWithDFG):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGCapabilities.cpp: Added.
+ (JSC::DFG::canCompileOpcodes):
+ * dfg/DFGCapabilities.h: Added.
+ (JSC::DFG::mightCompileEval):
+ (JSC::DFG::mightCompileProgram):
+ (JSC::DFG::mightCompileFunctionForCall):
+ (JSC::DFG::mightCompileFunctionForConstruct):
+ (JSC::DFG::canCompileOpcode):
+ (JSC::DFG::canCompileEval):
+ (JSC::DFG::canCompileProgram):
+ (JSC::DFG::canCompileFunctionForCall):
+ (JSC::DFG::canCompileFunctionForConstruct):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::shouldEmitProfiling):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+
+2011-09-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
+ https://bugs.webkit.org/show_bug.cgi?id=67840
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+
+2011-09-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=67771
+
+ Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
+ and patchOffsetGetByIdSlowCaseCall
+ and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JIT.h:
+ * wtf/dtoa/utils.h:
+
+2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove getUInt32 from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=67691
+
+ Reviewed by Oliver Hunt.
+
+ We don't use JSCell::getUInt32 anymore, so it has been removed.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+
+2011-09-07 Filip Pizlo <fpizlo@apple.com>
+
+ PPC build fix.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+
+2011-09-07 Oliver Hunt <oliver@apple.com>
+
+ Release mode build fix.
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+
+2011-09-06 Oliver Hunt <oliver@apple.com>
+
+ Remove JSObjectWithGlobalObject
+ https://bugs.webkit.org/show_bug.cgi?id=67689
+
+ Reviewed by Geoff Garen.
+
+ Remove JSObjectWithGlobalObject, and update code to stop using anonymous
+ storage to access the global object that a JSObject comes from. Largely
+ mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ (JSC::JSCallbackConstructor::finishCreation):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.cpp:
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ (JSC::::finishCreation):
+ (JSC::::staticFunctionGetter):
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/JSObjectRef.cpp:
+ (JSObjectMake):
+ (JSObjectGetPrivate):
+ (JSObjectSetPrivate):
+ (JSObjectGetPrivateProperty):
+ (JSObjectSetPrivateProperty):
+ (JSObjectDeletePrivateProperty):
+ * API/JSValueRef.cpp:
+ (JSValueIsObjectOfClass):
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+ (JSC::DFG::tryCacheGetMethod):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateJSFunction):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/DatePrototype.cpp:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ (JSC::InternalFunction::finishCreation):
+ * runtime/InternalFunction.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::finishCreation):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ (JSC::JSONObject::finishCreation):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.h:
+ (JSC::JSObject::globalObject):
+ * runtime/JSObjectWithGlobalObject.cpp: Removed.
+ * runtime/JSObjectWithGlobalObject.h: Removed.
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::isValidCallee):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ (JSC::MathObject::finishCreation):
+ * runtime/MathObject.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ (JSC::RegExpObject::finishCreation):
+ * runtime/RegExpObject.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::globalObject):
+
+2011-09-07 Gavin Barraclough <barraclough@apple.com>
+
+ Refactor JIT checks for ObjectType into helper functions.
+
+ Rubber stamped by Sam Weinig.
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::branchIfNotObject):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.h:
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfNotObject):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_create_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_create_this):
+
+2011-09-07 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r94627 and r94632.
+ http://trac.webkit.org/changeset/94627
+ http://trac.webkit.org/changeset/94632
+ https://bugs.webkit.org/show_bug.cgi?id=67698
+
+ It broke tests on GTK and Qt (Requested by Ossy on #webkit).
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ * API/JSCallbackFunction.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::create):
+ * debugger/DebuggerActivation.h:
+ * jsc.cpp:
+ (GlobalObject::constructorBody):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::JSGlobalObject):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::constructorBody):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+
+2011-09-06 Xianzhu Wang <wangxianzhu@chromium.org>
+
+ Replace usages of Vector<UChar> with existing StringBuilder
+ https://bugs.webkit.org/show_bug.cgi?id=67079
+
+ Reviewed by Gavin Barraclough.
+
+ This is part of work to support 8-bit string buffers.
+ Adds StringBuilder::characters() because the original Vector<UChar>::data()
+ is widely used.
+ Sets the minimum size of buffer to 16 to prevent possible performance
+ regression. Further performance investigation should be done in
+ https://bugs.webkit.org/show_bug.cgi?id=67084.
+
+ * wtf/Forward.h:
+ * wtf/text/StringBuilder.cpp:
+ (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::operator[]):
+ (WTF::StringBuilder::characters): Added.
+
+2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix broken snow leopard build
+ https://bugs.webkit.org/show_bug.cgi?id=67693
+
+ Reviewed by Daniel Bates.
+
+ Removed unnecessary symbol export.
+
+ * JavaScriptCore.exp:
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize booleans
+ https://bugs.webkit.org/show_bug.cgi?id=67670
+
+ Reviewed by Gavin Barraclough.
+
+ This adds boolean value profiling, boolean prediction in the DFG,
+ boolean forward flow propagation in the DFGPropagator, boolean
+ data format in DFG generation info, and comprehensive optimizations
+ based on both boolean prediction and boolean generation info.
+ This is brings the speed-up on v8-richards to 12%, and gives slight
+ speed-ups elsewhere as well.
+
+ Making this work right required navigating some subtleties in
+ value profiling. Some functions get compiled with insufficient
+ information because some important path of the function never
+ executed. In these cases, we wish to fall back on static
+ speculation. But to do so, we need to ensure that predictions that
+ are inherent in the code (like that GetById almost certainly takes
+ a cell operand) are reflected in predictions that we make in
+ DFGPropagator. Thus, DFGPropagator now does both backward and
+ forward flow, using a both forward and backward fixpoint.
+
+ The backward flow in DFGPropagator is a separate static analysis,
+ and needs to keep a set of backward flow abstract values for
+ variables, arguments, and globals. To make this easy, this patch
+ factors out DFGGraph's prediction tracking capability into
+ DFGPredictionTracker, which now gets used by both DFGGraph (for
+ forward flow predictions) and DFGPropagator (for backward flow
+ predictions). Backward flow predictions eventually get merged
+ into forward flow ones, but the two are not equivalent: a forward
+ flow prediction is a superset of the backward flow prediction.
+
+ Debugging these prediction issues required a better understanding
+ of where we fail speculation, and what our value predictions look
+ like. This patch also adds optional verbose speculation failure
+ (so an informative printf fires whenever speculation failure occurs)
+ and slight improvements to the verbosity in other places.
+
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::numberOfBooleans):
+ (JSC::ValueProfile::probabilityOfBoolean):
+ (JSC::ValueProfile::dump):
+ (JSC::ValueProfile::computeStatistics):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::stronglyPredict):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::dataFormatToString):
+ (JSC::DFG::needDataFormatConversion):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::Graph):
+ (JSC::DFG::Graph::predictions):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::getPrediction):
+ (JSC::DFG::Graph::getGlobalVarPrediction):
+ (JSC::DFG::Graph::isBooleanConstant):
+ (JSC::DFG::Graph::valueOfBooleanConstant):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownBoolean):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ (JSC::DFG::JITCodeGenerator::speculationCheck):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isBooleanConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::debugCall):
+ (JSC::DFG::JITCompiler::isBooleanConstant):
+ (JSC::DFG::JITCompiler::valueOfBooleanConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isBooleanPrediction):
+ (JSC::DFG::predictionToString):
+ (JSC::DFG::mergePredictions):
+ (JSC::DFG::makePrediction):
+ (JSC::DFG::Node::isBooleanConstant):
+ (JSC::DFG::Node::valueOfBooleanConstant):
+ (JSC::DFG::Node::hasBooleanResult):
+ (JSC::DFG::Node::hasNumericResult):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGPredictionTracker.h: Added.
+ (JSC::DFG::operandIsArgument):
+ (JSC::DFG::PredictionSlot::PredictionSlot):
+ (JSC::DFG::PredictionTracker::PredictionTracker):
+ (JSC::DFG::PredictionTracker::initializeSimilarTo):
+ (JSC::DFG::PredictionTracker::numberOfArguments):
+ (JSC::DFG::PredictionTracker::numberOfVariables):
+ (JSC::DFG::PredictionTracker::argumentOffsetForOperand):
+ (JSC::DFG::PredictionTracker::predictArgument):
+ (JSC::DFG::PredictionTracker::predict):
+ (JSC::DFG::PredictionTracker::predictGlobalVar):
+ (JSC::DFG::PredictionTracker::getArgumentPrediction):
+ (JSC::DFG::PredictionTracker::getPrediction):
+ (JSC::DFG::PredictionTracker::getGlobalVarPrediction):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::setPrediction):
+ (JSC::DFG::Propagator::mergeUse):
+ (JSC::DFG::Propagator::mergePrediction):
+ (JSC::DFG::Propagator::propagateNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
+ (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
+ (JSC::DFG::SpeculateBooleanOperand::index):
+ (JSC::DFG::SpeculateBooleanOperand::gpr):
+ (JSC::DFG::SpeculateBooleanOperand::use):
+ * runtime/JSGlobalData.h:
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::description):
+
+2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (5/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67420
+
+ Reviewed by Geoffrey Garen.
+
+ Completed the fifth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.cpp:
+ (JSC::JSCallbackFunction::JSCallbackFunction):
+ (JSC::JSCallbackFunction::finishCreation):
+ * API/JSCallbackFunction.h:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (GlobalObject::GlobalObject):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::finishCreation):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ (JSC::BooleanConstructor::finishCreation):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::finishCreation):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::finishCreation):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ (JSC::DatePrototype::finishCreation):
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ (JSC::ErrorConstructor::finishCreation):
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ (JSC::FunctionConstructor::finishCreation):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ (JSC::FunctionPrototype::finishCreation):
+ * runtime/FunctionPrototype.h:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ (JSC::JSGlobalObject::JSGlobalObject):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::finishCreation):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::finishCreation):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ (JSC::NumberConstructor::finishCreation):
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::finishCreation):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ (JSC::ObjectConstructor::finishCreation):
+ * runtime/ObjectConstructor.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpConstructor::finishCreation):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::finishCreation):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ (JSC::StringPrototype::finishCreation):
+ * runtime/StringPrototype.h:
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ Accessibility tests crashing in BasicRawSentinelNode code
+ https://bugs.webkit.org/show_bug.cgi?id=67682
+
+ Reviewed by Geoffrey Garen.
+
+ A CodeBlock should ensure that no other CodeBlocks have references to it after
+ it is destroyed.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+
+2011-09-06 Yong Li <yoli@rim.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=67486
+ This reverts r65993 which gives wrong results for rshift
+ in some corner cases (see the test).
+
+ Reviewed by Gavin Barraclough.
+
+ New test: fast/js/floating-point-truncate-rshift.html
+
+ * assembler/ARMAssembler.h:
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+ (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ Unreviewed build fix for r94559.
+
+ Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
+ new out-of-line JIT-specific method definitions with !ENABLE(JIT).
+
+ * bytecode/CodeBlock.cpp:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+
+2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix broken PPC build due to new dtoa library
+ https://bugs.webkit.org/show_bug.cgi?id=67654
+
+ Reviewed by Dan Bernstein.
+
+ Added condition for PPC in the new dtoa compatibility check so that
+ building won't fail.
+
+ * wtf/dtoa/utils.h:
+
+2011-09-05 Oliver Hunt <oliver@apple.com>
+
+ An object's structure should reference the global object responsible for its creation
+ https://bugs.webkit.org/show_bug.cgi?id=67624
+
+ Reviewed by Gavin Barraclough.
+
+ Add a reference to a GlobalObject to Structure, and update all calls to
+ Structure::create() to pass the global object that is the origin for that
+ structure. For objects where the appropriate global object isn't available
+ at construction time (global object prototypes, etc), or objects that
+ logically don't have a global object (strings, etc) we just pass null.
+
+ This change is largely mechanical (passing a new globalObject parameter
+ around).
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSByteArray.h:
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::finishCreation):
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::createInheritorID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSFinalObject::createStructure):
+ (JSC::createEmptyObjectStructure):
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::createStructure):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExp.h:
+ (JSC::RegExp::createStructure):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::globalObject):
+ (JSC::Structure::setGlobalObject):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-09-06 Michael Saboff <msaboff@apple.com>
+
+ Add windows changes for JSC:RegExp functional tests
+ https://bugs.webkit.org/show_bug.cgi?id=67521
+
+ Windows build changes for regular expression functional test.
+
+ Rubber-stamped by Gavin Barraclough.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/testRegExp: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
+
+2011-09-06 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore does not have tiered compilation
+ https://bugs.webkit.org/show_bug.cgi?id=67176
+
+ Reviewed by Gavin Barraclough.
+
+ This adds the ability to have multiple CodeBlocks associated with
+ a particular role in an Executable. These are stored in
+ descending order of compiler tier. CodeBlocks are optimized when
+ a counter (m_executeCounter) that is incremented in loops and
+ epilogues becomes positive. Optimizing means that all calls to
+ the old CodeBlock are unlinked.
+
+ The DFG can now pull in predictions from ValueProfiles, and
+ propagate them along the graph. To support the new phase while
+ maintaing some level of abstraction, a DFGDriver was introduced
+ that encapsulates how to run the DFG compiler.
+
+ This is turned off by default because it's not yet a performance
+ win on all benchmarks. It speeds up crypto and richards by
+ 10% and 6% respectively, but still does not do as good of a job
+ as it could. Notably, the DFG backend has not changed, and
+ is largely oblivious to the new information being made available
+ to it.
+
+ When turned off (the default), this patch is performance neutral.
+
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::branchAdd32):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::branchAdd32):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CallLinkInfo::unlink):
+ (JSC::CodeBlock::unlinkCalls):
+ (JSC::CodeBlock::unlinkIncomingCalls):
+ (JSC::CodeBlock::clearEvalCache):
+ (JSC::replaceExistingEntries):
+ (JSC::CodeBlock::copyDataFromAlternative):
+ (JSC::ProgramCodeBlock::replacement):
+ (JSC::EvalCodeBlock::replacement):
+ (JSC::FunctionCodeBlock::replacement):
+ (JSC::ProgramCodeBlock::compileOptimized):
+ (JSC::EvalCodeBlock::compileOptimized):
+ (JSC::FunctionCodeBlock::compileOptimized):
+ * bytecode/CodeBlock.h:
+ (JSC::GlobalCodeBlock::GlobalCodeBlock):
+ (JSC::ProgramCodeBlock::ProgramCodeBlock):
+ (JSC::EvalCodeBlock::EvalCodeBlock):
+ (JSC::FunctionCodeBlock::FunctionCodeBlock):
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::dump):
+ (JSC::ValueProfile::computeStatistics):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * bytecompiler/BytecodeGenerator.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::dynamicallyPredict):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::parse):
+ * dfg/DFGDriver.cpp: Added.
+ (JSC::DFG::compile):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGDriver.h: Added.
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::isConstant):
+ (JSC::DFG::Graph::isJSConstant):
+ (JSC::DFG::Graph::isInt32Constant):
+ (JSC::DFG::Graph::isDoubleConstant):
+ (JSC::DFG::Graph::valueOfJSConstant):
+ (JSC::DFG::Graph::valueOfInt32Constant):
+ (JSC::DFG::Graph::valueOfDoubleConstant):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isConstant):
+ (JSC::DFG::JITCompiler::isJSConstant):
+ (JSC::DFG::JITCompiler::isInt32Constant):
+ (JSC::DFG::JITCompiler::isDoubleConstant):
+ (JSC::DFG::JITCompiler::valueOfJSConstant):
+ (JSC::DFG::JITCompiler::valueOfInt32Constant):
+ (JSC::DFG::JITCompiler::valueOfDoubleConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isCellPrediction):
+ (JSC::DFG::isNumberPrediction):
+ (JSC::DFG::predictionToString):
+ (JSC::DFG::mergePrediction):
+ (JSC::DFG::makePrediction):
+ (JSC::DFG::Node::valueOfJSConstant):
+ (JSC::DFG::Node::isInt32Constant):
+ (JSC::DFG::Node::isDoubleConstant):
+ (JSC::DFG::Node::valueOfInt32Constant):
+ (JSC::DFG::Node::valueOfDoubleConstant):
+ (JSC::DFG::Node::predict):
+ * dfg/DFGPropagation.cpp: Added.
+ (JSC::DFG::Propagator::Propagator):
+ (JSC::DFG::Propagator::fixpoint):
+ (JSC::DFG::Propagator::setPrediction):
+ (JSC::DFG::Propagator::mergePrediction):
+ (JSC::DFG::Propagator::propagateNode):
+ (JSC::DFG::Propagator::propagateForward):
+ (JSC::DFG::Propagator::propagateBackward):
+ (JSC::DFG::propagate):
+ * dfg/DFGPropagation.h: Added.
+ (JSC::DFG::propagate):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::Node::Node):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitOptimizationCheck):
+ (JSC::JIT::emitTimeoutCheck):
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkFor):
+ * jit/JIT.h:
+ (JSC::JIT::emitOptimizationCheck):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITCode.h:
+ (JSC::JITCode::JITCode):
+ (JSC::JITCode::bottomTierJIT):
+ (JSC::JITCode::topTierJIT):
+ (JSC::JITCode::nextTierJIT):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileOptimized):
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileOptimized):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileOptimizedForCall):
+ (JSC::FunctionExecutable::compileOptimizedForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::compile):
+ (JSC::ProgramExecutable::compile):
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+ * wtf/Platform.h:
+ * wtf/SentinelLinkedList.h:
+ (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
+ (WTF::BasicRawSentinelNode::setPrev):
+ (WTF::BasicRawSentinelNode::setNext):
+ (WTF::BasicRawSentinelNode::prev):
+ (WTF::BasicRawSentinelNode::next):
+ (WTF::BasicRawSentinelNode::isOnList):
+ (WTF::::remove):
+ (WTF::::SentinelLinkedList):
+ (WTF::::begin):
+ (WTF::::end):
+ (WTF::::push):
+
+2011-09-05 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r94445 and r94448.
+ http://trac.webkit.org/changeset/94445
+ http://trac.webkit.org/changeset/94448
+ https://bugs.webkit.org/show_bug.cgi?id=67595
+
+ It broke everything (Requested by ossy on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect):
+
+2011-09-05 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed build fix for r94452.
+
+ Add config.h as the first header to the cc files as required by the coding style.
+ Reuse macros from Assertions.h instead of adding addional #ifdefs.
+
+ * wtf/dtoa/bignum-dtoa.cc:
+ * wtf/dtoa/bignum.cc:
+ * wtf/dtoa/cached-powers.cc:
+ * wtf/dtoa/diy-fp.cc:
+ * wtf/dtoa/double-conversion.cc:
+ * wtf/dtoa/fast-dtoa.cc:
+ * wtf/dtoa/fixed-dtoa.cc:
+ * wtf/dtoa/strtod.cc:
+ * wtf/dtoa/utils.h:
+
+2011-09-05 Andras Becsi <andras.becsi@nokia.com>
+
+ [Qt][WK2] Fix the build
+
+ Rubber-stamped by Csaba Osztrogonác.
+
+ * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
+ The variable fractional_part is only set but never used.
+
+2011-09-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
+ https://bugs.webkit.org/show_bug.cgi?id=67562
+
+ Reviewed by Darin Adler.
+
+ Fixing the build (again which was broken by the dtoa patch. Needed
+ to make sure WTF::double_conversion::initialize() is called for Qt
+ as well as adding a check for WinCE in dtoa/utils.h
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * wtf/dtoa/cached-powers.cc:
+ * wtf/dtoa/utils.h:
+
+2011-09-03 Filip Pizlo <fpizlo@apple.com>
+
+ ThunkGenerators does not convert positive double zero into integer zero
+ https://bugs.webkit.org/show_bug.cgi?id=67553
+
+ Reviewed by Gavin Barraclough.
+
+ This is an 0.5% speed-up on V8 and neutral elsewhere.
+
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnDouble):
+
+2011-09-03 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
+
+ * wscript:
+
+2011-09-03 Filip Pizlo <fpizlo@apple.com>
+
+ DFG variable predictions only work for local variables, not temporaries
+ https://bugs.webkit.org/show_bug.cgi?id=67554
+
+ Reviewed by Gavin Barraclough.
+
+ This appears to be a slight speed-up in Kraken (0.3% but significant)
+ and neutral elsewhere.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+
+2011-09-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure does recovery of additions in reverse and
+ doesn't rebox
+ https://bugs.webkit.org/show_bug.cgi?id=67551
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-09-02 Filip Pizlo <fpizlo@apple.com>
+
+ ValueProfile does not make it safe to introspect cell values
+ after garbage collection
+ https://bugs.webkit.org/show_bug.cgi?id=67354
+
+ Reviewed by Gavin Barraclough.
+
+ ValueProfile buckets are now weak references, implemented using a
+ light-weight weak reference mechanism that this patch also adds (the
+ WeakReferenceHarvester). If a cell stored in a ValueProfile bucket
+ is not marked, then the bucket is transformed into a Structure
+ pointer. If the Structure is not marked either, then it is turned
+ into a ClassInfo pointer.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::visitAggregate):
+ (JSC::CodeBlock::visitWeakReferences):
+ * bytecode/CodeBlock.h:
+ * bytecode/ValueProfile.h:
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::classInfo):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfCells):
+ (JSC::ValueProfile::numberOfArrays):
+ (JSC::ValueProfile::probabilityOfArray):
+ (JSC::ValueProfile::WeakBucket::WeakBucket):
+ (JSC::ValueProfile::WeakBucket::operator!):
+ (JSC::ValueProfile::WeakBucket::isEmpty):
+ (JSC::ValueProfile::WeakBucket::isClassInfo):
+ (JSC::ValueProfile::WeakBucket::isStructure):
+ (JSC::ValueProfile::WeakBucket::asStructure):
+ (JSC::ValueProfile::WeakBucket::asClassInfo):
+ (JSC::ValueProfile::WeakBucket::getClassInfo):
+ * heap/Heap.cpp:
+ (JSC::Heap::harvestWeakReferences):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::drain):
+ (JSC::SlotVisitor::harvestWeakReferences):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::addWeakReferenceHarvester):
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::appendUnbarrieredPointer):
+ * heap/SlotVisitor.h:
+ * heap/WeakReferenceHarvester.h: Added.
+ (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
+ (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
+
+2011-09-02 Michael Saboff <msaboff@apple.com>
+
+ Replace local implementation of string equals() methods with UString versions
+ https://bugs.webkit.org/show_bug.cgi?id=67342
+
+ In preparation to allowing StringImpl to be backed by 8 bit
+ characters when appropriate, we need to eliminate or change the
+ usage of StringImpl::characters(). Change the uses of characters()
+ that are used to implement redundant equals() methods.
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::equal):
+ * runtime/Identifier.h:
+ (JSC::Identifier::equal):
+ * wtf/text/AtomicString.cpp:
+ (WTF::CStringTranslator::equal): Moved an optimized method to here.
+ (WTF::operator==):
+ * wtf/text/StringImpl.cpp:
+ (WTF::equal):
+ * wtf/text/StringImpl.h:
+
+2011-09-02 Michael Saboff <msaboff@apple.com>
+
+ Add JSC:RegExp functional tests
+ https://bugs.webkit.org/show_bug.cgi?id=67339
+
+ Added new test driver program (testRegExp) and corresponding data file
+ along with build scripts changes.
+
+ Reviewed by Gavin Barraclough.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * testRegExp.cpp: Added.
+ (Options::Options):
+ (StopWatch::start):
+ (StopWatch::stop):
+ (StopWatch::getElapsedMS):
+ (RegExpTest::RegExpTest):
+ (GlobalObject::create):
+ (GlobalObject::className):
+ (GlobalObject::GlobalObject):
+ (main):
+ (cleanupGlobalData):
+ (testOneRegExp):
+ (scanString):
+ (parseRegExpLine):
+ (parseTestLine):
+ (runFromFiles):
+ (printUsageStatement):
+ (parseArguments):
+ (realMain):
+ * tests/regexp: Added.
+ * tests/regexp/RegExpTest.data: Added.
+
+2011-09-02 Michael Saboff <msaboff@apple.com>
+
+ Add JSC:RegExp functional test data generator
+ https://bugs.webkit.org/show_bug.cgi?id=67519
+
+ Add a data generator for regular expressions. To enable, change the
+ #undef REGEXP_FUNC_TEST_DATA_GEN to #define. Then compile and use
+ regular expressions. The resulting data will be in /tmp/RegExpTestsData.
+
+ Reviewed by Gavin Barraclough.
+
+ * runtime/RegExp.cpp:
+ (JSC::regExpFlags):
+ (JSC::RegExpFunctionalTestCollector::clearRegExp):
+ (JSC::RegExpFunctionalTestCollector::get):
+ (JSC::RegExpFunctionalTestCollector::outputOneTest):
+ (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
+ (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
+ (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
+ (JSC::RegExp::~RegExp):
+ (JSC::RegExp::compile):
+ (JSC::RegExp::match):
+ (JSC::RegExp::matchCompareWithInterpreter):
+
+2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fix the broken build due to dtoa patch
+ https://bugs.webkit.org/show_bug.cgi?id=67534
+
+ Reviewed by Oliver Hunt.
+
+ Fixing the build.
+
+ * GNUmakefile.list.am:
+ * wtf/dtoa/bignum.cc:
+ * wtf/dtoa/fast-dtoa.cc:
+ * wtf/dtoa/utils.h:
+
+2011-09-02 Oliver Hunt <oliver@apple.com>
+
+ Remove OldSpace classes
+ https://bugs.webkit.org/show_bug.cgi?id=67533
+
+ Reviewed by Gavin Barraclough.
+
+ Remove the unused OldSpace classes
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::writeBarrierSlowCase):
+ * heap/MarkedBlock.h:
+ * heap/OldSpace.cpp: Removed.
+ * heap/OldSpace.h: Removed.
+
+2011-09-02 James Robinson <jamesr@chromium.org>
+
+ Compile fix for mac build.
+
+ * wtf/CheckedArithmetic.h:
+ (WTF::operator+):
+ (WTF::operator-):
+ (WTF::operator*):
+
+2011-08-30 Matthew Delaney <mdelaney@apple.com>
+
+ Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
+ https://bugs.webkit.org/show_bug.cgi?id=65352
+
+ Reviewed by Simon Fraser.
+
+ New test: fast/canvas/canvas-getImageData-large-crash.html
+
+ This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
+ calls that specify widths and heights that end up overflowing the ints that we store those values in
+ as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
+ arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
+ is just to add a new helper method described below.
+
+ * wtf/MathExtras.h:
+ (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
+
+2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Incorporate newer, faster dtoa library
+ https://bugs.webkit.org/show_bug.cgi?id=66346
+
+ Reviewed by Oliver Hunt.
+
+ Added new dtoa library at http://code.google.com/p/double-conversion/.
+ Replaced old call to dtoa. The new library is much faster than the old one.
+ We still use the old dtoa for some stuff in WebCore as well as the old strtod,
+ but we can phase these out eventually as well.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/InitializeThreading.cpp:
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToExponential):
+ (JSC::numberProtoFuncToFixed):
+ (JSC::numberProtoFuncToPrecision):
+ * runtime/UString.cpp:
+ (JSC::UString::number):
+ * wtf/CMakeLists.txt:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeThreading):
+ * wtf/dtoa.cpp:
+ (WTF::dtoa):
+ * wtf/dtoa.h:
+ * wtf/dtoa/COPYING: Added.
+ * wtf/dtoa/LICENSE: Added.
+ * wtf/dtoa/README: Added.
+ * wtf/dtoa/bignum-dtoa.cc: Added.
+ * wtf/dtoa/bignum-dtoa.h: Added.
+ * wtf/dtoa/bignum.cc: Added.
+ * wtf/dtoa/bignum.h: Added.
+ (WTF::double_conversion::Bignum::Times10):
+ (WTF::double_conversion::Bignum::Equal):
+ (WTF::double_conversion::Bignum::LessEqual):
+ (WTF::double_conversion::Bignum::Less):
+ (WTF::double_conversion::Bignum::PlusEqual):
+ (WTF::double_conversion::Bignum::PlusLessEqual):
+ (WTF::double_conversion::Bignum::PlusLess):
+ (WTF::double_conversion::Bignum::EnsureCapacity):
+ (WTF::double_conversion::Bignum::BigitLength):
+ * wtf/dtoa/cached-powers.cc: Added.
+ * wtf/dtoa/cached-powers.h: Added.
+ * wtf/dtoa/diy-fp.cc: Added.
+ * wtf/dtoa/diy-fp.h: Added.
+ (WTF::double_conversion::DiyFp::DiyFp):
+ (WTF::double_conversion::DiyFp::Subtract):
+ (WTF::double_conversion::DiyFp::Minus):
+ (WTF::double_conversion::DiyFp::Times):
+ (WTF::double_conversion::DiyFp::Normalize):
+ (WTF::double_conversion::DiyFp::f):
+ (WTF::double_conversion::DiyFp::e):
+ (WTF::double_conversion::DiyFp::set_f):
+ (WTF::double_conversion::DiyFp::set_e):
+ * wtf/dtoa/double-conversion.cc: Added.
+ * wtf/dtoa/double-conversion.h: Added.
+ (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
+ (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
+ * wtf/dtoa/double.h: Added.
+ (WTF::double_conversion::double_to_uint64):
+ (WTF::double_conversion::uint64_to_double):
+ (WTF::double_conversion::Double::Double):
+ (WTF::double_conversion::Double::AsDiyFp):
+ (WTF::double_conversion::Double::AsNormalizedDiyFp):
+ (WTF::double_conversion::Double::AsUint64):
+ (WTF::double_conversion::Double::NextDouble):
+ (WTF::double_conversion::Double::Exponent):
+ (WTF::double_conversion::Double::Significand):
+ (WTF::double_conversion::Double::IsDenormal):
+ (WTF::double_conversion::Double::IsSpecial):
+ (WTF::double_conversion::Double::IsNan):
+ (WTF::double_conversion::Double::IsInfinite):
+ (WTF::double_conversion::Double::Sign):
+ (WTF::double_conversion::Double::UpperBoundary):
+ (WTF::double_conversion::Double::NormalizedBoundaries):
+ (WTF::double_conversion::Double::value):
+ (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
+ (WTF::double_conversion::Double::Infinity):
+ (WTF::double_conversion::Double::NaN):
+ (WTF::double_conversion::Double::DiyFpToUint64):
+ * wtf/dtoa/fast-dtoa.cc: Added.
+ * wtf/dtoa/fast-dtoa.h: Added.
+ * wtf/dtoa/fixed-dtoa.cc: Added.
+ * wtf/dtoa/fixed-dtoa.h: Added.
+ * wtf/dtoa/strtod.cc: Added.
+ * wtf/dtoa/strtod.h: Added.
+ * wtf/dtoa/utils.h: Added.
+ (WTF::double_conversion::Max):
+ (WTF::double_conversion::Min):
+ (WTF::double_conversion::StrLength):
+ (WTF::double_conversion::Vector::Vector):
+ (WTF::double_conversion::Vector::SubVector):
+ (WTF::double_conversion::Vector::length):
+ (WTF::double_conversion::Vector::is_empty):
+ (WTF::double_conversion::Vector::start):
+ (WTF::double_conversion::Vector::operator[]):
+ (WTF::double_conversion::Vector::first):
+ (WTF::double_conversion::Vector::last):
+ (WTF::double_conversion::StringBuilder::StringBuilder):
+ (WTF::double_conversion::StringBuilder::~StringBuilder):
+ (WTF::double_conversion::StringBuilder::size):
+ (WTF::double_conversion::StringBuilder::position):
+ (WTF::double_conversion::StringBuilder::Reset):
+ (WTF::double_conversion::StringBuilder::AddCharacter):
+ (WTF::double_conversion::StringBuilder::AddString):
+ (WTF::double_conversion::StringBuilder::AddSubstring):
+ (WTF::double_conversion::StringBuilder::AddPadding):
+ (WTF::double_conversion::StringBuilder::Finalize):
+ (WTF::double_conversion::StringBuilder::is_finalized):
+ (WTF::double_conversion::BitCast):
+ * wtf/wtf.pri:
+
+2011-09-02 Filip Pizlo <fpizlo@apple.com>
+
+ DFG graph has no way of distinguishing or reconciling between static
+ and dynamic predictions
+ https://bugs.webkit.org/show_bug.cgi?id=67343
+
+ Reviewed by Gavin Barraclough.
+
+ PredictedType now stores the source of the prediction. Merging predictions,
+ which was previously done with a bitwise or, is now done via the
+ mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
+ functions, which correctly handle combinations of static and dynamic.
+
+ This is performance-neutral, since all predictions are currently static and
+ so the code has no visible effects.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::staticallyPredictArray):
+ (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::predictGlobalVar):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isArrayPrediction):
+ (JSC::DFG::isInt32Prediction):
+ (JSC::DFG::isDoublePrediction):
+ (JSC::DFG::isDynamicPrediction):
+ (JSC::DFG::mergePredictions):
+ (JSC::DFG::mergePrediction):
+ (JSC::DFG::makePrediction):
+ (JSC::DFG::Node::predict):
+
+2011-09-02 Oliver Hunt <oliver@apple.com>
+
+ Fix 32bit build.
+
+ * heap/NewSpace.h:
+ (JSC::NewSpace::allocatePropertyStorage):
+ (JSC::NewSpace::inPropertyStorageNursery):
+
+2011-09-02 Oliver Hunt <oliver@apple.com>
+
+ Use bump allocator for initial property storage
+ https://bugs.webkit.org/show_bug.cgi?id=67494
+
+ Reviewed by Gavin Barraclough.
+
+ Switch to a bump allocator for the initial out of line
+ property storage. This gives us slightly faster allocation
+ for short lived objects that need out of line storage at
+ the cost of an additional memcpy when the object survives
+ a GC pass.
+
+ No performance impact.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (JSC::Heap::allocatePropertyStorage):
+ (JSC::Heap::inPropertyStorageNursary):
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::NewSpace):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::resetPropertyStorageNursary):
+ (JSC::NewSpace::allocatePropertyStorage):
+ (JSC::NewSpace::inPropertyStorageNursary):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::allocatePropertyStorage):
+ * runtime/JSObject.h:
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::visitChildrenDirect):
+
+2011-09-01 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+
+2011-09-01 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (4/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67174
+
+ Reviewed by Oliver Hunt.
+
+ Completed the fourth level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ (JSC::JSCallbackConstructor::finishCreation):
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ (JSC::::finishCreation):
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ (JSC::DebuggerActivation::create):
+ * debugger/DebuggerActivation.h:
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::createNoParameters):
+ (JSC::Arguments::Arguments):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ (JSC::ArrayPrototype::finishCreation):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ (JSC::BooleanObject::finishCreation):
+ * runtime/BooleanObject.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ (JSC::DateInstance::finishCreation):
+ * runtime/DateInstance.h:
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::finishCreation):
+ * runtime/ErrorPrototype.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::InterruptedExecutionError::create):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ (JSC::TerminatedExecutionError::create):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ (JSC::InternalFunction::finishCreation):
+ * runtime/InternalFunction.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ (JSC::JSActivation::finishCreation):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::create):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::finishCreation):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::finishCreation):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::JSNotAnObject):
+ (JSC::JSNotAnObject::create):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ (JSC::JSONObject::finishCreation):
+ * runtime/JSONObject.h:
+ * runtime/JSObjectWithGlobalObject.cpp:
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ * runtime/JSObjectWithGlobalObject.h:
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::finishCreation):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::JSVariableObject):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::JSWrapperObject):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ (JSC::MathObject::finishCreation):
+ * runtime/MathObject.h:
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ (JSC::NumberObject::finishCreation):
+ * runtime/NumberObject.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::create):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ (JSC::RegExpMatchesArray::finishCreation):
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ (JSC::RegExpObject::finishCreation):
+ * runtime/RegExpObject.h:
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ (JSC::StringObject::finishCreation):
+ * runtime/StringObject.h:
+
+2011-09-01 Daniel Bates <dbates@rim.com>
+
+ QNX GCC distribution doesn't support vasprintf()
+ https://bugs.webkit.org/show_bug.cgi?id=67423
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
+
+2011-09-01 Michael Saboff <msaboff@apple.com>
+
+ Remove simple usage of UString::characters() from JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=67340
+
+ In preparation to allowing StringImpl to be backed by 8 bit
+ characters when appropriate, we need to eliminate or change the
+ usage of StringImpl::characters(). Most of the changes below
+ change s->characters()[0] to s[0].
+
+ Reviewed by Geoffrey Garen.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::keyForCharacterSwitch):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::processClauseList):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::addSlowCase):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::jsToNumber):
+ (JSC::parseFloat):
+ * runtime/JSString.cpp:
+ (JSC::JSString::substringFromRope):
+ * runtime/JSString.h:
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsString):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString):
+ * runtime/RegExp.cpp:
+ (JSC::regExpFlags):
+ * wtf/text/StringBuilder.h:
+ (WTF::StringBuilder::operator[]):
+
+2011-09-01 Ada Chan <adachan@apple.com>
+
+ Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-09-01 Hao Zheng <zhenghao@chromium.org>
+
+ Define PTHREAD_KEYS_MAX to fix Android port build.
+ https://bugs.webkit.org/show_bug.cgi?id=67362
+
+ Reviewed by Adam Barth.
+
+ PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+
+2011-08-31 Oliver Hunt <oliver@apple.com>
+
+ Fix build.
+
+ * wtf/CheckedArithmetic.h:
+ (WTF::Checked::Checked):
+ (WTF::Checked::operator=):
+
+2011-08-31 Oliver Hunt <oliver@apple.com>
+
+ fast/regex/overflow.html asserts in debug builds
+ https://bugs.webkit.org/show_bug.cgi?id=67326
+
+ Reviewed by Gavin Barraclough.
+
+ The deliberate overflows in these expressions don't interact nicely
+ with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
+ intermediate calculations.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+
+2011-08-31 Jeff Miller <jeffm@apple.com>
+
+ REGRESSION(92210): AVFoundation media engine is disabled on OS X
+ https://bugs.webkit.org/show_bug.cgi?id=67316
+
+ Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
+ since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
+ changes that were made in r92210.
+
+ Reviewed by Darin Adler.
+
+ * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
+
+2011-08-31 Peter Beverloo <peter@chromium.org>
+
+ Add Android's platform specification and the right atomic functions.
+ https://bugs.webkit.org/show_bug.cgi?id=66687
+
+ Reviewed by Adam Barth.
+
+ * wtf/Atomics.h:
+ (WTF::atomicIncrement):
+ (WTF::atomicDecrement):
+ * wtf/Platform.h:
+
+2011-08-30 Oliver Hunt <oliver@apple.com>
+
+ Add support for checked arithmetic
+ https://bugs.webkit.org/show_bug.cgi?id=67095
+
+ Reviewed by Sam Weinig.
+
+ Add a checked arithmetic class Checked<T> that provides overflow-safe
+ arithmetic over all integral types. Checked<T> supports addition, subtraction
+ and multiplication, along with "bool" conversions and equality operators.
+
+ Checked<> can be used in either CRASH() on overflow or delayed failure modes,
+ although the default is to CRASH().
+
+ To ensure the code is actually in use (rather than checking in dead code) I've
+ made a couple of properties in YARR use Checked<int> and Checked<unsigned>
+ instead of raw value arithmetic. This has resulted in a moderate set of changes,
+ to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
+ to unsigned for some uses of sizeof, as Checked<> currently does not support
+ mixed signed-ness of types wider that 32 bits.
+
+ Happily the increased type safety of Checked<> means that it's not possible to
+ accidentally assign away precision, nor accidentally call integer overload of
+ a function instead of the bool version.
+
+ No measurable regression in performance, and SunSpider claims this patch to be
+ a progression of 0.3%.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CheckedArithmetic.h: Added.
+ (WTF::CrashOnOverflow::overflowed):
+ (WTF::CrashOnOverflow::clearOverflow):
+ (WTF::CrashOnOverflow::hasOverflowed):
+ (WTF::RecordOverflow::RecordOverflow):
+ (WTF::RecordOverflow::overflowed):
+ (WTF::RecordOverflow::clearOverflow):
+ (WTF::RecordOverflow::hasOverflowed):
+ (WTF::isInBounds):
+ (WTF::safeAdd):
+ (WTF::safeSub):
+ (WTF::safeMultiply):
+ (WTF::safeEquals):
+ (WTF::workAroundClangBug):
+ (WTF::Checked::Checked):
+ (WTF::Checked::operator=):
+ (WTF::Checked::operator++):
+ (WTF::Checked::operator--):
+ (WTF::Checked::operator!):
+ (WTF::Checked::operator UnspecifiedBoolType*):
+ (WTF::Checked::get):
+ (WTF::Checked::operator+=):
+ (WTF::Checked::operator-=):
+ (WTF::Checked::operator*=):
+ (WTF::Checked::operator==):
+ (WTF::Checked::operator!=):
+ (WTF::operator+):
+ (WTF::operator-):
+ (WTF::operator*):
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::atomPatternCharacter):
+ (JSC::Yarr::ByteCompiler::atomCharacterClass):
+ (JSC::Yarr::ByteCompiler::atomBackReference):
+ (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
+ (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
+ (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
+ (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::ByteTerm::ByteTerm):
+ (JSC::Yarr::ByteTerm::CheckInput):
+ (JSC::Yarr::ByteTerm::UncheckInput):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generateAssertionEOL):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
+ * yarr/YarrPattern.h:
+
+2011-08-31 Andrei Popescu <andreip@google.com>
+
+ Investigate current uses of OS(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=66761
+
+ Unreviewed, build fix for ARM platforms.
+
+ * wtf/Platform.h:
+
+2011-08-31 Andrei Popescu <andreip@google.com>
+
+ Investigate current uses of OS(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=66761
+
+ Reviewed by Darin Adler.
+
+ Remove the last legacy Android code.
+
+ No new tests needed as the code wasn't tested in the first place.
+
+ * wtf/Atomics.h:
+ * wtf/Platform.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::createThreadInternal):
+
+2011-08-30 Aaron Colwell <acolwell@chromium.org>
+
+ Add MediaSource API to HTMLMediaElement
+ https://bugs.webkit.org/show_bug.cgi?id=64731
+
+ Reviewed by Eric Carlson.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-08-30 Oliver Hunt <oliver@apple.com>
+
+ TypedArrays don't ensure that denormalised values are normalised
+ https://bugs.webkit.org/show_bug.cgi?id=67178
+
+ Reviewed by Gavin Barraclough.
+
+ Add a couple of assertions to jsNumber() to ensure that
+ we block signaling NaNs
+
+ * runtime/JSValue.h:
+ (JSC::jsDoubleNumber):
+ (JSC::jsNumber):
+
+2011-08-30 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
+
+ [Qt] Do not unconditionally use pkg-config in .pro files
+ https://bugs.webkit.org/show_bug.cgi?id=67055
+
+ Reviewed by Andreas Kling.
+
+ Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
+
+ Using the first pkg-config in PATH is prone to errors when cross
+ compiling inside the Qt repository (using Qt's build-system).
+
+ This patch protect calls for pkg-config with
+ !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
+ QT_CONFIG by Qt's 'configure' when cross-compiling on systems
+ without pkg-config.
+
+ The respective change in Qt's configure has been submited already.
+
+ No new tests as this is just a build change.
+
+ * wtf/wtf.pri: protect pkg-config calls
+
+2011-08-29 Daniel Bates <dbates@webkit.org>
+
+ Add HAVE(VASPRINTF) macro to test for vasprintf() support
+ https://bugs.webkit.org/show_bug.cgi?id=67156
+
+ Reviewed by Darin Adler.
+
+ Encapsulate testing of vasprintf() support in a HAVE macro
+ instead of hardcoding the list of supported/unsupported
+ compilers at the call site.
+
+ * wtf/Platform.h:
+
+2011-08-29 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (3/7)
+ https://bugs.webkit.org/show_bug.cgi?id=67064
+
+ Reviewed by Darin Adler.
+
+ Completed the third level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ This primarily consists of pushing the calls to finishCreation() down
+ into the constructors of the subclasses of the second level of the hierarchy
+ as well as pulling the finishCreation() calls out into the class's corresponding
+ create() method if it has one. Doing both simultaneously allows us to
+ maintain the invariant that the finishCreation() method chain is called exactly
+ once during the creation of an object, since calling it any other number of
+ times (0, 2, or more) will cause an assertion failure.
+
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ (JSC::DebuggerActivation::finishCreation):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::createNoParameters):
+ (JSC::Arguments::Arguments):
+ (JSC::Arguments::finishCreation):
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::finishCreation):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ Moved the assignment of m_firstLine and m_lastLine into the
+ FunctionExecutable::finishCreation() method in Executable.h
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ (JSC::FunctionExecutable::finishCreation):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ (JSC::JSArray::finishCreation):
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::finishCreation):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::JSNotAnObject):
+ * runtime/JSObject.h:
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ * runtime/JSObjectWithGlobalObject.cpp:
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ (JSC::JSObjectWithGlobalObject::finishCreation):
+ * runtime/JSObjectWithGlobalObject.h:
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::JSVariableObject):
+ (JSC::JSVariableObject::finishCreation):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::JSWrapperObject):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::finishCreation):
+ * runtime/ObjectPrototype.h:
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+
+2011-08-29 Andreas Kling <kling@webkit.org>
+
+ Unreviewed build fix after r93990.
+
+ * wtf/HashTable.h:
+
+2011-08-29 Andreas Kling <kling@webkit.org>
+
+ Viewing a post on reddit.com wastes a lot of memory on event listeners.
+ https://bugs.webkit.org/show_bug.cgi?id=67133
+
+ Reviewed by Darin Adler.
+
+ Add a minimum table size to the HashTraits, instead of having it hard coded.
+ The default value remains at 64, but can now be specialized.
+
+ * runtime/StructureTransitionTable.h:
+ * wtf/HashTable.h:
+ (WTF::HashTable::shouldShrink):
+ (WTF::::expand):
+ (WTF::::checkTableConsistencyExceptSize):
+ * wtf/HashTraits.h:
+
+2011-08-28 Jonathan Liu <net147@gmail.com>
+
+ Fix build error when compiling with MinGW-w64 by disabling JIT
+ on Windows 64-bit
+ https://bugs.webkit.org/show_bug.cgi?id=61235
+
+ Reviewed by Gavin Barraclough.
+
+ The fixed mmap executable allocator for JIT on x86_64 requires
+ sys/mman.h which is not available on Windows.
+
+ * wtf/Platform.h:
+
+2011-08-27 Filip Pizlo <fpizlo@apple.com>
+
+ JSC::Executable is inconsistent about using weak handle finalizers
+ and destructors for releasing memory
+ https://bugs.webkit.org/show_bug.cgi?id=67072
+
+ Reviewed by Darin Adler.
+
+ Moved more of the destruction of Executable state into the finalizer,
+ which also resulted in an opportunity to mostly combine this with
+ discardCode(). This also means that the finalizer is now enabled even
+ when the JIT is turned off. This is performance neutral on SunSpider,
+ V8, and Kraken.
+
+ * runtime/Executable.cpp:
+ (JSC::ExecutableBase::clearCode):
+ (JSC::ExecutableFinalizer::finalize):
+ (JSC::EvalExecutable::clearCode):
+ (JSC::ProgramExecutable::clearCode):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::clearCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::finishCreation):
+
+2011-08-26 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT - ArithMod may clobber operands.
+ https://bugs.webkit.org/show_bug.cgi?id=67085
+
+ Reviewed by Sam Weinig.
+
+ unboxDouble must be called on a temporary.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-08-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (2/7)
+ https://bugs.webkit.org/show_bug.cgi?id=66957
+
+ Reviewed by Darin Adler.
+
+ Completed the second level of the refactoring to add finishCreation()
+ methods to all classes within the JSCell hierarchy with non-trivial
+ constructor bodies.
+
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::create):
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::finishCreation):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::ScriptExecutable::finishCreation):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::GetterSetter):
+ (JSC::GetterSetter::create):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::create):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSObject.h:
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ (JSC::JSNonFinalObject::finishCreation):
+ (JSC::JSFinalObject::create):
+ (JSC::JSFinalObject::finishCreation):
+ (JSC::JSFinalObject::JSFinalObject):
+ (JSC::JSObject::JSObject):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::createWithoutCaching):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::create):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::finishCreation):
+ (JSC::Structure::createStructure):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+
+2011-08-26 Filip Pizlo <fpizlo@apple.com>
+
+ The GC does not have a facility for profiling the kinds of objects
+ that occupy the heap
+ https://bugs.webkit.org/show_bug.cgi?id=66849
+
+ Reviewed by Geoffrey Garen.
+
+ Destructor calls and object scans are now optionally counted, per
+ vtable. When the heap is destroyed and profiling is enabled, the
+ counts are dumped, with care taken to print the names of classes
+ (modulo C++ mangling) sorted in descending commonality.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/MarkStack.h:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::callDestructor):
+ * heap/MarkedBlock.h:
+ * heap/VTableSpectrum.cpp: Added.
+ (JSC::VTableSpectrum::VTableSpectrum):
+ (JSC::VTableSpectrum::~VTableSpectrum):
+ (JSC::VTableSpectrum::countVPtr):
+ (JSC::VTableSpectrum::count):
+ (JSC::VTableAndCount::VTableAndCount):
+ (JSC::VTableAndCount::operator<):
+ (JSC::VTableSpectrum::dump):
+ * heap/VTableSpectrum.h: Added.
+ * wtf/Platform.h:
+
+2011-08-26 Juan C. Montemayor <jmont@apple.com>
+
+ Update topCallFrame when calling host functions in the JIT
+ https://bugs.webkit.org/show_bug.cgi?id=67010
+
+ Reviewed by Oliver Hunt.
+
+ The topCallFrame is not being updated when a host function is
+ called by the JIT. This causes problems when trying to create a
+ stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
+
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+
+2011-08-26 Alexey Proskuryakov <ap@apple.com>
+
+ Get rid of frame life support timer
+ https://bugs.webkit.org/show_bug.cgi?id=66874
+
+ Reviewed by Geoff Garen.
+
+ * runtime/JSGlobalObject.h:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
+
+2011-08-26 Chao-ying Fu <fu@mips.com>
+
+ Fix MIPS patchOffsetGetByIdSlowCaseCall
+ https://bugs.webkit.org/show_bug.cgi?id=67046
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JIT.h:
+
+2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Fixing broken build due to unused variables in release mode
+ https://bugs.webkit.org/show_bug.cgi?id=67004
+
+ Unreviewed, release build fix.
+
+ Fixing broken build due to unused variables in ASSERTs in release build.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::finishCreation):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::finishCreation):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::finishCreation):
+
+2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Unzip initialization lists and constructors in JSCell hierarchy (1/7)
+ https://bugs.webkit.org/show_bug.cgi?id=66827
+
+ Reviewed by Geoffrey Garen.
+
+ Added finishCreation() methods to all immediately subclasses of JSCell with
+ non-empty constructors. Part of a larger refactoring to "unzip" initialization
+ lists and constructor bodies. Also renamed JSCell's constructorBody() method
+ to finishCreation().
+
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::constructorBody):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::GetterSetter):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::constructorBody):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ (JSC::JSCell::JSCell::constructorBody):
+ * runtime/JSObject.h:
+ (JSC::JSObject::constructorBody):
+ (JSC::JSObject::JSObject):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::constructorBody):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::constructorBody):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::constructorBody):
+ * runtime/RegExp.h:
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::constructorBody):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::constructorBody):
+
+2011-08-25 Gabor Loki <loki@webkit.org>
+
+ REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
+ https://bugs.webkit.org/show_bug.cgi?id=66956
+
+ Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
+
+ Reviewed by Oliver Hunt.
+
+ * jit/JIT.h:
+
+2011-08-24 Juan C. Montemayor <jmont@apple.com>
+
+ Keep track of topCallFrame for Stack traces
+ https://bugs.webkit.org/show_bug.cgi?id=66571
+
+ Reviewed by Geoffrey Garen.
+
+ This patch adds a TopCallFrame to JSC in order to have that information
+ when an error is thrown to create a stack trace. The TopCallFrame is
+ updated throughout select points in the Interpreter and the JSC.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::throwException):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::privateExecute):
+ * interpreter/Interpreter.h:
+ (JSC::TopCallFrameSetter::TopCallFrameSetter):
+ (JSC::TopCallFrameSetter::~TopCallFrameSetter):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::updateTopCallFrame):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::call):
+ * jit/JITStubs.cpp:
+ (JSC::throwExceptionFromOpCall):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::arityCheckFor):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+
+2011-08-24 Filip Pizlo <fpizlo@apple.com>
+
+ ErrorInstance::create sometimes has two heap object constructions
+ in flight at once
+ https://bugs.webkit.org/show_bug.cgi?id=66845
+
+ Reviewed by Darin Adler.
+
+ The fix is simple since there is already a second create() method
+ that takes a UString.
+
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::create):
+
+2011-08-24 Filip Pizlo <fpizlo@apple.com>
+
+ There is no facility for profiling how the write barrier is used
+ https://bugs.webkit.org/show_bug.cgi?id=66747
+
+ Reviewed by Geoffrey Garen.
+
+ Added facilities for the JIT to specify the kind of write barrier
+ being executed. Added code for profiling the number of each kind
+ of barrier encountered.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::emitCount):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::emitCount):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier):
+ * heap/WriteBarrierSupport.cpp: Added.
+ (JSC::WriteBarrierCounters::initialize):
+ * heap/WriteBarrierSupport.h: Added.
+ (JSC::WriteBarrierCounters::WriteBarrierCounters):
+ (JSC::WriteBarrierCounters::jitCounterFor):
+ (JSC::WriteBarrierCounters::countWriteBarrier):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+ (JSC::JIT::emitWriteBarrier):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var):
+ (JSC::JIT::emitWriteBarrier):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
+2011-08-23 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add checks to ensure allocation does not take place during initialization of GC-managed objects
+ https://bugs.webkit.org/show_bug.cgi?id=65288
+
+ Reviewed by Darin Adler.
+
+ Adding the new validation functionality. In its current state, it will performs checks,
+ but they don't fail unless you do allocation in the arguments to the parent constructor in the
+ initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
+ allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
+ allowed in constructor bodies while other refactoring efforts continue.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::constructorBody):
+ (JSC::JSCell::JSCell::JSCell):
+ (JSC::JSCell::allocateCell):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::isInitializingObject):
+ (JSC::JSGlobalData::setInitializingObject):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+
+2011-08-23 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=55347
+ "name" and "message" enumerable on *Error.prototype
+
+ Reviewed by Sam Weinig.
+
+ The default value of a NativeErrorPrototype's message
+ property is "", not the name of the error.
+
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::constructorBody):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+
+2011-08-23 Steve Block <steveblock@google.com>
+
+ Remove last occurrences of PLATFORM(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=66763
+
+ Reviewed by Tony Gentilcore.
+
+ * wtf/Platform.h:
+
+2011-08-23 Steve Block <steveblock@google.com>
+
+ Remove all mention of removed Android files from build scripts
+ https://bugs.webkit.org/show_bug.cgi?id=66755
+
+ Reviewed by Tony Gentilcore.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-08-23 Adam Barth <abarth@webkit.org>
+
+ Remove WebCore/editing/android and other Android-specific directories
+ https://bugs.webkit.org/show_bug.cgi?id=66739
+
+ Reviewed by Steve Block.
+
+ Now that Android shares more code with Chromium, we don't need these
+ Android-specific files.
+
+ * wtf/android: Removed.
+ * wtf/android/AndroidThreading.h: Removed.
+ * wtf/android/MainThreadAndroid.cpp: Removed.
+
+2011-08-23 Ilya Tikhonovsky <loislo@chromium.org>
+
+ Unreviewed build fix for compile error on Windows for r93560.
+
+ * runtime/SamplingCounter.h:
+
+2011-08-22 Filip Pizlo <fpizlo@apple.com>
+
+ Sampling counter support is in the bytecode directory
+ https://bugs.webkit.org/show_bug.cgi?id=66724
+
+ Reviewed by Darin Adler.
+
+ Moved SamplingCounter to a separate header in runtime/.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/SamplingTool.cpp:
+ * bytecode/SamplingTool.h:
+ * runtime/SamplingCounter.cpp: Added.
+ (JSC::AbstractSamplingCounter::dump):
+ * runtime/SamplingCounter.h: Added.
+ (JSC::AbstractSamplingCounter::count):
+ (JSC::AbstractSamplingCounter::addressOfCounter):
+ (JSC::AbstractSamplingCounter::init):
+ (JSC::SamplingCounter::SamplingCounter):
+ (JSC::GlobalSamplingCounter::name):
+ (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
+ (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
+
+2011-08-21 Martin Robinson <mrobinson@igalia.com>
+
+ Fix 'make dist' for WebKitGTK+.
+
+ * GNUmakefile.list.am: Add a missing header to the sources list.
+
+2011-08-20 Filip Pizlo <fpizlo@apple.com>
+
+ JavaScriptCore bytecompiler does not compute scope depth correctly
+ in the case of constant declarations
+ https://bugs.webkit.org/show_bug.cgi?id=66572
+
+ Reviewed by Oliver Hunt.
+
+ Changed the handling of const to add the dynamic scope depth.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ConstDeclNode::emitCodeSingle):
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
+ https://bugs.webkit.org/show_bug.cgi?id=66617
+
+ Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
+ But we cause a compile error if the platform doesn't support SA_RESTART regardless of
+ whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
+ SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
+
+ Reviewed by Antonio Gomes.
+
+ * heap/MachineStackMarker.cpp:
+
+2011-08-19 Filip Pizlo <fpizlo@apple.com>
+
+ The JSC JIT currently has no facility to profile and report
+ the types of values
+ https://bugs.webkit.org/show_bug.cgi?id=65901
+
+ Reviewed by Gavin Barraclough.
+
+ Added the ability to profile the values seen at function calls (both
+ arguments and results) and heap loads. This is done with emphasis
+ on performance. A value profiling site consists of: add, and,
+ move, and store; no branching is necessary. Each value profiling
+ site (called a ValueProfile) has a ring buffer of 8 recently-seen
+ values. ValueProfiles are stored in the CodeBlock; there will be
+ one for each argument (excluding this) and each heap load or callsite.
+ Each time a value profiling site executes, it stores the value into
+ a pseudo-random element in the ValueProfile buffer. The point is
+ that for frequently executed code, we will have 8 somewhat recent
+ values in the buffer and will be able to not only figure out what
+ type it is, but also to be able to reason about the actual values
+ if we wish to do so.
+
+ This feature is currently disabled by default. When enabled, it
+ results in a 3.7% slow-down on SunSpider.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addValueProfile):
+ (JSC::CodeBlock::numberOfValueProfiles):
+ (JSC::CodeBlock::valueProfile):
+ (JSC::CodeBlock::valueProfileForBytecodeOffset):
+ * bytecode/ValueProfile.h: Added.
+ (JSC::ValueProfile::ValueProfile):
+ (JSC::ValueProfile::numberOfSamples):
+ (JSC::ValueProfile::computeProbability):
+ (JSC::ValueProfile::numberOfInt32s):
+ (JSC::ValueProfile::numberOfDoubles):
+ (JSC::ValueProfile::numberOfCells):
+ (JSC::ValueProfile::probabilityOfInt32):
+ (JSC::ValueProfile::probabilityOfDouble):
+ (JSC::ValueProfile::probabilityOfCell):
+ (JSC::getValueProfileBytecodeOffset):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITCall.cpp:
+ (JSC::JIT::emit_op_call_put_result):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitValueProfilingSite):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ * jit/JSInterfaceJIT.h:
+ * wtf/Platform.h:
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+ (WTF::genericBinarySearch):
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Don't include DisallowCType.h when building on QNX
+ https://bugs.webkit.org/show_bug.cgi?id=66616
+
+ Reviewed by Antonio Gomes.
+
+ * config.h:
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Implement ExecutableAllocator::cacheFlush() for QNX
+ https://bugs.webkit.org/show_bug.cgi?id=66611
+
+ Reviewed by Antonio Gomes.
+
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+
+2011-08-19 Daniel Bates <dbates@webkit.org>
+
+ Implement WTF::atomic{Increment, Decrement}() for QNX
+ https://bugs.webkit.org/show_bug.cgi?id=66605
+
+ Reviewed by Darin Adler.
+
+ * wtf/Atomics.h:
+ (WTF::atomicIncrement):
+ (WTF::atomicDecrement):
+
+2011-08-19 Beth Dakin <bdakin@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=66590
+ Re-name scrollbar painter types
+
+ Reviewed by Sam Weinig.
+
+ WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer
+ applies.
+ * wtf/Platform.h:
+
+2011-08-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Move allocation in constructors into separate constructorBody() methods
+ https://bugs.webkit.org/show_bug.cgi?id=66265
+
+ Reviewed by Oliver Hunt.
+
+ Refactoring to put all allocations that need to be done after the object's
+ initialization list has executed but before the object is ready for use
+ into a separate constructorBody() method. This method is still called by the constructor,
+ so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * jsc.cpp:
+ (GlobalObject::constructorBody):
+ (GlobalObject::GlobalObject):
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::constructorBody):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::constructorBody):
+ * runtime/ErrorPrototype.h:
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::constructorBody):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::constructorBody):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::constructorBody):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::constructorBody):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::constructorBody):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::constructorBody):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::constructorBody):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::constructorBody):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ (JSC::NativeErrorPrototype::constructorBody):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+
+2011-08-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT does not inline the double case of ValueAdd
+ https://bugs.webkit.org/show_bug.cgi?id=66025
+
+ Reviewed by Gavin Barraclough.
+
+ This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
+ benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
+ stanford-crypto-sha256-iterative). It looks like it might have
+ a speed-up in SunSpider (though not statistically significant or
+ particularly reproducible) and a slight slow-down in V8 (0.14%,
+ not statistically significant). It does slow down v8-crypto by
+ 1.5%.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ * dfg/DFGOperations.cpp:
+
+2011-08-18 Filip Pizlo <fpizlo@apple.com>
+
+ [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=66426
+
+ Reviewed by Oliver Hunt.
+
+ Changed the branchTestPtr to branchTest32.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-08-17 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=66379
+ implements load32WithCompactAddressOffsetPatch function
+ and fixes store32 and moveWithPatch functions for SH4 platforms.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::rshift32):
+ (JSC::MacroAssemblerSH4::store32):
+ (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
+ (JSC::MacroAssemblerSH4::moveWithPatch):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::movlMemRegCompact):
+ (JSC::SH4Assembler::readPointer):
+ (JSC::SH4Assembler::repatchCompact):
+ * jit/JIT.h:
+
+2011-08-17 Filip Pizlo <fpizlo@apple.com>
+
+ JSC verbose debugging output sometimes doesn't work as expected.
+ https://bugs.webkit.org/show_bug.cgi?id=66107
+
+ Reviewed by Gavin Barraclough.
+
+ Hardened the CodeBlock::dump() code so that it no longer crashes. Improved
+ the DFG verbose code so that it prints slightly more useful information.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::debugSize):
+ * bytecode/CodeBlock.cpp:
+ (JSC::valueToSourceString):
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::numberOfRegExps):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::link):
+
+2011-08-16 Michael Saboff <msaboff@apple.com>
+
+ Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
+ https://bugs.webkit.org/show_bug.cgi?id=66351
+
+ JIT::privateCompilePutByIdTransition expects that regT0 and regT1
+ have the basePayload and baseTag respectively. In some cases,
+ we may get to this generated code with one or both of these
+ registers trash. One know case is that regT0 on ARM may be
+ trashed as regT0 (r0) is also arg0 and can be overrun with sp due
+ to calls to JIT::restoreReturnAddress(). This patch uses the
+ values on the stack. A longer term solution is to work out all
+ cases so that the register entry assumptions can assured.
+
+ While fixing this, also determined that the additional stack offset
+ of sizeof(void*) is not needed for ARM.
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+
+2011-08-15 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=66263
+ DFG JIT does not always zero extend boolean result of DFG operations
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Change bool return values to a 64-bit type.
+
+2011-08-15 Gavin Barraclough <barraclough@apple.com>
+
+ Crash accessing static property on sealed object
+ https://bugs.webkit.org/show_bug.cgi?id=66242
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ - should only check isExtensible if checkReadOnly.
+
+2011-08-15 Sam Weinig <sam@webkit.org>
+
+ Fix release build when building with Clang.
+
+ Reviewed by Anders Carlsson.
+
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::checkCurrentIdentifierTable):
+ Add NO_RETURN_DUE_TO_CRASH.
+
+2011-08-15 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
+
+ Reviewed by Nikolas Zimmermann.
+
+ Speed up SVGSMILElement::findInstanceTime.
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Add a new parameter to StdlibExtras.h::binarySerarch function
+ to also handle cases when the array does not contain the key value.
+ This is needed for an svg function.
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-08-13 Sam Weinig <sam@webkit.org>
+
+ Add back 0xbbadbeef to CRASH to allow for old habits
+ https://bugs.webkit.org/show_bug.cgi?id=66190
+
+ Reviewed by David Kilzer.
+
+ * wtf/Assertions.h:
+ Add back the assignment to the memory address 0xbbadbeef in the CRASH
+ macro, as it does not cause issue in the clang static analyzer and many
+ people use its presence in crash reports to easily identify ASSERTs.
+
+2011-08-13 Sam Weinig <sam@webkit.org>
+
+ Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=66182
+
+ Reviewed by Dan Bernstein.
+
+ Fixes 10 warnings in JavaScriptCore and 2 in testapi.
+
+ * API/tests/testapi.c:
+ (main):
+ Remove dead variables.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ Initialize hasPrinted and silence an unused warning by casting to void (Ok here
+ since it is debug code and I want to keep it clear that if other cases are added,
+ the hasPrinted flag would be needed).
+
+ * wtf/dtoa.cpp:
+ (WTF::d2b):
+ The variable "de" in the else block is always zero, so there is no reason to
+ use it.
+
+2011-08-12 Sam Weinig <sam@webkit.org>
+
+ Use __builtin_trap() for CRASH when building with clang
+ https://bugs.webkit.org/show_bug.cgi?id=66152
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/Assertions.h:
+ Add Clang specific CRASH macro that calls __builtin_trap() instead
+ of silly techniques to crash. This allows the static analyzer to understand
+ that we are intentionally crashing. As a result, we need to mark some functions
+ as not returning.
+
+ Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
+
+ * wtf/Compiler.h:
+ Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::Internal::fastMallocMatchFailed):
+ Add NO_RETURN_DUE_TO_CRASH.
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
+ (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
+ Add NO_RETURN_DUE_TO_ASSERT.
+
+2011-08-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT has inconsistent use of boxDouble and unboxDouble,
+ inconsistent use of assertions regarding doubles, and those
+ assertions are not turned on in debug builds
+ https://bugs.webkit.org/show_bug.cgi?id=66160
+
+ Reviewed by Gavin Barraclough.
+
+ JIT assertions are now turned on in debug builds. JIT
+ assertions are now used for boxing and unboxing doubles, and boxing
+ and unboxing no longer involves code duplication.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::GeneralizedRegister::moveTo):
+ (JSC::DFG::GeneralizedRegister::swapWith):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::boxDouble):
+ (JSC::DFG::JITCompiler::unboxDouble):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+
+2011-08-12 Mark Rowe <mrowe@apple.com>
+
+ Be more forward-looking in the choice of compiler.
+
+ Rubber-stamped by Jon Honeycutt.
+
+ * Configurations/CompilerVersion.xcconfig:
+
+2011-08-12 Kalev Lember <kalevlember@gmail.com>
+
+ [GTK] Fix non-pthreads build after r91906.
+ https://bugs.webkit.org/show_bug.cgi?id=66151
+
+ Reviewed by David Levin.
+
+ r91906 broke the non-pthreads GTK+ build by including a header which
+ doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
+
+ * wtf/gtk/ThreadingGtk.cpp:
+
+2011-08-12 Mark Rowe <mrowe@apple.com>
+
+ Update some configuration settings that were missed back in r92432.
+
+ * Configurations/CompilerVersion.xcconfig:
+
+2011-08-12 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
+ Matrix3D.invert)
+ https://bugs.webkit.org/show_bug.cgi?id=66038
+
+ Reviewed by Gavin Barraclough.
+
+ Simplest and lowest-impact fix for the case where the spilled format
+ of a DFG node differs from the register format: if the format is
+ converted then indicate that the spilled value is no longer valid
+ ("kill the spill").
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::killSpilled):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-08-12 Sam Weinig <sam@webkit.org>
+
+ Move compiler specific macros to their own header
+ https://bugs.webkit.org/show_bug.cgi?id=66119
+
+ Reviewed by Anders Carlsson.
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ Add Compiler.h
+
+ * wtf/AlwaysInline.h:
+ Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
+ Compiler.h. We can remove this file in a later commit.
+
+ * wtf/Compiler.h: Added.
+ Put all compiler specific checks and features in this file.
+
+ * wtf/Platform.h:
+ Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
+ to Compiler.h. Include Compiler.h since it is necessary.
+
+2011-08-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT-specific structure stub info code offset fields are signed
+ 8-bit, but it is possible for the offsets to be greater than 127
+ https://bugs.webkit.org/show_bug.cgi?id=66122
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+
+2011-08-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure code sometimes picks the wrong register
+ as a scratch register.
+ https://bugs.webkit.org/show_bug.cgi?id=66104
+
+ Reviewed by Gavin Barraclough.
+
+ Hardened the code with more assertions and fixed the bug. Now a
+ spilled register is only used for scratch if it also isn't being
+ used for shuffling.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-08-11 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r92880.
+ http://trac.webkit.org/changeset/92880
+ https://bugs.webkit.org/show_bug.cgi?id=66123
+
+ Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
+
+ * wtf/PassRefPtr.h:
+
+2011-08-11 Mark Rowe <mrowe@apple.com>
+
+ Don't conditionalize the use of -fomit-frame-pointer on compiler version as
+ all of our supported compilers are now new enough to have the same, sane behavior.
+
+ Rubber-stamped by Sam Weinig.
+
+ * Configurations/JavaScriptCore.xcconfig:
+
+2011-08-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT verbose mode does not report the generated types of nodes
+ https://bugs.webkit.org/show_bug.cgi?id=65830
+
+ Reviewed by Sam Weinig.
+
+ Added code that prints the type selected for each node's result.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::dataFormatToString):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-08-11 James Robinson <jamesr@chromium.org>
+
+ nullptr can't be used for PassRefPtr
+ https://bugs.webkit.org/show_bug.cgi?id=66024
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/PassRefPtr.h:
+ (WTF::PassRefPtr::PassRefPtr):
+
+2011-08-11 Daniel Bates <dbates@rim.com>
+
+ Removed unused variable in StackBounds::initialize() to resolve
+ compiler warning when building on QNX.
+ https://bugs.webkit.org/show_bug.cgi?id=66072
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/StackBounds.cpp:
+ (WTF::StackBounds::initialize):
+
+2011-08-11 Devdatta Deshpande <pwjd73@motorola.com>
+
+ Implementation of monotonically increasing clock on GTK
+ https://bugs.webkit.org/show_bug.cgi?id=62175
+
+ Reviewed by Martin Robinson.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::monotonicallyIncreasingTime):
+ The default implementation of monotonicallyIncreasingTime only
+ guarantees the result to be non-decreasing.
+ If the system time is changed to past then default implementation will
+ still fail and WebCore timers will not fire.
+
+2011-08-10 Geoffrey Garen <ggaren@apple.com>
+
+ Removed some incorrect code that was dead.
+
+ Reviewed by Oliver Hunt.
+
+ clearSingleTransition() wasn't resetting m_data. Luckily,
+ no one cares, because its caller was unused. Removed both.
+
+ * runtime/Structure.cpp:
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::~StructureTransitionTable):
+
+2011-08-10 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
+ https://bugs.webkit.org/show_bug.cgi?id=66010
+
+ Reviewed by Oliver Hunt.
+
+ Made sure that Construct calls use() on the this argument.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-08-10 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ JSC should always throw when function arg list is too long
+ https://bugs.webkit.org/show_bug.cgi?id=65869
+
+ Reviewed by Oliver Hunt.
+
+ Changed the behavior of the interpreter and JIT to throw an exception
+ when too many arguments are passed rather than truncating the list. Added
+ a new method to create a "Too many arguments." exception used by this
+ new functionality.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::createTooManyParamsError):
+ * runtime/ExceptionHelpers.h:
+
+2011-08-10 Oliver Hunt <oliver@apple.com>
+
+ Make GC checks more aggressive in release builds
+ https://bugs.webkit.org/show_bug.cgi?id=66001
+
+ Reviewed by Gavin Barraclough.
+
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::visitStrongHandles):
+ (JSC::HandleHeap::visitWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::isLiveNode):
+ (JSC::HandleHeap::isValidWeakNode):
+ Increase handle heap validation logic, and make some of
+ the crashes trigger in release builds as well as debug.
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::allocate):
+ (JSC::HandleHeap::makeWeak):
+ Ditto
+ * runtime/JSGlobalData.cpp:
+ (WTF::Recompiler::operator()):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ Fix GC bugs found while testing this patch
+
+2011-08-10 Oliver Hunt <oliver@apple.com>
+
+ JSEvaluteScript does not return the correct object when given JSONP data
+ https://bugs.webkit.org/show_bug.cgi?id=66003
+
+ Reviewed by Gavin Barraclough.
+
+ Make sure we propagate the result of the function call rather than the
+ argument.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+
+2011-08-10 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT heap prediction causes regressions when combined with
+ aggressive integer prediction
+ https://bugs.webkit.org/show_bug.cgi?id=65954
+
+ Reviewed by Gavin Barraclough.
+
+ Disabled heap prediction, but did not remove the capability.
+ This improves V8 crypto performance by 20%.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not speculative integers as aggressively as it should
+ https://bugs.webkit.org/show_bug.cgi?id=65949
+
+ Reviewed by Gavin Barraclough.
+
+ Added a tree walk to propagate integer predictions through arithmetic
+ expressions.
+
+ This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
+ translates to a 19% speed-up on Kraken overall. It's neutral on
+ other benchmarks.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::predictInt32):
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT has no way of propagating predictions to loads and calls
+ https://bugs.webkit.org/show_bug.cgi?id=65883
+
+ Reviewed by Gavin Barraclough.
+
+ This introduces the capability to store predictions on graph
+ nodes. To save space while being somewhat consistent, the
+ prediction is always stored in the second OpInfo slot (since
+ a GetById will use the first one for the identifier). This
+ change is a natural extension of r92593 (global variable
+ prediction).
+
+ This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
+ win on V8 in the geometric mean. It is neutral on SunSpider
+ and Kraken. Interestingly, on V8 it regresses crypto by 3%
+ while progressing deltablue and richards by 2.6% and 4.3%,
+ respectively.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGNode.h:
+ (JSC::DFG::isCellPrediction):
+ (JSC::DFG::isArrayPrediction):
+ (JSC::DFG::isInt32Prediction):
+ (JSC::DFG::isDoublePrediction):
+ (JSC::DFG::isNumberPrediction):
+ (JSC::DFG::predictionToString):
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasPrediction):
+ (JSC::DFG::Node::getPrediction):
+ (JSC::DFG::Node::predict):
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT passes the this argument to constructors even though
+ it's not necessary
+ https://bugs.webkit.org/show_bug.cgi?id=65943
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+
+2011-08-09 Chao-ying Fu <fu@mips.com>
+
+ Fix one MIPS instruction to call JITStubThunked_##op
+ https://bugs.webkit.org/show_bug.cgi?id=65942
+
+ Reviewed by Gavin Barraclough.
+
+ Changed "bal" to "jalr" for a possible processor mode change from
+ MIPS32 to MIPS16.
+
+ * jit/JITStubs.cpp:
+
+2011-08-09 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT failure loading web site
+ https://bugs.webkit.org/show_bug.cgi?id=65930
+
+ Reviewed by Oliver Hunt.
+
+ Put the use() call after the fpr()/gpr() calls, since doing otherwise
+ breaks the register allocator.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-08-09 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Add ParentClass typedef in all JSC classes
+ https://bugs.webkit.org/show_bug.cgi?id=65731
+
+ Reviewed by Oliver Hunt.
+
+ Just added the Base typedefs in all the classes that are a subclass of JSCell
+ to point at their parent classes. This is a change to support future changes to the way
+ constructors and destructors are implemented in JS objects, among other things.
+
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ (JSC::JSCallbackObject::visitChildren):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::asCallbackObject):
+ (JSC::::JSCallbackObject):
+ (JSC::::init):
+ (JSC::::className):
+ (JSC::::getOwnPropertySlot):
+ (JSC::::getOwnPropertyDescriptor):
+ (JSC::::put):
+ (JSC::::deleteProperty):
+ (JSC::::getConstructData):
+ (JSC::::construct):
+ (JSC::::hasInstance):
+ (JSC::::getCallData):
+ (JSC::::call):
+ (JSC::::getOwnPropertyNames):
+ (JSC::::toNumber):
+ (JSC::::toString):
+ (JSC::::setPrivate):
+ (JSC::::getPrivate):
+ (JSC::::inherits):
+ (JSC::::getStaticValue):
+ (JSC::::staticFunctionGetter):
+ (JSC::::callbackGetter):
+ * debugger/DebuggerActivation.h:
+ * jsc.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.h:
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.h:
+ * runtime/DatePrototype.h:
+ * runtime/Error.cpp:
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorInstance.h:
+ * runtime/ErrorPrototype.h:
+ * runtime/ExceptionHelpers.cpp:
+ * runtime/Executable.h:
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.h:
+ * runtime/GetterSetter.h:
+ * runtime/InternalFunction.h:
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.h:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.h:
+ * runtime/JSObject.h:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.h:
+ * runtime/JSVariableObject.h:
+ * runtime/JSWrapperObject.h:
+ * runtime/MathObject.h:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.h:
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExp.h:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpMatchesArray.h:
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.h:
+ * runtime/ScopeChain.h:
+ * runtime/StrictEvalActivation.h:
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ * runtime/StringPrototype.h:
+ * runtime/Structure.h:
+ * runtime/StructureChain.h:
+
+2011-08-08 Oliver Hunt <oliver@apple.com>
+
+ Using mprotect to create guard pages breaks our use of madvise to release executable memory
+ https://bugs.webkit.org/show_bug.cgi?id=65870
+
+ Reviewed by Gavin Barraclough.
+
+ Use mmap rather than mprotect to clear guard page permissions.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-08-08 Oliver Hunt <oliver@apple.com>
+
+ Non-extensibility does not prevent mutating [[Prototype]]
+ https://bugs.webkit.org/show_bug.cgi?id=65832
+
+ Reviewed by Gavin Barraclough.
+
+ Disallow mutation of __proto__ on objects that are not extensible.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+
+2011-08-08 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not track speculation decisions for global variables
+ https://bugs.webkit.org/show_bug.cgi?id=65825
+
+ Reviewed by Gavin Barraclough.
+
+ Added the capability to track predictions for global variables, and
+ ensured that code can abstract over the source of prediction (local
+ versus global variable) wherever it is appropriate to do so. Also
+ cleaned up the code in SpeculativeJIT that decides how to speculate
+ based on recorded predictions (for example instead of using isInteger,
+ which makes sense for local predictions where the GetLocal would
+ return an integer value, we now tend to use shouldSpeculateInteger,
+ which checks if the value is either already an integer or should be
+ speculated to be an integer).
+
+ This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
+ win on controlflow-recursive. It's also a 4.8% win on v8-crypto.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::predictArray):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::predictGlobalVar):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getGlobalVarPrediction):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
+
+2011-08-07 Martin Robinson <mrobinson@igalia.com>
+
+ Distribution fix for GTK+.
+
+ * GNUmakefile.list.am: Strip removed files from the source list.
+
+2011-08-06 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65821
+ Don't form identifiers the first time a string is used as a property name.
+
+ Reviewed by Oliver Hunt.
+
+ This is a 1% win on SunSpider.
+
+ * dfg/DFGOperations.cpp:
+ - Use fastGetOwnProperty.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Use fastGetOwnProperty.
+ * runtime/JSCell.h:
+ * runtime/JSObject.h:
+ (JSC::JSCell::fastGetOwnProperty):
+ - Fast call to get a property without creating an identifier the first time.
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::find):
+ (JSC::PropertyTable::findWithString):
+ - Add interface to look up by either strinsg or identifiers.
+ * runtime/Structure.h:
+ (JSC::Structure::get):
+ - Add a get() call that takes a UString, not an Identifier.
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::hasHash):
+ - Add a call to check if the has has been set (to detect the first use as a property name).
+
+2011-08-06 Aron Rosenberg <arosenberg@logitech.com>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Fix build with Intel compiler on Windows
+ https://bugs.webkit.org/show_bug.cgi?id=65088
+
+ Intel compiler needs .lib suffixes instead of .a
+ Intel compiler doesn't support nullptr
+ Intel compiler supports unsized arrays
+
+ * JavaScriptCore.pri:
+ * jsc.cpp:
+ * wtf/ByteArray.h:
+ * wtf/NullPtr.h:
+
+2011-08-05 Gavin Barraclough <barraclough@apple.com>
+
+ String replace with the empty string means string removal
+ https://bugs.webkit.org/show_bug.cgi?id=65799
+
+ Reviewed by Sam Weinig.
+
+ Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::jsSpliceSubstrings):
+ (JSC::stringProtoFuncReplace):
+
+2011-08-05 Noel Gordon <noel.gordon@gmail.com>
+
+ [Chromium] Remove JSZombie references from gyp project files.
+ https://bugs.webkit.org/show_bug.cgi?id=65798
+
+ JSC runtime/JSZombie.{cpp,h} were removed in r92046. Remove references to these
+ file names from the gyp projects.
+
+ Reviewed by Darin Adler.
+
+ * JavaScriptCore.gypi: zombies be gone.
+
+2011-08-05 Mark Rowe <mrowe@apple.com>
+
+ <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
+ is tied to a particular dispatch queue
+
+ A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
+ with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
+ to ensure that all operations are performed on the given dispatch queue.
+
+ Reviewed by Anders Carlsson.
+
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::setDispatchQueueForVerifier):
+ * wtf/ThreadRestrictionVerifier.h:
+ (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
+ (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
+ (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
+ (WTF::ThreadRestrictionVerifier::setShared):
+ (WTF::ThreadRestrictionVerifier::isSafeToUse):
+
+2011-08-05 Oliver Hunt <oliver@apple.com>
+
+ Inline allocation of function objects
+ https://bugs.webkit.org/show_bug.cgi?id=65779
+
+ Reviewed by Gavin Barraclough.
+
+ Inline allocation and initilisation of function objects
+ in generated code. This ended up being a 60-70% improvement
+ in function allocation performance. This improvement shows
+ up as a ~2% improvement in 32bit sunspider and V8, but is a
+ wash on 64-bit.
+
+ We currently don't inline the allocation of named function
+ expressions, as that requires being able to gc allocate a
+ variable object.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JSC::JIT::emitStoreCell):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateBasicJSObject):
+ (JSC::JIT::emitAllocateJSFinalObject):
+ (JSC::JIT::emitAllocateJSFunction):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_func):
+ (JSC::JIT::emitSlow_op_new_func):
+ (JSC::JIT::emit_op_new_func_exp):
+ (JSC::JIT::emitSlow_op_new_func_exp):
+ * jit/JITOpcodes32_64.cpp:
+ Removed duplicate implementation of op_new_func and op_new_func_exp
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::offsetOfScopeChain):
+ (JSC::JSFunction::offsetOfExecutable):
+
+2011-08-04 David Levin <levin@chromium.org>
+
+ CStringBuffer should have thread safety checks turned on.
+ https://bugs.webkit.org/show_bug.cgi?id=58093
+
+ Reviewed by Dmitry Titov.
+
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
+ turned this off for Chromium.
+
+2011-08-04 Mark Rowe <mrowe@apple.com>
+
+ Future-proof Xcode configuration settings.
+
+ * Configurations/Base.xcconfig:
+ * Configurations/DebugRelease.xcconfig:
+ * Configurations/JavaScriptCore.xcconfig:
+ * Configurations/Version.xcconfig:
+
+2011-08-04 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Interpreter can potentially GC in the middle of initializing a structure chain
+ https://bugs.webkit.org/show_bug.cgi?id=65638
+
+ Reviewed by Oliver Hunt.
+
+ Moved the allocation of a prototype StructureChain before the initialization of
+ the structure chain within the interpreter that was causing intermittent GC crashes.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::tryCachePutByID):
+ * wtf/Platform.h:
+
+2011-08-04 Filip Pizlo <fpizlo@apple.com>
+
+ Eval handling attempts literal parsing even when the eval
+ string is in the cache
+ https://bugs.webkit.org/show_bug.cgi?id=65675
+
+ Reviewed by Oliver Hunt.
+
+ This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
+ in SunSpider. It's neutral on V8.
+
+ * bytecode/EvalCodeCache.h:
+ (JSC::EvalCodeCache::tryGet):
+ (JSC::EvalCodeCache::getSlow):
+ (JSC::EvalCodeCache::get):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+
+2011-08-03 Mark Rowe <mrowe@apple.com>
+
+ Bring some order to FeatureDefines.xcconfig to make it easier to follow.
+
+ Reviewed by Sam Weinig.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-08-03 Mark Rowe <mrowe@apple.com>
+
+ Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
+
+ Reviewed by Dave Kilzer.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-08-03 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC heap size improvement breaks build on some platforms due to
+ unused parameter
+ https://bugs.webkit.org/show_bug.cgi?id=65641
+
+ Reviewed by Darin Adler.
+
+ Fix build on non-x86 platforms, by ensuring that the relevant
+ parameter always appears to be used even when it isn't.
+
+ * heap/Heap.cpp:
+
+2011-08-03 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Reorganize pkg-config files
+ https://bugs.webkit.org/show_bug.cgi?id=65548
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.am:
+ * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
+
+2011-08-01 David Levin <levin@chromium.org>
+
+ Add asserts to RefCounted to make sure ref/deref happens on the right thread.
+ https://bugs.webkit.org/show_bug.cgi?id=31639
+
+ Reviewed by Dmitry Titov.
+
+ * GNUmakefile.list.am: Added new files to the build.
+ * JavaScriptCore.gypi: Ditto.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
+ due to not being able to figure out what was guarding it (bug 58091).
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider): Ditto.
+ * wtf/CMakeLists.txt: Added new files to the build.
+ * wtf/ThreadRestrictionVerifier.h: Added.
+ Everything is done in the header to avoid the issue with exports
+ that are only useful in debug but still needing to export them.
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
+ and filed bug 58171 about making it stricter.
+ (WTF::RefCountedBase::hasOneRef): Ditto.
+ (WTF::RefCountedBase::refCount): Ditto.
+ (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
+ on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
+ (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
+ Filed bug 58174 to remove this method.
+ (WTF::RefCountedBase::derefBase):
+ * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
+ done in Chromium (bug 58093).
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC may not be able to reuse partially-free blocks after a
+ full collection
+ https://bugs.webkit.org/show_bug.cgi?id=65585
+
+ Reviewed by Darin Adler.
+
+ This fixes the linked list management bug. This fix is performance
+ neutral on SunSpider.
+
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::removeBlock):
+
+2011-07-30 Oliver Hunt <oliver@apple.com>
+
+ Simplify JSFunction creation for functions written in JS
+ https://bugs.webkit.org/show_bug.cgi?id=65422
+
+ Reviewed by Gavin Barraclough.
+
+ Remove hash lookups used to write name property and transition
+ function structure by caching the resultant structure and property
+ offset in JSGlobalObject. This doesn't impact performance, but
+ we can use this change to make other improvements later.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::FunctionExecutable::jsName):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::namedFunctionStructure):
+ (JSC::JSGlobalObject::functionNameOffset):
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC uses dummy cells to avoid having to remember which cells
+ it has already destroyed
+ https://bugs.webkit.org/show_bug.cgi?id=65556
+
+ Reviewed by Oliver Hunt.
+
+ This gets rid of dummy cells, and ensures that it's not necessary
+ to invoke a destructor on cells that have already been swept. In
+ the common case, a block knows that either all of its free cells
+ still need to have destructors called, or none of them do, which
+ minimizes the amount of branching that needs to happen per cell
+ when performing a sweep.
+
+ This is performance neutral on SunSpider and V8. It is meant as
+ a stepping stone to simplify the implementation of more
+ sophisticated sweeping algorithms.
+
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::ClearMarks::operator()):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::initForCellSize):
+ (JSC::MarkedBlock::callDestructor):
+ (JSC::MarkedBlock::specializedReset):
+ (JSC::MarkedBlock::reset):
+ (JSC::MarkedBlock::specializedSweep):
+ (JSC::MarkedBlock::sweep):
+ (JSC::MarkedBlock::produceFreeList):
+ (JSC::MarkedBlock::lazySweep):
+ (JSC::MarkedBlock::blessNewBlockForFastPath):
+ (JSC::MarkedBlock::blessNewBlockForSlowPath):
+ (JSC::MarkedBlock::canonicalizeBlock):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::FreeCell::setNoObject):
+ (JSC::MarkedBlock::setDestructorState):
+ (JSC::MarkedBlock::destructorState):
+ (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ * runtime/JSGlobalData.h:
+ * runtime/Structure.h:
+
+2011-08-01 Michael Saboff <msaboff@apple.com>
+
+ Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
+ https://bugs.webkit.org/show_bug.cgi?id=65502
+
+ Reviewed by Anders Carlsson.
+
+ With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
+ added an assert to the return code of madvise to catch any regressions.
+
+ * wtf/TCSystemAlloc.cpp:
+ (TCMalloc_SystemRelease):
+
+2011-08-02 Anders Carlsson <andersca@apple.com>
+
+ Fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-08-02 Anders Carlsson <andersca@apple.com>
+
+ Fix a Windows build error.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC is far too conservative about growing the heap size, particularly
+ on desktop platforms
+ https://bugs.webkit.org/show_bug.cgi?id=65438
+
+ Reviewed by Oliver Hunt.
+
+ The minimum heap size is now 16MB instead of 512KB, provided all of the
+ following are true:
+ a) ENABLE(LARGE_HEAP) is set, which currently only happens on
+ x86 targets, but could reasonably happen on any platform that is
+ known to have a decent amount of RAM.
+ b) JSGlobalData is initialized with HeapSize = LargeHeap, which
+ currently only happens when it's the JSDOMWindowBase in WebCore or
+ in the jsc command-line tool.
+
+ This is a 4.1% speed-up on SunSpider.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * jsc.cpp:
+ (main):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::createContextGroup):
+ (JSC::JSGlobalData::create):
+ (JSC::JSGlobalData::createLeaked):
+ (JSC::JSGlobalData::sharedInstance):
+ * runtime/JSGlobalData.h:
+ * wtf/Platform.h:
+
+2011-08-02 Filip Pizlo <fpizlo@apple.com>
+
+ JSC does a GC even when the heap still has free pages
+ https://bugs.webkit.org/show_bug.cgi?id=65445
+
+ Reviewed by Oliver Hunt.
+
+ If the high watermark is not reached, then we allocate new blocks as
+ before. If the current watermark does reach (or exceed) the high
+ watermark, then we check if there is a block on the free block pool.
+ If there is, we simply allocation from it. If there isn't, we
+ invoke a collectin as before. This effectively couples the elastic
+ scavenging to the collector's decision function. That is, if an
+ application rapidly varies its heap usage (sometimes using more and
+ sometimes less) then the collector will not thrash as it used to.
+ But if heap usage drops and stays low then the scavenger thread and
+ the GC will eventually reach a kind of consensus: the GC will set
+ the watermark low because of low heap usage, and the scavenger thread
+ will steadily eliminate pages from the free page pool, until the size
+ of the free pool is below the high watermark.
+
+ On command-line, this is neutral on SunSpider and Kraken and a 3% win
+ on V8. In browser, this is a 1% win on V8 and neutral on the other
+ two.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::allocateBlock):
+ * heap/Heap.h:
+
+2011-08-02 Jeff Miller <jeffm@apple.com>
+
+ Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
+ https://bugs.webkit.org/show_bug.cgi?id=65552
+
+ Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
+
+ Reviewed by Adam Roben.
+
+ * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
+
+2011-08-01 Jean-luc Brouillet <jeanluc@chromium.org>
+
+ Removing old source files in gyp files that slow build
+ https://bugs.webkit.org/show_bug.cgi?id=65503
+
+ Reviewed by Adam Barth.
+
+ A number of stale files are listed in the gyp files. These slow the
+ build on Visual Studio 2010. Removing them.
+
+ * JavaScriptCore.gypi:
+
+2011-07-14 David Levin <levin@chromium.org>
+
+ currentThread is too slow!
+ https://bugs.webkit.org/show_bug.cgi?id=64577
+
+ Reviewed by Darin Adler and Dmitry Titov.
+
+ The problem is that currentThread results in a pthread_once call which always takes a lock.
+ With this change, currentThread is 10% faster than isMainThread in release mode and only
+ 5% slower than isMainThread in debug.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
+ which is no longer needed because this is called from initializeThreading().
+ (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
+ intialization of the pthread key should already be done.
+ (WTF::ThreadIdentifierData::initialize): Ditto.
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading): Acquire the pthread key here.
+
+2011-08-01 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT sometimes creates speculation check data structures that have
+ invalid information about the format of a register
+ https://bugs.webkit.org/show_bug.cgi?id=65490
+
+ Reviewed by Gavin Barraclough.
+
+ The code now makes sure to (1) always have correct and up-to-date
+ information about register format at the time that a speculation
+ check is emitted, (2) assert that speculation data is correct
+ inside the speculation check implementation, and (3) avoid creating
+ speculation data altogether if compilation has already failed, since
+ at that point the format data is almost guaranteed to be bogus.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::speculationCheck):
+
+2011-08-01 Filip Pizlo <fpizlo@apple.com>
+
+ REGRESSION(r92092): Build fails on 64 bit
+ https://bugs.webkit.org/show_bug.cgi?id=65458
+
+ Reviewed by Oliver Hunt.
+
+ The build was broken because some compilers were smart enough to see
+ an array index out of bounds due to the decision fuction for when to
+ go from precise size classes to imprecise size classes being broken:
+ it would assume that sizes in the range 97..128 belonged to a precise
+ size class when in fact they belonged to an imprecise one.
+
+ In fact, the code would have run correctly, by way of a fluke, because
+ though the 4th precise size class (for 97..128) didn't exist, the next
+ array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
+ its first entry would have been a size class that is appropriate for
+ allocations in the range 97..128. However, this relies on specific
+ ordering of fields in NewSpace, so it's still a bug.
+
+ This fixes the bug by ensuring that allocations larger than 96 use
+ the imprecise size classes.
+
+ * heap/NewSpace.h:
+ (JSC::NewSpace::sizeClassFor):
+
+2011-07-31 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64679
+ Fix bugs in Array.prototype this handling.
+
+ Unreviewed - rolling out r91290.
+
+ Looks like the wild wild web isn't ready for this yet.
+
+ This change broke http://slides.html5rocks.com/#landing-slide.
+ Interestingly, this might only be due to our lack of bind support -
+ it looks like this site is calling Array.prototype.slice as a part
+ of its bind implementation.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+
+2011-07-31 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC lays out size classes under wrong assumptions about expected
+ object size.
+ https://bugs.webkit.org/show_bug.cgi?id=65437
+
+ Reviewed by Oliver Hunt.
+
+ Changed the atom size - which is both the smallest allocation size and
+ the smallest possible stepping unit for size class spacing - from
+ 8 bytes to 4 pointer-size words. This is a 1% win on SunSpider.
+
+ * heap/MarkedBlock.h:
+
+2011-07-31 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT does not optimize PutByVal
+ https://bugs.webkit.org/show_bug.cgi?id=65424
+
+ Reviewed by Gavin Barraclough.
+
+ Added code to emit PutByVal inline fast path.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-07-31 Filip Pizlo <fpizlo@apple.com>
+
+ The JSC garbage collector returns memory to the operating system too
+ eagerly.
+ https://bugs.webkit.org/show_bug.cgi?id=65382
+
+ Reviewed by Oliver Hunt.
+
+ This introduces a memory reuse model similar to the one in FastMalloc.
+ A periodic scavenger thread runs in the background and returns half the
+ free memory to the OS on each timer fire. New block allocations first
+ attempt to get the memory from the collector's internal pool, reverting
+ to OS allocation only when this pool is empty.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::~Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
+ (JSC::Heap::waitForRelativeTime):
+ (JSC::Heap::blockFreeingThreadStartFunc):
+ (JSC::Heap::blockFreeingThreadMain):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::releaseFreeBlocks):
+ * heap/Heap.h:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::destroy):
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::initForCellSize):
+ (JSC::MarkedBlock::reset):
+ * heap/MarkedBlock.h:
+ * wtf/Platform.h:
+
+2011-07-30 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure pass sometimes forgets to emit code to
+ move certain registers.
+ https://bugs.webkit.org/show_bug.cgi?id=65421
+
+ Reviewed by Oliver Hunt.
+
+ Restructured the offending loops (for gprs and fprs). It's once again
+ possible to use spreadsheets on docs.google.com.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-07-30 Patrick Gansterer <paroga@webkit.org>
+
+ Remove inclusion of MainThread.h from Threading.h
+ https://bugs.webkit.org/show_bug.cgi?id=65081
+
+ Reviewed by Darin Adler.
+
+ Add missing and remove unneeded include statements for MainThread.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ * wtf/Threading.h:
+ * wtf/ThreadingPthreads.cpp:
+ * wtf/text/StringStatics.cpp:
+
+2011-07-30 Oliver Hunt <oliver@apple.com>
+
+ Reduce the size of JSGlobalObject slightly
+ https://bugs.webkit.org/show_bug.cgi?id=65417
+
+ Reviewed by Dan Bernstein.
+
+ Push a few members that either aren't commonly used,
+ or aren't frequently accessed into a separate struct.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
+ (JSC::JSGlobalObject::createRareDataIfNeeded):
+ (JSC::JSGlobalObject::setProfileGroup):
+ (JSC::JSGlobalObject::profileGroup):
+ (JSC::JSGlobalObject::registerWeakMap):
+ (JSC::JSGlobalObject::deregisterWeakMap):
+
+2011-07-30 Balazs Kelemen <kbalazs@webkit.org>
+
+ MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
+ https://bugs.webkit.org/show_bug.cgi?id=65263
+
+ Reviewed by Dmitry Titov.
+
+ * wtf/Deque.h:
+ (WTF::::operator): Don't check the validity of an iterator
+ that will be reassigned right now.
+ * wtf/MessageQueue.h:
+ (WTF::::removeIf): Revert r51198 as I beleave this is the better
+ solution for the problem that was solved by that.
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC zombie support no longer works, and is likely no longer needed.
+ https://bugs.webkit.org/show_bug.cgi?id=65404
+
+ Reviewed by Darin Adler.
+
+ This removes zombies, because they no longer work, are not tested, are
+ probably not needed, and are getting in the way of GC optimization
+ work.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Handle.h:
+ (JSC::HandleConverter::operator->):
+ (JSC::HandleConverter::operator*):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::collect):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::sweep):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::clearMarks):
+ * interpreter/Register.h:
+ (JSC::Register::Register):
+ (JSC::Register::operator=):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::append):
+ (JSC::ArgList::ArgList):
+ * runtime/JSCell.cpp:
+ (JSC::isZombie):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ * runtime/JSGlobalData.h:
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::JSValue):
+ * runtime/JSZombie.cpp: Removed.
+ * runtime/JSZombie.h: Removed.
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+ * wtf/Platform.h:
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT verbose mode provides no details about predictions
+ https://bugs.webkit.org/show_bug.cgi?id=65389
+
+ Reviewed by Darin Adler.
+
+ Added a print-out of the predictions to the IR dump, with names as follows:
+ "p-bottom" = the parser made no predictions
+ "p-int32" = the parser predicted int32
+ ... (same for array, cell, double, number)
+ "p-top" = the parser made conflicting predictions which will be ignored.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::predictionToString):
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not have any way of undoing double speculation.
+ https://bugs.webkit.org/show_bug.cgi?id=65334
+
+ Reviewed by Gavin Barraclough.
+
+ This adds code to do a branchConvertDoubleToInt on specualtion failure.
+ This is performance-neutral on most benchmarks but does result in
+ a slight improvement in Kraken.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::GeneralizedRegister::moveTo):
+ (JSC::DFG::GeneralizedRegister::swapWith):
+ (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+
+2011-07-29 Filip Pizlo <fpizlo@apple.com>
+
+ Crash when opening docs.google.com
+ https://bugs.webkit.org/show_bug.cgi?id=65327
+
+ Reviewed by Gavin Barraclough.
+
+ The speculative JIT was only checking whether a value is an array when
+ we had already checked that it was, rather then when we hadn't.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-28 Oliver Hunt <oliver@apple.com>
+
+ *_list instructions are only used in one place, where the code is wrong.
+ https://bugs.webkit.org/show_bug.cgi?id=65348
+
+ Reviewed by Darin Adler.
+
+ Simply remove the instructions and all users. Speeds up the interpreter
+ slightly due to code motion, but otherwise has no effect (because none
+ of the _list instructions are ever used).
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::isPropertyAccess):
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::visitStructures):
+ * bytecode/Instruction.h:
+ * bytecode/Opcode.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+
+2011-07-28 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65325
+ Performance tweak to parseInt
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ - This change may an existing optimization redundant,
+ cleanup from Darin's comments, plus fix existing bugs.
+
+2011-07-28 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65325
+ Performance tweak to parseInt
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ - parseInt applied to small positive numbers = floor.
+
+2011-07-28 Dan Bernstein <mitz@apple.com>
+
+ Build fix.
+
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileForCallInternal):
+
+2011-07-28 Kent Tamura <tkent@chromium.org>
+
+ Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
+ https://bugs.webkit.org/show_bug.cgi?id=65300
+
+ Reviewed by Darin Adler.
+
+ r91837 had performance regression of StringImpl::stripWhiteSpace()
+ and simplifyWhiteSpace(). This changes the code so that compilers
+ generates code equivalent to r91836 or piror.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripMatchedCharacters):
+ A template member function for stripWhiteSpace(). This function takes a functor.
+ (WTF::UCharPredicate):
+ A functor for generic predicate for single UChar argument.
+ (WTF::SpaceOrNewlinePredicate):
+ A special functor for isSpaceOrNewline().
+ (WTF::StringImpl::stripWhiteSpace):
+ Use stripmatchedCharacters().
+ (WTF::StringImpl::simplifyMatchedCharactersToSpace):
+ A template member function for simplifyWhiteSpace().
+ (WTF::StringImpl::simplifyWhiteSpace):
+ Use simplifyMatchedCharactersToSpace().
+ * wtf/text/StringImpl.h:
+
+2011-07-27 Dmitry Lomov <dslomov@google.com>
+
+ [chromium] Turn on WTF_MULTIPLE_THREADS.
+ https://bugs.webkit.org/show_bug.cgi?id=61017
+ The patch turns on WTF_MULTIPLE_THREADS in chromium and
+ pushes some relevant initializations from JSC::initializeThreading
+ to WTF::initializeThreading.
+
+ Reviewed by David Levin.
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * wtf/FastMalloc.cpp:
+ (WTF::isForbidden):
+ (WTF::fastMallocForbid):
+ (WTF::fastMallocAllow):
+ * wtf/Platform.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+ * wtf/ThreadingWin.cpp:
+ (WTF::initializeThreading):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::initializeThreading):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::initializeThreading):
+
+2011-07-27 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Remove operator new from JSCell
+ https://bugs.webkit.org/show_bug.cgi?id=64999
+
+ Reviewed by Oliver Hunt.
+
+ Removed the implementation of operator new in JSCell, so any further uses
+ will not successfully link. Also removed any remaining uses of operator new.
+
+ * API/JSContextRef.cpp:
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::create):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::createExceptionScope):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::create):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::create):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::create):
+
+2011-07-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG graph has no notion of double prediction.
+ https://bugs.webkit.org/show_bug.cgi?id=65234
+
+ Reviewed by Gavin Barraclough.
+
+ Added the notion of PredictDouble, and PredictNumber, which is the least
+ upper bound of PredictInt32 and PredictDouble. Least upper bound is
+ defined as the bitwise-or of two predictions. Bottom is defined as 0,
+ and Top is defined as all bits being set. Added the ability to explicitly
+ distinguish between a node having had a prediction associated with it,
+ and that prediction still being valid (i.e. no conflicting predictions
+ have also been added). Used this to guard the speculative JIT from
+ speculating Int32 in cases where the graph knows that the value is
+ double, which currently only happens for GetLocal nodes on arguments
+ which were double at compile-time.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::isCellPrediction):
+ (JSC::DFG::isArrayPrediction):
+ (JSC::DFG::isInt32Prediction):
+ (JSC::DFG::isDoublePrediction):
+ (JSC::DFG::isNumberPrediction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
+
+2011-07-27 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65294
+ DFG JIT - may speculate based on wrong arguments.
+
+ Reviewed by Oliver Hunt
+
+ In the case of a DFG compiled function calling to and compiling a second function that
+ also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
+ we call compileFor passing the caller functions exec state, rather than the callee's.
+ This may lead to mis-optimization, since the DFG compiler will example the exec state's
+ arguments on the assumption that these will be passed to the callee - it is wanting the
+ callee exec state, not the caller's exec state.
+
+ Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
+ function is compiled, & the structure of the calls in the Interpreter::execute methods.
+ Only fix for compilation from the JIT, in other calls don't speculate based on arguments
+ for now.
+
+ * dfg/DFGOperations.cpp:
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ (JSC::tryDFGCompileFunction):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileFor):
+
+2011-07-27 Oliver Hunt <oliver@apple.com>
+
+ Handle callback oriented JSONP
+ https://bugs.webkit.org/show_bug.cgi?id=65271
+
+ Reviewed by Gavin Barraclough.
+
+ Handle the callback oriented versions of JSONP. The Literal parser
+ now handles <Identifier> (. <Identifier>)* (jsonData).
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::Lexer::lex):
+ * runtime/LiteralParser.h:
+
+2011-07-27 Stephanie Lewis <slewis@apple.com>
+
+ Revert http://trac.webkit.org/changeset/90415.
+ Caused a 5% sunspider regression in-browser.
+
+ Unreviewed rollout.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::releaseExecutableMemory):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::invalidateCode):
+ * runtime/RegExp.h:
+
+2011-07-27 Shinya Kawanaka <shinyak@google.com>
+
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=57746
+
+ Reviewed by Kent Tamura.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripWhiteSpace):
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ (WTF::StringImpl::simplifyWhiteSpace): ditto.
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ (WTF::String::stripWhiteSpace): ditto.
+ (WTF::String::simplifyWhiteSpace): ditto.
+ * wtf/text/WTFString.h:
+
+2011-07-27 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT speculation failure code performs incorrect conversions in
+ the case where two registers need to be swapped.
+ https://bugs.webkit.org/show_bug.cgi?id=65233
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::GeneralizedRegister::swapWith):
+
+2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ reduce and reduceRight bind callback's this to null rather than undefined
+ https://bugs.webkit.org/show_bug.cgi?id=62264
+
+ Reviewed by Oliver Hunt.
+
+ Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
+ when calling the callback function without an argument for this, which means it should
+ be undefined according to ES 15.4.4.21 and 15.4.4.22.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+
+2011-07-26 Filip Pizlo <fpizlo@apple.com>
+
+ JSC command-line tool does not come with any facility for
+ measuring time precisely.
+ https://bugs.webkit.org/show_bug.cgi?id=65223
+
+ Reviewed by Gavin Barraclough.
+
+ Exposed WTF::currentTime() as currentTimePrecise().
+
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionPreciseTime):
+
+2011-07-26 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT never emits inline double comparisons, even when it
+ would be obvious more efficient to do so.
+ https://bugs.webkit.org/show_bug.cgi?id=65212
+
+ Reviewed by Gavin Barraclough.
+
+ This handles the obvious case of inlining double comparisons: it only addresses
+ the speculative JIT, and only for fused compare/branch sequences. But it does
+ handle the case where both operands are double (and there is no slow path),
+ or where one operand is double and the other is unknown type (in which case it
+ attempts to unbox the double, otherwise taking slow path). This is an 0.8%
+ speed-up on SunSpider.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::convertToDouble):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+
+2011-07-26 Filip Pizlo <fpizlo@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64969
+ DFG JIT generates inefficient code for speculation failures.
+
+ Reviewed by Gavin Barraclough.
+
+ This implements a speculation failure strategy where (1) values spilled on
+ non-speculative but not spilled on speculative are spilled, (2) values that
+ are in registers on both paths are rearranged without ever touching memory,
+ and (3) values spilled on speculative but not spilled on non-speculative are
+ filled.
+
+ The register shuffling is the most interesting part of this patch. It
+ constructs a permutation graph for registers. Each node represents a
+ register, and each directed edge corresponds to the register's value having
+ to be moved to a different register as part of the shuffling. This is a
+ directed graph where each node may only have 0 or 1 incoming edges, and
+ 0 or 1 outgoing edges. The algorithm then first finds maximal non-cyclic
+ subgraphs where all nodes in the subgraph are reachable from a start node.
+ Such subgraphs always resemble linked lists, and correspond to simply
+ moving the value in the second-to-last register into the last register, and
+ then moving the value in the third-to-last register into the second-to-last
+ register, and so on. Once these subgraphs are taken care of, the remaining
+ subgraphs are cycles, and are handled using either (a) conversion or no-op
+ if the cycle involves one node, (b) swap if it involves two nodes, or (c)
+ a cyclic shuffle involving a scratch register if there are three or more
+ nodes.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::needDataFormatConversion):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
+ (JSC::DFG::GeneralizedRegister::createGPR):
+ (JSC::DFG::GeneralizedRegister::createFPR):
+ (JSC::DFG::GeneralizedRegister::dump):
+ (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
+ (JSC::DFG::GeneralizedRegister::findInEntryLocation):
+ (JSC::DFG::GeneralizedRegister::previousDataFormat):
+ (JSC::DFG::GeneralizedRegister::nextDataFormat):
+ (JSC::DFG::GeneralizedRegister::convert):
+ (JSC::DFG::GeneralizedRegister::moveTo):
+ (JSC::DFG::GeneralizedRegister::swapWith):
+ (JSC::DFG::ShuffledRegister::ShuffledRegister):
+ (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
+ (JSC::DFG::ShuffledRegister::lookup):
+ (JSC::DFG::lookupForRegister):
+ (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
+ (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
+ (JSC::DFG::NodeToRegisterMap::set):
+ (JSC::DFG::NodeToRegisterMap::end):
+ (JSC::DFG::NodeToRegisterMap::find):
+ (JSC::DFG::NodeToRegisterMap::clear):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::linkSpeculationChecks):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-07-26 Oliver Hunt <oliver@apple.com>
+
+ Buffer overflow creating error messages for JSON.parse
+ https://bugs.webkit.org/show_bug.cgi?id=65211
+
+ Reviewed by Darin Adler.
+
+ Parse string length to the UString constructor.
+
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::parse):
+
+2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor automatically generated JS DOM bindings to replace operator new with static create methods
+ https://bugs.webkit.org/show_bug.cgi?id=64732
+
+ Reviewed by Oliver Hunt.
+
+ Replacing the public constructors in the automatically generated JS DOM bindings with static
+ create methods. JSByteArray is used by several of these bindings in WebCore.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::create):
+ * runtime/JSByteArray.h:
+
+2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
+
+ Unreviewed build fix for Qt/Linux.
+
+ On platforms with no glib and gstreamer we should not build javascriptcore
+ with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
+
+ * wtf/wtf.pri:
+
+2011-07-26 Juan C. Montemayor <jmont@apple.com>
+
+ JSON errors should be informative
+ https://bugs.webkit.org/show_bug.cgi?id=63339
+
+ Added error messages to the JSON Parser.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::getErrorMessage):
+ (JSC::LiteralParser::Lexer::sawError):
+ (JSC::LiteralParser::Lexer::getErrorMessage):
+
+2011-07-26 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91746.
+ http://trac.webkit.org/changeset/91746
+ https://bugs.webkit.org/show_bug.cgi?id=65180
+
+ It broke SL build (Requested by Ossy on #webkit).
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripWhiteSpace):
+ (WTF::StringImpl::simplifyWhiteSpace):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ * wtf/text/WTFString.h:
+
+2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
+ https://bugs.webkit.org/show_bug.cgi?id=63472
+
+ Enable the bits needed for GStreamer only when QtMultimedia is not used.
+
+ * wtf/wtf.pri:
+
+2011-07-26 Shinya Kawanaka <shinyak@google.com>
+
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=57746
+
+ Reviewed by Kent Tamura.
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::stripWhiteSpace):
+ Added an interface to take IsWhiteSpaceFunctionPtr.
+ (WTF::StringImpl::simplifyWhiteSpace): ditto.
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ (WTF::String::stripWhiteSpace): ditto.
+ (WTF::String::simplifyWhiteSpace): ditto.
+ * wtf/text/WTFString.h:
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT emits inefficient code for arithmetic
+ involving two registers
+ https://bugs.webkit.org/show_bug.cgi?id=65160
+
+ Reviewed by Gavin Barraclough.
+
+ The non-speculative JIT now emits inline code for double arithmetic, but
+ still attempts integer arithmetic first. This is a speed-up on SunSpider
+ (albeit a small one), and a large speed-up on Kraken.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+
+2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Build break with --debug after r89153.
+ https://bugs.webkit.org/show_bug.cgi?id=65150
+
+ Unreviewed build fix.
+
+ * wtf/CMakeListsEfl.txt: Add missing libraries.
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT emits obviously inefficient code for arithmetic
+ where one operand is a constant.
+ https://bugs.webkit.org/show_bug.cgi?id=65146
+
+ Reviewed by Gavin Barraclough.
+
+ Changed the code to emit double arithmetic inline.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT bytecode parser misuses pointers into objects allocated as part of a
+ WTF::Vector.
+ https://bugs.webkit.org/show_bug.cgi?id=65128
+
+ Reviewed by Gavin Barraclough.
+
+ The bytecode parser code seems to be right to have a DFGNode& phiNode reference
+ into the graph, since this makes the code greatly more readable. This patch
+ thus makes the minimal change necessary to make the code right: it uses a
+ pointer (to disambiguate between reloading the pointer and performing a
+ copy from one location of the vector to another) and reloads it after the
+ calls to addToGraph().
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+
+2011-07-25 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91686.
+ http://trac.webkit.org/changeset/91686
+ https://bugs.webkit.org/show_bug.cgi?id=65144
+
+ 1.5% regression in JSC (Requested by jmontemayor on #webkit).
+
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+
+2011-07-25 Jon Lee <jonlee@apple.com>
+
+ Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
+ https://bugs.webkit.org/show_bug.cgi?id=65132
+ <rdar://problem/9836297>
+
+ Reviewed by Oliver Hunt.
+
+ Make sure the JIT is available to use before running the following calls:
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
+
+2011-07-25 Juan C. Montemayor <jmont@apple.com>
+
+ JSON errors should be informative
+ https://bugs.webkit.org/show_bug.cgi?id=63339
+
+ Added error messages to the JSON Parser.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::getErrorMessage):
+ (JSC::LiteralParser::Lexer::sawError):
+ (JSC::LiteralParser::Lexer::getErrorMessage):
+
+2011-07-25 Filip Pizlo <fpizlo@apple.com>
+
+ X86-64 assembler emits three instructions instead of two for certain
+ loads and stores.
+ https://bugs.webkit.org/show_bug.cgi?id=65095
+
+ Reviewed by Gavin Barraclough.
+
+ Simply made these four methods in the assembler use the scratch register,
+ which they were previously avoiding. It still optimizes for the case where
+ an absolute address memory accesses is using EAX. This results in a slight
+ performance improvement.
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::load32):
+ (JSC::MacroAssemblerX86_64::store32):
+ (JSC::MacroAssemblerX86_64::loadPtr):
+ (JSC::MacroAssemblerX86_64::storePtr):
+
+2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
+ https://bugs.webkit.org/show_bug.cgi?id=64354
+
+ Use ecore_time_unix_get which returns unix time as double type for currentTime
+ and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
+
+ Reviewed by Kent Tamura.
+
+ * wtf/CurrentTime.cpp:
+ (WTF::currentTime):
+ (WTF::monotonicallyIncreasingTime):
+
+2011-07-22 Sommer Panage <panage@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
+ https://bugs.webkit.org/show_bug.cgi?id=64981
+
+ UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
+ Currently, the C API does not provide the tools to do this. However, the private API
+ does expose the necessary functionality to get a backtrace
+ (via Interpreter::retrieveLastCaller). We recognize this information may result in
+ failure in the cases of programs run by 'eval', stack frames beneath host function
+ call frames, and in programs run from other programs. Thus, we propose exporting our
+ JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
+ we need while not advertising an API that isn't really ready for full use.
+
+ * API/JSContextRef.cpp:
+ * API/JSContextRefPrivate.h:
+ * JavaScriptCore.exp:
+
+
+2011-07-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65051
+ DFG JIT - Enable by default for mac platform on x86-64.
+
+ Rubber Stamped by Geoff Garen.
+
+ This is now a performance progression.
+
+ * wtf/Platform.h:
+ - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
+
+2011-07-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65047
+ DFG JIT - Add support for op_resolve/op_resolve_base
+
+ Reviewed by Sam Weinig.
+
+ These are necessary for any significant eval code coverage
+ (and as such increase LayoutTest coverage).
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordResolve):
+ - Conservatively blow aliasing optimizations for now.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ - Add support for op_resolve/op_resolve_base.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ - Add call with exec, identifer aguments.
+ * dfg/DFGNode.h:
+ - Add new node types.
+ (JSC::DFG::Node::hasIdentifier):
+ - Resolve nodes have identifiers, too!
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Add generation for new Nodes.
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ - Added new operations.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Add generation for new Nodes.
+
+2011-07-22 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=65036
+ Messing with the register allocation within flow control = badness.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Fix register allocation.
+
+2011-07-22 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
+ https://bugs.webkit.org/show_bug.cgi?id=63986
+
+ Reviewed by Geoffrey Garen.
+
+ Changed the implementation of Date.prototype.toISOString() to use the extended year
+ format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
+
+ * runtime/DatePrototype.cpp:
+ (JSC::dateProtoFuncToISOString):
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-07-21 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix after r91555.
+
+ * JavaScriptCore.exp:
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=19271
+ eliminate PIC branches by changing NaN handling in JSValue::toNumber
+
+ Reviewed by Sam Weinig.
+
+ Moving the non-numeric cases out of line seems to be a consistent
+ win on SunSpider for me, to the order of about 0.5%.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toNumber):
+ - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toNumberSlowCase):
+ - Added toNumberSlowCase, handling non-numeric cases.
+ * runtime/JSValue.h:
+ - Add declaration of toNumberSlowCase.
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64875
+ Use of `yield` keyword is broken
+
+ Reviewed by Sam Weinig.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ - The bug here is that a successful match of a RESERVED_IF_STRICT token from
+ parseKeyword is being nullified back to IDENT. The problem is that in the
+ case of IDENT matches parseKeyword should not move the lexer's input
+ position, but in the case of RESERVED_IF_STRICT it has done so.
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64900
+ Function.prototype.apply should accept an array-like object as its second argument
+
+ Reviewed by Sam Weinig.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::functionProtoFuncApply):
+ - Remove the type error if object is not an array.
+
+2011-07-21 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64964
+ DFG JIT - Enable support for eval code
+
+ Reviewed by Sam Weinig.
+
+ This is basically the same as program code, to the JIT!
+
+ * bytecode/Opcode.cpp:
+ * bytecode/Opcode.h:
+ - Enable opcodeNames in !NDEBUG builds.
+ * dfg/DFGOperations.cpp:
+ - Fix a bug exposed by eval support, throw correct type error for new.
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ - Enable DFG JIT for eval code.
+
+2011-07-20 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91380.
+ http://trac.webkit.org/changeset/91380
+ https://bugs.webkit.org/show_bug.cgi?id=64924
+
+ Caused assertion failures in Chromium's IndexedDB tests
+ (Requested by rniwa on #webkit).
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::identifier):
+ (WTF::ThreadIdentifierData::initialize):
+ (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
+ (WTF::ThreadIdentifierData::initializeKeyOnce):
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+
+2011-07-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG non-speculative JIT does not use() the aliased GetByVal,
+ resulting in bloated use counts.
+ https://bugs.webkit.org/show_bug.cgi?id=64911
+
+ Reviewed by Gavin Barraclough.
+
+ Inserted a call to use() for the aliased GetByVal.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-07-20 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64909
+ DFG JIT - Missing ToInt32 conversions for double constants.
+
+ Reviewed by Sam Weinig.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::toInt32):
+ - We cannot trivially omit ToInt32 conversions on double constants.
+
+2011-07-20 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT sometimes claims to use compare operands twice, leading to
+ use count corruption.
+ https://bugs.webkit.org/show_bug.cgi?id=64903
+
+ Reviewed by Gavin Barraclough.
+
+ Move the calls to use() in SpeculativeJIT::compare() so that they only happen
+ if the JITCodeGenerator's helper method (which also calls use()) is not called.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+
+2011-07-20 Oliver Hunt <oliver@apple.com>
+
+ Don't throw away code when JSGarbageCollect API is called
+ https://bugs.webkit.org/show_bug.cgi?id=64894
+
+ Reviewed by Sam Weinig.
+
+ Just call collectAllGarbage. That will clean up all unneeded
+ code without causing any pathological recompilation problems.
+
+ * API/JSBase.cpp:
+ (JSGarbageCollect):
+
+2011-07-20 Oliver Hunt <oliver@apple.com>
+
+ Codeblock doesn't visit cached structures in global resolve instructions
+ https://bugs.webkit.org/show_bug.cgi?id=64889
+
+ Reviewed by Sam Weinig.
+
+ Visit the global resolve instructions. This fixes a couple
+ of random crashes seen in the jquery tests when using the
+ interpreter.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+
+2011-07-20 James Robinson <jamesr@chromium.org>
+
+ Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
+ https://bugs.webkit.org/show_bug.cgi?id=64841
+
+ Reviewed by Mark Rowe.
+
+ http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
+ monotonic clock instead of WTF::currentTime(). This broke many plugin tests on WebKit2 for reasons that are
+ unclear. This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
+
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/ThreadingWin.cpp:
+ (WTF::absoluteTimeToWaitTimeoutInterval):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::ThreadCondition::timedWait):
+
+2011-07-14 David Levin <levin@chromium.org>
+
+ currentThread is too slow!
+ https://bugs.webkit.org/show_bug.cgi?id=64577
+
+ Reviewed by Darin Adler and Dmitry Titov.
+
+ The problem is that currentThread results in a pthread_once call which always takes a lock.
+ With this change, currentThread is 10% faster than isMainThread in release mode and only
+ 5% slower than isMainThread in debug.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
+ which is no longer needed because this is called from initializeThreading().
+ (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
+ intialization of the pthread key should already be done.
+ (WTF::ThreadIdentifierData::initialize): Ditto.
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading): Acquire the pthread key here.
+
+2011-07-20 Mark Rowe <mrowe@apple.com>
+
+ Fix the 32-bit build.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncToString):
+
+2011-07-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64678
+ Fix bugs in Object.prototype this handling.
+
+ Reviewed by Darin Adler.
+
+ Fix ES5.1 correctness issues identified by Mads Ager.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncToString):
+ - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
+
+2011-07-19 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
+ https://bugs.webkit.org/show_bug.cgi?id=63918
+
+ Reviewed by Darin Adler.
+
+ When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
+ method due to additional string copying within several of the constructors when dealing with
+ UStrings. This has been added to the UString version of the appendStringInConstruct method
+ within the JSString class.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::appendStringInConstruct):
+
+2011-07-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64679
+ Fix bugs in Array.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncConcat):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+ - These methods should throw if this value is undefined.
+
+2011-07-19 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64677
+ Fix bugs in String.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ undefined/null this values should throw TypeErrors, not convert to
+ the global object, and primitive values should not be converted via
+ object types.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+ (JSC::stringProtoFuncCharAt):
+ (JSC::stringProtoFuncCharCodeAt):
+ (JSC::stringProtoFuncIndexOf):
+ (JSC::stringProtoFuncLastIndexOf):
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ (JSC::stringProtoFuncSlice):
+ (JSC::stringProtoFuncSplit):
+ (JSC::stringProtoFuncSubstr):
+ (JSC::stringProtoFuncSubstring):
+ (JSC::stringProtoFuncToLowerCase):
+ (JSC::stringProtoFuncToUpperCase):
+ (JSC::stringProtoFuncLocaleCompare):
+ (JSC::stringProtoFuncBig):
+ (JSC::stringProtoFuncSmall):
+ (JSC::stringProtoFuncBlink):
+ (JSC::stringProtoFuncBold):
+ (JSC::stringProtoFuncFixed):
+ (JSC::stringProtoFuncItalics):
+ (JSC::stringProtoFuncStrike):
+ (JSC::stringProtoFuncSub):
+ (JSC::stringProtoFuncSup):
+ (JSC::stringProtoFuncFontcolor):
+ (JSC::stringProtoFuncFontsize):
+ (JSC::stringProtoFuncAnchor):
+ (JSC::stringProtoFuncLink):
+ (JSC::trimString):
+ - These methods should throw if this value is undefined,
+ convert ToString directly, not via ToObject.
+
+2011-07-19 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT sometimes emits spill code even when the respective values
+ are never needed.
+ https://bugs.webkit.org/show_bug.cgi?id=64774
+
+ Reviewed by Gavin Barraclough.
+
+ The main high-level change is that it is now easier to call use() on a
+ virtual register. JSValueOperand and its other-typed relatives now have
+ a handy use() method, and jsValueResult() and friends now make it easier to
+ pass UseChildrenCalledExplicitly.
+
+ The rest of this patch hoists the call to use() as high as possible for
+ all of those cases where either flushRegisters() or silentSpillAllRegisters()
+ may be called.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::integerResult):
+ (JSC::DFG::JITCodeGenerator::jsValueResult):
+ (JSC::DFG::IntegerOperand::use):
+ (JSC::DFG::DoubleOperand::use):
+ (JSC::DFG::JSValueOperand::use):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateStrictInt32Operand::use):
+ (JSC::DFG::SpeculateCellOperand::use):
+
+2011-07-19 Xan Lopez <xlopez@igalia.com>
+
+ ARMv7 backend broken, lacks 3 parameter rshift32 method
+ https://bugs.webkit.org/show_bug.cgi?id=64571
+
+ Reviewed by Zoltan Herczeg.
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize strict equality as effectively as the old JIT does.
+ https://bugs.webkit.org/show_bug.cgi?id=64759
+
+ Reviewed by Gavin Barraclough.
+
+ This adds a more complete set of strict equality optimizations. If either
+ operand is known numeric, then the code reverts to the old style of optimizing
+ (first try integer comparison). Otherwise it uses the old JIT's trick of
+ first simultaneously checking if both operands are either numbers or cells;
+ if not then a fast path is taken.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-18 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64760
+ DFG JIT - Should be able to compile program code.
+
+ Reviewed by Geoff Garen.
+
+ Add support for op_end, hooks to compile program code in Executable.cpp.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ - Add support for op_end
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileEntry):
+ (JSC::DFG::JITCompiler::compileBody):
+ (JSC::DFG::JITCompiler::link):
+ - Added, separate out steps of compileFunction.
+ (JSC::DFG::JITCompiler::compile):
+ - Added, compile program code.
+ (JSC::DFG::JITCompiler::compileFunction):
+ - Sections separated out to helper functions.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::JITCompiler):
+ - Added m_exceptionCheckCount.
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ (JSC::tryDFGCompileFunction):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
+
+2011-07-18 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64678
+ Fix bugs in Object.prototype this handling.
+
+ Reviewed by Oliver Hunt.
+
+ undefined/null this values should throw TypeErrors, not convert to the global object,
+ also, to toLocaleString should be calling the ToObject & invoking the object's toString
+ function, even for values that are already strings.
+
+ * runtime/ObjectPrototype.cpp:
+ (JSC::objectProtoFuncValueOf):
+ (JSC::objectProtoFuncHasOwnProperty):
+ (JSC::objectProtoFuncIsPrototypeOf):
+ (JSC::objectProtoFuncPropertyIsEnumerable):
+ (JSC::objectProtoFuncToLocaleString):
+ (JSC::objectProtoFuncToString):
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ JSC GC lazy sweep does not inline the common cases of cell destruction.
+ https://bugs.webkit.org/show_bug.cgi?id=64745
+
+ Reviewed by Oliver Hunt.
+
+ This inlines the case of JSFinalObject destruction.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::lazySweep):
+
+2011-07-18 Oliver Hunt <oliver@apple.com>
+
+ Interpreter build-fix
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize equal-null comparisons and branches.
+ https://bugs.webkit.org/show_bug.cgi?id=64659
+
+ Reviewed by Gavin Barraclough.
+
+ Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
+ which is used by both the speculative and non-speculative JIT. Through
+ the use of the new isNullConstant helper, the two JITs invoke the
+ nonSpecualtiveCompareNull() helper instead of their regular comparison
+ helpers when compiling CompareEq. Through the use of the new isKnownCell
+ helper, the compare-null code will skip the is-a-cell check if the
+ speculative JIT had been speculating cell.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownCell):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isNullConstant):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-18 James Robinson <jamesr@chromium.org>
+
+ Timer scheduling should be based off the monotonic clock
+ https://bugs.webkit.org/show_bug.cgi?id=64544
+
+ Reviewed by Darin Adler.
+
+ Switches ThreadCondition::timedWait and related utility functions from currentTime() to
+ monotonicallyIncreasingTime().
+
+ Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/ThreadingWin.cpp:
+ (WTF::absoluteTimeToWaitTimeoutInterval):
+ * wtf/gtk/ThreadingGtk.cpp:
+ (WTF::ThreadCondition::timedWait):
+ * wtf/qt/ThreadingQt.cpp:
+ (WTF::ThreadCondition::timedWait):
+
+2011-07-18 Filip Pizlo <fpizlo@apple.com>
+
+ JSC JIT does not inline GC allocation fast paths
+ https://bugs.webkit.org/show_bug.cgi?id=64582
+
+ Reviewed by Oliver Hunt.
+
+ This addresses inlining allocation for the easiest-to-allocate cases:
+ op_new_object and op_create_this. Inlining GC allocation fast paths
+ required three changes. First, the JSGlobalData now saves the vtable
+ pointer of JSFinalObject, since that's what op_new_object and
+ op_create_this allocate. Second, the Heap exposes a reference to
+ the appropriate SizeClass, so that the JIT may inline accesses
+ directly to the SizeClass for JSFinalObject allocations. And third,
+ the JIT is extended with code to emit inline fast paths for GC
+ allocation. A stub call is emitted in the case where the inline fast
+ path fails.
+
+ * heap/Heap.h:
+ (JSC::Heap::sizeClassFor):
+ (JSC::Heap::allocate):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitAllocateJSFinalObject):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emitSlow_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emitSlow_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ * runtime/JSGlobalData.h:
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::JSFinalObject):
+ (JSC::JSObject::offsetOfInheritorID):
+
+2011-07-18 Mark Hahnenberg <mhahnenberg@apple.com>
+
+ Refactor JSC to replace JSCell::operator new with static create method
+ https://bugs.webkit.org/show_bug.cgi?id=64466
+
+ Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
+
+ First step in a longer refactoring process to remove the use of
+ operator new overloading in order to allocate GC objects and to replace
+ this method with static create methods for each individual type of heap-allocated
+ JS object. This particular patch only deals with replacing uses of
+ operator new within JSC proper. Future patches will remove it from the
+ parts that interface with the DOM. Due to the DOM's continued dependence
+ on it, operator new has not actually been removed from JSCell.
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::create):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::create):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::operator new):
+ (JSC::JSCallbackObject::create):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::staticFunctionGetter):
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/JSContextRef.cpp:
+ * API/JSObjectRef.cpp:
+ (JSObjectMake):
+ (JSObjectMakeFunctionWithCallback):
+ (JSObjectMakeConstructor):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::createActivation):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::makeFunction):
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveArguments):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (GlobalObject::create):
+ (GlobalObject::GlobalObject):
+ (functionRun):
+ (jscmain):
+ * runtime/Arguments.h:
+ (JSC::Arguments::create):
+ (JSC::Arguments::createNoParameters):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::create):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSplice):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::create):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::constructBoolean):
+ (JSC::constructBooleanFromImmediateBoolean):
+ * runtime/BooleanConstructor.h:
+ (JSC::BooleanConstructor::create):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::create):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::create):
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::create):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::create):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::create):
+ * runtime/Error.cpp:
+ (JSC::createError):
+ (JSC::createEvalError):
+ (JSC::createRangeError):
+ (JSC::createReferenceError):
+ (JSC::createSyntaxError):
+ (JSC::createTypeError):
+ (JSC::createURIError):
+ (JSC::StrictModeTypeErrorFunction::create):
+ (JSC::createTypeErrorFunction):
+ * runtime/ErrorConstructor.h:
+ (JSC::ErrorConstructor::create):
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorInstance.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::create):
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::InterruptedExecutionError::create):
+ (JSC::createInterruptedExecutionException):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ (JSC::TerminatedExecutionError::create):
+ (JSC::createTerminatedExecutionException):
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::create):
+ (JSC::NativeExecutable::create):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::ProgramExecutable::create):
+ (JSC::FunctionExecutable::create):
+ (JSC::FunctionExecutable::make):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionConstructor.h:
+ (JSC::FunctionConstructor::create):
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::addFunctionProperties):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::create):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::create):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::create):
+ (JSC::jsAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::argumentsGetter):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSArray.h:
+ (JSC::JSArray::create):
+ * runtime/JSCell.h:
+ (JSC::JSCell::allocateCell):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::create):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ (JSC::constructArray):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::create):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::create):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::putDescriptor):
+ * runtime/JSObject.h:
+ (JSC::JSFinalObject::create):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::create):
+ * runtime/JSString.cpp:
+ (JSC::JSString::substringFromRope):
+ (JSC::JSString::replaceCharacter):
+ (JSC::StringObject::create):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::create):
+ (JSC::RopeBuilder::createHasOtherOwner):
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsNontrivialString):
+ (JSC::jsString):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString):
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toObjectSlowCase):
+ (JSC::JSValue::synthesizeObject):
+ (JSC::JSValue::synthesizePrototype):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/MathObject.h:
+ (JSC::MathObject::create):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::create):
+ * runtime/NativeErrorPrototype.h:
+ (JSC::NativeErrorPrototype::create):
+ * runtime/NumberConstructor.cpp:
+ (JSC::constructWithNumberConstructor):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::create):
+ * runtime/NumberObject.cpp:
+ (JSC::constructNumber):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::create):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::create):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::create):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::create):
+ * runtime/Operations.h:
+ (JSC::jsString):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::createWithoutCaching):
+ (JSC::RegExp::create):
+ * runtime/RegExp.h:
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::arrayOfMatches):
+ (JSC::constructRegExp):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::create):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::RegExpMatchesArray::create):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::create):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncCompile):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::create):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::create):
+ (JSC::ScopeChainNode::push):
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::createEmptyString):
+ (JSC::SmallStrings::createSingleCharacterString):
+ * runtime/StringConstructor.cpp:
+ (JSC::constructWithStringConstructor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::create):
+ * runtime/StringObject.h:
+ (JSC::StringObject::create):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::create):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::create):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::createStructure):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+
+2011-07-17 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
+ https://bugs.webkit.org/show_bug.cgi?id=64337
+
+ Replace ecore_timer_add to Ecore_Pipe.
+ This is needed because ecore_timer should not be called in a child thread,
+ but in the main thread.
+
+ Reviewed by Antonio Gomes.
+
+ * wtf/efl/MainThreadEfl.cpp:
+ (WTF::pipeObject):
+ (WTF::monitorDispatchFunctions):
+ (WTF::initializeMainThreadPlatform):
+ (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2011-07-17 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
+ https://bugs.webkit.org/show_bug.cgi?id=64637
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGOperations.cpp:
+
+2011-07-16 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64657
+ Converted this value not preserved when accessed via direct eval.
+
+ Reviewed by Oliver Hunt.
+
+ Upon entry into a non-strict function, primitive this values should be boxed as Object types
+ (or substituted with the global object) - which is done by op_convert_this. However we only
+ do so where this is used lexically within the function (we omit the conversion op if not).
+ The problem comes if a direct eval (running within the function's scope) accesses the this
+ value.
+
+ We are safe in the case of a single eval, since the this object will be converted within
+ callEval, however the converted value is not preserved, and a new wrapper object is allocated
+ each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
+ object will be lost between eval statements.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ - If a function uses eval, we always need to convert this.
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ - Don't convert primitive values here - this is too late!
+ (JSC::Interpreter::privateExecute):
+ - Changed op_convert_this to call new isPrimitive method.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Changed op_convert_this to call new isPrimitive method.
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::isPrimitive):
+ - Added JSValue::isPrimitive.
+ * runtime/JSValue.h:
+ - Added JSValue::isPrimitive.
+
+2011-07-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT compare/branch code emits is-integer tests even when a value is
+ definitely not an integer.
+ https://bugs.webkit.org/show_bug.cgi?id=64654
+
+ Reviewed by Gavin Barraclough.
+
+ Added the isKnownNotInteger() method, which returns true if a node is
+ definitely not an integer and will always fail any is-integer test. Then
+ modified the compare and branch code to use this method; if it returns
+ true then is-int tests are omitted and the compiler always emits a slow
+ call.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+
+2011-07-16 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT has dead code for slow calls for branches.
+ https://bugs.webkit.org/show_bug.cgi?id=64653
+
+ Reviewed by Gavin Barraclough.
+
+ Removed SpeculativeJIT::compilePeepHoleCall.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-07-15 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * dfg/DFGGraph.h:
+
+2011-07-15 Gavin Barraclough <barraclough@apple.com>
+
+ NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
+ https://bugs.webkit.org/show_bug.cgi?id=55346
+
+ Reviewed by Sam Weinig.
+
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ - Switch to putDirect since we're not the only ones tranitioning this Structure now.
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ * runtime/NativeErrorPrototype.h:
+ - Switch base class to ErrorPrototype.
+
+2011-07-15 Gavin Barraclough <barraclough@apple.com>
+
+ DFG JIT - Where arguments passed are integers, speculate this.
+ https://bugs.webkit.org/show_bug.cgi?id=64630
+
+ Reviewed by Sam Weinig.
+
+ Presently the DFG JIT is overly aggressively predicting double.
+ Use a bit of dynamic information, and curtail this a little.
+
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ - Check for integer arguments.
+ * dfg/DFGGraph.h:
+ - Function declaration.
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ - Add call to predictArgumentTypes.
+
+2011-07-15 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT is inconsistent about fusing branches and speculating
+ integer comparisons for branches.
+ https://bugs.webkit.org/show_bug.cgi?id=64573
+
+ Reviewed by Gavin Barraclough.
+
+ This patch moves some of NonSpeculativeJIT's functionality up into the
+ JITCodeGenerator superclass so that it can be used from both JITs. Now,
+ in cases where the speculative JIT doesn't want to speculate but still
+ wants to emit good code, it can reliably emit the same code sequence as
+ the non-speculative JIT. This patch also extends the non-speculative
+ JIT's compare optimizations to include compare/branch fusing, and
+ extends the speculative JIT's compare optimizations to cover StrictEqual.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::isKnownInteger):
+ (JSC::DFG::JITCodeGenerator::isKnownNumeric):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ * wtf/Platform.h:
+
+2011-07-14 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64250
+ Global strict mode function leaking global object as "this".
+
+ Reviewed by Oliver Hunt.
+
+ The root problem here is that we pass the wrong values into
+ calls, and then try to fix them up in the callee. Correct
+ behaviour per the spec is to pass in the value undefined,
+ as this unless either (1) the function call is based on an
+ explicit property access or (2) the base of the call comes
+ directly from a 'with'.
+
+ This change does away with the need for this conversion of
+ objects (non strict code should only box primitives), and
+ does away with all this conversion for strict functions.
+
+ This patch may have web compatibility ramifications, and may
+ require some advocacy.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecode/Opcode.h:
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::emitResolveWithThis):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecompiler/BytecodeGenerator.h:
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::EvalFunctionCallNode::emitBytecode):
+ (JSC::FunctionCallResolveNode::emitBytecode):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Change NeedsThisConversion check to test for JSString's vptr
+ (objects no longer need conversion).
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::resolveThisAndProperty):
+ - Based on resolveBaseAndProperty, but produce correct this value.
+ (JSC::Interpreter::privateExecute):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * interpreter/Interpreter.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_resolve_with_this):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emitSlow_op_convert_this):
+ - Change NeedsThisConversion check to test for JSString's vptr
+ (objects no longer need conversion).
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve_with_this):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emitSlow_op_convert_this):
+ - Change NeedsThisConversion check to test for JSString's vptr
+ (objects no longer need conversion).
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * jit/JITStubs.h:
+ - Removed op_convert_this_strict, added op_resolve_with_this.
+ * runtime/JSActivation.h:
+ - removed NeedsThisConversion flag, added IsEnvironmentRecord.
+ * runtime/JSStaticScopeObject.h:
+ - removed NeedsThisConversion flag, added IsEnvironmentRecord.
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ - removed NeedsThisConversion.
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::isEnvironmentRecord):
+ (JSC::TypeInfo::overridesHasInstance):
+ - removed NeedsThisConversion flag, added IsEnvironmentRecord.
+ * runtime/JSValue.h:
+ - removed NeedsThisConversion.
+ * runtime/JSVariableObject.h:
+ - Corrected StructureFlags inheritance.
+ * runtime/StrictEvalActivation.h:
+ (JSC::StrictEvalActivation::createStructure):
+ - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
+ * runtime/Structure.h:
+ - removed NeedsThisConversion.
+ * tests/mozilla/ecma/String/15.5.4.6-2.js:
+ (getTestCases):
+ - Removed invalid test case.
+
+2011-07-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r91082, r91087, and r91089.
+ http://trac.webkit.org/changeset/91082
+ http://trac.webkit.org/changeset/91087
+ http://trac.webkit.org/changeset/91089
+ https://bugs.webkit.org/show_bug.cgi?id=64616
+
+ gtk tests are failing a lot after this change. (Requested by
+ dave_levin on #webkit).
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::identifier):
+ (WTF::ThreadIdentifierData::initialize):
+ (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
+ (WTF::ThreadIdentifierData::initializeKeyOnce):
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading):
+
+2011-07-15 David Levin <levin@chromium.org>
+
+ Another attempted build fix.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
+ up the definition of PTHREAD_KEYS_MAX.
+
+2011-07-15 David Levin <levin@chromium.org>
+
+ Chromium build fix.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
+ up the definition of PTHREAD_KEYS_MAX.
+
+2011-07-14 David Levin <levin@chromium.org>
+
+ currentThread is too slow!
+ https://bugs.webkit.org/show_bug.cgi?id=64577
+
+ Reviewed by Darin Adler and Dmitry Titov.
+
+ The problem is that currentThread results in a pthread_once call which always takes a lock.
+ With this change, currentThread is 10% faster than isMainThread in release mode and only
+ 5% slower than isMainThread in debug.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
+ which is no longer needed because this is called from initializeThreading().
+ (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
+ intialization of the pthread key should already be done.
+ (WTF::ThreadIdentifierData::initialize): Ditto.
+ * wtf/ThreadIdentifierDataPthreads.h:
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeThreading): Acquire the pthread key here.
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not optimize Branch as well as it could.
+ https://bugs.webkit.org/show_bug.cgi?id=64574
+
+ Reviewed by Gavin Barraclough.
+
+ This creates a common code path for emitting unfused branches, which does
+ no speculation, and only performs a slow call if absolutely necessary.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitBranch):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ GC allocation fast path has too many operations.
+ https://bugs.webkit.org/show_bug.cgi?id=64493
+
+ Reviewed by Darin Adler.
+
+ Changed the timing of the lazy sweep so that it occurs when we land on
+ a previously-unsweeped block, rather than whenever we land on an unsweeped
+ cell. After the per-block lazy sweep occurs, the block is turned into a
+ singly linked list of free cells. The allocation fast path is now just a
+ load-branch-store to remove a cell from the head of the list.
+
+ Additionally, this changes the way new blocks are allocated. Previously,
+ they would be populated with dummy cells. With this patch, they are
+ turned into a free list, which means that there will never be destructor
+ calls for allocations in fresh blocks.
+
+ These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
+ SunSpider. There are no observed statistically significant slow-downs
+ on any individual benchmark.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::Heap::allocateSlowCase):
+ (JSC::Heap::collect):
+ (JSC::Heap::canonicalizeBlocks):
+ (JSC::Heap::resetAllocator):
+ * heap/Heap.h:
+ (JSC::Heap::forEachProtectedCell):
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock):
+ (JSC::Heap::allocate):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::lazySweep):
+ (JSC::MarkedBlock::blessNewBlockForFastPath):
+ (JSC::MarkedBlock::blessNewBlockForSlowPath):
+ (JSC::MarkedBlock::canonicalizeBlock):
+ * heap/MarkedBlock.h:
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::addBlock):
+ (JSC::NewSpace::canonicalizeBlocks):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::allocate):
+ (JSC::NewSpace::SizeClass::SizeClass):
+ (JSC::NewSpace::SizeClass::canonicalizeBlock):
+ * heap/OldSpace.cpp:
+ (JSC::OldSpace::addBlock):
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT crashes on host constructor calls in debug mode.
+ https://bugs.webkit.org/show_bug.cgi?id=64562
+
+ Reviewed by Gavin Barraclough.
+
+ Fixed the relevant ASSERT.
+
+ * dfg/DFGOperations.cpp:
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT contains a FIXME for rewinding speculative code generation that
+ has already been fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=64022
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+
+2011-07-14 Ryuan Choi <ryuan.choi@samsung.com>
+
+ [EFL] Add OwnPtr specialization for Ecore_Pipe.
+ https://bugs.webkit.org/show_bug.cgi?id=64515
+
+ Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
+
+ Reviewed by Xan Lopez.
+
+ * wtf/OwnPtrCommon.h:
+ * wtf/efl/OwnPtrEfl.cpp:
+ (WTF::deleteOwnedPtr):
+
+2011-07-14 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT unnecessarily boxes and unboxes values during silent spilling.
+ https://bugs.webkit.org/show_bug.cgi?id=64068
+
+ Reviewed by Gavin Barraclough.
+
+ Silent spilling and filling of registers is done during slow-path C
+ function calls. The silent spill/fill logic does not affect register
+ allocation on paths that don't involve the C function call.
+
+ This changes the silent spilling code to spill in unboxed form. The
+ silent fill will refill in whatever form the register was spilled in.
+ For example, the silent spill code may choose not to spill the register
+ because it was already spilled previously, which would imply that it
+ was spilled in boxed form. The filling code detects this and either
+ unboxes, or not, depending on what is appropriate.
+
+ This change also results in a simplification of the silent spill/fill
+ API: silent spilling no longer needs to know about the set of registers
+ that cannot be trampled, since it never does boxing and hence does not
+ need a temporary register.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compare):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-13 Michael Saboff <msaboff@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64202
+ Enh: Improve handling of RegExp in the form of /.*blah.*/
+
+ Reviewed by Gavin Barraclough.
+
+ Added code to both the Yarr interpreter and JIT to handle
+ these expressions a little differently. First off, the terms
+ in between the leading and trailing .*'s cannot capture and
+ also this enhancement is limited to single alternative expressions.
+ If an expression is of the right form with the aforementioned
+ restrictions, we process the inner terms and then look for the
+ beginning of the string and end of the string. There is handling
+ for multiline expressions to allow the beginning and end to be
+ right after and right before newlines.
+
+ This enhancement speeds up expressions of this type 12x on
+ a MacBookPro.
+
+ Cleaned up 'case' statement indentation.
+
+ A new set of tests was added as LayoutTests/fast/regex/dotstar.html
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::InputStream::end):
+ (JSC::Yarr::Interpreter::matchDotStarEnclosure):
+ (JSC::Yarr::Interpreter::matchDisjunction):
+ (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::ByteTerm::DotStarEnclosure):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
+ (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
+ (JSC::Yarr::YarrGenerator::generateTerm):
+ (JSC::Yarr::YarrGenerator::backtrackTerm):
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
+ (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
+ (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
+ (JSC::Yarr::YarrPattern::compile):
+ * yarr/YarrPattern.h:
+ (JSC::Yarr::PatternTerm::PatternTerm):
+
+2011-07-13 Xan Lopez <xlopez@igalia.com>
+
+ [GTK] Fix distcheck
+
+ Reviewed by Martin Robinson.
+
+ * GNUmakefile.list.am: add missing files.
+
+2011-07-13 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement prototype chain or list caching for get_by_id.
+ https://bugs.webkit.org/show_bug.cgi?id=64147
+
+ Reviewed by Gavin Barraclough.
+
+ This implements unified support for prototype caching, prototype chain
+ caching, and polymorphic (i.e. list) prototype and prototype chain
+ caching. This is done by creating common code for emitting prototype
+ or chain access stubs, and having it factored out into
+ generateProtoChainAccessStub(). This function is called by
+ tryCacheGetByID once the latter determines that some form of prototype
+ access caching is necessary (i.e. the slot being accessed is not on the
+ base value but on some other object).
+
+ Direct prototype list, and prototype chain list, caching is implemented by
+ linking the slow path to operationGetByIdProtoBuildList(), which uses the
+ same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
+
+ This change required ensuring that the value in the scratchGPR field in
+ StructureStubInfo is preserved even after the stub info is in the
+ chain, or proto_list, states. Hence scratchGPR was moved out of the union
+ and into the top-level of StructureStubInfo.
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::emitRestoreScratch):
+ (JSC::DFG::linkRestoreScratch):
+ (JSC::DFG::generateProtoChainAccessStub):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDProtoList):
+ (JSC::DFG::dfgBuildGetByIDProtoList):
+ (JSC::DFG::tryCachePutByID):
+ * dfg/DFGRepatch.h:
+
+2011-07-12 Brent Fulgham <bfulgham@webkit.org>
+
+ Standardize WinCairo conditionalized code under PLATFORM macro.
+ https://bugs.webkit.org/show_bug.cgi?id=64377
+
+ Reviewed by Maciej Stachowiak.
+
+ * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
+
+2011-07-13 David Levin <levin@chromium.org>
+
+ Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
+ https://bugs.webkit.org/show_bug.cgi?id=64465
+
+ Reviewed by Dmitry Titov.
+
+ There isn't a good way to test this as it is very highly unlikely to occur.
+
+ * wtf/ThreadIdentifierDataPthreads.cpp:
+ (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
+ isn't thread-safe, change the initialization to be global.
+
+2011-07-12 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64424
+ Our direct eval behaviour deviates slightly from the spec.
+
+ Reviewed by Oliver Hunt.
+
+ The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
+ behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
+ or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
+ may be introduced into the caller's environment.
+
+ ES5 direct calls are any call where the callee function is provided by a reference, a base
+ of that Reference is an EnvironmentRecord (this corresponds to all productions
+ "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
+ of the reference is "eval". This means any expression of the form "eval(...)", and that
+ calls the standard built in eval method from on the Global Object, is considered to be
+ direct.
+
+ In JavaScriptCore we are currently overly restrictive. We also check that the
+ EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
+ at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
+ that hits a var eval in a nested scope is not considered to be direct. This behaviour does
+ not emanate from the spec, and is incorrect.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ - Fixed direct eval check in op_call_eval.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Fixed direct eval check in op_call_eval.
+ * runtime/Executable.h:
+ (JSC::isHostFunction):
+ - Added check for host function with specific NativeFunction.
+
+2011-07-13 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ Broken build on QNX
+ https://bugs.webkit.org/show_bug.cgi?id=63717
+
+ QNX doesn't support pthread's SA_RESTART (required by
+ JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
+ few minor compilation errors here and there.
+
+ Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
+ tested by him on QNX v6.5 (x86)
+
+ * wtf/DateMath.cpp: fix usage of abs/labs
+ * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
+ * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
+
+2011-07-12 Anders Carlsson <andersca@apple.com>
+
+ If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
+ https://bugs.webkit.org/show_bug.cgi?id=64429
+
+ Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
+
+ * wtf/NullPtr.h:
+
+2011-07-13 MORITA Hajime <morrita@google.com>
+
+ Refactoring: Ignored ExceptionCode value should be less annoying.
+ https://bugs.webkit.org/show_bug.cgi?id=63688
+
+ Added ASSERT_AT macro.
+
+ Reviewed by Darin Adler.
+
+ * wtf/Assertions.h:
+
+2011-07-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement op_construct.
+ https://bugs.webkit.org/show_bug.cgi?id=64066
+
+ Reviewed by Gavin Barraclough.
+
+ This is a fixed implementation of op_construct. Constructor calls are implemented
+ by reusing almost all of the code for Call, with care taken to make sure that
+ where the are differences (like selecting different code blocks), those differences
+ are respected. The two fixes over the last patch are: (1) make sure the
+ CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
+ make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
+ (either CodeForCall or CodeForConstruct) when invoking the compiler.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordConstruct):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls):
+
+2011-07-12 Oliver Hunt <oliver@apple.com>
+
+ Overzealous type validation in method_check
+ https://bugs.webkit.org/show_bug.cgi?id=64415
+
+ Reviewed by Gavin Barraclough.
+
+ method_check is essentially just a value look up
+ optimisation, but it internally stores the value
+ as a JSFunction, even though it never relies on
+ this fact. Under GC validation however we end up
+ trying to enforce that assumption. The fix is
+ simply to store the value as a correct supertype.
+
+ * bytecode/CodeBlock.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+ (JSC::DFG::tryCacheGetMethod):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2011-07-12 Filip Pizlo <fpizlo@apple.com>
+
+ COLLECT_ON_EVERY_ALLOCATION no longer works.
+ https://bugs.webkit.org/show_bug.cgi?id=64388
+
+ Reviewed by Oliver Hunt.
+
+ Added a flag to Heap that determines if it's safe to collect (which for now means that
+ JSGlobalObject has actually been initialized, but it should work for other things, too).
+ This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
+ GCing it just grows the heap, if necessary.
+
+ Then changed Heap::allocate() to not recurse ad infinitum when
+ COLLECT_ON_EVERY_ALLOCATION is set. This also makes the allocator generally more
+ resilient against bugs; this change allowed me to put in handy assertions, such as that
+ an allocation must succeed after either a collection or after a new block was added.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::tryAllocate):
+ (JSC::Heap::allocate):
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ (JSC::Heap::notifyIsSafeToCollect):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+
+2011-07-12 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT put_by_id transition caching does not inform the GC about the structure and
+ prototype chain that it is referencing.
+ https://bugs.webkit.org/show_bug.cgi?id=64387
+
+ Reviewed by Gavin Barraclough.
+
+ Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID):
+
+2011-07-12 Adam Roben <aroben@apple.com>
+
+ Ensure no intermediate WTF::Strings are created when concatenating with string literals
+
+ Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
+ operator+ is suboptimal
+
+ Reviewed by Darin Adler.
+
+ * wtf/text/StringConcatenate.h:
+ (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
+ many WTF::Strings get copied while evaluating an operator+ expression.
+
+ * wtf/text/StringOperators.h:
+ (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
+ side, since operator+ is left-associative. Having the StringAppend on the right-hand side
+ was causing us to make intermediate WTF::Strings when evaluating expressions that contained
+ multiple calls to operator+. Added some more overloads for that take a left-hand side of
+ const char* to resolve overload ambiguity for certain expressions. Added overloads that take
+ a left-hand side of const UChar* (matching the const char* overloads) so that wide string
+ literals don't first have to be converted to a WTF::String in operator+ expressions.
+
+2011-07-12 Adam Roben <aroben@apple.com>
+
+ Unreviewed, rolling out r90811.
+ http://trac.webkit.org/changeset/90811
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Several svg tests failing assertions beneath
+ SVGSMILElement::findInstanceTime
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-07-12 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
+
+ Reviewed by Nikolas Zimmermann.
+
+ Speed up SVGSMILElement::findInstanceTime.
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Add a new parameter to StdlibExtras.h::binarySerarch function
+ to also handle cases when the array does not contain the key value.
+ This is needed for an svg function.
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-07-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT does not guard itself against floating point speculation
+ failures on non-floating-point constants.
+ https://bugs.webkit.org/show_bug.cgi?id=64330
+
+ Reviewed by Gavin Barraclough.
+
+ Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
+ soon as it notices that it's speculating on something that is a non-numeric
+ JSConstant.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-07-11 Filip Pizlo <fpizlo@apple.com>
+
+ DFG Speculative JIT does not always insert speculation checks when speculating
+ arrays.
+ https://bugs.webkit.org/show_bug.cgi?id=64254
+
+ Reviewed by Gavin Barraclough.
+
+ Changed the SetLocal instruction to always validate that the value being stored
+ into the local variable is an array, if that variable was marked PredictArray.
+ This is necessary since uses of arrays assume that if a PredictArray value is
+ in a local variable then the speculation check validating that the value is an
+ array was already performed.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-11 Gabor Loki <loki@webkit.org>
+
+ Fix the condition of the optimized code in doubleTransfer
+ https://bugs.webkit.org/show_bug.cgi?id=64261
+
+ Reviewed by Zoltan Herczeg.
+
+ The condition of the optimized code in doubleTransfer is wrong. The
+ data transfer should be executed with four bytes aligned address.
+ VFP cannot perform unaligned memory access.
+
+ Reported by Jacob Bramley.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::doubleTransfer):
+
+2011-07-11 Gabor Loki <loki@webkit.org>
+
+ Signed arithmetic bug in dataTransfer32.
+ https://bugs.webkit.org/show_bug.cgi?id=64257
+
+ Reviewed by Zoltan Herczeg.
+
+ An arithmetic bug is fixed. If the offset of dataTransfer is half of the
+ addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
+ a load instruction is emitted with a wrong zero offset.
+
+ Inspired by Jacob Bramley's patch from JaegerMonkey.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::dataTransfer32):
+
+2011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com>
+
+ Fix unaligned userspace access for SH4 platforms.
+ https://bugs.webkit.org/show_bug.cgi?id=62993
+
+ * wtf/Platform.h:
+
+2011-07-09 Chao-ying Fu <fu@mips.com>
+
+ Fix MIPS build due to readInt32 and readPointer
+ https://bugs.webkit.org/show_bug.cgi?id=63962
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readInt32):
+ (JSC::MIPSAssembler::readPointer):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::rshift32):
+
+2011-07-08 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=64181
+ REGRESSION (r90602): Gmail doesn't load
+
+ Rolling out r90601, r90602.
+
+ * dfg/DFGAliasTracker.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addVarArgChild):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::dfgLinkCall):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * runtime/JSObject.h:
+ (JSC::JSObject::isUsingInlineStorage):
+
+2011-07-08 Kalev Lember <kalev@smartlink.ee>
+
+ Reviewed by Adam Roben.
+
+ Add missing _WIN32_WINNT and WINVER definitions
+ https://bugs.webkit.org/show_bug.cgi?id=59702
+
+ Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
+ available for all source files.
+
+ In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
+ DeleteTimerQueueTimer which are both guarded by
+ #if (_WIN32_WINNT >= 0x0500)
+ in MinGW headers.
+
+ * config.h:
+ * wtf/Assertions.cpp:
+
+2011-07-08 Chang Shu <cshu@webkit.org>
+
+ Rename "makeSecure" to "fill" and remove the support for displaying last character
+ to avoid layering violatation.
+ https://bugs.webkit.org/show_bug.cgi?id=59114
+
+ Reviewed by Alexey Proskuryakov.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.order:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::fill):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.h:
+ (WTF::String::fill):
+
+2011-07-08 Benjamin Poulain <benjamin@webkit.org>
+
+ [WK2] Do not forward touch events to the web process when it does not need them
+ https://bugs.webkit.org/show_bug.cgi?id=64164
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Add a convenience function to obtain a reference to the last element of a Deque.
+
+ * wtf/Deque.h:
+ (WTF::Deque::last):
+
+2011-07-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement op_construct.
+ https://bugs.webkit.org/show_bug.cgi?id=64066
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordConstruct):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::addCall):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement get_by_id prototype caching.
+ https://bugs.webkit.org/show_bug.cgi?id=64077
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::emitRestoreScratch):
+ (JSC::DFG::linkRestoreScratch):
+ (JSC::DFG::tryCacheGetByID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::addressOfPropertyAtOffset):
+
+2011-07-07 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT method_check implementation does not link to optimized get_by_id
+ slow path.
+ https://bugs.webkit.org/show_bug.cgi?id=64073
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+
+2011-07-07 Oliver Hunt <oliver@apple.com>
+
+ Encode jump and link sizes into the appropriate enums
+ https://bugs.webkit.org/show_bug.cgi?id=64123
+
+ Reviewed by Sam Weinig.
+
+ Finally kill off the out of line jump and link size arrays,
+ so we can avoid icky loads and constant fold the linking arithmetic.
+
+ * assembler/ARMv7Assembler.cpp:
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::jumpSizeDelta):
+ (JSC::ARMv7Assembler::computeJumpType):
+
+2011-07-06 Juan C. Montemayor <jmont@apple.com>
+
+ ASSERT_NOT_REACHED running test 262
+ https://bugs.webkit.org/show_bug.cgi?id=63951
+
+ Added a case to the switch statement where the code was failing. Fixed
+ some logic as well that gave faulty error messages.
+
+ Reviewed by Gavin Barraclough.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::getTokenName):
+ (JSC::JSParser::updateErrorMessageSpecialCase):
+ (JSC::JSParser::updateErrorMessage):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT implementation of op_call results in regressions on sunspider
+ controlflow-recursive.
+ https://bugs.webkit.org/show_bug.cgi?id=64039
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not support method_check
+ https://bugs.webkit.org/show_bug.cgi?id=63972
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/CodeLocation.h:
+ (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
+ (JSC::MethodCallLinkInfo::seenOnce):
+ (JSC::MethodCallLinkInfo::setSeen):
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordGetMethod):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedGetMethod):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addMethodGet):
+ (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchGetMethodFast):
+ (JSC::DFG::tryCacheGetMethod):
+ (JSC::DFG::dfgRepatchGetMethod):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITWriteBarrier.h:
+ (JSC::JITWriteBarrier::set):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT op_call implementation will flush registers even when those registers are dead
+ https://bugs.webkit.org/show_bug.cgi?id=64023
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::integerResult):
+ (JSC::DFG::JITCodeGenerator::noResult):
+ (JSC::DFG::JITCodeGenerator::cellResult):
+ (JSC::DFG::JITCodeGenerator::jsValueResult):
+ (JSC::DFG::JITCodeGenerator::doubleResult):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-06 Filip Pizlo <fpizlo@apple.com>
+
+ DFG speculative JIT may crash when speculating int on a non-int JSConstant.
+ https://bugs.webkit.org/show_bug.cgi?id=64017
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-06 Dmitriy Vyukov <dvyukov@google.com>
+
+ Reviewed by David Levin.
+
+ Allow substitution of dynamic annotations and prevent identical code folding by the linker.
+ https://bugs.webkit.org/show_bug.cgi?id=62443
+
+ * wtf/DynamicAnnotations.cpp:
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+
+2011-07-06 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Calls on 32 bit machines are failed after r90423
+ https://bugs.webkit.org/show_bug.cgi?id=63980
+
+ Reviewed by Gavin Barraclough.
+
+ Copy the necessary lines from JITCall.cpp.
+
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+
+2011-07-05 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT virtual call implementation is inefficient.
+ https://bugs.webkit.org/show_bug.cgi?id=63974
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGOperations.cpp:
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
+ (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
+ (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
+ (JSC::ExecutableBase::hasJITCodeForCall):
+ (JSC::ExecutableBase::hasJITCodeForConstruct):
+ (JSC::ExecutableBase::hasJITCodeFor):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::scopeUnchecked):
+
+2011-07-05 Oliver Hunt <oliver@apple.com>
+
+ Force inlining of simple functions that show up as not being inlined
+ https://bugs.webkit.org/show_bug.cgi?id=63964
+
+ Reviewed by Gavin Barraclough.
+
+ Looking at profile data indicates the gcc is failing to inline a
+ number of trivial functions. This patch hits the ones that show
+ up in profiles with the ALWAYS_INLINE hammer.
+
+ We also replace the memcpy() call in linking with a manual loop.
+ Apparently memcpy() is almost never faster than an inlined loop.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::add):
+ (JSC::ARMv7Assembler::add_S):
+ (JSC::ARMv7Assembler::ARM_and):
+ (JSC::ARMv7Assembler::asr):
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::clz):
+ (JSC::ARMv7Assembler::cmn):
+ (JSC::ARMv7Assembler::cmp):
+ (JSC::ARMv7Assembler::eor):
+ (JSC::ARMv7Assembler::it):
+ (JSC::ARMv7Assembler::ldr):
+ (JSC::ARMv7Assembler::ldrCompact):
+ (JSC::ARMv7Assembler::ldrh):
+ (JSC::ARMv7Assembler::ldrb):
+ (JSC::ARMv7Assembler::lsl):
+ (JSC::ARMv7Assembler::lsr):
+ (JSC::ARMv7Assembler::movT3):
+ (JSC::ARMv7Assembler::mov):
+ (JSC::ARMv7Assembler::movt):
+ (JSC::ARMv7Assembler::mvn):
+ (JSC::ARMv7Assembler::neg):
+ (JSC::ARMv7Assembler::orr):
+ (JSC::ARMv7Assembler::orr_S):
+ (JSC::ARMv7Assembler::ror):
+ (JSC::ARMv7Assembler::smull):
+ (JSC::ARMv7Assembler::str):
+ (JSC::ARMv7Assembler::sub):
+ (JSC::ARMv7Assembler::sub_S):
+ (JSC::ARMv7Assembler::tst):
+ (JSC::ARMv7Assembler::linkRecordSourceComparator):
+ (JSC::ARMv7Assembler::link):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::nearCall):
+ (JSC::MacroAssemblerARMv7::call):
+ (JSC::MacroAssemblerARMv7::ret):
+ (JSC::MacroAssemblerARMv7::moveWithPatch):
+ (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
+ (JSC::MacroAssemblerARMv7::storePtrWithPatch):
+ (JSC::MacroAssemblerARMv7::tailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::jump):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+
+2011-07-05 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Make "Add optimised paths for a few maths functions" work on Qt
+ https://bugs.webkit.org/show_bug.cgi?id=63893
+
+ Reviewed by Oliver Hunt.
+
+ Move the generated code to the .text section instead of .data section.
+ Fix alignment for the 32 bit thunk code.
+
+ * jit/ThunkGenerators.cpp:
+
+2011-07-05 Filip Pizlo <fpizlo@apple.com>
+
+ DFG JIT does not implement op_call.
+ https://bugs.webkit.org/show_bug.cgi?id=63858
+
+ Reviewed by Gavin Barraclough.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setNumberOfCallLinkInfos):
+ (JSC::CodeBlock::numberOfCallLinkInfos):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::lookupGetByVal):
+ (JSC::DFG::AliasTracker::recordCall):
+ (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::addVarArgChild):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::opName):
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::refChildren):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::useChildren):
+ (JSC::DFG::JITCodeGenerator::emitCall):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::addressOfCallData):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::CallRecord::CallRecord):
+ (JSC::DFG::JITCompiler::notifyCall):
+ (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
+ (JSC::DFG::JITCompiler::addJSCall):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::child1):
+ (JSC::DFG::Node::child2):
+ (JSC::DFG::Node::child3):
+ (JSC::DFG::Node::firstChild):
+ (JSC::DFG::Node::numChildren):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compare):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkCall):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::calleeAsValue):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCode.h:
+ (JSC::JITCode::JITCode):
+ (JSC::JITCode::jitType):
+ (JSC::JITCode::HostFunction):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.h:
+
+2011-07-05 Oliver Hunt <oliver@apple.com>
+
+ Initialize new MarkStack member
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+
+2011-07-05 Oliver Hunt <oliver@apple.com>
+
+ Don't throw out compiled code repeatedly
+ https://bugs.webkit.org/show_bug.cgi?id=63960
+
+ Reviewed by Gavin Barraclough.
+
+ Stop throwing away all compiled code every time
+ we're told to do a full GC. Instead unlink all
+ callsites during such GC passes to maximise the
+ number of collectable functions, but otherwise
+ leave compiled functions alone.
+
+ * API/JSBase.cpp:
+ (JSGarbageCollect):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::shouldUnlinkCalls):
+ (JSC::MarkStack::setShouldUnlinkCalls):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::recompileAllJSFunctions):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::compile):
+ (JSC::RegExp::invalidateCode):
+ * runtime/RegExp.h:
+
+2011-07-05 Filip Pizlo <fpizlo@apple.com>
+
+ JSC JIT has code duplication for the handling of call and construct
+ https://bugs.webkit.org/show_bug.cgi?id=63957
+
+ Reviewed by Gavin Barraclough.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::linkFor):
+ * jit/JIT.h:
+ * jit/JITStubs.cpp:
+ (JSC::jitCompileFor):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::arityCheckFor):
+ (JSC::lazyLinkFor):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::generatedJITCodeFor):
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::isGeneratedFor):
+ (JSC::FunctionExecutable::generatedBytecodeFor):
+ (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
+
+2011-07-05 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix following last patch.
+
+ * runtime/JSFunction.cpp:
+ (JSC::createPrototypeProperty):
+
+2011-07-05 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63947
+ ASSERT running Object.preventExtensions(Math.sin)
+
+ Reviewed by Oliver Hunt.
+
+ This is due to calling scope() on a hostFunction as a part of
+ calling createPrototypeProperty to reify the prototype property.
+ But host functions don't have a prototype property anyway!
+
+ Prevent callling createPrototypeProperty on a host function.
+
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::createPrototypeProperty):
+ (JSC::JSFunction::preventExtensions):
+
+2011-07-04 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63880
+ Evaluation order of conversions of operands to >, >= incorrect.
+
+ Reviewed by Sam Weinig.
+
+ Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
+ spec. This allows these methods to be reused to perform >, >= relational compares
+ with correct ordering of type conversions.
+
+ * dfg/DFGOperations.cpp:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Operations.h:
+ (JSC::jsLess):
+ (JSC::jsLessEq):
+
+2011-07-04 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16652
+ Firefox and JavaScriptCore differ in Number.toString(integer)
+
+ Our arbitrary radix (2..36) toString conversion is inaccurate.
+ This is partly because it uses doubles to perform math that requires
+ higher accuracy, and partly becasue it does not attempt to correctly
+ detect where to terminate, instead relying on a simple 'epsilon'.
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::decomposeDouble):
+ - helper function to extract sign, exponent, mantissa from IEEE doubles.
+ (JSC::Uint16WithFraction::Uint16WithFraction):
+ - helper class, u16int with infinite precision fraction, used to convert
+ the fractional part of the number to a string.
+ (JSC::Uint16WithFraction::operator*=):
+ - Multiply by a uint16.
+ (JSC::Uint16WithFraction::operator<):
+ - Compare two Uint16WithFractions.
+ (JSC::Uint16WithFraction::floorAndSubtract):
+ - Extract the integer portion of the number, and subtract it (clears the integer portion).
+ (JSC::Uint16WithFraction::comparePoint5):
+ - Compare to 0.5.
+ (JSC::Uint16WithFraction::sumGreaterThanOne):
+ - Passed a second Uint16WithFraction, returns true if the result of adding
+ the two values would be greater than one.
+ (JSC::Uint16WithFraction::isNormalized):
+ - Used by ASSERTs to consistency check internal representation.
+ (JSC::BigInteger::BigInteger):
+ - helper class, unbounded integer value, used to convert the integer part
+ of the number to a string.
+ (JSC::BigInteger::divide):
+ - Divide this value through by a uint32.
+ (JSC::BigInteger::operator!):
+ - test for zero.
+ (JSC::toStringWithRadix):
+ - Performs number to string conversion, with the given radix (2..36).
+ (JSC::numberProtoFuncToString):
+ - Changed to use toStringWithRadix.
+
+2011-07-04 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63881
+ Need separate bytecodes for handling >, >= comparisons.
+
+ Reviewed by Oliver Hunt.
+
+ This clears the way to fix Bug#63880. We currently handle greater-than comparisons
+ as being using the corresponding op_less, etc opcodes. This is incorrect with
+ respect to evaluation ordering of the implicit conversions performed on operands -
+ we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
+ but instead convert RHS then LHS.
+
+ This patch adds opcodes for greater-than comparisons mirroring existing ones used
+ for less-than.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfTrue):
+ (JSC::BytecodeGenerator::emitJumpIfFalse):
+ * bytecompiler/NodesCodegen.cpp:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compare):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compare):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JSC::JIT::emit_op_loop_if_greater):
+ (JSC::JIT::emitSlow_op_loop_if_greater):
+ (JSC::JIT::emit_op_loop_if_greatereq):
+ (JSC::JIT::emitSlow_op_loop_if_greatereq):
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_jgreater):
+ (JSC::JIT::emit_op_jgreatereq):
+ (JSC::JIT::emit_op_jngreater):
+ (JSC::JIT::emit_op_jngreatereq):
+ (JSC::JIT::emitSlow_op_jgreater):
+ (JSC::JIT::emitSlow_op_jgreatereq):
+ (JSC::JIT::emitSlow_op_jngreater):
+ (JSC::JIT::emitSlow_op_jngreatereq):
+ (JSC::JIT::emit_compareAndJumpSlow):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitBinaryDoubleOp):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * parser/NodeConstructors.h:
+ (JSC::GreaterNode::GreaterNode):
+ (JSC::GreaterEqNode::GreaterEqNode):
+ * parser/Nodes.h:
+
+2011-07-03 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63879
+ Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
+
+ Reviewed by Sam Weinig.
+
+ There is a lot of copy & paste code here; we can reduce duplication by making
+ a shared implementation.
+
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::branch32):
+ (JSC::MacroAssembler::commute):
+ - Make these function platform agnostic.
+ * assembler/MacroAssemblerX86Common.h:
+ - Moved branch32/commute up to MacroAssembler.
+ * jit/JIT.h:
+ (JSC::JIT::emit_op_loop_if_lesseq):
+ (JSC::JIT::emitSlow_op_loop_if_lesseq):
+ - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_jless):
+ (JSC::JIT::emit_op_jlesseq):
+ (JSC::JIT::emit_op_jnless):
+ (JSC::JIT::emit_op_jnlesseq):
+ (JSC::JIT::emitSlow_op_jless):
+ (JSC::JIT::emitSlow_op_jlesseq):
+ (JSC::JIT::emitSlow_op_jnless):
+ (JSC::JIT::emitSlow_op_jnlesseq):
+ - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
+ (JSC::JIT::emit_compareAndJump):
+ (JSC::JIT::emit_compareAndJumpSlow):
+ - Internal implmementation of jless etc for JSVALUE64.
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_compareAndJump):
+ (JSC::JIT::emit_compareAndJumpSlow):
+ - Internal implmementation of jless etc for JSVALUE32_64.
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+ - Remove old implementation of emit_op_loop_if_lesseq.
+
+2011-07-03 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r90347.
+ http://trac.webkit.org/changeset/90347
+ https://bugs.webkit.org/show_bug.cgi?id=63886
+
+ Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
+ (Requested by tkent on #webkit).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/BigInteger.h: Removed.
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToPrecision):
+ (JSC::numberProtoFuncToString):
+ * runtime/Uint16WithFraction.h: Removed.
+ * wtf/MathExtras.h:
+
+2011-06-30 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16652
+ Firefox and JavaScriptCore differ in Number.toString(integer)
+
+ Our arbitrary radix (2..36) toString conversion is inaccurate.
+ This is partly because it uses doubles to perform math that requires
+ higher accuracy, and partly becasue it does not attempt to correctly
+ detect where to terminate, instead relying on a simple 'epsilon'.
+
+ * runtime/NumberPrototype.cpp:
+ (JSC::decomposeDouble):
+ - helper function to extract sign, exponent, mantissa from IEEE doubles.
+ (JSC::Uint16WithFraction::Uint16WithFraction):
+ - helper class, u16int with infinite precision fraction, used to convert
+ the fractional part of the number to a string.
+ (JSC::Uint16WithFraction::operator*=):
+ - Multiply by a uint16.
+ (JSC::Uint16WithFraction::operator<):
+ - Compare two Uint16WithFractions.
+ (JSC::Uint16WithFraction::floorAndSubtract):
+ - Extract the integer portion of the number, and subtract it (clears the integer portion).
+ (JSC::Uint16WithFraction::comparePoint5):
+ - Compare to 0.5.
+ (JSC::Uint16WithFraction::sumGreaterThanOne):
+ - Passed a second Uint16WithFraction, returns true if the result of adding
+ the two values would be greater than one.
+ (JSC::Uint16WithFraction::isNormalized):
+ - Used by ASSERTs to consistency check internal representation.
+ (JSC::BigInteger::BigInteger):
+ - helper class, unbounded integer value, used to convert the integer part
+ of the number to a string.
+ (JSC::BigInteger::divide):
+ - Divide this value through by a uint32.
+ (JSC::BigInteger::operator!):
+ - test for zero.
+ (JSC::toStringWithRadix):
+ - Performs number to string conversion, with the given radix (2..36).
+ (JSC::numberProtoFuncToString):
+ - Changed to use toStringWithRadix.
+
+2011-07-02 Gavin Barraclough <barraclough@apple.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=63866
+ DFG JIT - implement instanceof
+
+ Reviewed by Sam Weinig.
+
+ Add ops CheckHasInstance & InstanceOf to implement bytecodes
+ op_check_has_instance & op_instanceof. This is an initial
+ functional implementation, performance is a wash. We can
+ follow up with changes to fuse the InstanceOf node with
+ a subsequant branch, as we do with other comparisons.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::jitAssertIsCell):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-07-01 Oliver Hunt <oliver@apple.com>
+
+ IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
+ https://bugs.webkit.org/show_bug.cgi?id=63732
+
+ Reviewed by Gavin Barraclough.
+
+ Initialise the memory at the head of the new storage so that
+ GC is safe if triggered by reportExtraMemoryCost.
+
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::increaseVectorPrefixLength):
+
+2011-07-01 Oliver Hunt <oliver@apple.com>
+
+ GC sweep can occur before an object is completely initialised
+ https://bugs.webkit.org/show_bug.cgi?id=63836
+
+ Reviewed by Gavin Barraclough.
+
+ In rare cases it's possible for a GC sweep to occur while a
+ live, but not completely initialised object is on the stack.
+ In such a case we may incorrectly choose to mark it, even
+ though it has no children that need marking.
+
+ We resolve this by always zeroing out the structure of any
+ value returned from JSCell::operator new(), and making the
+ markstack tolerant of a null structure.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::~JSCell):
+ (JSC::JSCell::JSCell::operator new):
+ * runtime/Structure.h:
+ (JSC::MarkStack::internalAppend):
+
+2011-07-01 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT always performs slow C calls for div and mod.
+ https://bugs.webkit.org/show_bug.cgi?id=63684
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+
+2011-07-01 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Lexer error messages are currently appalling
+ https://bugs.webkit.org/show_bug.cgi?id=63340
+
+ Added error messages for the Lexer. These messages will be displayed
+ instead of the lexer error messages from the parser that are currently
+ shown.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::getInvalidCharMessage):
+ (JSC::Lexer::setCode):
+ (JSC::Lexer::parseString):
+ (JSC::Lexer::lex):
+ (JSC::Lexer::clear):
+ * parser/Lexer.h:
+ (JSC::Lexer::getErrorMessage):
+ (JSC::Lexer::setOffset):
+ * parser/Parser.cpp:
+ (JSC::Parser::parse):
+
+2011-07-01 Jungshik Shin <jshin@chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
+ build files for ports not using ICU.
+ Add icu/unicode/uscript.h for ports using ICU. It's taken from
+ ICU 3.6 (the version used on Mac OS 10.5)
+
+ http://bugs.webkit.org/show_bug.cgi?id=20797
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * icu/unicode/uscript.h: Added for UScriptCode enum.
+ * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
+ * wtf/unicode/icu/UnicodeIcu.h:
+ * wtf/unicode/brew/UnicodeBrew.h:
+ * wtf/unicode/glib/UnicodeGLib.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+ * wtf/unicode/wince/UnicodeWinCE.h:
+
+2011-07-01 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63819
+ Escaping of forwardslashes in strings incorrect if multiple exist.
+
+ The bug is in the parameters passed to a substring - should be
+ start & length, but we're passing start & end indices!
+
+ * runtime/RegExpObject.cpp:
+ (JSC::regExpObjectSource):
+
+2011-07-01 Adam Roben <aroben@apple.com>
+
+ Roll out r90194
+ http://trac.webkit.org/changeset/90194
+ https://bugs.webkit.org/show_bug.cgi?id=63778
+
+ Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
+ assertions in WriteBarrierBase<JSC::Structure>::get
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::~JSCell):
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add optimised paths for a few maths functions
+ https://bugs.webkit.org/show_bug.cgi?id=63757
+
+ Relanding as a Mac only patch.
+
+ This adds specialised thunks for Math.abs, Math.round, Math.ceil,
+ Math.floor, Math.log, and Math.exp as they are apparently more
+ important in real web content than we thought, which is somewhat
+ mind-boggling. On average doubles the performance of the common
+ cases (eg. actually passing numbers in). They're not as efficient
+ as they could be, but this way gives them the most portability.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsDoubleBitops):
+ (JSC::MacroAssemblerARM::andnotDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
+ (JSC::MacroAssemblerARMv7::andnotDouble):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::andnotDouble):
+ (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsDoubleBitops):
+ (JSC::MacroAssemblerSH4::andnotDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::supportsDoubleBitops):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::andnotDouble):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::andnpd_rr):
+ * create_hash_table:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ (JSC::SpecializedThunkJIT::callDoubleToDouble):
+ * jit/ThunkGenerators.cpp:
+ (JSC::floorThunkGenerator):
+ (JSC::ceilThunkGenerator):
+ (JSC::roundThunkGenerator):
+ (JSC::expThunkGenerator):
+ (JSC::logThunkGenerator):
+ (JSC::absThunkGenerator):
+ * jit/ThunkGenerators.h:
+
+2011-07-01 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
+
+ Fixes the following build error in clang:
+
+ JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
+ map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
+ JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
+ map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+ ^
+ ( )
+ fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
+ fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
+ JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
+ map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+ ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ 1 error generated.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
+ tertiary expression evaluate first.
+
+2011-07-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r90177 and r90179.
+ http://trac.webkit.org/changeset/90177
+ http://trac.webkit.org/changeset/90179
+ https://bugs.webkit.org/show_bug.cgi?id=63790
+
+ It caused crashes on Qt in debug mode (Requested by Ossy on
+ #webkit).
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::rshift32):
+ (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARM::sqrtDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+ (JSC::MacroAssemblerARMv7::sqrtDouble):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::sqrtDouble):
+ (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::sqrtDouble):
+ * assembler/MacroAssemblerX86.h:
+ * assembler/MacroAssemblerX86Common.h:
+ * assembler/MacroAssemblerX86_64.h:
+ * assembler/X86Assembler.h:
+ * create_hash_table:
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::emitLoadDouble):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ * jit/ThunkGenerators.cpp:
+ * jit/ThunkGenerators.h:
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Beth Dakin.
+
+ Make GC validation clear cell structure on destruction
+ https://bugs.webkit.org/show_bug.cgi?id=63778
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::~JSCell):
+
+2011-06-30 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Added write barrier that was missing from put_by_id_transition
+ https://bugs.webkit.org/show_bug.cgi?id=63775
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
+ MacroAssembler& argument so our patching functions could use it.
+
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
+
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCachePutByID): Missing barrier!
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
+ because its meaning isn't clear -- maybe in the future we'll have a
+ clear way to pass all stores through a common function that guarantees
+ a write barrier, but that's not the case right now.
+
+2011-06-30 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT does not reuse registers when compiling comparisons.
+ https://bugs.webkit.org/show_bug.cgi?id=63565
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compare):
+
+2011-06-30 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Added empty write barrier stubs in all the right places in the DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=63764
+
+ SunSpider thinks this might be a 0.5% speedup. Meh.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
+
+ (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
+ for the case where base == scratch, since we now require base and scratch
+ to be not equal, for the sake of the write barrier.
+
+ * dfg/DFGJITCodeGenerator.h: Le stub.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
+ as the scratch register, since that's incompatible with the write barrier,
+ which needs a distinct base and scratch.
+
+ Do put the global object into a register before loading its var storage,
+ since it needs to be in a register for the write barrier to operate on it.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
+ places.
+
+ (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
+ is a little more than meaningless.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
+ places.
+
+ (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
+ is a little more than meaningless.
+
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
+ we put the global object in a register and only then load its var storage
+ by offset.
+
+ (JSC::JIT::emitWriteBarrier):
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Fix ARMv6 build
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::rshift32):
+
+2011-06-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add optimised paths for a few maths functions
+ https://bugs.webkit.org/show_bug.cgi?id=63757
+
+ This adds specialised thunks for Math.abs, Math.round, Math.ceil,
+ Math.floor, Math.log, and Math.exp as they are apparently more
+ important in real web content than we thought, which is somewhat
+ mind-boggling. On average doubles the performance of the common
+ cases (eg. actually passing numbers in). They're not as efficient
+ as they could be, but this way gives them the most portability.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::supportsDoubleBitops):
+ (JSC::MacroAssemblerARM::andnotDouble):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
+ (JSC::MacroAssemblerARMv7::andnotDouble):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::andnotDouble):
+ (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::supportsDoubleBitops):
+ (JSC::MacroAssemblerSH4::andnotDouble):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::supportsDoubleBitops):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::andnotDouble):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::andnpd_rr):
+ * create_hash_table:
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ (JSC::SpecializedThunkJIT::callDoubleToDouble):
+ * jit/ThunkGenerators.cpp:
+ (JSC::floorThunkGenerator):
+ (JSC::ceilThunkGenerator):
+ (JSC::roundThunkGenerator):
+ (JSC::expThunkGenerator):
+ (JSC::logThunkGenerator):
+ (JSC::absThunkGenerator):
+ * jit/ThunkGenerators.h:
+
+2011-06-30 Cary Clark <caryclark@google.com>
+
+ Reviewed by James Robinson.
+
+ Use Skia if Skia on Mac Chrome is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=62999
+
+ * wtf/Platform.h:
+ Add switch to use Skia if, externally,
+ Skia has been enabled by a gyp define.
+
+2011-06-30 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Web Inspector fails to display source for eval with syntax error
+ https://bugs.webkit.org/show_bug.cgi?id=63583
+
+ Web Inspector now displays a link to an eval statement that contains
+ a syntax error.
+
+ * parser/Parser.h:
+ (JSC::isEvalNode):
+ (JSC::EvalNode):
+ (JSC::Parser::parse):
+
+2011-06-30 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ X86Assembler does not encode byte registers in 64-bit mode correctly.
+ https://bugs.webkit.org/show_bug.cgi?id=63665
+
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::testb_rr):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
+
+2011-06-30 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r90102.
+ http://trac.webkit.org/changeset/90102
+ https://bugs.webkit.org/show_bug.cgi?id=63714
+
+ Lots of tests asserting beneath
+ SVGSMILElement::findInstanceTime (Requested by aroben on
+ #webkit).
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-06-30 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
+
+ Reviewed by Nikolas Zimmermann.
+
+ Speed up SVGSMILElement::findInstanceTime.
+ https://bugs.webkit.org/show_bug.cgi?id=61025
+
+ Add a new parameter to StdlibExtras.h::binarySerarch function
+ to also handle cases when the array does not contain the key value.
+ This is needed for an svg function.
+
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+
+2011-06-29 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63669
+ DFG JIT - fix spectral-norm regression
+
+ The problem is a mis-speculation leading to us falling off the speculative path.
+ Make the speculation logic slightly smarter, don't predict int if one of the
+ operands is already loaded as a double (we use this logic already for compares).
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
+
+2011-06-29 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT does not do put_by_id transition caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63662
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::testPrototype):
+ (JSC::DFG::tryCachePutByID):
+
+2011-06-29 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Added a dummy write barrier emitting function in all the right places in the old JIT
+ https://bugs.webkit.org/show_bug.cgi?id=63667
+
+ SunSpider reports no change.
+
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_put_scoped_var): Do it.
+
+ (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
+ for the sake of the write barrier.
+
+ (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_put_scoped_var): Do it.
+
+ (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
+ for the sake of the write barrier.
+
+ (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
+
+2011-06-29 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT does not perform get_by_id self list caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63605
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::tryBuildGetByIDList):
+ (JSC::DFG::dfgBuildGetByIDList):
+ * dfg/DFGRepatch.h:
+
+2011-06-28 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT lacks array.length caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63505
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::tryAllocate):
+ (JSC::DFG::JITCodeGenerator::selectScratchGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::tryAllocate):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::tryCacheGetByID):
+
+2011-06-28 Pierre Rossi <pierre.rossi@gmail.com>
+
+ Reviewed by Eric Seidel.
+
+ Warnings in JSC's JIT on 32 bit
+ https://bugs.webkit.org/show_bug.cgi?id=63259
+
+ Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
+
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+
+2011-06-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89968.
+ http://trac.webkit.org/changeset/89968
+ https://bugs.webkit.org/show_bug.cgi?id=63581
+
+ Broke chromium windows compile (Requested by jamesr on
+ #webkit).
+
+ * wtf/Platform.h:
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Fix sampling build
+ https://bugs.webkit.org/show_bug.cgi?id=63579
+
+ Gets opcode sampling building again, doesn't seem to work alas
+
+ * bytecode/SamplingTool.cpp:
+ (JSC::SamplingTool::notifyOfScope):
+ * bytecode/SamplingTool.h:
+ (JSC::SamplingTool::SamplingTool):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::enableSampler):
+ * runtime/Executable.h:
+ (JSC::ScriptExecutable::ScriptExecutable):
+
+2011-06-28 Cary Clark <caryclark@google.com>
+
+ Reviewed by James Robinson.
+
+ Use Skia if Skia on Mac Chrome is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=62999
+
+ * wtf/Platform.h:
+ Add switch to use Skia if, externally,
+ Skia has been enabled by a gyp define.
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ ASSERT when launching debug builds with interpreter and jit enabled
+ https://bugs.webkit.org/show_bug.cgi?id=63566
+
+ Add appropriate guards to the various Executable's memory reporting
+ logic.
+
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63563
+ DFG JIT - add support for double arith to speculative path
+
+ Add integer support for div & mod, add double support for div, mod,
+ add, sub & mul, dynamically selecting based on operand types.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::assembler):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
+ (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
+ (JSC::DFG::SpeculateDoubleOperand::index):
+ (JSC::DFG::SpeculateDoubleOperand::fpr):
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Fix interpreter build.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63561
+ DFG JIT - don't always assume integer in relational compare
+
+ If neither operand is known integer, or either is in double representation,
+ then at least use a function call (don't bail off the speculative path).
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
+ (JSC::DFG::SpeculativeJIT::compareIsInteger):
+
+2011-06-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make constant array optimisation less strict about what constitutes a constant
+ https://bugs.webkit.org/show_bug.cgi?id=63554
+
+ Now allow string constants in array literals to actually be considered constant,
+ and so avoid codegen in array literals with strings in them.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addConstantBuffer):
+ (JSC::CodeBlock::constantBuffer):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addConstantBuffer):
+ (JSC::BytecodeGenerator::addStringConstant):
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63560
+ DFG_JIT allow allocation of specific machine registers
+
+ This allow us to allocate the registers necessary to perform x86
+ idiv instructions for div/mod, and may be useful for shifts, too.
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::allocate):
+ (JSC::DFG::GPRResult::GPRResult):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::allocateSpecific):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isInteger):
+
+2011-06-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=55040
+ RegExp constructor returns the argument regexp instead of a new object
+
+ Per 15.10.3.1, our current behaviour is correct if called as a function,
+ but incorrect when called as a constructor.
+
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ (JSC::constructWithRegExpConstructor):
+ * runtime/RegExpConstructor.h:
+
+2011-06-28 Luke Macpherson <macpherson@chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
+ https://bugs.webkit.org/show_bug.cgi?id=63469
+
+ * wtf/MathExtras.h:
+ (defaultMinimumForClamp):
+ Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
+ (defaultMaximumForClamp):
+ Symmetric alias for std::numeric_limits::max()
+ (clampTo):
+ New templated clamping function that supports arbitrary output types.
+ (clampToInteger):
+ Use new clampTo template.
+ (clampToFloat):
+ Use new clampTo template.
+ (clampToPositiveInteger):
+ Use new clampTo template.
+
+2011-06-28 Adam Roben <aroben@apple.com>
+
+ Windows Debug build fix after r89885
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
+ JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
+
+2011-06-28 Shinya Kawanaka <shinyak@google.com>
+
+ Reviewed by Kent Tamura.
+
+ Add const to show() method in WTFString and AtomicString.
+ https://bugs.webkit.org/show_bug.cgi?id=63515
+
+ The lack of const in show() method is painful when
+ doing something like printf-debug.
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::AtomicString::show):
+ * wtf/text/AtomicString.h:
+ * wtf/text/WTFString.cpp:
+ (String::show):
+ * wtf/text/WTFString.h:
+
+2011-06-27 Ryosuke Niwa <rniwa@webkit.org>
+
+ Build fix attempt after r89885.
+
+ * JavaScriptCore.exp:
+ * jsc.cpp:
+
+2011-06-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Support throwing away non-running code even while other code is running
+ https://bugs.webkit.org/show_bug.cgi?id=63485
+
+ Add a function to CodeBlock to support unlinking direct linked callsites,
+ and then with that in place add logic to discard code from any function
+ that is not currently on the stack.
+
+ The unlinking completely reverts any optimized call sites, such that they
+ may be relinked again in future.
+
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::unlinkCalls):
+ (JSC::CodeBlock::clearEvalCache):
+ * bytecode/CodeBlock.h:
+ (JSC::CallLinkInfo::CallLinkInfo):
+ (JSC::CallLinkInfo::unlink):
+ * bytecode/EvalCodeCache.h:
+ (JSC::EvalCodeCache::clear):
+ * heap/Heap.cpp:
+ (JSC::Heap::getConservativeRegisterRoots):
+ * heap/Heap.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITWriteBarrier.h:
+ (JSC::JITWriteBarrierBase::clear):
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionReleaseExecutableMemory):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::unlinkCalls):
+ (JSC::ProgramExecutable::unlinkCalls):
+ (JSC::FunctionExecutable::discardCode):
+ (JSC::FunctionExecutable::unlinkCalls):
+ * runtime/Executable.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::SafeRecompiler::returnValue):
+ (JSC::SafeRecompiler::operator()):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+
+2011-06-27 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Darin Adler & Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=50554
+ RegExp.prototype.toString does not escape slashes
+
+ The problem here is that we don't escape forwards slashes when converting
+ a RegExp to a string. This means that RegExp("/").toString() is "///",
+ which is not a valid RegExp literal. Also, we return an invalid literal
+ for RegExp.prototype.toString() ("//", which is an empty single-line comment).
+
+ From ES5:
+ "NOTE: The returned String has the form of a RegularExpressionLiteral that
+ evaluates to another RegExp object with the same behaviour as this object."
+
+ * runtime/RegExpObject.cpp:
+ (JSC::regExpObjectSource):
+ - Escape forward slashes when getting the source of a RegExp.
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncToString):
+ - Remove unnecessary and erroneous hack to return "//" as the string
+ representation of RegExp.prototype. This is not a valid RegExp literal
+ (it is an empty single-line comment).
+
+2011-06-27 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63497
+ Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-27 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
+ https://bugs.webkit.org/show_bug.cgi?id=63392
+
+ When both TextPosition.h and XPathGrammar.h are included a compile-error
+ is caused, since XPathGrammar.h defines a macro called NUMBER and
+ TextPosition has a typedef named NUMBER.
+
+ * wtf/text/TextPosition.h:
+ (WTF::TextPosition::TextPosition):
+ (WTF::TextPosition::minimumPosition):
+ (WTF::TextPosition::belowRangePosition):
+
+2011-06-27 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG JIT does not perform put_by_id caching.
+ https://bugs.webkit.org/show_bug.cgi?id=63409
+
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedPutById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgRepatchByIdSelfAccess):
+ (JSC::DFG::tryCacheGetByID):
+ (JSC::DFG::appropriatePutByIdFunction):
+ (JSC::DFG::tryCachePutByID):
+ (JSC::DFG::dfgRepatchPutByID):
+ * dfg/DFGRepatch.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-27 Gustavo Noronha Silva <gns@gnome.org>
+
+ Unreviewed build fix. One more filed missing during distcheck, for
+ the MIPS build.
+
+ * GNUmakefile.list.am:
+
+2011-06-26 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
+ https://bugs.webkit.org/show_bug.cgi?id=63347
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ - Changed arithmetic operations to speculate in favor of integers.
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+ (JSC::DFG::NonSpeculativeJIT::basicArithOp):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.cpp:
+ - Added slow-path routines for arithmetic that perform no speculation; the
+ non-speculative JIT will generate calls to these in cases where its
+ speculation fails.
+ * dfg/DFGOperations.h:
+
+2011-06-24 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Rob Buis.
+
+ Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
+ https://bugs.webkit.org/show_bug.cgi?id=59085
+
+ * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
+
+2011-06-24 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
+ https://bugs.webkit.org/show_bug.cgi?id=63345
+
+ The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
+ return 9 and 10 bit quantities, therefore changed their return type from
+ uint8_t to uint16_t. Also casted the places where they are used as they
+ are currently shifted and used as 7 or 8 bit values.
+
+ These methods are currently used for literals for stack offsets,
+ including creating and destroying stack frames. The prior truncation of
+ the upper bits caused stack frames to be too small, thus allowing a
+ JIT'ed function to access and overwrite stack space outside of the
+ incorrectly sized stack frame.
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMThumbImmediate::getUInt9):
+ (JSC::ARMThumbImmediate::getUInt10):
+ (JSC::ARMv7Assembler::add):
+ (JSC::ARMv7Assembler::ldr):
+ (JSC::ARMv7Assembler::str):
+ (JSC::ARMv7Assembler::sub):
+ (JSC::ARMv7Assembler::sub_S):
+
+2011-06-24 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
+ https://bugs.webkit.org/show_bug.cgi?id=63015
+
+ Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
+ min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList(). These
+ adjustments are a bug. These need to reflect the pages that are released
+ in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
+ Made ReleaseFreeList a member of TCMalloc_PageHeap in the process. Updated
+ Check() and helper method CheckList() to check the number of actual free pages
+ with free_committed_pages_.
+
+ The symptom of the problem of the existing code is that the scavenger may
+ run unneccesarily without any real work to do, i.e. pages on the free lists.
+ The scanvenger would also end up freeing too many pages, that is going below
+ the current 528 target free pages.
+
+ Note that the style of the changes was kept consistent with the
+ existing style.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::Check):
+ (WTF::TCMalloc_PageHeap::CheckList):
+ (WTF::TCMalloc_PageHeap::ReleaseFreeList):
+
+2011-06-24 Abhishek Arya <inferno@chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Match other clampTo* functions in style with clampToInteger(float)
+ function.
+ https://bugs.webkit.org/show_bug.cgi?id=53449
+
+ * wtf/MathExtras.h:
+ (clampToInteger):
+ (clampToFloat):
+ (clampToPositiveInteger):
+
+2011-06-24 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89594.
+ http://trac.webkit.org/changeset/89594
+ https://bugs.webkit.org/show_bug.cgi?id=63316
+
+ It broke 5 tests on the Qt bot (Requested by Ossy_DC on
+ #webkit).
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * icu/unicode/uscript.h: Removed.
+ * wtf/unicode/ScriptCodesFromICU.h: Removed.
+ * wtf/unicode/brew/UnicodeBrew.h:
+ * wtf/unicode/glib/UnicodeGLib.h:
+ * wtf/unicode/icu/UnicodeIcu.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+ * wtf/unicode/wince/UnicodeWinCE.h:
+
+2011-06-23 Filip Pizlo <fpizlo@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
+ https://bugs.webkit.org/show_bug.cgi?id=63173
+
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::cachedGetById):
+ * dfg/DFGJITCodeGenerator.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-23 Oliver Hunt <oliver@apple.com>
+
+ Fix Qt again.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readPointer):
+
+2011-06-23 Oliver Hunt <oliver@apple.com>
+
+ Fix Qt Build
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readPointer):
+
+2011-06-23 Stephanie Lewis <slewis@apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63298
+ Replace Malloc with FastMalloc to match the rest of wtf.
+
+ * wtf/BlockStack.h:
+ (WTF::::~BlockStack):
+ (WTF::::grow):
+ (WTF::::shrink):
+
+2011-06-23 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add the ability to dynamically modify linked call sites
+ https://bugs.webkit.org/show_bug.cgi?id=63291
+
+ Add JITWriteBarrier as a writebarrier class that allows
+ reading and writing directly into the code stream.
+
+ This required adding logic to all the assemblers to allow
+ us to read values back out of the instruction stream.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::readPointer):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::readPointer):
+ (JSC::ARMv7Assembler::readInt32):
+ (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
+ (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::readPointer):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::readInt32):
+ (JSC::MIPSAssembler::readPointer):
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::MacroAssemblerCodePtr::operator!):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::readPCrelativeAddress):
+ (JSC::SH4Assembler::readPointer):
+ (JSC::SH4Assembler::readInt32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::readPointer):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::MethodCallLinkInfo::seenOnce):
+ (JSC::MethodCallLinkInfo::setSeen):
+ * heap/MarkStack.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::patchMethodCallProto):
+ * jit/JITPropertyAccess32_64.cpp:
+ * jit/JITWriteBarrier.h: Added.
+ (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
+ (JSC::JITWriteBarrierBase::operator!):
+ (JSC::JITWriteBarrierBase::setFlagOnBarrier):
+ (JSC::JITWriteBarrierBase::isFlagged):
+ (JSC::JITWriteBarrierBase::setLocation):
+ (JSC::JITWriteBarrierBase::location):
+ (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
+ (JSC::JITWriteBarrierBase::set):
+ (JSC::JITWriteBarrierBase::get):
+ (JSC::JITWriteBarrier::JITWriteBarrier):
+ (JSC::JITWriteBarrier::set):
+ (JSC::JITWriteBarrier::get):
+ (JSC::MarkStack::append):
+
+2011-06-23 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61585
+ Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
+
+ This is due to use of int instead of unsigned, bad math around
+ the 2^31 boundary.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+ - Change some uses of int to unsigned, refactor compare logic to
+ restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generate):
+ (JSC::Yarr::YarrGenerator::backtrack):
+ - Ditto.
+
+2011-06-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=63218
+ DFG JIT - remove machine type guarantees from graph
+
+ The DFG JIT currently makes assumptions about the types of machine registers
+ that certain nodes will be loaded into. This will be broken as we generate
+ nodes to produce both integer and double code paths. Remove int<->double
+ conversions nodes. This design decision also gave rise to multiple types of
+ constant nodes, requiring separate handling for each type. Merge these back
+ into JSConstant.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getToInt32):
+ (JSC::DFG::ByteCodeParser::getToNumber):
+ (JSC::DFG::ByteCodeParser::toInt32):
+ (JSC::DFG::ByteCodeParser::toNumber):
+ (JSC::DFG::ByteCodeParser::isInt32Constant):
+ (JSC::DFG::ByteCodeParser::isDoubleConstant):
+ (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
+ (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
+ (JSC::DFG::ByteCodeParser::one):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::isJSConstant):
+ (JSC::DFG::JITCodeGenerator::isDoubleConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isJSConstant):
+ (JSC::DFG::JITCompiler::isInt32Constant):
+ (JSC::DFG::JITCompiler::isDoubleConstant):
+ (JSC::DFG::JITCompiler::valueOfJSConstant):
+ (JSC::DFG::JITCompiler::valueOfInt32Constant):
+ (JSC::DFG::JITCompiler::valueOfDoubleConstant):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::isConstant):
+ (JSC::DFG::Node::notTakenBytecodeOffset):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-06-23 Jungshik Shin <jshin@chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
+ build files for ports not using ICU.
+ Add icu/unicode/uscript.h for ports using ICU. It's taken from
+ ICU 3.6 (the version used on Mac OS 10.5)
+
+ http://bugs.webkit.org/show_bug.cgi?id=20797
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * icu/unicode/uscript.h: Added for UScriptCode enum.
+ * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
+ * wtf/unicode/icu/UnicodeIcu.h:
+ * wtf/unicode/brew/UnicodeBrew.h:
+ * wtf/unicode/glib/UnicodeGLib.h:
+ * wtf/unicode/qt4/UnicodeQt4.h:
+ * wtf/unicode/wince/UnicodeWinCE.h:
+
+2011-06-23 Ryuan Choi <ryuan.choi@samsung.com>
+
+ Reviewed by Andreas Kling.
+
+ [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
+ https://bugs.webkit.org/show_bug.cgi?id=63228
+
+ * wtf/Platform.h: Add PLATFORM(EFL) guard.
+
+2011-06-23 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89547.
+ http://trac.webkit.org/changeset/89547
+ https://bugs.webkit.org/show_bug.cgi?id=63252
+
+ "Chrmium crash on start" (Requested by yurys on #webkit).
+
+ * wtf/DynamicAnnotations.cpp:
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+ * wtf/DynamicAnnotations.h:
+
+2011-06-23 Timur Iskhodzhanov <timurrrr@google.com>
+
+ Reviewed by David Levin.
+
+ Make dynamic annotations weak symbols and prevent identical code folding by the linker
+ https://bugs.webkit.org/show_bug.cgi?id=62443
+
+ * wtf/DynamicAnnotations.cpp:
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+ * wtf/DynamicAnnotations.h:
+
+2011-06-22 Yael Aharon <yael.aharon@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Add a build flag for building with libxml2 and libxslt.
+ https://bugs.webkit.org/show_bug.cgi?id=63113
+
+ * wtf/Platform.h:
+
+2011-06-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89489.
+ http://trac.webkit.org/changeset/89489
+ https://bugs.webkit.org/show_bug.cgi?id=63203
+
+ Broke chromium mac build on build.webkit.org (Requested by
+ abarth on #webkit).
+
+ * wtf/Platform.h:
+
+2011-06-22 Cary Clark <caryclark@google.com>
+
+ Reviewed by Darin Fisher.
+
+ Use Skia if Skia on Mac Chrome is enabled
+ https://bugs.webkit.org/show_bug.cgi?id=62999
+
+ * wtf/Platform.h:
+ Add switch to use Skia if, externally,
+ Skia has been enabled by a gyp define.
+
+2011-06-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
+
+2011-06-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed the conceit that global variables are local variables when running global code
+ https://bugs.webkit.org/show_bug.cgi?id=63106
+
+ This is required for write barrier correctness.
+
+ SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
+ I was able to reduce the regression with a tiny peephole optimization in
+ the bytecompiler, but not eliminate it. I'm committing this assuming
+ that turning on generational GC will win back at least 0.5%.
+
+ (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
+ the global object's var storage. I considered doing the same kind of
+ optimization in the existing JIT, but it seemed like moving in the wrong
+ direction.)
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addGlobalVar):
+ (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
+ negative indices, since they're no longer negatively offset from the
+ current stack frame.
+
+ Do give global variables monotonically increasing positive indices, since
+ that's much easier to work with.
+
+ Don't limit the number of optimizable global variables, since it's no
+ longer limited by the register file, since they're no longer stored in
+ the register file.
+
+ (JSC::BytecodeGenerator::registerFor): Global code never has any local
+ registers because a var in global code is actually a property of the
+ global object.
+
+ (JSC::BytecodeGenerator::constRegisterFor): Ditto.
+
+ (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
+ propagation and dead code elimination to speed up our compiles and
+ reduce WTFs / minute.
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
+
+ (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
+ global code, since there are none.
+
+ (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
+ in global code (i.e., global vars), since there are some.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::Interpreter):
+ (JSC::Interpreter::dumpRegisters):
+ (JSC::Interpreter::execute):
+ * interpreter/Interpreter.h: Updated for deleted / renamed code.
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
+ data members.
+
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::begin):
+ (JSC::RegisterFile::size):
+ (JSC::RegisterFile::RegisterFile):
+ (JSC::RegisterFile::shrink): Removed all code and comments dealing with
+ global variables stored in the register file.
+
+ (JSC::RegisterFile::grow): Updated for same.
+
+ Also, a slight correctness fix: Test the VM commit end, and not just the
+ in-use end, when checking for stack overflow. In theory, it's invalid to
+ commit past the end of your allocation, even if you never touch that
+ memory. This makes the usable size of the stack slightly smaller. No test
+ because we don't know of any case in practice where this crashes.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::resizeRegisters):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ * runtime/JSGlobalObject.h: Simplified globals to have monotonically
+ increasing indexes, always located in our external storage.
+
+2011-06-21 MORITA Hajime <morrita@google.com>
+
+ Unreviewed, rolling out r89401 and r89403.
+ http://trac.webkit.org/changeset/89401
+ http://trac.webkit.org/changeset/89403
+ https://bugs.webkit.org/show_bug.cgi?id=62970
+
+ Breaks mac build and mistakenly enables the spellcheck API
+
+ * Configurations/FeatureDefines.xcconfig:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-21 Kent Tamura <tkent@chromium.org>
+
+ [Mac] Sort Xcode project files.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-20 MORITA Hajime <morrita@google.com>
+
+ Reviewed by Kent Tamura.
+
+ Spellcheck API should be build-able.
+ https://bugs.webkit.org/show_bug.cgi?id=62970
+
+ No new tests, changing only build related files
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-21 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved 'const' off the global-variable-as-local-variable crack pipe
+ https://bugs.webkit.org/show_bug.cgi?id=63105
+
+ This is necessary for moving the rest of the code off of same.
+
+ Many problems remain in our handling of const. I have fixed none of them.
+
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
+ const to directly implement its unique scoping rules.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
+ for writing, so we don't overwrite const variables.
+
+ (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
+ variables are available as local variables, since this won't be the case
+ once global variables are not available as local variables. Instead, use
+ put_scoped_var in the case where there is no local variable. Like a local
+ variable, put_scoped_var succeeds even though const properties are
+ read-only, since put_scoped_var skips read-only checks. (Yay?)
+
+2011-06-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
+ https://bugs.webkit.org/show_bug.cgi?id=63052
+
+ Release mode only failure, the stack overflow guards were getting there error
+ handling inlined, so that they were essentially causing their own demise.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::updateErrorMessage):
+ (JSC::JSParser::updateErrorWithNameAndMessage):
+
+2011-06-20 Kenneth Russell <kbr@google.com>
+
+ Unreviewed.
+
+ Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
+ https://bugs.webkit.org/show_bug.cgi?id=63022
+
+ * wtf/Platform.h:
+
+2011-06-18 Anders Carlsson <andersca@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
+ https://bugs.webkit.org/show_bug.cgi?id=62940
+
+ Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
+
+ * wtf/PassOwnArrayPtr.h:
+ (WTF::PassOwnArrayPtr::operator=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator=):
+ * wtf/PassRefPtr.h:
+ (WTF::PassRefPtr::operator=):
+ (WTF::NonNullPassRefPtr::operator=):
+
+2011-06-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ REGRESSION (r79060): Searching for a flight at united.com fails
+ https://bugs.webkit.org/show_bug.cgi?id=63003
+
+ This original change also broke Twitter, and we attempted to refine the fix to
+ address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
+ we need to revert the change until we understand the problem better.
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+
+2011-06-20 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ No context for javascript parse errors.
+ https://bugs.webkit.org/show_bug.cgi?id=62613
+
+ Parse errors now show more details like:
+ "Unexpected token: ]"
+ or
+ "Expected token: while"
+
+ For reserved names, numbers, indentifiers, strings, lexer errors,
+ and EOFs, the following error messages are printed:
+
+ "Use of reserved word: super"
+ "Unexpected number: 42"
+ "Unexpected identifier: "
+ "Unexpected string: "foobar""
+ "Invalid token character sequence: \u4023"
+ "Unexpected EOF"
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::consume):
+ (JSC::JSParser::getToken):
+ (JSC::JSParser::getTokenName):
+ (JSC::JSParser::updateErrorMessageSpecialCase):
+ (JSC::JSParser::updateErrorMessage):
+ (JSC::JSParser::updateErrorWithNameAndMessage):
+ (JSC::jsParse):
+ (JSC::JSParser::JSParser):
+ (JSC::JSParser::parseProgram):
+ (JSC::JSParser::parseVarDeclarationList):
+ (JSC::JSParser::parseForStatement):
+ (JSC::JSParser::parseBreakStatement):
+ (JSC::JSParser::parseContinueStatement):
+ (JSC::JSParser::parseWithStatement):
+ (JSC::JSParser::parseTryStatement):
+ (JSC::JSParser::parseStatement):
+ (JSC::JSParser::parseFormalParameters):
+ (JSC::JSParser::parseFunctionInfo):
+ (JSC::JSParser::parseAssignmentExpression):
+ (JSC::JSParser::parsePrimaryExpression):
+ (JSC::JSParser::parseMemberExpression):
+ (JSC::JSParser::parseUnaryExpression):
+ * parser/JSParser.h:
+ * parser/Lexer.cpp:
+ (JSC::Lexer::lex):
+ * parser/Parser.cpp:
+ (JSC::Parser::parse):
+
+2011-06-20 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Rob Buis.
+
+ Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
+ https://bugs.webkit.org/show_bug.cgi?id=59085
+
+ * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
+
+2011-06-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Correct logic for putting errors on the correct line when handling JSONP
+ https://bugs.webkit.org/show_bug.cgi?id=62962
+
+ Minor fix for the minor fix. *sigh*
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+
+2011-06-19 Oliver Hunt <oliver@apple.com>
+
+ Minor fix to correct layout test results.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+
+2011-06-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ JSONP is unnecessarily slow
+ https://bugs.webkit.org/show_bug.cgi?id=62920
+
+ JSONP has unfortunately become a fairly common idiom online, yet
+ it triggers very poor performance in JSC as we end up doing codegen
+ for a large number of property accesses that will
+ * only be run once, so the vast amount of logic we dump to handle
+ caching of accesses is unnecessary.
+ * We are doing codegen that is directly proportional to just
+ creating the object in the first place.
+
+ This patch extends the use of the literal parser to JSONP-like structures
+ in global code, handling a number of different forms I have seen online.
+ In an extreme case this improves performance of JSONP by more than 2x
+ due to removal of code generation and execution time, and a few optimisations
+ that I made to the parser itself.
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * parser/Lexer.cpp:
+ (JSC::Lexer::isKeyword):
+ * parser/Lexer.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::makeIdentifier):
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::next):
+ (JSC::isSafeStringCharacter):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+
+2011-06-18 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r89184.
+ http://trac.webkit.org/changeset/89184
+ https://bugs.webkit.org/show_bug.cgi?id=62927
+
+ It broke 22 tests on all bot (Requested by Ossy_weekend on
+ #webkit).
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * parser/Lexer.cpp:
+ * parser/Lexer.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::isSafeStringCharacter):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+ (JSC::LiteralParser::Lexer::next):
+
+2011-06-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ JSONP is unnecessarily slow
+ https://bugs.webkit.org/show_bug.cgi?id=62920
+
+ JSONP has unfortunately become a fairly common idiom online, yet
+ it triggers very poor performance in JSC as we end up doing codegen
+ for a large number of property accesses that will
+ * only be run once, so the vast amount of logic we dump to handle
+ caching of accesses is unnecessary.
+ * We are doing codegen that is directly proportional to just
+ creating the object in the first place.
+
+ This patch extends the use of the literal parser to JSONP-like structures
+ in global code, handling a number of different forms I have seen online.
+ In an extreme case this improves performance of JSONP by more than 2x
+ due to removal of code generation and execution time, and a few optimisations
+ that I made to the parser itself.
+
+ * API/JSValueRef.cpp:
+ (JSValueMakeFromJSONString):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ (JSC::Interpreter::execute):
+ * parser/Lexer.cpp:
+ (JSC::Lexer::isKeyword):
+ * parser/Lexer.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONProtoFuncParse):
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser::tryJSONPParse):
+ (JSC::LiteralParser::makeIdentifier):
+ (JSC::LiteralParser::Lexer::lex):
+ (JSC::LiteralParser::Lexer::next):
+ (JSC::isSafeStringCharacter):
+ (JSC::LiteralParser::Lexer::lexString):
+ (JSC::LiteralParser::Lexer::lexNumber):
+ (JSC::LiteralParser::parse):
+ * runtime/LiteralParser.h:
+ (JSC::LiteralParser::LiteralParser):
+ (JSC::LiteralParser::tryLiteralParse):
+ (JSC::LiteralParser::Lexer::Lexer):
+
+2011-06-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved some property access JIT code into property access JIT files
+ https://bugs.webkit.org/show_bug.cgi?id=62906
+
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitSlow_op_put_by_val):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ (JSC::JIT::emit_op_put_global_var):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_get_global_var):
+ (JSC::JIT::emit_op_put_global_var):
+
+2011-06-17 Anders Carlsson <andersca@apple.com>
+
+ Build fix.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-17 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Leopard build?
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Added some write barrier action, compiled out by default
+ https://bugs.webkit.org/show_bug.cgi?id=62844
+
+ * JavaScriptCore.exp: Build!
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
+ issue with Heap.cpp.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::writeBarrierSlowCase):
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::isAtomAligned):
+ (JSC::MarkedBlock::blockFor):
+ (JSC::MarkedBlock::atomNumber):
+ (JSC::MarkedBlock::ownerSetNumber):
+ (JSC::MarkedBlock::addOldSpaceOwner):
+ (JSC::MarkedBlock::OwnerSet::OwnerSet):
+ (JSC::MarkedBlock::OwnerSet::add):
+ (JSC::MarkedBlock::OwnerSet::clear):
+ (JSC::MarkedBlock::OwnerSet::size):
+ (JSC::MarkedBlock::OwnerSet::didOverflow):
+ (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
+ tracks owners for regions within blocks. Currently unused.
+
+2011-06-17 Raphael Kubo da Costa <kubo@profusion.mobi>
+
+ Reviewed by Eric Seidel.
+
+ [EFL] Add some OwnPtr specializations for EFL types.
+ For now there are specializations for Ecore_Evas and Evas_Object.
+ https://bugs.webkit.org/show_bug.cgi?id=62877
+
+ * wtf/CMakeListsEfl.txt:
+ * wtf/OwnPtrCommon.h:
+ * wtf/efl/OwnPtrEfl.cpp: Added.
+ (WTF::deleteOwnedPtr):
+
+2011-06-17 Joone Hur <joone.hur@collabora.co.uk>
+
+ Reviewed by Martin Robinson.
+
+ [GTK] Replace GdkRectangle by cairo_rectangle_int_t
+ https://bugs.webkit.org/show_bug.cgi?id=60687
+
+ Replace GdkRectangle by cairo_rectangle_int_t.
+
+ * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
+
+2011-06-16 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=53014
+ ES5 strict mode keyword restrictions aren't implemented
+
+ The following are future restricted words is strict mode code:
+ implements, interface, let, package, private, protected, public, static, yield
+
+ * parser/JSParser.h:
+ - Add RESERVED_IF_STRICT token.
+ * parser/Keywords.table:
+ - Add new future restricted words.
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
+ (JSC::Lexer::lex):
+ - Pass strictMode flag to parseIdentifier.
+ * parser/Lexer.h:
+ - parseIdentifier needs a strictMode flag.
+ * runtime/CommonIdentifiers.h:
+ - Add identifiers for new reserved words.
+
+2011-06-16 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=23611
+ Multiline Javascript comments cause incorrect parsing of following script.
+
+ From the spec:
+ "A MultiLineComment [is] simply discarded if it contains no line terminator,
+ but if a MultiLineComment contains one or more line terminators, then it is
+ replaced with a single line terminator, which becomes part of the stream of
+ inputs for the syntactic grammar."
+
+ This may result in behavioural changes, due to automatic semicolon insertion.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseMultilineComment):
+ - Set m_terminator is we see a line terminator in a multiline comment.
+
+2011-06-16 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62824
+ DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
+
+ CompareEq of non-integer values is the most common cause of speculation failure.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
+ - Support Equals.
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
+ - new! - peephole optimized Eq of JSValues.
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Add peephole optimization for CompareEq.
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+ - Add support for dead nodes between compare & branch.
+ (JSC::DFG::SpeculativeJIT::isInteger):
+ - Added to determine which form of peephole to do in CompareEq.
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
+ symbol.
+
+ * bytecode/EvalCodeCache.h:
+ * heap/HandleHeap.h:
+ * heap/HeapRootVisitor.h:
+ * heap/NewSpace.h:
+ * runtime/ArgList.h:
+ * runtime/ScopeChain.h:
+ * runtime/SmallStrings.h:
+ * runtime/Structure.h: Stop forward-declaring things that don't really
+ exist anymore.
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
+ project while crossing my fingers and facing west.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Removed an incorrect symbol on Windows.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Removed an accidental commit from the future.
+
+ * CMakeLists.txt:
+
+2011-06-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Introduced SlotVisitor into the project
+ https://bugs.webkit.org/show_bug.cgi?id=62820
+
+ This resolves a class vs typedef forward declaration issue, and gives all
+ exported symbols the correct names.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build!
+
+ * bytecode/EvalCodeCache.h:
+ * heap/HandleHeap.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
+ clients operate on a MarkStack.
+
+ * heap/MarkStack.cpp:
+ (JSC::SlotVisitor::visitChildren):
+ (JSC::SlotVisitor::drain):
+ * heap/SlotVisitor.h: Added.
+ (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
+ inheritance to give SlotVisitor all the attributes of MarkStack without
+ making this change giant. Over time, we will move more behavior into
+ SlotVisitor and its subclasses.
+
+ * heap/MarkStack.h:
+ * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
+ clients operate on a MarkStack.
+
+ * runtime/ArgList.h:
+ * runtime/JSCell.h:
+ * runtime/JSObject.h:
+ * runtime/ScopeChain.h:
+ * runtime/SmallStrings.h:
+ * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
+ clients operate on a MarkStack.
+
+2011-06-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Reduce memory usage of resolve_global
+ https://bugs.webkit.org/show_bug.cgi?id=62765
+
+ If we have a large number of resolve_globals in a single
+ block start planting plain resolve instructions instead
+ whenever we aren't in a loop. This allows us to reduce
+ the code size for extremely large functions without
+ losing the performance benefits of op_resolve_global.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::globalResolveInfoCount):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ * bytecompiler/BytecodeGenerator.h:
+
+2011-06-16 Qi Zhang <qi.2.zhang@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Fix building with CONFIG(use_system_icu)
+ https://bugs.webkit.org/show_bug.cgi?id=62744
+
+ Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
+
+ * wtf/Platform.h:
+
+2011-06-15 Darin Adler <darin@apple.com>
+
+ Reviewed by Adam Barth.
+
+ Remove obsolete LOOSE_OWN_PTR code
+ https://bugs.webkit.org/show_bug.cgi?id=59909
+
+ The internal Apple dependency on this is gone now.
+
+ * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
+ set function that takes a raw pointer.
+
+ * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
+ set functino that takes a raw pointer.
+
+ * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
+ and assignment operator that takes a nullptr unconditional.
+ Made constructor that takes a raw pointer private and explicit,
+ and removed assignment operator that takes a raw pointer.
+
+ * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
+ unconditional. Made constructor that takes a raw pointer private
+ and explicit, and removed assignment operator that takes a raw pointer.
+
+2011-06-15 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Geoffrey Garen and Gavin Barraclough.
+
+ Make access-nseive ~9x faster on the non-speculative path by
+ adding special casing for doubles that can lossless-ly be converted
+ to a uint32_t in getByVal and putByVal. This avoids calls to stringification
+ and the hash lookup. Long term, we should try and get property of a getByVal
+ and putByVal to be an integer immediate even in the non-speculative path.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::putByVal):
+ (JSC::DFG::operationPutByValInternal):
+
+2011-06-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ REGRESSION (r88719): 5by5.tv schedule is not visible
+ https://bugs.webkit.org/show_bug.cgi?id=62720
+
+ Problem here is that the lexer wasn't considering '$' to be
+ a valid character in an identifier.
+
+ * parser/Lexer.h:
+ (JSC::Lexer::lexExpectIdentifier):
+
+2011-06-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Reduce the size of global_resolve
+ https://bugs.webkit.org/show_bug.cgi?id=62738
+
+ Reduce the code size of global_resolve in the JIT by replacing
+ multiple pointer loads with a single pointer move + two offset
+ loads.
+
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_resolve_global):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_resolve_global):
+
+2011-06-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Fixed an inavlid ASSERT I found while investigating
+ <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
+ https://bugs.webkit.org/show_bug.cgi?id=62699
+
+ No test since we don't know of a way to get WebCore to deallocate the
+ next-to-finalize handle, which is also the last handle in the list,
+ while finalizing the second-to-last handle in the list.
+
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
+ non-0 next() after updating it, since it is valid to update m_nextToFinalize
+ to point to the tail sentinel.
+
+ Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
+ since it is not valid to update m_nextToFinalize to point past the tail
+ sentinel.
+
+ Also, use m_nextToFinalize consistently for clarity.
+
+2011-06-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=43841
+ SegmentedVector::operator== typo
+
+ * wtf/SegmentedVector.h:
+ (WTF::SegmentedVectorIterator::operator==):
+ (WTF::SegmentedVectorIterator::operator!=):
+
+2011-06-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Constant array literals result in unnecessarily large amounts of code
+ https://bugs.webkit.org/show_bug.cgi?id=62658
+
+ Add a new version of op_new_array that simply copies values from a buffer
+ we hang off of the CodeBlock, rather than generating code to place each
+ entry into the registerfile, and then copying it from the registerfile into
+ the array. This is a slight improvement on some sunspider tests, but no
+ measurable overall change. That's okay though as our goal was to reduce
+ code size without hurting performance.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addImmediateBuffer):
+ (JSC::CodeBlock::immediateBuffer):
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addImmediateBuffer):
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+ (JSC::JIT::emit_op_new_array_buffer):
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+
+2011-06-14 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r88841.
+ http://trac.webkit.org/changeset/88841
+ https://bugs.webkit.org/show_bug.cgi?id=62672
+
+ Caused many tests to crash (Requested by rniwa on #webkit).
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_new_array):
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+
+2011-06-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Constant array literals result in unnecessarily large amounts of code
+ https://bugs.webkit.org/show_bug.cgi?id=62658
+
+ Add a new version of op_new_array that simply copies values from a buffer
+ we hang off of the CodeBlock, rather than generating code to place each
+ entry into the registerfile, and then copying it from the registerfile into
+ the array. This is a slight improvement on some sunspider tests, but no
+ measurable overall change. That's okay though as our goal was to reduce
+ code size without hurting performance.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addImmediateBuffer):
+ (JSC::CodeBlock::immediateBuffer):
+ * bytecode/Opcode.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addImmediateBuffer):
+ (JSC::BytecodeGenerator::emitNewArray):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ArrayNode::emitBytecode):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+ (JSC::JIT::emit_op_new_array_buffer):
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+
+2011-06-14 Stephanie Lewis <slewis@apple.com>
+
+ Rubber stamped by Oliver Hunt.
+
+ <rdar://problem/9511169>
+ Update order files.
+
+ * JavaScriptCore.order:
+
+2011-06-14 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Geoffrey Garen.
+
+ Fix dumping of constants to have the correct constant number.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+
+2011-06-14 Benjamin Poulain <benjamin@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ KeywordLookupGenerator's Trie does not work with Python 3
+ https://bugs.webkit.org/show_bug.cgi?id=62635
+
+ With Python 3, dict.items() return an iterator. Since the iterator
+ protocol changed between Python 2 and 3, the easiest way to get the
+ values is to have something that use the iterator implicitely, like a
+ for() loop.
+
+ * KeywordLookupGenerator.py:
+
+2011-06-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Fix llocp and lvalp names in the lexer to something more meaningful
+ https://bugs.webkit.org/show_bug.cgi?id=62605
+
+ A simple rename
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ (JSC::Lexer::parseString):
+ (JSC::Lexer::lex):
+ * parser/Lexer.h:
+ (JSC::Lexer::lexExpectIdentifier):
+
+2011-06-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make it possible to inline the common case of identifier lexing
+ https://bugs.webkit.org/show_bug.cgi?id=62600
+
+ Add a lexing function that expects to lex an "normal" alpha numeric
+ identifier (that ignores keywords) so it's possible to inline the
+ common parsing cases. This comes out as a reasonable parsing speed
+ boost.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::nextExpectIdentifier):
+ (JSC::JSParser::parseProperty):
+ (JSC::JSParser::parseMemberExpression):
+ * parser/Lexer.cpp:
+ * parser/Lexer.h:
+ (JSC::Lexer::makeIdentifier):
+ (JSC::Lexer::lexExpectIdentifier):
+
+2011-06-13 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ Distcheck fixes.
+
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+
+2011-06-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Make it possible to inline Identifier::equal
+ https://bugs.webkit.org/show_bug.cgi?id=62584
+
+ Move Identifier::equal to the Identifier header file.
+
+ * runtime/Identifier.cpp:
+ * runtime/Identifier.h:
+ (JSC::Identifier::equal):
+
+2011-06-13 Tony Chang <tony@chromium.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
+ https://bugs.webkit.org/show_bug.cgi?id=62578
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-13 Tony Chang <tony@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
+ https://bugs.webkit.org/show_bug.cgi?id=62545
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-12 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(JIT) after r88604.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+
+2011-06-11 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16777
+
+ Remove #define NaN per Darin's comments.
+
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::parseIntOverflow):
+ (JSC::parseInt):
+ (JSC::jsStrDecimalLiteral):
+ (JSC::jsToNumber):
+ (JSC::parseFloat):
+ * wtf/DateMath.cpp:
+ (WTF::equivalentYearForDST):
+ (WTF::parseES5DateFromNullTerminatedCharacters):
+ (WTF::parseDateFromNullTerminatedCharacters):
+ (WTF::timeClip):
+ (JSC::parseDateFromNullTerminatedCharacters):
+
+2011-06-11 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62503
+ Remove JIT_OPTIMIZE_* switches
+
+ The alternative code paths are untested, and not well maintained.
+ These were useful when there was more churn in the JIT, but now
+ are a maintenance overhead. Time to move on, removing.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkConstruct):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ * jit/JITCall32_64.cpp:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::softModulo):
+ * jit/JITPropertyAccess.cpp:
+ * jit/JITPropertyAccess32_64.cpp:
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/Lookup.h:
+ * wtf/Platform.h:
+
+2011-06-10 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=16777
+ Eliminate JSC::NaN and JSC::Inf
+
+ There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
+ The ones in std::numeric_limits are perfectly good.
+ Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::toNumber):
+ * API/JSValueRef.cpp:
+ (JSValueMakeNumber):
+ (JSValueToNumber):
+ * JavaScriptCore.exp:
+ * runtime/CachedTranscendentalFunction.h:
+ (JSC::CachedTranscendentalFunction::initialize):
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ * runtime/DateInstanceCache.h:
+ (JSC::DateInstanceData::DateInstanceData):
+ (JSC::DateInstanceCache::reset):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::getPrimitiveNumber):
+ (JSC::JSCell::JSValue::toNumber):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::resetDateCache):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncParseInt):
+ (JSC::globalFuncIsFinite):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toNumber):
+ * runtime/JSValue.cpp:
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::jsNaN):
+ * runtime/MathObject.cpp:
+ (JSC::mathProtoFuncMax):
+ (JSC::mathProtoFuncMin):
+ * runtime/NumberConstructor.cpp:
+ (JSC::numberConstructorNegInfinity):
+ (JSC::numberConstructorPosInfinity):
+ * runtime/NumberPrototype.cpp:
+ (JSC::numberProtoFuncToExponential):
+ (JSC::numberProtoFuncToFixed):
+ (JSC::numberProtoFuncToPrecision):
+ (JSC::numberProtoFuncToString):
+ * runtime/UString.cpp:
+ * wtf/DecimalNumber.h:
+ (WTF::DecimalNumber::DecimalNumber):
+ * wtf/dtoa.cpp:
+ (WTF::dtoa):
+
+2011-06-10 Tony Chang <tony@chromium.org>
+
+ Reviewed by Ojan Vafai.
+
+ add a compile guard ENABLE(FLEXBOX)
+ https://bugs.webkit.org/show_bug.cgi?id=62049
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-10 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=55347
+ "name" and "message" enumerable on *Error.prototype
+
+ This arises from chapter 15 of the spec:
+ "Every other property described in this clause has the attributes
+ { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
+ unless otherwise specified."
+ Standardized properties are not enumerable.
+
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+
+2011-06-09 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Corrected header spelling.
+
+ * heap/OldSpace.h:
+
+2011-06-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Added OldSpace to the project
+ https://bugs.webkit.org/show_bug.cgi?id=62417
+
+ Currently unused.
+
+ Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
+ per-block flag for testing whether you're in NewSpace vs OldSpace.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build!
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::inNewSpace):
+ (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
+ write barrier.
+
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::addBlock):
+ (JSC::NewSpace::removeBlock):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
+ NewSpace-specific operations.
+
+ * heap/OldSpace.cpp: Added.
+ (JSC::OldSpace::OldSpace):
+ (JSC::OldSpace::addBlock):
+ (JSC::OldSpace::removeBlock):
+ * heap/OldSpace.h: Added.
+ (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
+ Not in use yet.
+
+2011-06-09 Hyowon Kim <hw1008.kim@samsung.com>
+
+ Reviewed by Antonio Gomes.
+
+ [EFL] Make accelerated compositing build in Webkit-EFL
+ https://bugs.webkit.org/show_bug.cgi?id=62361
+
+ Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
+
+ * wtf/Platform.h:
+
+2011-06-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 62405 - Fix integer overflow in Array.prototype.push
+
+ Fix geoff's review comments re static_cast.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPush):
+
+2011-06-09 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Factored MarkedBlock set management into a helper class with a fast case Bloom filter
+ https://bugs.webkit.org/show_bug.cgi?id=62413
+
+ SunSpider reports a small speedup.
+
+ This is in preparation for having ConservativeSet operate on arbitrary
+ sets of MarkedBlocks, and in preparation for conservative scanning
+ becoming proportionally more important than other GC activities.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
+
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::add):
+ * heap/ConservativeRoots.h:
+ (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
+ directly, instead of a Heap, so we can operate on subsets of the Heap
+ instead.
+
+ Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
+ is particularly important since we expect not to find our subject pointer
+ in the MarkedBlock hash, and hash misses are more expensive than typical
+ hash lookups because they have high collision rates.
+
+ No need for single-pointer add() to be public anymore, since nobody uses it.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
+ ConservativeRoots relies on.
+
+ Nixed contains(), since nobody uses it anymore.
+
+ * heap/MarkedBlock.h:
+ (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
+ the VM layout properties of MarkedBlocks.
+
+ * heap/MarkedBlockSet.h: Added.
+ (JSC::MarkedBlockSet::add):
+ (JSC::MarkedBlockSet::remove):
+ (JSC::MarkedBlockSet::recomputeFilter):
+ (JSC::MarkedBlockSet::filter):
+ (JSC::MarkedBlockSet::set):
+ * heap/TinyBloomFilter.h: Added.
+ (JSC::TinyBloomFilter::TinyBloomFilter):
+ (JSC::TinyBloomFilter::add):
+ (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
+ exclude values by tag -- the tiny bloom filter is already a register-register
+ compare, so adding another "rule out" factor just slows things down.
+
+2011-06-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 62405 - Fix integer overflow in Array.prototype.push
+
+ There are three integer overflows here, leading to safe (not a security risk)
+ but incorrect (non-spec-compliant) behaviour.
+
+ Two overflows occur when calculating the new length after pushing (one in the
+ fast version of push in JSArray, one in the generic version in ArrayPrototype).
+ The other occurs calculating indices to write to when multiple items are pushed.
+
+ These errors result in three test-262 failures.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncPush):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::put):
+ (JSC::JSArray::push):
+
+2011-06-09 Dan Bernstein <mitz@apple.com>
+
+ Reviewed by Anders Carlsson.
+
+ Add Vector::reverse()
+ https://bugs.webkit.org/show_bug.cgi?id=62393
+
+ * wtf/Vector.h:
+ (WTF::Vector::reverse): Added
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Factored a bunch of Heap functionality into stand-alone functors
+ https://bugs.webkit.org/show_bug.cgi?id=62337
+
+ This is in preparation for making these functors operate on arbitrary
+ sets of MarkedBlocks.
+
+ * JavaScriptCore.exp: This file is a small tragedy.
+
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
+
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
+ strong handles, so we can play along in the functor game.
+
+ * heap/Heap.cpp:
+ (JSC::CountFunctor::CountFunctor::CountFunctor):
+ (JSC::CountFunctor::CountFunctor::count):
+ (JSC::CountFunctor::CountFunctor::returnValue):
+ (JSC::CountFunctor::ClearMarks::operator()):
+ (JSC::CountFunctor::ResetAllocator::operator()):
+ (JSC::CountFunctor::Sweep::operator()):
+ (JSC::CountFunctor::MarkCount::operator()):
+ (JSC::CountFunctor::Size::operator()):
+ (JSC::CountFunctor::Capacity::operator()):
+ (JSC::CountFunctor::Count::operator()):
+ (JSC::CountFunctor::CountIfGlobalObject::operator()):
+ (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
+ (JSC::CountFunctor::TakeIfEmpty::operator()):
+ (JSC::CountFunctor::TakeIfEmpty::returnValue):
+ (JSC::CountFunctor::RecordType::RecordType):
+ (JSC::CountFunctor::RecordType::typeName):
+ (JSC::CountFunctor::RecordType::operator()):
+ (JSC::CountFunctor::RecordType::returnValue): These functors factor out
+ behavior that used to be in the functions below.
+
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::protectedGlobalObjectCount):
+ (JSC::Heap::protectedObjectCount):
+ (JSC::Heap::protectedObjectTypeCounts):
+ (JSC::Heap::objectTypeCounts):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink): Factored out behavior into the functors above.
+
+ * heap/Heap.h:
+ (JSC::Heap::forEachProtectedCell):
+ (JSC::Heap::forEachCell):
+ (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
+ functor-based templates instead of plain iterators because they're simpler
+ to implement in this case and they require a lot less code at the call site.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
+ trivial functors.
+
+ (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
+ we have a few different kind of "for each" now.
+
+ * runtime/JSGlobalData.cpp:
+ (WTF::Recompile::operator()):
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
+
+ * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
+
+2011-06-08 Mikołaj Małecki <m.malecki@samsung.com>
+
+ Reviewed by Pavel Feldman.
+
+ Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
+ https://bugs.webkit.org/show_bug.cgi?id=52791
+
+ No new tests. The problem can be reproduced by trying to create InspectorValue
+ from 1.0e-100 and call ->toJSONString() on this.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ export 2 functions DecimalNumber::bufferLengthForStringExponential and
+ DecimalNumber::toStringExponential.
+
+2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r88404.
+ http://trac.webkit.org/changeset/88404
+ https://bugs.webkit.org/show_bug.cgi?id=62342
+
+ broke win and mac build (Requested by tony^work on #webkit).
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-08 Evan Martin <evan@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ [chromium] use gyp 'settings' type for settings target
+ https://bugs.webkit.org/show_bug.cgi?id=62323
+
+ The 'settings' gyp target type is for targets that exist solely
+ for their settings (no build rules). The comment above this target
+ says it's for this, but it incorrectly uses 'none'.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-08 Sailesh Agrawal <sail@chromium.org>
+
+ Reviewed by Mihai Parparita.
+
+ Chromium Mac: Enable overlay scrollbars
+ https://bugs.webkit.org/show_bug.cgi?id=59756
+
+ Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
+
+ * wtf/Platform.h:
+
+2011-06-08 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add faster lookup cache for multi character identifiers
+ https://bugs.webkit.org/show_bug.cgi?id=62327
+
+ Add a non-hash lookup for mutiple character identifiers. This saves us from
+ adding repeated identifiers to the ParserArena's identifier list as people
+ tend to not start all their variables and properties with the same character
+ and happily identifier locality works in our favour.
+
+ * parser/ParserArena.h:
+ (JSC::IdentifierArena::isEmpty):
+ (JSC::IdentifierArena::clear):
+ (JSC::IdentifierArena::makeIdentifier):
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Took some responsibilities away from NewSpace
+ https://bugs.webkit.org/show_bug.cgi?id=62325
+
+ NewSpace is basically just an allocator now.
+
+ Heap acts as a controller, responsible for managing the set of all
+ MarkedBlocks.
+
+ This is in preparation for moving parts of the controller logic into
+ separate helper classes that can act on arbitrary sets of MarkedBlocks
+ that may or may not be in NewSpace.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::allocate):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::clearMarks):
+ (JSC::Heap::sweep):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::collect):
+ (JSC::Heap::resetAllocator):
+ (JSC::Heap::allocateBlock):
+ (JSC::Heap::freeBlocks):
+ (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
+ along with all functions that operate on the set of MarkedBlocks. Also
+ moved responsibility for deciding whether to allocate a new MarkedBlock,
+ and for allocating it.
+
+ * heap/Heap.h:
+ (JSC::Heap::contains):
+ (JSC::Heap::forEach): Ditto.
+
+ * heap/NewSpace.cpp:
+ (JSC::NewSpace::addBlock):
+ (JSC::NewSpace::removeBlock):
+ (JSC::NewSpace::resetAllocator):
+ * heap/NewSpace.h:
+ (JSC::NewSpace::waterMark):
+ (JSC::NewSpace::allocate): Ditto.
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Some more MarkedSpace => NewSpace renaming
+ https://bugs.webkit.org/show_bug.cgi?id=62305
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.order:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::destroy):
+ (JSC::Heap::reportExtraMemoryCostSlowCase):
+ (JSC::Heap::allocate):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::objectCount):
+ (JSC::Heap::size):
+ (JSC::Heap::capacity):
+ (JSC::Heap::collect):
+ (JSC::Heap::isValidAllocation):
+ * heap/Heap.h:
+ (JSC::Heap::markedSpace):
+ (JSC::Heap::contains):
+ (JSC::Heap::forEach):
+ (JSC::Heap::allocate):
+ * runtime/JSCell.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export macros to profiler headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * profiler/Profiler.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export symbols to parser headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * parser/SourceProviderCache.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export symbols to interpreter headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * interpreter/Interpreter.h:
+
+2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export symbols to debugger headers.
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * debugger/Debugger.h:
+ * debugger/DebuggerCallFrame.h:
+
+2011-06-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
+ https://bugs.webkit.org/show_bug.cgi?id=62268
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.h:
+ * heap/MarkedBlock.h:
+ * heap/MarkedSpace.cpp: Removed.
+ * heap/MarkedSpace.h: Removed.
+ * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
+ * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
+
+2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r88365.
+ http://trac.webkit.org/changeset/88365
+ https://bugs.webkit.org/show_bug.cgi?id=62301
+
+ windows bots broken (Requested by loislo_ on #webkit).
+
+ * JavaScriptCore.exp:
+
+2011-06-08 Ryan Sleevi <rsleevi@chromium.org>
+
+ Reviewed by Tony Chang.
+
+ Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
+
+ Compiling Chromium port under GCC 4.6 produces warnings about nullptr
+ https://bugs.webkit.org/show_bug.cgi?id=62242
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-08 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ Webkit on SPARC Solaris has wrong endian
+ https://bugs.webkit.org/show_bug.cgi?id=29407
+
+ Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
+ there are more ocurrences of the same code pattern in webkit.
+
+ This patch includes the check on these other parts of the code.
+
+ This is a speculative fix, I don't have a sparc machine to test and
+ don't know which kind of test would trigger a crash (but it's quite
+ obvious that it's the same code duplicated in different files).
+
+ * runtime/UString.h:
+ (JSC::UStringHash::equal):
+ * wtf/text/StringHash.h:
+ (WTF::StringHash::equal):
+
+2011-06-08 Yael Aharon <yael.aharon@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Build fix for building QtWebKit inside of Qt.
+ https://bugs.webkit.org/show_bug.cgi?id=62280
+
+ Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
+ into QtWebKit.prl.
+
+ No new tests, as this is just a build fix.
+
+ * JavaScriptCore.pri:
+
+2011-06-07 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Split 'reset' into 'collect' and 'resetAllocator'
+ https://bugs.webkit.org/show_bug.cgi?id=62267
+
+ * heap/Heap.cpp:
+ (JSC::Heap::allocate):
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::collect):
+ * heap/Heap.h:
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::resetAllocator):
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::resetAllocator):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::resetAllocator):
+
+2011-06-07 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Renamed some more marks to visits
+ https://bugs.webkit.org/show_bug.cgi?id=62254
+
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::visitStrongHandles):
+ (JSC::HandleHeap::visitWeakHandles):
+ * heap/HandleHeap.h:
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::visit):
+ * heap/HandleStack.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+ * heap/HeapRootVisitor.h:
+ (JSC::HeapRootVisitor::visit):
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+
+2011-06-07 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig
+
+ https://bugs.webkit.org/show_bug.cgi?id=55537
+ Functions claim to have 'callee' which they actually don't (and shouldn't)
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::getOwnPropertyNames):
+
+2011-06-07 Juan C. Montemayor <jmont@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Make JSStaticFunction and JSStaticValue less "const"
+ https://bugs.webkit.org/show_bug.cgi?id=62222
+
+ * API/JSObjectRef.h:
+ * API/tests/testapi.c:
+ (checkConstnessInJSObjectNames):
+ (main):
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-06-07 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62240
+ DFG JIT - add support for for-loop array initialization.
+
+ Support put by val beyond vector length.
+ Add a operationPutByValBeyondArrayBounds operation, make
+ PutValVal call this if the vector length check fails.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
+ (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
+ (JSC::DFG::JITCodeGenerator::isIntegerConstant):
+ (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationPutByValInternal):
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-06-06 James Simonsen <simonjam@chromium.org>
+
+ Reviewed by James Robinson.
+
+ Add monotonicallyIncreasingTime() to get monotonically increasing time
+ https://bugs.webkit.org/show_bug.cgi?id=37743
+
+ * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
+ (WTF::monotonicallyIncreasingTime):
+ * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
+
+2011-06-06 Alexandru Chiculita <achicu@adobe.com>
+
+ Reviewed by Kent Tamura.
+
+ Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
+ https://bugs.webkit.org/show_bug.cgi?id=61628
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-06 Mihnea Ovidenie <mihnea@adobe.com>
+
+ Reviewed by Kent Tamura.
+
+ Add ENABLE(CSS_REGIONS) guard for CSS Regions support
+ https://bugs.webkit.org/show_bug.cgi?id=61631
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-06-06 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ Unreviewed. Fix the GTK+ build.
+
+ * GNUmakefile.am: Add javascriptcore_cflags variable.
+
+2011-06-04 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
+ to build on Mac.
+
+ * wtf/Platform.h:
+
+2011-06-04 Gustavo Noronha Silva <gns@gnome.org>
+
+ Unreviewed, MIPS build fix.
+
+ WebKitGTK+ tarball fails to build on MIPS.
+ https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
+
+ * GNUmakefile.list.am: Add missing MIPS-related file to the list
+ of files that are added to the tarball on make dist, and fix
+ sorting.
+
+2011-06-04 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Fix formatting of the output generated by KeywordLookupGenerator.py
+ https://bugs.webkit.org/show_bug.cgi?id=62083
+
+ - Uses correct year for copyright.
+ - Puts ending brace on same line as "else if"
+ - Puts starting brace of function on its own line.
+ - Adds some tasteful whitespace.
+ - Adds comments to make clear that scopes are ending
+ - Make macros actually split on two lines.
+
+ * KeywordLookupGenerator.py:
+
+2011-06-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ KeywordLookupGenerator.py spams stdout in Chromium Linux build
+ https://bugs.webkit.org/show_bug.cgi?id=62087
+
+ This action does not appear to be needed.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Lexer needs to provide Identifier for reserved words
+ https://bugs.webkit.org/show_bug.cgi?id=62086
+
+ Alas it is necessary to provide an Identifier reference for keywords
+ so that we can do the right thing when they're used in object literals.
+ We now keep Identifiers for all reserved words in the CommonIdentifiers
+ structure so that we can access them without a hash lookup.
+
+ * KeywordLookupGenerator.py:
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ * parser/Lexer.h:
+ * runtime/CommonIdentifiers.cpp:
+ (JSC::CommonIdentifiers::CommonIdentifiers):
+ * runtime/CommonIdentifiers.h:
+
+2011-06-03 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Add debug code to break on speculation failures.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGNode.h:
+
+2011-06-03 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=62082
+ DFG JIT - bug passing arguments that need swap
+
+ This is really just a typo.
+ When setting up the arguments for a call out to a C operation, we'll
+ fail to swap arguments where this is necessary. For example, in the
+ case of 2 arg calls, where the first argument is in %rdx & the second
+ is in %rsi we should swap (exec will be passed in %rdi), but we don't.
+
+ This can also affect function calls passing three arguments.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
+ - Call swap with the correct arguments.
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Force inlining of some hot lexer functions
+ https://bugs.webkit.org/show_bug.cgi?id=62079
+
+ Fix more GCC stupidity
+
+ * parser/Lexer.h:
+ (JSC::Lexer::isWhiteSpace):
+ (JSC::Lexer::isLineTerminator):
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ GCC not inlining some functions that it really should be
+ https://bugs.webkit.org/show_bug.cgi?id=62075
+
+ Add ALWAYS_INLINE to a number of parsing and lexing functions
+ that should always be inlined. This gets us ~1.4% on my ad hoc
+ parser test.
+
+ * KeywordLookupGenerator.py:
+ * parser/JSParser.cpp:
+ (JSC::JSParser::next):
+ (JSC::JSParser::nextTokenIsColon):
+ (JSC::JSParser::consume):
+ (JSC::JSParser::match):
+ (JSC::JSParser::tokenStart):
+ (JSC::JSParser::tokenLine):
+ (JSC::JSParser::tokenEnd):
+ * parser/Lexer.cpp:
+ (JSC::isIdentPart):
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Whoops, fix last minute bug.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+
+2011-06-03 Martin Robinson <mrobinson@igalia.com>
+
+ Try to fix the GTK+ build.
+
+ * GNUmakefile.am: Clean up some spaces that should be tabs.
+ * GNUmakefile.list.am: Add KeywordLookup.h to the source list
+ and clean up some spaces that should be tabs.
+
+2011-06-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Improve keyword lookup
+ https://bugs.webkit.org/show_bug.cgi?id=61913
+
+ Rather than doing multiple hash lookups as we currently
+ do when trying to identify keywords we now use an
+ automatically generated decision tree (essentially it's
+ a hard coded patricia trie). We still use the regular
+ lookup table for the last few characters of an input as
+ this allows us to completely skip all bounds checks.
+
+ * CMakeLists.txt:
+ * DerivedSources.make:
+ * DerivedSources.pro:
+ * GNUmakefile.am:
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * KeywordLookupGenerator.py: Added.
+ * make-generated-sources.sh:
+ * parser/Lexer.cpp:
+ (JSC::Lexer::internalShift):
+ (JSC::Lexer::shift):
+ (JSC::Lexer::parseIdentifier):
+ * parser/Lexer.h:
+
+2011-06-03 Siddharth Mathur <siddharth.mathur@nokia.com>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Build flag for experimental ICU library support
+ https://bugs.webkit.org/show_bug.cgi?id=60786
+
+ Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental
+ ICU powered Unicode support.
+
+ * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
+ * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE).
+
+2011-06-03 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
+ https://bugs.webkit.org/show_bug.cgi?id=61957
+
+ When building inside the Qt source tree, qmake always append the mkspecs
+ defines after ours. We have to workaround and make sure that we append
+ our flags after the qmake variable used inside Qt. This workaround was provided
+ by our qmake folks. We need to append in both case because qmake behave differently
+ when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
+
+ * JavaScriptCore.pro:
+
+2011-06-02 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Added a method to generate RFC 2822 compliant date strings.
+ https://bugs.webkit.org/show_bug.cgi?id=7169
+
+ * wtf/DateMath.cpp:
+ (WTF::twoDigitStringFromNumber):
+ (WTF::makeRFC2822DateString):
+ * wtf/DateMath.h:
+
+2011-06-02 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
+ https://bugs.webkit.org/show_bug.cgi?id=61957
+
+ When building inside the Qt source tree, qmake always append the mkspecs
+ defines after ours. We have to workaround and make sure that we append
+ our flags after the qmake variable used inside Qt. This workaround was provided
+ by our qmake folks.
+
+ * JavaScriptCore.pro:
+
+2011-06-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add single character lookup cache to IdentifierArena
+ https://bugs.webkit.org/show_bug.cgi?id=61879
+
+ Add a simple lookup cache for single ascii character
+ identifiers. Produces around a 2% improvement in parse
+ time for my adhoc parser test.
+
+ * parser/ParserArena.h:
+ (JSC::IdentifierArena::IdentifierArena):
+ (JSC::IdentifierArena::clear):
+ (JSC::IdentifierArena::makeIdentifier):
+
+2011-05-31 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Freezing a function and its prototype causes browser to crash.
+ https://bugs.webkit.org/show_bug.cgi?id=61758
+
+ Make JSObject::preventExtensions virtual so that we can override it
+ and instantiate all lazy
+
+ * JavaScriptCore.exp:
+ * runtime/JSFunction.cpp:
+ (JSC::createPrototypeProperty):
+ (JSC::JSFunction::preventExtensions):
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSFunction.h:
+ * runtime/JSObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::seal):
+ (JSC::JSObject::seal):
+
+2011-06-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r87788.
+ http://trac.webkit.org/changeset/87788
+ https://bugs.webkit.org/show_bug.cgi?id=61856
+
+ breaks windows chromium canary (Requested by jknotten on
+ #webkit).
+
+ * wtf/DateMath.cpp:
+ (WTF::timeClip):
+ * wtf/DateMath.h:
+
+2011-06-01 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Added a method to generate RFC 2822 compliant date strings.
+ https://bugs.webkit.org/show_bug.cgi?id=7169
+
+ * wtf/DateMath.cpp:
+ (WTF::twoDigitStringFromNumber):
+ (WTF::makeRFC2822DateString):
+ * wtf/DateMath.h:
+
+2011-05-31 Yong Li <yoli@rim.com>
+
+ Reviewed by Eric Seidel.
+
+ https://bugs.webkit.org/show_bug.cgi?id=54807
+ We have been assuming plain bitfields (like "int a : 31") are always signed integers.
+ However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
+ bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
+ http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
+ Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
+ always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
+ rule we should have in order to make our code independent from compilers and compiler flags.
+
+ No new test added because this change is not known to fix any issue.
+
+ * bytecode/StructureStubInfo.h:
+
+2011-05-30 Hojong Han <hojong.han@samsung.com>
+
+ Reviewed by Geoffrey Garen.
+
+ [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
+ https://bugs.webkit.org/show_bug.cgi?id=61416
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch32):
+ * tests/mozilla/ecma/Expressions/11.12-1.js:
+ (getTestCases):
+
+2011-05-29 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Some heap refactoring
+ https://bugs.webkit.org/show_bug.cgi?id=61704
+
+ SunSpider says no change.
+
+ * JavaScriptCore.exp: Export!
+
+ * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
+
+ (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
+
+ (JSC::Heap::allocate): Changed inline allocation code to only select the
+ size class, since this can be optimized out at compile time -- everything
+ else is now inlined into this out-of-line function.
+
+ No need to duplicate ASSERTs made in our caller.
+
+ * heap/Heap.h:
+ (JSC::Heap::heap):
+ (JSC::Heap::isMarked):
+ (JSC::Heap::testAndSetMarked):
+ (JSC::Heap::testAndClearMarked):
+ (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
+ a layer of indirection through MarkedSpace.
+
+ (JSC::Heap::allocate): See above.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::create):
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
+
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::allocate): Updated to match changes above.
+
+2011-05-28 David Kilzer <ddkilzer@apple.com>
+
+ BUILD FIX when building only the interpreter
+
+ Fixes the following compiler warning:
+
+ JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
+ void releaseExecutableMemory(JSGlobalData& globalData)
+ ^
+
+ * jit/ExecutableAllocator.h: Moved declaration of
+ JSC::releaseExecutableMemory().
+
+2011-05-28 David Kilzer <ddkilzer@apple.com>
+
+ BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::linkCode): Added missing argument.
+
+2011-05-27 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ JS API is too aggressive about throwing exceptions for NULL get or set operations
+ https://bugs.webkit.org/show_bug.cgi?id=61678
+
+ * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
+ function that returns a JSValue, so it can fail and still forward to
+ normal property lookup.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
+ access a static property -- just forward the access. This allows objects
+ to observe get/set operations but still let the JS object manage lifetime.
+
+ (JSC::::put): Ditto.
+
+ (JSC::::getStaticValue): Same as JSCallbackObject.h.
+
+ * API/tests/testapi.c:
+ (MyObject_set_nullGetForwardSet):
+ * API/tests/testapi.js: Updated tests to reflect slightly less strict
+ behavior, which matches headerdoc claims.
+
+2011-05-27 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Property caching is too aggressive for API objects
+ https://bugs.webkit.org/show_bug.cgi?id=61677
+
+ * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
+ callback APIs allow the client to change its mind about our propertis at
+ any time.
+
+ * API/tests/testapi.c:
+ (PropertyCatchalls_getProperty):
+ (PropertyCatchalls_setProperty):
+ (PropertyCatchalls_getPropertyNames):
+ (PropertyCatchalls_class):
+ (main):
+ * API/tests/testapi.js: Some tests for dynamic API objects.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::tryCachePutByID):
+ (JSC::Interpreter::tryCacheGetByID):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
+ requires it.
+
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ (JSC::TypeInfo::isFinal):
+ (JSC::TypeInfo::prohibitsPropertyCaching):
+ (JSC::TypeInfo::flags): Added a flag to track opting out of property
+ caching. Fixed an "&&" vs "&" typo that was previously harmless, but
+ is now harmful since m_flags2 can have more than one bit set.
+
+2011-05-27 Stephanie Lewis <slewis@apple.com>
+
+ Unreviewed.
+
+ Fix a typo in the order_file flag.
+
+ * Configurations/Base.xcconfig:
+
+2011-05-27 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
+
+ * runtime/JSGlobalData.cpp:
+ (JSGlobalData::JSGlobalData):
+
+2011-05-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add a few validity assertions to JSCallbackObject
+ https://bugs.webkit.org/show_bug.cgi?id=61659
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::visitChildren):
+
+2011-05-27 Oliver Hunt <oliver@apple.com>
+
+ Build fix
+
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::invalidateCode):
+
+2011-05-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Try to release unused executable memory when the FixedVMPool allocator is under pressure
+ https://bugs.webkit.org/show_bug.cgi?id=61651
+
+ Rather than crashing when full the FixedVMPool allocator now returns a null
+ allocation. We replace the code that used to CRASH() on null allocations
+ with logic that asks the provided globalData to release any executable memory
+ that it can. Currently this just means throwing away all regexp code, but
+ in future we'll try to be more aggressive.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::executableCopy):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::executableCopy):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::executableCopy):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::create):
+ (JSC::ExecutablePool::alloc):
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutableAllocator::poolForSize):
+ (JSC::ExecutablePool::ExecutablePool):
+ (JSC::ExecutablePool::poolAllocate):
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolAllocator::alloc):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ * jit/ThunkGenerators.cpp:
+ (JSC::charCodeAtThunkGenerator):
+ (JSC::charAtThunkGenerator):
+ (JSC::fromCharCodeThunkGenerator):
+ (JSC::sqrtThunkGenerator):
+ (JSC::powThunkGenerator):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::releaseExecutableMemory):
+ (JSC::releaseExecutableMemory):
+ * runtime/JSGlobalData.h:
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::invalidateCode):
+ * runtime/RegExpCache.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Optimized ConservativeSet to avoid double-visiting objects
+ https://bugs.webkit.org/show_bug.cgi?id=61592
+
+ SunSpider thinks this might be a 1% speedup
+
+ * heap/ConservativeRoots.h:
+ (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting
+ an object.
+
+ * heap/Heap.h:
+ (JSC::Heap::isMarked):
+ (JSC::Heap::testAndSetMarked):
+ (JSC::Heap::testAndClearMarked):
+ (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type
+ to void*, since clients want to ask questions about arbitrary pointers
+ into the heap, even when they aren't known to be JSCells.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::testAndClearMarked):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::isMarked):
+ (JSC::MarkedSpace::testAndSetMarked):
+ (JSC::MarkedSpace::testAndClearMarked):
+ (JSC::MarkedSpace::setMarked):
+ (JSC::MarkedSpace::contains): Ditto.
+
+ * wtf/Bitmap.h:
+ (WTF::::testAndClear): New function for ConservativeRoots's inverted
+ marking pass.
+
+2011-05-27 Stephanie Lewis <slewis@apple.com>
+
+ Rubber Stamped by Adam Roben.
+
+ Update Order Files. Use -order_file flag since it can order more of the binary.
+
+ * Configurations/Base.xcconfig:
+ * JavaScriptCore.order:
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Renamed heapRootMarker to heapRootVisitor to match its class name
+ https://bugs.webkit.org/show_bug.cgi?id=61584
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed some interdependency between Heap and SmallStrings by simplifying
+ the SmallStrings lifetime model
+ https://bugs.webkit.org/show_bug.cgi?id=61579
+
+ SunSpider reports no change.
+
+ Using Weak<T> could accomplish this too, but we're not sure it will give
+ us the performance we need. This is a first step, and it accomplishes
+ most of the value of using Weak<T>.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::reset): Finalize small strings just like other weak handles.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::finalize):
+ (JSC::SmallStrings::finalizeSmallStrings):
+ * runtime/SmallStrings.h: Make all small strings trivially weak, instead
+ of having an "all for one, one for all" memory model.
+
+2011-05-26 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make RegExpCache a weak map
+ https://bugs.webkit.org/show_bug.cgi?id=61554
+
+ Switch to a weak map for the regexp cache, and hide that
+ behaviour behind RegExp::create.
+
+ When a RegExp is compiled it attempts to add itself to
+ the "strong" cache. This cache is a simple round-robin
+ buffer as was the old strong cache. Happily this can
+ be smaller than the old strong cache as RegExps are only
+ added when they're compiled so it is under less pressure
+ to evict.
+
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::create):
+ (JSC::RegExp::match):
+ * runtime/RegExp.h:
+ (JSC::RegExp::gcShouldInvalidateCode):
+ (JSC::RegExp::hasCode):
+ (JSC::RegExp::key):
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ (JSC::RegExpCache::RegExpCache):
+ (JSC::RegExpCache::isReachableFromOpaqueRoots):
+ (JSC::RegExpCache::finalize):
+ * runtime/RegExpCache.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::regExpProtoFuncCompile):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved Heap-related functions out of JSCell.h and into respective header files
+ https://bugs.webkit.org/show_bug.cgi?id=61567
+
+ * heap/Heap.h:
+ (JSC::Heap::allocate):
+ (JSC::Heap::heap):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::allocate):
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::sizeClassFor):
+ (JSC::MarkedSpace::allocate):
+ * runtime/JSCell.h:
+ (JSC::JSCell::destructor):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-26 Ryosuke Niwa <rniwa@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ [debug feature] WTFString should have show() method
+ https://bugs.webkit.org/show_bug.cgi?id=61149
+
+ Added String::show and AtomicString::show in NDEBUG.
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::AtomicString::show):
+ * wtf/text/AtomicString.h:
+ * wtf/text/WTFString.cpp:
+ (String::show):
+ * wtf/text/WTFString.h:
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Factored out some Heap ASSERTs
+ https://bugs.webkit.org/show_bug.cgi?id=61565
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ (JSC::isValidSharedInstanceThreadState):
+ (JSC::isValidThreadState):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::isValidAllocation):
+ * heap/Heap.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::Heap::allocate):
+
+2011-05-26 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61508
+ DFG JIT - Add support for get by id self caching.
+
+ Change the call out to be an unexpected call (using silent spill/fill functions),
+ add a structure check & compact load to the JIT code, and add repatching mechanisms.
+ Since DFGOperations may want to be be implemented in asm, make these symbols be extern
+ "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation,
+ so that it can look up its StructureStubInfo.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added new files.
+ * bytecode/StructureStubInfo.h:
+ - Added 'unset' entries to union.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
+ - Return the call, we need this to populate the StructureStubInfo.
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ - Populate the CodebBlock's StructureStubInfo Vector.
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
+ - Return the call, we need this to populate the StructureStubInfo.
+ (JSC::DFG::JITCompiler::addPropertyAccess):
+ (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+ - Add structures to record property access info during compilation.
+ * dfg/DFGOperations.cpp:
+ - Made all external methods extern "C".
+ (JSC::DFG::operationPutByValInternal):
+ - Moved outside of the extern "C" block.
+ * dfg/DFGOperations.h:
+ - Made all external methods extern "C".
+ * dfg/DFGRepatch.cpp: Added.
+ (JSC::DFG::dfgRepatchCall):
+ - repatch a call to link to a new callee function.
+ (JSC::DFG::dfgRepatchGetByIdSelf):
+ - Modify the JIT code to optimize self accesses.
+ (JSC::DFG::tryCacheGetByID):
+ - Internal implementation of dfgRepatchGetByID (factor out failing cases).
+ (JSC::DFG::dfgRepatchGetByID):
+ - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses!
+ * dfg/DFGRepatch.h: Added.
+ - Expose dfgRepatchGetByID.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Changed implementation of GetById ops.
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h:
+ * wtf/DoublyLinkedList.h:
+ (WTF::::DoublyLinkedListNode):
+ (WTF::::setPrev):
+ (WTF::::setNext):
+ (WTF::::prev):
+ (WTF::::next):
+ (WTF::::DoublyLinkedList):
+ (WTF::::isEmpty):
+ (WTF::::size):
+ (WTF::::clear):
+ (WTF::::head):
+ (WTF::::append):
+ (WTF::::remove):
+ (WTF::::removeHead):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out http://trac.webkit.org/changeset/87408 because it broke the
+ Windows build.
+
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::setPrev):
+ (JSC::MarkedBlock::setNext):
+ (JSC::MarkedBlock::prev):
+ (JSC::MarkedBlock::next):
+ * wtf/DoublyLinkedList.h:
+ (WTF::::DoublyLinkedList):
+ (WTF::::isEmpty):
+ (WTF::::head):
+ (WTF::::append):
+ (WTF::::remove):
+
+2011-05-26 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Provide a real owner when copying a property table, for the sake of
+ write barriers.
+ https://bugs.webkit.org/show_bug.cgi?id=61547
+
+ No test because we can't enable the writeBarrier() ASSERT just yet.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+
+2011-05-26 Adam Roben <aroben@apple.com>
+
+ Windows build fix after r87346
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match
+ reality.
+
+2011-05-26 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ ASSERT(isMainThread()) when using single threaded jsc executable
+ https://bugs.webkit.org/show_bug.cgi?id=60846
+
+ Remove the ASSERT since we do not have the concept of MainThread in JSC.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61506
+
+ Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator
+ so that they are available to the SpeculativeJIT.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+ (JSC::DFG::JITCodeGenerator::silentFillGPR):
+ (JSC::DFG::JITCodeGenerator::silentFillFPR):
+ (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+ (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
+ * dfg/DFGNonSpeculativeJIT.h:
+
+2011-05-25 Ryosuke Niwa <rniwa@webkit.org>
+
+ An attempt to revive Windows bots.
+
+ * runtime/RegExp.cpp:
+ * runtime/RegExp.h:
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT
+
+ This data structure, used at runtime by the JIT, is currently unnecessarily populated
+ with default entries during byte compilation.
+
+ Aside from meaning that there is JIT specific code in the bytecompiler, this also ties
+ us to one entry per corresponding bytecode op, which may be undesirable. Instead,
+ populate this array from the JIT.
+
+ The type StructureStubInfo has two unused states, one for gets & one for puts. Unify
+ these, so that the class can have a default constructor (and to simply switch statements
+ in code walking over the table).
+
+ This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure
+ to check for functions containing property access. Instead do so in the DFGByteCodeParser.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::printStructureStubInfo):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::setNumberOfStructureStubInfos):
+ (JSC::CodeBlock::numberOfStructureStubInfos):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::visitAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::StructureStubInfo):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompileMainPass):
+ (JSC::JIT::privateCompileSlowCases):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emitSlow_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Call::Call):
+ (JSC::AbstractMacroAssembler::Call::fromTailJump):
+ (JSC::AbstractMacroAssembler::Jump::Jump):
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+ (JSC::AbstractMacroAssembler::Jump::isSet):
+ (JSC::AbstractMacroAssembler::differenceBetween):
+ (JSC::AbstractMacroAssembler::linkJump):
+ (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::link):
+ (JSC::LinkBuffer::locationOf):
+ (JSC::LinkBuffer::locationOfNearCall):
+ (JSC::LinkBuffer::returnAddressOffset):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::linkCall):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::linkCall):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::linkCall):
+ * assembler/MacroAssemblerSH4.cpp:
+ (JSC::MacroAssemblerSH4::linkCall):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::linkCall):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::linkCall):
+
+2011-05-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61500
+ Add JSObject::offsetOfPropertyStorage
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compileGetDirectOffset):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::compilePutDirectOffset):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::compilePutDirectOffset):
+ (JSC::JIT::compileGetDirectOffset):
+ * runtime/JSObject.h:
+ (JSC::JSObject::offsetOfPropertyStorage):
+
+2011-05-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make RegExp GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=61490
+
+ Make RegExp GC allocated. Basically mechanical change to replace
+ most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
+ where actual ownership happens.
+
+ Made the RegExpCache use Strong<> references currently to avoid any
+ changes in behaviour.
+
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addRegExp):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addRegExp):
+ (JSC::BytecodeGenerator::emitNewRegExp):
+ * bytecompiler/BytecodeGenerator.h:
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ (JSC::JSGlobalData::addRegExpToTrace):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::create):
+ (JSC::RegExp::invalidateCode):
+ * runtime/RegExp.h:
+ (JSC::RegExp::createStructure):
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ (JSC::RegExpCache::create):
+ * runtime/RegExpCache.h:
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ (JSC::RegExpObject::visitChildren):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::setRegExp):
+ (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ (JSC::regExpProtoFuncCompile):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+
+2011-05-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Generate regexp code lazily
+ https://bugs.webkit.org/show_bug.cgi?id=61476
+
+ RegExp construction now simply validates the RegExp, it does
+ not perform actual codegen.
+
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::recompile):
+ (JSC::RegExp::compile):
+ (JSC::RegExp::match):
+ * runtime/RegExp.h:
+ (JSC::RegExp::recompileIfNecessary):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::performMatch):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::match):
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncReplace):
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ (JSC::stringProtoFuncSplit):
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Removed MarkSetProperties because it was unused
+ https://bugs.webkit.org/show_bug.cgi?id=61418
+
+ * heap/MarkStack.h:
+ (JSC::MarkSet::MarkSet):
+ (JSC::MarkStack::append):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.h:
+ (JSC::JSArray::visitChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/WriteBarrier.h:
+ (JSC::MarkStack::appendValues):
+
+2011-05-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make allocations with guard pages ensure that the allocation succeeded
+ https://bugs.webkit.org/show_bug.cgi?id=61453
+
+ Add null checks, and make PageBlock's operator bool() use
+ the realbase, rather than the start of usable memory.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+ * wtf/PageBlock.h:
+ (WTF::PageBlock::operator bool):
+ (WTF::PageBlock::PageBlock):
+
+2011-04-10 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * bytecompiler/BytecodeGenerator.h:
+
+2011-05-24 Keishi Hattori <keishi@webkit.org>
+
+ Reviewed by Kent Tamura.
+
+ Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer.
+ https://bugs.webkit.org/show_bug.cgi?id=61273
+
+ * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag.
+
+2011-05-24 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Eric Seidel.
+
+ Add export macros to WTFString.h.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * wtf/text/WTFString.h:
+ (WTF::String::String):
+ (WTF::String::findIgnoringCase):
+ (WTF::String::isHashTableDeletedValue):
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Maybe fix the Mac build now?
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Maybe fix the Mac build?
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Split HeapRootVisitor into its own class
+ https://bugs.webkit.org/show_bug.cgi?id=61399
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/HandleHeap.cpp:
+ * heap/HandleStack.cpp:
+ * heap/Heap.cpp:
+ * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h.
+ * heap/MarkStack.h:
+ * runtime/ArgList.cpp:
+ * runtime/SmallStrings.cpp:
+
+2011-05-24 Jay Civelli <jcivelli@chromium.org>
+
+ Rubberstamped by David Kilzer.
+
+ Updated some files that I forgot in my previous MHTML CL.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Fix the Mac build: Yes, please do remove these files, svn.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Let's just have one way to get the system page size, bokay?
+ https://bugs.webkit.org/show_bug.cgi?id=61384
+
+ * CMakeListsEfl.txt:
+ * CMakeListsWinCE.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
+ is gone completely now, since it only existed to provide a duplicate way
+ to access the system page size.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::reset):
+ * heap/MarkStack.h:
+ (JSC::::MarkStackArray):
+ (JSC::::shrinkAllocation): Use WTF::pageSize.
+
+ * heap/MarkStackPosix.cpp:
+ * heap/MarkStackSymbian.cpp:
+ * heap/MarkStackWin.cpp: Removed now-empty files.
+
+ * jit/ExecutableAllocator.cpp:
+ (JSC::ExecutableAllocator::reprotectRegion):
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::ExecutableAllocator):
+ (JSC::ExecutablePool::ExecutablePool):
+ (JSC::ExecutablePool::poolAllocate):
+ * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
+
+ * wscript: Removed now-empty files.
+
+ * wtf/PageBlock.cpp:
+ (WTF::systemPageSize): Integrated questionable Symbian page size rule
+ from ExecutableAllocator, because that seems like what the original
+ author should have done.
+
+2011-05-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
+ https://bugs.webkit.org/show_bug.cgi?id=61385
+
+ The interpreter uses the structure slot of get_by_id and put_by_id to hold
+ the initial structure it encountered so that it can identify whether a
+ given access is stable.
+
+ When marking though we only visit the slot when we've decided to cache, and
+ so this value could die. This was "safe" as the value was only used for a
+ pointer compare, but it was incorrect. We now just mark the slot like we
+ should have been doing already.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitStructures):
+
+2011-05-24 Adam Roben <aroben@apple.com>
+
+ Windows build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions.
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix: update the #if OS(WINDOWS) section to match my last patch.
+
+ * heap/MarkStack.h:
+ (JSC::::shrinkAllocation):
+
+2011-05-24 Geoffrey Garen <ggaren@apple.com>
+
+ Rubber-stamped by Oliver Hunt.
+
+ Split out function definitions and class definitions from class
+ declarations in MarkStack.h, for readability.
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::MarkStack):
+ (JSC::MarkStack::~MarkStack):
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStack::containsOpaqueRoot):
+ (JSC::MarkStack::opaqueRootCount):
+ (JSC::MarkSet::MarkSet):
+ (JSC::MarkStack::allocateStack):
+ (JSC::MarkStack::releaseStack):
+ (JSC::MarkStack::pageSize):
+ (JSC::::MarkStackArray):
+ (JSC::::~MarkStackArray):
+ (JSC::::expand):
+ (JSC::::append):
+ (JSC::::removeLast):
+ (JSC::::last):
+ (JSC::::isEmpty):
+ (JSC::::size):
+ (JSC::::shrinkAllocation):
+
+2011-05-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Avoid creating unnecessary identifiers and strings in the syntax checker
+ https://bugs.webkit.org/show_bug.cgi?id=61378
+
+ Selectively tell the lexer that there are some places it does not need to
+ do the real work of creating Identifiers for IDENT and STRING tokens.
+
+ Make parseString and parseIdentifier templatized on whether they should
+ do real work, or merely validate the tokens.
+
+ SunSpider --parse-only reports ~5-8% win depending on hardware.
+
+ * parser/ASTBuilder.h:
+ (JSC::ASTBuilder::createDotAccess):
+ * parser/JSParser.cpp:
+ (JSC::JSParser::next):
+ (JSC::JSParser::consume):
+ (JSC::JSParser::parseVarDeclarationList):
+ (JSC::JSParser::parseConstDeclarationList):
+ (JSC::JSParser::parseExpression):
+ (JSC::JSParser::parseAssignmentExpression):
+ (JSC::JSParser::parseConditionalExpression):
+ (JSC::JSParser::parseBinaryExpression):
+ (JSC::JSParser::parseProperty):
+ (JSC::JSParser::parseObjectLiteral):
+ (JSC::JSParser::parseArrayLiteral):
+ (JSC::JSParser::parseArguments):
+ (JSC::JSParser::parseMemberExpression):
+ * parser/Lexer.cpp:
+ (JSC::Lexer::parseIdentifier):
+ (JSC::Lexer::parseString):
+ (JSC::Lexer::lex):
+ * parser/Lexer.h:
+ * parser/SyntaxChecker.h:
+ (JSC::SyntaxChecker::createDotAccess):
+ (JSC::SyntaxChecker::createProperty):
+
+2011-05-23 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Safari often freezes when clicking "Return free memory" in Caches dialog
+ https://bugs.webkit.org/show_bug.cgi?id=61325
+
+ There are two fixes and improvement in instrumentation code used to find
+ one of the problems.
+ Changed ReleaseFreeList() to set the "decommitted" bit when releasing
+ pages to the system and moving Spans from the normal list to the returned
+ list.
+ Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
+ to eliminate an infinite loop if we can't meet the pagesToRelease target.
+ Added a check for the decommitted bit being set properly in
+ TCMalloc_PageHeap::CheckList.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::scavenge):
+ (WTF::TCMalloc_PageHeap::Check):
+ (WTF::TCMalloc_PageHeap::CheckList):
+ (WTF::ReleaseFreeList):
+
+2011-05-23 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=61306
+
+ The begin characters optimization currently has issues (#61129),
+ and does not appear to still be a performance win. The prudent
+ next step seems to be to disable while we ascertain whether this
+ is still a useful performance optimization.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::matchDisjunction):
+ (JSC::Yarr::Interpreter::interpret):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::BytecodePattern::BytecodePattern):
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
+ (JSC::Yarr::YarrPattern::compile):
+ (JSC::Yarr::YarrPattern::YarrPattern):
+ * yarr/YarrPattern.h:
+ (JSC::Yarr::YarrPattern::reset):
+
+2011-05-23 Matthew Delaney <mdelaney@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
+ https://bugs.webkit.org/show_bug.cgi?id=58216
+
+ * wtf/MathExtras.h:
+ (clampToInteger):
+ (clampToPositiveInteger):
+
+2011-05-23 Ruben <chromium@hybridsource.org>
+
+ Reviewed by Tony Chang.
+
+ Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
+ https://bugs.webkit.org/show_bug.cgi?id=61219
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-05-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Gavin Barraclough.
+
+ [SH4] AssemblerLabel does not name a type
+ https://bugs.webkit.org/show_bug.cgi?id=59927
+
+ SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.
+
+ * assembler/MacroAssemblerSH4.h:
+
+2011-05-23 Ryuan Choi <ryuan.choi@samsung.com>
+
+ Rubber stamped by Eric Seidel.
+
+ [CMAKE] Refactoring wtf related code.
+ https://bugs.webkit.org/show_bug.cgi?id=60146
+
+ Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.
+
+ * CMakeLists.txt:
+ * CMakeListsEfl.txt:
+ * wtf/CMakeLists.txt:
+ * wtf/CMakeListsEfl.txt:
+
+2011-05-22 Adam Barth <abarth@webkit.org>
+
+ Enable strict PassOwnPtr for everyone. I expect this patch will need
+ some followups to make the GTK and EFL bots green again.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Reduce size of inline cache path of get_by_id on ARMv7
+ https://bugs.webkit.org/show_bug.cgi?id=61221
+
+ This reduces the code size of get_by_id by 20 bytes
+
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ldrCompact):
+ (JSC::ARMv7Assembler::repatchCompact):
+ (JSC::ARMv7Assembler::setUInt7ForLoad):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
+ * jit/JIT.h:
+
+2011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Reviewed by Oliver Hunt.
+
+ Zombies should "live" forever
+ https://bugs.webkit.org/show_bug.cgi?id=61170
+
+ Reusing zombie cells could still hide garbage
+ collected cell related bugs.
+
+ * JavaScriptCore.pro:
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::clearMarks):
+ * heap/MarkedBlock.h:
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::isZombie):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::~JSZombie):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
+2011-05-20 Brady Eidson <beidson@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
+ Horrendous bug in callOnMainThreadAndWait
+
+ * wtf/MainThread.cpp:
+ (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
+ syncFlag condition, reacquire the mutex first.
+
+2011-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Remove unnecessary double->int conversion at the end of op_div
+ https://bugs.webkit.org/show_bug.cgi?id=61198
+
+ We don't attempt this conversion on 64bit, removing it actually speeds
+ up sunspider and v8 slightly, and it reduces code size.
+
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_div):
+
+2011-05-19 Evan Martin <evan@chromium.org>
+
+ Reviewed by Tony Chang.
+
+ [chromium] remove <(library) variable
+ https://bugs.webkit.org/show_bug.cgi?id=61158
+
+ This was for a build experiment; we can just use the correct value now.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-05-20 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Interpreter uses wrong bytecode offset for determining exception handler
+ https://bugs.webkit.org/show_bug.cgi?id=61191
+
+ The bytecode offset given for the returnPC from the JIT is
+ actually the offset for the start of the instruction triggering
+ the call, whereas in the interpreter it is the actual return
+ VPC. This means if the next instruction following a call was
+ in an exception region we would incorrectly redirect to its
+ handler. Long term we want to completely redo how exceptions
+ are handled anyway so the simplest and lowest risk fix here is
+ to simply subtract one from the return vPC so that we have an
+ offset in the triggering instruction.
+
+ It turns out this is caught by a couple of tests already.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+
+2011-05-20 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Oliver Hunt.
+
+ JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
+ https://bugs.webkit.org/show_bug.cgi?id=42756
+
+ Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
+ check of the available memory. This should give us an
+ overcommit-like behavior in most systems, which is what we want.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.
+
+2011-05-19 Gabor Loki <loki@webkit.org>
+
+ Fix ARM build after r86919
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::nop):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Randomise code starting location a little
+ https://bugs.webkit.org/show_bug.cgi?id=61161
+
+ Add a nop() function to the Assemblers so that we
+ can randomise code offsets slightly at no real cost.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::nop):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::nop):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::nop):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::nop):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::nop):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::nop):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::nop):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::nop):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * runtime/WeakRandom.h:
+ (JSC::WeakRandom::getUint32):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build.
+
+ * wtf/OSAllocatorWin.cpp:
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add guard pages to each end of the memory region used by the fixedvm allocator
+ https://bugs.webkit.org/show_bug.cgi?id=61150
+
+ Add mechanism to notify the OSAllocator that pages at either end of an
+ allocation should be considered guard pages. Update PageReservation,
+ PageAllocation, etc to handle this.
+
+ * JavaScriptCore.exp:
+ * jit/ExecutableAllocatorFixedVMPool.cpp:
+ (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+ * wtf/OSAllocator.h:
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::reserveAndCommit):
+ * wtf/PageAllocation.h:
+ (WTF::PageAllocation::PageAllocation):
+ * wtf/PageAllocationAligned.h:
+ (WTF::PageAllocationAligned::PageAllocationAligned):
+ * wtf/PageBlock.h:
+ (WTF::PageBlock::PageBlock):
+ * wtf/PageReservation.h:
+ (WTF::PageReservation::reserve):
+ (WTF::PageReservation::reserveWithGuardPages):
+ Add a new function to make a reservation that will add guard
+ pages to the ends of an allocation.
+ (WTF::PageReservation::PageReservation):
+
+2011-05-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make Executables release their JIT code as soon as they become dead
+ https://bugs.webkit.org/show_bug.cgi?id=61134
+
+ Add an ability to clear an Executable's jit code without requiring
+ it to be destroyed, and then call that from a finalizer.
+
+ * heap/Weak.h:
+ (JSC::Weak::Weak):
+ (JSC::Weak::leak):
+ * jit/JITCode.h:
+ (JSC::JITCode::clear):
+ * runtime/Executable.cpp:
+ (JSC::ExecutableFinalizer::finalize):
+ (JSC::ExecutableBase::executableFinalizer):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::clearExecutableCode):
+
+2011-05-19 Adam Roben <aroben@apple.com>
+
+ Remove a redundant and broken data export
+
+ Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
+ JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
+ to a linker warning about multiple definitions.)
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
+
+2011-05-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
+ https://bugs.webkit.org/show_bug.cgi?id=61064
+
+ Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
+ for its inline storage. This resolves the problem of GC occurring before
+ a subclass has initialised its anonymous storage.
+
+ * runtime/JSObject.h:
+
+2011-05-18 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Sam Weinig.
+
+ Delete WTFURL
+ https://bugs.webkit.org/show_bug.cgi?id=61084
+
+ It's been a year and we've failed to complete this project. It's time
+ to throw in the towel.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/url: Removed.
+ * wtf/url/api: Removed.
+ * wtf/url/api/ParsedURL.cpp: Removed.
+ * wtf/url/api/ParsedURL.h: Removed.
+ * wtf/url/api/URLString.h: Removed.
+ * wtf/url/src: Removed.
+ * wtf/url/src/RawURLBuffer.h: Removed.
+ * wtf/url/src/URLBuffer.h: Removed.
+ * wtf/url/src/URLCharacterTypes.cpp: Removed.
+ * wtf/url/src/URLCharacterTypes.h: Removed.
+ * wtf/url/src/URLComponent.h: Removed.
+ * wtf/url/src/URLEscape.cpp: Removed.
+ * wtf/url/src/URLEscape.h: Removed.
+ * wtf/url/src/URLParser.h: Removed.
+ * wtf/url/src/URLQueryCanonicalizer.h: Removed.
+ * wtf/url/src/URLSegments.cpp: Removed.
+ * wtf/url/src/URLSegments.h: Removed.
+ * wtf/url/wtfurl.gyp: Removed.
+
+2011-05-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
+ https://bugs.webkit.org/show_bug.cgi?id=61090
+
+ Remove the Structure-free JSGlobalObject constructor and instead always
+ pass the structure into the JSGlobalObject constructor.
+ Stop DebuggerActivation creating a new structure every time, and simply
+ use a single shared structure held by the GlobalData.
+
+ * API/JSContextRef.cpp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionRun):
+ (jscmain):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.h:
+
+2011-05-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Disable gc validation in release builds
+ https://bugs.webkit.org/show_bug.cgi?id=60680
+
+ Add back the NDEBUG check
+
+ * wtf/Platform.h:
+
+2011-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out attempts to fix EFL build because they're not enough -- the
+ build script needs to be fixed.
+
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/ErrorPrototype.cpp:
+
+2011-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ More attempts to work around the EFL build system being borken.
+
+ * runtime/DateConstructor.cpp:
+ * runtime/ErrorPrototype.cpp:
+
+2011-05-17 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the EFL build.
+
+ * runtime/BooleanPrototype.cpp:
+
+2011-05-16 Geoffrey Garen <ggaren@apple.com>
+
+ Rolling back in r86653 with build fixed.
+
+ Reviewed by Gavin Barraclough and Oliver Hunt.
+
+ Global object initialization is expensive
+ https://bugs.webkit.org/show_bug.cgi?id=60933
+
+ Changed a bunch of globals to allocate their properties lazily, and changed
+ the global object to allocate a bunch of its globals lazily.
+
+ This reduces the footprint of a global object from 287 objects with 58
+ functions for 24K to 173 objects with 20 functions for 15K.
+
+ Large patch, but it's all mechanical.
+
+ * DerivedSources.make:
+ * JavaScriptCore.exp: Build!
+
+ * create_hash_table: Added a special case for fromCharCode, since it uses
+ a custom "thunk generator".
+
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
+ overcount objects that were owned through more than one mechanism because
+ it was getting in the way of counting the results for this patch.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::arrayConstructorTable):
+ (JSC::ExecState::arrayPrototypeTable):
+ (JSC::ExecState::booleanPrototypeTable):
+ (JSC::ExecState::dateConstructorTable):
+ (JSC::ExecState::errorPrototypeTable):
+ (JSC::ExecState::globalObjectTable):
+ (JSC::ExecState::numberConstructorTable):
+ (JSC::ExecState::numberPrototypeTable):
+ (JSC::ExecState::objectPrototypeTable):
+ (JSC::ExecState::regExpPrototypeTable):
+ (JSC::ExecState::stringConstructorTable): Added new tables.
+
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::getOwnPropertySlot):
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h: Added new tables.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
+ static table for its global functions. This required uninlining some
+ things to avoid a circular header dependency. However, those things
+ probably shouldn't have been inlined in the first place.
+
+ Even more global object properties can be made lazy, but that requires
+ more in-depth changes.
+
+ * runtime/MathObject.cpp:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::getOwnPropertySlot):
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+2011-05-17 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Oliver Hunt.
+
+ JSGlobalContextRelease should not trigger a synchronous garbage collection
+ https://bugs.webkit.org/show_bug.cgi?id=60990
+
+ * API/JSContextRef.cpp:
+ Change synchronous call to collectAllGarbage to a call to trigger the
+ activityCallback.
+
+2011-05-16 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Reduce code size for inline cache
+ https://bugs.webkit.org/show_bug.cgi?id=60942
+
+ This patch introduces the concept of a "compact" address that
+ allows individual architectures to control the maximum offset
+ used for the inline path of get_by_id. This reduces the code
+ size of get_by_id by 3 bytes on x86 and x86_64 and slightly
+ improves performance on v8 tests.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::repatchCompact):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::repatchCompact):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
+ (JSC::AbstractMacroAssembler::differenceBetween):
+ (JSC::AbstractMacroAssembler::repatchCompact):
+ * assembler/CodeLocation.h:
+ (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
+ (JSC::CodeLocationCommon::dataLabelCompactAtOffset):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::locationOf):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::repatchCompact):
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::repatchCompact):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
+ * assembler/RepatchBuffer.h:
+ (JSC::RepatchBuffer::repatch):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::repatchCompact):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::movl_mr_disp8):
+ (JSC::X86Assembler::movq_mr_disp8):
+ (JSC::X86Assembler::repatchCompact):
+ (JSC::X86Assembler::setInt8):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
+ (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
+ (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::patchGetByIdSelf):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::patchGetByIdSelf):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCacheGetByID):
+
+2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r86653.
+ http://trac.webkit.org/changeset/86653
+ https://bugs.webkit.org/show_bug.cgi?id=60944
+
+ "Caused regressions on Windows, OSX and EFL" (Requested by
+ yutak on #webkit).
+
+ * DerivedSources.make:
+ * DerivedSources.pro:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * create_hash_table:
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::operator()):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::arrayTable):
+ (JSC::ExecState::numberTable):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::addStaticGlobals):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncJSCPrint):
+ * runtime/JSGlobalObjectFunctions.h:
+ * runtime/MathObject.cpp:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/RegExpPrototype.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+
+2011-05-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Global object initialization is expensive
+ https://bugs.webkit.org/show_bug.cgi?id=60933
+
+ Changed a bunch of globals to allocate their properties lazily, and changed
+ the global object to allocate a bunch of its globals lazily.
+
+ This reduces the footprint of a global object from 287 objects with 58
+ functions for 24K to 173 objects with 20 functions for 15K.
+
+ Large patch, but it's all mechanical.
+
+ * DerivedSources.make:
+ * JavaScriptCore.exp: Build!
+
+ * create_hash_table: Added a special case for fromCharCode, since it uses
+ a custom "thunk generator".
+
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
+ overcount objects that were owned through more than one mechanism because
+ it was getting in the way of counting the results for this patch.
+
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::arrayConstructorTable):
+ (JSC::ExecState::arrayPrototypeTable):
+ (JSC::ExecState::booleanPrototypeTable):
+ (JSC::ExecState::dateConstructorTable):
+ (JSC::ExecState::errorPrototypeTable):
+ (JSC::ExecState::globalObjectTable):
+ (JSC::ExecState::numberConstructorTable):
+ (JSC::ExecState::numberPrototypeTable):
+ (JSC::ExecState::objectPrototypeTable):
+ (JSC::ExecState::regExpPrototypeTable):
+ (JSC::ExecState::stringConstructorTable): Added new tables.
+
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::ArrayConstructor::getOwnPropertySlot):
+ (JSC::ArrayConstructor::getOwnPropertyDescriptor):
+ * runtime/ArrayConstructor.h:
+ (JSC::ArrayConstructor::createStructure):
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::getOwnPropertySlot):
+ (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ (JSC::BooleanPrototype::getOwnPropertySlot):
+ (JSC::BooleanPrototype::getOwnPropertyDescriptor):
+ * runtime/BooleanPrototype.h:
+ (JSC::BooleanPrototype::createStructure):
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ (JSC::DateConstructor::getOwnPropertySlot):
+ (JSC::DateConstructor::getOwnPropertyDescriptor):
+ * runtime/DateConstructor.h:
+ (JSC::DateConstructor::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ (JSC::ErrorPrototype::getOwnPropertySlot):
+ (JSC::ErrorPrototype::getOwnPropertyDescriptor):
+ * runtime/ErrorPrototype.h:
+ (JSC::ErrorPrototype::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ * runtime/JSGlobalData.h: Added new tables.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ (JSC::JSGlobalObject::getOwnPropertySlot):
+ (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
+ static table for its global functions. This required uninlining some
+ things to avoid a circular header dependency. However, those things
+ probably shouldn't have been inlined in the first place.
+
+ Even more global object properties can be made lazy, but that requires
+ more in-depth changes.
+
+ * runtime/MathObject.cpp:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::getOwnPropertySlot):
+ (JSC::NumberConstructor::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ (JSC::NumberPrototype::getOwnPropertySlot):
+ (JSC::NumberPrototype::getOwnPropertyDescriptor):
+ * runtime/NumberPrototype.h:
+ (JSC::NumberPrototype::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ (JSC::ObjectPrototype::put):
+ (JSC::ObjectPrototype::getOwnPropertySlot):
+ (JSC::ObjectPrototype::getOwnPropertyDescriptor):
+ * runtime/ObjectPrototype.h:
+ (JSC::ObjectPrototype::createStructure):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ (JSC::RegExpPrototype::getOwnPropertySlot):
+ (JSC::RegExpPrototype::getOwnPropertyDescriptor):
+ * runtime/RegExpPrototype.h:
+ (JSC::RegExpPrototype::createStructure):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ (JSC::StringConstructor::getOwnPropertySlot):
+ (JSC::StringConstructor::getOwnPropertyDescriptor):
+ * runtime/StringConstructor.h:
+ (JSC::StringConstructor::createStructure): Standardized these objects
+ to use static tables for function properties.
+
+2011-05-16 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
+ <rdar://problem/9446430>
+
+ Reviewed by Mark Rowe.
+
+ * Configurations/Base.xcconfig: Fixed typo.
+
+2011-05-16 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ JSWeakObjectMap finalisation may occur while gc is in inconsistent state
+ https://bugs.webkit.org/show_bug.cgi?id=60908
+ <rdar://problem/9409491>
+
+ We need to ensure that we have called all the weak map finalizers while
+ the global object (and hence global context) is still in a consistent
+ state. The best way to achieve this is to simply use a weak handle and
+ finalizer on the global object.
+
+ * JavaScriptCore.exp:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::registerWeakMap):
+
+2011-05-16 Siddharth Mathur <siddharth.mathur@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt][WK2][Symbian] Shared memory implementation for Symbian
+ https://bugs.webkit.org/show_bug.cgi?id=55875
+
+ * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users
+
+2011-05-16 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=60866
+ Evaluation order broken for empty alternatives in subpatterns
+
+ Reverting https://bugs.webkit.org/show_bug.cgi?id=51395
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
+
+2011-05-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen & Michael Saboff.
+
+ https://bugs.webkit.org/show_bug.cgi?id=60860
+ Simplify backtracking in YARR JIT
+
+ YARR JIT currently performs a single pass of code generation over the pattern,
+ with special handling to allow the code generation for some backtracking code
+ out of line. We can simplify things by moving to a common mechanism whereby all
+ forwards matching code is generated in one pass, and all backtracking code is
+ generated in another. Backtracking code can be generated in reverse order, to
+ optimized the common fall-through case.
+
+ To make it easier to walk over the pattern, we can first convert to a more
+ byte-code like format before JIT generating. In time we should unify this with
+ the YARR interpreter to more closely unify the two.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
+ (JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::append):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::link):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
+ (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
+ (JSC::Yarr::YarrGenerator::generateAssertionBOL):
+ (JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
+ (JSC::Yarr::YarrGenerator::generateAssertionEOL):
+ (JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
+ (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
+ (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
+ (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
+ (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateTerm):
+ (JSC::Yarr::YarrGenerator::backtrackTerm):
+ (JSC::Yarr::YarrGenerator::generate):
+ (JSC::Yarr::YarrGenerator::backtrack):
+ (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
+ (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
+ (JSC::Yarr::YarrGenerator::opCompileAlternative):
+ (JSC::Yarr::YarrGenerator::opCompileBody):
+ (JSC::Yarr::YarrGenerator::YarrGenerator):
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-05-15 Adam Barth <abarth@webkit.org>
+
+ Enable strict PassOwnPtr on Qt. (Build fixes to follow.)
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
+ in browser than on command line
+
+ This patch fixes a few issues in generated code that could unreasonably
+ prolong object lifetimes.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::collectAllGarbage): Throw away all function code before doing
+ a major collection. We want to clear polymorphic caches, since they can
+ keep alive large object graphs that have gone "stale". For the same reason,
+ but to a lesser extent, we also want to clear linked functions and other
+ one-off caches.
+
+ This has the side-benefit of reducing memory footprint from run-once
+ functions, and of allowing predictions and caches that have failed to
+ re-specialize.
+
+ Eventually, if compilation costs rise far enough, we may want a more
+ limited strategy for de-specializing code without throwing it away
+ completely, but this works for now, and it's the simplest solution.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/JSFunction.cpp: Made the host function stub cache weak --
+ otherwise it's effectively a memory leak that can seriously fragment the
+ GC and JIT heaps.
+
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::visitChildren): Cleared up some comments that confused
+ me when working with this code.
+
+2011-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ This patch makes the checks performed under GC_VALIDATION
+ much more aggressive, and adds the checks to more places
+ in order to allow us to catch GC bugs much closer to the
+ point of failure.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ (JSC::slowValidateCell):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::unvalidatedStructure):
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::slowValidateCell):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::validateCell):
+ (JSC::JSCell):
+ (JSC::JSGlobalObject):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::setMayBeNull):
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::unvalidatedGet):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ This patch makes the checks performed under GC_VALIDATION
+ much more aggressive, and adds the checks to more places
+ in order to allow us to catch GC bugs much closer to the
+ point of failure.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ (JSC::slowValidateCell):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::unvalidatedStructure):
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::slowValidateCell):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::validateCell):
+ (JSC::JSCell):
+ (JSC::JSGlobalObject):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::setMayBeNull):
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::unvalidatedGet):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-14 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::Structure::createStructure):
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make GC validation more aggressive
+ https://bugs.webkit.org/show_bug.cgi?id=60802
+
+ This patch makes the checks performed under GC_VALIDATION
+ much more aggressive, and adds the checks to more places
+ in order to allow us to catch GC bugs much closer to the
+ point of failure.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * heap/MarkedSpace.cpp:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSCell.cpp:
+ (JSC::slowValidateCell):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::unvalidatedStructure):
+ (JSC::JSCell::JSCell::JSCell):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ (JSC::slowValidateCell):
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ (JSC::JSCell::classInfo):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ * runtime/WriteBarrier.h:
+ (JSC::validateCell):
+ (JSC::JSCell):
+ (JSC::JSGlobalObject):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::setMayBeNull):
+ (JSC::WriteBarrierBase::setEarlyValue):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::unvalidatedGet):
+ (JSC::WriteBarrier::WriteBarrier):
+ * wtf/Assertions.h:
+
+2011-05-01 Holger Hans Peter Freyther <holger@moiji-mobile.com>
+
+ Reviewed by Steve Block.
+
+ [android] OS(ANDROID) does not imply PLATFORM(ANDROID)
+ https://bugs.webkit.org/show_bug.cgi?id=59888
+
+ It is possible to build QtWebKit and others for OS(ANDROID). Let
+ the buildsystem decide which platform is to be build.
+
+ * wtf/Platform.h:
+
+2011-05-12 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Darin Adler.
+
+ XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
+ https://bugs.webkit.org/show_bug.cgi?id=59394
+
+ This portion of the change introduces a PassTraits template, which
+ is used to enable takeFirst() to work for a Deque holding OwnPtrs,
+ and optimize it for a Deque holding RefPtrs. In the future it can
+ be deployed elsewhere to make our data structures work better with
+ our smart pointers.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/Deque.h:
+ (WTF::::takeFirst):
+ * wtf/PassTraits.h: Added.
+ (WTF::PassTraits::transfer):
+
+2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Not reviewed.
+
+ Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Not reviewed.
+
+ String operator+ reallocates unnecessarily when concatting > 2 strings
+ https://bugs.webkit.org/show_bug.cgi?id=58420
+
+ Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Darin Adler.
+
+ String operator+ reallocates unnecessarily when concatting > 2 strings
+ https://bugs.webkit.org/show_bug.cgi?id=58420
+
+ Provide a faster String append operator.
+ Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
+ object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
+ N strings using operator+, this leads to N-1 reallocations.
+
+ Replace this with a flexible operator+ implementation, that avoids these reallocations.
+ When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
+ a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
+ creation of the final string, until operator String() is invoked.
+
+ template<typename T>
+ StringAppend<String, T> operator+(const String& string1, T string2)
+ {
+ return StringAppend<String, T>(string1, string2);
+ }
+
+ template<typename U, typename V, typename W>
+ StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
+ {
+ return StringAppend<U, StringAppend<V, W> >(string1, string2);
+ }
+
+ When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
+ first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
+ Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
+ a StringAppend<String, StringAppend<String, String> > object.
+ Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
+ final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
+ against too big string allocations, etc.
+
+ Note that the second template, defines a recursive way to concat an arbitary number of strings
+ into a single String with just one allocation.
+
+ * GNUmakefile.list.am: Add StringOperators.h to build.
+ * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
+ * JavaScriptCore.gypi: Add StringOperators.h to build.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
+ * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
+ * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
+ (WTF::StringAppend::StringAppend):
+ (WTF::StringAppend::operator String):
+ (WTF::StringAppend::operator AtomicString):
+ (WTF::StringAppend::writeTo):
+ (WTF::StringAppend::length):
+ (WTF::operator+):
+ * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append().
+ (WTF::emptyString): Add new shared empty string free function.
+ * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
+
+2011-05-12 Philippe Normand <pnormand@igalia.com>
+
+ Unreviewed, GTK build fix.
+
+ * wtf/Platform.h:
+
+2011-05-12 Keith Kyzivat <keith.kyzivat@nokia.com>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Arm debug build failing on ARMAssembler::debugOffset()
+ https://bugs.webkit.org/show_bug.cgi?id=60688
+
+ Related to svn rev 85523
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::debugOffset):
+
+2011-05-11 Igor Oliveira <igor.oliveira@openbossa.org>
+
+ Reviewed by Eric Seidel.
+
+ WebKit does not build with GCCE
+ https://bugs.webkit.org/show_bug.cgi?id=60667
+
+ Allow compile WebKit with GCCE
+
+ * wtf/Alignment.h:
+ * wtf/Platform.h:
+
+2011-05-11 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Enable strict PassOwnPtr on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=60684
+
+ This should build cleanly now.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Protect JSC from WebCore executing JS during JS wrapper finalization
+ https://bugs.webkit.org/show_bug.cgi?id=60672
+ <rdar://problem/9350997>
+
+ Detect when we're trying to execute JS during GC and prevent the
+ execution from happening. We also assert that this isn't happening
+ as it implies incorrect behaviour of an object's destructor.
+
+ * JavaScriptCore.exp:
+ * heap/Heap.cpp:
+ * heap/Heap.h:
+ (JSC::Heap::isBusy):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::isCollectorBusy):
+
+2011-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Enable gc mark validation in temporarily in release builds
+ https://bugs.webkit.org/show_bug.cgi?id=60678
+
+ Make it easier to turn the gc mark validation on and off, and
+ temporarily turn it on for all builds.
+
+ * heap/MarkStack.cpp:
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::internalAppend):
+ * runtime/WriteBarrier.h:
+ (JSC::MarkStack::appendValues):
+ * wtf/Platform.h:
+
+2011-05-11 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
+
+ SunSpider reports no change.
+
+ This bug was caused by changing Structure and Executable to being GC
+ objects, and by a long-standing bug that would thrash the global object
+ between dictionary and non-dictionary states.
+
+ * runtime/BatchedTransitionOptimizer.h:
+ (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
+ eagerly transition to dictionary -- this can cause pathological dictionary
+ churn, and it's not necessary, since objects know how to automatically
+ transition to dictionary when necessary.
+
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
+ extra cost from compilation, because it can be quite high. This is especially
+ important for program code, since DOM timers can repeatedly allocate
+ program code without allocating any other objects.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::removeDirect): Don't transition to the uncacheable state
+ if the thing we're trying to remove doesn't exist. This can happen during
+ compilation, since the compiler needs to ensure that no pre-existing
+ conflicting definitions exist for certain declarations.
+
+2011-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make mark stack validation functions do something useful in a release build
+ https://bugs.webkit.org/show_bug.cgi?id=60645
+
+ Turn ASSERTs into actual if(...) CRASH(); statements.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateValue):
+
+2011-05-11 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ Fix copy&paste error in comment.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator): the value is stored in
+ regT2, not regT1.
+
+2011-05-11 Adam Roben <aroben@apple.com>
+
+ WinCE build fixes for strict PassOwnPtr
+
+ * wtf/unicode/CollatorDefault.cpp:
+ (WTF::Collator::userDefault): Use adoptPtr.
+
+2011-05-11 Holger Hans Peter Freyther <holger@moiji-mobile.com>
+
+ Unreviewed build fix.
+
+ [MIPS] Fix compilation of the MIPS JIT
+
+ Include the MIPSAssembler.h first to indirectly include
+ AssemblerBuffer.h before the AbstractMacroAssembler.h. This
+ order is used for the ARM and X86 MacroAssembler*.h
+
+ * assembler/MacroAssemblerMIPS.h:
+
+2011-05-11 Adam Roben <aroben@apple.com>
+
+ Turn on strict PassOwnPtr on Windows
+
+ Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled
+
+ Reviewed by Adam Barth.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-10 Stephanie Lewis <slewis@apple.com>
+
+ Unreviewed.
+
+ Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130
+
+ * Configurations/JavaScriptCore.xcconfig:
+
+2011-05-10 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict PassOwnPtr on Chromium
+ https://bugs.webkit.org/show_bug.cgi?id=60502
+
+ Other platforms to follow.
+
+ * wtf/PassOwnPtr.h:
+
+2011-05-10 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
+ https://bugs.webkit.org/show_bug.cgi?id=60532
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.xcodeproj/project.pbxproj: Build!
+
+ * heap/Handle.h: Moved HandleTypes to its own header because that's the
+ WebKit style, and it was necessary to resolve a circular dependency
+ between Handle.h and WriteBarrier.h.
+
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
+ verify that all the code is in the right place.
+
+ * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
+ resolve a circular dependency.
+
+ * runtime/ArgList.h:
+ * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
+ free anymore.
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
+ function, now that it exists.
+
+ * runtime/SmallStrings.h: Removed a stray #include to resolve a circular
+ dependency.
+
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::set):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::appendValues): Updated to match the changes above.
+
+2011-05-10 Oliver Hunt <oliver@apple.com>
+
+ Build fix.
+
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateValue):
+
+2011-05-10 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Add some aggressive GC validation to debug builds.
+ https://bugs.webkit.org/show_bug.cgi?id=60601
+
+ When assertions are enabled we now do some validity checking
+ of objects being added to the mark stack.
+
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
+ (JSC::PolymorphicAccessStructureList::visitAggregate):
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::validateSet):
+ (JSC::MarkStack::validateValue):
+ * heap/MarkStack.h:
+ (JSC::MarkStack::appendValues):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::internalAppend):
+
+2011-05-09 Darin Adler <darin@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ http://bugs.webkit.org/show_bug.cgi?id=60509
+ Wrong type used for return value from strlen
+
+ * wtf/FastMalloc.cpp:
+ (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
+ fastMalloc won't return if it fails.
+
+2011-05-09 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ CSP should block Function constructor
+ https://bugs.webkit.org/show_bug.cgi?id=60240
+
+ When eval is disabled, we need to block the use of the function
+ constructor. However, the WebCore JSC bindings call the function
+ constructor directly to create inline event listeners. To support that
+ use, this patch adds an entrypoint that bypasses the check for whether
+ eval is enabled.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ (JSC::constructFunctionSkippingEvalEnabledCheck):
+ * runtime/FunctionConstructor.h:
+
+2011-05-09 Adam Roben <aroben@apple.com>
+
+ Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes
+
+ Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
+ WebKit1 IDL file changes to avoid build errors
+
+ Reviewed by Tim Hatcher.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+ Updated for script rename.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
+ * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
+ from react-to-vsprops-changes.py.
+ (top level): Moved a constant here from main.
+ (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
+ react_to_webkit1_interface_changes function.
+ (react_to_vsprops_changes): Moved code here from main. Updated to use the
+ TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
+ and touch_if_older_than.
+ (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
+ file has changed.
+ (mtime_of_newest_file_matching_glob): Added. Code came from main.
+ (touch_if_older_than): Added. Code came from main.
+
+2011-05-08 Jessie Berlin <jberlin@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ Make JSRetainPtr work with JSGlobalContextRefs.
+ https://bugs.webkit.org/show_bug.cgi?id=60452
+
+ Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.
+
+ * API/JSRetainPtr.h:
+ (JSRetain):
+ (JSRelease):
+
+2011-05-07 Dawit Alemayehu <adawit@kde.org>
+
+ Reviewed by Daniel Bates.
+
+ Fix compile with GCC 4.6.0
+ https://bugs.webkit.org/show_bug.cgi?id=60380
+
+ Remove unused local variable from code.
+
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+
+2011-05-06 Alexis Menard <alexis.menard@openbossa.org>
+
+ Unreviewed build fix with gcc 4.6.0 on linux and c++0x support.
+
+ std::tr1::has_trivial_constructor is in <tr1/memory>.
+
+ * wtf/TypeTraits.h:
+
+2011-05-05 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Added convenience methods to convert from a byte to hex ASCII digit
+ characters and vice-versa.
+ https://bugs.webkit.org/show_bug.cgi?id=59834
+
+ * wtf/ASCIICType.h:
+ (WTF::toASCIIHexValue):
+ (WTF::lowerNibbleToASCIIHexDigit):
+ (WTF::upperNibbleToASCIIHexDigit):
+
+2011-05-05 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Benjamin Poulain.
+
+ [Qt] Make QtWebKit build when using gcc 4.6.0
+ https://bugs.webkit.org/show_bug.cgi?id=60265
+
+ If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate
+ the c++0x support because it works.
+
+ * JavaScriptCore.pro:
+
+2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
+
+ Reviewed by Geoffrey Garen.
+
+ Port MachineStackMarker.cpp to Windows x64
+ https://bugs.webkit.org/show_bug.cgi?id=60216
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also
+ on 64-bit Windows.
+ (JSC::otherThreadStackPointer): return the Rsp register on Windows x64.
+
+2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
+
+ Reviewed by Martin Robinson.
+
+ Link libjavascriptcoregtk on Windows with winmm.dll
+ https://bugs.webkit.org/show_bug.cgi?id=60215
+
+ * GNUmakefile.am:
+
+2011-05-04 Tao Bai <michaelbai@chromium.org>
+
+ Reviewed by David Kilzer.
+
+ Populate touch-icon url to FrameLoaderClient
+ https://bugs.webkit.org/show_bug.cgi?id=59143
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-05-03 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
+ code that accidentally survived the conversion to a switch statement,
+ causing a lot of important code not to run most of the time.
+
+ Since this is not a trivial finger-picking mistake, I will not call it a
+ typo.
+
+2011-05-04 Adam Roben <aroben@apple.com>
+
+ Another attempted build fix
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::operator==):
+ (WTF::OwnPtr::operator!=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator==):
+ (WTF::PassOwnPtr::operator!=):
+ Added a return statement. And made a tweak based on a suggestion from Anders Carlsson.
+
+2011-05-04 Adam Roben <aroben@apple.com>
+
+ Try to fix Leopard, Qt, and probably others
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::operator==):
+ (WTF::OwnPtr::operator!=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator==):
+ (WTF::PassOwnPtr::operator!=):
+ Try to get the compiler not to instantiate these function templates unnecessarily.
+
+2011-05-03 Adam Roben <aroben@apple.com>
+
+ Disallow equality comparisons between [Pass]OwnPtrs
+
+ If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something
+ really sneaky, in which case you should stop!)
+
+ Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error
+
+ Reviewed by Anders Carlsson and Antti Koivisto.
+
+ * wtf/OwnPtr.h:
+ (WTF::OwnPtr::operator==):
+ (WTF::OwnPtr::operator!=):
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::operator==):
+ (WTF::PassOwnPtr::operator!=):
+ Added private equality operators that fail to compile when used. (When not used, the
+ compiler will skip over them because they are function templates.)
+
+2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Gavin Barraclough.
+
+ JITArithmetic.cpp produces a warning on a unused variable.
+ https://bugs.webkit.org/show_bug.cgi?id=60060
+
+ Just properly use what we already have converted.
+
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emitSlow_op_add):
+ (JSC::JIT::emitSlow_op_mul):
+
+2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Geoffrey Garen.
+
+ JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0.
+ https://bugs.webkit.org/show_bug.cgi?id=60050
+
+ This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable
+ in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated
+ as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED
+ which copy the idea of ASSERT_UNUSED.
+
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::emit_op_put_by_id):
+ * wtf/Assertions.h:
+ (assertWithMessageUnused):
+
+2011-04-29 Jer Noble <jer.noble@apple.com>
+
+ Reviewed by Eric Seidel.
+
+ Implement FULLSCREEN_API on Windows, Part 4: Enable it
+ https://bugs.webkit.org/show_bug.cgi?id=59798
+
+ * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win.
+
+2011-05-03 Alexis Menard <alexis.menard@openbossa.org>
+
+ Reviewed by Eric Seidel.
+
+ Unused but set variable warning in MacroAssemberX86_64
+ https://bugs.webkit.org/show_bug.cgi?id=59482
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::call):
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
+
+2011-05-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make malloc validation useful
+ https://bugs.webkit.org/show_bug.cgi?id=57502
+
+ Reland this patch (rolled out in 82905) without
+ turning it on by default.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/FastMalloc.cpp:
+ (WTF::tryFastMalloc):
+ (WTF::fastMalloc):
+ (WTF::tryFastCalloc):
+ (WTF::fastCalloc):
+ (WTF::fastFree):
+ (WTF::tryFastRealloc):
+ (WTF::fastRealloc):
+ (WTF::fastMallocSize):
+ (WTF::TCMalloc_PageHeap::isScavengerSuspended):
+ (WTF::TCMalloc_PageHeap::scheduleScavenger):
+ (WTF::TCMalloc_PageHeap::suspendScavenger):
+ (WTF::TCMalloc_PageHeap::signalScavenger):
+ (WTF::TCMallocStats::malloc):
+ (WTF::TCMallocStats::free):
+ (WTF::TCMallocStats::fastCalloc):
+ (WTF::TCMallocStats::tryFastCalloc):
+ (WTF::TCMallocStats::calloc):
+ (WTF::TCMallocStats::fastRealloc):
+ (WTF::TCMallocStats::tryFastRealloc):
+ (WTF::TCMallocStats::realloc):
+ (WTF::TCMallocStats::fastMallocSize):
+ * wtf/FastMalloc.h:
+ (WTF::Internal::fastMallocValidationHeader):
+ (WTF::Internal::fastMallocValidationSuffix):
+ (WTF::Internal::fastMallocMatchValidationType):
+ (WTF::Internal::setFastMallocMatchValidationType):
+ (WTF::fastMallocMatchValidateFree):
+ (WTF::fastMallocValidate):
+
+2011-05-03 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Anders Carlsson.
+
+ Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield
+ https://bugs.webkit.org/show_bug.cgi?id=59261
+
+ Use unary '+' to force proper type detection in template arguments
+ with GCC 4.6.0. See bug report for more details.
+
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection.
+ (JSC::StructureTransitionTable::add): ditto.
+ * runtime/Structure.h:
+ (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto.
+
+2011-05-03 Jessie Berlin <jberlin@apple.com>
+
+ Rubber-stamped by Adam Roben.
+
+ Revert r85550 and r85575.
+
+ Variables cannot be exported via the .def file. Instead, they should be annotated with
+ JS_EXPORTDATA.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo):
+ (JSC::Structure::previousID):
+ (JSC::Structure::propertyStorageCapacity):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-05-02 Adam Roben <aroben@apple.com>
+
+ Allow implicit conversion from nullptr_t to PassOwnPtr
+
+ This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in
+ strict PassOwnPtr mode.
+
+ Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr
+ doesn't work, but should
+
+ Reviewed by Adam Barth.
+
+ * wtf/PassOwnPtr.h:
+ (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t.
+
+ * wtf/MessageQueue.h:
+ (WTF::::waitForMessageFilteredWithTimeout):
+ (WTF::::tryGetMessage):
+ Use the new implicit conversion.
+
+2011-05-02 Jessie Berlin <jberlin@apple.com>
+
+ Rubber-stamped by Oliver Hunt.
+
+ Remove an assertion that Windows was hitting on launch.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo):
+ (JSC::Structure::previousID):
+ (JSC::Structure::propertyStorageCapacity):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-05-02 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2
+
+ * Configurations/CompilerVersion.xcconfig:
+
+2011-05-02 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+
+2011-05-02 Oliver Hunt <oliver@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-05-02 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ crash in JSC::RegExp::match
+ https://bugs.webkit.org/show_bug.cgi?id=58922
+
+ Cleared chained backtrack data label when linking label even if that
+ label doesn't chain itself. This is needed so that subsequent
+ backtrack data labels point to the next outer paren and not within
+ the current paren.
+
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
+
+2011-05-02 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Tiny bit of heap cleanup.
+
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::contains): Tightened up an assertion and a comment.
+
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::globalData):
+ (JSC::MarkedSpace::highWaterMark):
+ (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class
+ definition, for better clarity.
+
+2011-05-02 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Correct marking of interpreter data in mixed mode builds
+ https://bugs.webkit.org/show_bug.cgi?id=59962
+
+ We had a few places in mixed mode builds where we would not
+ track data used by the interpreter for marking. This patch
+ corrects the problem and adds a number of assertions to catch
+ live Structures being collected.
+
+ * JavaScriptCore.exp:
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addPropertyAccessInstruction):
+ (JSC::CodeBlock::addGlobalResolveInstruction):
+ (JSC::CodeBlock::addStructureStubInfo):
+ (JSC::CodeBlock::addGlobalResolveInfo):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ * runtime/Structure.h:
+ (JSC::Structure::typeInfo):
+ (JSC::Structure::previousID):
+ (JSC::Structure::propertyStorageCapacity):
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-05-02 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Use native NullPtr when using GCC 4.6.0 and C++0x
+ https://bugs.webkit.org/show_bug.cgi?id=59252
+
+ GCC 4.6.0 has nullptr support, use it when possible.
+
+ * wtf/NullPtr.cpp: include config.h to pull in Platform.h before
+ NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition.
+ * wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to
+ use native nullptr.
+
+2011-05-02 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59950
+ Clean up AssemblerBuffer to use a Vector internally.
+
+ AssemblerBuffer handles reallocing a byte array itself - stop that.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerLabel::AssemblerLabel):
+ (JSC::AssemblerLabel::labelAtOffset):
+ (JSC::AssemblerBuffer::AssemblerBuffer):
+ (JSC::AssemblerBuffer::~AssemblerBuffer):
+ (JSC::AssemblerBuffer::isAvailable):
+ (JSC::AssemblerBuffer::ensureSpace):
+ (JSC::AssemblerBuffer::isAligned):
+ (JSC::AssemblerBuffer::putIntegral):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ (JSC::AssemblerBuffer::putByteUnchecked):
+ (JSC::AssemblerBuffer::putByte):
+ (JSC::AssemblerBuffer::putShortUnchecked):
+ (JSC::AssemblerBuffer::putShort):
+ (JSC::AssemblerBuffer::putIntUnchecked):
+ (JSC::AssemblerBuffer::putInt):
+ (JSC::AssemblerBuffer::putInt64Unchecked):
+ (JSC::AssemblerBuffer::putInt64):
+ (JSC::AssemblerBuffer::codeSize):
+ (JSC::AssemblerBuffer::label):
+ (JSC::AssemblerBuffer::executableCopy):
+ (JSC::AssemblerBuffer::rewindToLabel):
+ (JSC::AssemblerBuffer::debugOffset):
+ (JSC::AssemblerBuffer::append):
+ (JSC::AssemblerBuffer::grow):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::linkCall):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
+
+2011-05-02 Jeff Miller <jeffm@apple.com>
+
+ Reviewed by Alexy Proskuryakov.
+
+ Avoid potential buffer overflow in WTFLog() and WTFLogVerbose()
+ https://bugs.webkit.org/show_bug.cgi?id=59949
+
+ * wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose().
+
+2011-05-02 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ StringImpl::endsWith has some insane code
+ https://bugs.webkit.org/show_bug.cgi?id=59900
+
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::endsWith):
+ - m_data shadows a member variable of the same name.
+
+2011-05-02 Gabor Loki <loki@webkit.org>
+
+ Buildfix for ARM after r85448
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::loadBranchTarget):
+
+2011-05-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Strict-mode only reserved words not reserved
+ https://bugs.webkit.org/show_bug.cgi?id=55342
+
+ Fix line number tracking when we rollback the lexer.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::parseSourceElements):
+
+2011-05-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ ES5 Strict mode does not allow getter and setter for same propId
+ https://bugs.webkit.org/show_bug.cgi?id=57295
+
+ Simplify and correct the logic for strict mode object literals.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::parseStrictObjectLiteral):
+
+2011-05-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Assigning to function identifier under strict should throw
+ https://bugs.webkit.org/show_bug.cgi?id=59289
+
+ Add logic to StaticScopeObject to ensure we don't silently consume
+ writes to constant properties.
+
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+
+2011-05-01 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59903
+ Use AssemblerLabel throughout Assembler classes, AssemblerBuffer
+
+ Creating a lable() into the AssemblerBuffer should return an AssemblerLabel,
+ not an unsigned int.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::blx):
+ (JSC::ARMAssembler::label):
+ (JSC::ARMAssembler::loadBranchTarget):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::label):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::label):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::label):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::label):
+ (JSC::MIPSAssembler::relocateJumps):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::loadConstant):
+ (JSC::SH4Assembler::loadConstantUnReusable):
+ (JSC::SH4Assembler::call):
+ (JSC::SH4Assembler::jmp):
+ (JSC::SH4Assembler::jne):
+ (JSC::SH4Assembler::je):
+ (JSC::SH4Assembler::label):
+ (JSC::SH4Assembler::oneShortOp):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::call):
+ (JSC::X86Assembler::jmp_r):
+ (JSC::X86Assembler::label):
+ (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
+ (JSC::X86Assembler::X86InstructionFormatter::label):
+
+2011-05-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict mode for OwnPtr and PassOwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=59428
+
+ * wtf/OwnPtr.h:
+
+2011-05-01 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Enable strict OwnPtr for PLATFORM(WIN)
+ https://bugs.webkit.org/show_bug.cgi?id=59881
+
+ * wtf/OwnPtr.h:
+
+2011-05-01 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59896
+ Remove JmpSrc/JmpDst types.
+
+ The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these
+ object be per-assembler in unhelpful, causes unnecessary code duplication,
+ and prevents the AssemblerBuffer from providing a richer type for labels.
+ The limited semantic meaning that they did convey is undermined by the manner
+ in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst
+ for data labels).
+
+ Jumps on ARMv7 have had additional information added to the object via the
+ ARMv7 JmpSrc. This data should probably be in the instruction stream. This
+ patch does not fix the problem, and moves the data (ifdefed) to
+ AbstractMacroAssembler::Jump (which is effectively where it was before!).
+ This at least closes the hole such that no further data may be added to JmpSrc,
+ but this is unfortunate, and should be cleaned up.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::blx):
+ (JSC::ARMAssembler::label):
+ (JSC::ARMAssembler::align):
+ (JSC::ARMAssembler::loadBranchTarget):
+ (JSC::ARMAssembler::jmp):
+ (JSC::ARMAssembler::linkPointer):
+ (JSC::ARMAssembler::linkJump):
+ (JSC::ARMAssembler::linkCall):
+ (JSC::ARMAssembler::getRelocatedAddress):
+ (JSC::ARMAssembler::getDifferenceBetweenLabels):
+ (JSC::ARMAssembler::getCallReturnOffset):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::label):
+ (JSC::ARMv7Assembler::align):
+ (JSC::ARMv7Assembler::getRelocatedAddress):
+ (JSC::ARMv7Assembler::getDifferenceBetweenLabels):
+ (JSC::ARMv7Assembler::getCallReturnOffset):
+ (JSC::ARMv7Assembler::linkJump):
+ (JSC::ARMv7Assembler::linkCall):
+ (JSC::ARMv7Assembler::linkPointer):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Label::isSet):
+ (JSC::AbstractMacroAssembler::Call::Call):
+ (JSC::AbstractMacroAssembler::Jump::Jump):
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+ (JSC::AbstractMacroAssembler::linkPointer):
+ (JSC::AbstractMacroAssembler::getLinkerAddress):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerLabel::AssemblerLabel):
+ (JSC::AssemblerLabel::isSet):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::patch):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::label):
+ (JSC::MIPSAssembler::align):
+ (JSC::MIPSAssembler::getRelocatedAddress):
+ (JSC::MIPSAssembler::getDifferenceBetweenLabels):
+ (JSC::MIPSAssembler::getCallReturnOffset):
+ (JSC::MIPSAssembler::linkJump):
+ (JSC::MIPSAssembler::linkCall):
+ (JSC::MIPSAssembler::linkPointer):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::branchDouble):
+ (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN):
+ (JSC::MacroAssemblerARMv7::jump):
+ (JSC::MacroAssemblerARMv7::nearCall):
+ (JSC::MacroAssemblerARMv7::call):
+ (JSC::MacroAssemblerARMv7::ret):
+ (JSC::MacroAssemblerARMv7::tailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::nearCall):
+ (JSC::MacroAssemblerMIPS::call):
+ (JSC::MacroAssemblerMIPS::tailRecursiveCall):
+ (JSC::MacroAssemblerMIPS::branchTrue):
+ (JSC::MacroAssemblerMIPS::branchFalse):
+ (JSC::MacroAssemblerMIPS::branchEqual):
+ (JSC::MacroAssemblerMIPS::branchNotEqual):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::call):
+ (JSC::SH4Assembler::jmp):
+ (JSC::SH4Assembler::jne):
+ (JSC::SH4Assembler::je):
+ (JSC::SH4Assembler::label):
+ (JSC::SH4Assembler::align):
+ (JSC::SH4Assembler::linkJump):
+ (JSC::SH4Assembler::linkCall):
+ (JSC::SH4Assembler::linkPointer):
+ (JSC::SH4Assembler::getCallReturnOffset):
+ (JSC::SH4Assembler::getRelocatedAddress):
+ (JSC::SH4Assembler::getDifferenceBetweenLabels):
+ (JSC::SH4Assembler::patchPointer):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::call):
+ (JSC::X86Assembler::jmp):
+ (JSC::X86Assembler::jmp_r):
+ (JSC::X86Assembler::jne):
+ (JSC::X86Assembler::jnz):
+ (JSC::X86Assembler::je):
+ (JSC::X86Assembler::jz):
+ (JSC::X86Assembler::jl):
+ (JSC::X86Assembler::jb):
+ (JSC::X86Assembler::jle):
+ (JSC::X86Assembler::jbe):
+ (JSC::X86Assembler::jge):
+ (JSC::X86Assembler::jg):
+ (JSC::X86Assembler::ja):
+ (JSC::X86Assembler::jae):
+ (JSC::X86Assembler::jo):
+ (JSC::X86Assembler::jp):
+ (JSC::X86Assembler::js):
+ (JSC::X86Assembler::jCC):
+ (JSC::X86Assembler::label):
+ (JSC::X86Assembler::labelFor):
+ (JSC::X86Assembler::align):
+ (JSC::X86Assembler::linkJump):
+ (JSC::X86Assembler::linkCall):
+ (JSC::X86Assembler::linkPointer):
+ (JSC::X86Assembler::getCallReturnOffset):
+ (JSC::X86Assembler::getRelocatedAddress):
+ (JSC::X86Assembler::getDifferenceBetweenLabels):
+ (JSC::X86Assembler::rewindToLabel):
+ (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
+ (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileMainPass):
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::atJumpTarget):
+ (JSC::JIT::emitGetVirtualRegister):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jmp):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_jneq_ptr):
+ (JSC::JIT::emit_op_jsr):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emit_op_jmp_scopes):
+
+2011-05-01 Chao-ying Fu <fu@mips.com>
+
+ Reviewed by Eric Seidel.
+
+ Fix MIPS build due to the split of "Condition" enum
+ https://bugs.webkit.org/show_bug.cgi?id=59407
+
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::debugOffset):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::branch32):
+ (JSC::MacroAssemblerMIPS::compare32):
+
+2011-04-30 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Enable strict OwnPtr for GTK
+ https://bugs.webkit.org/show_bug.cgi?id=59861
+
+ * wtf/OwnPtr.h:
+
+2011-04-30 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix.
+
+ * assembler/AssemblerBufferWithConstantPool.h:
+
+2011-04-30 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59869 - AssemblerBuffer cleanup - disambiguate size()
+
+ The method size() is called on the AssemblerBuffer both to acquire
+ the complete size of the code, and to get a position to use as a
+ label into the code. Instead, add an explicit 'label' method.
+
+ * assembler/ARMAssembler.cpp:
+ (JSC::ARMAssembler::executableCopy):
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::blx):
+ (JSC::ARMAssembler::codeSize):
+ (JSC::ARMAssembler::label):
+ (JSC::ARMAssembler::loadBranchTarget):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::b):
+ (JSC::ARMv7Assembler::blx):
+ (JSC::ARMv7Assembler::bx):
+ (JSC::ARMv7Assembler::label):
+ (JSC::ARMv7Assembler::codeSize):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize):
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::data):
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::codeSize):
+ (JSC::AssemblerBuffer::label):
+ * assembler/AssemblerBufferWithConstantPool.h:
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::newJmpSrc):
+ (JSC::MIPSAssembler::appendJump):
+ (JSC::MIPSAssembler::label):
+ (JSC::MIPSAssembler::codeSize):
+ (JSC::MIPSAssembler::relocateJumps):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::loadConstant):
+ (JSC::SH4Assembler::loadConstantUnReusable):
+ (JSC::SH4Assembler::call):
+ (JSC::SH4Assembler::jmp):
+ (JSC::SH4Assembler::jne):
+ (JSC::SH4Assembler::je):
+ (JSC::SH4Assembler::label):
+ (JSC::SH4Assembler::executableCopy):
+ (JSC::SH4Assembler::oneShortOp):
+ (JSC::SH4Assembler::codeSize):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::call):
+ (JSC::X86Assembler::jmp_r):
+ (JSC::X86Assembler::codeSize):
+ (JSC::X86Assembler::label):
+ (JSC::X86Assembler::executableCopy):
+ (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
+ (JSC::X86Assembler::X86InstructionFormatter::codeSize):
+ (JSC::X86Assembler::X86InstructionFormatter::label):
+ (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-04-29 Adam Barth <abarth@webkit.org>
+
+ Attempt to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-04-29 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ CSP script-src should block eval
+ https://bugs.webkit.org/show_bug.cgi?id=59850
+
+ ggaren recommend a different approach to this patch, essentially
+ installing a new function for function-eval and changing the AST
+ representation of operator-eval to call function-eval. However, I'm
+ not sure that approach is workable because the ASTBuilder doesn't know
+ about global objects, and there is added complication due to the cache.
+
+ This approach is more dynamic, adding a branch in EvalExecutable to
+ detect whether eval is current disabled in the lexical scope. The spec
+ is slightly unclear about whether we should return undefined or throw
+ an exception. I've asked Brandon to clarify the spec, but throwing an
+ exception seems natural.
+
+ * JavaScriptCore.exp:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::disableEval):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::isEvalEnabled):
+
+2011-04-29 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59847
+ Remove linkOffset from LinkBuffer
+
+ This is redundant since removal of recompilation for exception info.
+
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::LinkBuffer):
+ (JSC::LinkBuffer::linkCode):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ (JSC::JIT::compile):
+ (JSC::JIT::compileCTIMachineTrampolines):
+ (JSC::JIT::compileCTINativeCall):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::finalize):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::compile):
+
+2011-04-29 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt & Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59221
+ [RegexFuzz] Regression blocking testing
+
+ Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion
+ node, emitDisjunction recursively calls to itself to emit the nested disjunction
+ the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into
+ account the uncheck that has just taken place).
+
+ Also, the special handling given to countToCheck in the case of parenthetical
+ assertions is nonsense, delete it, along with the isParentheticalAssertion argument.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+
+2011-04-29 Csaba Osztrogonác <ossy@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Enable strict OwnPtr for Qt
+ https://bugs.webkit.org/show_bug.cgi?id=59667
+
+ * wtf/OwnPtr.h:
+
+2011-04-29 Dean Jackson <dino@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Add ENABLE macro for WebKitAnimation
+ https://bugs.webkit.org/show_bug.cgi?id=59729
+
+ Add new feature to toggle WebKit Animation API.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-28 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Mark Rowe.
+
+ Install testapi.js along side testapi
+ https://bugs.webkit.org/show_bug.cgi?id=59773
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Add new build phase to copy testapi.js to install path of testapi
+ on install.
+
+2011-04-28 David Levin <levin@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Remove IMAGE_RESIZER related code.
+ https://bugs.webkit.org/show_bug.cgi?id=59735
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59763
+ DFG JIT - Unify FPRReg & FPRegisterID
+
+ (Following on from GPRReg/RegisterID unification).
+
+ * dfg/DFGFPRInfo.h:
+ (JSC::DFG::FPRInfo::toRegister):
+ (JSC::DFG::FPRInfo::debugName):
+ * dfg/DFGGPRInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ (JSC::DFG::JITCodeGenerator::flushRegisters):
+ (JSC::DFG::JITCodeGenerator::isFlushed):
+ (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
+ (JSC::DFG::JITCodeGenerator::setupStubArguments):
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ (JSC::DFG::GPRResult::lockedResult):
+ (JSC::DFG::FPRResult::lockedResult):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::numberToInt32):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::iterator::regID):
+ (JSC::DFG::RegisterBank::iterator::debugName):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-04-28 David Kilzer <ddkilzer@apple.com>
+
+ Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called"
+
+ This reverts commit r85195. It was crashing DumpRenderTree on Lion.
+
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::postTimer):
+
+2011-04-28 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Remove WML
+ https://bugs.webkit.org/show_bug.cgi?id=59678
+
+ Remove the WML configuration option from the Mac build system.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r85233 and r85235.
+ http://trac.webkit.org/changeset/85233
+ http://trac.webkit.org/changeset/85235
+ https://bugs.webkit.org/show_bug.cgi?id=59754
+
+ Causes issues with jsc. (Requested by dave_levin on #webkit).
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::ExecutablePool):
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider):
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp):
+ * wtf/CMakeLists.txt:
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::ref):
+ (WTF::RefCountedBase::hasOneRef):
+ (WTF::RefCountedBase::refCount):
+ (WTF::RefCountedBase::derefBase):
+ * wtf/SizeLimits.cpp:
+ * wtf/ThreadRestrictionVerifier.h: Removed.
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer):
+
+2011-04-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59740 - DFG JIT - Unify GPRReg & RegisterID
+
+ Currently we use a mix of enum values throughout the DFG JIT to represent
+ gpr registers - the RegisterID provided by the MacroAssembler, and the
+ GPRReg enum giving the sequential register set over which the RegisterBank
+ allocates. Unify the two.
+
+ Patch to unify FPRReg in a similar fashion will follow.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGFPRInfo.h: Added.
+ (JSC::DFG::next):
+ (JSC::DFG::FPRBankInfo::toRegister):
+ (JSC::DFG::FPRBankInfo::toIndex):
+ * dfg/DFGGPRInfo.h: Added.
+ (JSC::DFG::GPRInfo::toRegister):
+ (JSC::DFG::GPRInfo::toIndex):
+ (JSC::DFG::GPRInfo::debugName):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ (JSC::DFG::GPRTemporary::GPRTemporary):
+ (JSC::DFG::FPRTemporary::FPRTemporary):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::boxDouble):
+ (JSC::DFG::JITCodeGenerator::unboxDouble):
+ (JSC::DFG::JITCodeGenerator::spill):
+ (JSC::DFG::JITCodeGenerator::flushRegisters):
+ (JSC::DFG::JITCodeGenerator::isFlushed):
+ (JSC::DFG::JITCodeGenerator::bitOp):
+ (JSC::DFG::JITCodeGenerator::shiftOp):
+ (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
+ (JSC::DFG::JITCodeGenerator::setupStubArguments):
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ (JSC::DFG::IntegerOperand::gpr):
+ (JSC::DFG::DoubleOperand::gpr):
+ (JSC::DFG::GPRTemporary::gpr):
+ (JSC::DFG::FPRTemporary::gpr):
+ (JSC::DFG::GPRResult::lockedResult):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ (JSC::DFG::JITCompiler::compileFunction):
+ (JSC::DFG::JITCompiler::jitAssertIsInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
+ (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
+ (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::preserveReturnAddressAfterCall):
+ (JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn):
+ (JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr):
+ (JSC::DFG::JITCompiler::emitPutToCallFrameHeader):
+ (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
+ (JSC::DFG::JITCompiler::addressForGlobalVar):
+ (JSC::DFG::JITCompiler::addressFor):
+ (JSC::DFG::JITCompiler::tagFor):
+ (JSC::DFG::JITCompiler::payloadFor):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::EntryLocation::EntryLocation):
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::numberToInt32):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::allocate):
+ (JSC::DFG::RegisterBank::retain):
+ (JSC::DFG::RegisterBank::release):
+ (JSC::DFG::RegisterBank::lock):
+ (JSC::DFG::RegisterBank::unlock):
+ (JSC::DFG::RegisterBank::isLocked):
+ (JSC::DFG::RegisterBank::name):
+ (JSC::DFG::RegisterBank::iterator::name):
+ (JSC::DFG::RegisterBank::iterator::isLocked):
+ (JSC::DFG::RegisterBank::iterator::release):
+ (JSC::DFG::RegisterBank::iterator::gpr):
+ (JSC::DFG::RegisterBank::iterator::debugName):
+ (JSC::DFG::RegisterBank::iterator::operator++):
+ (JSC::DFG::RegisterBank::iterator::operator!=):
+ (JSC::DFG::RegisterBank::iterator::index):
+ (JSC::DFG::RegisterBank::iterator::iterator):
+ (JSC::DFG::RegisterBank::begin):
+ (JSC::DFG::RegisterBank::end):
+ (JSC::DFG::RegisterBank::isLockedAtIndex):
+ (JSC::DFG::RegisterBank::nameAtIndex):
+ (JSC::DFG::RegisterBank::releaseAtIndex):
+ (JSC::DFG::RegisterBank::allocateInternal):
+ (JSC::DFG::RegisterBank::MapEntry::MapEntry):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculationCheck::SpeculationCheck):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculateIntegerOperand::gpr):
+
+2011-04-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove evil addressOfStructure() function
+ https://bugs.webkit.org/show_bug.cgi?id=59739
+
+ Remove the addressOfStructure function from JSCell, and update
+ callsites to use the same logic as testPrototype()
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ * runtime/JSCell.h:
+
+2011-04-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Clean up testPrototype()
+ https://bugs.webkit.org/show_bug.cgi?id=59734
+
+ Remove direct pointer to the inside of a GC object and just do
+ the indirect load manually. Doesn't effect sunspider but does
+ clean up the code quite a bit, and simplifies the handling of
+ GC values.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::testPrototype):
+
+2011-04-28 David Levin <levin@chromium.org>
+
+ Build fix.
+
+ * wtf/RefCounted.h: Fix inverted ifdef.
+
+2011-04-07 David Levin <levin@chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Add asserts to RefCounted to make sure ref/deref happens on the right thread.
+ https://bugs.webkit.org/show_bug.cgi?id=31639
+
+ * GNUmakefile.list.am: Added new files to the build.
+ * JavaScriptCore.gypi: Ditto.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
+ due to not being able to figure out what was guarding it (bug 58091).
+ * parser/SourceProvider.h:
+ (JSC::SourceProvider::SourceProvider): Ditto.
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::RegExp): Ditto.
+ * wtf/CMakeLists.txt: Added new files to the build.
+ * wtf/ThreadRestrictionVerifier.h: Added.
+ Everything is done in the header to avoid the issue with exports
+ that are only useful in debug but still needing to export them.
+ * wtf/RefCounted.h:
+ (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
+ and filed bug 58171 about making it stricter.
+ (WTF::RefCountedBase::hasOneRef): Ditto.
+ (WTF::RefCountedBase::refCount): Ditto.
+ (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
+ on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
+ (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
+ Filed bug 58174 to remove this method.
+ (WTF::RefCountedBase::derefBase):
+ * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
+ * wtf/text/CString.h:
+ (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
+ done in Chromium's test_shell (bug 58093).
+
+2011-04-28 Xan Lopez <xlopez@igalia.com>
+
+ Unreviewed attempt to fix the build.
+
+ * GNUmakefile.am: add -lpthread.
+
+2011-04-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Only need a single implementation of testPrototype
+ https://bugs.webkit.org/show_bug.cgi?id=59724
+
+ Remove excess copy of identical testPrototype() code
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::testPrototype):
+ * jit/JITPropertyAccess32_64.cpp:
+
+2011-04-28 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ [Gtk] Split JSC and WebCore builds
+ https://bugs.webkit.org/show_bug.cgi?id=19428
+
+ Build JavaScriptCore as a libtool shared library instead of a
+ private convenience library.
+
+ * GNUmakefile.am: define new jsc library and adapt to new name for
+ javascriptcore target.
+ * GNUmakefile.list.am: ditto.
+
+2011-04-28 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called
+
+ Reviewed by Simon Fraser.
+
+ * wtf/mac/MainThreadMac.mm:
+ (WTF::postTimer): Use RetainPtr to plug the leak.
+
+2011-04-27 Sam Weinig <sam@webkit.org>
+
+ Reviewed by David Kilzer.
+
+ Add way to install testapi in production builds
+ https://bugs.webkit.org/show_bug.cgi?id=59674
+
+ * Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig.
+ Add configuration file for TestAPI. In addition to name, we now specify an install path
+ and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig
+ file.
+
+2011-04-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict OwnPtrs for Chromium
+ https://bugs.webkit.org/show_bug.cgi?id=59666
+
+ * wtf/OwnPtr.h:
+
+2011-04-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Add ability to remove keys from weakmap API
+ https://bugs.webkit.org/show_bug.cgi?id=59645
+
+ Add JSWeakObjectMapRemove API
+
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * API/JSWeakObjectMapRefPrivate.h:
+ * JavaScriptCore.exp:
+
+2011-04-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by David Levin.
+
+ Enable strict mode for OwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=59428
+
+ This patch enables strict mode for OwnPtr on PLATFORM(MAC) only.
+
+ * wtf/OwnPtr.h:
+
+2011-04-27 Steve Block <steveblock@google.com>
+
+ Reviewed by David Levin.
+
+ Remove Android build system
+ https://bugs.webkit.org/show_bug.cgi?id=48111
+
+ This is to avoid the maintenance burden until the Android port is
+ fully upstreamed.
+
+ * Android.mk: Removed.
+ * Android.v8.wtf.mk: Removed.
+
+2011-04-27 Mark Rowe <mrowe@apple.com>
+
+ Fix 32-bit build after r85036.
+
+ * wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit.
+
+2011-04-27 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed buildfix after r85036.
+
+ Readd non-dead code.
+
+ * wtf/OSAllocatorPosix.cpp:
+ (WTF::OSAllocator::reserveAndCommit):
+
+2011-04-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Kenneth Russell.
+
+ OwnPtr assignment operator should be private
+ https://bugs.webkit.org/show_bug.cgi?id=59487
+
+ Unfortunately we can't remove the copy constructor because of some
+ detail about gcc. (The issue is documented in a comment already.)
+
+ * wtf/OwnPtr.h:
+
+2011-04-26 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84977.
+ http://trac.webkit.org/changeset/84977
+ https://bugs.webkit.org/show_bug.cgi?id=59568
+
+ caused crashes on the SL WK2 bots (Requested by jessieberlin
+ on #webkit).
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::call):
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
+
+2011-04-26 Kevin Ollivier <kevino@theolliviers.com>
+
+ Rubberstamped by Eric Seidel.
+
+ Enable waf to be used to build other ports
+ https://bugs.webkit.org/show_bug.cgi?id=58213
+
+ * wscript:
+
+2011-04-26 Sam Weinig <sam@webkit.org>
+
+ Reviewed by David Hyatt.
+
+ Remove Datagrid from the tree
+ https://bugs.webkit.org/show_bug.cgi?id=59543
+
+ * Configurations/FeatureDefines.xcconfig:
+ Remove feature.
+
+2011-04-26 Adrienne Walker <enne@google.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Fix incorrect use of OwnPtr<T*> in GCActivityCallback
+ https://bugs.webkit.org/show_bug.cgi?id=59559
+
+ * runtime/GCActivityCallback.h:
+
+2011-04-26 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Daniel Bates.
+
+ Unused but set variable warning in MacroAssembelX86_64
+ https://bugs.webkit.org/show_bug.cgi?id=59482
+
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::call): do not declare the label
+ variable if we are not going to use it.
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto.
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto.
+
+2011-04-26 Dan Bernstein <mitz@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Choose the compiler based on the Xcode version for Snow Leopard debug builds.
+
+ * Configurations/Base.xcconfig:
+ * Configurations/CompilerVersion.xcconfig: Added.
+
+2011-04-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Nixed special finalizer handling for WebCore strings
+ https://bugs.webkit.org/show_bug.cgi?id=59425
+
+ SunSpider reports no change.
+
+ Not needed anymore, since weak handles have finalizers.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory):
+ (JSC::JSString::substringFromRope):
+ (JSC::JSString::replaceCharacter): Updated for removal of union.
+
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::~JSString):
+ (JSC::RopeBuilder::appendStringInConstruct):
+ (JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for
+ union or special constructor anymore.
+
+2011-04-26 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ Speeding up SVG filters with multicore (SMP) support
+ https://bugs.webkit.org/show_bug.cgi?id=43903
+
+ Some SVG filters execute a huge number of pixel manipulations, which
+ cannot be sped up by graphics accelerators, since their algorithm is
+ too complex. Using the power of Symmetric Multi Processing (SMP) we
+ can split up a task to smaller (data independent) tasks, which can be
+ executed independently.
+
+ The ParallelJobs framework provides a simple way for distributed
+ programming. The framework is based on WebKit's threading infrastructure,
+ Open Multi-Processing's (OpenMP) API, and libdispatch API.
+
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/ParallelJobs.h: Added.
+ (WTF::ParallelJobs::ParallelJobs):
+ (WTF::ParallelJobs::numberOfJobs):
+ (WTF::ParallelJobs::parameterForJob):
+ (WTF::ParallelJobs::executeJobs):
+ * wtf/ParallelJobsGeneric.cpp: Added.
+ (WTF::ParallelEnvironment::ThreadPrivate::tryLockFor):
+ (WTF::ParallelEnvironment::ThreadPrivate::executeJob):
+ (WTF::ParallelEnvironment::ThreadPrivate::waitForFinish):
+ (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
+ * wtf/ParallelJobsGeneric.h: Added.
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::numberOfJobs):
+ (WTF::ParallelEnvironment::parameterForJob):
+ (WTF::ParallelEnvironment::executeJobs):
+ (WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate):
+ (WTF::ParallelEnvironment::ThreadPrivate::create):
+ * wtf/ParallelJobsLibdispatch.h: Added.
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::numberOfJobs):
+ (WTF::ParallelEnvironment::parameterForJob):
+ (WTF::ParallelEnvironment::executeJobs):
+ * wtf/ParallelJobsOpenMP.h: Added.
+ (WTF::ParallelEnvironment::ParallelEnvironment):
+ (WTF::ParallelEnvironment::numberOfJobs):
+ (WTF::ParallelEnvironment::parameterForJob):
+ (WTF::ParallelEnvironment::executeJobs):
+ * wtf/Platform.h:
+ * wtf/wtf.pri:
+
+2011-04-26 Mihai Parparita <mihaip@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Turn off make built-in implicit rules for derived sources makefile
+ https://bugs.webkit.org/show_bug.cgi?id=59418
+
+ We don't use any of make's built-in implicit rules, turning them off
+ speeds up parsing of the makefile.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * gyp/generate-derived-sources.sh:
+
+2011-04-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Custom prototypes on DOM objects don't persist after garbage collection
+ https://bugs.webkit.org/show_bug.cgi?id=59412
+
+ SunSpider reports no change.
+
+ The hasCustomProperties() check didn't check for a custom prototype.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::hasCustomProperties): Changed to delegate to Structure
+ because it is the "truth" about an object's pedigree.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ * runtime/Structure.h:
+ (JSC::Structure::didTransition): Track whether a Structure has ever
+ transitioned for any reason. If so, we have to assume that the object
+ holding it is custom in some way.
+
+2011-04-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ https://bugs.webkit.org/show_bug.cgi?id=59405
+ DFG JIT - add type speculation for integer & array types, for vars & args.
+
+ If a var or argument is used as the base for a GetByVal or PutByVal access
+ we are speculating that it is of type Array (we only generate code on the
+ speculative path to perform array accesses). By typing the var or args slot
+ as Array, and checking on entry to the function (in the case of args), and
+ each time the local is written to, we can avoid a type check at each point
+ the array is accessed. This will typically hoist type checks out of loops.
+
+ Similarly, any local that is incremented or decremented, or is the input or
+ output or a bitwise operator, is likely to be an integer. By typing the
+ local as int32 we can avoid speculation checks on access, and tagging when
+ writing to the slot. All accesses can become 32bit instead of 64.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::predictArray):
+ (JSC::DFG::ByteCodeParser::predictInt32):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::PredictionSlot::PredictionSlot):
+ (JSC::DFG::Graph::Graph):
+ (JSC::DFG::Graph::predict):
+ (JSC::DFG::Graph::getPrediction):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::tagFor):
+ (JSC::DFG::JITCompiler::payloadFor):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
+ (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
+ * dfg/DFGSpeculativeJIT.h:
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+
+2011-04-25 David Levin <levin@chromium.org>
+
+ Reviewed by James Robinson.
+
+ Fix OwnPtr strict mode violation in MessageQueue.h
+ https://bugs.webkit.org/show_bug.cgi?id=59400
+
+ * wtf/MessageQueue.h:
+ (WTF::::waitForMessage):
+ (WTF::::waitForMessageFilteredWithTimeout):
+ (WTF::::tryGetMessage):
+
+2011-04-25 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ JavaScriptCore should play nice strict OwnPtrs
+ https://bugs.webkit.org/show_bug.cgi?id=59401
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+ * heap/Heap.cpp:
+ (JSC::TypeCounter::TypeCounter):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ * parser/JSParser.cpp:
+ (JSC::JSParser::Scope::Scope):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
+
+2011-04-25 Mark Rowe <mrowe@apple.com>
+
+ Build fix.
+
+ * wtf/ListHashSet.h:
+
+2011-04-25 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59370 - DFG JIT - fix leak of BlocksBlocks
+ (put the blocks immediately into an OwnPtr).
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-04-25 James Robinson <jamesr@chromium.org>
+
+ Reviewed by David Levin.
+
+ Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor
+ https://bugs.webkit.org/show_bug.cgi?id=59353
+
+ * wtf/ListHashSet.h:
+ (WTF::::ListHashSet):
+
+2011-04-25 David Levin <levin@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Fix PassOwnPtr issues in Structure and JSGlobalData.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=59347
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/Structure.cpp:
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::createPropertyMap):
+ * runtime/Structure.h:
+
+2011-04-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make ClassInfo required when creating a Structure
+ https://bugs.webkit.org/show_bug.cgi?id=59340
+
+ Add ClassInfo to all those types which currently don't
+ have it, and add an assertion to Structure::create to
+ ensure that the provided classInfo is not null.
+
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/GetterSetter.cpp:
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/JSAPIValueWrapper.cpp:
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSString.cpp:
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::JSCell::createDummyStructure):
+
+2011-04-25 David Levin <levin@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=59342
+
+ This patch is to prepare for the strict OwnPtr hack-a-thon.
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::copy):
+
+2011-04-25 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Rationalize MacroAssembler branch methods
+ https://bugs.webkit.org/show_bug.cgi?id=58950
+
+ split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition'
+ and apply related changes (only for SH4 platforms).
+
+ * assembler/MacroAssemblerSH4.cpp:
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::compare32):
+ (JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerSH4::branchDouble):
+ (JSC::MacroAssemblerSH4::branch32):
+ (JSC::MacroAssemblerSH4::branchTest8):
+ (JSC::MacroAssemblerSH4::branch8):
+ (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
+ (JSC::MacroAssemblerSH4::test8):
+ (JSC::MacroAssemblerSH4::branch16):
+ (JSC::MacroAssemblerSH4::branchTest32):
+ (JSC::MacroAssemblerSH4::branchAdd32):
+ (JSC::MacroAssemblerSH4::branchMul32):
+ (JSC::MacroAssemblerSH4::branchSub32):
+ (JSC::MacroAssemblerSH4::branchOr32):
+ (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
+ (JSC::MacroAssemblerSH4::branchPtrWithPatch):
+ (JSC::MacroAssemblerSH4::SH4Condition):
+ * assembler/SH4Assembler.h:
+ (JSC::SH4Assembler::cmpEqImmR0):
+
+2011-04-25 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ PropertyMapHashTable should work with strict OwnPtr
+ https://bugs.webkit.org/show_bug.cgi?id=59337
+
+ This patch is in preparation for the strict OwnPtr hack-a-thon.
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::PropertyTable):
+ (JSC::PropertyTable::addDeletedOffset):
+
+2011-04-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Nixed MarkStack::deprecatedAppend, since it has no clients left.
+
+ * heap/MarkStack.h:
+
+2011-04-23 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?:
+
+ SetLocals to temporaries will only be generated if they are used within other
+ blocks, due to the SSA based DCE.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getLocal):
+ (JSC::DFG::ByteCodeParser::setLocal):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processPhiStack):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig & Geoff Garen.
+
+ Bug 59266 - DFG JIT - Add SSA style DCE
+
+ This works by making GetLocal nodes reference SetLocal nodes from prior blocks,
+ via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a
+ matching child Phi, and add the Phi to a work queue to add references to prior
+ definitions once we have the full CFG & can determine predecessors. This process
+ is iterative, inserting new phis into predecessors as necessary.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::processWorkQueue):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::refChildren):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::ref):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::ref):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::dump):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-22 Vitaly Repeshko <vitalyr@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Add missing default constructors for HashMap iterator specializations.
+ https://bugs.webkit.org/show_bug.cgi?id=59250
+
+ * wtf/HashIterators.h:
+ * wtf/HashTable.h:
+ (WTF::HashTableConstIterator::HashTableConstIterator): Added cast
+ to help compiler find the function template.
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 59262 - DFG JIT - reduce size of VariableRecord
+
+ We never need both the get & set node, only the most recent
+ (which is always a set, if both exist).
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::VariableRecord::VariableRecord):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks,
+ such that this information is available for DCE. Also, since this enlarges the
+ size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a
+ vector of blocks.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::VariableRecord::VariableRecord):
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::getBytecodeBegin):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ (JSC::DFG::Graph::blockForBytecodeOffset):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Errk, build fix.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop,
+ move out the call to checkConsistency().
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+ (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
+
+2011-04-21 Vitaly Repeshko <vitalyr@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Provide default constructors for HashMap iterators.
+ https://bugs.webkit.org/show_bug.cgi?id=59151
+
+ These will be used to implement an iterator over EventTarget's
+ listeners.
+
+ * wtf/HashTable.h:
+ (WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter):
+ (WTF::HashTableIteratorAdapter::HashTableIteratorAdapter):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks
+
+ These will be necessary for DCE support.
+ Also factor allocateVirtualRegisters out into its own method.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::setupPredecessors):
+ (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::blockForBytecodeOffset):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::isTerminal):
+
+2011-04-22 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Object.create creates uncachable objects
+ https://bugs.webkit.org/show_bug.cgi?id=59164
+
+ Use the prototype object's inheritorID, as we
+ should always have done
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::nullPrototypeObjectStructure):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+
+2011-04-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result
+
+ We currently allocate virtual registers to nodes which have no result - these are
+ clearly unused, and may result in us allocating a larger than necessary stack frame.
+
+ Encapsulate Node::virtualRegister such that we can ASSERT this is only called on
+ nodes that have results, and improve the quality of output from the consistency check.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::ref):
+ (JSC::DFG::Graph::deref):
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::dump):
+ (JSC::DFG::JITCodeGenerator::checkConsistency):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::canReuse):
+ (JSC::DFG::JITCodeGenerator::isFilled):
+ (JSC::DFG::JITCodeGenerator::isFilledDouble):
+ (JSC::DFG::JITCodeGenerator::use):
+ (JSC::DFG::JITCodeGenerator::integerResult):
+ (JSC::DFG::JITCodeGenerator::noResult):
+ (JSC::DFG::JITCodeGenerator::cellResult):
+ (JSC::DFG::JITCodeGenerator::jsValueResult):
+ (JSC::DFG::JITCodeGenerator::doubleResult):
+ (JSC::DFG::JITCodeGenerator::initConstantInfo):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::hasResult):
+ (JSC::DFG::Node::virtualRegister):
+ (JSC::DFG::Node::setVirtualRegister):
+ (JSC::DFG::Node::refCount):
+ (JSC::DFG::Node::ref):
+ (JSC::DFG::Node::deref):
+ (JSC::DFG::Node::adjustedRefCount):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::use):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-22 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Gavin Barraclough and Oliver Hunt.
+
+ Arrays should participate in global object forwarding fun
+ https://bugs.webkit.org/show_bug.cgi?id=59215
+
+ * runtime/JSGlobalObject.h:
+ (JSC::constructEmptyArray):
+ (JSC::constructArray):
+ Add variants of constructArray that take a global object.
+
+2011-04-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84650 and r84654.
+ http://trac.webkit.org/changeset/84650
+ http://trac.webkit.org/changeset/84654
+ https://bugs.webkit.org/show_bug.cgi?id=59218
+
+ Broke Windows build (Requested by bweinstein on #webkit).
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * heap/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::operator UnspecifiedBoolType*):
+ (JSC::HandleTypes::getFromSlot):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markStrongHandles):
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::protectedGlobalObjectCount):
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::copyWeak):
+ (JSC::HandleHeap::makeWeak):
+ (JSC::HandleHeap::Node::slot):
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ (JSC::HandleStack::grow):
+ * heap/HandleStack.h:
+ (JSC::HandleStack::zapTo):
+ (JSC::HandleStack::push):
+ * heap/Heap.cpp:
+ (JSC::HandleHeap::protectedObjectTypeCounts):
+ * heap/Local.h:
+ (JSC::::set):
+ * heap/Strong.h:
+ (JSC::Strong::set):
+ * heap/Weak.h:
+ (JSC::Weak::set):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ * runtime/WriteBarrier.h:
+
+2011-04-22 Brian Weinstein <bweinstein@apple.com>
+
+ Part of Windows build fix from r84650.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-04-22 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make it harder to use HandleSlot incorrectly
+ https://bugs.webkit.org/show_bug.cgi?id=59205
+
+ Just add a little type fudging to make it harder to
+ incorrectly assign through a HandleSlot.
+
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * JavaScriptCore.exp:
+ * heap/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::operator UnspecifiedBoolType*):
+ (JSC::HandleTypes::getFromSlot):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markStrongHandles):
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::protectedGlobalObjectCount):
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::copyWeak):
+ (JSC::HandleHeap::makeWeak):
+ (JSC::HandleHeap::Node::slot):
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ (JSC::HandleStack::grow):
+ * heap/HandleStack.h:
+ (JSC::HandleStack::zapTo):
+ (JSC::HandleStack::push):
+ * heap/Heap.cpp:
+ (JSC::HandleHeap::protectedObjectTypeCounts):
+ * heap/Local.h:
+ (JSC::::set):
+ * heap/Strong.h:
+ (JSC::Strong::set):
+ * heap/Weak.h:
+ (JSC::Weak::set):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ * runtime/WriteBarrier.h:
+ (JSC::OpaqueJSValue::toJSValue):
+ (JSC::OpaqueJSValue::toJSValueRef):
+ (JSC::OpaqueJSValue::fromJSValue):
+
+2011-04-22 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+
+2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84583.
+ http://trac.webkit.org/changeset/84583
+ https://bugs.webkit.org/show_bug.cgi?id=59173
+
+ "broke
+ http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js
+ /Object-create.html" (Requested by ggaren on #webkit).
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+
+2011-04-21 Maciej Stachowiak <mjs@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Add a feature define to allow <details> and <summary> to be disabled
+ https://bugs.webkit.org/show_bug.cgi?id=59118
+ <rdar://problem/9257045>
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Object.create creates uncachable objects
+ https://bugs.webkit.org/show_bug.cgi?id=59164
+
+ Use the prototype object's inheritorID, as we
+ should always have done
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+
+2011-04-21 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Start moving to a general visitor pattern for GC traversal
+ https://bugs.webkit.org/show_bug.cgi?id=59141
+
+ This is just a rename:
+ markChildren -> visitChildren
+ markAggregate -> visitAggregate
+ markStack -> visitor
+ MarkStack -> typedef'd to SlotVisitor
+
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObjectData::visitChildren):
+ (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
+ (JSC::JSCallbackObject::visitChildren):
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitStructures):
+ (JSC::EvalCodeCache::visitAggregate):
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ * bytecode/EvalCodeCache.h:
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::visitAggregate):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::visitAggregate):
+ * bytecode/StructureStubInfo.h:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::visitChildren):
+ * debugger/DebuggerActivation.h:
+ * heap/HandleHeap.cpp:
+ (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
+ (JSC::HandleHeap::markStrongHandles):
+ (JSC::HandleHeap::markWeakHandles):
+ * heap/HandleHeap.h:
+ * heap/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ * heap/HandleStack.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+ * heap/Heap.h:
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::visitChildren):
+ (JSC::MarkStack::drain):
+ * heap/MarkStack.h:
+ (JSC::HeapRootVisitor::HeapRootVisitor):
+ (JSC::HeapRootVisitor::mark):
+ (JSC::HeapRootVisitor::visitor):
+ * heap/MarkedSpace.h:
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+ * runtime/ArgList.h:
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::visitChildren):
+ * runtime/Arguments.h:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::visitChildren):
+ (JSC::ProgramExecutable::visitChildren):
+ (JSC::FunctionExecutable::visitChildren):
+ * runtime/Executable.h:
+ * runtime/GetterSetter.cpp:
+ (JSC::GetterSetter::visitChildren):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::visitChildren):
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::visitChildren):
+ * runtime/JSArray.h:
+ (JSC::JSArray::visitDirect):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::visitChildren):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::visitChildren):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::visitIfNeeded):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSONObject.cpp:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren):
+ * runtime/JSObject.h:
+ (JSC::JSObject::visitDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::visitChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::visitChildren):
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ (JSC::TypeInfo::overridesVisitChildren):
+ * runtime/JSWrapperObject.cpp:
+ (JSC::JSWrapperObject::visitChildren):
+ * runtime/JSWrapperObject.h:
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::visitChildren):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::visitChildren):
+ * runtime/NativeErrorConstructor.h:
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::visitChildren):
+ * runtime/RegExpObject.h:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::visitChildren):
+ * runtime/ScopeChain.h:
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::visitChildren):
+ * runtime/SmallStrings.h:
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ (JSC::Structure::visitChildren):
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::visitChildren):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84548.
+ http://trac.webkit.org/changeset/84548
+ https://bugs.webkit.org/show_bug.cgi?id=59144
+
+ Broke chromium-win build (Requested by aklein on #webkit).
+
+ * wtf/Platform.h:
+
+2011-04-21 Adam Klein <adamk@chromium.org>
+
+ Reviewed by David Levin.
+
+ [fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion
+ https://bugs.webkit.org/show_bug.cgi?id=55728
+
+ Enable WTF_MULTIPLE_THREADS for Chromium.
+
+ * wtf/Platform.h:
+
+2011-04-20 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ JSString::resolveRope inefficient for common 2 fiber case
+ https://bugs.webkit.org/show_bug.cgi?id=58994
+
+ Split JSString::resolveRope into three routines.
+ resolveRope allocates the new buffer and handles the 1 or 2
+ fiber case with single level fibers.
+ resolveRopeSlowCase handles the general case.
+ outOfMemory handles the rare out of memory exception case.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::resolveRope):
+ (JSC::JSString::resolveRopeSlowCase):
+ (JSC::JSString::outOfMemory):
+ * runtime/JSString.h:
+
+2011-04-20 Adam Klein <adamk@chromium.org>
+
+ Reviewed by David Levin.
+
+ Rename all uses of JSC_MULTIPLE_THREADS under wtf/... to WTF_MULTIPLE_THREADS
+ https://bugs.webkit.org/show_bug.cgi?id=59040
+
+ This will be used to fix https://bugs.webkit.org/show_bug.cgi?id=55728
+ by enabling WTF_MULTIPLE_THREADS for Chromium.
+
+ * wtf/CryptographicallyRandomNumber.cpp:
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
+ (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
+ * wtf/FastMalloc.cpp:
+ * wtf/Platform.h:
+ Enable WTF_MULTIPLE_THREADS whenever JSC_MULTIPLE_THREADS is enabled.
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+ * wtf/RefCountedLeakCounter.cpp:
+ (WTF::RefCountedLeakCounter::increment):
+ (WTF::RefCountedLeakCounter::decrement):
+ * wtf/dtoa.cpp:
+ (WTF::pow5mult):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen
+
+ Bug 59069 - DFG JIT - register allocate r8, r9, r10
+
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::gprToRegisterID):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix - revert accidental change.
+
+ * wtf/Platform.h:
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Add SAMPLING_FLAGS tool to DFG JIT.
+
+ * bytecode/SamplingTool.h:
+ (JSC::SamplingFlags::addressOfFlags):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::setSamplingFlag):
+ (JSC::DFG::JITCompiler::clearSamplingFlag):
+ * dfg/DFGJITCompiler.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::setSamplingFlag):
+ (JSC::JIT::clearSamplingFlag):
+ * wtf/Platform.h:
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 59022 - DFG JIT - Optimize branch-on-relational-compare
+
+ If a relational compare (< or <=) is immediately followed by a branch,
+ we can combine the two, avoiding generation of a boolean into a register.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branch32):
+ (JSC::MacroAssemblerX86Common::invert):
+ (JSC::MacroAssemblerX86Common::commute):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::adjustedRefCount):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isJSConstantWithInt32Value):
+ (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix II.
+
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::softModulo):
+
+2011-04-20 Gavin Barraclough <barraclough@apple.com>
+
+ ARMv7 build fix.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::test8):
+
+2011-04-19 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Rationalize MacroAssembler branch methods
+ https://bugs.webkit.org/show_bug.cgi?id=58950
+
+ The MacroAssembler currently exposes x86's weird behaviour that the 'setcc'
+ instruction only sets the low 8 bits of a register. Stop that.
+
+ Having done so, to clarify remove the 'set32' prefix from test & compare
+ instructions - these methods all now set a full 32/64 bit register (Ptr size).
+ The size in the function name should indicate the amount of data being compared.
+
+ Also split out the 'Condition' enum into 'RelationalCondition' and
+ 'ResultCondition'. The former is used in binary comparison, the latter is a unary
+ condition check on the result of an operation.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::branchPtr):
+ (JSC::MacroAssembler::branch32):
+ (JSC::MacroAssembler::branch16):
+ (JSC::MacroAssembler::branchTestPtr):
+ (JSC::MacroAssembler::comparePtr):
+ (JSC::MacroAssembler::branchAddPtr):
+ (JSC::MacroAssembler::branchSubPtr):
+ (JSC::MacroAssembler::branchTest8):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::branch8):
+ (JSC::MacroAssemblerARM::branch32):
+ (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARM::branch16):
+ (JSC::MacroAssemblerARM::branchTest8):
+ (JSC::MacroAssemblerARM::branchTest32):
+ (JSC::MacroAssemblerARM::branchAdd32):
+ (JSC::MacroAssemblerARM::branchMul32):
+ (JSC::MacroAssemblerARM::branchSub32):
+ (JSC::MacroAssemblerARM::branchNeg32):
+ (JSC::MacroAssemblerARM::branchOr32):
+ (JSC::MacroAssemblerARM::compare32):
+ (JSC::MacroAssemblerARM::test32):
+ (JSC::MacroAssemblerARM::test8):
+ (JSC::MacroAssemblerARM::branchPtrWithPatch):
+ (JSC::MacroAssemblerARM::ARMCondition):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::branch32):
+ (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARMv7::branch16):
+ (JSC::MacroAssemblerARMv7::branch8):
+ (JSC::MacroAssemblerARMv7::branchTest32):
+ (JSC::MacroAssemblerARMv7::branchTest8):
+ (JSC::MacroAssemblerARMv7::branchAdd32):
+ (JSC::MacroAssemblerARMv7::branchMul32):
+ (JSC::MacroAssemblerARMv7::branchOr32):
+ (JSC::MacroAssemblerARMv7::branchSub32):
+ (JSC::MacroAssemblerARMv7::compare32):
+ (JSC::MacroAssemblerARMv7::test32):
+ (JSC::MacroAssemblerARMv7::test8):
+ (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+ (JSC::MacroAssemblerARMv7::armV7Condition):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::branch8):
+ (JSC::MacroAssemblerMIPS::branch32):
+ (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerMIPS::branch16):
+ (JSC::MacroAssemblerMIPS::branchTest32):
+ (JSC::MacroAssemblerMIPS::branchTest8):
+ (JSC::MacroAssemblerMIPS::branchAdd32):
+ (JSC::MacroAssemblerMIPS::branchMul32):
+ (JSC::MacroAssemblerMIPS::branchSub32):
+ (JSC::MacroAssemblerMIPS::branchOr32):
+ (JSC::MacroAssemblerMIPS::compare32):
+ (JSC::MacroAssemblerMIPS::test8):
+ (JSC::MacroAssemblerMIPS::test32):
+ (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::branch32):
+ (JSC::MacroAssemblerX86::branchPtrWithPatch):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branch8):
+ (JSC::MacroAssemblerX86Common::branch32):
+ (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerX86Common::branch16):
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchMul32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ (JSC::MacroAssemblerX86Common::branchNeg32):
+ (JSC::MacroAssemblerX86Common::branchOr32):
+ (JSC::MacroAssemblerX86Common::compare32):
+ (JSC::MacroAssemblerX86Common::test8):
+ (JSC::MacroAssemblerX86Common::test32):
+ (JSC::MacroAssemblerX86Common::x86Condition):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::comparePtr):
+ (JSC::MacroAssemblerX86_64::branchPtr):
+ (JSC::MacroAssemblerX86_64::branchTestPtr):
+ (JSC::MacroAssemblerX86_64::branchAddPtr):
+ (JSC::MacroAssemblerX86_64::branchSubPtr):
+ (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
+ (JSC::MacroAssemblerX86_64::branchTest8):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+
+2011-04-20 Balazs Kelemen <kbalazs@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Cleanup includepath adjustment for generated files
+ https://bugs.webkit.org/show_bug.cgi?id=58869
+
+ * JavaScriptCore.pri: Add the directory of generated files to the include
+ path with absolute path to make it valid in the final build step.
+
+2011-04-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove unneeded deprecated methods from MarkStack
+ https://bugs.webkit.org/show_bug.cgi?id=58853
+
+ Remove deprecated methods
+
+ * heap/MarkStack.h:
+
+2011-04-19 Mark Rowe <mrowe@apple.com>
+
+ Things work best when the Xcode project refers to the file at a path that exists.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-04-19 Renata Hodovan <reni@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Move the alignment related macros in Vector.h to new Alignment.h.
+ https://bugs.webkit.org/show_bug.cgi?id=56000
+
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Alignment.h: Added.
+ * wtf/CMakeLists.txt:
+ * wtf/Vector.h:
+
+2011-04-19 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove DeprecatedPtr
+ https://bugs.webkit.org/show_bug.cgi?id=58718
+
+ Remove the class an all functions that still exist to support it.
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+
+2011-04-19 Jungshik Shin <jshin@chromium.org>
+
+ Reviewed by David Levin
+
+ Add U+FEFF (Zero width no-break space) to CharacterNames.h.
+ It's added to the list of characters to treat as zero-width
+ in WebCore.
+
+ https://bugs.webkit.org/show_bug.cgi?id=48860
+
+ * wtf/unicode/CharacterNames.h:
+
+2011-04-19 Csaba Osztrogonác <ossy@webkit.org>
+
+ [Qt] REGRESSION(84176): http/tests/xmlhttprequest/event-listener-gc.html fails
+ https://bugs.webkit.org/show_bug.cgi?id=58871
+
+ Unreviewed, rolling out r84176, r84178, r84186, r84212 and r84231.
+ http://trac.webkit.org/changeset/84176 (original patch)
+ http://trac.webkit.org/changeset/84178 (original patch - part 2)
+ http://trac.webkit.org/changeset/84186 (build fix)
+ http://trac.webkit.org/changeset/84212
+ http://trac.webkit.org/changeset/84231 (skip failing test)
+
+ original bugs:
+ - https://bugs.webkit.org/show_bug.cgi?id=58718
+ - https://bugs.webkit.org/show_bug.cgi?id=58853
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::deprecatedAppendValues):
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::deprecatedAppend):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::operator*):
+ (JSC::DeprecatedPtr::operator->):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
+ (JSC::DeprecatedPtr::operator!):
+ (JSC::operator==):
+
+2011-04-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove unneeded deprecated methods from MarkStack
+ https://bugs.webkit.org/show_bug.cgi?id=58853
+
+ Remove deprecated methods
+
+ * heap/MarkStack.h:
+
+2011-04-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Off by one initialising repeat callframe
+ https://bugs.webkit.org/show_bug.cgi?id=58838
+ <rdar://problem/8756810>
+
+ If the end of a callframe made for a repeat call landed on
+ a page boundary the following page may not have been committed
+ which means that the off by one could lead to a crash. However
+ it could only happen in this case and only on windows which is
+ why it was so hard to repro. Alas given the steps needed to
+ reproduce are such that it's not really possible to make a
+ testcase.
+
+ This fix makes the code a little less squirrely by not trying
+ to avoid the unnecessary initialisation of |this|.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::prepareForRepeatCall):
+
+2011-04-18 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58829 - DFG JIT - Optimize add/sub immediate, multiply.
+
+ Add code generation for add/subtract instruction with immediate operands
+ (where a child is a constant), and don't bail to non-speculative if an
+ integer multiple results in a +0 result (only if it should be generating -0).
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isDoubleConstantWithInt32Value):
+
+2011-04-18 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58817 - DFG JIT - if speculative compilation fails, throw away code.
+
+ If we detect a logical conflict, throw away generated code,
+ and only compile through the NonSpeculativeJIT.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::rewindToLabel):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::rewindToOffset):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::rewindToLabel):
+ (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::linkSpeculationChecks):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
+
+2011-04-18 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove DeprecatedPtr
+ https://bugs.webkit.org/show_bug.cgi?id=58718
+
+ As simple as it sounds.
+
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+
+2011-04-17 Cameron Zwarich <zwarich@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ JSC no longer builds with Clang due to -Woverloaded-virtual warning
+ https://bugs.webkit.org/show_bug.cgi?id=58760
+
+ Rename Structure's specificValue overload of put to putSpecificValue to avoid
+ Clang's warning for overloading a virtual function.
+
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::putSpecificValue):
+ * runtime/Structure.h:
+
+2011-04-17 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Remove WTF_PLATFORM_SGL
+ https://bugs.webkit.org/show_bug.cgi?id=58743
+
+ WTF_PLATFORM_SGL and PLATFORM(SGL) are not used in the code anywhere.
+
+ * wtf/Platform.h:
+
+2011-04-17 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Rename PLATFORM(CA) to USE(CA)
+ https://bugs.webkit.org/show_bug.cgi?id=58742
+
+ * wtf/Platform.h:
+
+2011-04-17 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Rename PLATFORM(CG) to USE(CG)
+ https://bugs.webkit.org/show_bug.cgi?id=58729
+
+ * wtf/Platform.h:
+
+2011-04-16 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Rename PLATFORM(CAIRO) to USE(CAIRO)
+ https://bugs.webkit.org/show_bug.cgi?id=55192
+
+ * wtf/Platform.h:
+ * wtf/gobject/GTypedefs.h:
+
+2011-04-15 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r84067.
+ http://trac.webkit.org/changeset/84067
+ https://bugs.webkit.org/show_bug.cgi?id=58724
+
+ qt build are failing. (Requested by loislo2 on #webkit).
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::operator*):
+ (JSC::DeprecatedPtr::operator->):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
+ (JSC::DeprecatedPtr::operator!):
+ (JSC::operator==):
+
+2011-04-15 Shishir Agrawal <shishir@chromium.org>
+
+ Reviewed by James Robinson.
+
+ Add a flag to guard Page Visibility API changes.
+ https://bugs.webkit.org/show_bug.cgi?id=58464
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Errrk! - build fix from !x86-64.
+
+ * dfg/DFGNode.h:
+
+2011-04-15 David Levin <levin@chromium.org>
+
+ Revert of r83974.
+
+ JavaScriptCore shouldn't depend on ../ThirdParty/gtest/xcode/gtest.xcodeproj
+ https://bugs.webkit.org/show_bug.cgi?id=58716
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/tests/RunAllWtfTests.cpp: Removed.
+ * wtf/tests/StringTests.cpp: Removed.
+
+2011-04-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove DeprecatedPtr
+ https://bugs.webkit.org/show_bug.cgi?id=58718
+
+ As simple as it sounds.
+
+ * heap/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/JSValue.h:
+ * runtime/WriteBarrier.h:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Add a simple tool to gather statistics on whether functions
+ are completed through the new or old JIT.
+
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
+2011-04-15 Oliver Hunt <oliver@apple.com>
+
+ GC allocate Structure
+ https://bugs.webkit.org/show_bug.cgi?id=58483
+
+ Rolling r83894 r83827 r83810 r83809 r83808 back in with
+ a workaround for the gcc bug seen by the gtk bots
+
+ * API/JSCallbackConstructor.cpp:
+ (JSC::JSCallbackConstructor::JSCallbackConstructor):
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::JSCallbackObject):
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::markStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::MethodCallLinkInfo::setSeen):
+ (JSC::GlobalResolveInfo::GlobalResolveInfo):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::markAggregate):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::markAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdSelf):
+ (JSC::StructureStubInfo::initGetByIdProto):
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ (JSC::StructureStubInfo::initPutByIdReplace):
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * heap/Handle.h:
+ * heap/MarkStack.cpp:
+ (JSC::MarkStack::markChildren):
+ (JSC::MarkStack::drain):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * heap/Strong.h:
+ (JSC::Strong::Strong):
+ (JSC::Strong::set):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::resolveGlobal):
+ (JSC::Interpreter::resolveGlobalDynamic):
+ (JSC::Interpreter::tryCachePutByID):
+ (JSC::Interpreter::uncachePutByID):
+ (JSC::Interpreter::tryCacheGetByID):
+ (JSC::Interpreter::uncacheGetByID):
+ (JSC::Interpreter::privateExecute):
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::patchMethodCallProto):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::patchMethodCallProto):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::getPolymorphicAccessStructureListSlot):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
+ * jsc.cpp:
+ (cleanupGlobalData):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ (JSC::Arguments::Arguments):
+ (JSC::JSActivation::copyRegisters):
+ * runtime/ArrayConstructor.cpp:
+ (JSC::ArrayConstructor::ArrayConstructor):
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/ArrayConstructor.h:
+ * runtime/ArrayPrototype.cpp:
+ (JSC::ArrayPrototype::ArrayPrototype):
+ (JSC::arrayProtoFuncSplice):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BatchedTransitionOptimizer.h:
+ (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::BooleanConstructor::BooleanConstructor):
+ * runtime/BooleanConstructor.h:
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/BooleanPrototype.cpp:
+ (JSC::BooleanPrototype::BooleanPrototype):
+ * runtime/BooleanPrototype.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::DateConstructor::DateConstructor):
+ * runtime/DateConstructor.h:
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.cpp:
+ (JSC::DatePrototype::DatePrototype):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/Error.cpp:
+ (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
+ * runtime/ErrorConstructor.cpp:
+ (JSC::ErrorConstructor::ErrorConstructor):
+ * runtime/ErrorConstructor.h:
+ * runtime/ErrorInstance.cpp:
+ (JSC::ErrorInstance::ErrorInstance):
+ (JSC::ErrorInstance::create):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/ErrorPrototype.cpp:
+ (JSC::ErrorPrototype::ErrorPrototype):
+ * runtime/ErrorPrototype.h:
+ * runtime/ExceptionHelpers.cpp:
+ (JSC::InterruptedExecutionError::InterruptedExecutionError):
+ (JSC::TerminatedExecutionError::TerminatedExecutionError):
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::FunctionConstructor::FunctionConstructor):
+ * runtime/FunctionConstructor.h:
+ * runtime/FunctionPrototype.cpp:
+ (JSC::FunctionPrototype::FunctionPrototype):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::GetterSetter):
+ (JSC::GetterSetter::createStructure):
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::JSByteArray):
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSCell.cpp:
+ (JSC::isZombie):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::JSCell):
+ (JSC::JSCell::JSCell::addressOfStructure):
+ (JSC::JSCell::JSCell::structure):
+ (JSC::JSCell::JSCell::markChildren):
+ (JSC::JSCell::JSValue::isZombie):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::clearBuiltinStructures):
+ (JSC::JSGlobalData::createLeaked):
+ * runtime/JSGlobalData.h:
+ (JSC::allocateGlobalHandle):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::markChildren):
+ (JSC::JSGlobalObject::copyGlobalsFrom):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::createStructure):
+ (JSC::Structure::prototypeChain):
+ (JSC::Structure::isValid):
+ (JSC::constructEmptyArray):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::JSNotAnObject):
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.cpp:
+ (JSC::JSONObject::JSONObject):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ (JSC::JSObject::removeDirect):
+ (JSC::JSObject::createInheritorID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSObject::JSObject):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ (JSC::JSFinalObject::create):
+ (JSC::JSFinalObject::createStructure):
+ (JSC::JSFinalObject::JSFinalObject):
+ (JSC::constructEmptyObject):
+ (JSC::createEmptyObjectStructure):
+ (JSC::JSObject::~JSObject):
+ (JSC::JSObject::setPrototype):
+ (JSC::JSObject::setStructure):
+ (JSC::JSObject::inheritorID):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::transitionTo):
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSObjectWithGlobalObject.cpp:
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::createStructure):
+ (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ (JSC::JSPropertyNameIterator::setCachedStructure):
+ (JSC::Structure::setEnumerationCache):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::JSString):
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSType.h:
+ * runtime/JSTypeInfo.h:
+ (JSC::TypeInfo::TypeInfo):
+ * runtime/JSValue.h:
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ (JSC::JSVariableObject::JSVariableObject):
+ (JSC::JSVariableObject::copyRegisterArray):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ (JSC::JSWrapperObject::JSWrapperObject):
+ * runtime/JSZombie.cpp:
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::JSZombie):
+ (JSC::JSZombie::createStructure):
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ (JSC::NativeErrorConstructor::markChildren):
+ (JSC::constructWithNativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ * runtime/NativeErrorPrototype.cpp:
+ (JSC::NativeErrorPrototype::NativeErrorPrototype):
+ * runtime/NativeErrorPrototype.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::NumberConstructor::NumberConstructor):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/NumberPrototype.cpp:
+ (JSC::NumberPrototype::NumberPrototype):
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/ObjectPrototype.cpp:
+ (JSC::ObjectPrototype::ObjectPrototype):
+ * runtime/ObjectPrototype.h:
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::PropertyTable):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::RegExpConstructor::RegExpConstructor):
+ (JSC::RegExpMatchesArray::RegExpMatchesArray):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::RegExpObject):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ * runtime/RegExpPrototype.h:
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StrictEvalActivation.cpp:
+ (JSC::StrictEvalActivation::StrictEvalActivation):
+ * runtime/StringConstructor.cpp:
+ (JSC::StringConstructor::StringConstructor):
+ * runtime/StringConstructor.h:
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.cpp:
+ (JSC::StringPrototype::StringPrototype):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::remove):
+ (JSC::StructureTransitionTable::add):
+ (JSC::Structure::Structure):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::toCacheableDictionaryTransition):
+ (JSC::Structure::toUncacheableDictionaryTransition):
+ (JSC::Structure::sealTransition):
+ (JSC::Structure::freezeTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::flattenDictionaryStructure):
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::put):
+ (JSC::Structure::markChildren):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+ (JSC::Structure::setPrototypeWithoutTransition):
+ (JSC::Structure::createStructure):
+ (JSC::JSCell::createDummyStructure):
+ (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ (JSC::StructureChain::markChildren):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::head):
+ (JSC::StructureChain::createStructure):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
+ (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
+ (JSC::StructureTransitionTable::~StructureTransitionTable):
+ (JSC::StructureTransitionTable::slot):
+ (JSC::StructureTransitionTable::setMap):
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::clearSingleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+ * runtime/WeakGCMap.h:
+ (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
+ (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
+ (JSC::WeakGCMap::contains):
+ (JSC::WeakGCMap::find):
+ (JSC::WeakGCMap::remove):
+ (JSC::WeakGCMap::add):
+ (JSC::WeakGCMap::set):
+ (JSC::WeakGCMap::finalize):
+ * runtime/WriteBarrier.h:
+ (JSC::writeBarrier):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+
+2011-04-15 Fridrich Strba <fridrich.strba@bluewin.ch>
+
+ Reviewed by Gavin Barraclough.
+
+ Correctly prefix symbols. Since gcc 4.5.0, Windows x64 symbols
+ are not prefixed by underscore anymore. This is consistent with
+ what MSVC does.
+ https://bugs.webkit.org/show_bug.cgi?id=58573
+
+ * jit/JITStubs.cpp:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58705 - DFG JIT Add support for flow control (branch, jump).
+
+ Add support for control flow by breaking the CodeBlock up into multiple
+ basic blocks, generating code for each basic block in turn through the
+ speculative JIT & then the non-speculative JIT.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::setTemporary):
+ (JSC::DFG::ByteCodeParser::addToGraph):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::BasicBlock::BasicBlock):
+ (JSC::DFG::BasicBlock::getBytecodeOffset):
+ (JSC::DFG::Graph::blockIndexForBytecodeOffset):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ (JSC::DFG::JITCodeGenerator::addBranch):
+ (JSC::DFG::JITCodeGenerator::linkBranches):
+ (JSC::DFG::JITCodeGenerator::BranchRecord::BranchRecord):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::Node):
+ (JSC::DFG::Node::isJump):
+ (JSC::DFG::Node::isBranch):
+ (JSC::DFG::Node::takenBytecodeOffset):
+ (JSC::DFG::Node::notTakenBytecodeOffset):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Bug 58701 - DFG JIT - add GetLocal/SetLocal nodes
+
+ Use these for both access to arguments & local variables, adds ability
+ to set locals, such that values will persist between basic blocks.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::setArgument):
+ (JSC::DFG::ByteCodeParser::getThis):
+ (JSC::DFG::ByteCodeParser::setThis):
+ (JSC::DFG::ByteCodeParser::VariableRecord::VariableRecord):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::derefChildren):
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::ref):
+ (JSC::DFG::Graph::deref):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasLocal):
+ (JSC::DFG::Node::local):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 58696 - DFG JIT split handling of vars/temporaries
+
+ Presently all callee registers are treated as having single block scope,
+ since the DFG JIT can only compile single block functions. In order to
+ expand the JIT to support control flow we will need to change to retaining
+ locals (but not temporaries) across basic block boundaries.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::get):
+ (JSC::DFG::ByteCodeParser::set):
+ (JSC::DFG::ByteCodeParser::getVariable):
+ (JSC::DFG::ByteCodeParser::setVariable):
+ (JSC::DFG::ByteCodeParser::getTemporary):
+ (JSC::DFG::ByteCodeParser::setTemporary):
+ (JSC::DFG::ByteCodeParser::getArgument):
+ (JSC::DFG::ByteCodeParser::getInt32Constant):
+ (JSC::DFG::ByteCodeParser::getDoubleConstant):
+ (JSC::DFG::ByteCodeParser::getJSConstant):
+ (JSC::DFG::ByteCodeParser::constantUndefined):
+ (JSC::DFG::ByteCodeParser::constantNull):
+ (JSC::DFG::ByteCodeParser::one):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::parse):
+ (JSC::DFG::parse):
+ * dfg/DFGNode.h:
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::ScoreBoard):
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::allocate):
+ (JSC::DFG::ScoreBoard::use):
+
+2011-04-15 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ globalObject moved to JSObjectWithGlobalObject.cpp inhibits inlining
+ https://bugs.webkit.org/show_bug.cgi?id=58677
+
+ Moved JSObjectWithGlobalObject::globalObject() to
+ runtime/JSObjectWithGlobalObject.h to allow the compiler to inline
+ it for a performance benefit. An equivalent instance had been in
+ a header file before r60057.
+
+ * JavaScriptCore.exp:
+ * runtime/JSObjectWithGlobalObject.cpp:
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::globalObject):
+
+2011-04-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make JSNodeFilterCondition handle its lifetime correctly
+ https://bugs.webkit.org/show_bug.cgi?id=58622
+
+ Add export
+
+ * JavaScriptCore.exp:
+
+2011-04-14 Alexey Proskuryakov <ap@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ WebKit2: Password field input does not switch to ASCII-compatible source
+ https://bugs.webkit.org/show_bug.cgi?id=58583
+ <rdar://problem/9059651>
+
+ * wtf/Platform.h: Removed WTF_USE_CARBON_SECURE_INPUT_MODE. It's now only used by Chromium,
+ and shouldn't be enabled on any other platforms, so there is no reason to make it
+ configurable via Platform.h.
+
+2011-04-15 Dmitry Lomov <dslomov@google.com>
+
+ Reviewed by David Levin.
+
+ Add a sample test case for GTest framework
+ https://bugs.webkit.org/show_bug.cgi?id=58509
+
+ Add an example of GTest testcase, complete with a runner, to JavaScriptCore.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/tests/RunAllWtfTests.cpp: Added.
+ (main):
+ * wtf/tests/StringTests.cpp: Added.
+
+2011-04-15 Anna Cavender <annacc@chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ Renaming TRACK feature define to VIDEO_TRACK
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-14 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoffrey Garen.
+
+ Hide DFG_JIT_RESTRICTIONS behind ARITHMETIC_OP() macro, and rename
+ m_regressionGuard to m_parseFailed, such that it can be reused for
+ other failure cases.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-04-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Bug 58620 - DFG JIT - loading of arguments should not be lazy
+
+ This optimization is overly simplistic. It only works because we never
+ write out definitions to arguments (since we currently only compile
+ single block functions). Revert this for now, we may want to reintroduce
+ something like this again in the future, but it will need to be aware
+ how to schedule definitions to arguments versus lazy loads that have not
+ yet been performed.
+
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::needsSpill):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillInteger):
+ (JSC::DFG::JITCodeGenerator::fillDouble):
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::initConstantInfo):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::fillNumericToDouble):
+ (JSC::DFG::JITCompiler::fillInt32ToInteger):
+ (JSC::DFG::JITCompiler::fillToJS):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Bug 58600 - DFG JIT bugs in ValueToInt, PutByVal
+
+ The bug in PutByVal is that an operand is in JSValueOperand - when this
+ locks an integer into a register it will always retag the value without
+ checking if the register is already locked. This is a problem where the
+ value being stored by a PutByVal is the same as the subscript.
+ The subscript is locked into a register first, as a strict integer.
+ Locking the value results in the subscript being modified.
+
+ The bug in ValueToInt related to the function of sillentFillAllRegisters.
+ The problem is that this method will restore all register values from
+ prior to the call, overwriting the result of the call out. Allow a
+ register to be passed to specifically be excluded from being preserved.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::debugOffset):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::debugOffset):
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::debugOffset):
+ * assembler/LinkBuffer.h:
+ (JSC::LinkBuffer::debugAddress):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::debugOffset):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::orPtr):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::debugOffset):
+ (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+ * dfg/DFGGenerationInfo.h:
+ * dfg/DFGJITCodeGenerator.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::isConstant):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::isConstant):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::valueToNumber):
+ (JSC::DFG::NonSpeculativeJIT::valueToInt32):
+ (JSC::DFG::NonSpeculativeJIT::numberToInt32):
+ (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
+ (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
+ (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
+ (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
+ (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-04-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Drain the mark stack while marking weak handles, not after.
+ https://bugs.webkit.org/show_bug.cgi?id=58574
+
+ Otherwise, items that would have caused more weak handle marking are
+ processed after all weak handle marking has finished, and referenced
+ weak handles get recycled.
+
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markWeakHandles): Removed looping from here, since we
+ want Heap::markRoots to be responsible for draining the mark stack.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::markRoots): Moved looping to here, as explained above.
+
+ For efficiency's sake, drain the mark stack before starting to mark weak
+ handles. Otherwise, items drained while marking weak handles may force
+ an extra trip through the weak handle list.
+
+ For correctness's sake, drain the mark stack each time through the weak
+ handle list. Otherwise, opaque roots that would make weak handles reachable
+ are not discovered until after weak handle marking is over.
+
+2011-04-14 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make protected object list in caches window reflect reality
+ https://bugs.webkit.org/show_bug.cgi?id=58565
+
+ Make sure the heap includes objects protected by Strong handles
+ in its list of protected objects.
+
+ * heap/HandleHeap.h:
+ * heap/Heap.cpp:
+ (JSC::HandleHeap::protectedObjectTypeCounts):
+
+2011-04-14 Satish Sampath <satish@chromium.org>
+
+ Reviewed by Anders Carlsson.
+
+ Don't emit RegExp tables for chromium where they are not used
+ https://bugs.webkit.org/show_bug.cgi?id=58544
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * create_regex_tables: Added the "--notables" command line argument.
+
+2011-04-13 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix ASSERTs seen on Windows bots.
+
+ * wtf/HashTable.h:
+ (WTF::hashTableSwap): Force MSVC to use the right version of swap.
+
+2011-04-13 Ryuan Choi <ryuan.choi@samsung.com>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [CMAKE] Separate DerivedSources.
+ https://bugs.webkit.org/show_bug.cgi?id=58427
+
+ * CMakeLists.txt: Change DERIVED_SOURCES_DIR to DERIVED_SOURCES_JAVASCRIPTCORE_DIR.
+
+2011-04-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Switched DOM wrappers to use HashMap of Weak<T> instead of WeakGCMap<T>
+ https://bugs.webkit.org/show_bug.cgi?id=58482
+
+ This will allow wrappers to make individual decisions about their lifetimes.
+
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::copyWeak): New function for copying a weak handle.
+ It's wasn't previously possible to perform this operation using HandleHeap
+ API because the HandleHeap doesn't expose its underlying Node structure.
+
+ * heap/Local.h:
+ (JSC::::set):
+ * heap/Strong.h:
+ (JSC::Strong::set): Added ASSERTs to verify that dead objects are not
+ resurrected by placement into handles.
+
+ (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
+ is efficient.
+
+ * heap/Weak.h:
+ (JSC::Weak::Weak): Fixed a bug where copying a weak pointer would not
+ copy its weak callback and context.
+
+ (JSC::Weak::operator=): Added an assignment operator, since the default
+ C++ assignment operator did the wrong thing.
+
+ (JSC::Weak::set): Added ASSERTs to verify that dead objects are not
+ resurrected by placement into handles.
+
+ (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
+ is efficient, and can be done without copying, which is illegal during
+ the handle finalization phase.
+
+2011-04-13 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make PropertyMapEntry use a WriteBarrier for specificValue
+ https://bugs.webkit.org/show_bug.cgi?id=58407
+
+ Make PropertyMapEntry use a WriteBarrier for specificValue, and then
+ propagate the required JSGlobalData through all the methods it ends
+ up being needed.
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::prototype):
+ * API/JSContextRef.cpp:
+ * API/JSObjectRef.cpp:
+ (JSObjectMake):
+ (JSObjectSetPrototype):
+ * JavaScriptCore.exp:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * interpreter/Interpreter.cpp:
+ (JSC::appendSourceToError):
+ (JSC::Interpreter::tryCacheGetByID):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/BatchedTransitionOptimizer.h:
+ (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::name):
+ (JSC::InternalFunction::displayName):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::getOwnPropertySlot):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::name):
+ (JSC::JSFunction::displayName):
+ (JSC::JSFunction::getOwnPropertySlot):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::putWithAttributes):
+ (JSC::JSGlobalObject::reset):
+ (JSC::JSGlobalObject::resetPrototype):
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::put):
+ (JSC::JSObject::deleteProperty):
+ (JSC::JSObject::defineGetter):
+ (JSC::JSObject::defineSetter):
+ (JSC::JSObject::lookupGetter):
+ (JSC::JSObject::lookupSetter):
+ (JSC::JSObject::getPropertySpecificValue):
+ (JSC::JSObject::getOwnPropertyNames):
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ (JSC::JSObject::removeDirect):
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ (JSC::JSObject::defineOwnProperty):
+ * runtime/JSObject.h:
+ (JSC::JSObject::getDirect):
+ (JSC::JSObject::getDirectLocation):
+ (JSC::JSObject::isSealed):
+ (JSC::JSObject::isFrozen):
+ (JSC::JSObject::setPrototypeWithCycleCheck):
+ (JSC::JSObject::setPrototype):
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::putDirectWithoutTransition):
+ (JSC::JSObject::putDirectFunctionWithoutTransition):
+ * runtime/Lookup.cpp:
+ (JSC::setUpStaticFunctionSlot):
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorCreate):
+ (JSC::objectConstructorSeal):
+ (JSC::objectConstructorFreeze):
+ (JSC::objectConstructorPreventExtensions):
+ (JSC::objectConstructorIsSealed):
+ (JSC::objectConstructorIsFrozen):
+ * runtime/Operations.h:
+ (JSC::normalizePrototypeChain):
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ (JSC::PropertyTable::PropertyTable):
+ (JSC::PropertyTable::copy):
+ * runtime/Structure.cpp:
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::despecifyDictionaryFunction):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::removePropertyTransition):
+ (JSC::Structure::changePrototypeTransition):
+ (JSC::Structure::despecifyFunctionTransition):
+ (JSC::Structure::getterSetterTransition):
+ (JSC::Structure::toDictionaryTransition):
+ (JSC::Structure::toCacheableDictionaryTransition):
+ (JSC::Structure::toUncacheableDictionaryTransition):
+ (JSC::Structure::sealTransition):
+ (JSC::Structure::freezeTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ (JSC::Structure::isSealed):
+ (JSC::Structure::isFrozen):
+ (JSC::Structure::addPropertyWithoutTransition):
+ (JSC::Structure::removePropertyWithoutTransition):
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::get):
+ (JSC::Structure::despecifyFunction):
+ (JSC::Structure::despecifyAllFunctions):
+ (JSC::Structure::put):
+ (JSC::Structure::getPropertyNames):
+ * runtime/Structure.h:
+ (JSC::Structure::get):
+ (JSC::Structure::materializePropertyMapIfNecessary):
+
+2011-04-13 Paul Knight <pknight@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ BACKTRACE() macro should check for Debug configuration in macro, not WTFReportBacktrace definition
+ https://bugs.webkit.org/show_bug.cgi?id=58405
+
+ The BACKTRACE() macro requires JavaScriptCore be built with a Debug
+ configuration in order for it to be enabled. Move the NDEBUG check to
+ the header so it will be enabled when the calling framework or
+ application is built with a Debug configuration, similar to how
+ ASSERT() and friends work.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
+2011-04-12 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ https://bugs.webkit.org/show_bug.cgi?id=58131
+
+ Provide a workaround for an obscure Studio 12 compiler bug, which
+ couldn't call src->~T() on a const T *src.
+
+ * wtf/Vector.h:
+
+2011-04-12 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=58395
+ Exceptions thrown from property getters called from Array prototype functions can be missed
+
+ This is caught by an ASSERT in the top of Interpreter::executeCall.
+ Check for exceptions after accessing properties that could be getters.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ - Add exception checks.
+
+2011-04-12 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make API callback objects use weak handles to run their finalizers
+ https://bugs.webkit.org/show_bug.cgi?id=58389
+
+ Make the API object's private data struct act as a finalizer for
+ an api object if the callback object has a API defined finalizer.
+
+ * API/JSCallbackObject.cpp:
+ (JSC::JSCallbackObjectData::finalize):
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ (JSC::::init):
+ * heap/Handle.h:
+
+2011-04-12 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Cleaned up hash traits, and added hash traits for handles
+ https://bugs.webkit.org/show_bug.cgi?id=58381
+
+ * heap/Handle.h:
+ (JSC::HandleBase::swap):
+ (JSC::Handle::Handle):
+ (JSC::Handle::swap): Implemented swap, so we can rehash efficiently, and
+ without creating new handles (which is not allowed during handle finalization).
+
+ * heap/Strong.h:
+ (JSC::Strong::swap): Use new SimpleClassHashTraits to avoid duplication.
+
+ * heap/Weak.h:
+ (JSC::Weak::isHashTableDeletedValue):
+ (JSC::Weak::Weak):
+ (JSC::Weak::swap):
+ (JSC::Weak::hashTableDeletedValue): Ditto.
+
+ * wtf/HashTraits.h:
+ (WTF::SimpleClassHashTraits::constructDeletedValue):
+ (WTF::SimpleClassHashTraits::isDeletedValue): Added SimpleClassHashTraits,
+ which are analogous to SimpleClassVectorTraits, since they are used in a
+ bunch of places.
+
+ * wtf/RetainPtr.h: Use new SimpleClassHashTraits to avoid duplication.
+
+ * wtf/text/StringHash.h: Use new SimpleClassHashTraits to avoid duplication.
+
+2011-04-12 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Cleaned up some Vector traits, and added missing Vector traits for handles
+ https://bugs.webkit.org/show_bug.cgi?id=58372
+
+ * heap/Local.h: Inherit from SimpleClassVectorTraits to avoid duplication.
+
+ * heap/Strong.h: Ditto.
+
+ * heap/Weak.h: Ditto.
+
+ * parser/JSParser.cpp: Fixed a traits error. No test case because this
+ particular trait is not currently exercised by the parser.
+
+ * runtime/UString.h: No need to override canInitializeWithMemset, since
+ our base class sets it to true.
+
+ * wtf/VectorTraits.h: Inherit from VectorTraitsBase to avoid duplication.
+
+ * wtf/text/WTFString.h: No need to override canInitializeWithMemset, since
+ our base class sets it to true.
+
+2011-04-12 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Eric Seidel.
+
+ [Qt] Enable JIT build for SH4 platforms.
+ https://bugs.webkit.org/show_bug.cgi?id=58317
+ enable JIT build for QT backend for SH4 platforms.
+
+ * JavaScriptCore.pro:
+ * wtf/Platform.h:
+
+2011-04-11 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ https://bugs.webkit.org/show_bug.cgi?id=58289
+
+ Fix compilation on Solaris/Studio 12 C++ in wtf/FastMalloc.cpp,
+ WTF::TCMalloc_PageHeap::runScavengerThread(void*) expected to return a value.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::TCMalloc_PageHeap::runScavengerThread):
+
+2011-04-11 Mark Rowe <mrowe@apple.com>
+
+ Fix the build.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Headers used outside of JavaScriptCore need to be marked as private.
+
+2011-04-11 Anna Cavender <annacc@chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ Setup ENABLE(TRACK) feature define
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix a few builds.
+
+ Updated a few more build configurations for file moves.
+
+ * CMakeListsWinCE.txt:
+
+2011-04-11 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64
+
+ The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload
+ separately on JSVALUE64, even though EncodedValueDescriptor is not used in
+ JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr
+ on X86_64. Using the union allows us to remove a layer of makeImmediate()/
+ immedaiteValue() methods.
+
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitTagAsBoolImmediate):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emitSlow_op_not):
+ * runtime/JSCell.h:
+ * runtime/JSValue.h:
+ * runtime/JSValueInlineMethods.h:
+ (JSC::JSValue::encode):
+ (JSC::JSValue::decode):
+ (JSC::JSValue::operator==):
+ (JSC::JSValue::operator!=):
+ (JSC::JSValue::JSValue):
+ (JSC::JSValue::operator bool):
+ (JSC::JSValue::asInt32):
+ (JSC::JSValue::isUndefinedOrNull):
+ (JSC::JSValue::isBoolean):
+ (JSC::JSValue::isCell):
+ (JSC::JSValue::isInt32):
+ (JSC::JSValue::asDouble):
+ (JSC::JSValue::isNumber):
+ (JSC::JSValue::asCell):
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix a few builds.
+
+ Updated a few more build configurations for file moves.
+
+ * CMakeListsEfl.txt:
+ * wscript:
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Build fix: Updated a file name.
+
+ * CMakeLists.txt:
+
+2011-04-11 Geoffrey Garen <ggaren@apple.com>
+
+ Rubber-stamped by Sam Weinig.
+
+ Moved remaining heap implementation files to the heap folder.
+
+ * Android.mk:
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp.
+ * heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h.
+ * heap/Handle.h:
+ * heap/Heap.cpp:
+ * heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp.
+ * heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h.
+ * heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp.
+ * heap/MarkStack.h: Copied from runtime/MarkStack.h.
+ * heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp.
+ * heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp.
+ * heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp.
+ * heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp.
+ * heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h.
+ * heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp.
+ * heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h.
+ * interpreter/RegisterFile.cpp:
+ * runtime/ConservativeSet.cpp: Removed.
+ * runtime/ConservativeSet.h: Removed.
+ * runtime/MachineStackMarker.cpp: Removed.
+ * runtime/MachineStackMarker.h: Removed.
+ * runtime/MarkStack.cpp: Removed.
+ * runtime/MarkStack.h: Removed.
+ * runtime/MarkStackPosix.cpp: Removed.
+ * runtime/MarkStackSymbian.cpp: Removed.
+ * runtime/MarkStackWin.cpp: Removed.
+ * runtime/MarkedBlock.cpp: Removed.
+ * runtime/MarkedBlock.h: Removed.
+ * runtime/MarkedSpace.cpp: Removed.
+ * runtime/MarkedSpace.h: Removed.
+
+2011-04-11 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-04-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 58198 - Clean up JSValue implementation for JSVALUE64
+
+ Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64
+
+ JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64,
+ which should not have been here. JSImmediate mostly contained uncalled methods,
+ along with the internal implementation of the JSValue constructors split unnecessarily
+ across a number of layers of function calls. These could largely be merged back
+ together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified.
+
+ The .cpp files were empty.
+
+ Moving all these methods into JSValue.h seems to be a repro measurable regression, so
+ I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag
+ values as static const members of JSValue also measures as a repro regression, so I
+ have made these #defines.
+
+ * Android.mk:
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitLoad):
+ - Removed class JSImmediate.
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Removed class JSImmediate.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Removed class JSImmediate.
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::compileBinaryArithOpSlowCase):
+ - Removed class JSImmediate.
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitJumpIfJSCell):
+ (JSC::JIT::emitJumpIfNotJSCell):
+ (JSC::JIT::emitJumpIfImmediateInteger):
+ (JSC::JIT::emitJumpIfNotImmediateInteger):
+ (JSC::JIT::emitFastArithDeTagImmediate):
+ (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+ (JSC::JIT::emitFastArithReTagImmediate):
+ (JSC::JIT::emitTagAsBoolImmediate):
+ - Removed class JSImmediate.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emitSlow_op_not):
+ - Removed class JSImmediate.
+ * jit/JSInterfaceJIT.h:
+ - Removed class JSImmediate.
+ * runtime/JSCell.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * runtime/JSImmediate.cpp: Removed.
+ * runtime/JSImmediate.h: Removed.
+ * runtime/JSNumberCell.cpp: Removed.
+ * runtime/JSNumberCell.h: Removed.
+ - Removed.
+ * runtime/JSObject.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * runtime/JSString.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * runtime/JSValue.h:
+ - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64.
+ * runtime/JSValueInlineMethods.h: Added.
+ (JSC::JSValue::toInt32):
+ (JSC::JSValue::toUInt32):
+ (JSC::JSValue::isUInt32):
+ (JSC::JSValue::asUInt32):
+ (JSC::JSValue::uncheckedGetNumber):
+ (JSC::JSValue::toJSNumber):
+ (JSC::jsNaN):
+ (JSC::JSValue::getNumber):
+ (JSC::JSValue::getBoolean):
+ (JSC::JSValue::JSValue):
+ (JSC::JSValue::encode):
+ (JSC::JSValue::decode):
+ (JSC::JSValue::operator bool):
+ (JSC::JSValue::operator==):
+ (JSC::JSValue::operator!=):
+ (JSC::JSValue::isUndefined):
+ (JSC::JSValue::isNull):
+ (JSC::JSValue::isUndefinedOrNull):
+ (JSC::JSValue::isCell):
+ (JSC::JSValue::isInt32):
+ (JSC::JSValue::isDouble):
+ (JSC::JSValue::isTrue):
+ (JSC::JSValue::isFalse):
+ (JSC::JSValue::tag):
+ (JSC::JSValue::payload):
+ (JSC::JSValue::asInt32):
+ (JSC::JSValue::asDouble):
+ (JSC::JSValue::asCell):
+ (JSC::JSValue::isNumber):
+ (JSC::JSValue::isBoolean):
+ (JSC::JSValue::makeImmediate):
+ (JSC::JSValue::immediateValue):
+ (JSC::reinterpretDoubleToIntptr):
+ (JSC::reinterpretIntptrToDouble):
+ - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h.
+ * runtime/Operations.h:
+ - Removed JSImmediate.h, JSNumberCell.h.
+ * wtf/StdLibExtras.h:
+ - Export bitwise_cast.
+
+2011-04-11 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Oliver Hunt.
+
+ SH4 JIT SUPPORT.
+ https://bugs.webkit.org/show_bug.cgi?id=44329
+
+ Add JIT remaining part for SH4 platforms.
+
+ * assembler/MacroAssemblerSH4.h:
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITPropertyAccess32_64.cpp:
+ * jit/JITStubs.cpp:
+ * jit/JITStubs.h:
+ * jit/JSInterfaceJIT.h:
+
+2011-04-10 Geoffrey Garen <ggaren@apple.com>
+
+ Rubber-stamped by Beth Dakin.
+
+ Moved Heap.h and Heap.cpp to the heap folder, because anything less
+ would be uncivilized.
+
+ * Android.mk:
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp: Copied from JavaScriptCore/runtime/Heap.cpp.
+ * heap/Heap.h: Copied from JavaScriptCore/runtime/Heap.h.
+ * runtime/Heap.cpp: Removed.
+ * runtime/Heap.h: Removed.
+
+2011-04-10 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove duplicated code from AtomicString::fromUTF8()
+ https://bugs.webkit.org/show_bug.cgi?id=53711
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/text/AtomicString.cpp:
+ (WTF::AtomicString::fromUTF8Internal):
+ * wtf/text/AtomicString.h:
+ (WTF::AtomicString::fromUTF8):
+ * wtf/unicode/UTF8.cpp:
+ (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
+ * wtf/unicode/UTF8.h:
+
+2011-04-10 Maciej Stachowiak <mjs@apple.com>
+
+ Not reviewed.
+
+ Fix build (at least on Lion) by adding some newish header files to
+ PrivateHeaders.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-04-09 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ Try recommitting some things svn left out of its last commit.
+
+ * heap/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::HandleBase):
+ (JSC::HandleBase::slot):
+ (JSC::HandleBase::setSlot):
+ (JSC::Handle::Handle):
+ * heap/HandleHeap.cpp:
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::isValidWeakNode):
+ * heap/HandleHeap.h:
+ (JSC::HandleHeap::globalData):
+
+2011-04-08 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A few heap-related renames and file moves.
+
+ WeakGCPtr<T> => Weak<T>
+ Global<T> => Strong<T>
+ collector/ => heap/
+ collector/* => heap/*
+ runtime/WeakGCPtr.h => heap/Weak.h
+
+ (Eventually, even more files should move into the heap directory. Like
+ Heap.h and Heap.cpp, for example.)
+
+ * API/JSClassRef.h:
+ * CMakeLists.txt:
+ * GNUmakefile.am:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
+ * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/SamplingTool.h:
+ * bytecompiler/BytecodeGenerator.h:
+ * collector: Removed.
+ * collector/handles: Removed.
+ * collector/handles/Global.h: Removed.
+ * collector/handles/Handle.h: Removed.
+ * collector/handles/HandleHeap.cpp: Removed.
+ * collector/handles/HandleHeap.h: Removed.
+ * collector/handles/HandleStack.cpp: Removed.
+ * collector/handles/HandleStack.h: Removed.
+ * collector/handles/Local.h: Removed.
+ * collector/handles/LocalScope.h: Removed.
+ * heap: Copied from collector.
+ * heap/Handle.h: Copied from collector/handles/Handle.h.
+ * heap/HandleHeap.cpp: Copied from collector/handles/HandleHeap.cpp.
+ * heap/HandleHeap.h: Copied from collector/handles/HandleHeap.h.
+ * heap/HandleStack.cpp: Copied from collector/handles/HandleStack.cpp.
+ * heap/HandleStack.h: Copied from collector/handles/HandleStack.h.
+ * heap/Local.h: Copied from collector/handles/Local.h.
+ * heap/LocalScope.h: Copied from collector/handles/LocalScope.h.
+ * heap/Strong.h: Copied from collector/handles/Global.h.
+ (JSC::Strong::Strong):
+ (JSC::Strong::~Strong):
+ (JSC::Strong::operator=):
+ * heap/Weak.h: Copied from runtime/WeakGCPtr.h.
+ (JSC::Weak::Weak):
+ (JSC::Weak::~Weak):
+ * heap/handles: Removed.
+ * interpreter/RegisterFile.h:
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+ * jit/JITStubs.h:
+ * runtime/Structure.h:
+ * runtime/WeakGCPtr.h: Removed.
+
+2011-04-08 Alpha Lam <hclam@chromium.org>
+
+ Unreviewed, rolling out r83335.
+ http://trac.webkit.org/changeset/83335
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+ GTK and QT bots are broken
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-08 Gavin Barraclough <barraclough@apple.com>
+
+ Ooops, typo, build fix.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-04-08 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 58154 - Add support for comparison operators to the DFG JIT.
+
+ Add support for <, <=, ==, ===, and also !. Add support for all corresponding
+ bytecode ops, including the not- and -null forms. Initially add functionally
+ correct support, we'll revisit the performance.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::constantNull):
+ (JSC::DFG::ByteCodeParser::parse):
+ - Add support for parsing of bytecode opcodes,
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ - Add new operation call types, return bool values.
+ * dfg/DFGNode.h:
+ - Add new node types.
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ - Add code generation for new nodes.
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationCompareLess):
+ (JSC::DFG::operationCompareLessEq):
+ (JSC::DFG::operationCompareEq):
+ (JSC::DFG::operationCompareStrictEq):
+ (JSC::DFG::dfgConvertJSValueToBoolean):
+ * dfg/DFGOperations.h:
+ - Add operation callbacks to implement new ops.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ - Add code generation for new nodes.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
+ * runtime/JSImmediate.h:
+ - Make tag values public, rather than relying on a friend - this matches JSVALUE32_64.
+
+2011-04-07 Anna Cavender <annacc@chromium.org>
+
+ Reviewed by Eric Carlson.
+
+ Setup ENABLE(TRACK) feature define
+ https://bugs.webkit.org/show_bug.cgi?id=53556
+
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-07 Balazs Kelemen <kbalazs@webkit.org>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [WK2][Qt][GTK] Introduce common use flag for the shared UNIX domain socket IPC implementation
+ https://bugs.webkit.org/show_bug.cgi?id=58030
+
+ * wtf/Platform.h: Introduce USE(UNIX_DOMAIN_SOCKETS) for WebKit2.
+
+2011-04-08 Adam Roben <aroben@apple.com>
+
+ Clean build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Don't try to delete directories that
+ don't exist. Also switched from del /s to rmdir /s, which has the benefit of deleting the
+ directory itself in addition to the files it contains.
+
+2011-04-07 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Some Handle<T> cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=58109
+
+ * bytecode/SamplingTool.h: Sorted alphabetically because that's the
+ WebKit style. Added a Global.h #include that was previously missing
+ but harmless.
+
+ * collector/handles/Global.h:
+ (JSC::Global::Global): Added a null constructor. No need for a special
+ tag, and the tag is incompatible with some data structures.
+
+ (JSC::Global::isHashTableDeletedValue):
+ (JSC::Global::~Global):
+ (JSC::Global::set):
+ (JSC::Global::operator=):
+ (JSC::Global::clear):
+ (JSC::Global::hashTableDeletedValue): Reordered constructors to be near
+ each other.
+
+ (JSC::Global::setWithWriteBarrier): Renamed internalSet to
+ setWithWriteBarrier for clarity, and funneled more code into using set
+ and setWithWriteBarrier to reduce duplication.
+
+ * collector/handles/Handle.h:
+ (JSC::HandleBase::operator!):
+ (JSC::HandleBase::HandleBase): Removed isEmpty(), since we already have
+ boolean and ! operators.
+
+ (JSC::HandleBase::slot):
+ (JSC::HandleBase::setSlot):
+ (JSC::Handle::Handle): Added general support for null Handles. This was
+ previously outlawed by ASSERTs, but our code has grown to support and
+ rely on null Handles.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::markWeakHandles):
+ (JSC::HandleHeap::finalizeWeakHandles):
+ (JSC::HandleHeap::isValidWeakNode): Migrated from isValidWeakHandle,
+ and beefed this up a bit.
+
+ * collector/handles/HandleHeap.h:
+ (JSC::HandleHeap::globalData): Added accessor, used by some new set functions.
+
+ * collector/handles/Local.h: Moved hash traits to the bottom of the file,
+ since this file is about the Local class, not the traits.
+
+ (JSC::::Local): Updated for removal of invalidate().
+
+ (JSC::::operator): Deployed "using" to avoid a lot of this->
+ template funny business.
+
+ (JSC::::setWithSlotCheck): Renamed from internalSet, more specific now.
+
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::RegisterFile): Updated to use null constructor.
+
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::hostFunctionStub):
+
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::Structure::setEnumerationCache):
+ * runtime/Structure.h: Removed clearEnumerationCache
+ because it was an unused holdover from when the enumeration cache was
+ not a handle.
+
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::set): Finish initializing our handle before putting it
+ in the table. This seemed more logical, and at one point was required
+ to avoid triggering an ASSERT.
+
+ * runtime/WeakGCPtr.h: Inherit from Handle instead of rolling our own
+ handle-like behavior, to avoid duplication.
+
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::~WeakGCPtr):
+ (JSC::WeakGCPtr::get):
+ (JSC::WeakGCPtr::clear):
+ (JSC::WeakGCPtr::set):
+ (JSC::WeakGCPtr::setWithWriteBarrier): Removed duplicate code and
+ standardized on Handle idioms.
+
+2011-04-07 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Martin Robinson.
+
+ Refactor Gtk build system to separate list of files
+ https://bugs.webkit.org/show_bug.cgi?id=58090
+
+ This is the first step towards generating part of the GTK build system
+ using GYP. In the first iteration, our plan is to just generate the
+ list of files. This patch is the first step, which is to separate out
+ the part of JavaScriptCore build system that we intend to generate from
+ the rest of the build system.
+
+ * GNUmakefile.am:
+ * GNUmakefile.list.am: Added.
+
+2011-04-07 Zoltan Herczeg <zherczeg@webkit.org>
+
+ Reviewed by Gavin Barraclough.
+
+ Mapping booleans the same way as integers
+ https://bugs.webkit.org/show_bug.cgi?id=56913
+
+ Instead of having a seperate tag field for booleans,
+ the logical values are stored in the payload field
+ (for JSValue32_64 representation).
+
+ 1.007x speedup on SunSpider.
+
+ * jit/JIT.h:
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitStoreBool):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emitSlow_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emitSlow_op_jtrue):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emitSlow_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ * jit/JSInterfaceJIT.h:
+ * runtime/JSValue.h:
+ (JSC::JSValue::JSValue):
+ (JSC::JSValue::isTrue):
+ (JSC::JSValue::isFalse):
+ (JSC::JSValue::getBoolean):
+
+2011-04-07 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Add stub support for generating Gtk build system from gyp
+ https://bugs.webkit.org/show_bug.cgi?id=58086
+
+ This does not produce a buildable JavaScriptCore, but it
+ does allow running gyp/configure --port=gtk and having
+ it generate a gtk.Makefile which we can use for testing
+ the rest of the plumbing.
+
+ * gyp/gtk.gyp: Added.
+
+2011-04-07 Andrew Scherkus <scherkus@chromium.org>
+
+ Revert ENABLE_TRACK patch due to compile failures.
+
+ * Configurations/FeatureDefines.xcconfig:
+
+2011-04-07 Adam Barth <abarth@webkit.org>
+
+ Fix whitespace in GNUmakefile.am.
+
+ * GNUmakefile.am:
+
+2011-04-07 Gavin Barraclough <barraclough@apple.com>
+
+ Fix a couple of typos in comments that Darin spotted.
+
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ * runtime/JSImmediate.h:
+
+2011-04-06 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoff Garen.
+ Bug 58057 - Store boolean payload in low bit of JSImmediate
+
+ And remove some uncalled functions from JSImmediate.h
+
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitTagAsBoolImmediate):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_not):
+ * runtime/JSImmediate.h:
+ (JSC::JSImmediate::makeInt):
+ (JSC::JSImmediate::makeBool):
+ (JSC::JSImmediate::intValue):
+ (JSC::JSImmediate::boolValue):
+ (JSC::JSImmediate::asInt32):
+ (JSC::JSImmediate::toDouble):
+ (JSC::JSValue::asInt32):
+ (JSC::JSValue::isUInt32):
+ (JSC::JSValue::asUInt32):
+
+2011-04-07 Liang Qi <liang.qi@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt][Symbian] Enable webkit build with GCCE on Symbian.
+ https://bugs.webkit.org/show_bug.cgi?id=57841
+
+ * wtf/MathExtras.h: GCCE compiler doesn't support those std static functions.
+
+2011-04-06 Dai Mikurube <dmikurube@chromium.org>
+
+ Reviewed by David Levin.
+
+ Add QUOTA build flag for unified quota API
+ https://bugs.webkit.org/show_bug.cgi?id=57918
+
+ * Configurations/FeatureDefines.xcconfig: Added QUOTA build flag
+
+2011-04-06 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Darin Adler.
+
+ Make sure JS_EXPORT_PRIVATE is an empty define when we aren't using the export macros.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * config.h:
+
+2011-04-06 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Stop JSObject::isUsingInlineStorage() from using the structure
+ https://bugs.webkit.org/show_bug.cgi?id=57986
+
+ Make the isUsingInlineStorage() implementation just look at
+ whether the property storage is inside the object.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::isUsingInlineStorage):
+ (JSC::JSObject::JSObject):
+
+2011-04-06 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Geoff Garen.
+
+ Update comments documenting JSVALUE64/JSVALUE32_64 JSValue representations.
+
+ * runtime/JSImmediate.h:
+ * runtime/JSValue.h:
+
+2011-04-06 Lucas De Marchi <lucas.demarchi@profusion.mobi>
+
+ cmake: Fix build for ARMv7
+
+ * CMakeLists.txt: add missing file.
+
+2011-04-06 Liang Qi <liang.qi@nokia.com>
+
+ Reviewed by Benjamin Poulain.
+
+ Correct a include file name.
+ https://bugs.webkit.org/show_bug.cgi?id=57839
+
+ * wtf/PageAllocatorSymbian.h: It should be case sensitive. This fix
+ builds on Unix hosts.
+
+2011-04-06 Adam Roben <aroben@apple.com>
+
+ Build fix after r83056
+
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Added property svn:executable.
+
+2011-04-06 Adam Roben <aroben@apple.com>
+
+ Move JavaScriptCoreGenerated's file-copying logic out to a new script
+
+ Hopefully this will make it easier to modify this logic in the future. I also made the
+ script much quieter than the old logic, since it didn't seem helpful to see long lists of
+ filenames during the copying phase.
+
+ If we like this new style, we could copy it for our other projects.
+
+ Fixes <http://webkit.org/b/57950> JavaScriptCoreGenerated's file-copying logic is hard to
+ modify and noisy
+
+ Reviewed by Steve Falkenburg.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Moved logic to copy
+ files from here...
+ * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: ...to here. (Added.)
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added copy-files.cmd
+ for convenience.
+
+2011-04-05 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix the Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Who likes export files? I do!
+
+2011-04-05 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Introduced the concept of opaque roots, in preparation for marking the DOM with them
+ https://bugs.webkit.org/show_bug.cgi?id=57903
+
+ * JavaScriptCore.exp: Who likes export files? I do!
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::isValidWeakHandle): Factored out a helper function for ASSERTs.
+
+ (JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid
+ weak linkage problems.
+
+ (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback.
+ Currently unused.
+
+ (JSC::WeakHandleOwner::finalize): Switched from pure virtual to a
+ default empty implementation, since not all clients necessarily want
+ or need non-trivial finalizers.
+
+ (JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two
+ passes. The first pass marks all reachable weak handles. The second pass
+ finalizes all unreachable weak handles. This must be two passes because
+ we don't know the set of finalizable weak handles until we're done
+ marking all weak handles.
+
+ (JSC::HandleHeap::finalizeWeakHandles): Use new helper function.
+
+ * collector/handles/HandleHeap.h: Ditto.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::reset): Split out handle marking from handle finalization.
+
+ * runtime/MarkStack.cpp:
+ (JSC::MarkStack::reset):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::addOpaqueRoot):
+ (JSC::MarkStack::containsOpaqueRoot):
+ (JSC::MarkStack::opaqueRootCount):
+ (JSC::HeapRootMarker::markStack): New helper functions for managing the
+ set of opaque roots.
+
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::finalize): Renamed to match parent class declaration.
+
+2011-04-05 Balazs Kelemen <kbalazs@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Build fix for YarrParser.h
+ https://bugs.webkit.org/show_bug.cgi?id=57822
+
+ * yarr/YarrParser.h:
+ (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
+
+2011-04-05 Steve Falkenburg <sfalken@apple.com>
+
+ Follow-up Windows build fix.
+ Don't skip react-to-vsprops-changes.py for all production builds,
+ only those initiated via JavaScriptCore.make.
+
+ * JavaScriptCore.vcproj/JavaScriptCore.make:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+
+2011-04-05 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ REGRESSION (r82849): 85,000+ JSC-related leaks seen on SnowLeopard Intel Leaks
+ https://bugs.webkit.org/show_bug.cgi?id=57857
+
+ Whoops, accidentally removed a deref().
+
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+
+2011-04-05 Steve Falkenburg <sfalken@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add per-configuration vsprops files.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed inheritance from common.vsprops.
+ Set production environment variable before calling make.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Added.
+
+2011-04-05 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make caches window show more info about non-jsobject GC values
+ https://bugs.webkit.org/show_bug.cgi?id=57874
+
+ Add ClassInfo to the various internal JS types that currently
+ don't have any, and make the text for caches window show the
+ classname for non-JSObject instances.
+
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::createStructure):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/Heap.cpp:
+ (JSC::TypeCounter::typeName):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/ScopeChain.cpp:
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StructureChain.cpp:
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::createStructure):
+
+2011-04-05 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Andreas Kling.
+
+ Cleanup StringConcatenate
+ https://bugs.webkit.org/show_bug.cgi?id=57836
+
+ Don't use PassRefPtr in local variables, properly store in RefPtrs and release on return.
+ Add a makeString() variant taking 9 arguments, needed by a follow-up patch.
+
+ * wtf/text/StringConcatenate.h:
+ (WTF::tryMakeString):
+ (WTF::makeString):
+
+2011-04-04 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r82876.
+ http://trac.webkit.org/changeset/82876
+ https://bugs.webkit.org/show_bug.cgi?id=57816
+
+ Caused a lot of test crashes (Requested by tkent on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * wtf/FastMalloc.cpp:
+ (WTF::tryFastMalloc):
+ (WTF::fastMalloc):
+ (WTF::tryFastCalloc):
+ (WTF::fastCalloc):
+ (WTF::fastFree):
+ (WTF::tryFastRealloc):
+ (WTF::fastRealloc):
+ (WTF::fastMallocSize):
+ (WTF::TCMalloc_PageHeap::isScavengerSuspended):
+ (WTF::TCMalloc_PageHeap::scheduleScavenger):
+ (WTF::TCMalloc_PageHeap::suspendScavenger):
+ (WTF::TCMalloc_PageHeap::signalScavenger):
+ (WTF::TCMallocStats::malloc):
+ (WTF::TCMallocStats::free):
+ (WTF::TCMallocStats::fastCalloc):
+ (WTF::TCMallocStats::tryFastCalloc):
+ (WTF::TCMallocStats::calloc):
+ (WTF::TCMallocStats::fastRealloc):
+ (WTF::TCMallocStats::tryFastRealloc):
+ (WTF::TCMallocStats::realloc):
+ (WTF::TCMallocStats::fastMallocSize):
+ * wtf/FastMalloc.h:
+ (WTF::Internal::fastMallocMatchValidationType):
+ (WTF::Internal::fastMallocMatchValidationValue):
+ (WTF::Internal::setFastMallocMatchValidationType):
+ (WTF::fastMallocMatchValidateFree):
+ * wtf/Platform.h:
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Antti Koivisto.
+
+ Stop JSCell.h from including Structure.h
+ https://bugs.webkit.org/show_bug.cgi?id=57809
+
+ * runtime/GetterSetter.h:
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toThisObject):
+ * runtime/JSString.h:
+ * runtime/ScopeChain.h:
+ * runtime/Structure.h:
+ (JSC::JSCell::isObject):
+ (JSC::JSCell::isString):
+ (JSC::JSCell::classInfo):
+ (JSC::JSCell::createDummyStructure):
+ (JSC::JSValue::needsThisConversion):
+ (JSC::MarkStack::internalAppend):
+ * runtime/StructureChain.h:
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Fix clang build.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::fastMalloc):
+ (WTF::fastCalloc):
+ (WTF::fastRealloc):
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Remove accidental change to Platform.h
+
+ * wtf/Platform.h:
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Fixed a weak-handle-related leak in RegisterFile
+ https://bugs.webkit.org/show_bug.cgi?id=57793
+
+ * interpreter/RegisterFile.cpp: Nixed leaky GlobalObjectNotifier.
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::GlobalObjectOwner::finalize):
+ (JSC::RegisterFile::RegisterFile): Replaced GlobalObjectNotifier with
+ a per-RegisterFile weak handle owner, which does not leak.
+
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::set): Allow set() to take a context argument, since
+ RegisterFile now needs this. (Seems like it was an accidental omission
+ all along.)
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make malloc validation useful
+ https://bugs.webkit.org/show_bug.cgi?id=57502
+
+ This patch changes FAST_MALLOC_MATCH_VALIDATION with a general
+ corruption check that tags the beginning and end of all allocations
+ to check for write overflows and overwrites the contents of
+ memory on free in order to (hopefully) show up use-after-free issues
+ sooner.
+
+ We also turn it on by default for debug builds.
+
+ * JavaScriptCore.exp:
+ * wtf/FastMalloc.cpp:
+ (WTF::tryFastMalloc):
+ (WTF::fastMalloc):
+ (WTF::tryFastCalloc):
+ (WTF::fastCalloc):
+ (WTF::fastFree):
+ (WTF::tryFastRealloc):
+ (WTF::fastRealloc):
+ (WTF::TCMalloc_PageHeap::isScavengerSuspended):
+ (WTF::TCMalloc_PageHeap::scheduleScavenger):
+ (WTF::TCMalloc_PageHeap::suspendScavenger):
+ (WTF::TCMalloc_PageHeap::signalScavenger):
+ (WTF::TCMallocStats::malloc):
+ (WTF::TCMallocStats::free):
+ (WTF::TCMallocStats::fastCalloc):
+ (WTF::TCMallocStats::tryFastCalloc):
+ (WTF::TCMallocStats::calloc):
+ (WTF::TCMallocStats::fastRealloc):
+ (WTF::TCMallocStats::tryFastRealloc):
+ (WTF::TCMallocStats::realloc):
+ * wtf/FastMalloc.h:
+ (WTF::Internal::fastMallocValidationHeader):
+ (WTF::Internal::fastMallocValidationSuffix):
+ (WTF::Internal::fastMallocMatchValidationType):
+ (WTF::Internal::setFastMallocMatchValidationType):
+ (WTF::fastMallocMatchValidateFree):
+ (WTF::fastMallocValidate):
+ * wtf/Platform.h:
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Renamed clearWeakPointers => updateWeakHandles and removed misleading comment
+ https://bugs.webkit.org/show_bug.cgi?id=57790
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::updateWeakHandles): Updated for rename.
+
+ * collector/handles/HandleHeap.h: Removed comment claiming that this
+ function should only be called during teardown, because it's actually
+ called after every GC pass.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots): Updated for rename.
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Standardized handling of handles for immediate values
+ https://bugs.webkit.org/show_bug.cgi?id=57788
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers): Don't check for null or non-cell
+ values here, because our write barrier guarantees that such values are
+ not in the weak list.
+
+ (JSC::HandleHeap::writeBarrier): Standardized on checking for null before
+ checking for cell, and on using early return instead of if/else.
+
+ * collector/handles/HandleHeap.h:
+ (JSC::HandleHeap::deallocate):
+ (JSC::HandleHeap::makeWeak): Ditto.
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ Removed a redundant variable from HandleHeap
+ https://bugs.webkit.org/show_bug.cgi?id=57786
+
+ Forgot to commit the file that actually removes the data member!
+
+ * collector/handles/HandleHeap.h:
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed a redundant variable from HandleHeap
+ https://bugs.webkit.org/show_bug.cgi?id=57786
+
+ We don't need a specific variable to indicate that we're in the middle
+ of the finalization phase, since m_nextToFinalize already does this.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::HandleHeap):
+ (JSC::HandleHeap::clearWeakPointers):
+ (JSC::HandleHeap::writeBarrier):
+
+2011-04-04 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Renamed Finalizer => WeakHandleOwner (in preparation for adding a reachability callback)
+ https://bugs.webkit.org/show_bug.cgi?id=57775
+
+ Also renamed noFinalizer => emptyWeakOwner, since this is really an
+ optimization for a weak owner with empty callbacks.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers): Updated for renames. Removed
+ redundant initialization of m_nextToFinalize. Moved deletion check inside
+ weak owner check, since the weak owner can't delete the node if there is
+ no weak owner!
+
+ * collector/handles/HandleHeap.h:
+ (JSC::WeakHandleOwner::~WeakHandleOwner):
+ (JSC::HandleHeap::makeWeak): Updated for renames.
+
+ (JSC::HandleHeap::hasWeakOwner): Changed getFinalizer to hasWeakOwner,
+ to clarify this function's role in assertions.
+
+ (JSC::HandleHeap::Node::Node):
+ (JSC::HandleHeap::Node::makeWeak):
+ (JSC::HandleHeap::Node::isWeak):
+ (JSC::HandleHeap::Node::weakOwner):
+ (JSC::HandleHeap::Node::weakOwnerContext):
+ (JSC::HandleHeap::Node::emptyWeakOwner):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::globalObjectCollectedNotifier):
+ * interpreter/RegisterFile.h:
+ * runtime/WeakGCMap.h:
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::set): Updated for renames.
+
+2011-04-04 Oliver Hunt <oliver@apple.com>
+
+ Fix WinCE build.
+
+ * bytecode/Instruction.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::tryCachePutByID):
+ (JSC::Interpreter::tryCacheGetByID):
+
+2011-04-04 Adam Roben <aroben@apple.com>
+
+ Delete mt.dep files when doing a clean build due to .vsprops file changes
+
+ Apparently this is yet another file that Visual Studio can't figure out it needs to rebuild.
+
+ Fixes <http://webkit.org/b/57777> r82850 failed to build on Windows Debug (Build)
+
+ Reviewed by Brian Weinstein.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
+ (main): Added dep to the list of extensions we look for when choosing files to delete.
+
+2011-04-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make StructureChain GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=56695
+
+ Make StructureChain GC allocated, and make the various owners
+ mark it correctly.
+
+ * JavaScriptCore.exp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::derefStructures):
+ (JSC::CodeBlock::refStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::derefStructures):
+ (JSC::PolymorphicAccessStructureList::markAggregate):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::markAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * collector/handles/Handle.h:
+ (JSC::HandleConverter::operator->):
+ (JSC::HandleConverter::operator*):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::tryCachePutByID):
+ (JSC::JITThunks::tryCacheGetByID):
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::markIfNeeded):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeChain):
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ (JSC::JSPropertyNameIterator::markChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
+ * runtime/JSZombie.cpp:
+ (JSC::JSZombie::leakedZombieStructure):
+ * runtime/JSZombie.h:
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::sweep):
+ * runtime/Structure.cpp:
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC::Structure::markAggregate):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ (JSC::StructureChain::~StructureChain):
+ (JSC::StructureChain::markChildren):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::createStructure):
+ * runtime/WriteBarrier.h:
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+
+2011-04-01 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed some complexity from HandleHeap
+ https://bugs.webkit.org/show_bug.cgi?id=57650
+
+ Eliminated pointer-tagging flags.
+
+ Tied being weak to having a finalizer (or at least a finalizer sentinel).
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers): Removed the special self-destroying
+ flag. It was unused. If we bring it back, we'll probably use a shared
+ autodeallocating finalizer instead.
+
+ * collector/handles/HandleHeap.h:
+ (JSC::HandleHeap::makeWeak): makeWeak and adding a finalizer are now
+ a single, atomic operation -- this makes the relationship between
+ finalizers and weak pointers clearer, and impossible to get wrong.
+
+ (JSC::HandleHeap::Node::Node):
+ (JSC::HandleHeap::Node::handleHeap): No more flags.
+
+ (JSC::HandleHeap::Node::makeWeak):
+ (JSC::HandleHeap::Node::isWeak): Ditto above. We use a special sentienl
+ value in the finalizer slot to indicate that a handle is weak but doesn't
+ require an external function call for finalization.
+
+2011-04-01 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed WeakGCMap::deprecatedRemove because it was deprecated and unused
+ https://bugs.webkit.org/show_bug.cgi?id=57648
+
+ * runtime/WeakGCMap.h:
+
+2011-04-01 Adam Roben <aroben@apple.com>
+
+ Maintain the invariant that Lexer::m_current is set to -1 when at the end of the code buffer
+
+ Covered by existing tests.
+
+ Fixes <http://webkit.org/b/56699>.
+
+ Reviewed by Oliver Hunt.
+
+ * parser/Lexer.h:
+ (JSC::Lexer::setOffset): Copied code from Lexer::shift to update m_current, because
+ supposedly the idiom that function uses is fast.
+
+2011-03-31 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Oliver Hunt.
+
+ SH4 JIT SUPPORT.
+ https://bugs.webkit.org/show_bug.cgi?id=44329
+
+ Add YARR support for SH4 platforms (disabled by default).
+
+ * GNUmakefile.am:
+ * assembler/MacroAssembler.h:
+ * assembler/MacroAssemblerSH4.cpp: Added.
+ * assembler/MacroAssemblerSH4.h: Added.
+ * assembler/SH4Assembler.h: Added.
+ * yarr/YarrJIT.cpp:
+
+2011-03-30 Adam Roben <aroben@apple.com>
+
+ Clean build fix
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln: Serialized project dependencies so projects
+ don't try to build in parallel (which doesn't mesh with our buildfailed mechanism).
+
+2011-03-30 Oliver Hunt <oliver@apple.com>
+
+ Rollout r82500
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::derefStructures):
+ (JSC::CodeBlock::refStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::derefStructures):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::markIfNeeded):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeChain):
+ * runtime/JSObject.h:
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ (JSC::JSPropertyNameIterator::markChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/Structure.h:
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+
+2011-03-29 Matthew Delaney <mdelaney@apple.com>
+
+ Reviewed by Simon Fraser.
+
+ Use the Accelerate vImage vectorized (un)premultiplyImageData functions for ImageBufferCG
+
+ https://bugs.webkit.org/show_bug.cgi?id=53134
+
+ * wtf/Platform.h: Added in WTF flag for using the Accelerate framework
+
+2011-03-30 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Share most vsprops between Release and Production builds in releaseproduction.vsprops
+ https://bugs.webkit.org/show_bug.cgi?id=57508
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
+
+2011-03-30 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Explicitly prevent testapi and minidom from being installed rather than relying
+ on Xcode's current behavior of not installing if INSTALL_PATH is not explicitly
+ set at the target level.
+
+ <rdar://problem/9206357>
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-03-30 Timur Iskhodzhanov <timurrrr@google.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add some dynamic annotations to JavaScriptCore/wtf
+ https://bugs.webkit.org/show_bug.cgi?id=53747
+
+ By using these annotations we can improve the precision of finding
+ WebKit errors using dynamic analysis tools like ThreadSanitizer and Valgrind.
+ These annotations don't affect the compiled binaries unless USE(DYNAMIC_ANNOTATIONS) is "1".
+
+ These files don't add new functionality, so don't need extra tests.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/DynamicAnnotations.cpp: Added.
+ (WTFAnnotateBenignRaceSized):
+ (WTFAnnotateHappensBefore):
+ (WTFAnnotateHappensAfter):
+ * wtf/DynamicAnnotations.h: Added.
+ * wtf/ThreadSafeRefCounted.h:
+ (WTF::ThreadSafeRefCountedBase::derefBase):
+ * wtf/text/StringStatics.cpp:
+ (WTF::StringImpl::empty):
+
+2011-03-30 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make StructureChain GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=56695
+
+ Make StructureChain GC allocated, and make the various owners
+ mark it correctly.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::derefStructures):
+ (JSC::CodeBlock::refStructures):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/Instruction.h:
+ (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+ (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+ (JSC::PolymorphicAccessStructureList::derefStructures):
+ (JSC::PolymorphicAccessStructureList::markAggregate):
+ (JSC::Instruction::Instruction):
+ * bytecode/StructureStubInfo.cpp:
+ (JSC::StructureStubInfo::deref):
+ (JSC::StructureStubInfo::markAggregate):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::initGetByIdChain):
+ (JSC::StructureStubInfo::initPutByIdTransition):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_jneq_ptr):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+ * jit/JITStubs.cpp:
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/JSCell.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::markIfNeeded):
+ * runtime/JSGlobalObject.h:
+ (JSC::Structure::prototypeChain):
+ * runtime/JSObject.h:
+ (JSC::JSObject::markChildrenDirect):
+ * runtime/JSPropertyNameIterator.cpp:
+ (JSC::JSPropertyNameIterator::create):
+ (JSC::JSPropertyNameIterator::get):
+ (JSC::JSPropertyNameIterator::markChildren):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+ * runtime/Structure.h:
+ (JSC::Structure::cachedPrototypeChainSlot):
+ * runtime/StructureChain.cpp:
+ (JSC::StructureChain::StructureChain):
+ * runtime/StructureChain.h:
+ (JSC::StructureChain::create):
+ (JSC::StructureChain::createStructure):
+
+2011-03-30 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Update Windows production build logic for new production configurations
+ https://bugs.webkit.org/show_bug.cgi?id=57494
+
+ * JavaScriptCore.vcproj/JavaScriptCore.make:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
+
+2011-03-30 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Adam Roben.
+
+ Rename Windows configuration Release_LTCG to Production for clarity
+ https://bugs.webkit.org/show_bug.cgi?id=57465
+
+ * JavaScriptCore.vcproj/JavaScriptCore.sln:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Removed.
+ * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Removed.
+ * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+ * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Removed.
+ * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+ * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops.
+ * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Removed.
+
+2011-03-30 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+
+ Reviewed by Maciej Stachowiak.
+
+ Add the NEXT_OPCODE() macro to the DFG-JIT parser
+ https://bugs.webkit.org/show_bug.cgi?id=57322
+
+ In JavaScriptCore we use macros to jump to the next opcode
+ (both in interpreter and JIT). This macro is added to the
+ DFG-JIT parser as well.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parse):
+
+2011-03-29 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ ~25% regression on v8-splay in the SunSpider harness
+ https://bugs.webkit.org/show_bug.cgi?id=56128
+
+ I'm not sure if this is the root cause of the regression Stephanie
+ measured, but it seems to get us back to previous v8-splay times.
+
+ SunSpider reports no change. v8-splay says 41% faster.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::reset): Make marking proportional to 1X the size of the heap,
+ not .5X the size of the heap. When the heap is large, this makes a big
+ difference. (Our old heap growth policy matched this. You can see by
+ looking at resizeBlocks in revisions prior to r77699.)
+
+2011-03-29 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Use per-configuration vsprops in JavaScriptCore to avoid WebKitVSPropsRedirectionDir removal by MSVC IDE
+ https://bugs.webkit.org/show_bug.cgi?id=57350
+
+ Visual Studio's IDE was removing instances of $(WebKitVSPropsRedirectionDir) from
+ InheritedPropertySheet rules in our vcproj files when the vcproj was edited from within
+ the IDE. To avoid this, add a separate vsprops file for each project configuration that
+ contains the required inherited property sheets.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Added.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Added.
+ * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+ * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Added.
+ * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+ * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Added.
+ * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Added.
+
+2011-03-29 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Eric Seidel.
+
+ REGRESSION(r82173): Causes assertion and test failures in run-javascriptcore-tests on Windows (Requested by aroben on #webkit).
+ https://bugs.webkit.org/show_bug.cgi?id=57333
+
+ constructDate now takes the global object explicitly as it may be called
+ by functions other than the constructor itself.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeDate):
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ (JSC::constructWithDateConstructor):
+ * runtime/DateConstructor.h:
+
+2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Benjamin Poulain.
+
+ https://bugs.webkit.org/show_bug.cgi?id=41953
+
+ Fix compile error on Solaris 10/Sun Studio 12 CC emanating from MathExtras.h
+
+ * wtf/MathExtras.h:
+
+2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=57231
+ Add conditional for SUNCC supporting alignment macros
+
+ Compile fix for Solaris 10/Sun Studio 12 CC
+
+ * wtf/Vector.h:
+
+2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=57256
+
+ Fix crash on misaligned reads on Solaris 10/Sparc
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::equal):
+
+2011-03-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ instanceof Array test fails when using iframes
+ https://bugs.webkit.org/show_bug.cgi?id=17250
+
+ This is a problem with all built in constructors, the use of
+ lexicalGlobalObject rather than the constructors own
+ global object reference means that a builtin will always use
+ the prototype from the lexical global object rather than that
+ of the constructors origin.
+
+ * API/JSObjectRef.cpp:
+ (JSObjectMakeFunction):
+ (JSObjectMakeRegExp):
+ * JavaScriptCore.exp:
+ * runtime/ArrayConstructor.cpp:
+ (JSC::constructArrayWithSizeQuirk):
+ * runtime/BooleanConstructor.cpp:
+ (JSC::constructBoolean):
+ (JSC::constructBooleanFromImmediateBoolean):
+ * runtime/BooleanConstructor.h:
+ * runtime/DateConstructor.cpp:
+ (JSC::constructDate):
+ * runtime/DateInstance.cpp:
+ * runtime/DateInstance.h:
+ * runtime/ErrorConstructor.cpp:
+ (JSC::constructWithErrorConstructor):
+ (JSC::callErrorConstructor):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructWithFunctionConstructor):
+ (JSC::callFunctionConstructor):
+ (JSC::constructFunction):
+ * runtime/FunctionConstructor.h:
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::getOwnPropertySlot):
+ (JSC::JSCell::put):
+ (JSC::JSCell::deleteProperty):
+ (JSC::JSCell::toThisObject):
+ (JSC::JSCell::toObject):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSValue::toObject):
+ * runtime/JSNotAnObject.cpp:
+ (JSC::JSNotAnObject::toObject):
+ * runtime/JSNotAnObject.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::toObject):
+ * runtime/JSObject.h:
+ * runtime/JSString.cpp:
+ (JSC::StringObject::create):
+ (JSC::JSString::toObject):
+ (JSC::JSString::toThisObject):
+ * runtime/JSString.h:
+ * runtime/JSValue.cpp:
+ (JSC::JSValue::toObjectSlowCase):
+ (JSC::JSValue::toThisObjectSlowCase):
+ (JSC::JSValue::synthesizeObject):
+ * runtime/JSValue.h:
+ * runtime/NumberConstructor.cpp:
+ (JSC::constructWithNumberConstructor):
+ * runtime/NumberObject.cpp:
+ (JSC::constructNumber):
+ * runtime/NumberObject.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::constructObject):
+ (JSC::constructWithObjectConstructor):
+ (JSC::callObjectConstructor):
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ (JSC::constructWithRegExpConstructor):
+ (JSC::callRegExpConstructor):
+ * runtime/RegExpConstructor.h:
+ * runtime/StringConstructor.cpp:
+ (JSC::constructWithStringConstructor):
+ * runtime/StringObject.h:
+
+2011-03-28 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ REGRESSION [r78794-r79249] Allocation of memory is slow when number of active objects is large
+ https://bugs.webkit.org/show_bug.cgi?id=56823
+
+ Partial fix for most of the problem. (TOT still shows a regression, though.)
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::reportExtraMemoryCostSlowCase): Use highWaterMark(), instead of
+ capacity(), since capacity() is O(n) relative to the size of the heap.
+
+ In limited circumstances, capacity() is also worse than highWaterMark()
+ for measuring extra cost relative to heap size, since capacity() only
+ measures the *current* capacity of the heap, but the heap will grow if
+ necessary to attain highWaterMark().
+
+2011-03-28 Oliver Hunt <oliver@apple.com>
+
+ REGRESSION(r82130): It made all tests crash (Requested by Ossy on #webkit).
+ https://bugs.webkit.org/show_bug.cgi?id=57251
+
+ Build fix, had remnant of another patch in r82130
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::privateCompileGetByIdChainList):
+
+2011-03-27 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Add additional immediate types to allow us to distinguish the source of a JIT immediate
+ https://bugs.webkit.org/show_bug.cgi?id=57190
+
+ Allow us to distinguish whether a JIT immediate is a value that we
+ control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled
+ or influenced by code we are compiling. Currently we do nothing with this
+ information -- this change is large and mechanical but would obscure any
+ logic changes that we would have made.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
+ (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
+ (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
+ (JSC::AbstractMacroAssembler::Imm32::Imm32):
+ * assembler/MacroAssembler.h:
+ (JSC::MacroAssembler::pop):
+ (JSC::MacroAssembler::poke):
+ (JSC::MacroAssembler::branchPtr):
+ (JSC::MacroAssembler::branch32):
+ (JSC::MacroAssembler::addPtr):
+ (JSC::MacroAssembler::andPtr):
+ (JSC::MacroAssembler::orPtr):
+ (JSC::MacroAssembler::subPtr):
+ (JSC::MacroAssembler::xorPtr):
+ (JSC::MacroAssembler::setPtr):
+ (JSC::MacroAssembler::storePtr):
+ (JSC::MacroAssembler::branchTestPtr):
+ (JSC::MacroAssembler::branchSubPtr):
+ (JSC::MacroAssembler::branchTest8):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::add32):
+ (JSC::MacroAssemblerARM::and32):
+ (JSC::MacroAssemblerARM::lshift32):
+ (JSC::MacroAssemblerARM::mul32):
+ (JSC::MacroAssemblerARM::or32):
+ (JSC::MacroAssemblerARM::rshift32):
+ (JSC::MacroAssemblerARM::urshift32):
+ (JSC::MacroAssemblerARM::sub32):
+ (JSC::MacroAssemblerARM::xor32):
+ (JSC::MacroAssemblerARM::store32):
+ (JSC::MacroAssemblerARM::push):
+ (JSC::MacroAssemblerARM::move):
+ (JSC::MacroAssemblerARM::branch8):
+ (JSC::MacroAssemblerARM::branch32):
+ (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARM::branch16):
+ (JSC::MacroAssemblerARM::branchTest8):
+ (JSC::MacroAssemblerARM::branchTest32):
+ (JSC::MacroAssemblerARM::branchAdd32):
+ (JSC::MacroAssemblerARM::branchMul32):
+ (JSC::MacroAssemblerARM::branchSub32):
+ (JSC::MacroAssemblerARM::set32Compare32):
+ (JSC::MacroAssemblerARM::set8Compare32):
+ (JSC::MacroAssemblerARM::set32Test32):
+ (JSC::MacroAssemblerARM::set32Test8):
+ (JSC::MacroAssemblerARM::moveWithPatch):
+ (JSC::MacroAssemblerARM::branchPtrWithPatch):
+ (JSC::MacroAssemblerARM::storePtrWithPatch):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::add32):
+ (JSC::MacroAssemblerARMv7::and32):
+ (JSC::MacroAssemblerARMv7::lshift32):
+ (JSC::MacroAssemblerARMv7::mul32):
+ (JSC::MacroAssemblerARMv7::or32):
+ (JSC::MacroAssemblerARMv7::rshift32):
+ (JSC::MacroAssemblerARMv7::urshift32):
+ (JSC::MacroAssemblerARMv7::sub32):
+ (JSC::MacroAssemblerARMv7::xor32):
+ (JSC::MacroAssemblerARMv7::load32):
+ (JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerARMv7::load16):
+ (JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerARMv7::store32):
+ (JSC::MacroAssemblerARMv7::loadDouble):
+ (JSC::MacroAssemblerARMv7::storeDouble):
+ (JSC::MacroAssemblerARMv7::push):
+ (JSC::MacroAssemblerARMv7::move):
+ (JSC::MacroAssemblerARMv7::compare32):
+ (JSC::MacroAssemblerARMv7::test32):
+ (JSC::MacroAssemblerARMv7::branch32):
+ (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerARMv7::branch16):
+ (JSC::MacroAssemblerARMv7::branch8):
+ (JSC::MacroAssemblerARMv7::branchTest32):
+ (JSC::MacroAssemblerARMv7::branchTest8):
+ (JSC::MacroAssemblerARMv7::branchAdd32):
+ (JSC::MacroAssemblerARMv7::branchMul32):
+ (JSC::MacroAssemblerARMv7::branchSub32):
+ (JSC::MacroAssemblerARMv7::nearCall):
+ (JSC::MacroAssemblerARMv7::call):
+ (JSC::MacroAssemblerARMv7::set32Compare32):
+ (JSC::MacroAssemblerARMv7::set8Compare32):
+ (JSC::MacroAssemblerARMv7::set32Test32):
+ (JSC::MacroAssemblerARMv7::set32Test8):
+ (JSC::MacroAssemblerARMv7::moveWithPatch):
+ (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
+ (JSC::MacroAssemblerARMv7::storePtrWithPatch):
+ (JSC::MacroAssemblerARMv7::tailRecursiveCall):
+ (JSC::MacroAssemblerARMv7::makeJump):
+ (JSC::MacroAssemblerARMv7::makeBranch):
+ (JSC::MacroAssemblerARMv7::setupArmAddress):
+ (JSC::MacroAssemblerARMv7::makeBaseIndexBase):
+ (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::add32):
+ (JSC::MacroAssemblerMIPS::and32):
+ (JSC::MacroAssemblerMIPS::lshift32):
+ (JSC::MacroAssemblerMIPS::mul32):
+ (JSC::MacroAssemblerMIPS::or32):
+ (JSC::MacroAssemblerMIPS::rshift32):
+ (JSC::MacroAssemblerMIPS::urshift32):
+ (JSC::MacroAssemblerMIPS::sub32):
+ (JSC::MacroAssemblerMIPS::xor32):
+ (JSC::MacroAssemblerMIPS::load32):
+ (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch):
+ (JSC::MacroAssemblerMIPS::store32):
+ (JSC::MacroAssemblerMIPS::push):
+ (JSC::MacroAssemblerMIPS::move):
+ (JSC::MacroAssemblerMIPS::branch8):
+ (JSC::MacroAssemblerMIPS::branch32):
+ (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerMIPS::branch16):
+ (JSC::MacroAssemblerMIPS::branchTest32):
+ (JSC::MacroAssemblerMIPS::branchTest8):
+ (JSC::MacroAssemblerMIPS::branchAdd32):
+ (JSC::MacroAssemblerMIPS::branchMul32):
+ (JSC::MacroAssemblerMIPS::branchSub32):
+ (JSC::MacroAssemblerMIPS::set8Compare32):
+ (JSC::MacroAssemblerMIPS::set32Compare32):
+ (JSC::MacroAssemblerMIPS::set32Test8):
+ (JSC::MacroAssemblerMIPS::set32Test32):
+ (JSC::MacroAssemblerMIPS::moveWithPatch):
+ (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
+ (JSC::MacroAssemblerMIPS::storePtrWithPatch):
+ (JSC::MacroAssemblerMIPS::tailRecursiveCall):
+ (JSC::MacroAssemblerMIPS::loadDouble):
+ (JSC::MacroAssemblerMIPS::storeDouble):
+ (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::add32):
+ (JSC::MacroAssemblerX86::addWithCarry32):
+ (JSC::MacroAssemblerX86::and32):
+ (JSC::MacroAssemblerX86::or32):
+ (JSC::MacroAssemblerX86::sub32):
+ (JSC::MacroAssemblerX86::store32):
+ (JSC::MacroAssemblerX86::branch32):
+ (JSC::MacroAssemblerX86::moveWithPatch):
+ (JSC::MacroAssemblerX86::branchPtrWithPatch):
+ (JSC::MacroAssemblerX86::storePtrWithPatch):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::add32):
+ (JSC::MacroAssemblerX86Common::and32):
+ (JSC::MacroAssemblerX86Common::lshift32):
+ (JSC::MacroAssemblerX86Common::mul32):
+ (JSC::MacroAssemblerX86Common::or32):
+ (JSC::MacroAssemblerX86Common::rshift32):
+ (JSC::MacroAssemblerX86Common::urshift32):
+ (JSC::MacroAssemblerX86Common::sub32):
+ (JSC::MacroAssemblerX86Common::xor32):
+ (JSC::MacroAssemblerX86Common::store32):
+ (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
+ (JSC::MacroAssemblerX86Common::push):
+ (JSC::MacroAssemblerX86Common::move):
+ (JSC::MacroAssemblerX86Common::branch8):
+ (JSC::MacroAssemblerX86Common::branch32):
+ (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
+ (JSC::MacroAssemblerX86Common::branch16):
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchMul32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ (JSC::MacroAssemblerX86Common::set8Compare32):
+ (JSC::MacroAssemblerX86Common::set32Compare32):
+ (JSC::MacroAssemblerX86Common::set32Test8):
+ (JSC::MacroAssemblerX86Common::set32Test32):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::add32):
+ (JSC::MacroAssemblerX86_64::and32):
+ (JSC::MacroAssemblerX86_64::or32):
+ (JSC::MacroAssemblerX86_64::sub32):
+ (JSC::MacroAssemblerX86_64::loadDouble):
+ (JSC::MacroAssemblerX86_64::addDouble):
+ (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
+ (JSC::MacroAssemblerX86_64::store32):
+ (JSC::MacroAssemblerX86_64::call):
+ (JSC::MacroAssemblerX86_64::tailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
+ (JSC::MacroAssemblerX86_64::addPtr):
+ (JSC::MacroAssemblerX86_64::andPtr):
+ (JSC::MacroAssemblerX86_64::orPtr):
+ (JSC::MacroAssemblerX86_64::subPtr):
+ (JSC::MacroAssemblerX86_64::xorPtr):
+ (JSC::MacroAssemblerX86_64::storePtr):
+ (JSC::MacroAssemblerX86_64::setPtr):
+ (JSC::MacroAssemblerX86_64::branchPtr):
+ (JSC::MacroAssemblerX86_64::branchTestPtr):
+ (JSC::MacroAssemblerX86_64::branchSubPtr):
+ (JSC::MacroAssemblerX86_64::moveWithPatch):
+ (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
+ (JSC::MacroAssemblerX86_64::storePtrWithPatch):
+ (JSC::MacroAssemblerX86_64::branchTest8):
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::callOperation):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::jitAssertIsInt32):
+ (JSC::DFG::JITCompiler::emitCount):
+ * dfg/DFGJITCompiler.h:
+ (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::emitTimeoutCheck):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_urshift):
+ (JSC::JIT::emitSlow_op_urshift):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ (JSC::JIT::emit_op_mod):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emit_op_negate):
+ (JSC::JIT::emit_op_jnless):
+ (JSC::JIT::emit_op_jless):
+ (JSC::JIT::emit_op_jlesseq):
+ (JSC::JIT::emit_op_lshift):
+ (JSC::JIT::emitRightShift):
+ (JSC::JIT::emitRightShiftSlowCase):
+ (JSC::JIT::emit_op_bitand):
+ (JSC::JIT::emit_op_bitor):
+ (JSC::JIT::emit_op_bitxor):
+ (JSC::JIT::emit_op_bitnot):
+ (JSC::JIT::emit_op_post_inc):
+ (JSC::JIT::emit_op_post_dec):
+ (JSC::JIT::emitSlow_op_post_dec):
+ (JSC::JIT::emit_op_pre_inc):
+ (JSC::JIT::emit_op_pre_dec):
+ (JSC::JIT::emit_op_add):
+ (JSC::JIT::emitAdd32Constant):
+ (JSC::JIT::emit_op_sub):
+ (JSC::JIT::emitSub32Constant):
+ (JSC::JIT::emitBinaryDoubleOp):
+ (JSC::JIT::emit_op_mul):
+ (JSC::JIT::emitSlow_op_mul):
+ (JSC::JIT::emit_op_div):
+ (JSC::JIT::emit_op_mod):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutCellToCallFrameHeader):
+ (JSC::JIT::emitPutIntToCallFrameHeader):
+ (JSC::JIT::emitPutImmediateToCallFrameHeader):
+ (JSC::JIT::emitLoadCharacterString):
+ (JSC::JIT::restoreArgumentReferenceForTrampoline):
+ (JSC::JIT::checkStructure):
+ (JSC::JIT::setSamplingFlag):
+ (JSC::JIT::clearSamplingFlag):
+ (JSC::JIT::emitCount):
+ (JSC::JIT::sampleInstruction):
+ (JSC::JIT::sampleCodeBlock):
+ (JSC::JIT::emitStoreInt32):
+ (JSC::JIT::emitStoreCell):
+ (JSC::JIT::emitStoreBool):
+ (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+ (JSC::JIT::emitInitRegister):
+ (JSC::JIT::emitJumpIfJSCell):
+ (JSC::JIT::emitJumpIfNotJSCell):
+ (JSC::JIT::emitJumpIfImmediateInteger):
+ (JSC::JIT::emitJumpIfNotImmediateInteger):
+ (JSC::JIT::emitFastArithDeTagImmediate):
+ (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+ (JSC::JIT::emitFastArithReTagImmediate):
+ (JSC::JIT::emitTagAsBoolImmediate):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_check_has_instance):
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_ensure_property_exists):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_jneq_ptr):
+ (JSC::JIT::emit_op_jsr):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_new_func_exp):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_to_jsnumber):
+ (JSC::JIT::emit_op_push_new_scope):
+ (JSC::JIT::emit_op_catch):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emit_op_init_lazy_reg):
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emit_op_convert_this_strict):
+ (JSC::JIT::emitSlow_op_not):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::emit_op_get_arguments_length):
+ (JSC::JIT::emitSlow_op_get_arguments_length):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::emitSlow_op_resolve_global_dynamic):
+ (JSC::JIT::emit_op_new_regexp):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ (JSC::JIT::emit_op_new_func):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTIMachineTrampolines):
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_loop_if_lesseq):
+ (JSC::JIT::emit_op_check_has_instance):
+ (JSC::JIT::emit_op_instanceof):
+ (JSC::JIT::emit_op_get_scoped_var):
+ (JSC::JIT::emit_op_put_scoped_var):
+ (JSC::JIT::emit_op_tear_off_activation):
+ (JSC::JIT::emit_op_tear_off_arguments):
+ (JSC::JIT::emit_op_resolve):
+ (JSC::JIT::emit_op_to_primitive):
+ (JSC::JIT::emit_op_resolve_base):
+ (JSC::JIT::emit_op_ensure_property_exists):
+ (JSC::JIT::emit_op_resolve_skip):
+ (JSC::JIT::emit_op_resolve_global):
+ (JSC::JIT::emitSlow_op_resolve_global):
+ (JSC::JIT::emit_op_not):
+ (JSC::JIT::emit_op_jfalse):
+ (JSC::JIT::emit_op_jtrue):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_jneq_ptr):
+ (JSC::JIT::emit_op_jsr):
+ (JSC::JIT::emit_op_eq):
+ (JSC::JIT::emitSlow_op_eq):
+ (JSC::JIT::emit_op_neq):
+ (JSC::JIT::emitSlow_op_neq):
+ (JSC::JIT::compileOpStrictEq):
+ (JSC::JIT::emit_op_eq_null):
+ (JSC::JIT::emit_op_neq_null):
+ (JSC::JIT::emit_op_resolve_with_base):
+ (JSC::JIT::emit_op_new_func_exp):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_to_jsnumber):
+ (JSC::JIT::emit_op_push_new_scope):
+ (JSC::JIT::emit_op_catch):
+ (JSC::JIT::emit_op_create_activation):
+ (JSC::JIT::emit_op_create_arguments):
+ (JSC::JIT::emit_op_convert_this):
+ (JSC::JIT::emit_op_convert_this_strict):
+ (JSC::JIT::emit_op_get_arguments_length):
+ (JSC::JIT::emitSlow_op_get_arguments_length):
+ (JSC::JIT::emit_op_get_argument_by_val):
+ (JSC::JIT::softModulo):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_get_by_pname):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_put_by_index):
+ (JSC::JIT::emit_op_put_getter):
+ (JSC::JIT::emit_op_put_setter):
+ (JSC::JIT::emit_op_del_by_id):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::testPrototype):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_put_getter):
+ (JSC::JIT::emit_op_put_setter):
+ (JSC::JIT::emit_op_del_by_id):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ (JSC::JIT::emit_op_method_check):
+ (JSC::JIT::stringGetByValStubGenerator):
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::compileGetByIdHotPath):
+ (JSC::JIT::compileGetByIdSlowCase):
+ (JSC::JIT::emitSlow_op_put_by_id):
+ (JSC::JIT::testPrototype):
+ (JSC::JIT::privateCompilePutByIdTransition):
+ (JSC::JIT::privateCompilePatchGetArrayLength):
+ (JSC::JIT::privateCompileGetByIdProto):
+ (JSC::JIT::privateCompileGetByIdSelfList):
+ (JSC::JIT::privateCompileGetByIdProtoList):
+ (JSC::JIT::privateCompileGetByIdChainList):
+ (JSC::JIT::privateCompileGetByIdChain):
+ (JSC::JIT::emit_op_get_by_pname):
+ * jit/JITStubCall.h:
+ (JSC::JITStubCall::addArgument):
+ * jit/JITStubs.cpp:
+ (JSC::getPolymorphicAccessStructureListSlot):
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
+ (JSC::JSInterfaceJIT::emitLoadInt32):
+ (JSC::JSInterfaceJIT::emitLoadDouble):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
+ (JSC::SpecializedThunkJIT::loadJSStringArgument):
+ (JSC::SpecializedThunkJIT::tagReturnAsInt32):
+ (JSC::SpecializedThunkJIT::tagReturnAsJSCell):
+ * jit/ThunkGenerators.cpp:
+ (JSC::charToString):
+ (JSC::powThunkGenerator):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::matchCharacterClass):
+ (JSC::Yarr::YarrGenerator::storeToFrame):
+ (JSC::Yarr::YarrGenerator::storeToFrameWithPatch):
+ (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
+ (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
+ (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
+ (JSC::Yarr::YarrGenerator::generateDisjunction):
+
+2011-03-28 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Fix the linking of jsc with MinGW after r81963.
+
+ * jsc.pro: add -l and remove the lib suffix.
+
+2011-03-27 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ https://bugs.webkit.org/show_bug.cgi?id=57170 Fix last elements
+ in an enum to remove a trailing comma. Sun Studio 12 CC errors out.
+
+ Compile fix only, no actual code change.
+
+ * wtf/MessageQueue.h:
+
+2011-03-25 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Allow defineOwnProperty to work on DOMObjects
+ https://bugs.webkit.org/show_bug.cgi?id=57129
+
+ Fix a couple of places where we uses getter()/setter() rather
+ than [gs]etterPresent().
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+
+2011-03-25 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Crash when paused at a breakpoint caused by inaccurate Activation records.
+ https://bugs.webkit.org/show_bug.cgi?id=57120
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::getOwnPropertyNames):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Crash in debugger beneath MarkStack::drain @ me.com, ibm.com
+ https://bugs.webkit.org/show_bug.cgi?id=57080
+ <rdar://problem/8525907>
+
+ The crash was caused by changes in the executable after recompilation.
+
+ The fix is for the activation to copy the data it needs instead of
+ relying on the data in the executable.
+
+ SunSpider and v8 report no change.
+
+ * runtime/Arguments.h:
+ (JSC::JSActivation::copyRegisters): Use our own data members instead of
+ reading data out of the executable.
+
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation): Initialize our data members.
+
+ (JSC::JSActivation::markChildren):
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::getOwnPropertyNames):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+ (JSC::JSActivation::isDynamicScope):
+ (JSC::JSActivation::argumentsGetter): Use our own data members instead of
+ reading data out of the executable.
+
+ * runtime/JSActivation.h: Added new data members to track data previously
+ tracked by the executable. Since I've removed the executable pointer,
+ on a 64bit system, I've only made activations bigger by an int.
+
+2011-03-25 David Kilzer <ddkilzer@apple.com>
+
+ Remove duplicate entry from JavaScriptCore.exp
+
+ JSC::createStackOverflowError(JSC::ExecState*) was originally
+ exported in r60057, then duplicated in r60392.
+
+ * JavaScriptCore.exp: Removed duplicate entry.
+
+2011-03-25 Jarred Nicholls <jarred@sencha.com>
+
+ Reviewed by Ariya Hidayat.
+
+ [Qt] MSVC Build Error - need to link advapi32.lib for jsc.exe
+ https://bugs.webkit.org/show_bug.cgi?id=56098
+
+ Need to link advapi32.lib for jsc.exe since wtf/OSRandomSource.cpp uses the Win32 Crypto API
+
+ * jsc.pro:
+
+2011-03-24 Nikolas Zimmermann <nzimmermann@rim.com>
+
+ Reviewed by Darin Adler.
+
+ Introduce WTF HexNumber.h
+ https://bugs.webkit.org/show_bug.cgi?id=56099
+
+ Introduce a set of functions that ease converting from a bye or a number to a hex string,
+ replacing several of these conversions and String::format("%x") usages all over WebCore.
+
+ * GNUmakefile.am: Add HexNumber.h to build.
+ * JavaScriptCore.exp: Export StringBuilder::reserveCapacity.
+ * JavaScriptCore.gypi: Add HexNumber.h to build.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity.
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+ * wtf/CMakeLists.txt: Ditto.
+ * wtf/HexNumber.h: Added.
+ (WTF::Internal::hexDigitsForMode): Internal helper.
+ (WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination.
+ (WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..'
+ (WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination.
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix take 2: Add new symobl.
+
+ (I should have used the EWS bots for this!)
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Windows build fix take 1: Removed old symobl.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Ensure that all compilation takes place within a dynamic global object scope
+ https://bugs.webkit.org/show_bug.cgi?id=57054
+ <rdar://problem/9083011>
+
+ Otherwise, entry to the global object scope might throw away the code
+ we just compiled, causing a crash.
+
+ * JavaScriptCore.exp: Updated for signature change.
+
+ * debugger/Debugger.cpp:
+ (JSC::evaluateInGlobalCallFrame):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls
+ here because (a) they took place outside a dynamic global object scope
+ and (b) they were redundant.
+
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall): Updated for signature change.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct): Declare our dynamic global object
+ scope earlier, to ensure that compilation takes place within it.
+
+ * runtime/Completion.cpp:
+ (JSC::evaluate): Removed explicit compilation calls here because (a)
+ they took place outside a dynamic global object scope and (b) they were
+ redundant.
+
+ * runtime/Executable.h:
+ (JSC::EvalExecutable::compile):
+ (JSC::ProgramExecutable::compile):
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to
+ verify our new invariant that all compilation takes place within a
+ dynamic global object scope.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
+ * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope
+ to require a JSGlobalData instead of an ExecState* since it is often
+ easier to provide the former, and the latter was not necessary.
+
+2011-03-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear
+ https://bugs.webkit.org/show_bug.cgi?id=55671
+
+ This is no longer necessary, and it seems that with the new weakmap
+ model it's simply unsafe, so this reduces it to a no-op.
+
+ * API/JSWeakObjectMapRefPrivate.cpp:
+
+2011-03-24 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ https://bugs.webkit.org/show_bug.cgi?id=20302
+ Correct implementation of signbit on Solaris
+
+ * wtf/MathExtras.h:
+ (signbit):
+
+2011-03-23 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Darin Adler.
+
+ <rdar://problem/7959320> Threads that use APIs above the BSD layer must be registered with the Obj-C GC.
+
+ * wtf/ThreadingPthreads.cpp:
+ (WTF::initializeCurrentThreadInternal):
+
+2011-03-23 Mark Rowe <mrowe@apple.com>
+
+ Stop setting OTHER_OPTIONS in JavaScriptCore's Makefile.
+
+ It's not necessary to pass "-target All" as xcodebuild always builds the
+ first target in the project unless otherwise specified. The presence of
+ that option also breaks "make clean" since that results in both the
+ -target and -alltargets options being passed to xcodebuild.
+
+ * Makefile:
+
+2011-03-23 Pavel Feldman <pfeldman@chromium.org>
+
+ Not reviewed: bring back Vector::contains that was removed as a part of roll back.
+
+ * wtf/Vector.h:
+ (WTF::::contains):
+
+2011-03-23 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r81686.
+ http://trac.webkit.org/changeset/81686
+ https://bugs.webkit.org/show_bug.cgi?id=56914
+
+ Breaks webkit_tests in Chromium again. (Requested by pfeldman
+ on #webkit).
+
+ * wtf/Vector.h:
+
+2011-03-23 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ JavaScriptCore GYP build should work on a case-sensitive file system
+ https://bugs.webkit.org/show_bug.cgi?id=56911
+
+ The issue is that there are two UString.h headers, one named UString.h
+ and one named ustring.h. This patch excludes ustring.h from the header
+ map to avoid confusion. While I was editing this part of the GYP file,
+ I cleaned up the exclude rules to be more modern.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ REGRESSION (r78382): No scripts appear in the Web Inspector's Scripts
+ panel on Windows, and many inspector regression tests are failing
+ https://bugs.webkit.org/show_bug.cgi?id=54490
+
+ The bug was caused by two different classes using the same name (Recompiler).
+
+ * debugger/Debugger.cpp:
+ * runtime/JSGlobalData.cpp:
+ (WTF::Recompiler::operator()): Put Recompiler in an anonymous namespace,
+ so our two recompilers' inline functions don't stomp each other at
+ link time.
+
+2011-03-22 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Mark Rowe.
+
+ Remove USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
+ <rdar://problem/8944718>
+
+ * DerivedSources.make:
+ Remove generation of USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
+
+2011-03-22 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Add DFG module to build system (disabled by default).
+ https://bugs.webkit.org/show_bug.cgi?id=56845
+
+ * JavaScriptCore.pri:
+ * JavaScriptCore.pro:
+
+2011-03-22 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Add support to build-webkit for building with gyp-generated project files
+ https://bugs.webkit.org/show_bug.cgi?id=56877
+
+ Found a couple missing Private headers while trying to make WebCore build.
+
+ * JavaScriptCore.gypi:
+
+2011-03-22 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Make it possible to build JavaScriptCore and WebCore gyp builds outside of Source
+ https://bugs.webkit.org/show_bug.cgi?id=56867
+
+ This should make it possible to build the gyp-generated JavaScriptCore.xcodeproj
+ from a JavaScriptCore directory outside of Source.
+
+ * gyp/JavaScriptCore.gyp:
+ * gyp/run-if-exists.sh: Added.
+ * gyp/update-info-plist.sh: Added.
+
+2011-03-22 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Add Profiling Configuration to JavaScriptCore gyp build
+ https://bugs.webkit.org/show_bug.cgi?id=56862
+
+ It appears this is identical to Release, but I suspect
+ there is someone/thing who uses the Profiling target
+ so we're adding it for completeness.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Remove os_win32_files variable from the GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=56804
+
+ Now that our understanding of GYP is sufficiently advanced, we don't
+ need os_win32_files any more. (Turns out Eric was right, as he always
+ is.)
+
+ * JavaScriptCore.gypi:
+
+2011-03-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ GYP build of JavaScriptCore should be able to link from an empty WebKitBuild directory
+ https://bugs.webkit.org/show_bug.cgi?id=56803
+
+ Previously, we thought we should generate the derived source files in
+ the shared intermediate build products directory, but there are
+ assumptions built into other parts of the Mac build system that the
+ derived source files will be generated in a particular subdirectory of
+ the build products directory.
+
+ This patch is a partial revert of the change that moved the derived
+ source files to the shared intermediate directory. After this patch,
+ the GYP build can build JavaScriptCore without help from the main
+ normal build system.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+ * gyp/generate-derived-sources.sh:
+ * gyp/generate-dtrace-header.sh:
+
+2011-03-22 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by David Levin.
+
+ Adding a contains method to Vector.
+ https://bugs.webkit.org/show_bug.cgi?id=55859
+
+ * wtf/Vector.h:
+ (WTF::Vector::contains):
+
+2011-03-22 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Fix a bunch of typos in DFG.
+ https://bugs.webkit.org/show_bug.cgi?id=56813
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::parse):
+ * dfg/DFGGenerationInfo.h:
+ (JSC::DFG::GenerationInfo::setSpilled):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::setupStubArguments):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGJITCompiler.h:
+ * dfg/DFGNode.h:
+ * dfg/DFGNonSpeculativeJIT.h:
+ * dfg/DFGOperations.h:
+ * dfg/DFGRegisterBank.h:
+ (JSC::DFG::RegisterBank::allocate):
+ * dfg/DFGScoreBoard.h:
+ (JSC::DFG::ScoreBoard::~ScoreBoard):
+ (JSC::DFG::ScoreBoard::allocate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+
+2011-03-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Production configuration in GYP isn&apos;t set up correctly
+ https://bugs.webkit.org/show_bug.cgi?id=56786
+
+ Update JavaScriptCore.gyp with information mined from
+ JavaScriptCore.xcodeproj.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-22 Kent Tamura <tkent@chromium.org>
+
+ Reviewed by Eric Seidel.
+
+ REGRESSION(r80096): Number type input unexpectedly rounds fractional values
+ https://bugs.webkit.org/show_bug.cgi?id=56367
+
+ Introduce clampToInteger(unsigned).
+
+ * wtf/MathExtras.h:
+ (clampToInteger): Added.
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ GYP build should not have include paths that point within the source tree
+ https://bugs.webkit.org/show_bug.cgi?id=56788
+
+ Turns out we don't need these include paths anymore now that we have
+ header maps working properly.
+
+ * gyp/JavaScriptCore.gyp:
+ - Also, remove jsc.cpp from the excluded list because it's not part
+ of the jsc_files variable instead of the javascriptcore_files
+ variable.
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Solve the Assertions.cpp / -Wno-missing-format-attribute mystery
+ https://bugs.webkit.org/show_bug.cgi?id=56780
+
+ The reason we couldn't resolve this warning in the GYP build was that
+ the normal build disables this warning specifically for this file.
+ This patch takes the same approach as the previous patch to
+ WebCoreObjCExtras.mm in that it uses a pragma to suppress the warning
+ (rather than a build system configuration).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Remove the special-case for this file.
+ * gyp/JavaScriptCore.gyp:
+ - Remove the work-around for this issue.
+ * wtf/Assertions.cpp:
+ - Add a pragma disabling this warning for this file.
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ WebCore GYP build shouldn't crash on startup
+ https://bugs.webkit.org/show_bug.cgi?id=56776
+
+ Debug builds shouldn't define NDEBUG. This same logic exists in the
+ project.pbxproj file.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-21 Robert Kroeger <rjkroege@chromium.org>
+
+ Reviewed by Antonio Gomes.
+
+ Flag to enable/disable a GestureReocognizer framework
+
+ https://bugs.webkit.org/show_bug.cgi?id=49345
+
+ * wtf/Platform.h:
+
+2011-03-21 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add new files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=56766
+
+ * JavaScriptCore.gypi:
+
+2011-03-21 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r81377.
+ http://trac.webkit.org/changeset/81377
+ https://bugs.webkit.org/show_bug.cgi?id=56765
+
+ WebPageSerializerTest.MultipleFrames is broken (Requested by
+ simonjam on #webkit).
+
+ * wtf/Vector.h:
+
+2011-03-21 Gabor Loki <loki@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ Extend constant pool to be able to store 16 bit instructions with a constant
+ https://bugs.webkit.org/show_bug.cgi?id=46796
+
+ The putShortWithConstantInt function inserts a 16 bit instruction which
+ refers a 32 bits constant or literal. This is a vital function for those
+ target which loads a PC relative value with a 16 bit instruction (like
+ Thumb-2 instruction set and SH4 architecture).
+
+ * assembler/AssemblerBuffer.h:
+ (JSC::AssemblerBuffer::putIntegral):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ * assembler/AssemblerBufferWithConstantPool.h:
+
+2011-03-21 Philippe Normand <pnormand@igalia.com>
+
+ Unreviewed, GTK distcheck build fix.
+
+ * GNUmakefile.am:
+
+2011-03-20 Bill Budge <bbudge@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Rename ThreadSafeShared to ThreadSafeRefCounted
+ https://bugs.webkit.org/show_bug.cgi?id=56714
+
+ No new tests. Exposes no new functionality.
+
+ * API/JSClassRef.h:
+ * API/OpaqueJSString.h:
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/Atomics.h:
+ * wtf/CMakeLists.txt:
+ * wtf/CrossThreadRefCounted.h:
+ (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
+ (WTF::::crossThreadCopy):
+ * wtf/ThreadSafeRefCounted.h: Copied from wtf/ThreadSafeShared.h.
+ (WTF::ThreadSafeRefCountedBase::ThreadSafeRefCountedBase):
+ (WTF::ThreadSafeRefCountedBase::ref):
+ (WTF::ThreadSafeRefCountedBase::refCount):
+ (WTF::ThreadSafeRefCountedBase::derefBase):
+ (WTF::ThreadSafeRefCounted::ThreadSafeRefCounted):
+ * wtf/ThreadSafeShared.h: Removed.
+ * wtf/Threading.h:
+
+2011-03-19 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove StringImpl::computeHash()
+ https://bugs.webkit.org/show_bug.cgi?id=49894
+
+ Replace remainig StringImpl::computeHash with StringImpl::computeHashStringHasher.
+
+ * wtf/text/AtomicString.cpp:
+ (WTF::CStringTranslator::hash):
+ (WTF::UCharBufferTranslator::hash):
+ (WTF::HashAndCharactersTranslator::hash):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::setHash):
+ (WTF::StringImpl::hash):
+
+2011-03-19 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Rename WTF::StringHasher methods
+ https://bugs.webkit.org/show_bug.cgi?id=53532
+
+ Rename createHash to computeHash and createBlobHash to hashMemory.
+ Also add a using WTF::StringHasher in the header file.
+
+ * profiler/CallIdentifier.h:
+ (JSC::CallIdentifier::Hash::hash):
+ * runtime/Identifier.cpp:
+ (JSC::IdentifierCStringTranslator::hash):
+ (JSC::IdentifierUCharBufferTranslator::hash):
+ * wtf/StringHasher.h:
+ (WTF::StringHasher::computeHash):
+ (WTF::StringHasher::hashMemory):
+ * wtf/text/StringHash.h:
+ (WTF::CaseFoldingHash::hash):
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::computeHash):
+ * wtf/unicode/UTF8.cpp:
+ (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
+
+2011-03-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ [GTK] JSC crashes in 32bit Release bots after r80743
+ https://bugs.webkit.org/show_bug.cgi?id=56180
+
+ The crash was caused by referencing GC memory from a GC destructor. This
+ is not safe because destruction time / order is not guaranteed.
+
+ * profiler/ProfileGenerator.cpp:
+ (JSC::ProfileGenerator::create):
+ (JSC::ProfileGenerator::ProfileGenerator):
+ (JSC::ProfileGenerator::willExecute):
+ (JSC::ProfileGenerator::didExecute):
+ * profiler/ProfileGenerator.h:
+ (JSC::ProfileGenerator::origin): Made ExecState* the first argument,
+ to match the rest of this class and JSC.
+
+ Use a JSGlobalObject* instead of an ExecState* with an indirect reference
+ to a JSGlobalObject* to track our origin. This is simpler and more
+ efficient, and it removes the destruction order dependency that was causing
+ our crash.
+
+ * profiler/Profiler.cpp:
+ (JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*.
+ (JSC::Profiler::stopProfiling): New function for stopping all profiles
+ for a given global object. This is more straight-forward than multiplexing
+ through the old function.
+
+ (JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*.
+ * profiler/Profiler.h: Ditto.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::~JSGlobalObject): Ditto.
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ 1 Structure leaked beneath JSGlobalData::storeVPtrs()
+ https://bugs.webkit.org/show_bug.cgi?id=56595
+
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::VPtrHackExecutable::VPtrHackExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable): Use a raw pointer instead of
+ PassRefPtr, like JSString does, since JSGlobalData owns the singleton
+ exectuable structure.
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Fixed some string leaks seen on the buildbot
+ https://bugs.webkit.org/show_bug.cgi?id=56619
+
+ * runtime/PropertyMapHashTable.h:
+ (JSC::PropertyTable::~PropertyTable): DEref!
+
+2011-03-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Crash in JSC::MarkStack::drain Under Stress
+ https://bugs.webkit.org/show_bug.cgi?id=56470
+
+ We perform a number of gc allocations while when
+ we are setting up new globals in a piece of global
+ code. We do this by adding new properties to the
+ symbol table, and then expanding the storage to fit
+ at the end.
+
+ If a GC happens during this time we will report an
+ incorrect size for the global object's symbol table
+ storage.
+
+ This patch corrects this by growing the storage size
+ before we starting adding entries to the symbol table.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::resizeRegisters):
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ 1 Structure leaked beneath JSGlobalData::storeVPtrs()
+ https://bugs.webkit.org/show_bug.cgi?id=56595
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs): Take local ownership of the Structure
+ we're using, since the Executable is not designed to own the Structure.
+
+2011-03-17 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber Stamped by Sam Weinig.
+
+ Add missing register-register branchTest8 to MacroAssemblerX86Common/X86Assembler.
+
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::testb_rr):
+
+2011-03-17 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56603 - DFG JIT related cleanup
+ Move node generation out to separate function, move binarySearch algorithm out
+ to StdLibExtras, fix Graph::dump() to print comma between non-node children,
+ even if there are no node children.
+
+ * bytecode/CodeBlock.h:
+ (JSC::getCallReturnOffset):
+ (JSC::CodeBlock::getStubInfo):
+ (JSC::CodeBlock::getCallLinkInfo):
+ (JSC::CodeBlock::getMethodCallLinkInfo):
+ (JSC::CodeBlock::bytecodeOffset):
+ - Move binaryChop to binarySearch in StdLibExtras
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::ByteCodeParser):
+ (JSC::DFG::ByteCodeParser::parse):
+ (JSC::DFG::parse):
+ - Make m_noArithmetic a member, initialize m_currentIndex in the constructor.
+ * dfg/DFGByteCodeParser.h:
+ - Change parse() to not take a start index (always 0).
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ - Fix Graph::dump() to print comma between non-node children, even if there are no node children.
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+ - Initialize m_compileIndex in constructor.
+ * dfg/DFGNonSpeculativeJIT.cpp:
+ (JSC::DFG::NonSpeculativeJIT::compile):
+ * dfg/DFGNonSpeculativeJIT.h:
+ - Spilt out compilation of individual node.
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::operationConvertThis):
+ * dfg/DFGOperations.h:
+ - Cleanup parameter name.
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT.h:
+ - Spilt out compilation of individual node.
+ * runtime/Executable.cpp:
+ (JSC::tryDFGCompile):
+ - Change parse() to not take a start index (always 0).
+ * wtf/StdLibExtras.h:
+ (WTF::binarySearch):
+ - Move binaryChop to binarySearch in StdLibExtras
+
+2011-03-17 Anders Carlsson <andersca@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Fix clang build.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+
+2011-03-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ 1 Structure leaked beneath JSGlobalData::storeVPtrs()
+ https://bugs.webkit.org/show_bug.cgi?id=56595
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs): Now that we have an executable, we need
+ to explicitly run its destructor.
+
+2011-03-17 Jeff Miller <jeffm@apple.com>
+
+ Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically:
+
+ *.mode*
+ *.pbxuser
+ *.perspective*
+ project.xcworkspace
+ xcuserdata
+
+ * JavaScriptCore.xcodeproj: Modified property svn:ignore.
+
+2011-03-17 Gavin Barraclough <barraclough@apple.com>
+
+ Reverting r81197, breaks JIT + INTERPRETER build.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
+ (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addPropertyAccessInstruction):
+ (JSC::CodeBlock::addGlobalResolveInstruction):
+ (JSC::CodeBlock::addStructureStubInfo):
+ * bytecode/Opcode.h:
+ * bytecode/StructureStubInfo.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::emitCatch):
+
+2011-03-17 Ben Taylor <bentaylor.solx86@gmail.com>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Add a COMPILER(SUNCC) define for Sun Studio 12.
+ https://bugs.webkit.org/show_bug.cgi?56444
+ derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932
+
+ * wtf/Platform.h:
+
+2011-03-17 Jay Civelli <jcivelli@chromium.org>
+
+ Reviewed by David Levin.
+
+ Adding a contains method to Vector.
+ https://bugs.webkit.org/show_bug.cgi?id=55859
+
+ * wtf/Vector.h:
+ (WTF::::operator):
+ (WTF::::contains):
+
+2011-03-17 Patrick Gansterer <paroga@webkit.org>
+
+ Fix the interpreter build.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Added globalData to inheritorID().
+
+2011-03-16 Sam Weinig <sam@webkit.org>
+
+ Fix the interpreter build.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::resolve):
+ (JSC::Interpreter::resolveSkip):
+ (JSC::Interpreter::resolveGlobal):
+ (JSC::Interpreter::resolveGlobalDynamic):
+ (JSC::Interpreter::resolveBaseAndProperty):
+ (JSC::Interpreter::privateExecute):
+ Remove .get()s.
+
+2011-03-16 Adam Barth <abarth@webkit.org>
+
+ Reviewed by James Robinson.
+
+ Remove USE(BUILTIN_UTF8_CODEC)
+ https://bugs.webkit.org/show_bug.cgi?id=56508
+
+ We added this recently when we were unsure about the stability of the
+ built-in UTF-8 codec. However, the codec seems to be stable, so we
+ don't need the macro.
+
+ * wtf/Platform.h:
+
+2011-03-16 Daniel Bates <dbates@rim.com>
+
+ Reviewed by Darin Adler.
+
+ Make JIT build for ARM Thumb-2 with RVCT
+ https://bugs.webkit.org/show_bug.cgi?id=56440
+
+ Derived from a patch by Dave Tapuska.
+
+ Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment.
+
+ * jit/JITStubs.cpp:
+
+2011-03-16 Chao-ying Fu <fu@mips.com>
+
+ Reviewed by Darin Adler.
+
+ Fix MIPS build with const *void
+ https://bugs.webkit.org/show_bug.cgi?id=56513
+
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load32):
+ (JSC::MacroAssemblerMIPS::store32):
+
+2011-03-16 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Remove unnecessary caller tracking shenanigans from CodeBlock
+ https://bugs.webkit.org/show_bug.cgi?id=56483
+
+ This removes some leftover cruft from when we made CodeBlock
+ mark its callees. Removing it gives us a 0.7% progression,
+ reducing the overall regression to ~1.3%.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::shrinkToFit):
+ * bytecode/CodeBlock.h:
+ (JSC::CallLinkInfo::CallLinkInfo):
+ * jit/JIT.cpp:
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+
+2011-03-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make Structure creation require a JSGlobalData
+ https://bugs.webkit.org/show_bug.cgi?id=56438
+
+ Mechanical change to make Structure::create require JSGlobalData&, and
+ require all users to provide the globalData.
+
+ * API/JSCallbackConstructor.h:
+ (JSC::JSCallbackConstructor::createStructure):
+ * API/JSCallbackFunction.h:
+ (JSC::JSCallbackFunction::createStructure):
+ * API/JSCallbackObject.h:
+ (JSC::JSCallbackObject::createStructure):
+ * API/JSContextRef.cpp:
+ * JavaScriptCore.exp:
+ * debugger/DebuggerActivation.cpp:
+ (JSC::DebuggerActivation::DebuggerActivation):
+ * debugger/DebuggerActivation.h:
+ (JSC::DebuggerActivation::createStructure):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jsc.cpp:
+ (GlobalObject::GlobalObject):
+ (functionRun):
+ (jscmain):
+ * runtime/Arguments.h:
+ (JSC::Arguments::createStructure):
+ * runtime/ArrayPrototype.h:
+ (JSC::ArrayPrototype::createStructure):
+ * runtime/BooleanObject.h:
+ (JSC::BooleanObject::createStructure):
+ * runtime/DateInstance.h:
+ (JSC::DateInstance::createStructure):
+ * runtime/DatePrototype.h:
+ (JSC::DatePrototype::createStructure):
+ * runtime/ErrorInstance.h:
+ (JSC::ErrorInstance::createStructure):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::createStructure):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionPrototype.h:
+ (JSC::FunctionPrototype::createStructure):
+ * runtime/GetterSetter.h:
+ (JSC::GetterSetter::createStructure):
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::createStructure):
+ * runtime/JSAPIValueWrapper.h:
+ (JSC::JSAPIValueWrapper::createStructure):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::createStructure):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::JSArray):
+ * runtime/JSArray.h:
+ (JSC::JSArray::createStructure):
+ * runtime/JSByteArray.cpp:
+ (JSC::JSByteArray::createStructure):
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::JSByteArray):
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::createDummyStructure):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::createStructure):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ (JSC::JSGlobalObject::createStructure):
+ * runtime/JSNotAnObject.h:
+ (JSC::JSNotAnObject::createStructure):
+ * runtime/JSONObject.h:
+ (JSC::JSONObject::createStructure):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::createInheritorID):
+ * runtime/JSObject.h:
+ (JSC::JSObject::createStructure):
+ (JSC::JSNonFinalObject::createStructure):
+ (JSC::JSFinalObject::createStructure):
+ (JSC::createEmptyObjectStructure):
+ (JSC::JSObject::inheritorID):
+ * runtime/JSObjectWithGlobalObject.h:
+ (JSC::JSObjectWithGlobalObject::createStructure):
+ * runtime/JSPropertyNameIterator.h:
+ (JSC::JSPropertyNameIterator::createStructure):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::createStructure):
+ * runtime/JSString.h:
+ (JSC::RopeBuilder::createStructure):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::createStructure):
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::createStructure):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::createStructure):
+ * runtime/MathObject.h:
+ (JSC::MathObject::createStructure):
+ * runtime/NativeErrorConstructor.cpp:
+ (JSC::NativeErrorConstructor::NativeErrorConstructor):
+ * runtime/NativeErrorConstructor.h:
+ (JSC::NativeErrorConstructor::createStructure):
+ * runtime/NumberConstructor.h:
+ (JSC::NumberConstructor::createStructure):
+ * runtime/NumberObject.h:
+ (JSC::NumberObject::createStructure):
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/RegExpConstructor.h:
+ (JSC::RegExpConstructor::createStructure):
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::createStructure):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::createStructure):
+ * runtime/StringObject.h:
+ (JSC::StringObject::createStructure):
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+ * runtime/StringPrototype.h:
+ (JSC::StringPrototype::createStructure):
+ * runtime/Structure.h:
+ (JSC::Structure::create):
+
+2011-03-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Some conservative root gathering cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=56447
+
+ SunSpider says 0.5% - 1.8% faster.
+
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::gatherConservativeRoots):
+ * interpreter/RegisterFile.h: New helper function for doing the
+ conservative gathering of the register file. It's still conservative,
+ since the register file may contain uninitialized values, but it's
+ moving-safe, because it only visits values tagged as pointers, so there's
+ no risk of mistaking an integer for a pointer and accidentally changing it.
+
+ * runtime/ConservativeSet.cpp:
+ (JSC::ConservativeRoots::add):
+ * runtime/ConservativeSet.h: Added a single-value add function, used above.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots): Separated machine stack conservative roots from
+ register file conservative roots because machine stack roots must be
+ pinned, but register file roots need not be pinned.
+
+ Adopted new interface for passing the current stack extent to the machine
+ stack root gathering routine. This allows us to exclude marking-related
+ data structures on the stack, and thus avoid double-marking the set of
+ machine roots.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::MachineThreads::gatherFromCurrentThread):
+ (JSC::MachineThreads::gatherConservativeRoots):
+ * runtime/MachineStackMarker.h: Added new interface, described above.
+
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::firstAtom):
+ * wtf/StdLibExtras.h:
+ (WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used
+ by MachineStacks.
+
+2011-03-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ A little bit of MarkStack cleanup
+ https://bugs.webkit.org/show_bug.cgi?id=56443
+
+ Moved MarkStack functions into MarkStack.h/.cpp.
+
+ SunSpider reports no change.
+
+ * runtime/JSArray.h:
+ * runtime/JSCell.h: Moved from here...
+ * runtime/MarkStack.cpp:
+ (JSC::MarkStack::markChildren):
+ (JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's
+ a huge function, and not called many times.
+
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::~MarkStack): Moved near constructor, per style guide.
+ (JSC::MarkStack::append):
+ (JSC::MarkStack::deprecatedAppend):
+ (JSC::MarkStack::internalAppend): Moved to here.
+
+2011-03-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed another deprecatedAppend
+ https://bugs.webkit.org/show_bug.cgi?id=56429
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::markStrongHandles):
+ * collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are
+ marked directly by the Heap.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots): Ditto.
+
+2011-03-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed some more deprecated / unsafe append
+ https://bugs.webkit.org/show_bug.cgi?id=56428
+
+ * collector/handles/HandleStack.cpp:
+ (JSC::HandleStack::mark):
+ * collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot
+ marker, since it's a heap root.
+
+ * runtime/ArgList.cpp:
+ (JSC::MarkedArgumentBuffer::markLists):
+ (JSC::MarkedArgumentBuffer::slowAppend):
+ * runtime/ArgList.h: Ditto.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots): Added a mark call for marking the handle stack.
+ It seems like Oliver forgot this in his last patch. (!)
+
+ * runtime/MarkStack.h: Removed appendSlots, since it would allow an
+ object to embed JSValues directly instead of using WriteBarrier.
+
+ (JSC::MarkStack::append): Added a private append for a list of values.
+
+ (JSC::HeapRootMarker::mark): Access to the above.
+
+2011-03-15 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed a few more deprecatedAppends, and removed HeapRoot<T>
+ https://bugs.webkit.org/show_bug.cgi?id=56422
+
+ Added HeapRootMarker, a privileged class for marking direct heap roots
+ that are iterated during each garbage collection. This is easier to use
+ and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>.
+
+ * debugger/Debugger.cpp:
+ (JSC::evaluateInGlobalCallFrame):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::evaluate):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::exception):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Completion.cpp:
+ (JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to
+ call .get() on it.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markProtectedObjects):
+ (JSC::Heap::markTempSortVectors):
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h: Updated to use HeapRootMarker.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkStack::append): Added private functions for
+ HeapRootMarker to use.
+
+ * runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>.
+
+ * runtime/MarkStack.h:
+ (JSC::HeapRootMarker::HeapRootMarker):
+ (JSC::HeapRootMarker::mark): Added private functions for
+ HeapRootMarker to use.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStrings::markChildren): Updated to use HeapRootMarker.
+
+ * runtime/SmallStrings.h:
+ (JSC::SmallStrings::emptyString):
+ (JSC::SmallStrings::singleCharacterString):
+ (JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker.
+
+ * runtime/WriteBarrier.h: Removed HeapRoot<T>.
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made the global object moving-GC-safe
+ https://bugs.webkit.org/show_bug.cgi?id=56348
+
+ SunSpider reports no change.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
+ suggested we do not need to visit all our references during GC, since
+ that is not true in a moving GC.
+
+ Re-sorted data members by type, removed one duplicate, and added back
+ the one missing mark I found.
+
+ * runtime/JSGlobalObject.h: Re-sorted data members by type.
+
+2011-03-15 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Introduce Local<T> to allow us to start moving to precise marking of locals
+ https://bugs.webkit.org/show_bug.cgi?id=56394
+
+ Introduce a new handle type, Local<T> and a scoping mechanism
+ LocalScope to allow us to start moving towards precise marking
+ of temporaries and local variables.
+
+ We also start to use the new Local<> type in the JSON stringifier
+ so that we can have some coverage of their behaviour in the initial
+ checkin.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.pro:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * collector/handles/Handle.h:
+ (JSC::::asObject):
+ * collector/handles/HandleStack.cpp: Added.
+ (JSC::HandleStack::HandleStack):
+ (JSC::HandleStack::mark):
+ (JSC::HandleStack::grow):
+ * collector/handles/HandleStack.h: Added.
+ (JSC::HandleStack::enterScope):
+ (JSC::HandleStack::zapTo):
+ (JSC::HandleStack::leaveScope):
+ (JSC::HandleStack::push):
+ * collector/handles/Local.h: Added.
+ (JSC::Local::internalSet):
+ (JSC::::Local):
+ (JSC::::operator):
+ (JSC::LocalStack::LocalStack):
+ (JSC::LocalStack::peek):
+ (JSC::LocalStack::pop):
+ (JSC::LocalStack::push):
+ (JSC::LocalStack::isEmpty):
+ (JSC::LocalStack::size):
+ * collector/handles/LocalScope.h: Added.
+ (JSC::LocalScope::LocalScope):
+ (JSC::LocalScope::~LocalScope):
+ (JSC::LocalScope::release):
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h:
+ (JSC::Heap::allocateLocalHandle):
+ (JSC::Heap::handleStack):
+ * runtime/JSCell.h:
+ (JSC::JSCell::::getString):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::allocateLocalHandle):
+ * runtime/JSONObject.cpp:
+ (JSC::Stringifier::Stringifier):
+ (JSC::Stringifier::stringify):
+ (JSC::Stringifier::appendStringifiedValue):
+ (JSC::Stringifier::Holder::Holder):
+ (JSC::Walker::Walker):
+ (JSC::Walker::walk):
+ (JSC::JSONProtoFuncParse):
+ (JSC::JSONProtoFuncStringify):
+ (JSC::JSONStringify):
+ * runtime/JSONObject.h:
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::appendValues):
+ (JSC::MarkStack::appendSlots):
+
+2011-03-15 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber Stamped by Sam Weinig.
+
+ Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler
+ Some methods have unnecessary differences in name/arguments for interpreter/JIT.
+
+ * bytecode/CodeBlock.cpp:
+ * bytecode/CodeBlock.h:
+ (JSC::HandlerInfo::HandlerInfo):
+ (JSC::CodeBlock::addPropertyAccessInfo):
+ (JSC::CodeBlock::addGlobalResolveInfo):
+ (JSC::CodeBlock::addCallLinkInfo):
+ (JSC::CodeBlock::globalResolveInfo):
+ * bytecode/Opcode.h:
+ * bytecode/StructureStubInfo.h:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolve):
+ (JSC::BytecodeGenerator::emitResolveWithBase):
+ (JSC::BytecodeGenerator::emitGetById):
+ (JSC::BytecodeGenerator::emitPutById):
+ (JSC::BytecodeGenerator::emitDirectPutById):
+ (JSC::BytecodeGenerator::emitCall):
+ (JSC::BytecodeGenerator::emitConstruct):
+ (JSC::BytecodeGenerator::emitCatch):
+
+2011-03-15 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Fix broken assert in new code.
+
+ * dfg/DFGAliasTracker.h:
+ (JSC::DFG::AliasTracker::recordPutByVal):
+ - recordPutByVal is called for both PutByVal & PutByValAlias.
+
+2011-03-15 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by Sam Weinig.
+
+ Removed redundant code from BytecodeGenerator.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ * bytecompiler/BytecodeGenerator.h:
+ - delete uncalled code missed when reparsing was removed.
+
+2011-03-15 Kevin Ollivier <kevino@theolliviers.com>
+
+ Reviewed by Darin Adler.
+
+ Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export
+ info into the headers rather than in export symbol definition files, but disable it on
+ all platforms initially so we can deal with port build issues one port at a time.
+
+ https://bugs.webkit.org/show_bug.cgi?id=27551
+
+ * API/JSBase.h:
+ * config.h:
+ * wtf/Assertions.h:
+ * wtf/ExportMacros.h: Added.
+ * wtf/Platform.h:
+
+2011-03-14 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ Unreviewed build fix.
+
+ Buildfix when JIT is not enabled after r81079
+ https://bugs.webkit.org/show_bug.cgi?id=56361
+
+ * runtime/Executable.cpp:
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made the global object moving-GC-safe
+ https://bugs.webkit.org/show_bug.cgi?id=56348
+
+ SunSpider reports no change.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
+ suggested we do not need to visit all our references during GC, since
+ that is not true in a moving GC.
+
+ Re-sorted data members by type, removed one duplicate, and added back
+ the one missing mark I found.
+
+ * runtime/JSGlobalObject.h: Re-sorted data members by type.
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made JSWrapperObject and subclasses moving-GC-safe
+ https://bugs.webkit.org/show_bug.cgi?id=56346
+
+ SunSpider reports no change.
+
+ * runtime/BooleanObject.cpp:
+ (JSC::BooleanObject::BooleanObject):
+ * runtime/DateInstance.cpp:
+ (JSC::DateInstance::DateInstance): No more need for JSGlobalData, since
+ we don't initialize the wrapped value in our constructor.
+
+ * runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because
+ we do not in fact override markChildren.
+
+ * runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object
+ no longer does so for us. Also added an ASSERT to catch a latent bug,
+ where DatePrototype stomped on its base class's anonymous slot. Hard-coded
+ anonymous slots are a plague on our code. This doesn't cause any problems
+ in our existing code since the base class never reads the anonymous slot
+ it declares, but it caused crashes when I tried to start using the slot
+ in an initial version of this patch.
+
+ * runtime/JSWrapperObject.h:
+ (JSC::JSWrapperObject::JSWrapperObject):
+ (JSC::JSWrapperObject::internalValue):
+ (JSC::JSWrapperObject::setInternalValue): Resolved a problem where
+ our internal value was stored in two places: an anonymous slot, and a
+ data member which was not always visited during GC. Now, we only use the
+ data member, and we always visit it. (Instead of relying on certain
+ subclasses to set the OverridesMarkChildren bit, we set it ourselves.)
+
+ * runtime/NumberObject.cpp:
+ (JSC::NumberObject::NumberObject): No more need for JSGlobalData, since
+ we don't initialize the wrapped value in our constructor.
+
+ * runtime/NumberObject.h: Removed meaningless declaration.
+
+ * runtime/StringObject.cpp:
+ (JSC::StringObject::StringObject): No more need for JSGlobalData, since
+ we don't initialize the wrapped value in our constructor.
+
+ * runtime/StringObject.h: Don't set the OverridesMarkChildren flag because
+ we do not in fact override markChildren.
+
+ * runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object
+ no longer does so for us. Also added an ASSERT to catch a latent bug,
+ where DatePrototype stomped on its base class's anonymous slot. Hard-coded
+ anonymous slots are a plague on our code.
+
+2011-03-14 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Look-ahead assertions with back references don’t work as expected
+ https://bugs.webkit.org/show_bug.cgi?id=56082
+
+ Changed parentheses assertion processing to temporarily back out the
+ number of known characters after the assertion while processing the
+ assertion. This was done so that assertions don't fail due to
+ checking the number of required characters as additional to the
+ rest of the express since assertions don't "consume" input.
+ Added a byte code to uncheck characters to support the change.
+
+ * yarr/YarrInterpreter.cpp:
+ (JSC::Yarr::Interpreter::matchDisjunction):
+ (JSC::Yarr::ByteCompiler::uncheckInput):
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+ * yarr/YarrInterpreter.h:
+ (JSC::Yarr::ByteTerm::UncheckInput):
+
+2011-03-14 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian.
+ https://bugs.webkit.org/show_bug.cgi?id=56133
+
+ Add condition to not compile webkit internal math round functions on RVCT compiler versions
+ from 3.0.0 because they are already defined in compiler math library.
+
+ * wtf/MathExtras.h:
+
+2011-03-14 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Geoffrey Garen & Oliver Hunt.
+
+ Bug 56284 - Add a dataflow intermediate representation for use in JIT generation.
+
+ The JSC JIT presently generates code directly from the bytecode used by the interpreter.
+ This is not an optimal intermediate representation for JIT code generation, since it does
+ not capture liveness information of values, and provides little opportunity to perform
+ any static analysis for even primitive types. The JIT currently generates two code paths,
+ a fast path handling common cases, and a slower path handling less common operand types.
+ However the slow path jumps back into the fast path, meaning that information arising
+ from the earlier type checks cannot be propagated to later operations.
+
+ This patch adds:
+ * a dataflow intermediate representation capable of describing a single basic block
+ of operations,
+ * a mechanism to convert a simple, single-block bytecode functions to the new IR,
+ * and a JIT code generator capable of generating code from this representation.
+
+ The JIT generates two code paths, with the slower path not reentering the fast path
+ mid-block, allowing speculative optimizations to be made on the hot path, with type
+ information arising from these speculative decisions able to be propagated through the
+ dataflow. Code generation of both speculative and non-speculative paths exploits the type
+ and liveness information represented in the dataflow graph to attempt to avoid redundant
+ boxing and type-checking of values, and to remove unnecessary spills of temporary values
+ to the RegisterFile.
+
+ The dataflow JIT currently can only support a subset of bytecode operations, limited to
+ arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
+ dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
+ expanded to include, control-flow, function calls, and then the long-tail of remaining
+ bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
+ this only supports x86-64.
+
+ The status of the dataflow JIT is currently work-in-progress. Limitations of the present
+ JIT code generation may cause performance regressions, particularly:
+ * the policy to only generate arithmetic code on the speculative path using integer
+ instructions, never using floating point.
+ * the policy to only generate arithmetic code on the non-speculative path using
+ floating point instructions, never using integer.
+ * always generating JSValue adds on the non-speculative path as a call out to a
+ C-function, never handling this in JIT code.
+ * always assuming by-Value property accesses on the speculative path to be array
+ accesses.
+ * generating all by-Value property accesses from the non-speculative path as a call
+ out to a C-function.
+ * generating all by-Indentifer property accesses as a call out to a C-function.
+ Due to these regressions, the code is landed in a state where it is disabled in most
+ cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
+ addressed, the JIT will be allowed to trigger in more cases.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Added new files to Xcode project.
+ * dfg: Added.
+ - Added directory for new code.
+ * dfg/DFGByteCodeParser.cpp: Added.
+ * dfg/DFGByteCodeParser.h: Added.
+ - Contruct a DFG::Graph representation from a bytecode CodeBlock.
+ * dfg/DFGGenerationInfo.h: Added.
+ - Track type & register information for VirtualRegisters during JIT code generation.
+ * dfg/DFGGraph.cpp: Added.
+ * dfg/DFGGraph.h: Added.
+ - Dataflow graph intermediate representation for code generation.
+ * dfg/DFGJITCodeGenerator.cpp: Added.
+ * dfg/DFGJITCodeGenerator.h: Added.
+ - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
+ * dfg/DFGJITCompiler.cpp: Added.
+ * dfg/DFGJITCompiler.h: Added.
+ - Class responsible for driving code generation of speculativeJIT & non-speculative
+ code paths from the dataflow graph.
+ * dfg/DFGNonSpeculativeJIT.cpp: Added.
+ * dfg/DFGNonSpeculativeJIT.h: Added.
+ - Used to generate the non-speculative code path, this make no assumptions
+ about operand types.
+ * dfg/DFGOperations.cpp: Added.
+ * dfg/DFGOperations.h: Added.
+ - Helper functions called from the JIT generated code.
+ * dfg/DFGRegisterBank.h: Added.
+ - Used to track contents of physical registers during JIT code generation.
+ * dfg/DFGSpeculativeJIT.cpp: Added.
+ * dfg/DFGSpeculativeJIT.h: Added.
+ - Used to generate the speculative code path, this make assumptions about
+ operand types to enable optimization.
+ * runtime/Executable.cpp:
+ - Add code to attempt to use the DFG JIT to compile a function, with fallback
+ to the existing JIT.
+ * wtf/Platform.h:
+ - Added compile guards to enable the DFG JIT.
+
+2011-03-14 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed more cases of DeprecatedPtr (exception, SmallStrings)
+ https://bugs.webkit.org/show_bug.cgi?id=56332
+
+ * runtime/Identifier.cpp:
+ (JSC::Identifier::add):
+ (JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded
+ constant, to make this code less brittle.
+
+ * runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because
+ this reference is owned and managed directly by the heap.
+
+ * runtime/JSString.cpp:
+ (JSC::JSString::substringFromRope):
+ * runtime/JSString.h:
+ (JSC::jsSingleCharacterString):
+ (JSC::jsSingleCharacterSubstring):
+ (JSC::jsString):
+ (JSC::jsStringWithFinalizer):
+ (JSC::jsSubstring):
+ (JSC::jsOwnedString): Use a variable instead of a hard-coded
+ constant, to make this code less brittle.
+
+ * runtime/SmallStrings.cpp:
+ (JSC::SmallStringsStorage::rep):
+ (JSC::SmallStringsStorage::SmallStringsStorage):
+ (JSC::SmallStrings::SmallStrings):
+ (JSC::SmallStrings::markChildren):
+ (JSC::SmallStrings::clear):
+ (JSC::SmallStrings::count): Use a variable instead of a hard-coded
+ constant, to make this code less brittle.
+
+ * runtime/SmallStrings.h:
+ (JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of
+ DeprecatedPtr because these references are owned and managed directly by
+ the heap.
+
+ Stop using FixedArray because we only want a very limited set
+ of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.)
+
+ * runtime/WriteBarrier.h:
+ (JSC::operator==):
+ (JSC::WriteBarrier::WriteBarrier):
+ (JSC::HeapRoot::HeapRoot):
+ (JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set
+ without write barrier because we assume all HeapRoots are scanned during
+ all GC passes.
+
+2011-03-14 Brian Weinstein <bweinstein@apple.com>
+
+ Reviewed by Adam Roben and Gavin Barraclough.
+
+ FileSystemWin.cpp needs listDirectory() implementation
+ https://bugs.webkit.org/show_bug.cgi?id=56331
+ <rdar://problem/9126635>
+
+ Give StringConcatenate the ability to deal with const UChar*'s as a String type to append.
+
+ * wtf/text/StringConcatenate.h:
+
+2011-03-14 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ <http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot
+
+ * API/JSClassRef.cpp:
+ (OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if
+ the class definition contains duplicates. This also removes what look to be leaks
+ of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr
+ which retains / releases the instances at the appropriate time, so explicitly calling
+ ref is not necessary.
+
+2011-03-14 Oliver Hunt <oliver@apple.com>
+
+ Fix windows build
+
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::emitLoadInt32):
+ (JSC::JSInterfaceJIT::tagFor):
+ (JSC::JSInterfaceJIT::payloadFor):
+ (JSC::JSInterfaceJIT::intPayloadFor):
+ (JSC::JSInterfaceJIT::intTagFor):
+ (JSC::JSInterfaceJIT::addressFor):
+
+2011-03-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Ensure all values are correctly tagged in the registerfile
+ https://bugs.webkit.org/show_bug.cgi?id=56214
+
+ This patch makes sure that all JSCell pointers written to
+ the registerfile are correctly tagged as JSCells, and replaces
+ raw int usage with the immediate representation.
+
+ For performance, register pressure, and general saneness reasons
+ I've added abstractions for reading and writing the tag
+ and payload of integer registers directly for the JSVALUE64
+ encoding.
+
+ * interpreter/Register.h:
+ (JSC::Register::withInt):
+ (JSC::Register::withCallee):
+ (JSC::Register::operator=):
+ (JSC::Register::i):
+ (JSC::Register::activation):
+ (JSC::Register::function):
+ (JSC::Register::propertyNameIterator):
+ (JSC::Register::scopeChain):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutToCallFrameHeader):
+ (JSC::JIT::emitPutCellToCallFrameHeader):
+ (JSC::JIT::emitPutIntToCallFrameHeader):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::intPayloadFor):
+ (JSC::JSInterfaceJIT::intTagFor):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnJSValue):
+ (JSC::SpecializedThunkJIT::returnDouble):
+ (JSC::SpecializedThunkJIT::returnInt32):
+ (JSC::SpecializedThunkJIT::returnJSCell):
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ A few Heap-related renames (sans file moves, which should come next)
+ https://bugs.webkit.org/show_bug.cgi?id=56283
+
+ ConservativeSet => ConservativeRoots. "Set" was misleading, since items
+ are not uniqued. Also, "Roots" is more specific about what's in the set.
+
+ MachineStackMarker => MachineThreads. "Threads" is more descriptive of
+ the fact that this class maintains a set of all threads using JSC.
+ "Stack" was misleading, since this class traverses stacks and registers.
+ "Mark" was misleading, since this class doesn't mark anything anymore.
+
+ registerThread => addCurrentThread. "Current" is more specific.
+ unregisterThread => removeCurrentThread. "Current" is more specific.
+
+ "currentThreadRegistrar" => threadSpecific. The only point of this data
+ structure is to register a thread-specific destructor with a pointer to
+ this.
+
+ "mark...Conservatively" => "gather". "Mark" is not true, since these
+ functions don't mark anything. "Conservatively" is redundant, since they
+ take "ConservativeRoots" as an argument.
+
+ * API/APIShims.h:
+ (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
+ * JavaScriptCore.exp:
+ * runtime/ConservativeSet.cpp:
+ (JSC::ConservativeRoots::grow):
+ (JSC::ConservativeRoots::add):
+ * runtime/ConservativeSet.h:
+ (JSC::ConservativeRoots::ConservativeRoots):
+ (JSC::ConservativeRoots::~ConservativeRoots):
+ (JSC::ConservativeRoots::size):
+ (JSC::ConservativeRoots::roots):
+ * runtime/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h:
+ (JSC::Heap::machineThreads):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::makeUsableFromMultipleThreads):
+ * runtime/MachineStackMarker.cpp:
+ (JSC::MachineThreads::MachineThreads):
+ (JSC::MachineThreads::~MachineThreads):
+ (JSC::MachineThreads::makeUsableFromMultipleThreads):
+ (JSC::MachineThreads::addCurrentThread):
+ (JSC::MachineThreads::removeThread):
+ (JSC::MachineThreads::removeCurrentThread):
+ (JSC::MachineThreads::gatherFromCurrentThreadInternal):
+ (JSC::MachineThreads::gatherFromCurrentThread):
+ (JSC::MachineThreads::gatherFromOtherThread):
+ (JSC::MachineThreads::gatherConservativeRoots):
+ * runtime/MachineStackMarker.h:
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append):
+
+2011-03-13 David Kilzer <ddkilzer@apple.com>
+
+ BUILD FIX for armv7 after r80969
+
+ Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
+ <https://bugs.webkit.org/show_bug.cgi?id=56270>
+
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load32): Made void* address argument
+ const.
+ (JSC::MacroAssemblerARMv7::store32): Ditto.
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Not reviewed.
+
+ Try to fix the Mac build.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward
+ ConervativeSet.h, since it's now visible when compiling other projects.
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed another case of DeprecatedPtr (ConservativeSet)
+ https://bugs.webkit.org/show_bug.cgi?id=56281
+
+ The ConservativeSet is an internal data structure used during marking,
+ so direct pointers are fine.
+
+ * runtime/ConservativeSet.cpp:
+ (JSC::ConservativeSet::grow):
+ * runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append.
+ (JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated
+ the size of the set based on sizeof(DeprecatedPtr<T>*) instead of
+ sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not.
+ (JSC::ConservativeSet::size):
+ (JSC::ConservativeSet::set): Use direct pointers, as stated above.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::markRoots):
+ * runtime/MarkStack.h:
+ (JSC::MarkStack::append): Created a special case of append for
+ ConservativeSet. I didn't want to add back a generic "append JSCell*"
+ function, since other class might start using that wrong. (In the end,
+ this function might go away, since the Heap will want to do something
+ slightly more interesting with the conservative set, but this is OK for
+ now.)
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed another case of DeprecatedPtr (PutPropertySlot)
+ https://bugs.webkit.org/show_bug.cgi?id=56278
+
+ * runtime/PutPropertySlot.h:
+ (JSC::PutPropertySlot::setExistingProperty):
+ (JSC::PutPropertySlot::setNewProperty):
+ (JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot,
+ since it's a stack-allocated temporary.
+
+2011-03-13 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Removed one case of DeprecatedPtr (ScopeChainIterator)
+ https://bugs.webkit.org/show_bug.cgi?id=56277
+
+ * runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator,
+ since it's a stack-allocated temporary.
+
+2011-03-13 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56273 - Add three operand forms to MacroAssember operations.
+
+ Adding for X86(_64) for now, should be rolled out to other backends as necessary.
+ These may allow more efficient code generation in some cases, avoiding the need
+ for unnecessary register-register move instructions.
+
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::Jump::link):
+ (JSC::AbstractMacroAssembler::Jump::linkTo):
+ - marked these methods const.
+ (JSC::AbstractMacroAssembler::Jump::isSet):
+ - add a method to check whether a Jump object has been set to
+ reference an instruction, or is in a null, unset state.
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::FunctionPtr::FunctionPtr):
+ - add non-explicit constructor, for FunctionPtr's to C/C++ functions.
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::and32):
+ (JSC::MacroAssemblerX86Common::lshift32):
+ (JSC::MacroAssemblerX86Common::or32):
+ (JSC::MacroAssemblerX86Common::rshift32):
+ (JSC::MacroAssemblerX86Common::urshift32):
+ (JSC::MacroAssemblerX86Common::xor32):
+ (JSC::MacroAssemblerX86Common::moveDouble):
+ (JSC::MacroAssemblerX86Common::addDouble):
+ (JSC::MacroAssemblerX86Common::divDouble):
+ (JSC::MacroAssemblerX86Common::subDouble):
+ (JSC::MacroAssemblerX86Common::mulDouble):
+ (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
+ (JSC::MacroAssemblerX86Common::branchTest32):
+ (JSC::MacroAssemblerX86Common::branchTest8):
+ (JSC::MacroAssemblerX86Common::branchAdd32):
+ (JSC::MacroAssemblerX86Common::branchMul32):
+ (JSC::MacroAssemblerX86Common::branchSub32):
+ - add three operand forms of these instructions.
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::addDouble):
+ (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
+ (JSC::MacroAssemblerX86_64::loadPtr):
+ (JSC::MacroAssemblerX86_64::branchTestPtr):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::JmpSrc::isSet):
+ - add a method to check whether a JmpSrc object has been set to
+ reference an instruction, or is in a null, unset state.
+ (JSC::X86Assembler::movsd_rr):
+ - added FP register-register move.
+ (JSC::X86Assembler::linkJump):
+ - Add an assert to check jumps aren't linked more than once.
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadInt32ToDouble):
+ - load integers to the FPU via regsiters on x86-64.
+
+2011-03-13 Gavin Barraclough <barraclough@apple.com>
+
+ ARM build fix.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load32):
+
+2011-03-13 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
+
+ The JIT need to 'friend' other classes in order to be able to calculate offsets
+ of various properties, or the absolute addresses of members within specific objects,
+ in order to JIT generate code that will access members within the class when run.
+
+ Instead of using friends in these cases, switch to providing specific accessor
+ methods to provide this information. In the case of offsets, these can be static
+ functions, and in the case of pointers to members within a specific object these can
+ be const methods returning pointers to const values, to prevent clients from
+ modifying values otherwise encapsulated within classes.
+
+ * bytecode/SamplingTool.h:
+ * interpreter/Register.h:
+ * interpreter/RegisterFile.h:
+ * runtime/JSArray.h:
+ * runtime/JSCell.h:
+ * runtime/JSTypeInfo.h:
+ * runtime/JSVariableObject.h:
+ * runtime/Structure.h:
+ * wtf/RefCounted.h:
+ - Change these classes to no longer friend the JIT, add accessors for member offsets.
+ * jit/JIT.cpp:
+ * jit/JITCall32_64.cpp:
+ * jit/JITInlineMethods.h:
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * jit/JITPropertyAccess.cpp:
+ * jit/JITPropertyAccess32_64.cpp:
+ - Change the JIT to use class accessors, rather than taking object ofsets directly.
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/MacroAssemblerX86_64.h:
+ * assembler/X86Assembler.h:
+ - Since the accessors for objects members return const pointers to retain encapsulation,
+ methods generating code with absolute addresses must be able to handle const pointers
+ (the JIT doesn't write to these values, do dies treat the pointer to value as const
+ from within the C++ code of the JIT, if not at runtime!).
+
+2011-03-12 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r80919.
+ http://trac.webkit.org/changeset/80919
+ https://bugs.webkit.org/show_bug.cgi?id=56251
+
+ all windows bots failed to compile this change (Requested by
+ loislo on #webkit).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/StructureStubInfo.cpp:
+ * interpreter/Register.h:
+ (JSC::Register::withInt):
+ (JSC::Register::withCallee):
+ (JSC::Register::operator=):
+ (JSC::Register::i):
+ (JSC::Register::activation):
+ (JSC::Register::function):
+ (JSC::Register::propertyNameIterator):
+ (JSC::Register::scopeChain):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutToCallFrameHeader):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::payloadFor):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnJSValue):
+ (JSC::SpecializedThunkJIT::returnDouble):
+ (JSC::SpecializedThunkJIT::returnInt32):
+ (JSC::SpecializedThunkJIT::returnJSCell):
+ * runtime/ArgList.cpp:
+ * runtime/DateConversion.cpp:
+ * runtime/GCActivityCallbackCF.cpp:
+ * runtime/Identifier.cpp:
+ * runtime/JSActivation.h:
+ (JSC::asActivation):
+ * runtime/JSLock.cpp:
+ * runtime/JSNumberCell.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSValue.h:
+ * runtime/JSZombie.cpp:
+ * runtime/MarkedBlock.cpp:
+ * runtime/MarkedSpace.cpp:
+ * runtime/PropertyNameArray.cpp:
+ * runtime/ScopeChain.h:
+ (JSC::ExecState::globalThisValue):
+ * wtf/DateMath.cpp:
+
+2011-03-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Ensure all values are correctly tagged in the registerfile
+ https://bugs.webkit.org/show_bug.cgi?id=56214
+
+ This patch makes sure that all JSCell pointers written to
+ the registerfile are correctly tagged as JSCells, and replaces
+ raw int usage with the immediate representation.
+
+ For performance, register pressure, and general saneness reasons
+ I've added abstractions for reading and writing the tag
+ and payload of integer registers directly for the JSVALUE64
+ encoding.
+
+ * interpreter/Register.h:
+ (JSC::Register::withInt):
+ (JSC::Register::withCallee):
+ (JSC::Register::operator=):
+ (JSC::Register::i):
+ (JSC::Register::activation):
+ (JSC::Register::function):
+ (JSC::Register::propertyNameIterator):
+ (JSC::Register::scopeChain):
+ * jit/JIT.h:
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCallVarargs):
+ (JSC::JIT::compileOpCall):
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitPutToCallFrameHeader):
+ (JSC::JIT::emitPutCellToCallFrameHeader):
+ (JSC::JIT::emitPutIntToCallFrameHeader):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ (JSC::JIT::emit_op_load_varargs):
+ (JSC::JIT::emitSlow_op_load_varargs):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ (JSC::JIT::emit_op_get_pnames):
+ (JSC::JIT::emit_op_next_pname):
+ * jit/JSInterfaceJIT.h:
+ (JSC::JSInterfaceJIT::intPayloadFor):
+ (JSC::JSInterfaceJIT::intTagFor):
+ * jit/SpecializedThunkJIT.h:
+ (JSC::SpecializedThunkJIT::returnJSValue):
+ (JSC::SpecializedThunkJIT::returnDouble):
+ (JSC::SpecializedThunkJIT::returnInt32):
+ (JSC::SpecializedThunkJIT::returnJSCell):
+
+2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
+
+ Reviewed by Eric Seidel.
+
+ Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner.
+ https://bugs.webkit.org/show_bug.cgi?id=56231
+
+ * JavaScriptCore.gypi: Added project_dir variable.
+ * gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore.
+ * gyp/generate-dtrace-header.sh: Changed to use project_dir.
+
+2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Start using derived sources correctly and link minidom with JavaScriptCore gyp project.
+ https://bugs.webkit.org/show_bug.cgi?id=56217
+
+ * gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory
+ to the scripts.
+ * gyp/generate-derived-sources.sh: Changed to use passed directory.
+ * gyp/generate-dtrace-header.sh: Ditto.
+
+2011-03-11 Eric Carlson <eric.carlson@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ <rdar://problem/8955589> Adopt AVFoundation media back end on Lion.
+
+ No new tests, existing media tests cover this.
+
+ * JavaScriptCore.exp: Export cancelCallOnMainThread
+ * wtf/Platform.h: Define WTF_USE_AVFOUNDATION.
+
+2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project.
+ https://bugs.webkit.org/show_bug.cgi?id=56207
+
+ * JavaScriptCore.gypi: Added Tracing.d to the sources.
+ * gyp/generate-dtrace-header.sh: Added.
+ * gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them),
+ and added DTrace header generating step.
+
+2011-03-10 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Fix allocation of native function with a cached thunk
+ https://bugs.webkit.org/show_bug.cgi?id=56127
+
+ Fix this race condition found while fixing zombies.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::clearWeakPointers):
+ * runtime/Heap.cpp:
+ (JSC::Heap::reset):
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::markChildren):
+ * runtime/JSValue.h:
+ (JSC::JSValue::decode):
+ * runtime/JSZombie.cpp:
+ (JSC::JSZombie::leakedZombieStructure):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::createStructure):
+ * runtime/MarkedBlock.cpp:
+
+2011-03-10 Luiz Agostini <luiz.agostini@openbossa.org>
+
+ Reviewed by Andreas Kling.
+
+ [Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently)
+ https://bugs.webkit.org/show_bug.cgi?id=33008
+
+ Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally.
+ Symbian is excluded because pthread_kill does not work on it. Mac is excluded because
+ it has its own ways to do JSC threading.
+
+ Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true.
+
+ * runtime/MachineStackMarker.cpp:
+ * wtf/Platform.h:
+
+2011-03-10 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Bug 56077 - ES5 conformance issues with RegExp.prototype
+
+ There are three issues causing test failures in sputnik.
+
+ (1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden).
+ (2) The 'length' property of the test/exec functions should be 1.
+ (3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input.
+
+ * runtime/RegExpObject.cpp:
+ (JSC::RegExpObject::markChildren):
+ - Added to mark lastIndex
+ (JSC::regExpObjectLastIndex):
+ (JSC::setRegExpObjectLastIndex):
+ - lastIndex is now stored as a JSValue.
+ (JSC::RegExpObject::match):
+ - Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double).
+ * runtime/RegExpObject.h:
+ (JSC::RegExpObject::setLastIndex):
+ (JSC::RegExpObject::setLastIndex):
+ - Set lastIndex, either from a size_t or a JSValue.
+ (JSC::RegExpObject::getLastIndex):
+ - Get lastIndex.
+ (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
+ - Initialize as a JSValue.
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ - Add test/exec properties with length 1.
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ - Do not read RegExp.input if none is provided.
+ * tests/mozilla/js1_2/regexp/RegExp_input.js:
+ * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js:
+ - Update these tests (they relied on non-ES5 behaviour).
+
+2011-03-10 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Rolled back in 80277 and 80280 with event handler layout test failures fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=55653
+
+ The failures were caused by a last minute typo: assigning to currentEvent
+ instead of m_currentEvent.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/BytecodeGenerator.cpp:
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.h:
+ * runtime/MarkedSpace.cpp:
+ * runtime/MarkedSpace.h:
+
+2011-03-09 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ jquery/manipulation.html fails after r80598
+ https://bugs.webkit.org/show_bug.cgi?id=56019
+
+ When linking a call, codeblock now takes ownership of the linked function
+ This removes the need for unlinking, and thus the incorrectness that was
+ showing up in these tests.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::~CodeBlock):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CallLinkInfo::CallLinkInfo):
+ (JSC::CallLinkInfo::setUnlinked):
+ (JSC::CodeBlock::addCaller):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ (JSC::JIT::linkCall):
+ (JSC::JIT::linkConstruct):
+ * jit/JIT.h:
+ * runtime/Executable.cpp:
+ * runtime/Executable.h:
+
+2011-03-09 Daniel Bates <dbates@rim.com>
+
+ Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684>
+ (Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>).
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError().
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 56041 - RexExp constructor should only accept flags "gim"
+ Fix for issues introduced in r80667.
+
+ Invalid flags to a RegExp literal are a late syntax error!
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::addRegExp):
+ - Pass a PassRefPtr<RegExp>
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addRegExp):
+ (JSC::BytecodeGenerator::emitNewRegExp):
+ * bytecompiler/BytecodeGenerator.h:
+ - Pass a PassRefPtr<RegExp>
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ - Should not be ASSERTing that the flags are valid - this is a late(er) error.
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ - Need to check for error from RegExp constructor.
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ - Need to check for error from RegExp constructor.
+ * runtime/RegExp.h:
+ (JSC::RegExp::isValid):
+ - Make isValid check that the regexp was created with valid flags.
+ * runtime/RegExpKey.h:
+ - Since we'll not create RegExp objects with invalid flags, separate out the deleted value.
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix part 2.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix part 1.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-03-09 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Bug 56041 - RexExp constructor should only accept flags "gim"
+ We also should be passing the flags around as a bitfield rather than a string,
+ and should not have redundant, incompatible code for converting the string to a bitfield!
+
+ * JavaScriptCore.exp:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::RegExpNode::emitBytecode):
+ - Need to parse flags string to enum.
+ * runtime/RegExp.cpp:
+ (JSC::regExpFlags):
+ (JSC::RegExp::RegExp):
+ (JSC::RegExp::create):
+ - Add method to parse flags string to enum, change constructor/create args to take enum.
+ * runtime/RegExp.h:
+ (JSC::RegExp::global):
+ (JSC::RegExp::ignoreCase):
+ (JSC::RegExp::multiline):
+ - Change to use new enum values.
+ * runtime/RegExpCache.cpp:
+ (JSC::RegExpCache::lookupOrCreate):
+ (JSC::RegExpCache::create):
+ * runtime/RegExpCache.h:
+ - Changed to use regExpFlags enum instead of int/const UString&.
+ * runtime/RegExpConstructor.cpp:
+ (JSC::constructRegExp):
+ - Add use new enum parsing, check for error.
+ * runtime/RegExpKey.h:
+ (JSC::RegExpKey::RegExpKey):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::RegExpPrototype::RegExpPrototype):
+ - Pass NoFlags value instead of empty string.
+ (JSC::regExpProtoFuncCompile):
+ - Add use new enum parsing, check for error.
+ * runtime/StringPrototype.cpp:
+ (JSC::stringProtoFuncMatch):
+ (JSC::stringProtoFuncSearch):
+ - Pass NoFlags value instead of empty string.
+
+2011-03-08 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig
+
+ Bug 55994 - Functions on Array.prototype should check length first.
+ These methods are designed to work on generic objects too, and if 'length'
+ is a getter that throws an exception, ensure this is correctly thrown
+ (even if other exceptions would be thrown, too).
+
+ Make the length check the first thing we do.
+ This change shows a progression on SunSpider on my machine, but this is likely bogus.
+
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncToString):
+ (JSC::arrayProtoFuncToLocaleString):
+ (JSC::arrayProtoFuncJoin):
+ (JSC::arrayProtoFuncPop):
+ (JSC::arrayProtoFuncPush):
+ (JSC::arrayProtoFuncReverse):
+ (JSC::arrayProtoFuncShift):
+ (JSC::arrayProtoFuncSlice):
+ (JSC::arrayProtoFuncSort):
+ (JSC::arrayProtoFuncSplice):
+ (JSC::arrayProtoFuncUnShift):
+ (JSC::arrayProtoFuncFilter):
+ (JSC::arrayProtoFuncMap):
+ (JSC::arrayProtoFuncEvery):
+ (JSC::arrayProtoFuncForEach):
+ (JSC::arrayProtoFuncSome):
+ (JSC::arrayProtoFuncReduce):
+ (JSC::arrayProtoFuncReduceRight):
+ (JSC::arrayProtoFuncIndexOf):
+ (JSC::arrayProtoFuncLastIndexOf):
+
+2011-03-07 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make CodeBlock GC write barrier safe
+ https://bugs.webkit.org/show_bug.cgi?id=55910
+
+ In order to make CodeBlock WriteBarrier safe it was necessary
+ to make it have a single GC owner, and for that reason I have
+ made ExecutableBase a GC allocated object. This required
+ updating their creation routines as well as all sites that hold
+ a reference to them. GC objects that held Executable's have been
+ converted to WriteBarriers, and all other sites now use Global<>.
+
+ As an added benefit this gets rid of JSGlobalData's list of
+ GlobalCodeBlocks.
+
+ Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression
+ on SunSpider. Given none of the tests that show regressions
+ demonstrate a regression on their own, and sampling shows up nothing.
+ I suspect we're just getting one or two additional gc passes at
+ the end of the run.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dump):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::EvalCodeCache::markAggregate):
+ (JSC::CodeBlock::markAggregate):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::ownerExecutable):
+ (JSC::CodeBlock::addConstant):
+ (JSC::CodeBlock::constantRegister):
+ (JSC::CodeBlock::getConstant):
+ (JSC::CodeBlock::addFunctionDecl):
+ (JSC::CodeBlock::addFunctionExpr):
+ (JSC::GlobalCodeBlock::GlobalCodeBlock):
+ (JSC::ExecState::r):
+ * bytecode/EvalCodeCache.h:
+ (JSC::EvalCodeCache::get):
+ * bytecode/SamplingTool.h:
+ (JSC::ScriptSampleRecord::ScriptSampleRecord):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::addConstantValue):
+ (JSC::BytecodeGenerator::emitEqualityOp):
+ * bytecompiler/BytecodeGenerator.h:
+ (JSC::BytecodeGenerator::makeFunction):
+ * debugger/Debugger.cpp:
+ (JSC::evaluateInGlobalCallFrame):
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::evaluate):
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::callEval):
+ * jit/JITInlineMethods.h:
+ (JSC::JIT::emitLoadDouble):
+ (JSC::JIT::emitLoadInt32ToDouble):
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+ (JSC::JITThunks::hostFunctionStub):
+ (JSC::JITThunks::clearHostFunctionStubs):
+ * jit/JITStubs.h:
+ * runtime/Completion.cpp:
+ (JSC::checkSyntax):
+ (JSC::evaluate):
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::EvalExecutable):
+ (JSC::ProgramExecutable::ProgramExecutable):
+ (JSC::FunctionExecutable::FunctionExecutable):
+ (JSC::FunctionExecutable::~FunctionExecutable):
+ (JSC::EvalExecutable::markChildren):
+ (JSC::ProgramExecutable::markChildren):
+ (JSC::FunctionExecutable::markChildren):
+ (JSC::FunctionExecutable::fromGlobalCode):
+ * runtime/Executable.h:
+ (JSC::ExecutableBase::ExecutableBase):
+ (JSC::ExecutableBase::createStructure):
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::VPtrHackExecutable::VPtrHackExecutable):
+ (JSC::ScriptExecutable::ScriptExecutable):
+ (JSC::EvalExecutable::create):
+ (JSC::EvalExecutable::createStructure):
+ (JSC::ProgramExecutable::create):
+ (JSC::ProgramExecutable::createStructure):
+ (JSC::FunctionExecutable::create):
+ (JSC::FunctionExecutable::createStructure):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ (JSC::Heap::markRoots):
+ * runtime/Heap.h:
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::JSActivation):
+ (JSC::JSActivation::markChildren):
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::JSActivationData::JSActivationData):
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::~JSFunction):
+ (JSC::JSFunction::markChildren):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::storeVPtrs):
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSObject.cpp:
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::markChildren):
+ * runtime/JSStaticScopeObject.h:
+ (JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
+ (JSC::JSStaticScopeObject::JSStaticScopeObject):
+ * runtime/JSZombie.cpp:
+ (JSC::JSZombie::leakedZombieStructure):
+ * runtime/JSZombie.h:
+ (JSC::JSZombie::createStructure):
+ * runtime/MarkedSpace.h:
+
+2011-03-07 Andy Estes <aestes@apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ REGRESSION (r79060): Timestamp is missing from tweets in twitter.
+ https://bugs.webkit.org/show_bug.cgi?id=55228
+
+ A change to the date parser to handle the case where the year is
+ specified before the time zone inadvertently started accepting strings
+ such as '+0000' as valid years. Those strings actually represent time
+ zones in an offset of hours and minutes from UTC, not years.
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters): If the current character
+ in dateString is '+' or '-', do not try to parse the next token as a
+ year.
+
+2011-03-06 Yuta Kitamura <yutak@chromium.org>
+
+ Reviewed by Kent Tamura.
+
+ Add SHA-1 for new WebSocket protocol
+ https://bugs.webkit.org/show_bug.cgi?id=55039
+
+ The code is based on Chromium's portable SHA-1 implementation
+ (src/base/sha1_portable.cc). Modifications were made in order
+ to make the code comply with WebKit coding style.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/MD5.cpp:
+ (WTF::MD5::MD5):
+ * wtf/SHA1.cpp: Added.
+ (WTF::testSHA1): This function will be run the first time SHA1
+ constructor is called. This function computes a few hash values
+ and checks the results in debug builds. However, constructor is
+ probably not a good place to run these tests, so we need to find
+ a good place for it (bug 55853).
+ (WTF::expectSHA1):
+ (WTF::f):
+ (WTF::k):
+ (WTF::rotateLeft):
+ (WTF::SHA1::SHA1):
+ (WTF::SHA1::addBytes):
+ (WTF::SHA1::computeHash):
+ (WTF::SHA1::finalize):
+ (WTF::SHA1::processBlock):
+ (WTF::SHA1::reset):
+ * wtf/SHA1.h: Added.
+ (WTF::SHA1::addBytes):
+ * wtf/wtf.pri:
+
+2011-03-05 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add Derived Sources to WebCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55813
+
+ Rename the action to be friendlier.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-04 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Need symbian version of cryptographicallyRandomValuesFromOS
+ https://bugs.webkit.org/show_bug.cgi?id=55782
+
+ Implement Symbian version of cryptographicallyRandomValuesFromOS
+
+ * wtf/OSRandomSource.cpp:
+ (WTF::cryptographicallyRandomValuesFromOS):
+
+2011-03-04 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Cameron Zwarich.
+
+ Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible().
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::defineOwnProperty):
+ Add missing check.
+
+2011-03-04 Gavin Barraclough <barraclough@apple.com>
+
+ Rubber stamped by olliej.
+
+ Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ (1) don't infinite loop.
+ (2) goto 1.
+
+2011-03-04 Gavin Barraclough <barraclough@apple.com>
+
+ cmake build fix.
+
+ * CMakeLists.txt:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add Copy Files step to JavaScriptCore GYP build for apitest and minidom
+ https://bugs.webkit.org/show_bug.cgi?id=55798
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Remove unneeded round-trips through ../Source in the Chromium GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55795
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Use target_defaults to reduce boilerplate in GYP build system
+ https://bugs.webkit.org/show_bug.cgi?id=55790
+
+ Instead of setting up the configuration in each target, just defer to
+ target_defaults. Also, removed a define that was redundant with the
+ xcconfig.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 55736 - Implement seal/freeze/preventExtensions for normal object types.
+ Provide basic functionallity from section 15.2.4 of ECMA-262.
+ This support will need expanding to cover arrays, too.
+
+ Shows a 0.5% progression on SunSpidey, this seems to be due to changing
+ ObjectConstructor to use a static table.
+
+ * DerivedSources.make:
+ * JavaScriptCore.exp:
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::objectConstructorTable):
+ Add a static table for ObjectConstructor.
+ * runtime/CommonIdentifiers.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ (JSC::JSGlobalData::~JSGlobalData):
+ Add a static table for ObjectConstructor.
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::reset):
+ Add a static table for ObjectConstructor.
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::seal):
+ (JSC::JSObject::freeze):
+ (JSC::JSObject::preventExtensions):
+ Transition the object's structure.
+ (JSC::JSObject::defineOwnProperty):
+ Check isExtensible.
+ * runtime/JSObject.h:
+ (JSC::JSObject::isSealed):
+ (JSC::JSObject::isFrozen):
+ (JSC::JSObject::isExtensible):
+ These wrap method on structure.
+ (JSC::JSObject::putDirectInternal):
+ Check isExtensible.
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructor::ObjectConstructor):
+ (JSC::ObjectConstructor::getOwnPropertySlot):
+ (JSC::ObjectConstructor::getOwnPropertyDescriptor):
+ Change ObjectConstructor to use a static table.
+ (JSC::objectConstructorSeal):
+ (JSC::objectConstructorFreeze):
+ (JSC::objectConstructorPreventExtensions):
+ (JSC::objectConstructorIsSealed):
+ (JSC::objectConstructorIsFrozen):
+ (JSC::objectConstructorIsExtensible):
+ Add new methods on Object.
+ * runtime/ObjectConstructor.h:
+ (JSC::ObjectConstructor::createStructure):
+ * runtime/Structure.cpp:
+ (JSC::Structure::Structure):
+ init/propagate m_preventExtensions
+ (JSC::Structure::sealTransition):
+ (JSC::Structure::freezeTransition):
+ (JSC::Structure::preventExtensionsTransition):
+ transition the structure, materializing the property map, setting m_preventExtensions & changing attributes.
+ (JSC::Structure::isSealed):
+ (JSC::Structure::isFrozen):
+ check attributes to detect if object is sealed/frozen.
+ * runtime/Structure.h:
+ (JSC::Structure::isExtensible):
+ checks the m_preventExtensions flag.
+
+2011-03-04 Steve Falkenburg <sfalken@apple.com>
+
+ Reviewed by Jon Honeycutt.
+
+ Adopt VersionStamper tool for Windows WebKit DLLs
+ https://bugs.webkit.org/show_bug.cgi?id=55784
+ <rdar://problem/9021273>
+
+ We now use a tool to stamp the version number onto the Apple WebKit DLLs
+ during the post-build step.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed.
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:
+
+2011-03-04 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ JavaScriptCore GYP build should use a header map
+ https://bugs.webkit.org/show_bug.cgi?id=55712
+
+ This patch moves the os-win32 files into their own variable so that we
+ can use a header map in the Apple Mac Xcode build. The problem is that
+ the header map searches the whole project rather than just the files
+ included in a given target. Another solution to this problem is to
+ make GYP smarter about filtering out what files are added to the
+ project file.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Ryosuke Niwa <rniwa@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h
+ https://bugs.webkit.org/show_bug.cgi?id=55554
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0.
+ (JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer.
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::addStaticGlobals): Ditto.
+ * wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR
+ (WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t.
+
+2011-03-03 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add jsc to JavaScriptCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55711
+
+ * JavaScriptCore.gypi:
+ - Move jsc.cpp into jsc_files because it's really part of the jsc
+ target.
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ - Remove extraneous files from the normal jsc build. I probably
+ added these by mistake at some point.
+ * gyp/JavaScriptCore.gyp:
+ - Add the jsc target to the GYP file.
+
+2011-03-03 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add testapi to JavaScriptCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55707
+
+ The new testapi target is slightly incomplete. There's a resource
+ copying step that we don't quite have yet.
+
+ This patch also cleans up some of the configuration issues in
+ JavaScriptCore.xcodeproj. It seems kind of wordy to repeat these for
+ each target. I suspect there's a more compact way of defining the
+ configurations, but this removes the "Default" configuration, which is
+ progress.
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Teach JavaScriptCore GYP build about private headers
+ https://bugs.webkit.org/show_bug.cgi?id=55532
+
+ This patch distinguishes between public and private framework headers
+ so that public headers are copied into the Headers directory and
+ private headers are copied into the PrivateHeaders directory.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-03 Geoffrey Garen <ggaren@apple.com>
+
+ Rolled out 80277 and 80280 because they caused event handler layout test
+ failures.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/BytecodeGenerator.cpp:
+ * jit/JITOpcodes.cpp:
+ * jit/JITOpcodes32_64.cpp:
+ * runtime/Arguments.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSCell.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.h:
+ * runtime/MarkedSpace.cpp:
+ * runtime/MarkedSpace.h:
+
+2011-03-03 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Build fix. Alter order of headers included to make sure windows.h
+ is configured by wx, and skip Posix implementation file we don't use on Win.
+
+ * wscript:
+ * wtf/wx/StringWx.cpp:
+
+2011-03-03 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ JSVariableObject needs to use WriteBarrier for symboltable property storage
+ https://bugs.webkit.org/show_bug.cgi?id=55698
+
+ Replace the direct usage of Register in JSVariableObject (and descendents)
+ with WriteBarrier. This requires updating the Arguments object to use
+ WriteBarrier as well.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::privateExecute):
+ (JSC::Interpreter::retrieveArguments):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/ArgList.h:
+ (JSC::MarkedArgumentBuffer::initialize):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::markChildren):
+ (JSC::Arguments::copyToRegisters):
+ (JSC::Arguments::fillArgList):
+ (JSC::Arguments::getOwnPropertySlot):
+ (JSC::Arguments::getOwnPropertyDescriptor):
+ (JSC::Arguments::put):
+ * runtime/Arguments.h:
+ (JSC::Arguments::setActivation):
+ (JSC::Arguments::Arguments):
+ (JSC::Arguments::copyRegisters):
+ (JSC::JSActivation::copyRegisters):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::markChildren):
+ (JSC::JSActivation::symbolTableGet):
+ (JSC::JSActivation::symbolTablePut):
+ (JSC::JSActivation::symbolTablePutWithAttributes):
+ (JSC::JSActivation::put):
+ (JSC::JSActivation::putWithAttributes):
+ (JSC::JSActivation::argumentsGetter):
+ * runtime/JSActivation.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::put):
+ (JSC::JSGlobalObject::putWithAttributes):
+ (JSC::JSGlobalObject::markChildren):
+ (JSC::JSGlobalObject::copyGlobalsFrom):
+ (JSC::JSGlobalObject::copyGlobalsTo):
+ (JSC::JSGlobalObject::resizeRegisters):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::setRegisters):
+ (JSC::JSGlobalObject::addStaticGlobals):
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::put):
+ (JSC::JSStaticScopeObject::putWithAttributes):
+ * runtime/JSVariableObject.cpp:
+ (JSC::JSVariableObject::symbolTableGet):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::registerAt):
+ (JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
+ (JSC::JSVariableObject::symbolTableGet):
+ (JSC::JSVariableObject::symbolTablePut):
+ (JSC::JSVariableObject::symbolTablePutWithAttributes):
+ (JSC::JSVariableObject::copyRegisterArray):
+ (JSC::JSVariableObject::setRegisters):
+
+2011-03-03 Geoffrey Garen <ggaren@apple.com>
+
+ Try to fix Windows build.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol.
+
+ * runtime/JSStaticScopeObject.cpp:
+ (JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function
+ inline -- it's virtual.
+
+2011-03-02 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Moved all variable object storage inline -- upping the object size limit to 1K
+ https://bugs.webkit.org/show_bug.cgi?id=55653
+
+ * JavaScriptCore.exp:
+ * bytecompiler/BytecodeGenerator.cpp:
+ * jit/JITOpcodes.cpp:
+ * runtime/Arguments.h:
+ * runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class
+ to accomodate objects up to 1K.
+
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_.
+
+ * runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum
+ object size, since it doesn't anymore.
+
+ * runtime/JSStaticScopeObject.cpp:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K.
+
+2011-03-03 Timothy Hatcher <timothy@apple.com>
+
+ Make APIShims usable from WebCore.
+
+ Reviewed by Oliver Hunt.
+
+ * ForwardingHeaders/JavaScriptCore/APIShims.h: Added.
+ * GNUmakefile.am:
+ * JavaScriptCore.exp:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-03-03 Peter Varga <pvarga@webkit.org>
+
+ Reviewed by Oliver Hunt.
+
+ Begin Characters Optimization Causes YARR Interpreter Errors
+ https://bugs.webkit.org/show_bug.cgi?id=55479
+
+ The addBeginTerm function is removed because it doesn't correctly handle those
+ cases when an "invalid" term has been
+ collected (e.g. CharacterClass). Move the removed function to the
+ setupAlternativeBeginTerms method's switch-case
+ where the non-allowed cases are correctly handled.
+
+ Reenable the Beginning Character Optimization in the YARR Interpreter again.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms):
+ (JSC::Yarr::YarrPattern::compile):
+
+2011-03-02 Jessie Berlin <jberlin@apple.com>
+
+ Reviewed by Adam Roben.
+
+ WebKit2: Use CFNetwork Sessions API.
+ https://bugs.webkit.org/show_bug.cgi?id=55435
+
+ Add the ability to create a Private Browsing storage session.
+
+ * wtf/Platform.h:
+ Add a new #define for using CF Storage Sessions.
+
+2011-03-02 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Remove "register slot" concept from PropertySlot
+ https://bugs.webkit.org/show_bug.cgi?id=55621
+
+ PropertySlot had already stopped storing Register "slots"
+ so this patch is simply removing that api entirely.
+ This exposed a problem in the ProgramNode constructor for
+ BytecodeGenerator where it reads from the registerfile
+ before it has initialised it.
+
+ This bug wasn't a problem before as we were merely testing
+ for property existence rather than the actual value, and
+ used to work because setRegisterSlot didn't check that the
+ provided slot contained an initialised value.
+
+ To get around this issue we now use symbolTableHasProperty
+ to do the symbol table check without trying to read the
+ RegisterFile.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ * runtime/Arguments.cpp:
+ (JSC::Arguments::getOwnPropertySlot):
+ * runtime/JSActivation.cpp:
+ (JSC::JSActivation::symbolTableGet):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::symbolTableHasProperty):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::symbolTableGet):
+ * runtime/PropertySlot.h:
+
+2011-03-02 Daniel Cheng <dcheng@chromium.org>
+
+ Reviewed by David Levin.
+
+ Add feature define for data transfer items
+ https://bugs.webkit.org/show_bug.cgi?id=55510
+
+ * Configurations/FeatureDefines.xcconfig:
+ * wtf/Platform.h:
+
+2011-03-02 Adam Roben <aroben@apple.com>
+
+ Delete old .res files whenever any .vsprops file changes
+
+ Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to
+ fail
+
+ Reviewed by Tony Chang.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
+ (main): Restructured code to loop over a set of file extensions, deleting any old files that
+ have that extension. Now deletes .res files, too. (We previously deleted any file matching
+ *.manifest*, but that turned out to just be the union of *.manifest and *.res.)
+
+2011-03-02 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Teach JavaScriptCore GYP build how to build minidom
+ https://bugs.webkit.org/show_bug.cgi?id=55536
+
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ JavaScriptCore GYP build should copy some headers into the target framework
+ https://bugs.webkit.org/show_bug.cgi?id=55524
+
+ After this patch, all the framework headers are exported as public
+ headers. We need to teach GYP how to handle private headers.
+
+ I struggled to determine how to store the information about whether a
+ header was public, private, or project (i.e., not exported).
+ Generally, the GYPI should just list the files, but it seemed siliy to
+ have an almost duplicated list of files in the GYP file itself. If
+ this design doesn't scale, we might have to revisit it in the future.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-01 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r80079.
+ http://trac.webkit.org/changeset/80079
+ https://bugs.webkit.org/show_bug.cgi?id=55547
+
+ "Broke the Win debug build?" (Requested by dcheng on #webkit).
+
+ * wtf/Platform.h:
+
+2011-03-01 Daniel Cheng <dcheng@chromium.org>
+
+ Reviewed by David Levin.
+
+ Add feature define for data transfer items
+ https://bugs.webkit.org/show_bug.cgi?id=55510
+
+ * wtf/Platform.h:
+
+2011-03-01 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Joseph Pecoraro.
+
+ Misaligned memory access in CloneDeserializer on all ARM arch.
+ https://bugs.webkit.org/show_bug.cgi?id=48742
+
+ Add a CPU class for architectures that need aligned addresses
+ for memory access.
+
+ * wtf/Platform.h:
+
+2011-03-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Add pre- and post-build actions for JavaScriptCore GYP build
+ https://bugs.webkit.org/show_bug.cgi?id=55507
+
+ After this patch, we have all the steps for building the main
+ JavaScriptCore framework except the "copy headers" step, which I'll do
+ next.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-03-01 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Rolled back in r79627 now that the underlying cause for it crashing is fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=55159
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocateSlowCase):
+ * runtime/Heap.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::Heap::allocate):
+ (JSC::JSCell::JSCell::operator new):
+ * runtime/MarkedBlock.h:
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+
+2011-03-01 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Replace two script phases that do nothing but copy files with copy files build phases.
+
+ This speeds up the build by a few seconds on high-end Mac Pros.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2011-03-01 David Kilzer <ddkilzer@apple.com>
+
+ Spring cleaning!
+
+ Rubber-stamped by Mark Rowe.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ (Copy Into Framework): Remove "set -x" and its comment.
+
+2011-03-01 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Darin Adler.
+
+ TinyMCE not working in nightlies
+ https://bugs.webkit.org/show_bug.cgi?id=54978
+
+ Disabling setupBeginChars() to temporarily work arround the test
+ failure. Filed https://bugs.webkit.org/show_bug.cgi?id=55479
+ to track fixing the issue.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPattern::compile):
+
+2011-02-23 Joseph Pecoraro <joepeck@webkit.org>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Viewport parsing no longer accepts "1.0;" value as valid.
+ https://bugs.webkit.org/show_bug.cgi?id=53705
+
+ Include a didReadNumber parameter to String -> float / double
+ conversion functions. This way, if the "ok" boolean out
+ parameter is false, you can check to see if there in fact
+ was a valid number parsed with garbage at the end. Examples
+ of that would be parsing "123x456" would have ok = false,
+ but didReadNumber = true.
+
+ * JavaScriptCore.exp:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::toDouble):
+ (WTF::StringImpl::toFloat):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.cpp:
+ (WTF::String::toDouble):
+ (WTF::String::toFloat):
+ (WTF::charactersToDouble):
+ (WTF::charactersToFloat):
+ * wtf/text/WTFString.h:
+
+2011-02-28 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Past-the-end writes in VM exceptions (caused crashes in r79627)
+ https://bugs.webkit.org/show_bug.cgi?id=55448
+
+ Some exceptions had the wrong structures, so they misoverestimated their
+ inline storage sizes.
+
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData): Use the right structure.
+
+ * runtime/JSObject.h:
+ (JSC::JSNonFinalObject::JSNonFinalObject):
+ (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity
+ is correct to verify this doesn't happen again.
+
+2011-03-01 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Csaba Osztrogonác.
+
+ [Qt] Clean up the project files and move common options to WebKit.pri.
+
+ * JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri.
+ * JavaScriptCore.pro: Deduplicate options.
+ * jsc.pro: Ditto.
+
+2011-03-01 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Teach JavaScriptCore GYP build about DEPTH
+ https://bugs.webkit.org/show_bug.cgi?id=55425
+
+ In addition to teaching the JavaScriptCore GYP build about DEPTH, this
+ change overrides the GCC warning configuration to disable a warning
+ that's causing probems in Assertions.cpp. With that warning disabled,
+ JavaScriptCore builds again.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-02-28 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-28 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79948.
+ http://trac.webkit.org/changeset/79948
+ https://bugs.webkit.org/show_bug.cgi?id=55439
+
+ "caused crashes on the SL release bot" (Requested by ggaren on
+ #webkit).
+
+ * runtime/JSGlobalData.h:
+ * runtime/WriteBarrier.h:
+
+2011-02-28 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-28 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig & Darin Adler.
+
+ Bug 55423 - Clean up property tables in Structure
+
+ Encapsulate, reduce duplication of table search code,
+ and reduce the size of the tables (remove the index,
+ just maintain the tables in the correct order).
+
+ Shows a 0.5% - 1% progression on sunspider.
+
+ * JavaScriptCore.exp:
+ * runtime/PropertyMapHashTable.h:
+ (JSC::isPowerOf2):
+ (JSC::nextPowerOf2):
+ bit ops used to calculate table size.
+ (JSC::PropertyMapEntry::PropertyMapEntry):
+ (JSC::PropertyTable::ordered_iterator::operator++):
+ (JSC::PropertyTable::ordered_iterator::operator==):
+ (JSC::PropertyTable::ordered_iterator::operator!=):
+ (JSC::PropertyTable::ordered_iterator::operator*):
+ (JSC::PropertyTable::ordered_iterator::operator->):
+ (JSC::PropertyTable::ordered_iterator::ordered_iterator):
+ implementation of the iterator types
+ (JSC::PropertyTable::PropertyTable):
+ (JSC::PropertyTable::~PropertyTable):
+ constructors take an initial capacity for the table,
+ a table to copy, or both.
+ (JSC::PropertyTable::begin):
+ (JSC::PropertyTable::end):
+ create in-order iterators.
+ (JSC::PropertyTable::find):
+ search the hash table
+ (JSC::PropertyTable::add):
+ add a value to the hash table
+ (JSC::PropertyTable::remove):
+ remove a value from the hash table
+ (JSC::PropertyTable::size):
+ (JSC::PropertyTable::isEmpty):
+ accessors.
+ (JSC::PropertyTable::propertyStorageSize):
+ (JSC::PropertyTable::clearDeletedOffsets):
+ (JSC::PropertyTable::hasDeletedOffset):
+ (JSC::PropertyTable::getDeletedOffset):
+ (JSC::PropertyTable::addDeletedOffset):
+ cache deleted (available) offsets in the property storage array.
+ (JSC::PropertyTable::copy):
+ take a copy of the PropertyTable, potentially expanding the capacity.
+ (JSC::PropertyTable::sizeInMemory):
+ used for DEBUG build statistics
+ (JSC::PropertyTable::reinsert):
+ (JSC::PropertyTable::rehash):
+ (JSC::PropertyTable::tableCapacity):
+ (JSC::PropertyTable::deletedEntryIndex):
+ (JSC::PropertyTable::skipDeletedEntries):
+ (JSC::PropertyTable::table):
+ (JSC::PropertyTable::usedCount):
+ (JSC::PropertyTable::dataSize):
+ (JSC::PropertyTable::sizeForCapacity):
+ (JSC::PropertyTable::canInsert):
+ these methods provide internal implementation.
+ * runtime/Structure.cpp:
+ (JSC::Structure::dumpStatistics):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::materializePropertyMap):
+ (JSC::Structure::despecifyDictionaryFunction):
+ (JSC::Structure::addPropertyTransition):
+ (JSC::Structure::flattenDictionaryStructure):
+ (JSC::Structure::copyPropertyTable):
+ (JSC::Structure::get):
+ (JSC::Structure::despecifyFunction):
+ (JSC::Structure::despecifyAllFunctions):
+ (JSC::Structure::put):
+ (JSC::Structure::remove):
+ (JSC::Structure::createPropertyMap):
+ (JSC::Structure::getPropertyNames):
+ (JSC::PropertyTable::checkConsistency):
+ (JSC::Structure::checkConsistency):
+ factored out code to PropertyMapHashTable.h
+ * runtime/Structure.h:
+ (JSC::Structure::propertyStorageSize):
+ (JSC::Structure::isEmpty):
+ (JSC::Structure::get):
+ factored out code to PropertyMapHashTable.h
+
+2011-02-28 Xan Lopez <xlopez@igalia.com>
+
+ Another fix build :(
+
+ Fix typo.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::freePlatformThreadRegisters):
+
+2011-02-28 Xan Lopez <xlopez@igalia.com>
+
+ Unreviewed build fix for Snow Leopard.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::freePlatformThreadRegisters):
+
+2011-02-28 Alejandro G. Castro <alex@igalia.com>
+
+ Unreviewed, fix SnowLeopard compilation after r79952.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::freePlatformThreadRegisters):
+
+2011-02-28 Mark Rowe <mrowe@apple.com>
+
+ Reviewed by Darin Adler.
+
+ <http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors.
+
+ * wtf/OwnArrayPtr.h:
+ (WTF::::set): Implement OwnArrayPtr::set.
+
+2011-02-28 Martin Zoubek <martin.zoubek@acision.com> and Alejandro G. Castro <alex@igalia.com>
+
+ Reviewed by Martin Robinson.
+
+ Multithread support for JSC on UNIX
+ https://bugs.webkit.org/show_bug.cgi?id=26838
+
+ Implement suspendThread() and resumeThread() for systems with
+ pthread.h using thread signal handler.
+
+ * runtime/MachineStackMarker.cpp:
+ (JSC::pthreadSignalHandlerSuspendResume):
+ (JSC::MachineStackMarker::Thread::Thread):
+ (JSC::getCurrentPlatformThread):
+ (JSC::suspendThread):
+ (JSC::resumeThread):
+ (JSC::getPlatformThreadRegisters):
+ (JSC::otherThreadStackPointer):
+ (JSC::freePlatformThreadRegisters):
+ (JSC::MachineStackMarker::markOtherThreadConservatively):
+ * wtf/Platform.h: Added Gtk port to use
+ ENABLE_JSC_MULTIPLE_THREADS.
+
+2011-02-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Stop using DeprecatedPtr for the global exception slot
+ https://bugs.webkit.org/show_bug.cgi?id=55424
+
+ Create GCRootPtr to signify that the exception slot is
+ a gcroot, and so is exempt from the usual writebarrier
+ restrictions.
+
+ * runtime/JSGlobalData.h:
+ * runtime/WriteBarrier.h:
+ (JSC::GCRootPtr::GCRootPtr):
+ (JSC::GCRootPtr::operator=):
+
+2011-02-28 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ Use more xcconfig files in JavaScriptCore gyp build
+ https://bugs.webkit.org/show_bug.cgi?id=55391
+
+ The GYP experts tell me that we have have a total of two xcconfig
+ files: one for the xcodeproj as a whole and one for each target. This
+ patch uses that technique to re-use the existing xcconfig files and
+ eliminate the duplication.
+
+ Technically, this patch introduces some build errors because the
+ xcconfig files assume that the xcodeproj file is one level higher in
+ the directory hierarchy. Specifically, the xcodeproj file can no
+ longer find the Info.plist or the prefix header. I plan to fix that in
+ a subsequent patch.
+
+ Also, this patch introduces the Release and Production configurations,
+ which should work correctly now.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-02-28 Jon Honeycutt <jhoneycutt@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ Add symbol to export.
+
+2011-02-28 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make ScopeChainNode GC allocated
+ https://bugs.webkit.org/show_bug.cgi?id=55283
+
+ Simplify lifetime and other issues with the scopechain
+ by making it gc allocated. This allows us to simplify
+ function exit and unwinding, as well as making the
+ current iterative refcounting go away.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::createActivation):
+ * bytecode/StructureStubInfo.cpp:
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::generate):
+ (JSC::BytecodeGenerator::BytecodeGenerator):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+ (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+ * bytecompiler/BytecodeGenerator.h:
+ * debugger/Debugger.cpp:
+ (JSC::Recompiler::operator()):
+ * debugger/DebuggerCallFrame.h:
+ (JSC::DebuggerCallFrame::scopeChain):
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall):
+ * interpreter/CallFrame.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::depth):
+ (JSC::Interpreter::unwindCallFrame):
+ (JSC::Interpreter::throwException):
+ (JSC::Interpreter::execute):
+ (JSC::Interpreter::executeCall):
+ (JSC::Interpreter::executeConstruct):
+ (JSC::Interpreter::privateExecute):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallInitializeCallFrame):
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ (JSC::JIT::compileOpCall):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_end):
+ (JSC::JIT::emit_op_ret):
+ (JSC::JIT::emit_op_ret_object_or_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_end):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * jit/JITStubs.h:
+ * runtime/ArgList.cpp:
+ * runtime/Completion.cpp:
+ (JSC::evaluate):
+ * runtime/Completion.h:
+ * runtime/DateConversion.cpp:
+ * runtime/Executable.cpp:
+ (JSC::EvalExecutable::compileInternal):
+ (JSC::ProgramExecutable::compileInternal):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/FunctionConstructor.cpp:
+ (JSC::constructFunction):
+ * runtime/GCActivityCallbackCF.cpp:
+ * runtime/Identifier.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSChunk.cpp: Added.
+ * runtime/JSChunk.h: Added.
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::markChildren):
+ (JSC::JSFunction::getCallData):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::getConstructData):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::scope):
+ (JSC::JSFunction::setScope):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::markChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+ (JSC::JSGlobalObject::globalScopeChain):
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::globalFuncEval):
+ * runtime/JSLock.cpp:
+ * runtime/JSNumberCell.cpp:
+ * runtime/JSZombie.cpp:
+ * runtime/MarkedBlock.cpp:
+ * runtime/MarkedSpace.cpp:
+ * runtime/PropertyNameArray.cpp:
+ * runtime/ScopeChain.cpp:
+ (JSC::ScopeChainNode::print):
+ (JSC::ScopeChainNode::localDepth):
+ (JSC::ScopeChainNode::markChildren):
+ * runtime/ScopeChain.h:
+ (JSC::ScopeChainNode::ScopeChainNode):
+ (JSC::ScopeChainNode::createStructure):
+ (JSC::ScopeChainNode::push):
+ (JSC::ScopeChainNode::pop):
+ (JSC::ScopeChainIterator::ScopeChainIterator):
+ (JSC::ScopeChainIterator::operator*):
+ (JSC::ScopeChainIterator::operator->):
+ (JSC::ScopeChainIterator::operator++):
+ (JSC::ScopeChainNode::begin):
+ (JSC::ScopeChainNode::end):
+ (JSC::ExecState::globalData):
+ (JSC::ExecState::lexicalGlobalObject):
+ (JSC::ExecState::globalThisValue):
+ * runtime/ScopeChainMark.h:
+ * wtf/DateMath.cpp:
+
+2011-02-27 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible
+ https://bugs.webkit.org/show_bug.cgi?id=55326
+
+ Currently, randomNumber does a bunch of platform-specific work that to
+ get a cryptographic randomness when available. Instead, we should use
+ cryptographicallyRandomNumber, which abstracts this work.
+ Unfortunately, we can't remove all of the WTF::randomNumber
+ implementation because not every port has access to cryptographically
+ random numbers.
+
+ * wtf/RandomNumber.cpp:
+ (WTF::randomNumber):
+
+2011-02-27 Benjamin Poulain <ikipou@gmail.com>
+
+ Reviewed by Darin Adler.
+
+ Eliminate DeprecatedPtrList from RenderBlock
+ https://bugs.webkit.org/show_bug.cgi?id=54972
+
+ Add methods find() and contains() using an adaptor to ListHashSet.
+ Those method are like the one of HashSet, they allow to find objects
+ based on a different key than the one used to define the set.
+
+ Add convenience methods for direct access to the head and tail of the list.
+ Those methods are providing similar API/behavior as Vector.
+
+ * wtf/ListHashSet.h:
+ (WTF::::first):
+ (WTF::::last):
+ (WTF::::removeLast):
+ (WTF::ListHashSetTranslatorAdapter::hash):
+ (WTF::ListHashSetTranslatorAdapter::equal):
+ (WTF::::find):
+ (WTF::::contains):
+
+2011-02-26 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Andreas Kling.
+
+ Add support for DragonFly BSD
+ https://bugs.webkit.org/show_bug.cgi?id=54407
+
+ DragonFly BSD is based on FreeBSD, so handle it like FreeBSD.
+
+ * wtf/Platform.h:
+
+2011-02-26 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Dimitri Glazkov.
+
+ JavaScriptCore should use the xcconfig file instead of importing that information into GYP
+ https://bugs.webkit.org/show_bug.cgi?id=55282
+
+ Technically, this breaks the build because I had removed one of the
+ warnings in this config file, but this change seems like an
+ improvement.
+
+ * gyp/JavaScriptCore.gyp:
+
+2011-02-26 Thouraya ANDOLSI <thouraya.andolsi@st.com>
+
+ Reviewed by Nikolas Zimmermann.
+
+ SH4 JIT SUPPORT
+ https://bugs.webkit.org/show_bug.cgi?id=44329
+
+ Provide an ExecutableAllocater::cacheFlush() implementation for
+ Linux/SH4.
+
+ * jit/ExecutableAllocator.h:
+ (JSC::ExecutableAllocator::cacheFlush):
+
+2011-02-25 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79627.
+ http://trac.webkit.org/changeset/79627
+ https://bugs.webkit.org/show_bug.cgi?id=55274
+
+ broke worker tests (Requested by olliej on #webkit).
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocate):
+ * runtime/Heap.h:
+ * runtime/JSCell.h:
+ (JSC::JSCell::JSCell::operator new):
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::MarkedSpace::allocate):
+ * runtime/MarkedBlock.h:
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+
+2011-02-25 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Leak in JSParser::Scope of ScopeLabelInfo Vector
+ https://bugs.webkit.org/show_bug.cgi?id=55249
+
+ Changed m_labels to be an OwnPtr<>. Added VectorTraits
+ and Scope copy constructor to support this change.
+
+ * parser/JSParser.cpp:
+ (JSC::JSParser::Scope::~Scope):
+
+2011-02-25 Fumitoshi Ukai <ukai@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ WebSocket uses insecure random numbers
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
+
+2011-02-25 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Adam Roben.
+
+ Move timeBeginPeriod into OS(WINDOWS) section
+ https://bugs.webkit.org/show_bug.cgi?id=55247
+
+ * jsc.cpp:
+ (main): timeBeginPeriod is available on all Windows versions and not compiler specific.
+
+2011-02-25 Patrick Gansterer <paroga@webkit.org>
+
+ Unreviewed WinCE build fix for r79695.
+
+ * jsc.cpp:
+ (main): SetErrorMode isn't available on WinCE.
+
+2011-02-25 Adam Roben <aroben@apple.com>
+
+ Work around Cygwin's crash-suppression behavior
+
+ Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will
+ inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be
+ invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode
+ when our test apps launch to work around Cygwin's behavior.
+
+ Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem
+ debugger) when launched from Cygwin 1.7
+
+ Reviewed by Darin Adler.
+
+ * API/tests/testapi.c: Added a now-needed #include.
+ (main):
+ * jsc.cpp:
+ (main):
+ Call ::SetErrorMode(0) to undo Cygwin's folly.
+
+ * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our
+ other projects do so that windows.h won't define min/max macros that interfere with
+ std::numeric_limits<T>::min/max.
+
+2011-02-24 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Add GYP project for JavaScriptCore
+ https://bugs.webkit.org/show_bug.cgi?id=55027
+
+ Again, this GYP files is very rough, but it succeeds in building
+ JavaScriptCore. There's a lot more work to do here, especially in the
+ area of sharing with JavaScriptGlue.gyp. This patch is more of a
+ checkpoint so that other folks can help out if they wish.
+
+ * gyp: Added.
+ * gyp/JavaScriptCore.gyp: Added.
+ * gyp/generate-derived-sources.sh: Added.
+
+2011-02-24 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Add missing files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=55193
+
+ I forgot to add mm files in my previous patch.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+
+2011-02-24 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Remove unused parameter name in GCActivityCallback.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=55194
+
+ This change is not strictly required for the GYP-based build system,
+ but I noticed this error when working on the new build system.
+
+ * runtime/GCActivityCallback.cpp:
+ (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
+
+2011-02-24 James Robinson <jamesr@chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ Add a USE() macro to control use of the built-in UTF8 codec
+ https://bugs.webkit.org/show_bug.cgi?id=55189
+
+ Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi.
+
+ * wtf/Platform.h:
+
+2011-02-24 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Variable-sized allocation (but still capped at 64 bytes)
+ https://bugs.webkit.org/show_bug.cgi?id=55159
+
+ SunSpider reports no change.
+
+ * JavaScriptCore.exp: Some day, I hope not to have to edit this file.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocateSlowCase): Split allocation into a fast and slow
+ case, so the fast case can inline size class selection and turn it into
+ a compile-time constant.
+
+ Changed the collect-on-every allocation debugging switch to collect only
+ on every slow allocation, so you can still flip the switch without
+ recompiling the world. This may also be preferable for debugging purposes,
+ since collecting after every single allocation can be unusably slow,
+ and can mask problems by running destructors early.
+
+ * runtime/Heap.h: Ditto.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::Heap::allocate):
+ (JSC::JSCell::JSCell::operator new): The inlining mentioned above.
+
+ * runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With
+ multiple size classes, allocating a full 256KB for the first allocation
+ in a given class can be pathologically wasteful. (8KB, or 4KB Mac and
+ 8KB Windows, would be even better, but that seems to be a peformance
+ regression for now.)
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::reset): There's more than one size class now, and its
+ cell size is not constant.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass): Ditto.
+
+2011-02-23 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Make WeakGCMap use new handle infrastructure
+ https://bugs.webkit.org/show_bug.cgi?id=55100
+
+ Remove old WeakGCMap implementation and move over to new handle
+ based logic.
+
+ This has a number of benefits, most notably it makes a WeakGCMap
+ always reflect the true state of the world by as all entries are
+ removed at the first gc cycle that makes them dead. This allows
+ us to get rid of code in a wide variety of objects where the only
+ purpose was to remove themselves from maps.
+
+ It also means that we no longer need to have special "unchecked"
+ versions of any functions on WeakGCMap. Alas in order to maintain
+ compatibility with the JSWeakObjectMapClear API it is still
+ necessary to have an api that resembles uncheckedRemove, this is
+ now deprecatedRemove and will be dealt with in a later patch.
+
+ In order to get correct semantics in WeakGCMap we need more
+ contextual information in the finalizer, so we've added an
+ abstract class based finaliser and a context parameter to the
+ calls.
+
+ The new an improved WeakGCMap also results in sigificantly more
+ churn in the weak handle lists so exposed some potential problems
+ during the post mark phase which have been rectified as well.
+
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * API/JSWeakObjectMapRefPrivate.h:
+ * runtime/Heap.cpp:
+ (JSC::Heap::globalObjectCount):
+ (JSC::Heap::protectedGlobalObjectCount):
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * runtime/JSGlobalData.h:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::~JSGlobalObject):
+ (JSC::JSGlobalObject::init):
+ * runtime/WeakGCMap.h:
+ (JSC::WeakGCMap::iterator::iterator):
+ (JSC::WeakGCMap::iterator::get):
+ (JSC::WeakGCMap::iterator::getSlot):
+ (JSC::WeakGCMap::iterator::operator++):
+ (JSC::WeakGCMap::iterator::operator==):
+ (JSC::WeakGCMap::iterator::operator!=):
+ (JSC::WeakGCMap::WeakGCMap):
+ (JSC::WeakGCMap::isEmpty):
+ (JSC::WeakGCMap::clear):
+ (JSC::WeakGCMap::get):
+ (JSC::WeakGCMap::getSlot):
+ (JSC::WeakGCMap::set):
+ (JSC::WeakGCMap::take):
+ (JSC::WeakGCMap::size):
+ (JSC::WeakGCMap::deprecatedRemove):
+ (JSC::WeakGCMap::begin):
+ (JSC::WeakGCMap::end):
+ (JSC::WeakGCMap::~WeakGCMap):
+ (JSC::WeakGCMap::finalize):
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::set):
+
+2011-02-24 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Make weaklist processing deal with weak handles being removed during the iteration
+ https://bugs.webkit.org/show_bug.cgi?id=55105
+
+ It is possible for the handle heap to end up in a broken state if
+ a handle's finalizer removes either the current or next handle
+ to be visited during the post-gc cleanup. This patch removes that
+ problem by allowing the deallocate(Node*) routine to update the
+ iterator if it is called during finalization.
+
+ * collector/handles/HandleHeap.cpp:
+ (JSC::HandleHeap::HandleHeap):
+ (JSC::HandleHeap::updateAfterMark):
+ (JSC::HandleHeap::clearWeakPointers):
+ (JSC::HandleHeap::writeBarrier):
+ (JSC::HandleHeap::protectedGlobalObjectCount):
+ * collector/handles/HandleHeap.h:
+ (JSC::Finalizer::~Finalizer):
+ (JSC::HandleHeap::getFinalizer):
+ (JSC::HandleHeap::deallocate):
+ (JSC::HandleHeap::makeWeak):
+ (JSC::HandleHeap::makeSelfDestroying):
+ (JSC::HandleHeap::Node::Node):
+ (JSC::HandleHeap::Node::setFinalizer):
+ (JSC::HandleHeap::Node::finalizer):
+ (JSC::HandleHeap::Node::finalizerContext):
+ * interpreter/RegisterFile.cpp:
+ (JSC::RegisterFile::setGlobalObject):
+ (JSC::GlobalObjectNotifier::finalize):
+ (JSC::RegisterFile::globalObjectCollectedNotifier):
+ * interpreter/RegisterFile.h:
+ (JSC::RegisterFile::RegisterFile):
+ * runtime/Heap.cpp:
+ (JSC::Heap::destroy):
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::WeakGCPtr):
+ (JSC::WeakGCPtr::set):
+
+2011-02-24 Michael Saboff <msaboff@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd()
+ https://bugs.webkit.org/show_bug.cgi?id=55156
+
+ Added code to delete unneeded PatternAlternative after it is removed
+ from m_alternatives Vector.
+
+ * yarr/YarrPattern.cpp:
+ (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
+
+2011-02-24 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Anders Carlsson.
+
+ VectorBuffer should not call malloc(0)
+ https://bugs.webkit.org/show_bug.cgi?id=55091
+
+ Turns out the malloc() call which was so hot in:
+ https://bugs.webkit.org/show_bug.cgi?id=55005
+ was actually just malloc(0).
+
+ We shouldn't be calling malloc(0) anyway, since there is no need to
+ and it might actually do work on some systems.
+ I believe on Mac it ends up taking the standard spinlocks (expensive)
+ and the code on Brew actually does a malloc(1) instead. Neither is desirable.
+
+ * wtf/Vector.h:
+ (WTF::VectorBufferBase::allocateBuffer):
+ (WTF::VectorBufferBase::tryAllocateBuffer):
+
+2011-02-24 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Remove obsolete PLATFORM(CI)
+ https://bugs.webkit.org/show_bug.cgi?id=55082
+
+ * wtf/Platform.h:
+
+2011-02-24 Martin Robinson <mrobinson@igalia.com>
+
+ Reviewed by Xan Lopez.
+
+ [GTK] Remove the GFile GOwnPtr specialization
+ https://bugs.webkit.org/show_bug.cgi?id=55154
+
+ Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr
+ to track GFiles since they are just regular reference-counted GObjects.
+
+ * wtf/gobject/GOwnPtr.cpp: Remove GFile specialization.
+ * wtf/gobject/GOwnPtr.h: Ditto.
+
+2011-02-24 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Eric Seidel.
+
+ Rename PLATFORM(SKIA) to USE(SKIA)
+ https://bugs.webkit.org/show_bug.cgi?id=55090
+
+ * wtf/Platform.h:
+
+2011-02-24 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Remove pthreads dependecy for JSLock
+ https://bugs.webkit.org/show_bug.cgi?id=54832
+
+ JSLock is only needed to support an obsolete execution model where JavaScriptCore
+ automatically protected against concurrent access from multiple threads.
+ So it's safe to disable it on non-mac platforms where we don't have native pthreads.
+
+ * runtime/JSLock.cpp:
+
+2011-02-24 Chao-ying Fu <fu@mips.com>
+
+ Reviewed by Eric Seidel.
+
+ Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values
+ https://bugs.webkit.org/show_bug.cgi?id=54997
+
+ * jit/JIT.h:
+ * jit/JITStubs.cpp:
+ (JSC::JITThunks::JITThunks):
+
+2011-02-24 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] MinGW build fails to link
+ https://bugs.webkit.org/show_bug.cgi?id=55050
+
+ Prepend the libraries of subcomponents instead of appending them
+ to fix the library order according to the dependency of the libraries
+
+ * JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore
+ * jsc.pro: ditto
+
+2011-02-24 Eric Seidel <eric@webkit.org>
+
+ Reviewed by Adam Barth.
+
+ Deque<T> should support inline capacity
+ https://bugs.webkit.org/show_bug.cgi?id=55032
+
+ The title says it all. There are currently no places
+ which use this code yet, however it's been tested in conjunction
+ with code for bug 55005.
+
+ This also adds an ASSERT that capacity is never 1. If you were able
+ to set the capacity equal to 1, the Deque would just get confused
+ and happily append your item but still think it had size 0.
+
+ * wtf/Deque.h:
+ (WTF::DequeIterator::DequeIterator):
+ (WTF::DequeConstIterator::DequeConstIterator):
+ (WTF::DequeReverseIterator::DequeReverseIterator):
+ (WTF::DequeConstReverseIterator::DequeConstReverseIterator):
+ (WTF::::checkValidity):
+ (WTF::::checkIndexValidity):
+ (WTF::::invalidateIterators):
+ (WTF::::Deque):
+ (WTF::deleteAllValues):
+ (WTF::::operator):
+ (WTF::::destroyAll):
+ (WTF::::~Deque):
+ (WTF::::swap):
+ (WTF::::clear):
+ (WTF::::findIf):
+ (WTF::::expandCapacityIfNeeded):
+ (WTF::::expandCapacity):
+ (WTF::::takeFirst):
+ (WTF::::append):
+ (WTF::::prepend):
+ (WTF::::removeFirst):
+ (WTF::::remove):
+ (WTF::::addToIteratorsList):
+ (WTF::::removeFromIteratorsList):
+ (WTF::::DequeIteratorBase):
+ (WTF::::~DequeIteratorBase):
+ (WTF::::isEqual):
+ (WTF::::increment):
+ (WTF::::decrement):
+ (WTF::::after):
+ (WTF::::before):
+ * wtf/Vector.h:
+
+2011-02-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Ojan Vafai.
+
+ Add missing files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=55020
+
+ gypi files are supposed to list every file under the sun. This patch
+ adds some missing files and sorts the rest.
+
+ * JavaScriptCore.gypi:
+
+2011-02-23 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Refactored MarkedSpace to operate in terms of size classes
+ https://bugs.webkit.org/show_bug.cgi?id=55106
+
+ SunSpider reports no change.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedSpace::sizeClassFor):
+ (JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size
+ class. Since these functions are inline, the compiler can constant fold
+ them.
+
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::cellSize):
+ (JSC::MarkedBlock::size): Factored out a cellSize() helper.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::allocateFromSizeClass):
+ (JSC::MarkedSpace::shrink):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::SizeClass::SizeClass):
+ (JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of
+ abstract SizeClass objects, which are independent linked lists of blocks
+ of a certain size class, instead of a single m_heap object.
+
+2011-02-23 Adam Barth <abarth@webkit.org>
+
+ Reviewed by James Robinson.
+
+ [Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=55093
+
+ Exclude OSRandomSource.cpp from the Chromium build. This function is
+ implemented in WebKit/chromium/src instead.
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2011-02-23 Oliver Hunt <oliver@apple.com>
+
+ Roll out r64156 as it introduces incorrect behaviour.
+
+ * runtime/JSByteArray.h:
+ (JSC::JSByteArray::setIndex):
+
+2011-02-23 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation
+ https://bugs.webkit.org/show_bug.cgi?id=55079
+
+ SunSpider reports no change.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace,
+ since we want Heap to logically control MarkedSpace. MarkedSpace should
+ never choose to sweep itself.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a
+ member of MarkedBlock. No need to reset nextAtom to firstAtom() when
+ we reach the end of a block, since there's now an explicit reset pass
+ during GC.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered
+ some data members to improve cache locality.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an
+ explicit reset pass.
+
+2011-02-23 James Robinson <jamesr@chromium.org>
+
+ Unreviewed, rolling out r79428.
+ http://trac.webkit.org/changeset/79428
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ Does not work in the Chromium sandbox
+
+ * JavaScriptCore.exp:
+
+2011-02-23 Adam Roben <aroben@apple.com>
+
+ Fix an off-by-one error in JSC::appendSourceToError
+
+ Looks like this bug has been around since the code was first added in r35245.
+
+ Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError
+ when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled
+
+ Reviewed by Darin Adler.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the
+ character at stop-1 rather than at stop. At this point in the code, stop represents the
+ index just past the end of the characters we care about, and can even be just past the end
+ of the entire data buffer.
+
+2011-02-23 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Darin Adler.
+
+ Rolled back in r79367 with SnowLeopard Release bot crash fixed.
+ https://bugs.webkit.org/show_bug.cgi?id=54999
+
+ The crash was caused by failure to update the "nextBlock" pointer when
+ removing a block from the list while shrinking. The fix is to update the
+ "nextBlock" pointer.
+
+ This crash was very rare because it only happened in cases where the very
+ first block in the heap contained no marked cells.
+
+2011-02-23 Dan Bernstein <mitz@apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Include frame numbers in backtraces.
+ https://bugs.webkit.org/show_bug.cgi?id=55060
+
+ * wtf/Assertions.cpp:
+
+2011-02-23 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Gavin Barraclough.
+
+ latest jsc for armv7 crashes in sunspider tests
+ https://bugs.webkit.org/show_bug.cgi?id=54667
+
+ Update JIT offset values in ARMv7 after r78732. Fixes crashes in
+ SunSpider and JavaScript tests.
+
+ * jit/JIT.h: update values.
+
+2011-02-23 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79418.
+ http://trac.webkit.org/changeset/79418
+ https://bugs.webkit.org/show_bug.cgi?id=55043
+
+ "breaks shlib linux build" (Requested by morrita on #webkit).
+
+ * JavaScriptCore.gyp/JavaScriptCore.gyp:
+ * JavaScriptCore.gypi:
+
+2011-02-23 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Use DEFINE_STATIC_LOCAL for ignoreSetMutex in Structure.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=54831
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreadingOnce):
+ * runtime/Structure.cpp:
+ (JSC::ignoreSetMutex):
+ (JSC::Structure::Structure):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::initializeThreading):
+ * runtime/Structure.h:
+
+2011-02-23 Patrick Gansterer <paroga@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ Rename PLATFORM(CF) to USE(CF)
+ https://bugs.webkit.org/show_bug.cgi?id=53540
+
+ * runtime/DatePrototype.cpp:
+ * runtime/GCActivityCallbackCF.cpp:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::JSGlobalData):
+ * wtf/CurrentTime.cpp:
+ * wtf/Platform.h:
+ * wtf/text/AtomicString.h:
+ * wtf/text/StringImpl.h:
+ (WTF::StringImpl::computeHash):
+ * wtf/text/WTFString.h:
+ * wtf/unicode/icu/CollatorICU.cpp:
+ (WTF::Collator::userDefault):
+
+2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
+
+ Unreviewed build fix for Windows.
+
+ WebSocket uses insecure random numbers
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export WTF::cryptographicallyRandomNumber()
+
+2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ WebSocket uses insecure random numbers
+ https://bugs.webkit.org/show_bug.cgi?id=54714
+
+ * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
+
+2011-02-22 Adam Barth <abarth@webkit.org>
+
+ Reviewed by Ojan Vafai.
+
+ Add missing files to JavaScriptCore.gypi
+ https://bugs.webkit.org/show_bug.cgi?id=55020
+
+ gypi files are supposed to list every file under the sun. This patch
+ adds some missing files and sorts the rest.
+
+ * JavaScriptCore.gypi:
+
+2011-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79367.
+ http://trac.webkit.org/changeset/79367
+ https://bugs.webkit.org/show_bug.cgi?id=55012
+
+ all layout tests are crashing on Snow Leopard (Requested by
+ rniwa on #webkit).
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * runtime/MarkedBlock.h:
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::freeBlock):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::shrink):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::collectorBlock):
+ * wtf/CMakeLists.txt:
+ * wtf/DoublyLinkedList.h: Removed.
+
+2011-02-22 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
+ https://bugs.webkit.org/show_bug.cgi?id=54999
+
+ SunSpider reports no change.
+
+ * GNUmakefile.am:
+ * JavaScriptCore.gypi:
+ * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time.
+ * wtf/CMakeLists.txt:
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::setPrev):
+ (JSC::MarkedBlock::setNext):
+ (JSC::MarkedBlock::prev):
+ (JSC::MarkedBlock::next): Added linked list data members and accessors.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy):
+ (JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore.
+
+ (JSC::MarkedSpace::freeBlocks): New helper function for updating relevant
+ data structures when freeing blocks.
+
+ (JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and
+ not a vector index.
+
+ (JSC::MarkedSpace::shrink): Construct a temporary list of empties and
+ then free them, to avoid modifying our hash table while iterating it.
+ This wasn't a concern before because we were using indirect array
+ indexing, not direct pointer indexing.
+
+ (JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and
+ not a vector index.
+
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list.
+
+ * wtf/DoublyLinkedList.h: Added. New linked list class.
+ (WTF::::DoublyLinkedList):
+ (WTF::::isEmpty):
+ (WTF::::head):
+ (WTF::::append):
+ (WTF::::remove):
+
+2011-02-22 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-22 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 54988 - Re-create StructureTransitionTable class, encapsulate transition table
+
+ The Structure class keeps a table of transitions to derived Structure types. Since
+ this table commonly contains a single entry we employ an optimization where instead
+ of holding a map, we may hold a pointer directly to a single instance of the mapped
+ type. We use an additional bit of data to flag whether the pointer is currently
+ pointing to a table of transitions, or a singleton transition. Previously we had
+ commonly used a pattern of storing data in the low bits of pointers, but had moved
+ away from this since it causes false leaks to be reported by the leaks tool. However
+ in this case, the entries in the map are weak links - this pointer will never be
+ responsible for keeping an object alive. As such we can use this approach provided
+ that the bit is set when a table is not in use (otherwise the table would appear to
+ be leaked).
+
+ Additionally, the transition table currently allows two entries to exist for a given
+ key - one specialized to a particular value, and one not specialized. This is
+ unnecessary, wasteful, and a little inconsistent. (If you create an entry for a
+ specialized value, then a non-specialized entry, both will exist. If you create an
+ entry for a non-specialized value, then try to create a specialized entry, only a
+ non-specialized form will be allowed.)
+
+ This shows a small progression on v8.
+
+ * JavaScriptCore.exp:
+ * runtime/JSObject.h:
+ (JSC::JSObject::putDirectInternal):
+ * runtime/Structure.cpp:
+ (JSC::StructureTransitionTable::contains):
+ (JSC::StructureTransitionTable::get):
+ (JSC::StructureTransitionTable::remove):
+ (JSC::StructureTransitionTable::add):
+ (JSC::Structure::dumpStatistics):
+ (JSC::Structure::Structure):
+ (JSC::Structure::~Structure):
+ (JSC::Structure::addPropertyTransitionToExistingStructure):
+ (JSC::Structure::addPropertyTransition):
+ * runtime/Structure.h:
+ (JSC::Structure::get):
+ * runtime/StructureTransitionTable.h:
+ (JSC::StructureTransitionTable::Hash::hash):
+ (JSC::StructureTransitionTable::Hash::equal):
+ (JSC::StructureTransitionTable::HashTraits::emptyValue):
+ (JSC::StructureTransitionTable::HashTraits::constructDeletedValue):
+ (JSC::StructureTransitionTable::HashTraits::isDeletedValue):
+ (JSC::StructureTransitionTable::StructureTransitionTable):
+ (JSC::StructureTransitionTable::~StructureTransitionTable):
+ (JSC::StructureTransitionTable::isUsingSingleSlot):
+ (JSC::StructureTransitionTable::map):
+ (JSC::StructureTransitionTable::setMap):
+ (JSC::StructureTransitionTable::singleTransition):
+ (JSC::StructureTransitionTable::setSingleTransition):
+
+2011-02-22 Andras Becsi <abecsi@webkit.org>
+
+ Reviewed by Laszlo Gombos.
+
+ [Qt] Redesign the build system
+ https://bugs.webkit.org/show_bug.cgi?id=51339
+
+ Part 2.
+
+ Build WebCore as a static library, compile the WebKit API and WebKit2 API
+ in a final step and link to WebKit2, WebCore and JSC libraries to fix
+ linking issues resulting from stripped away symbols.
+
+ * JavaScriptCore.pri: Remove the workaround.
+
+2011-02-21 Adam Roben <aroben@apple.com>
+
+ Fix linker warning on Windows
+
+ r79135 tried to export JSObject::s_info by adding it to JavaScriptCore.def. This is the
+ obvious way (since it's how we export functions), but unfortunately it doesn't work correct.
+ r79222 made us export it the right way (using the JS_EXPORTDATA macro), but forgot to remove
+ it from JavaScriptCore.def. This caused us to get linker warnings about exporting the symbol
+ multiple times.
+
+ Rubber-stamped by Anders Carlsson.
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSObject::s_info.
+
+2011-02-21 Brian Weinstein <bweinstein@apple.com>
+
+ Reviewed by Adam Roben.
+
+ WebResourceCacheManager should be responsible for managing the CFURLCache as well
+ as the WebCore memory cache.
+ https://bugs.webkit.org/show_bug.cgi?id=54886
+ Part of <rdar://problem/8971738>
+
+ Add a new use flag for using the CFURLCache.
+
+ * wtf/Platform.h:
+
+2011-02-21 Xan Lopez <xlopez@igalia.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Use ASSERT_JIT_OFFSET in JITPropertyAccess32_64.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=54901
+
+ * jit/JIT.h: swap actual and expected values in message, they were
+ reversed.
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall): use ASSERT_JIT_OFFSET instead of
+ a simple ASSERT.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_method_check): ditto.
+ (JSC::JIT::compileGetByIdHotPath): ditto.
+ (JSC::JIT::compileGetByIdSlowCase): ditto.
+ (JSC::JIT::emit_op_put_by_id): ditto.
+
+2011-02-21 Gavin Barraclough <barraclough@apple.com>
+
+ Ruber stamped by Sam Weinig
+
+ Bug 54899 - Math.LOG10E should be 0.4342944819032518
+ This value is quoted in section 15.8.1.5 of the spec.
+
+ * runtime/MathObject.cpp:
+ (JSC::MathObject::MathObject):
+
+2011-02-21 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 54894 - Make inheritance structure described by ClassInfo match C++ class hierarchy.
+
+ The ClassInfo objects describe an inheritance hierarchy, with each ClassInfo instance
+ containing a pointer to its parent class. These links should reflect the inheritance
+ hierarchy of C++ classes below JSObject. For the large part it does, but in some cases
+ entries in the C++ hierarchy are skipped over. This presently likely doesn't matter,
+ since intervening C++ classes may not have ClassInfo - but would be a potential bug
+ were ClassInfo were to be added.
+
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackObjectFunctions.h:
+ * runtime/Arguments.h:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/BooleanObject.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DatePrototype.cpp:
+ * runtime/ErrorInstance.cpp:
+ * runtime/InternalFunction.cpp:
+ * runtime/JSActivation.cpp:
+ * runtime/JSArray.cpp:
+ * runtime/JSFunction.cpp:
+ * runtime/JSONObject.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSZombie.h:
+ * runtime/MathObject.cpp:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberObject.cpp:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpObject.cpp:
+ * runtime/StringObject.cpp:
+ * runtime/StringPrototype.cpp:
+
+2011-02-21 Adam Roben <aroben@apple.com>
+
+ Export JSObject::s_info from JavaScriptCore.dll
+
+ This matches what we do for all other ClassInfo objects that WebCore needs access to.
+
+ Fixes <http://webkit.org/b/54881> REGRESSION (r79132): Lots of tests crashing in
+ JSCell::inherits on Windows
+
+ Reviewed by Sam Weinig.
+
+ * runtime/JSObject.h: Added JS_EXPORTDATA to s_info.
+
+2011-02-21 Kristian Amlie <kristian.amlie@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ Switched to compiler based detection, where the error actually is.
+
+ It is not the platform that needs the workaround, it is the compiler.
+
+ QtWebKit fails to compile on Windows XP with msvc-2008
+ https://bugs.webkit.org/show_bug.cgi?id=54746
+
+ * bytecode/CodeBlock.h:
+ * runtime/RegExpObject.h:
+
+2011-02-20 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ https://bugs.webkit.org/show_bug.cgi?id=54839
+ Remove PrototypeFunction, NativeFunctionWrapper, and GlobalEvalFunction.
+
+ Historically, Native functions used to be represented by PrototypeFunctions, however
+ since introducing call optimizations to the JIT this has used JSFunctions for host
+ calls too. At the point this change was made, the interpreter continued to use
+ PrototypeFunctions, however since fallback from the JIT to interpreter was introduced
+ the interpreter has had to be able to run using host functions represented using
+ JSFunctions - leading to an unnecessary and redundant divergence in behaviour between
+ interpreter only builds, and situations where the JIT has fallen back to interpreting.
+
+ NativeFunctionWrapper only existed to select between PrototypeFunction and JSFunction
+ for wrappers for host functions, and as such can also be removed.
+
+ GlobalEvalFunction is a redundant wrapper that happens to be derived from
+ PrototypeFunction. It existed to hold a reference to the global object - but since all
+ functions how derive from JSObjectWithGlobalObject, this no longer requires an
+ additional class to provide this functionality.
+
+ * JavaScriptCore.JSVALUE32_64only.exp:
+ * JavaScriptCore.JSVALUE64only.exp:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ Removed symbols / references to files.
+
+ * runtime/GlobalEvalFunction.cpp: Removed.
+ * runtime/GlobalEvalFunction.h: Removed.
+ * runtime/NativeFunctionWrapper.h: Removed.
+ * runtime/PrototypeFunction.cpp: Removed.
+ * runtime/PrototypeFunction.h: Removed.
+ Removed.
+
+ * runtime/Executable.cpp:
+ (JSC::NativeExecutable::~NativeExecutable):
+ * runtime/Executable.h:
+ (JSC::NativeExecutable::create):
+ (JSC::NativeExecutable::NativeExecutable):
+ (JSC::JSFunction::nativeFunction):
+ * runtime/JSFunction.cpp:
+ (JSC::callHostFunctionAsConstructor):
+ (JSC::JSFunction::JSFunction):
+ (JSC::JSFunction::getCallData):
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ (JSC::JSGlobalData::getHostFunction):
+ * runtime/JSGlobalData.h:
+ (JSC::JSGlobalData::getCTIStub):
+ Added interpreter-friendly constructors for NativeExecutables.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ * interpreter/Interpreter.cpp:
+ * jit/JITStubs.cpp:
+ * jsc.cpp:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/BooleanPrototype.h:
+ * runtime/CallData.h:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateConstructor.h:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/ErrorPrototype.h:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSGlobalObjectFunctions.cpp:
+ * runtime/Lookup.cpp:
+ * runtime/NumberPrototype.cpp:
+ * runtime/NumberPrototype.h:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectConstructor.h:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/ObjectPrototype.h:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/RegExpPrototype.h:
+ * runtime/SmallStrings.h:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringConstructor.h:
+ Removed use of redundant classes.
+
+2011-02-19 Laszlo Gombos <laszlo.1.gombos@nokia.com>
+
+ Unreviewed build fix for Symbian.
+
+ [Symbian] Revert the removal of linking
+ against hal after r79126.
+
+ Dependency on the hal library can not be removed
+ as it is still used (e.g. in MarkStackSymbian.cpp).
+
+ * JavaScriptCore.pri:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Interpreter build fix.
+
+ * runtime/ArrayConstructor.cpp:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/Lookup.cpp:
+ * runtime/NumberPrototype.cpp:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/StringConstructor.cpp:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix!!
+
+ * JavaScriptCore.exp:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix!!
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Windows build fix!
+
+ * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2011-02-19 Gavin Barraclough <barraclough@apple.com>
+
+ Build fix!
+
+ * JavaScriptCore.exp:
+
+2011-02-18 Gavin Barraclough <barraclough@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Bug 54786 - Devirtualize JSCell::classInfo()
+
+ Instead of making a virtual function call, add a pointer to the ClassInfo
+ onto Structure.
+
+ This removes a virtual function call, and paves the way towards removing all
+ the createStructure methods, and StructureFlags/AnonymousSlotCount properties
+ (these should be able to move onto ClassInfo).
+
+ Calls to Structure::create must now pass a pointer to the ClassInfo for the
+ structure. All objects now have a ClassInfo pointer, non-object cell types
+ still do not.
+
+ Changes are most mechanical, involving three steps:
+ * Remove virtual classInfo() methods.
+ * Add &s_info parameter to calls to Structure::create.
+ * Rename ClassInfo static members on classes from 'info' to 's_info',
+ for consistency.
+
+ * API/JSCallbackConstructor.cpp:
+ * API/JSCallbackConstructor.h:
+ * API/JSCallbackFunction.cpp:
+ * API/JSCallbackFunction.h:
+ * API/JSCallbackObject.cpp:
+ * API/JSCallbackObject.h:
+ * API/JSCallbackObjectFunctions.h:
+ * API/JSObjectRef.cpp:
+ * API/JSValueRef.cpp:
+ * API/JSWeakObjectMapRefPrivate.cpp:
+ * JavaScriptCore.exp:
+ * debugger/Debugger.cpp:
+ * debugger/DebuggerActivation.h:
+ * debugger/DebuggerCallFrame.cpp:
+ * interpreter/Interpreter.cpp:
+ * jit/JITCall32_64.cpp:
+ * jit/JITOpcodes.cpp:
+ * jit/JITStubs.cpp:
+ * profiler/Profiler.cpp:
+ * runtime/Arguments.cpp:
+ * runtime/Arguments.h:
+ * runtime/ArrayConstructor.cpp:
+ * runtime/ArrayPrototype.cpp:
+ * runtime/ArrayPrototype.h:
+ * runtime/BooleanObject.cpp:
+ * runtime/BooleanObject.h:
+ * runtime/BooleanPrototype.cpp:
+ * runtime/DateConstructor.cpp:
+ * runtime/DateInstance.cpp:
+ * runtime/DateInstance.h:
+ * runtime/DatePrototype.cpp:
+ * runtime/DatePrototype.h:
+ * runtime/ErrorInstance.cpp:
+ * runtime/ErrorInstance.h:
+ * runtime/ErrorPrototype.cpp:
+ * runtime/FunctionPrototype.cpp:
+ * runtime/FunctionPrototype.h:
+ * runtime/GetterSetter.h:
+ * runtime/GlobalEvalFunction.h:
+ * runtime/InternalFunction.cpp:
+ * runtime/InternalFunction.h:
+ * runtime/JSAPIValueWrapper.h:
+ * runtime/JSActivation.cpp:
+ * runtime/JSActivation.h:
+ * runtime/JSArray.cpp:
+ * runtime/JSArray.h:
+ * runtime/JSByteArray.cpp:
+ * runtime/JSByteArray.h:
+ * runtime/JSCell.cpp:
+ * runtime/JSCell.h:
+ * runtime/JSFunction.cpp:
+ * runtime/JSFunction.h:
+ * runtime/JSGlobalData.cpp:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ * runtime/JSNotAnObject.h:
+ * runtime/JSONObject.cpp:
+ * runtime/JSONObject.h:
+ * runtime/JSObject.cpp:
+ * runtime/JSObject.h:
+ * runtime/JSObjectWithGlobalObject.h:
+ * runtime/JSPropertyNameIterator.h:
+ * runtime/JSStaticScopeObject.h:
+ * runtime/JSString.h:
+ * runtime/JSVariableObject.h:
+ * runtime/JSWrapperObject.h:
+ * runtime/JSZombie.cpp:
+ * runtime/JSZombie.h:
+ * runtime/Lookup.cpp:
+ * runtime/MathObject.cpp:
+ * runtime/MathObject.h:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/NumberConstructor.cpp:
+ * runtime/NumberConstructor.h:
+ * runtime/NumberObject.cpp:
+ * runtime/NumberObject.h:
+ * runtime/NumberPrototype.cpp:
+ * runtime/ObjectConstructor.cpp:
+ * runtime/ObjectPrototype.cpp:
+ * runtime/RegExpConstructor.cpp:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpObject.cpp:
+ * runtime/RegExpObject.h:
+ * runtime/RegExpPrototype.cpp:
+ * runtime/ScopeChain.cpp:
+ * runtime/StringConstructor.cpp:
+ * runtime/StringObject.cpp:
+ * runtime/StringObject.h:
+ * runtime/StringObjectThatMasqueradesAsUndefined.h:
+ * runtime/StringPrototype.cpp:
+ * runtime/StringPrototype.h:
+ * runtime/Structure.cpp:
+ * runtime/Structure.h:
+
+2011-02-19 David Kilzer <ddkilzer@apple.com>
+
+ <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc
+
+ Reviewed by Dan Bernstein.
+
+ * Configurations/Base.xcconfig: Added
+ JAVASCRIPTCORE_FRAMEWORKS_DIR variable.
+ * Configurations/JavaScriptCore.xcconfig: Used
+ JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH.
+ * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
+ for Production configuration of jsc target.
+ (Copy Into Framework): Removed old build phase.
+ (Fix Framework Reference): Renamed build phase to "Copy Into
+ Framework". Added "set -x" call to make the script print the
+ commands it is running. Added code to exit early for Production
+ builds since this was never intended for them. Added code to
+ copy jsc into the JavaScriptCore.framework/Resources directory.
+
+2011-02-19 Siddharth Mathur <siddharth.mathur@nokia.com>
+
+ Reviewed by Laszlo Gombos.
+
+ [Symbian] OSAllocator implementation for Symbian OS.
+ Manages both data and code region requests. V8 and Sunspider tested
+ OK with interpreter. Not tested with JSC JIT yet as it has unrelated
+ failures. Also no thread safety yet.
+ https://bugs.webkit.org/show_bug.cgi?id=51128
+
+ * JavaScriptCore.pri: removed HAL linkage
+ * wtf/Bitmap.h:
+ (WTF::::findRunOfZeros): find run of zeros in a bitmap. quick n dirty
+ * wtf/OSAllocator.h:
+ (WTF::OSAllocator::decommitAndRelease): decommit explicitly
+ * wtf/OSAllocatorSymbian.cpp: Impl. of OSAllocator interface
+ (WTF::allocateCodeChunk): utility for code chunks
+ (WTF::deallocateCodeChunk): utility for code chunks
+ (WTF::dataAllocatorInstance): getter for data allocator instance
+ (WTF::OSAllocator::reserveUncommitted):
+ (WTF::OSAllocator::releaseDecommitted):
+ (WTF::OSAllocator::commit):
+ (WTF::OSAllocator::decommit):
+ (WTF::OSAllocator::reserveAndCommit):
+ (WTF::PageAllocatorSymbian::PageAllocatorSymbian): maps requests
+ to one underlying Symbian chunk
+ (WTF::PageAllocatorSymbian::~PageAllocatorSymbian):
+ (WTF::PageAllocatorSymbian::reserve):
+ (WTF::PageAllocatorSymbian::release):
+ (WTF::PageAllocatorSymbian::commit):
+ (WTF::PageAllocatorSymbian::decommit):
+ (WTF::PageAllocatorSymbian::contains):
+ * wtf/PageAllocatorSymbian.h: Added.
+ (WTF::SymbianChunk::SymbianChunk): wrapper around RChunk
+ (WTF::SymbianChunk::~SymbianChunk):
+ (WTF::SymbianChunk::contains):
+
+2011-02-19 Yong Li <yoli@rim.com>
+
+ Reviewed by Eric Seidel.
+
+ https://bugs.webkit.org/show_bug.cgi?id=54687
+ When being built with armcc, "int" bit fields are treated as
+ unsigned integers, which will fail the comparisons like "m_offset == -1".
+ Using "signed" fixes the problem.
+
+ * assembler/ARMAssembler.h:
+ * assembler/ARMv7Assembler.h:
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Made MarkedSpace block iteration size-class agnostic
+ https://bugs.webkit.org/show_bug.cgi?id=54792
+
+ SunSpider reports no change.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::clearMarks):
+ (JSC::MarkedSpace::sweep):
+ (JSC::MarkedSpace::objectCount):
+ (JSC::MarkedSpace::size):
+ (JSC::MarkedSpace::capacity):
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::forEach): Iterate blocks in hashing order instead of
+ size class list order. This is a much simpler convention in a world
+ of many different size classes.
+
+2011-02-18 Kristian Amlie <kristian.amlie@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ Added friend exception to Qt platform, which also compiles Windows.
+
+ QtWebKit fails to compile on Windows XP with msvc-2008
+ https://bugs.webkit.org/show_bug.cgi?id=54746
+
+ * bytecode/CodeBlock.h:
+ * runtime/RegExpObject.h:
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ (Rolled back in r79022 with crash fixed.)
+
+ Reviewed by Sam Weinig.
+
+ Use hashing instead of linear search in the conservative pointer test
+ https://bugs.webkit.org/show_bug.cgi?id=54767
+
+ SunSpider reports no change.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::destroy): No need to explicitly clear the blocks array,
+ since freeBlock removes items for us.
+
+ (JSC::MarkedSpace::freeBlock): Fixed a typo that always removed the last
+ block from the block set instead of the block being freed. Changed to
+ remove a block from our data structures before deallocating it, since
+ this is slightly cleaner.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains): Variable-sized objects will use more,
+ smaller blocks, so it's important for the contains check not to be O(n)
+ in the number of blocks.
+
+2011-02-18 chris reiss <christopher.reiss@nokia.com>
+
+ Reviewed by Andreas Kling.
+
+ REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
+ https://bugs.webkit.org/show_bug.cgi?id=49989
+
+ updated test fast/js/script-tests/date-parse-test.js
+
+ * wtf/DateMath.cpp:
+ (WTF::parseDateFromNullTerminatedCharacters):
+
+2011-02-18 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r79022.
+ http://trac.webkit.org/changeset/79022
+ https://bugs.webkit.org/show_bug.cgi?id=54775
+
+ It broke the whole world (Requested by Ossy on #webkit).
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains):
+
+2011-02-18 Yael Aharon <yael.aharon@nokia.com>
+
+ Reviewed by Dave Hyatt.
+
+ Add support for dir=auto
+ https://bugs.webkit.org/show_bug.cgi?id=50916
+
+ Change defaultWritingDirection() to return if the writing direction
+ was determined from a letter with strong directionality or not.
+
+ * JavaScriptCore.exp:
+ * JavaScriptCore.order:
+ * wtf/text/StringImpl.cpp:
+ (WTF::StringImpl::defaultWritingDirection):
+ * wtf/text/StringImpl.h:
+ * wtf/text/WTFString.h:
+ (WTF::String::defaultWritingDirection):
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Use hashing instead of linear search in the conservative pointer test
+ https://bugs.webkit.org/show_bug.cgi?id=54767
+
+ SunSpider reports no change.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains): Variable-sized objects will use more,
+ smaller blocks, so it's important for the contains check not to be O(n)
+ in the number of blocks.
+
+2011-02-18 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Tightened some usage accounting code in MarkedSpace
+ https://bugs.webkit.org/show_bug.cgi?id=54761
+
+ SunSpider reports no change.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::Heap): Initialize the marked space high water mark on
+ construction, instead of relying on some implicit subtleties to make
+ not initializing it work out OK.
+
+ * runtime/Heap.h: Fixed up includes.
+
+ * runtime/MarkedBlock.h: Made firstAtom() static so clients can call it
+ even without having allocated a block.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace): Don't pre-allocate a block, since this
+ would be prohibitively expensive with multiple size classes.
+
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::freeBlock): Track allocated blocks in a hash set,
+ since linear search in the contains check will be prohibitively
+ expensive once we're using lots of smaller blocks.
+
+ (JSC::MarkedSpace::allocate): Don't assume that we always have a block
+ allocated, since we don't anymore. (See above.)
+
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h: Updated for changes mentioned above.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Made object allocation secretly variable-sized (Shhhh!)
+ https://bugs.webkit.org/show_bug.cgi?id=54721
+
+ SunSpider reports no change.
+
+ Internally, MarkedBlock now makes variable-sized allocations, even
+ though MarkedSpace doesn't take advantage of this yet.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are
+ fixed-sized.
+
+ * runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things
+ that are not multiples of 64 bytes.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Fixed some math errors when when using variable-sized cells
+ https://bugs.webkit.org/show_bug.cgi?id=54717
+
+ SunSpider reports no change.
+
+ Computer Science Barbie says, "Math is not so hard afterall!"
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Round up when calculating the
+ minimum number of atoms required for a cell, since rounding down
+ will get you splinched.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests
+ because m_endAtom is actually a fuzzy end -- iterating from firstAtom()
+ may not hit m_endAtom exactly.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ A little more abstraction for MarkedSpace::contains
+ https://bugs.webkit.org/show_bug.cgi?id=54715
+
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::contains): Added a contains function, so MarkedSpace
+ doesn't have to know how MarkedBlock tracks containment internally.
+
+ * runtime/MarkedSpace.h:
+ (JSC::MarkedSpace::contains): Call through to MarkedBlock to figure out
+ if a cell that seems to be in a block is valid.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Removed the invariant that the last cell in a block is always marked
+ https://bugs.webkit.org/show_bug.cgi?id=54713
+
+ SunSpider reports no change.
+
+ This adds one branch to allocation, but simplifies the mark invariant,
+ especially in a world of variable-sized cells. Now, it really is true
+ that any cell whose mark bit is set is a valid, live cell whose
+ constructor has run and whose destructor has not run.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while
+ since we can no longer rely on a set mark bit to break out of this loop
+ before it reaches the end of the block.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::isEmpty):
+ (JSC::MarkedBlock::clearMarks):
+ (JSC::MarkedBlock::markCount):
+ (JSC::MarkedBlock::forEach): No need to set a special last mark bit.
+
+2011-02-17 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r78856 and r78907.
+ http://trac.webkit.org/changeset/78856
+ http://trac.webkit.org/changeset/78907
+ https://bugs.webkit.org/show_bug.cgi?id=54705
+
+ These seem to break tests on 32-bit builds. (Requested by
+ aroben on #webkit).
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * collector/handles/Global.h:
+ (JSC::Global::internalSet):
+ * collector/handles/Handle.h:
+ (JSC::HandleTypes::getFromSlot):
+ (JSC::HandleTypes::toJSValue):
+ (JSC::HandleTypes::validateUpcast):
+ (JSC::HandleConverter::operator->):
+ (JSC::HandleConverter::operator*):
+ (JSC::Handle::Handle):
+ (JSC::Handle::get):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sortNumeric):
+ * runtime/JSObject.h:
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ * runtime/SlotAccessor.h: Removed.
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::get):
+ (JSC::WeakGCPtr::internalSet):
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::operator*):
+ (JSC::DeprecatedPtr::operator->):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
+ (JSC::DeprecatedPtr::operator!):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::operator*):
+ (JSC::WriteBarrierBase::operator->):
+ (JSC::WriteBarrierBase::clear):
+ (JSC::WriteBarrierBase::slot):
+ (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
+ (JSC::WriteBarrierBase::operator!):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+ (JSC::WriteBarrier::WriteBarrier):
+
+2011-02-17 Csaba Osztrogonác <ossy@webkit.org>
+
+ Unreviewed.
+
+ [Qt] Buildfix.
+
+ * wtf/RetainPtr.h: Add missing PLATFORM(CF) guard.
+
+2011-02-17 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Oliver Hunt.
+
+ Made MarkedBlock variable-sized
+ https://bugs.webkit.org/show_bug.cgi?id=54692
+
+ SunSpider reports no change.
+
+ Each MarkedBlock is now composed of a set of fixed-sized atoms, with one
+ mark bit per atom. A given cell may be composed of one or more atoms.
+
+ * runtime/Heap.cpp:
+ (JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace,
+ bubbling it up from MarkedBlock, since MarkedBlock now supports variable-
+ sizedness.
+
+ * runtime/JSCell.h:
+ (JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and
+ (implicit) one constants -- these quantities are not constant anymore.
+ Updated for switch from cell to atom.
+
+ * runtime/MarkedBlock.cpp:
+ (JSC::MarkedBlock::create):
+ (JSC::MarkedBlock::destroy):
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::sweep):
+ * runtime/MarkedBlock.h:
+ (JSC::MarkedBlock::firstAtom):
+ (JSC::MarkedBlock::atoms):
+ (JSC::MarkedBlock::isAtomAligned):
+ (JSC::MarkedBlock::blockFor):
+ (JSC::MarkedBlock::isEmpty):
+ (JSC::MarkedBlock::clearMarks):
+ (JSC::MarkedBlock::size):
+ (JSC::MarkedBlock::capacity):
+ (JSC::MarkedBlock::atomNumber):
+ (JSC::MarkedBlock::isMarked):
+ (JSC::MarkedBlock::testAndSetMarked):
+ (JSC::MarkedBlock::setMarked):
+ (JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE
+ and BLOCK_SIZE, and switched away from calling arbitrary pointers cells.
+
+ * runtime/MarkedSpace.cpp:
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::allocateBlock):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::reset):
+ * runtime/MarkedSpace.h:
+ (JSC::CollectorHeap::CollectorHeap):
+ (JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness
+ a property of MarkedSpace.
+
+2011-02-17 Oliver Hunt <oliver@apple.com>
+
+ Attempt to fix windows build
+
+ * runtime/WriteBarrier.h:
+
+2011-02-17 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Geoffrey Garen.
+
+ Refactor WriteBarrier and DeprecatedPtr to have less code duplication.
+ https://bugs.webkit.org/show_bug.cgi?id=54608
+
+ Make use of the tricks used for Handle, et al to avoid duplicating all
+ of the logic for DeprecatedPtr and WriteBarrier simply to support known
+ vs. unknown types.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * collector/handles/Global.h:
+ (JSC::Global::internalSet):
+ * collector/handles/Handle.h:
+ (JSC::Handle::Handle):
+ (JSC::Handle::get):
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::sortNumeric):
+ * runtime/JSObject.h:
+ (JSC::JSObject::inlineGetOwnPropertySlot):
+ * runtime/SlotAccessor.h: Added.
+ (JSC::SlotTypes::getFromBaseType):
+ (JSC::SlotTypes::convertToBaseType):
+ (JSC::SlotTypes::getFromSlot):
+ (JSC::SlotTypes::toJSValue):
+ (JSC::SlotTypes::validateUpcast):
+ (JSC::SlotAccessor::operator->):
+ (JSC::SlotAccessor::operator*):
+ * runtime/WeakGCPtr.h:
+ (JSC::WeakGCPtr::get):
+ (JSC::WeakGCPtr::internalSet):
+ * runtime/WriteBarrier.h:
+ (JSC::DeprecatedPtr::DeprecatedPtr):
+ (JSC::DeprecatedPtr::get):
+ (JSC::DeprecatedPtr::slot):
+ (JSC::DeprecatedPtr::operator=):
+ (JSC::WriteBarrierTranslator::convertToStorage):
+ (JSC::WriteBarrierTranslator::convertFromStorage):
+ (JSC::WriteBarrierBase::set):
+ (JSC::WriteBarrierBase::get):
+ (JSC::WriteBarrierBase::clear):
+ (JSC::WriteBarrierBase::slot):
+ (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
+ (JSC::WriteBarrierBase::operator!):
+ (JSC::WriteBarrierBase::setWithoutWriteBarrier):
+ (JSC::WriteBarrier::WriteBarrier):
+
+2011-02-17 Kevin Ollivier <kevino@theolliviers.com>
+
+ [wx] Revert incorrect blind fix and restore previous working code.
+
+ * wtf/wx/StringWx.cpp:
+ (WTF::String::String):
+
+2011-02-16 Geoffrey Garen <ggaren@apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ Intermittent crashes beneath MarkStack::drain
+ https://bugs.webkit.org/show_bug.cgi?id=54614
+ <rdar://problem/8971070>
+
+ The crashes were caused by a GC happening after the global object's
+ property table had grown (due to compilation), but before the properties
+ had been fully initialized by program execution.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::BytecodeGenerator): Explicitly resize the global
+ object's register storage immediately, without waiting for program
+ execution to do it for us. This ensures that the global object's count
+ of global variables is consistent with the size of its global variable
+ storage at all times, and it ensures that all global variables are
+ properly initialized from the get-go.
+
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::resizeRegisters):
+ * runtime/JSGlobalObject.h: Added a helper function for growing the
+ global object's register storage, and initializing new registers.
+
+== Rolled over to ChangeLog-2011-02-16 ==
diff --git a/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig b/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
index 84c9ee23e..fc1a6952f 100644
--- a/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
+++ b/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
@@ -36,8 +36,10 @@ ENABLE_ACCELERATED_2D_CANVAS = ;
ENABLE_ANIMATION_API = ;
ENABLE_BLOB = ENABLE_BLOB;
ENABLE_CHANNEL_MESSAGING = ENABLE_CHANNEL_MESSAGING;
+ENABLE_CSS3_FLEXBOX = ENABLE_CSS3_FLEXBOX;
+ENABLE_CSS_EXCLUSIONS = ENABLE_CSS_EXCLUSIONS;
ENABLE_CSS_FILTERS = ENABLE_CSS_FILTERS;
-ENABLE_CSS_GRID_LAYOUT = ENABLE_CSS_GRID_LAYOUT;
+ENABLE_CSS_REGIONS = ENABLE_CSS_REGIONS;
ENABLE_CSS_VARIABLES = ;
ENABLE_DASHBOARD_SUPPORT = $(ENABLE_DASHBOARD_SUPPORT_$(REAL_PLATFORM_NAME));
ENABLE_DASHBOARD_SUPPORT_macosx = ENABLE_DASHBOARD_SUPPORT;
@@ -49,6 +51,7 @@ ENABLE_DIRECTORY_UPLOAD = ;
ENABLE_FILE_SYSTEM = ;
ENABLE_FILTERS = $(ENABLE_FILTERS_$(REAL_PLATFORM_NAME));
ENABLE_FILTERS_macosx = ENABLE_FILTERS;
+ENABLE_FONT_BOOSTING = ;
ENABLE_FULLSCREEN_API = ENABLE_FULLSCREEN_API;
ENABLE_GAMEPAD = ;
ENABLE_GEOLOCATION = ENABLE_GEOLOCATION;
@@ -123,4 +126,4 @@ ENABLE_WEB_TIMING = ;
ENABLE_WORKERS = ENABLE_WORKERS;
ENABLE_XSLT = ENABLE_XSLT;
-FEATURE_DEFINES = $(ENABLE_3D_RENDERING) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ANIMATION_API) $(ENABLE_BLOB) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CSS_FILTERS) $(ENABLE_CSS_GRID_LAYOUT) $(ENABLE_CSS_SHADERS) $(ENABLE_CSS_VARIABLES) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATALIST) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DETAILS) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_DIRECTORY_UPLOAD) $(ENABLE_FILE_SYSTEM) $(ENABLE_FILTERS) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_HIGH_DPI_CANVAS) $(ENABLE_ICONDATABASE) $(ENABLE_IFRAME_SEAMLESS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_SPEECH) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_JAVASCRIPT_DEBUGGER) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LINK_PREFETCH) $(ENABLE_LINK_PRERENDER) $(ENABLE_MATHML) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_METER_TAG) $(ENABLE_MICRODATA) $(ENABLE_MUTATION_OBSERVERS) $(ENABLE_NOTIFICATIONS) $(ENABLE_PAGE_VISIBILITY_API) $(ENABLE_PROGRESS_TAG) $(ENABLE_QUOTA) $(ENABLE_REGISTER_PROTOCOL_HANDLER) $(ENABLE_REQUEST_ANIMATION_FRAME) $(ENABLE_SCRIPTED_SPEECH) $(ENABLE_SHADOW_DOM) $(ENABLE_SHARED_WORKERS) $(ENABLE_SQL_DATABASE) $(ENABLE_STYLE_SCOPED) $(ENABLE_SVG) $(ENABLE_SVG_DOM_OBJC_BINDINGS) $(ENABLE_SVG_FONTS) $(ENABLE_TEXT_NOTIFICATIONS_ONLY) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_VIDEO) $(ENABLE_VIDEO_TRACK) $(ENABLE_WEBGL) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WORKERS) $(ENABLE_XSLT);
+FEATURE_DEFINES = $(ENABLE_3D_RENDERING) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ANIMATION_API) $(ENABLE_BLOB) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_CSS3_FLEXBOX) $(ENABLE_CSS_EXCLUSIONS) $(ENABLE_CSS_FILTERS) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SHADERS) $(ENABLE_CSS_VARIABLES) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATALIST) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DETAILS) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_DIRECTORY_UPLOAD) $(ENABLE_FILE_SYSTEM) $(ENABLE_FILTERS) $(ENABLE_FONT_BOOSTING) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD) $(ENABLE_GEOLOCATION) $(ENABLE_HIGH_DPI_CANVAS) $(ENABLE_ICONDATABASE) $(ENABLE_IFRAME_SEAMLESS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_SPEECH) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_JAVASCRIPT_DEBUGGER) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LINK_PREFETCH) $(ENABLE_LINK_PRERENDER) $(ENABLE_MATHML) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_METER_TAG) $(ENABLE_MICRODATA) $(ENABLE_MUTATION_OBSERVERS) $(ENABLE_NOTIFICATIONS) $(ENABLE_PAGE_VISIBILITY_API) $(ENABLE_PROGRESS_TAG) $(ENABLE_QUOTA) $(ENABLE_REGISTER_PROTOCOL_HANDLER) $(ENABLE_REQUEST_ANIMATION_FRAME) $(ENABLE_SCRIPTED_SPEECH) $(ENABLE_SHADOW_DOM) $(ENABLE_SHARED_WORKERS) $(ENABLE_SQL_DATABASE) $(ENABLE_STYLE_SCOPED) $(ENABLE_SVG) $(ENABLE_SVG_DOM_OBJC_BINDINGS) $(ENABLE_SVG_FONTS) $(ENABLE_TEXT_NOTIFICATIONS_ONLY) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_VIDEO) $(ENABLE_VIDEO_TRACK) $(ENABLE_WEBGL) $(ENABLE_WEB_AUDIO) $(ENABLE_WEB_SOCKETS) $(ENABLE_WEB_TIMING) $(ENABLE_WORKERS) $(ENABLE_XSLT);
diff --git a/Source/JavaScriptCore/DerivedSources.make b/Source/JavaScriptCore/DerivedSources.make
index 90e099d18..fb60d30ca 100644
--- a/Source/JavaScriptCore/DerivedSources.make
+++ b/Source/JavaScriptCore/DerivedSources.make
@@ -47,6 +47,7 @@ all : \
KeywordLookup.h \
Lexer.lut.h \
MathObject.lut.h \
+ NamePrototype.lut.h \
NumberConstructor.lut.h \
NumberPrototype.lut.h \
ObjectConstructor.lut.h \
diff --git a/Source/JavaScriptCore/DerivedSources.pri b/Source/JavaScriptCore/DerivedSources.pri
index 755a5b060..8d0f0537e 100644
--- a/Source/JavaScriptCore/DerivedSources.pri
+++ b/Source/JavaScriptCore/DerivedSources.pri
@@ -16,6 +16,7 @@ LUT_FILES += \
runtime/JSGlobalObject.cpp \
runtime/JSONObject.cpp \
runtime/MathObject.cpp \
+ runtime/NamePrototype.cpp \
runtime/NumberConstructor.cpp \
runtime/NumberPrototype.cpp \
runtime/ObjectConstructor.cpp \
diff --git a/Source/JavaScriptCore/GNUmakefile.list.am b/Source/JavaScriptCore/GNUmakefile.list.am
index b626a84dd..a25aa698d 100644
--- a/Source/JavaScriptCore/GNUmakefile.list.am
+++ b/Source/JavaScriptCore/GNUmakefile.list.am
@@ -20,6 +20,7 @@ javascriptcore_built_nosources += \
DerivedSources/JavaScriptCore/JSGlobalObject.lut.h \
DerivedSources/JavaScriptCore/JSONObject.lut.h \
DerivedSources/JavaScriptCore/MathObject.lut.h \
+ DerivedSources/JavaScriptCore/NamePrototype.lut.h \
DerivedSources/JavaScriptCore/NumberConstructor.lut.h \
DerivedSources/JavaScriptCore/NumberPrototype.lut.h \
DerivedSources/JavaScriptCore/ObjectConstructor.lut.h \
@@ -140,6 +141,8 @@ javascriptcore_sources += \
Source/JavaScriptCore/dfg/DFGAbstractState.h \
Source/JavaScriptCore/dfg/DFGAbstractValue.h \
Source/JavaScriptCore/dfg/DFGArgumentPosition.h \
+ Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp \
+ Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h \
Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp \
Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h \
Source/JavaScriptCore/dfg/DFGBasicBlock.h \
@@ -147,6 +150,8 @@ javascriptcore_sources += \
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp \
Source/JavaScriptCore/dfg/DFGByteCodeParser.h \
Source/JavaScriptCore/dfg/DFGCCallHelpers.h \
+ Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp \
+ Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.h \
Source/JavaScriptCore/dfg/DFGCapabilities.cpp \
Source/JavaScriptCore/dfg/DFGCapabilities.h \
Source/JavaScriptCore/dfg/DFGCFAPhase.cpp \
@@ -154,8 +159,12 @@ javascriptcore_sources += \
Source/JavaScriptCore/dfg/DFGCommon.h \
Source/JavaScriptCore/dfg/DFGCorrectableJumpPoint.cpp \
Source/JavaScriptCore/dfg/DFGCorrectableJumpPoint.h \
+ Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp \
+ Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.h \
Source/JavaScriptCore/dfg/DFGCSEPhase.cpp \
Source/JavaScriptCore/dfg/DFGCSEPhase.h \
+ Source/JavaScriptCore/dfg/DFGDominators.cpp \
+ Source/JavaScriptCore/dfg/DFGDominators.h \
Source/JavaScriptCore/dfg/DFGDoubleFormatState.h \
Source/JavaScriptCore/dfg/DFGDriver.cpp \
Source/JavaScriptCore/dfg/DFGDriver.h \
@@ -195,12 +204,16 @@ javascriptcore_sources += \
Source/JavaScriptCore/dfg/DFGRepatch.cpp \
Source/JavaScriptCore/dfg/DFGRepatch.h \
Source/JavaScriptCore/dfg/DFGScoreBoard.h \
+ Source/JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h \
+ Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h \
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp \
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp \
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp \
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h \
Source/JavaScriptCore/dfg/DFGThunks.cpp \
Source/JavaScriptCore/dfg/DFGThunks.h \
+ Source/JavaScriptCore/dfg/DFGValidate.cpp \
+ Source/JavaScriptCore/dfg/DFGValidate.h \
Source/JavaScriptCore/dfg/DFGVariableAccessData.h \
Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp \
Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.h \
@@ -499,6 +512,12 @@ javascriptcore_sources += \
Source/JavaScriptCore/runtime/MathObject.cpp \
Source/JavaScriptCore/runtime/MathObject.h \
Source/JavaScriptCore/runtime/MemoryStatistics.h \
+ Source/JavaScriptCore/runtime/NameConstructor.cpp \
+ Source/JavaScriptCore/runtime/NameConstructor.h \
+ Source/JavaScriptCore/runtime/NameInstance.cpp \
+ Source/JavaScriptCore/runtime/NameInstance.h \
+ Source/JavaScriptCore/runtime/NamePrototype.cpp \
+ Source/JavaScriptCore/runtime/NamePrototype.h \
Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp \
Source/JavaScriptCore/runtime/NativeErrorConstructor.h \
Source/JavaScriptCore/runtime/NativeErrorPrototype.cpp \
diff --git a/Source/JavaScriptCore/JavaScriptCore.gypi b/Source/JavaScriptCore/JavaScriptCore.gypi
index 4a03be893..1c3bb0a83 100644
--- a/Source/JavaScriptCore/JavaScriptCore.gypi
+++ b/Source/JavaScriptCore/JavaScriptCore.gypi
@@ -272,6 +272,9 @@
'runtime/MatchResult.h',
'runtime/MathObject.h',
'runtime/MemoryStatistics.h',
+ 'runtime/NameConstructor.h',
+ 'runtime/NameInstance.h',
+ 'runtime/NamePrototype.h',
'runtime/NativeErrorConstructor.h',
'runtime/NativeErrorPrototype.h',
'runtime/NumberConstructor.h',
@@ -497,6 +500,9 @@
'runtime/Lookup.cpp',
'runtime/MathObject.cpp',
'runtime/MemoryStatistics.cpp',
+ 'runtime/NameConstructor.cpp',
+ 'runtime/NameInstance.cpp',
+ 'runtime/NamePrototype.cpp',
'runtime/NativeErrorConstructor.cpp',
'runtime/NativeErrorPrototype.cpp',
'runtime/NumberConstructor.cpp',
@@ -549,6 +555,7 @@
'<(PRODUCT_DIR)/DerivedSources/JavaScriptCore/JSGlobalObject.lut.h',
'<(PRODUCT_DIR)/DerivedSources/JavaScriptCore/JSONObject.lut.h',
'<(PRODUCT_DIR)/DerivedSources/JavaScriptCore/MathObject.lut.h',
+ '<(PRODUCT_DIR)/DerivedSources/JavaScriptCore/NamePrototype.lut.h',
'<(PRODUCT_DIR)/DerivedSources/JavaScriptCore/NumberConstructor.lut.h',
'<(PRODUCT_DIR)/DerivedSources/JavaScriptCore/NumberPrototype.lut.h',
'<(PRODUCT_DIR)/DerivedSources/JavaScriptCore/ObjectConstructor.lut.h',
diff --git a/Source/JavaScriptCore/JavaScriptCore.pri b/Source/JavaScriptCore/JavaScriptCore.pri
index 4a8ecd42f..94b663a18 100644
--- a/Source/JavaScriptCore/JavaScriptCore.pri
+++ b/Source/JavaScriptCore/JavaScriptCore.pri
@@ -42,6 +42,6 @@ win32-* {
}
wince* {
- INCLUDEPATH += $$QT_SOURCE_TREE/src/3rdparty/ce-compat
+ INCLUDEPATH += $$QT.core.sources/../3rdparty/ce-compat
INCLUDEPATH += $$SOURCE_DIR/os-win32
}
diff --git a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
index 4b099b2ff..6d5828c44 100755
--- a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
+++ b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
@@ -102,13 +102,13 @@ EXPORTS
?convertUTF16ToUTF8@Unicode@WTF@@YA?AW4ConversionResult@12@PAPB_WPB_WPAPADPAD_N@Z
?convertUTF8ToUTF16@Unicode@WTF@@YA?AW4ConversionResult@12@PAPBDPBDPAPA_WPA_W_N@Z
?create@JSFunction@JSC@@SAPAV12@PAVExecState@2@PAVJSGlobalObject@2@HABVUString@2@P6I_J0@ZW4Intrinsic@2@3@Z
- ?create@JSGlobalData@JSC@@SA?AV?$PassRefPtr@VJSGlobalData@JSC@@@WTF@@W4ThreadStackType@2@W4HeapSize@2@@Z
+ ?create@JSGlobalData@JSC@@SA?AV?$PassRefPtr@VJSGlobalData@JSC@@@WTF@@W4ThreadStackType@2@W4HeapType@2@@Z
?create@OpaqueJSString@@SA?AV?$PassRefPtr@UOpaqueJSString@@@WTF@@ABVUString@JSC@@@Z
?create@RegExp@JSC@@SAPAV12@AAVJSGlobalData@2@ABVUString@2@W4RegExpFlags@2@@Z
?createEmptyString@SmallStrings@JSC@@AAEXPAVJSGlobalData@2@@Z
?createError@JSC@@YAPAVJSObject@1@PAVExecState@1@ABVUString@1@@Z
?createInterruptedExecutionException@JSC@@YAPAVJSObject@1@PAVJSGlobalData@1@@Z
- ?createLeaked@JSGlobalData@JSC@@SA?AV?$PassRefPtr@VJSGlobalData@JSC@@@WTF@@W4ThreadStackType@2@W4HeapSize@2@@Z
+ ?createLeaked@JSGlobalData@JSC@@SA?AV?$PassRefPtr@VJSGlobalData@JSC@@@WTF@@W4ThreadStackType@2@W4HeapType@2@@Z
?createNotEnoughArgumentsError@JSC@@YAPAVJSObject@1@PAVExecState@1@@Z
?createRangeError@JSC@@YAPAVJSObject@1@PAVExecState@1@ABVUString@1@@Z
?createReferenceError@JSC@@YAPAVJSObject@1@PAVExecState@1@ABVUString@1@@Z
@@ -330,7 +330,7 @@ EXPORTS
?timedWait@ThreadCondition@WTF@@QAE_NAAVMutex@2@N@Z
?tlsKeyCount@WTF@@YAAAJXZ
?tlsKeys@WTF@@YAPAKXZ
- ?toBoolean@JSString@JSC@@QBE_NPAVExecState@2@@Z
+ ?toBoolean@JSString@JSC@@QBE_NXZ
?toInt32@JSC@@YAHN@Z
?toInteger@JSValue@JSC@@QBENPAVExecState@2@@Z
?toNumberSlowCase@JSValue@JSC@@ABENPAVExecState@2@@Z
diff --git a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj
index e71b433e0..254e2d070 100644
--- a/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj
+++ b/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj
@@ -958,6 +958,30 @@
>
</File>
<File
+ RelativePath="..\..\runtime\NameConstructor.cpp"
+ >
+ </File>
+ <File
+ RelativePath="..\..\runtime\NameConstructor.h"
+ >
+ </File>
+ <File
+ RelativePath="..\..\runtime\NameInstance.cpp"
+ >
+ </File>
+ <File
+ RelativePath="..\..\runtime\NameInstance.h"
+ >
+ </File>
+ <File
+ RelativePath="..\..\runtime\NamePrototype.cpp"
+ >
+ </File>
+ <File
+ RelativePath="..\..\runtime\NamePrototype.h"
+ >
+ </File>
+ <File
RelativePath="..\..\runtime\NativeErrorConstructor.cpp"
>
</File>
@@ -2058,6 +2082,10 @@
>
</File>
<File
+ RelativePath="$(ConfigurationBuildDir)\obj\$(ProjectName)\DerivedSources\NamePrototype.lut.h"
+ >
+ </File>
+ <File
RelativePath="$(ConfigurationBuildDir)\obj\$(ProjectName)\DerivedSources\NumberConstructor.lut.h"
>
</File>
diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
index 6eabcced5..360c96890 100644
--- a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
+++ b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
@@ -78,8 +78,11 @@
0F0B83B914BCF95F00885B4F /* CallReturnOffsetToBytecodeOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0B83B814BCF95B00885B4F /* CallReturnOffsetToBytecodeOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F0FC45A14BD15F500B81154 /* LLIntCallLinkInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0FC45814BD15F100B81154 /* LLIntCallLinkInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F15F15F14B7A73E005DE37D /* CommonSlowPaths.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F16015D156198C900C2587C /* DFGArgumentsSimplificationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F16015A156198BF00C2587C /* DFGArgumentsSimplificationPhase.cpp */; };
+ 0F16015E156198C900C2587C /* DFGArgumentsSimplificationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F16015B156198BF00C2587C /* DFGArgumentsSimplificationPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F1E3A461534CBAF000F9456 /* DFGArgumentPosition.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1E3A431534CBAD000F9456 /* DFGArgumentPosition.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F1E3A471534CBB9000F9456 /* DFGDoubleFormatState.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1E3A441534CBAD000F9456 /* DFGDoubleFormatState.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F1E3A67153A21E2000F9456 /* DFGSilentRegisterSavePlan.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1E3A65153A21DF000F9456 /* DFGSilentRegisterSavePlan.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F21C26814BE5F6800ADC64B /* JITDriver.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C26614BE5F5E00ADC64B /* JITDriver.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F21C27C14BE727600ADC64B /* ExecutionHarness.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C27A14BE727300ADC64B /* ExecutionHarness.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F21C27D14BE727A00ADC64B /* CodeSpecializationKind.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -91,6 +94,12 @@
0F2BDC2C151FDE9100CD8910 /* Operands.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2BDC2B151FDE8B00CD8910 /* Operands.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F2C556F14738F3100121E4F /* DFGCodeBlocks.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F2C556E14738F2E00121E4F /* DFGCodeBlocks.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F2C557014738F3500121E4F /* DFGCodeBlocks.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F2C556D14738F2E00121E4F /* DFGCodeBlocks.cpp */; };
+ 0F3B3A1A153E68F2003ED0FF /* DFGConstantFoldingPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F3B3A17153E68EF003ED0FF /* DFGConstantFoldingPhase.cpp */; };
+ 0F3B3A1B153E68F4003ED0FF /* DFGConstantFoldingPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F3B3A18153E68EF003ED0FF /* DFGConstantFoldingPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F3B3A271544C995003ED0FF /* DFGCFGSimplificationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F3B3A241544C991003ED0FF /* DFGCFGSimplificationPhase.cpp */; };
+ 0F3B3A281544C997003ED0FF /* DFGCFGSimplificationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F3B3A251544C991003ED0FF /* DFGCFGSimplificationPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F3B3A2B15475000003ED0FF /* DFGValidate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F3B3A2915474FF4003ED0FF /* DFGValidate.cpp */; };
+ 0F3B3A2C15475002003ED0FF /* DFGValidate.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F3B3A2A15474FF4003ED0FF /* DFGValidate.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F426A481460CBB300131F8F /* ValueRecovery.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A451460CBAB00131F8F /* ValueRecovery.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F426A491460CBB700131F8F /* VirtualRegister.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A461460CBAB00131F8F /* VirtualRegister.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F426A4B1460CD6E00131F8F /* DataFormat.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A4A1460CD6B00131F8F /* DataFormat.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -167,6 +176,8 @@
0FC81516140511B500CFA603 /* VTableSpectrum.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FC815121405118600CFA603 /* VTableSpectrum.cpp */; };
0FD3C82614115D4000FD81CB /* DFGDriver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FD3C82014115CF800FD81CB /* DFGDriver.cpp */; };
0FD3C82814115D4F00FD81CB /* DFGDriver.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FD3C82214115D0E00FD81CB /* DFGDriver.h */; };
+ 0FD81AD2154FB4EE00983E72 /* DFGDominators.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FD81ACF154FB4EB00983E72 /* DFGDominators.cpp */; };
+ 0FD81AD3154FB4F000983E72 /* DFGDominators.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FD81AD0154FB4EB00983E72 /* DFGDominators.h */; settings = {ATTRIBUTES = (Private, ); }; };
0FD82E2114172CE300179C94 /* DFGCapabilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FD82E1E14172C2F00179C94 /* DFGCapabilities.cpp */; };
0FD82E39141AB14D00179C94 /* CompactJITCodeMap.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FD82E37141AB14200179C94 /* CompactJITCodeMap.h */; settings = {ATTRIBUTES = (Private, ); }; };
0FD82E54141DAEEE00179C94 /* PredictedType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FD82E4F141DAEA100179C94 /* PredictedType.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -382,6 +393,7 @@
86704B8A12DBA33700A9FE7B /* YarrPattern.h in Headers */ = {isa = PBXBuildFile; fileRef = 86704B8312DBA33700A9FE7B /* YarrPattern.h */; settings = {ATTRIBUTES = (Private, ); }; };
86880F1F14328BB900B08D42 /* DFGSpeculativeJIT32_64.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86880F1B14328BB900B08D42 /* DFGSpeculativeJIT32_64.cpp */; };
86880F4D14353B2100B08D42 /* DFGSpeculativeJIT64.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86880F4C14353B2100B08D42 /* DFGSpeculativeJIT64.cpp */; };
+ 868916B0155F286300CB2B9A /* PrivateName.h in Headers */ = {isa = PBXBuildFile; fileRef = 868916A9155F285400CB2B9A /* PrivateName.h */; settings = {ATTRIBUTES = (Private, ); }; };
869D04AF1193B54D00803475 /* CachedTranscendentalFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = 869D04AE1193B54D00803475 /* CachedTranscendentalFunction.h */; settings = {ATTRIBUTES = (Private, ); }; };
869EBCB70E8C6D4A008722CC /* ResultType.h in Headers */ = {isa = PBXBuildFile; fileRef = 869EBCB60E8C6D4A008722CC /* ResultType.h */; settings = {ATTRIBUTES = (Private, ); }; };
86A90ED00EE7D51F00AB350D /* JITArithmetic.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86A90ECF0EE7D51F00AB350D /* JITArithmetic.cpp */; };
@@ -415,6 +427,12 @@
86DB64640F95C6FC00D7D921 /* ExecutableAllocatorFixedVMPool.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86DB64630F95C6FC00D7D921 /* ExecutableAllocatorFixedVMPool.cpp */; };
86E116B10FE75AC800B512BC /* CodeLocation.h in Headers */ = {isa = PBXBuildFile; fileRef = 86E116B00FE75AC800B512BC /* CodeLocation.h */; };
86E85539111B9968001AF51E /* JSStringBuilder.h in Headers */ = {isa = PBXBuildFile; fileRef = 86E85538111B9968001AF51E /* JSStringBuilder.h */; };
+ 86EBF2FF1560F06A008E9222 /* NameConstructor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86EBF2F91560F036008E9222 /* NameConstructor.cpp */; };
+ 86EBF3001560F06A008E9222 /* NameConstructor.h in Headers */ = {isa = PBXBuildFile; fileRef = 86EBF2FA1560F036008E9222 /* NameConstructor.h */; };
+ 86EBF3011560F06A008E9222 /* NameInstance.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86EBF2FB1560F036008E9222 /* NameInstance.cpp */; };
+ 86EBF3021560F06A008E9222 /* NameInstance.h in Headers */ = {isa = PBXBuildFile; fileRef = 86EBF2FC1560F036008E9222 /* NameInstance.h */; };
+ 86EBF3031560F06A008E9222 /* NamePrototype.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86EBF2FD1560F036008E9222 /* NamePrototype.cpp */; };
+ 86EBF3041560F06A008E9222 /* NamePrototype.h in Headers */ = {isa = PBXBuildFile; fileRef = 86EBF2FE1560F036008E9222 /* NamePrototype.h */; };
86EC9DC41328DF82002B2AD7 /* DFGByteCodeParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 86EC9DB41328DF82002B2AD7 /* DFGByteCodeParser.cpp */; };
86EC9DC51328DF82002B2AD7 /* DFGByteCodeParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 86EC9DB51328DF82002B2AD7 /* DFGByteCodeParser.h */; };
86EC9DC61328DF82002B2AD7 /* DFGGenerationInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 86EC9DB61328DF82002B2AD7 /* DFGGenerationInfo.h */; };
@@ -750,8 +768,12 @@
0F0B83B814BCF95B00885B4F /* CallReturnOffsetToBytecodeOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CallReturnOffsetToBytecodeOffset.h; sourceTree = "<group>"; };
0F0FC45814BD15F100B81154 /* LLIntCallLinkInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LLIntCallLinkInfo.h; sourceTree = "<group>"; };
0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CommonSlowPaths.h; sourceTree = "<group>"; };
+ 0F16015A156198BF00C2587C /* DFGArgumentsSimplificationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGArgumentsSimplificationPhase.cpp; path = dfg/DFGArgumentsSimplificationPhase.cpp; sourceTree = "<group>"; };
+ 0F16015B156198BF00C2587C /* DFGArgumentsSimplificationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArgumentsSimplificationPhase.h; path = dfg/DFGArgumentsSimplificationPhase.h; sourceTree = "<group>"; };
0F1E3A431534CBAD000F9456 /* DFGArgumentPosition.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArgumentPosition.h; path = dfg/DFGArgumentPosition.h; sourceTree = "<group>"; };
0F1E3A441534CBAD000F9456 /* DFGDoubleFormatState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGDoubleFormatState.h; path = dfg/DFGDoubleFormatState.h; sourceTree = "<group>"; };
+ 0F1E3A501537C2CB000F9456 /* DFGSlowPathGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGSlowPathGenerator.h; path = dfg/DFGSlowPathGenerator.h; sourceTree = "<group>"; };
+ 0F1E3A65153A21DF000F9456 /* DFGSilentRegisterSavePlan.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGSilentRegisterSavePlan.h; path = dfg/DFGSilentRegisterSavePlan.h; sourceTree = "<group>"; };
0F21C26614BE5F5E00ADC64B /* JITDriver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITDriver.h; sourceTree = "<group>"; };
0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeSpecializationKind.h; sourceTree = "<group>"; };
0F21C27A14BE727300ADC64B /* ExecutionHarness.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExecutionHarness.h; sourceTree = "<group>"; };
@@ -763,6 +785,12 @@
0F2BDC2B151FDE8B00CD8910 /* Operands.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Operands.h; sourceTree = "<group>"; };
0F2C556D14738F2E00121E4F /* DFGCodeBlocks.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DFGCodeBlocks.cpp; sourceTree = "<group>"; };
0F2C556E14738F2E00121E4F /* DFGCodeBlocks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DFGCodeBlocks.h; sourceTree = "<group>"; };
+ 0F3B3A17153E68EF003ED0FF /* DFGConstantFoldingPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGConstantFoldingPhase.cpp; path = dfg/DFGConstantFoldingPhase.cpp; sourceTree = "<group>"; };
+ 0F3B3A18153E68EF003ED0FF /* DFGConstantFoldingPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGConstantFoldingPhase.h; path = dfg/DFGConstantFoldingPhase.h; sourceTree = "<group>"; };
+ 0F3B3A241544C991003ED0FF /* DFGCFGSimplificationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCFGSimplificationPhase.cpp; path = dfg/DFGCFGSimplificationPhase.cpp; sourceTree = "<group>"; };
+ 0F3B3A251544C991003ED0FF /* DFGCFGSimplificationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCFGSimplificationPhase.h; path = dfg/DFGCFGSimplificationPhase.h; sourceTree = "<group>"; };
+ 0F3B3A2915474FF4003ED0FF /* DFGValidate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGValidate.cpp; path = dfg/DFGValidate.cpp; sourceTree = "<group>"; };
+ 0F3B3A2A15474FF4003ED0FF /* DFGValidate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGValidate.h; path = dfg/DFGValidate.h; sourceTree = "<group>"; };
0F426A451460CBAB00131F8F /* ValueRecovery.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ValueRecovery.h; sourceTree = "<group>"; };
0F426A461460CBAB00131F8F /* VirtualRegister.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VirtualRegister.h; sourceTree = "<group>"; };
0F426A4A1460CD6B00131F8F /* DataFormat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DataFormat.h; sourceTree = "<group>"; };
@@ -840,6 +868,8 @@
0FC815141405118D00CFA603 /* VTableSpectrum.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VTableSpectrum.h; sourceTree = "<group>"; };
0FD3C82014115CF800FD81CB /* DFGDriver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGDriver.cpp; path = dfg/DFGDriver.cpp; sourceTree = "<group>"; };
0FD3C82214115D0E00FD81CB /* DFGDriver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGDriver.h; path = dfg/DFGDriver.h; sourceTree = "<group>"; };
+ 0FD81ACF154FB4EB00983E72 /* DFGDominators.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGDominators.cpp; path = dfg/DFGDominators.cpp; sourceTree = "<group>"; };
+ 0FD81AD0154FB4EB00983E72 /* DFGDominators.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGDominators.h; path = dfg/DFGDominators.h; sourceTree = "<group>"; };
0FD82E1E14172C2F00179C94 /* DFGCapabilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCapabilities.cpp; path = dfg/DFGCapabilities.cpp; sourceTree = "<group>"; };
0FD82E1F14172C2F00179C94 /* DFGCapabilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCapabilities.h; path = dfg/DFGCapabilities.h; sourceTree = "<group>"; };
0FD82E37141AB14200179C94 /* CompactJITCodeMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CompactJITCodeMap.h; sourceTree = "<group>"; };
@@ -1041,6 +1071,7 @@
86704B8312DBA33700A9FE7B /* YarrPattern.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = YarrPattern.h; path = yarr/YarrPattern.h; sourceTree = "<group>"; };
86880F1B14328BB900B08D42 /* DFGSpeculativeJIT32_64.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGSpeculativeJIT32_64.cpp; path = dfg/DFGSpeculativeJIT32_64.cpp; sourceTree = "<group>"; };
86880F4C14353B2100B08D42 /* DFGSpeculativeJIT64.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGSpeculativeJIT64.cpp; path = dfg/DFGSpeculativeJIT64.cpp; sourceTree = "<group>"; };
+ 868916A9155F285400CB2B9A /* PrivateName.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PrivateName.h; sourceTree = "<group>"; };
869D04AE1193B54D00803475 /* CachedTranscendentalFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CachedTranscendentalFunction.h; sourceTree = "<group>"; };
869EBCB60E8C6D4A008722CC /* ResultType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ResultType.h; sourceTree = "<group>"; };
86A054461556451B00445157 /* LowLevelInterpreter.asm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.asm.asm; name = LowLevelInterpreter.asm; path = llint/LowLevelInterpreter.asm; sourceTree = "<group>"; };
@@ -1080,6 +1111,12 @@
86DB64630F95C6FC00D7D921 /* ExecutableAllocatorFixedVMPool.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExecutableAllocatorFixedVMPool.cpp; sourceTree = "<group>"; };
86E116B00FE75AC800B512BC /* CodeLocation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeLocation.h; sourceTree = "<group>"; };
86E85538111B9968001AF51E /* JSStringBuilder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSStringBuilder.h; sourceTree = "<group>"; };
+ 86EBF2F91560F036008E9222 /* NameConstructor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NameConstructor.cpp; sourceTree = "<group>"; };
+ 86EBF2FA1560F036008E9222 /* NameConstructor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NameConstructor.h; sourceTree = "<group>"; };
+ 86EBF2FB1560F036008E9222 /* NameInstance.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NameInstance.cpp; sourceTree = "<group>"; };
+ 86EBF2FC1560F036008E9222 /* NameInstance.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NameInstance.h; sourceTree = "<group>"; };
+ 86EBF2FD1560F036008E9222 /* NamePrototype.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NamePrototype.cpp; sourceTree = "<group>"; };
+ 86EBF2FE1560F036008E9222 /* NamePrototype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NamePrototype.h; sourceTree = "<group>"; };
86EC9DB41328DF82002B2AD7 /* DFGByteCodeParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGByteCodeParser.cpp; path = dfg/DFGByteCodeParser.cpp; sourceTree = "<group>"; };
86EC9DB51328DF82002B2AD7 /* DFGByteCodeParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGByteCodeParser.h; path = dfg/DFGByteCodeParser.h; sourceTree = "<group>"; };
86EC9DB61328DF82002B2AD7 /* DFGGenerationInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGGenerationInfo.h; path = dfg/DFGGenerationInfo.h; sourceTree = "<group>"; };
@@ -1795,9 +1832,6 @@
7EF6E0BB0EB7A1EC0079AFAF /* runtime */ = {
isa = PBXGroup;
children = (
- 0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */,
- 0F21C27A14BE727300ADC64B /* ExecutionHarness.h */,
- 0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */,
BCF605110E203EF800B9A64D /* ArgList.cpp */,
BCF605120E203EF800B9A64D /* ArgList.h */,
BC257DE50E1F51C50016B6C9 /* Arguments.cpp */,
@@ -1818,8 +1852,10 @@
BCA62DFE0E2826230004F30D /* CallData.cpp */,
145C507F0D9DF63B0088F6B9 /* CallData.h */,
BC6AAAE40E1F426500AD87D8 /* ClassInfo.h */,
+ 0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */,
65EA73620BAE35D1001BB560 /* CommonIdentifiers.cpp */,
65EA73630BAE35D1001BB560 /* CommonIdentifiers.h */,
+ 0F15F15D14B7A73A005DE37D /* CommonSlowPaths.h */,
969A09220ED1E09C00F1F681 /* Completion.cpp */,
F5BB2BC5030F772101FCFE1D /* Completion.h */,
BCA62DFF0E2826310004F30D /* ConstructData.cpp */,
@@ -1845,6 +1881,7 @@
A72701B30DADE94900E548D7 /* ExceptionHelpers.h */,
86CA032D1038E8440028A609 /* Executable.cpp */,
86CAFEE21035DDE60028A609 /* Executable.h */,
+ 0F21C27A14BE727300ADC64B /* ExecutionHarness.h */,
BC2680C00E16D4E900A06E92 /* FunctionConstructor.cpp */,
BC2680C10E16D4E900A06E92 /* FunctionConstructor.h */,
F692A85C0255597D01FF60F7 /* FunctionPrototype.cpp */,
@@ -1916,6 +1953,12 @@
F692A86B0255597D01FF60F7 /* MathObject.h */,
90213E3B123A40C200D422F3 /* MemoryStatistics.cpp */,
90213E3C123A40C200D422F3 /* MemoryStatistics.h */,
+ 86EBF2F91560F036008E9222 /* NameConstructor.cpp */,
+ 86EBF2FA1560F036008E9222 /* NameConstructor.h */,
+ 86EBF2FB1560F036008E9222 /* NameInstance.cpp */,
+ 86EBF2FC1560F036008E9222 /* NameInstance.h */,
+ 86EBF2FD1560F036008E9222 /* NamePrototype.cpp */,
+ 86EBF2FE1560F036008E9222 /* NamePrototype.h */,
BC02E9080E1839DB000F9297 /* NativeErrorConstructor.cpp */,
BC02E9090E1839DB000F9297 /* NativeErrorConstructor.h */,
BC02E90A0E1839DB000F9297 /* NativeErrorPrototype.cpp */,
@@ -1935,6 +1978,7 @@
F692A8780255597D01FF60F7 /* Operations.h */,
0FE228EA1436AB2300196C48 /* Options.cpp */,
0FE228EB1436AB2300196C48 /* Options.h */,
+ 868916A9155F285400CB2B9A /* PrivateName.h */,
A7FB60A3103F7DC20017A286 /* PropertyDescriptor.cpp */,
A7FB604B103F5EAB0017A286 /* PropertyDescriptor.h */,
BC95437C0EBA70FD0072B6D3 /* PropertyMapHashTable.h */,
@@ -2038,6 +2082,8 @@
isa = PBXGroup;
children = (
0F1E3A431534CBAD000F9456 /* DFGArgumentPosition.h */,
+ 0F16015A156198BF00C2587C /* DFGArgumentsSimplificationPhase.cpp */,
+ 0F16015B156198BF00C2587C /* DFGArgumentsSimplificationPhase.h */,
0F62016D143FCD2F0068B77C /* DFGAbstractState.cpp */,
0F62016E143FCD2F0068B77C /* DFGAbstractState.h */,
0F62016F143FCD2F0068B77C /* DFGAbstractValue.h */,
@@ -2050,13 +2096,19 @@
0F7B294814C3CD23007C3DB1 /* DFGCCallHelpers.h */,
0FFFC94B14EF909500C72532 /* DFGCFAPhase.cpp */,
0FFFC94C14EF909500C72532 /* DFGCFAPhase.h */,
+ 0F3B3A241544C991003ED0FF /* DFGCFGSimplificationPhase.cpp */,
+ 0F3B3A251544C991003ED0FF /* DFGCFGSimplificationPhase.h */,
0FFFC94D14EF909500C72532 /* DFGCSEPhase.cpp */,
0FFFC94E14EF909500C72532 /* DFGCSEPhase.h */,
0FD82E1E14172C2F00179C94 /* DFGCapabilities.cpp */,
0FD82E1F14172C2F00179C94 /* DFGCapabilities.h */,
0FC0977E1469EBC400CF2442 /* DFGCommon.h */,
+ 0F3B3A17153E68EF003ED0FF /* DFGConstantFoldingPhase.cpp */,
+ 0F3B3A18153E68EF003ED0FF /* DFGConstantFoldingPhase.h */,
0FC0979D146B271E00CF2442 /* DFGCorrectableJumpPoint.cpp */,
0FC0979A146A772000CF2442 /* DFGCorrectableJumpPoint.h */,
+ 0FD81ACF154FB4EB00983E72 /* DFGDominators.cpp */,
+ 0FD81AD0154FB4EB00983E72 /* DFGDominators.h */,
0F1E3A441534CBAD000F9456 /* DFGDoubleFormatState.h */,
0FD3C82014115CF800FD81CB /* DFGDriver.cpp */,
0FD3C82214115D0E00FD81CB /* DFGDriver.h */,
@@ -2096,12 +2148,16 @@
86BB09BE138E381B0056702F /* DFGRepatch.cpp */,
86BB09BF138E381B0056702F /* DFGRepatch.h */,
86ECA3F9132DF25A002B2AD7 /* DFGScoreBoard.h */,
+ 0F1E3A65153A21DF000F9456 /* DFGSilentRegisterSavePlan.h */,
+ 0F1E3A501537C2CB000F9456 /* DFGSlowPathGenerator.h */,
86EC9DC21328DF82002B2AD7 /* DFGSpeculativeJIT.cpp */,
86EC9DC31328DF82002B2AD7 /* DFGSpeculativeJIT.h */,
86880F1B14328BB900B08D42 /* DFGSpeculativeJIT32_64.cpp */,
86880F4C14353B2100B08D42 /* DFGSpeculativeJIT64.cpp */,
0FC0979F146B28C700CF2442 /* DFGThunks.cpp */,
0FC097A0146B28C700CF2442 /* DFGThunks.h */,
+ 0F3B3A2915474FF4003ED0FF /* DFGValidate.cpp */,
+ 0F3B3A2A15474FF4003ED0FF /* DFGValidate.h */,
0F620172143FCD2F0068B77C /* DFGVariableAccessData.h */,
0FFFC95314EF909500C72532 /* DFGVirtualRegisterAllocationPhase.cpp */,
0FFFC95414EF909500C72532 /* DFGVirtualRegisterAllocationPhase.h */,
@@ -2580,10 +2636,20 @@
0F2BDC2C151FDE9100CD8910 /* Operands.h in Headers */,
8612E4CD152389EC00C836BE /* MatchResult.h in Headers */,
0F1E3A461534CBAF000F9456 /* DFGArgumentPosition.h in Headers */,
+ 0F3B3A1B153E68F4003ED0FF /* DFGConstantFoldingPhase.h in Headers */,
0F1E3A471534CBB9000F9456 /* DFGDoubleFormatState.h in Headers */,
14150133154BB13F005D8C98 /* WeakSetInlines.h in Headers */,
14816E1C154CC56C00B8054C /* BlockAllocator.h in Headers */,
86158AB3155C8B4000B45C9C /* PropertyName.h in Headers */,
+ 868916B0155F286300CB2B9A /* PrivateName.h in Headers */,
+ 86EBF3001560F06A008E9222 /* NameConstructor.h in Headers */,
+ 86EBF3021560F06A008E9222 /* NameInstance.h in Headers */,
+ 86EBF3041560F06A008E9222 /* NamePrototype.h in Headers */,
+ 0F1E3A67153A21E2000F9456 /* DFGSilentRegisterSavePlan.h in Headers */,
+ 0F3B3A281544C997003ED0FF /* DFGCFGSimplificationPhase.h in Headers */,
+ 0F3B3A2C15475002003ED0FF /* DFGValidate.h in Headers */,
+ 0FD81AD3154FB4F000983E72 /* DFGDominators.h in Headers */,
+ 0F16015E156198C900C2587C /* DFGArgumentsSimplificationPhase.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -3147,6 +3213,14 @@
8642C512151C083D0046D4EF /* RegExpMatchesArray.cpp in Sources */,
863C6D9C1521111A00585E4E /* YarrCanonicalizeUCS2.cpp in Sources */,
14816E1B154CC56C00B8054C /* BlockAllocator.cpp in Sources */,
+ 86EBF2FF1560F06A008E9222 /* NameConstructor.cpp in Sources */,
+ 86EBF3011560F06A008E9222 /* NameInstance.cpp in Sources */,
+ 86EBF3031560F06A008E9222 /* NamePrototype.cpp in Sources */,
+ 0F3B3A1A153E68F2003ED0FF /* DFGConstantFoldingPhase.cpp in Sources */,
+ 0F3B3A271544C995003ED0FF /* DFGCFGSimplificationPhase.cpp in Sources */,
+ 0F3B3A2B15475000003ED0FF /* DFGValidate.cpp in Sources */,
+ 0FD81AD2154FB4EE00983E72 /* DFGDominators.cpp in Sources */,
+ 0F16015D156198C900C2587C /* DFGArgumentsSimplificationPhase.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff --git a/Source/JavaScriptCore/Target.pri b/Source/JavaScriptCore/Target.pri
index 017f3165a..234078d31 100644
--- a/Source/JavaScriptCore/Target.pri
+++ b/Source/JavaScriptCore/Target.pri
@@ -27,7 +27,7 @@ CONFIG += staticlib
}
wince* {
- SOURCES += $$QT_SOURCE_TREE/src/3rdparty/ce-compat/ce_time.c
+ SOURCES += $$QT.core.sources/../3rdparty/ce-compat/ce_time.c
}
include(yarr/yarr.pri)
@@ -89,12 +89,16 @@ SOURCES += \
debugger/DebuggerCallFrame.cpp \
debugger/Debugger.cpp \
dfg/DFGAbstractState.cpp \
+ dfg/DFGArgumentsSimplificationPhase.cpp \
dfg/DFGAssemblyHelpers.cpp \
dfg/DFGByteCodeParser.cpp \
dfg/DFGCapabilities.cpp \
dfg/DFGCFAPhase.cpp \
+ dfg/DFGCFGSimplificationPhase.cpp \
+ dfg/DFGConstantFoldingPhase.cpp \
dfg/DFGCorrectableJumpPoint.cpp \
dfg/DFGCSEPhase.cpp \
+ dfg/DFGDominators.cpp \
dfg/DFGDriver.cpp \
dfg/DFGFixupPhase.cpp \
dfg/DFGGraph.cpp \
@@ -114,6 +118,7 @@ SOURCES += \
dfg/DFGSpeculativeJIT32_64.cpp \
dfg/DFGSpeculativeJIT64.cpp \
dfg/DFGThunks.cpp \
+ dfg/DFGValidate.cpp \
dfg/DFGVirtualRegisterAllocationPhase.cpp \
interpreter/AbstractPC.cpp \
interpreter/CallFrame.cpp \
@@ -197,6 +202,9 @@ SOURCES += \
runtime/LiteralParser.cpp \
runtime/Lookup.cpp \
runtime/MathObject.cpp \
+ runtime/NameConstructor.cpp \
+ runtime/NameInstance.cpp \
+ runtime/NamePrototype.cpp \
runtime/NativeErrorConstructor.cpp \
runtime/NativeErrorPrototype.cpp \
runtime/NumberConstructor.cpp \
diff --git a/Source/JavaScriptCore/assembler/ARMAssembler.cpp b/Source/JavaScriptCore/assembler/ARMAssembler.cpp
index b880f50bf..74809cadb 100644
--- a/Source/JavaScriptCore/assembler/ARMAssembler.cpp
+++ b/Source/JavaScriptCore/assembler/ARMAssembler.cpp
@@ -375,6 +375,23 @@ PassRefPtr<ExecutableMemoryHandle> ARMAssembler::executableCopy(JSGlobalData& gl
return result;
}
+#if OS(LINUX) && COMPILER(RVCT)
+
+__asm void ARMAssembler::cacheFlush(void* code, size_t size)
+{
+ ARM
+ push {r7}
+ add r1, r1, r0
+ mov r7, #0xf0000
+ add r7, r7, #0x2
+ mov r2, #0x0
+ svc #0x0
+ pop {r7}
+ bx lr
+}
+
+#endif
+
} // namespace JSC
#endif // ENABLE(ASSEMBLER) && CPU(ARM_TRADITIONAL)
diff --git a/Source/JavaScriptCore/assembler/ARMAssembler.h b/Source/JavaScriptCore/assembler/ARMAssembler.h
index a9ecf5091..16dc0cfc2 100644
--- a/Source/JavaScriptCore/assembler/ARMAssembler.h
+++ b/Source/JavaScriptCore/assembler/ARMAssembler.h
@@ -864,6 +864,42 @@ namespace JSC {
return AL | B | (offset & BRANCH_MASK);
}
+#if OS(LINUX) && COMPILER(RVCT)
+ static __asm void cacheFlush(void* code, size_t);
+#else
+ static void cacheFlush(void* code, size_t size)
+ {
+#if OS(LINUX) && COMPILER(GCC)
+ uintptr_t currentPage = reinterpret_cast<uintptr_t>(code) & ~(pageSize() - 1);
+ uintptr_t lastPage = (reinterpret_cast<uintptr_t>(code) + size) & ~(pageSize() - 1);
+ do {
+ asm volatile(
+ "push {r7}\n"
+ "mov r0, %0\n"
+ "mov r1, %1\n"
+ "mov r7, #0xf0000\n"
+ "add r7, r7, #0x2\n"
+ "mov r2, #0x0\n"
+ "svc 0x0\n"
+ "pop {r7}\n"
+ :
+ : "r" (currentPage), "r" (currentPage + pageSize())
+ : "r0", "r1", "r2");
+ currentPage += pageSize();
+ } while (lastPage >= currentPage);
+#elif OS(WINCE)
+ CacheRangeFlush(code, size, CACHE_SYNC_ALL);
+#elif OS(QNX) && ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+ UNUSED_PARAM(code);
+ UNUSED_PARAM(size);
+#elif OS(QNX)
+ msync(code, size, MS_INVALIDATE_ICACHE);
+#else
+#error "The cacheFlush support is missing on this platform."
+#endif
+ }
+#endif
+
private:
ARMWord RM(int reg)
{
diff --git a/Source/JavaScriptCore/assembler/ARMv7Assembler.h b/Source/JavaScriptCore/assembler/ARMv7Assembler.h
index 5b523c277..0cbe799b4 100644
--- a/Source/JavaScriptCore/assembler/ARMv7Assembler.h
+++ b/Source/JavaScriptCore/assembler/ARMv7Assembler.h
@@ -2026,7 +2026,7 @@ public:
linkJumpAbsolute(reinterpret_cast<uint16_t*>(from), to);
- ExecutableAllocator::cacheFlush(reinterpret_cast<uint16_t*>(from) - 5, 5 * sizeof(uint16_t));
+ cacheFlush(reinterpret_cast<uint16_t*>(from) - 5, 5 * sizeof(uint16_t));
}
static void relinkCall(void* from, void* to)
@@ -2070,6 +2070,37 @@ public:
unsigned debugOffset() { return m_formatter.debugOffset(); }
+ static void cacheFlush(void* code, size_t size)
+ {
+#if OS(IOS)
+ sys_cache_control(kCacheFunctionPrepareForExecution, code, size);
+#elif OS(LINUX)
+ asm volatile(
+ "push {r7}\n"
+ "mov r0, %0\n"
+ "mov r1, %1\n"
+ "movw r7, #0x2\n"
+ "movt r7, #0xf\n"
+ "movs r2, #0x0\n"
+ "svc 0x0\n"
+ "pop {r7}\n"
+ :
+ : "r" (code), "r" (reinterpret_cast<char*>(code) + size)
+ : "r0", "r1", "r2");
+#elif OS(WINCE)
+ CacheRangeFlush(code, size, CACHE_SYNC_ALL);
+#elif OS(QNX)
+#if !ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+ msync(code, size, MS_INVALIDATE_ICACHE);
+#else
+ UNUSED_PARAM(code);
+ UNUSED_PARAM(size);
+#endif
+#else
+#error "The cacheFlush support is missing on this platform."
+#endif
+ }
+
private:
// VFP operations commonly take one or more 5-bit operands, typically representing a
// floating point register number. This will commonly be encoded in the instruction
@@ -2149,7 +2180,7 @@ private:
location[-2] = twoWordOp5i6Imm4Reg4EncodedImmFirst(OP_MOVT, hi16);
location[-1] = twoWordOp5i6Imm4Reg4EncodedImmSecond((location[-1] >> 8) & 0xf, hi16);
- ExecutableAllocator::cacheFlush(location - 4, 4 * sizeof(uint16_t));
+ cacheFlush(location - 4, 4 * sizeof(uint16_t));
}
static int32_t readInt32(void* code)
@@ -2177,7 +2208,7 @@ private:
uint16_t* location = reinterpret_cast<uint16_t*>(code);
location[0] &= ~((static_cast<uint16_t>(0x7f) >> 2) << 6);
location[0] |= (imm.getUInt7() >> 2) << 6;
- ExecutableAllocator::cacheFlush(location, sizeof(uint16_t));
+ cacheFlush(location, sizeof(uint16_t));
}
static void setPointer(void* code, void* value)
diff --git a/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h b/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
index 4fb60dd2d..a0039cb52 100644
--- a/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
+++ b/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
@@ -171,6 +171,8 @@ public:
// in a class requiring explicit construction in order to differentiate
// from pointers used as absolute addresses to memory operations
struct TrustedImmPtr {
+ TrustedImmPtr() { }
+
explicit TrustedImmPtr(const void* value)
: m_value(value)
{
@@ -219,6 +221,8 @@ public:
// (which are implemented as an enum) from accidentally being passed as
// immediate values.
struct TrustedImm32 {
+ TrustedImm32() { }
+
explicit TrustedImm32(int32_t value)
: m_value(value)
{
@@ -574,6 +578,10 @@ public:
unsigned debugOffset() { return m_assembler.debugOffset(); }
+ ALWAYS_INLINE static void cacheFlush(void* code, size_t size)
+ {
+ AssemblerType::cacheFlush(code, size);
+ }
protected:
AbstractMacroAssembler()
: m_randomSource(cryptographicallyRandomNumber())
diff --git a/Source/JavaScriptCore/assembler/LinkBuffer.h b/Source/JavaScriptCore/assembler/LinkBuffer.h
index 5e91ef3ce..eff320d57 100644
--- a/Source/JavaScriptCore/assembler/LinkBuffer.h
+++ b/Source/JavaScriptCore/assembler/LinkBuffer.h
@@ -329,7 +329,7 @@ private:
#else
ExecutableAllocator::makeExecutable(code(), m_size);
#endif
- ExecutableAllocator::cacheFlush(code(), m_size);
+ MacroAssembler::cacheFlush(code(), m_size);
}
#if DUMP_LINK_STATISTICS
diff --git a/Source/JavaScriptCore/assembler/MIPSAssembler.h b/Source/JavaScriptCore/assembler/MIPSAssembler.h
index 5e0645129..7212a182c 100644
--- a/Source/JavaScriptCore/assembler/MIPSAssembler.h
+++ b/Source/JavaScriptCore/assembler/MIPSAssembler.h
@@ -718,7 +718,7 @@ public:
insn = insn - 6;
int flushSize = linkWithOffset(insn, to);
- ExecutableAllocator::cacheFlush(insn, flushSize);
+ cacheFlush(insn, flushSize);
}
static void relinkCall(void* from, void* to)
@@ -730,7 +730,7 @@ public:
else
start = reinterpret_cast<void*>(reinterpret_cast<intptr_t>(from) - 4 * sizeof(MIPSWord));
- ExecutableAllocator::cacheFlush(start, size);
+ cacheFlush(start, size);
}
static void repatchInt32(void* from, int32_t to)
@@ -742,7 +742,7 @@ public:
ASSERT((*insn & 0xfc000000) == 0x34000000); // ori
*insn = (*insn & 0xffff0000) | (to & 0xffff);
insn--;
- ExecutableAllocator::cacheFlush(insn, 2 * sizeof(MIPSWord));
+ cacheFlush(insn, 2 * sizeof(MIPSWord));
}
static int32_t readInt32(void* from)
@@ -783,6 +783,32 @@ public:
return reinterpret_cast<void*>(result);
}
+ static void cacheFlush(void* code, size_t size)
+ {
+#if GCC_VERSION_AT_LEAST(4, 3, 0)
+#if WTF_MIPS_ISA_REV(2) && !GCC_VERSION_AT_LEAST(4, 4, 3)
+ int lineSize;
+ asm("rdhwr %0, $1" : "=r" (lineSize));
+ //
+ // Modify "start" and "end" to avoid GCC 4.3.0-4.4.2 bug in
+ // mips_expand_synci_loop that may execute synci one more time.
+ // "start" points to the fisrt byte of the cache line.
+ // "end" points to the last byte of the line before the last cache line.
+ // Because size is always a multiple of 4, this is safe to set
+ // "end" to the last byte.
+ //
+ intptr_t start = reinterpret_cast<intptr_t>(code) & (-lineSize);
+ intptr_t end = ((reinterpret_cast<intptr_t>(code) + size - 1) & (-lineSize)) - 1;
+ __builtin___clear_cache(reinterpret_cast<char*>(start), reinterpret_cast<char*>(end));
+#else
+ intptr_t end = reinterpret_cast<intptr_t>(code) + size;
+ __builtin___clear_cache(reinterpret_cast<char*>(code), reinterpret_cast<char*>(end));
+#endif
+#else
+ _flush_cache(reinterpret_cast<char*>(code), size, BCACHE);
+#endif
+ }
+
private:
/* Update each jump in the buffer of newBase. */
void relocateJumps(void* oldBase, void* newBase)
diff --git a/Source/JavaScriptCore/assembler/SH4Assembler.h b/Source/JavaScriptCore/assembler/SH4Assembler.h
index 11e954cad..59d042244 100644
--- a/Source/JavaScriptCore/assembler/SH4Assembler.h
+++ b/Source/JavaScriptCore/assembler/SH4Assembler.h
@@ -1401,7 +1401,7 @@ public:
ASSERT(value >= 0);
ASSERT(value <= 60);
*reinterpret_cast<uint16_t*>(where) = ((*reinterpret_cast<uint16_t*>(where) & 0xfff0) | (value >> 2));
- ExecutableAllocator::cacheFlush(reinterpret_cast<uint16_t*>(where), sizeof(uint16_t));
+ cacheFlush(reinterpret_cast<uint16_t*>(where), sizeof(uint16_t));
}
static void relinkCall(void* from, void* to)
@@ -1546,6 +1546,17 @@ public:
return m_buffer.executableCopy(globalData, ownerUID, effort);
}
+ static void cacheFlush(void* code, size_t size)
+ {
+#if !OS(LINUX)
+#error "The cacheFlush support is missing on this platform."
+#elif defined CACHEFLUSH_D_L2
+ syscall(__NR_cacheflush, reinterpret_cast<unsigned>(code), size, CACHEFLUSH_D_WB | CACHEFLUSH_I | CACHEFLUSH_D_L2);
+#else
+ syscall(__NR_cacheflush, reinterpret_cast<unsigned>(code), size, CACHEFLUSH_D_WB | CACHEFLUSH_I);
+#endif
+ }
+
void prefix(uint16_t pre)
{
m_buffer.putByte(pre);
diff --git a/Source/JavaScriptCore/assembler/X86Assembler.h b/Source/JavaScriptCore/assembler/X86Assembler.h
index b24fffb8f..ff8d25bcd 100644
--- a/Source/JavaScriptCore/assembler/X86Assembler.h
+++ b/Source/JavaScriptCore/assembler/X86Assembler.h
@@ -1816,6 +1816,9 @@ public:
m_formatter.oneByteOp(OP_NOP);
}
+ // This is a no-op on x86
+ ALWAYS_INLINE static void cacheFlush(void*, size_t) { }
+
private:
static void setPointer(void* where, void* value)
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
index fa663504c..6677b302b 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -43,6 +43,7 @@
#include "JSStaticScopeObject.h"
#include "JSValue.h"
#include "LowLevelInterpreter.h"
+#include "MethodCallLinkStatus.h"
#include "RepatchBuffer.h"
#include "UStringConcatenate.h"
#include <stdio.h>
@@ -150,7 +151,7 @@ NEVER_INLINE static const char* debugHookName(int debugHookID)
return "";
}
-void CodeBlock::printUnaryOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op) const
+void CodeBlock::printUnaryOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op)
{
int r0 = (++it)->u.operand;
int r1 = (++it)->u.operand;
@@ -158,7 +159,7 @@ void CodeBlock::printUnaryOp(ExecState* exec, int location, Vector<Instruction>:
dataLog("[%4d] %s\t\t %s, %s\n", location, op, registerName(exec, r0).data(), registerName(exec, r1).data());
}
-void CodeBlock::printBinaryOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op) const
+void CodeBlock::printBinaryOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op)
{
int r0 = (++it)->u.operand;
int r1 = (++it)->u.operand;
@@ -166,32 +167,240 @@ void CodeBlock::printBinaryOp(ExecState* exec, int location, Vector<Instruction>
dataLog("[%4d] %s\t\t %s, %s, %s\n", location, op, registerName(exec, r0).data(), registerName(exec, r1).data(), registerName(exec, r2).data());
}
-void CodeBlock::printConditionalJump(ExecState* exec, const Vector<Instruction>::const_iterator&, Vector<Instruction>::const_iterator& it, int location, const char* op) const
+void CodeBlock::printConditionalJump(ExecState* exec, const Vector<Instruction>::const_iterator&, Vector<Instruction>::const_iterator& it, int location, const char* op)
{
int r0 = (++it)->u.operand;
int offset = (++it)->u.operand;
dataLog("[%4d] %s\t\t %s, %d(->%d)\n", location, op, registerName(exec, r0).data(), offset, location + offset);
}
-void CodeBlock::printGetByIdOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op) const
+void CodeBlock::printGetByIdOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it)
{
+ const char* op;
+ switch (exec->interpreter()->getOpcodeID(it->u.opcode)) {
+ case op_get_by_id:
+ op = "get_by_id";
+ break;
+ case op_get_by_id_self:
+ op = "get_by_id_self";
+ break;
+ case op_get_by_id_proto:
+ op = "get_by_id_proto";
+ break;
+ case op_get_by_id_chain:
+ op = "get_by_id_chain";
+ break;
+ case op_get_by_id_getter_self:
+ op = "get_by_id_getter_self";
+ break;
+ case op_get_by_id_getter_proto:
+ op = "get_by_id_getter_proto";
+ break;
+ case op_get_by_id_getter_chain:
+ op = "get_by_id_getter_chain";
+ break;
+ case op_get_by_id_custom_self:
+ op = "get_by_id_custom_self";
+ break;
+ case op_get_by_id_custom_proto:
+ op = "get_by_id_custom_proto";
+ break;
+ case op_get_by_id_custom_chain:
+ op = "get_by_id_custom_chain";
+ break;
+ case op_get_by_id_generic:
+ op = "get_by_id_generic";
+ break;
+ case op_get_array_length:
+ op = "array_length";
+ break;
+ case op_get_string_length:
+ op = "string_length";
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ op = 0;
+ }
int r0 = (++it)->u.operand;
int r1 = (++it)->u.operand;
int id0 = (++it)->u.operand;
- dataLog("[%4d] %s\t %s, %s, %s\n", location, op, registerName(exec, r0).data(), registerName(exec, r1).data(), idName(id0, m_identifiers[id0]).data());
+ dataLog("[%4d] %s\t %s, %s, %s", location, op, registerName(exec, r0).data(), registerName(exec, r1).data(), idName(id0, m_identifiers[id0]).data());
it += 5;
}
-void CodeBlock::printCallOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op) const
+static void dumpStructure(const char* name, ExecState* exec, Structure* structure, Identifier& ident)
+{
+ if (!structure)
+ return;
+
+ dataLog("%s = %p", name, structure);
+
+ size_t offset = structure->get(exec->globalData(), ident);
+ if (offset != notFound)
+ dataLog(" (offset = %lu)", static_cast<unsigned long>(offset));
+}
+
+static void dumpChain(ExecState* exec, StructureChain* chain, Identifier& ident)
+{
+ dataLog("chain = %p: [", chain);
+ bool first = true;
+ for (WriteBarrier<Structure>* currentStructure = chain->head();
+ *currentStructure;
+ ++currentStructure) {
+ if (first)
+ first = false;
+ else
+ dataLog(", ");
+ dumpStructure("struct", exec, currentStructure->get(), ident);
+ }
+ dataLog("]");
+}
+
+void CodeBlock::printGetByIdCacheStatus(ExecState* exec, int location)
+{
+ Instruction* instruction = instructions().begin() + location;
+
+ if (exec->interpreter()->getOpcodeID(instruction[0].u.opcode) == op_method_check)
+ instruction++;
+
+ Identifier& ident = identifier(instruction[3].u.operand);
+
+#if ENABLE(LLINT)
+ Structure* structure = instruction[4].u.structure.get();
+ dataLog(" llint(");
+ dumpStructure("struct", exec, structure, ident);
+ dataLog(")");
+#endif
+
+#if ENABLE(JIT)
+ if (numberOfStructureStubInfos()) {
+ dataLog(" jit(");
+ StructureStubInfo& stubInfo = getStubInfo(location);
+ if (!stubInfo.seen)
+ dataLog("not seen");
+ else {
+ Structure* baseStructure = 0;
+ Structure* prototypeStructure = 0;
+ StructureChain* chain = 0;
+ PolymorphicAccessStructureList* structureList = 0;
+ int listSize = 0;
+
+ switch (stubInfo.accessType) {
+ case access_get_by_id_self:
+ dataLog("self");
+ baseStructure = stubInfo.u.getByIdSelf.baseObjectStructure.get();
+ break;
+ case access_get_by_id_proto:
+ dataLog("proto");
+ baseStructure = stubInfo.u.getByIdProto.baseObjectStructure.get();
+ prototypeStructure = stubInfo.u.getByIdProto.prototypeStructure.get();
+ break;
+ case access_get_by_id_chain:
+ dataLog("chain");
+ baseStructure = stubInfo.u.getByIdChain.baseObjectStructure.get();
+ chain = stubInfo.u.getByIdChain.chain.get();
+ break;
+ case access_get_by_id_self_list:
+ dataLog("self_list");
+ structureList = stubInfo.u.getByIdSelfList.structureList;
+ listSize = stubInfo.u.getByIdSelfList.listSize;
+ break;
+ case access_get_by_id_proto_list:
+ dataLog("proto_list");
+ structureList = stubInfo.u.getByIdProtoList.structureList;
+ listSize = stubInfo.u.getByIdProtoList.listSize;
+ break;
+ case access_unset:
+ dataLog("unset");
+ break;
+ case access_get_by_id_generic:
+ dataLog("generic");
+ break;
+ case access_get_array_length:
+ dataLog("array_length");
+ break;
+ case access_get_string_length:
+ dataLog("string_length");
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ break;
+ }
+
+ if (baseStructure) {
+ dataLog(", ");
+ dumpStructure("struct", exec, baseStructure, ident);
+ }
+
+ if (prototypeStructure) {
+ dataLog(", ");
+ dumpStructure("prototypeStruct", exec, baseStructure, ident);
+ }
+
+ if (chain) {
+ dataLog(", ");
+ dumpChain(exec, chain, ident);
+ }
+
+ if (structureList) {
+ dataLog(", list = %p: [", structureList);
+ for (int i = 0; i < listSize; ++i) {
+ if (i)
+ dataLog(", ");
+ dataLog("(");
+ dumpStructure("base", exec, structureList->list[i].base.get(), ident);
+ if (structureList->list[i].isChain) {
+ if (structureList->list[i].u.chain.get()) {
+ dataLog(", ");
+ dumpChain(exec, structureList->list[i].u.chain.get(), ident);
+ }
+ } else {
+ if (structureList->list[i].u.proto.get()) {
+ dataLog(", ");
+ dumpStructure("proto", exec, structureList->list[i].u.proto.get(), ident);
+ }
+ }
+ dataLog(")");
+ }
+ dataLog("]");
+ }
+ }
+ dataLog(")");
+ }
+#endif
+}
+
+void CodeBlock::printCallOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op, CacheDumpMode cacheDumpMode)
{
int func = (++it)->u.operand;
int argCount = (++it)->u.operand;
int registerOffset = (++it)->u.operand;
- dataLog("[%4d] %s\t %s, %d, %d\n", location, op, registerName(exec, func).data(), argCount, registerOffset);
+ dataLog("[%4d] %s\t %s, %d, %d", location, op, registerName(exec, func).data(), argCount, registerOffset);
+ if (cacheDumpMode == DumpCaches) {
+#if ENABLE(LLINT)
+ LLIntCallLinkInfo* callLinkInfo = it[1].u.callLinkInfo;
+ if (callLinkInfo->lastSeenCallee) {
+ dataLog(" llint(%p, exec %p)",
+ callLinkInfo->lastSeenCallee.get(),
+ callLinkInfo->lastSeenCallee->executable());
+ } else
+ dataLog(" llint(not set)");
+#endif
+#if ENABLE(JIT)
+ if (numberOfCallLinkInfos()) {
+ JSFunction* target = getCallLinkInfo(location).lastSeenCallee.get();
+ if (target)
+ dataLog(" jit(%p, exec %p)", target, target->executable());
+ else
+ dataLog(" jit(not set)");
+ }
+#endif
+ }
+ dataLog("\n");
it += 2;
}
-void CodeBlock::printPutByIdOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op) const
+void CodeBlock::printPutByIdOp(ExecState* exec, int location, Vector<Instruction>::const_iterator& it, const char* op)
{
int r0 = (++it)->u.operand;
int id0 = (++it)->u.operand;
@@ -206,26 +415,6 @@ static bool isGlobalResolve(OpcodeID opcodeID)
return opcodeID == op_resolve_global || opcodeID == op_resolve_global_dynamic;
}
-static bool isPropertyAccess(OpcodeID opcodeID)
-{
- switch (opcodeID) {
- case op_get_by_id_self:
- case op_get_by_id_proto:
- case op_get_by_id_chain:
- case op_put_by_id_transition:
- case op_put_by_id_replace:
- case op_get_by_id:
- case op_put_by_id:
- case op_get_by_id_generic:
- case op_put_by_id_generic:
- case op_get_array_length:
- case op_get_string_length:
- return true;
- default:
- return false;
- }
-}
-
static unsigned instructionOffsetForNth(ExecState* exec, const RefCountedArray<Instruction>& instructions, int nth, bool (*predicate)(OpcodeID))
{
size_t i = 0;
@@ -246,60 +435,15 @@ static void printGlobalResolveInfo(const GlobalResolveInfo& resolveInfo, unsigne
{
dataLog(" [%4d] %s: %s\n", instructionOffset, "resolve_global", pointerToSourceString(resolveInfo.structure).utf8().data());
}
-
-static void printStructureStubInfo(const StructureStubInfo& stubInfo, unsigned instructionOffset)
-{
- switch (stubInfo.accessType) {
- case access_get_by_id_self:
- dataLog(" [%4d] %s: %s\n", instructionOffset, "get_by_id_self", pointerToSourceString(stubInfo.u.getByIdSelf.baseObjectStructure).utf8().data());
- return;
- case access_get_by_id_proto:
- dataLog(" [%4d] %s: %s, %s\n", instructionOffset, "get_by_id_proto", pointerToSourceString(stubInfo.u.getByIdProto.baseObjectStructure).utf8().data(), pointerToSourceString(stubInfo.u.getByIdProto.prototypeStructure).utf8().data());
- return;
- case access_get_by_id_chain:
- dataLog(" [%4d] %s: %s, %s\n", instructionOffset, "get_by_id_chain", pointerToSourceString(stubInfo.u.getByIdChain.baseObjectStructure).utf8().data(), pointerToSourceString(stubInfo.u.getByIdChain.chain).utf8().data());
- return;
- case access_get_by_id_self_list:
- dataLog(" [%4d] %s: %s (%d)\n", instructionOffset, "op_get_by_id_self_list", pointerToSourceString(stubInfo.u.getByIdSelfList.structureList).utf8().data(), stubInfo.u.getByIdSelfList.listSize);
- return;
- case access_get_by_id_proto_list:
- dataLog(" [%4d] %s: %s (%d)\n", instructionOffset, "op_get_by_id_proto_list", pointerToSourceString(stubInfo.u.getByIdProtoList.structureList).utf8().data(), stubInfo.u.getByIdProtoList.listSize);
- return;
- case access_put_by_id_transition_normal:
- case access_put_by_id_transition_direct:
- dataLog(" [%4d] %s: %s, %s, %s\n", instructionOffset, "put_by_id_transition", pointerToSourceString(stubInfo.u.putByIdTransition.previousStructure).utf8().data(), pointerToSourceString(stubInfo.u.putByIdTransition.structure).utf8().data(), pointerToSourceString(stubInfo.u.putByIdTransition.chain).utf8().data());
- return;
- case access_put_by_id_replace:
- dataLog(" [%4d] %s: %s\n", instructionOffset, "put_by_id_replace", pointerToSourceString(stubInfo.u.putByIdReplace.baseObjectStructure).utf8().data());
- return;
- case access_unset:
- dataLog(" [%4d] %s\n", instructionOffset, "unset");
- return;
- case access_get_by_id_generic:
- dataLog(" [%4d] %s\n", instructionOffset, "op_get_by_id_generic");
- return;
- case access_put_by_id_generic:
- dataLog(" [%4d] %s\n", instructionOffset, "op_put_by_id_generic");
- return;
- case access_get_array_length:
- dataLog(" [%4d] %s\n", instructionOffset, "op_get_array_length");
- return;
- case access_get_string_length:
- dataLog(" [%4d] %s\n", instructionOffset, "op_get_string_length");
- return;
- default:
- ASSERT_NOT_REACHED();
- }
-}
#endif
-void CodeBlock::printStructure(const char* name, const Instruction* vPC, int operand) const
+void CodeBlock::printStructure(const char* name, const Instruction* vPC, int operand)
{
unsigned instructionOffset = vPC - instructions().begin();
dataLog(" [%4d] %s: %s\n", instructionOffset, name, pointerToSourceString(vPC[operand].u.structure).utf8().data());
}
-void CodeBlock::printStructures(const Instruction* vPC) const
+void CodeBlock::printStructures(const Instruction* vPC)
{
Interpreter* interpreter = m_globalData->interpreter;
unsigned instructionOffset = vPC - instructions().begin();
@@ -345,17 +489,30 @@ void CodeBlock::printStructures(const Instruction* vPC) const
ASSERT(vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_call) || vPC[0].u.opcode == interpreter->getOpcode(op_call_eval) || vPC[0].u.opcode == interpreter->getOpcode(op_construct));
}
-void CodeBlock::dump(ExecState* exec) const
+void CodeBlock::dump(ExecState* exec)
{
size_t instructionCount = 0;
for (size_t i = 0; i < instructions().size(); i += opcodeLengths[exec->interpreter()->getOpcodeID(instructions()[i].u.opcode)])
++instructionCount;
- dataLog("%lu m_instructions; %lu bytes at %p; %d parameter(s); %d callee register(s); %d variable(s)\n\n",
+ dataLog(
+ "%lu m_instructions; %lu bytes at %p (%s); %d parameter(s); %d callee register(s); %d variable(s)",
static_cast<unsigned long>(instructions().size()),
static_cast<unsigned long>(instructions().size() * sizeof(Instruction)),
- this, m_numParameters, m_numCalleeRegisters, m_numVars);
+ this, codeTypeToString(codeType()), m_numParameters, m_numCalleeRegisters,
+ m_numVars);
+ if (m_numCapturedVars)
+ dataLog("; %d captured var(s)", m_numCapturedVars);
+ if (usesArguments()) {
+ dataLog(
+ "; uses arguments, in r%d, r%d",
+ argumentsRegister(),
+ unmodifiedArgumentsRegister(argumentsRegister()));
+ }
+ if (needsFullScopeChain() && codeType() == FunctionCode)
+ dataLog("; activation in r%d", activationRegister());
+ dataLog("\n\n");
Vector<Instruction>::const_iterator begin = instructions().begin();
Vector<Instruction>::const_iterator end = instructions().end();
@@ -400,13 +557,6 @@ void CodeBlock::dump(ExecState* exec) const
++i;
} while (i < m_globalResolveInfos.size());
}
- if (!m_structureStubInfos.isEmpty()) {
- size_t i = 0;
- do {
- printStructureStubInfo(m_structureStubInfos[i], instructionOffsetForNth(exec, instructions(), i + 1, isPropertyAccess));
- ++i;
- } while (i < m_structureStubInfos.size());
- }
#endif
#if ENABLE(CLASSIC_INTERPRETER)
if (!m_globalResolveInstructions.isEmpty() || !m_propertyAccessInstructions.isEmpty())
@@ -489,7 +639,7 @@ void CodeBlock::dump(ExecState* exec) const
dataLog("\n");
}
-void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator& it) const
+void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator& it)
{
int location = it - begin;
switch (exec->interpreter()->getOpcodeID(it->u.opcode)) {
@@ -813,56 +963,22 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
it++;
break;
}
- case op_get_by_id: {
- printGetByIdOp(exec, location, it, "get_by_id");
- break;
- }
- case op_get_by_id_self: {
- printGetByIdOp(exec, location, it, "get_by_id_self");
- break;
- }
- case op_get_by_id_proto: {
- printGetByIdOp(exec, location, it, "get_by_id_proto");
- break;
- }
- case op_get_by_id_chain: {
- printGetByIdOp(exec, location, it, "get_by_id_chain");
- break;
- }
- case op_get_by_id_getter_self: {
- printGetByIdOp(exec, location, it, "get_by_id_getter_self");
- break;
- }
- case op_get_by_id_getter_proto: {
- printGetByIdOp(exec, location, it, "get_by_id_getter_proto");
- break;
- }
- case op_get_by_id_getter_chain: {
- printGetByIdOp(exec, location, it, "get_by_id_getter_chain");
- break;
- }
- case op_get_by_id_custom_self: {
- printGetByIdOp(exec, location, it, "get_by_id_custom_self");
- break;
- }
- case op_get_by_id_custom_proto: {
- printGetByIdOp(exec, location, it, "get_by_id_custom_proto");
- break;
- }
- case op_get_by_id_custom_chain: {
- printGetByIdOp(exec, location, it, "get_by_id_custom_chain");
- break;
- }
- case op_get_by_id_generic: {
- printGetByIdOp(exec, location, it, "get_by_id_generic");
- break;
- }
- case op_get_array_length: {
- printGetByIdOp(exec, location, it, "get_array_length");
- break;
- }
+ case op_get_by_id:
+ case op_get_by_id_self:
+ case op_get_by_id_proto:
+ case op_get_by_id_chain:
+ case op_get_by_id_getter_self:
+ case op_get_by_id_getter_proto:
+ case op_get_by_id_getter_chain:
+ case op_get_by_id_custom_self:
+ case op_get_by_id_custom_proto:
+ case op_get_by_id_custom_chain:
+ case op_get_by_id_generic:
+ case op_get_array_length:
case op_get_string_length: {
- printGetByIdOp(exec, location, it, "get_string_length");
+ printGetByIdOp(exec, location, it);
+ printGetByIdCacheStatus(exec, location);
+ dataLog("\n");
break;
}
case op_get_arguments_length: {
@@ -903,7 +1019,37 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
break;
}
case op_method_check: {
- dataLog("[%4d] method_check\n", location);
+ dataLog("[%4d] method_check", location);
+ if (numberOfMethodCallLinkInfos()) {
+ MethodCallLinkInfo& methodCall = getMethodCallLinkInfo(location);
+ dataLog(" jit(");
+ if (!methodCall.seen)
+ dataLog("not seen");
+ else {
+ // Use the fact that MethodCallLinkStatus already does smart things
+ // for decoding seen method calls.
+ MethodCallLinkStatus status = MethodCallLinkStatus::computeFor(this, location);
+ if (!status)
+ dataLog("not set");
+ else {
+ dataLog("function = %p (executable = ", status.function());
+ JSCell* functionAsCell = getJSFunction(status.function());
+ if (functionAsCell)
+ dataLog("%p", jsCast<JSFunction*>(functionAsCell)->executable());
+ else
+ dataLog("N/A");
+ dataLog("), struct = %p", status.structure());
+ if (status.needsPrototypeCheck())
+ dataLog(", prototype = %p, struct = %p", status.prototype(), status.prototypeStructure());
+ }
+ }
+ dataLog(")");
+ }
+ dataLog("\n");
+ ++it;
+ printGetByIdOp(exec, location, it);
+ printGetByIdCacheStatus(exec, location);
+ dataLog("\n");
break;
}
case op_del_by_id: {
@@ -1124,11 +1270,11 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
break;
}
case op_call: {
- printCallOp(exec, location, it, "call");
+ printCallOp(exec, location, it, "call", DumpCaches);
break;
}
case op_call_eval: {
- printCallOp(exec, location, it, "call_eval");
+ printCallOp(exec, location, it, "call_eval", DontDumpCaches);
break;
}
case op_call_varargs: {
@@ -1168,7 +1314,7 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
break;
}
case op_construct: {
- printCallOp(exec, location, it, "construct");
+ printCallOp(exec, location, it, "construct", DumpCaches);
break;
}
case op_strcat: {
@@ -1430,7 +1576,7 @@ CodeBlock::CodeBlock(CopyParsedBlockTag, CodeBlock& other, SymbolTable* symTab)
, m_optimizationDelayCounter(0)
, m_reoptimizationRetryCounter(0)
#if ENABLE(JIT)
- , m_canCompileWithDFGState(CompileWithDFGUnset)
+ , m_canCompileWithDFGState(DFG::CapabilityLevelNotSet)
#endif
{
setNumParameters(other.numParameters());
@@ -1545,7 +1691,7 @@ void CodeBlock::addParameter()
#endif
}
-void CodeBlock::visitStructures(SlotVisitor& visitor, Instruction* vPC) const
+void CodeBlock::visitStructures(SlotVisitor& visitor, Instruction* vPC)
{
Interpreter* interpreter = m_globalData->interpreter;
@@ -2325,17 +2471,17 @@ JSObject* FunctionCodeBlock::compileOptimized(ExecState* exec, ScopeChainNode* s
return error;
}
-bool ProgramCodeBlock::canCompileWithDFGInternal()
+DFG::CapabilityLevel ProgramCodeBlock::canCompileWithDFGInternal()
{
return DFG::canCompileProgram(this);
}
-bool EvalCodeBlock::canCompileWithDFGInternal()
+DFG::CapabilityLevel EvalCodeBlock::canCompileWithDFGInternal()
{
return DFG::canCompileEval(this);
}
-bool FunctionCodeBlock::canCompileWithDFGInternal()
+DFG::CapabilityLevel FunctionCodeBlock::canCompileWithDFGInternal()
{
if (m_isConstructor)
return DFG::canCompileFunctionForConstruct(this);
@@ -2363,25 +2509,25 @@ void FunctionCodeBlock::jettison()
static_cast<FunctionExecutable*>(ownerExecutable())->jettisonOptimizedCodeFor(*globalData(), m_isConstructor ? CodeForConstruct : CodeForCall);
}
-bool ProgramCodeBlock::jitCompileImpl(JSGlobalData& globalData)
+bool ProgramCodeBlock::jitCompileImpl(ExecState* exec)
{
ASSERT(getJITType() == JITCode::InterpreterThunk);
ASSERT(this == replacement());
- return static_cast<ProgramExecutable*>(ownerExecutable())->jitCompile(globalData);
+ return static_cast<ProgramExecutable*>(ownerExecutable())->jitCompile(exec);
}
-bool EvalCodeBlock::jitCompileImpl(JSGlobalData& globalData)
+bool EvalCodeBlock::jitCompileImpl(ExecState* exec)
{
ASSERT(getJITType() == JITCode::InterpreterThunk);
ASSERT(this == replacement());
- return static_cast<EvalExecutable*>(ownerExecutable())->jitCompile(globalData);
+ return static_cast<EvalExecutable*>(ownerExecutable())->jitCompile(exec);
}
-bool FunctionCodeBlock::jitCompileImpl(JSGlobalData& globalData)
+bool FunctionCodeBlock::jitCompileImpl(ExecState* exec)
{
ASSERT(getJITType() == JITCode::InterpreterThunk);
ASSERT(this == replacement());
- return static_cast<FunctionExecutable*>(ownerExecutable())->jitCompileFor(globalData, m_isConstructor ? CodeForConstruct : CodeForCall);
+ return static_cast<FunctionExecutable*>(ownerExecutable())->jitCompileFor(exec, m_isConstructor ? CodeForConstruct : CodeForCall);
}
#endif
diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h
index fe69ec673..c1772c3bf 100644
--- a/Source/JavaScriptCore/bytecode/CodeBlock.h
+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h
@@ -37,6 +37,7 @@
#include "CodeType.h"
#include "CompactJITCodeMap.h"
#include "DFGCodeBlocks.h"
+#include "DFGCommon.h"
#include "DFGExitProfile.h"
#include "DFGOSREntry.h"
#include "DFGOSRExit.h"
@@ -132,9 +133,9 @@ namespace JSC {
static void dumpStatistics();
- void dump(ExecState*) const;
- void printStructures(const Instruction*) const;
- void printStructure(const char* name, const Instruction*, int operand) const;
+ void dump(ExecState*);
+ void printStructures(const Instruction*);
+ void printStructure(const char* name, const Instruction*, int operand);
bool isStrictMode() const { return m_isStrictMode; }
@@ -259,7 +260,17 @@ namespace JSC {
DFG::OSREntryData* dfgOSREntryData(unsigned i) { return &m_dfgData->osrEntry[i]; }
DFG::OSREntryData* dfgOSREntryDataForBytecodeIndex(unsigned bytecodeIndex)
{
- return binarySearch<DFG::OSREntryData, unsigned, DFG::getOSREntryDataBytecodeIndex>(m_dfgData->osrEntry.begin(), m_dfgData->osrEntry.size(), bytecodeIndex);
+ if (!m_dfgData)
+ return 0;
+ if (m_dfgData->osrEntry.isEmpty())
+ return 0;
+ DFG::OSREntryData* result = binarySearch<
+ DFG::OSREntryData, unsigned, DFG::getOSREntryDataBytecodeIndex>(
+ m_dfgData->osrEntry.begin(), m_dfgData->osrEntry.size(),
+ bytecodeIndex, WTF::KeyMustNotBePresentInArray);
+ if (result->m_bytecodeIndex != bytecodeIndex)
+ return 0;
+ return result;
}
void appendOSRExit(const DFG::OSRExit& osrExit)
@@ -355,37 +366,31 @@ namespace JSC {
virtual JSObject* compileOptimized(ExecState*, ScopeChainNode*) = 0;
virtual void jettison() = 0;
enum JITCompilationResult { AlreadyCompiled, CouldNotCompile, CompiledSuccessfully };
- JITCompilationResult jitCompile(JSGlobalData& globalData)
+ JITCompilationResult jitCompile(ExecState* exec)
{
if (getJITType() != JITCode::InterpreterThunk) {
ASSERT(getJITType() == JITCode::BaselineJIT);
return AlreadyCompiled;
}
#if ENABLE(JIT)
- if (jitCompileImpl(globalData))
+ if (jitCompileImpl(exec))
return CompiledSuccessfully;
return CouldNotCompile;
#else
- UNUSED_PARAM(globalData);
+ UNUSED_PARAM(exec);
return CouldNotCompile;
#endif
}
virtual CodeBlock* replacement() = 0;
- enum CompileWithDFGState {
- CompileWithDFGFalse,
- CompileWithDFGTrue,
- CompileWithDFGUnset
- };
-
- virtual bool canCompileWithDFGInternal() = 0;
- bool canCompileWithDFG()
+ virtual DFG::CapabilityLevel canCompileWithDFGInternal() = 0;
+ DFG::CapabilityLevel canCompileWithDFG()
{
- bool result = canCompileWithDFGInternal();
- m_canCompileWithDFGState = result ? CompileWithDFGTrue : CompileWithDFGFalse;
+ DFG::CapabilityLevel result = canCompileWithDFGInternal();
+ m_canCompileWithDFGState = result;
return result;
}
- CompileWithDFGState canCompileWithDFGState() { return m_canCompileWithDFGState; }
+ DFG::CapabilityLevel canCompileWithDFGState() { return m_canCompileWithDFGState; }
bool hasOptimizedReplacement()
{
@@ -429,6 +434,12 @@ namespace JSC {
ASSERT(usesArguments());
return m_argumentsRegister;
}
+ int uncheckedArgumentsRegister()
+ {
+ if (!usesArguments())
+ return InvalidVirtualRegister;
+ return argumentsRegister();
+ }
void setActivationRegister(int activationRegister)
{
m_activationRegister = activationRegister;
@@ -439,6 +450,31 @@ namespace JSC {
return m_activationRegister;
}
bool usesArguments() const { return m_argumentsRegister != -1; }
+
+ bool needsActivation() const
+ {
+ return needsFullScopeChain() && codeType() != GlobalCode;
+ }
+
+ bool argumentIsCaptured(int) const
+ {
+ return needsActivation() || usesArguments();
+ }
+
+ bool localIsCaptured(InlineCallFrame* inlineCallFrame, int operand) const
+ {
+ if (!inlineCallFrame)
+ return operand < m_numCapturedVars;
+
+ return inlineCallFrame->capturedVars.get(operand);
+ }
+
+ bool isCaptured(InlineCallFrame* inlineCallFrame, int operand) const
+ {
+ if (operandIsArgument(operand))
+ return argumentIsCaptured(operandToArgument(operand));
+ return localIsCaptured(inlineCallFrame, operand);
+ }
CodeType codeType() const { return m_codeType; }
@@ -1065,7 +1101,7 @@ namespace JSC {
protected:
#if ENABLE(JIT)
- virtual bool jitCompileImpl(JSGlobalData&) = 0;
+ virtual bool jitCompileImpl(ExecState*) = 0;
#endif
virtual void visitWeakReferences(SlotVisitor&);
virtual void finalizeUnconditionally();
@@ -1079,16 +1115,18 @@ namespace JSC {
void tallyFrequentExitSites() { }
#endif
- void dump(ExecState*, const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator&) const;
+ void dump(ExecState*, const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator&);
CString registerName(ExecState*, int r) const;
- void printUnaryOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op) const;
- void printBinaryOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op) const;
- void printConditionalJump(ExecState*, const Vector<Instruction>::const_iterator&, Vector<Instruction>::const_iterator&, int location, const char* op) const;
- void printGetByIdOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op) const;
- void printCallOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op) const;
- void printPutByIdOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op) const;
- void visitStructures(SlotVisitor&, Instruction* vPC) const;
+ void printUnaryOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op);
+ void printBinaryOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op);
+ void printConditionalJump(ExecState*, const Vector<Instruction>::const_iterator&, Vector<Instruction>::const_iterator&, int location, const char* op);
+ void printGetByIdOp(ExecState*, int location, Vector<Instruction>::const_iterator&);
+ void printGetByIdCacheStatus(ExecState*, int location);
+ enum CacheDumpMode { DumpCaches, DontDumpCaches };
+ void printCallOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op, CacheDumpMode);
+ void printPutByIdOp(ExecState*, int location, Vector<Instruction>::const_iterator&, const char* op);
+ void visitStructures(SlotVisitor&, Instruction* vPC);
#if ENABLE(DFG_JIT)
bool shouldImmediatelyAssumeLivenessDuringScan()
@@ -1272,7 +1310,7 @@ namespace JSC {
#endif
OwnPtr<RareData> m_rareData;
#if ENABLE(JIT)
- CompileWithDFGState m_canCompileWithDFGState;
+ DFG::CapabilityLevel m_canCompileWithDFGState;
#endif
};
@@ -1312,9 +1350,9 @@ namespace JSC {
protected:
virtual JSObject* compileOptimized(ExecState*, ScopeChainNode*);
virtual void jettison();
- virtual bool jitCompileImpl(JSGlobalData&);
+ virtual bool jitCompileImpl(ExecState*);
virtual CodeBlock* replacement();
- virtual bool canCompileWithDFGInternal();
+ virtual DFG::CapabilityLevel canCompileWithDFGInternal();
#endif
};
@@ -1347,9 +1385,9 @@ namespace JSC {
protected:
virtual JSObject* compileOptimized(ExecState*, ScopeChainNode*);
virtual void jettison();
- virtual bool jitCompileImpl(JSGlobalData&);
+ virtual bool jitCompileImpl(ExecState*);
virtual CodeBlock* replacement();
- virtual bool canCompileWithDFGInternal();
+ virtual DFG::CapabilityLevel canCompileWithDFGInternal();
#endif
private:
@@ -1385,9 +1423,9 @@ namespace JSC {
protected:
virtual JSObject* compileOptimized(ExecState*, ScopeChainNode*);
virtual void jettison();
- virtual bool jitCompileImpl(JSGlobalData&);
+ virtual bool jitCompileImpl(ExecState*);
virtual CodeBlock* replacement();
- virtual bool canCompileWithDFGInternal();
+ virtual DFG::CapabilityLevel canCompileWithDFGInternal();
#endif
};
diff --git a/Source/JavaScriptCore/bytecode/CodeOrigin.h b/Source/JavaScriptCore/bytecode/CodeOrigin.h
index eda17648b..034e48f3f 100644
--- a/Source/JavaScriptCore/bytecode/CodeOrigin.h
+++ b/Source/JavaScriptCore/bytecode/CodeOrigin.h
@@ -28,6 +28,7 @@
#include "ValueRecovery.h"
#include "WriteBarrier.h"
+#include <wtf/BitVector.h>
#include <wtf/StdLibExtras.h>
#include <wtf/Vector.h>
@@ -92,6 +93,7 @@ struct InlineCallFrame {
WriteBarrier<ExecutableBase> executable;
WriteBarrier<JSFunction> callee;
CodeOrigin caller;
+ BitVector capturedVars; // Indexed by the machine call frame's variable numbering.
unsigned stackOffset : 31;
bool isCall : 1;
};
diff --git a/Source/JavaScriptCore/bytecode/DFGExitProfile.h b/Source/JavaScriptCore/bytecode/DFGExitProfile.h
index 31db084f5..09f9ee075 100644
--- a/Source/JavaScriptCore/bytecode/DFGExitProfile.h
+++ b/Source/JavaScriptCore/bytecode/DFGExitProfile.h
@@ -39,6 +39,7 @@ enum ExitKind {
Overflow, // We exited because of overflow.
NegativeZero, // We exited because we encountered negative zero.
InadequateCoverage, // We exited because we ended up in code that didn't have profiling coverage.
+ ArgumentsEscaped, // We exited because arguments escaped but we didn't expect them to.
Uncountable, // We exited for none of the above reasons, and we should not count it. Most uses of this should be viewed as a FIXME.
};
@@ -96,6 +97,15 @@ public:
ASSERT(exitKindIsCountable(kind));
}
+ // Use this constructor if you wish for the exit site to be counted globally within its
+ // code block.
+ explicit FrequentExitSite(ExitKind kind)
+ : m_bytecodeOffset(0)
+ , m_kind(kind)
+ {
+ ASSERT(exitKindIsCountable(kind));
+ }
+
bool operator!() const
{
return m_kind == ExitKindUnset;
@@ -178,6 +188,11 @@ public:
return m_frequentExitSites.find(site) != m_frequentExitSites.end();
}
+ bool hasExitSite(ExitKind kind) const
+ {
+ return hasExitSite(FrequentExitSite(kind));
+ }
+
bool hasExitSite(unsigned bytecodeIndex, ExitKind kind) const
{
return hasExitSite(FrequentExitSite(bytecodeIndex, kind));
diff --git a/Source/JavaScriptCore/bytecode/Operands.h b/Source/JavaScriptCore/bytecode/Operands.h
index a05159f81..05a24d0fd 100644
--- a/Source/JavaScriptCore/bytecode/Operands.h
+++ b/Source/JavaScriptCore/bytecode/Operands.h
@@ -126,6 +126,16 @@ public:
setLocal(operand, value);
}
+ void setOperandFirstTime(int operand, const T& value)
+ {
+ if (operandIsArgument(operand)) {
+ setArgumentFirstTime(operandToArgument(operand), value);
+ return;
+ }
+
+ setLocalFirstTime(operand, value);
+ }
+
void clear()
{
for (size_t i = 0; i < m_arguments.size(); ++i)
diff --git a/Source/JavaScriptCore/bytecode/PredictedType.cpp b/Source/JavaScriptCore/bytecode/PredictedType.cpp
index e8a71772b..5258f4079 100644
--- a/Source/JavaScriptCore/bytecode/PredictedType.cpp
+++ b/Source/JavaScriptCore/bytecode/PredictedType.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,6 +29,7 @@
#include "config.h"
#include "PredictedType.h"
+#include "Arguments.h"
#include "JSArray.h"
#include "JSFunction.h"
#include "ValueProfile.h"
@@ -117,6 +118,16 @@ const char* predictionToString(PredictedType value)
else
isTop = false;
+ if (value & PredictMyArguments)
+ ptr.strcat("Myarguments");
+ else
+ isTop = false;
+
+ if (value & PredictForeignArguments)
+ ptr.strcat("Foreignarguments");
+ else
+ isTop = false;
+
if (value & PredictString)
ptr.strcat("String");
else
@@ -186,6 +197,10 @@ const char* predictionToAbbreviatedString(PredictedType prediction)
return "<Float32array>";
if (isFloat64ArrayPrediction(prediction))
return "<Float64array>";
+ if (isMyArgumentsPrediction(prediction))
+ return "<Myarguments>";
+ if (isArgumentsPrediction(prediction))
+ return "<Arguments>";
if (isObjectPrediction(prediction))
return "<Object>";
if (isCellPrediction(prediction))
@@ -214,6 +229,9 @@ PredictedType predictionFromClassInfo(const ClassInfo* classInfo)
if (classInfo == &JSString::s_info)
return PredictString;
+ if (classInfo == &Arguments::s_info)
+ return PredictArguments; // Cannot distinguish between MyArguments and ForeignArguments at this stage. That happens in the flow analysis.
+
if (classInfo->isSubClassOf(&JSFunction::s_info))
return PredictFunction;
diff --git a/Source/JavaScriptCore/bytecode/PredictedType.h b/Source/JavaScriptCore/bytecode/PredictedType.h
index 54b308124..9f0964a14 100644
--- a/Source/JavaScriptCore/bytecode/PredictedType.h
+++ b/Source/JavaScriptCore/bytecode/PredictedType.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -49,17 +49,20 @@ static const PredictedType PredictUint16Array = 0x00000200; // It's defini
static const PredictedType PredictUint32Array = 0x00000400; // It's definitely an Uint32Array or one of its subclasses.
static const PredictedType PredictFloat32Array = 0x00000800; // It's definitely an Uint16Array or one of its subclasses.
static const PredictedType PredictFloat64Array = 0x00001000; // It's definitely an Uint16Array or one of its subclasses.
-static const PredictedType PredictObjectOther = 0x00002000; // It's definitely an object but not JSFinalObject, JSArray, or JSFunction.
-static const PredictedType PredictObjectMask = 0x00003fff; // Bitmask used for testing for any kind of object prediction.
-static const PredictedType PredictString = 0x00004000; // It's definitely a JSString.
-static const PredictedType PredictCellOther = 0x00008000; // It's definitely a JSCell but not a subclass of JSObject and definitely not a JSString.
-static const PredictedType PredictCell = 0x0000ffff; // It's definitely a JSCell.
-static const PredictedType PredictInt32 = 0x00010000; // It's definitely an Int32.
-static const PredictedType PredictDoubleReal = 0x00020000; // It's definitely a non-NaN double.
-static const PredictedType PredictDoubleNaN = 0x00040000; // It's definitely a NaN.
-static const PredictedType PredictDouble = 0x00060000; // It's either a non-NaN or a NaN double.
-static const PredictedType PredictNumber = 0x00070000; // It's either an Int32 or a Double.
-static const PredictedType PredictBoolean = 0x00080000; // It's definitely a Boolean.
+static const PredictedType PredictMyArguments = 0x00002000; // It's definitely an Arguments object, and it's definitely the one for my current frame.
+static const PredictedType PredictForeignArguments = 0x00004000; // It's definitely an Arguments object, and it's definitely not mine.
+static const PredictedType PredictArguments = 0x00006000; // It's definitely an Arguments object.
+static const PredictedType PredictObjectOther = 0x00008000; // It's definitely an object but not JSFinalObject, JSArray, or JSFunction.
+static const PredictedType PredictObjectMask = 0x0000ffff; // Bitmask used for testing for any kind of object prediction.
+static const PredictedType PredictString = 0x00010000; // It's definitely a JSString.
+static const PredictedType PredictCellOther = 0x00020000; // It's definitely a JSCell but not a subclass of JSObject and definitely not a JSString.
+static const PredictedType PredictCell = 0x0003ffff; // It's definitely a JSCell.
+static const PredictedType PredictInt32 = 0x00800000; // It's definitely an Int32.
+static const PredictedType PredictDoubleReal = 0x01000000; // It's definitely a non-NaN double.
+static const PredictedType PredictDoubleNaN = 0x02000000; // It's definitely a NaN.
+static const PredictedType PredictDouble = 0x03000000; // It's either a non-NaN or a NaN double.
+static const PredictedType PredictNumber = 0x03800000; // It's either an Int32 or a Double.
+static const PredictedType PredictBoolean = 0x04000000; // It's definitely a Boolean.
static const PredictedType PredictOther = 0x08000000; // It's definitely none of the above.
static const PredictedType PredictTop = 0x0fffffff; // It can be any of the above.
static const PredictedType PredictEmpty = 0x10000000; // It's definitely an empty value marker.
@@ -68,6 +71,12 @@ static const PredictedType FixedIndexedStorageMask = PredictInt8Array | PredictI
typedef bool (*PredictionChecker)(PredictedType);
+// Dummy prediction checker, only useful if someone insists on requiring a prediction checker.
+inline bool isAnyPrediction(PredictedType)
+{
+ return true;
+}
+
inline bool isCellPrediction(PredictedType value)
{
return !!(value & PredictCell) && !(value & ~PredictCell);
@@ -153,6 +162,11 @@ inline bool isFloat64ArrayPrediction(PredictedType value)
return value == PredictFloat64Array;
}
+inline bool isArgumentsPrediction(PredictedType value)
+{
+ return !!value && (value & PredictArguments) == value;
+}
+
inline bool isActionableIntMutableArrayPrediction(PredictedType value)
{
return isInt8ArrayPrediction(value)
@@ -179,6 +193,7 @@ inline bool isActionableTypedMutableArrayPrediction(PredictedType value)
inline bool isActionableMutableArrayPrediction(PredictedType value)
{
return isArrayPrediction(value)
+ || isArgumentsPrediction(value)
|| isActionableTypedMutableArrayPrediction(value);
}
@@ -193,6 +208,11 @@ inline bool isArrayOrOtherPrediction(PredictedType value)
return !!(value & (PredictArray | PredictOther)) && !(value & ~(PredictArray | PredictOther));
}
+inline bool isMyArgumentsPrediction(PredictedType value)
+{
+ return value == PredictMyArguments;
+}
+
inline bool isInt32Prediction(PredictedType value)
{
return value == PredictInt32;
diff --git a/Source/JavaScriptCore/bytecode/StructureStubInfo.h b/Source/JavaScriptCore/bytecode/StructureStubInfo.h
index 03c64bf39..9aa40532a 100644
--- a/Source/JavaScriptCore/bytecode/StructureStubInfo.h
+++ b/Source/JavaScriptCore/bytecode/StructureStubInfo.h
@@ -200,15 +200,15 @@ namespace JSC {
#endif
int8_t valueGPR;
int8_t scratchGPR;
- int16_t deltaCallToDone;
- int16_t deltaCallToStructCheck;
- int16_t deltaCallToSlowCase;
- int16_t deltaCheckImmToCall;
+ int32_t deltaCallToDone;
+ int32_t deltaCallToStructCheck;
+ int32_t deltaCallToSlowCase;
+ int32_t deltaCheckImmToCall;
#if USE(JSVALUE64)
- int16_t deltaCallToLoadOrStore;
+ int32_t deltaCallToLoadOrStore;
#else
- int16_t deltaCallToTagLoadOrStore;
- int16_t deltaCallToPayloadLoadOrStore;
+ int32_t deltaCallToTagLoadOrStore;
+ int32_t deltaCallToPayloadLoadOrStore;
#endif
} dfg;
struct {
diff --git a/Source/JavaScriptCore/bytecode/ValueRecovery.h b/Source/JavaScriptCore/bytecode/ValueRecovery.h
index 007c6d3b7..ebca661d0 100644
--- a/Source/JavaScriptCore/bytecode/ValueRecovery.h
+++ b/Source/JavaScriptCore/bytecode/ValueRecovery.h
@@ -61,6 +61,8 @@ enum ValueRecoveryTechnique {
DoubleDisplacedInRegisterFile,
CellDisplacedInRegisterFile,
BooleanDisplacedInRegisterFile,
+ // It's an Arguments object.
+ ArgumentsThatWereNotCreated,
// It's a constant.
Constant,
// Don't know how to recover it.
@@ -190,6 +192,13 @@ public:
return result;
}
+ static ValueRecovery argumentsThatWereNotCreated()
+ {
+ ValueRecovery result;
+ result.m_technique = ArgumentsThatWereNotCreated;
+ return result;
+ }
+
ValueRecoveryTechnique technique() const { return m_technique; }
bool isConstant() const { return m_technique == Constant; }
@@ -315,6 +324,9 @@ public:
case BooleanDisplacedInRegisterFile:
fprintf(out, "*bool(%d)", virtualRegister());
break;
+ case ArgumentsThatWereNotCreated:
+ fprintf(out, "arguments");
+ break;
case Constant:
fprintf(out, "[%s]", constant().description());
break;
diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index e23f1e4d6..4f113f776 100644
--- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
@@ -1544,10 +1544,16 @@ RegisterID* DoWhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID*
RegisterID* WhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
{
RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::Loop);
+ RefPtr<Label> topOfLoop = generator.newLabel();
- generator.emitJump(scope->continueTarget());
+ generator.emitDebugHook(WillExecuteStatement, m_expr->lineNo(), m_expr->lineNo());
+ if (m_expr->hasConditionContextCodegen())
+ generator.emitNodeInConditionContext(m_expr, topOfLoop.get(), scope->breakTarget(), true);
+ else {
+ RegisterID* cond = generator.emitNode(m_expr);
+ generator.emitJumpIfFalse(cond, scope->breakTarget());
+ }
- RefPtr<Label> topOfLoop = generator.newLabel();
generator.emitLabel(topOfLoop.get());
generator.emitLoopHint();
@@ -1579,11 +1585,17 @@ RegisterID* ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
if (m_expr1)
generator.emitNode(generator.ignoredResult(), m_expr1);
-
- RefPtr<Label> condition = generator.newLabel();
- generator.emitJump(condition.get());
-
+
RefPtr<Label> topOfLoop = generator.newLabel();
+ if (m_expr2) {
+ if (m_expr2->hasConditionContextCodegen())
+ generator.emitNodeInConditionContext(m_expr2, topOfLoop.get(), scope->breakTarget(), true);
+ else {
+ RegisterID* cond = generator.emitNode(m_expr2);
+ generator.emitJumpIfFalse(cond, scope->breakTarget());
+ }
+ }
+
generator.emitLabel(topOfLoop.get());
generator.emitLoopHint();
@@ -1594,7 +1606,6 @@ RegisterID* ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
if (m_expr3)
generator.emitNode(generator.ignoredResult(), m_expr3);
- generator.emitLabel(condition.get());
if (m_expr2) {
if (m_expr2->hasConditionContextCodegen())
generator.emitNodeInConditionContext(m_expr2, topOfLoop.get(), scope->breakTarget(), false);
diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
index 3eb5463a7..33c058e7d 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
+++ b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -91,6 +91,8 @@ void AbstractState::beginBasicBlock(BasicBlock* basicBlock)
basicBlock->cfaHasVisited = true;
m_block = basicBlock;
m_isValid = true;
+ m_foundConstants = false;
+ m_branchDirection = InvalidBranchDirection;
}
void AbstractState::initialize(Graph& graph)
@@ -98,6 +100,8 @@ void AbstractState::initialize(Graph& graph)
PROFILE(FLAG_FOR_BLOCK_INITIALIZATION);
BasicBlock* root = graph.m_blocks[0].get();
root->cfaShouldRevisit = true;
+ root->cfaHasVisited = false;
+ root->cfaFoundConstants = false;
for (size_t i = 0; i < root->valuesAtHead.numberOfArguments(); ++i) {
Node& node = graph[root->variablesAtHead.argument(i)];
ASSERT(node.op() == SetArgument);
@@ -108,7 +112,7 @@ void AbstractState::initialize(Graph& graph)
continue;
}
- if (graph.argumentIsCaptured(i)) {
+ if (node.variableAccessData()->isCaptured()) {
root->valuesAtHead.argument(i).makeTop();
continue;
}
@@ -140,21 +144,46 @@ void AbstractState::initialize(Graph& graph)
root->valuesAtHead.argument(i).set(PredictFloat64Array);
else
root->valuesAtHead.argument(i).makeTop();
+
+ root->valuesAtTail.argument(i).clear();
}
for (size_t i = 0; i < root->valuesAtHead.numberOfLocals(); ++i) {
- if (!graph.localIsCaptured(i))
+ NodeIndex nodeIndex = root->variablesAtHead.local(i);
+ if (nodeIndex != NoNode && graph[nodeIndex].variableAccessData()->isCaptured())
+ root->valuesAtHead.local(i).makeTop();
+ else
+ root->valuesAtHead.local(i).clear();
+ root->valuesAtTail.local(i).clear();
+ }
+ for (BlockIndex blockIndex = 1 ; blockIndex < graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = graph.m_blocks[blockIndex].get();
+ if (!block)
continue;
- root->valuesAtHead.local(i).makeTop();
+ if (!block->isReachable)
+ continue;
+ block->cfaShouldRevisit = false;
+ block->cfaHasVisited = false;
+ block->cfaFoundConstants = false;
+ for (size_t i = 0; i < block->valuesAtHead.numberOfArguments(); ++i) {
+ block->valuesAtHead.argument(i).clear();
+ block->valuesAtTail.argument(i).clear();
+ }
+ for (size_t i = 0; i < block->valuesAtHead.numberOfLocals(); ++i) {
+ block->valuesAtHead.local(i).clear();
+ block->valuesAtTail.local(i).clear();
+ }
}
}
-bool AbstractState::endBasicBlock(MergeMode mergeMode)
+bool AbstractState::endBasicBlock(MergeMode mergeMode, BranchDirection* branchDirectionPtr)
{
PROFILE(FLAG_FOR_BLOCK_END);
ASSERT(m_block);
BasicBlock* block = m_block; // Save the block for successor merging.
+ block->cfaFoundConstants = m_foundConstants;
+
if (!m_isValid) {
reset();
return false;
@@ -168,7 +197,8 @@ bool AbstractState::endBasicBlock(MergeMode mergeMode)
dataLog(" Merging state for argument %zu.\n", argument);
#endif
AbstractValue& destination = block->valuesAtTail.argument(argument);
- if (m_graph.argumentIsCaptured(argument)) {
+ NodeIndex nodeIndex = block->variablesAtTail.argument(argument);
+ if (nodeIndex != NoNode && m_graph[nodeIndex].variableAccessData()->isCaptured()) {
if (!destination.isTop()) {
destination.makeTop();
changed = true;
@@ -182,7 +212,8 @@ bool AbstractState::endBasicBlock(MergeMode mergeMode)
dataLog(" Merging state for local %zu.\n", local);
#endif
AbstractValue& destination = block->valuesAtTail.local(local);
- if (m_graph.localIsCaptured(local)) {
+ NodeIndex nodeIndex = block->variablesAtTail.local(local);
+ if (nodeIndex != NoNode && m_graph[nodeIndex].variableAccessData()->isCaptured()) {
if (!destination.isTop()) {
destination.makeTop();
changed = true;
@@ -194,18 +225,27 @@ bool AbstractState::endBasicBlock(MergeMode mergeMode)
ASSERT(mergeMode != DontMerge || !changed);
+ BranchDirection branchDirection = m_branchDirection;
+ if (branchDirectionPtr)
+ *branchDirectionPtr = branchDirection;
+
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Branch direction = %s\n", branchDirectionToString(branchDirection));
+#endif
+
reset();
if (mergeMode != MergeToSuccessors)
return changed;
- return mergeToSuccessors(m_graph, block);
+ return mergeToSuccessors(m_graph, block, branchDirection);
}
void AbstractState::reset()
{
m_block = 0;
m_isValid = false;
+ m_branchDirection = InvalidBranchDirection;
}
bool AbstractState::execute(unsigned indexInBlock)
@@ -223,41 +263,55 @@ bool AbstractState::execute(unsigned indexInBlock)
switch (node.op()) {
case JSConstant:
case WeakJSConstant: {
- JSValue value = m_graph.valueOfJSConstant(nodeIndex);
- // Have to be careful here! It's tempting to call set(value), but
- // that would be wrong, since that would constitute a proof that this
- // value will always have the same structure. The whole point of a value
- // having a structure is that it may change in the future - for example
- // between when we compile the code and when we run it.
- forNode(nodeIndex).set(predictionFromValue(value));
+ forNode(nodeIndex).set(m_graph.valueOfJSConstant(nodeIndex));
+ node.setCanExit(false);
break;
}
case GetLocal: {
- if (m_graph.isCaptured(node.local()))
+ VariableAccessData* variableAccessData = node.variableAccessData();
+ bool canExit = false;
+ canExit |= variableAccessData->prediction() == PredictNone;
+ if (variableAccessData->isCaptured())
forNode(nodeIndex).makeTop();
- else
- forNode(nodeIndex) = m_variables.operand(node.local());
+ else {
+ AbstractValue value = m_variables.operand(variableAccessData->local());
+ if (value.isClear())
+ canExit |= true;
+ forNode(nodeIndex) = value;
+ }
+ node.setCanExit(canExit);
+ break;
+ }
+
+ case GetLocalUnlinked: {
+ forNode(nodeIndex).makeTop();
+ node.setCanExit(false);
break;
}
case SetLocal: {
- if (m_graph.isCaptured(node.local()))
+ if (node.variableAccessData()->isCaptured()) {
+ node.setCanExit(false);
break;
+ }
if (node.variableAccessData()->shouldUseDoubleFormat()) {
- forNode(node.child1()).filter(PredictNumber);
+ speculateNumberUnary(node);
m_variables.operand(node.local()).set(PredictDouble);
break;
}
PredictedType predictedType = node.variableAccessData()->argumentAwarePrediction();
if (isInt32Prediction(predictedType))
- forNode(node.child1()).filter(PredictInt32);
- else if (isArrayPrediction(predictedType))
+ speculateInt32Unary(node);
+ else if (isArrayPrediction(predictedType)) {
+ node.setCanExit(!isArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictArray);
- else if (isBooleanPrediction(predictedType))
- forNode(node.child1()).filter(PredictBoolean);
+ } else if (isBooleanPrediction(predictedType))
+ speculateBooleanUnary(node);
+ else
+ node.setCanExit(false);
m_variables.operand(node.local()) = forNode(node.child1());
break;
@@ -266,6 +320,7 @@ bool AbstractState::execute(unsigned indexInBlock)
case SetArgument:
// Assert that the state of arguments has been set.
ASSERT(!m_block->valuesAtHead.operand(node.local()).isClear());
+ node.setCanExit(false);
break;
case BitAnd:
@@ -273,39 +328,116 @@ bool AbstractState::execute(unsigned indexInBlock)
case BitXor:
case BitRShift:
case BitLShift:
- case BitURShift:
- forNode(node.child1()).filter(PredictInt32);
- forNode(node.child2()).filter(PredictInt32);
+ case BitURShift: {
+ JSValue left = forNode(node.child1()).value();
+ JSValue right = forNode(node.child2()).value();
+ if (left && right && left.isInt32() && right.isInt32()) {
+ int32_t a = left.asInt32();
+ int32_t b = right.asInt32();
+ switch (node.op()) {
+ case BitAnd:
+ forNode(nodeIndex).set(JSValue(a & b));
+ break;
+ case BitOr:
+ forNode(nodeIndex).set(JSValue(a | b));
+ break;
+ case BitXor:
+ forNode(nodeIndex).set(JSValue(a ^ b));
+ break;
+ case BitRShift:
+ forNode(nodeIndex).set(JSValue(a >> static_cast<uint32_t>(b)));
+ break;
+ case BitLShift:
+ forNode(nodeIndex).set(JSValue(a << static_cast<uint32_t>(b)));
+ break;
+ case BitURShift:
+ forNode(nodeIndex).set(JSValue(static_cast<uint32_t>(a) >> static_cast<uint32_t>(b)));
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ }
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+ speculateInt32Binary(node);
forNode(nodeIndex).set(PredictInt32);
break;
+ }
- case UInt32ToNumber:
- if (!node.canSpeculateInteger())
+ case UInt32ToNumber: {
+ JSValue child = forNode(node.child1()).value();
+ if (child && child.isNumber()) {
+ ASSERT(child.isInt32());
+ forNode(nodeIndex).set(JSValue(child.asUInt32()));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+ if (!node.canSpeculateInteger()) {
forNode(nodeIndex).set(PredictDouble);
- else
+ node.setCanExit(false);
+ } else {
forNode(nodeIndex).set(PredictInt32);
+ node.setCanExit(true);
+ }
break;
+ }
+
- case DoubleAsInt32:
+ case DoubleAsInt32: {
+ JSValue child = forNode(node.child1()).value();
+ if (child && child.isNumber()) {
+ double asDouble = child.asNumber();
+ int32_t asInt = JSC::toInt32(asDouble);
+ if (bitwise_cast<int64_t>(static_cast<double>(asInt)) == bitwise_cast<int64_t>(asDouble)) {
+ forNode(nodeIndex).set(JSValue(asInt));
+ m_foundConstants = true;
+ break;
+ }
+ }
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictNumber);
forNode(nodeIndex).set(PredictInt32);
break;
+ }
- case ValueToInt32:
+ case ValueToInt32: {
+ JSValue child = forNode(node.child1()).value();
+ if (child && child.isNumber()) {
+ if (child.isInt32())
+ forNode(nodeIndex).set(child);
+ else
+ forNode(nodeIndex).set(JSValue(JSC::toInt32(child.asDouble())));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
if (m_graph[node.child1()].shouldSpeculateInteger())
- forNode(node.child1()).filter(PredictInt32);
+ speculateInt32Unary(node);
else if (m_graph[node.child1()].shouldSpeculateNumber())
- forNode(node.child1()).filter(PredictNumber);
+ speculateNumberUnary(node);
else if (m_graph[node.child1()].shouldSpeculateBoolean())
- forNode(node.child1()).filter(PredictBoolean);
+ speculateBooleanUnary(node);
+ else
+ node.setCanExit(false);
forNode(nodeIndex).set(PredictInt32);
break;
+ }
- case Int32ToDouble:
- forNode(node.child1()).filter(PredictNumber);
+ case Int32ToDouble: {
+ JSValue child = forNode(node.child1()).value();
+ if (child && child.isNumber()) {
+ forNode(nodeIndex).set(JSValue(JSValue::EncodeAsDouble, child.asNumber()));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+ speculateNumberUnary(node);
forNode(nodeIndex).set(PredictDouble);
break;
+ }
case CheckNumber:
forNode(node.child1()).filter(PredictNumber);
@@ -313,98 +445,196 @@ bool AbstractState::execute(unsigned indexInBlock)
case ValueAdd:
case ArithAdd: {
+ JSValue left = forNode(node.child1()).value();
+ JSValue right = forNode(node.child2()).value();
+ if (left && right && left.isNumber() && right.isNumber()) {
+ forNode(nodeIndex).set(JSValue(left.asNumber() + right.asNumber()));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
if (m_graph.addShouldSpeculateInteger(node)) {
- forNode(node.child1()).filter(PredictInt32);
- forNode(node.child2()).filter(PredictInt32);
+ speculateInt32Binary(
+ node, !nodeCanTruncateInteger(node.arithNodeFlags()));
forNode(nodeIndex).set(PredictInt32);
break;
}
if (Node::shouldSpeculateNumber(m_graph[node.child1()], m_graph[node.child2()])) {
- forNode(node.child1()).filter(PredictNumber);
- forNode(node.child2()).filter(PredictNumber);
+ speculateNumberBinary(node);
forNode(nodeIndex).set(PredictDouble);
break;
}
if (node.op() == ValueAdd) {
clobberStructures(indexInBlock);
forNode(nodeIndex).set(PredictString | PredictInt32 | PredictNumber);
+ node.setCanExit(false);
break;
}
// We don't handle this yet. :-(
m_isValid = false;
+ node.setCanExit(true);
break;
}
case ArithSub: {
+ JSValue left = forNode(node.child1()).value();
+ JSValue right = forNode(node.child2()).value();
+ if (left && right && left.isNumber() && right.isNumber()) {
+ forNode(nodeIndex).set(JSValue(left.asNumber() - right.asNumber()));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
if (m_graph.addShouldSpeculateInteger(node)) {
- forNode(node.child1()).filter(PredictInt32);
- forNode(node.child2()).filter(PredictInt32);
+ speculateInt32Binary(
+ node, !nodeCanTruncateInteger(node.arithNodeFlags()));
forNode(nodeIndex).set(PredictInt32);
break;
}
- forNode(node.child1()).filter(PredictNumber);
- forNode(node.child2()).filter(PredictNumber);
+ speculateNumberBinary(node);
forNode(nodeIndex).set(PredictDouble);
break;
}
case ArithNegate: {
+ JSValue child = forNode(node.child1()).value();
+ if (child && child.isNumber()) {
+ forNode(nodeIndex).set(JSValue(-child.asNumber()));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
if (m_graph.negateShouldSpeculateInteger(node)) {
- forNode(node.child1()).filter(PredictInt32);
+ speculateInt32Unary(
+ node, !nodeCanTruncateInteger(node.arithNodeFlags()));
forNode(nodeIndex).set(PredictInt32);
break;
}
- forNode(node.child1()).filter(PredictNumber);
+ speculateNumberUnary(node);
+ forNode(nodeIndex).set(PredictDouble);
+ break;
+ }
+
+ case ArithMul: {
+ JSValue left = forNode(node.child1()).value();
+ JSValue right = forNode(node.child2()).value();
+ if (left && right && left.isNumber() && right.isNumber()) {
+ forNode(nodeIndex).set(JSValue(left.asNumber() * right.asNumber()));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+ if (m_graph.mulShouldSpeculateInteger(node)) {
+ speculateInt32Binary(
+ node,
+ !nodeCanTruncateInteger(node.arithNodeFlags())
+ || !nodeCanIgnoreNegativeZero(node.arithNodeFlags()));
+ forNode(nodeIndex).set(PredictInt32);
+ break;
+ }
+ speculateNumberBinary(node);
forNode(nodeIndex).set(PredictDouble);
break;
}
- case ArithMul:
case ArithDiv:
case ArithMin:
case ArithMax:
case ArithMod: {
- if (Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child2()]) && node.canSpeculateInteger()) {
- forNode(node.child1()).filter(PredictInt32);
- forNode(node.child2()).filter(PredictInt32);
+ JSValue left = forNode(node.child1()).value();
+ JSValue right = forNode(node.child2()).value();
+ if (left && right && left.isNumber() && right.isNumber()) {
+ double a = left.asNumber();
+ double b = right.asNumber();
+ switch (node.op()) {
+ case ArithDiv:
+ forNode(nodeIndex).set(JSValue(a / b));
+ break;
+ case ArithMin:
+ forNode(nodeIndex).set(JSValue(a < b ? a : (b <= a ? b : a + b)));
+ break;
+ case ArithMax:
+ forNode(nodeIndex).set(JSValue(a > b ? a : (b >= a ? b : a + b)));
+ break;
+ case ArithMod:
+ forNode(nodeIndex).set(JSValue(fmod(a, b)));
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ break;
+ }
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+ if (Node::shouldSpeculateInteger(
+ m_graph[node.child1()], m_graph[node.child2()])
+ && node.canSpeculateInteger()) {
+ speculateInt32Binary(node, true); // forcing can-exit, which is a bit on the conservative side.
forNode(nodeIndex).set(PredictInt32);
break;
}
- forNode(node.child1()).filter(PredictNumber);
- forNode(node.child2()).filter(PredictNumber);
+ speculateNumberBinary(node);
forNode(nodeIndex).set(PredictDouble);
break;
}
- case ArithAbs:
- if (m_graph[node.child1()].shouldSpeculateInteger() && node.canSpeculateInteger()) {
- forNode(node.child1()).filter(PredictInt32);
+ case ArithAbs: {
+ JSValue child = forNode(node.child1()).value();
+ if (child && child.isNumber()) {
+ forNode(nodeIndex).set(JSValue(fabs(child.asNumber())));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+ if (m_graph[node.child1()].shouldSpeculateInteger()
+ && node.canSpeculateInteger()) {
+ speculateInt32Unary(node, true);
forNode(nodeIndex).set(PredictInt32);
break;
}
- forNode(node.child1()).filter(PredictNumber);
+ speculateNumberUnary(node);
forNode(nodeIndex).set(PredictDouble);
break;
+ }
- case ArithSqrt:
- forNode(node.child1()).filter(PredictNumber);
+ case ArithSqrt: {
+ JSValue child = forNode(node.child1()).value();
+ if (child && child.isNumber()) {
+ forNode(nodeIndex).set(JSValue(sqrt(child.asNumber())));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+ speculateNumberUnary(node);
forNode(nodeIndex).set(PredictDouble);
break;
+ }
case LogicalNot: {
+ JSValue childConst = forNode(node.child1()).value();
+ if (childConst) {
+ forNode(nodeIndex).set(jsBoolean(!childConst.toBoolean()));
+ node.setCanExit(false);
+ break;
+ }
Node& child = m_graph[node.child1()];
if (isBooleanPrediction(child.prediction()))
- forNode(node.child1()).filter(PredictBoolean);
- else if (child.shouldSpeculateFinalObjectOrOther())
+ speculateBooleanUnary(node);
+ else if (child.shouldSpeculateFinalObjectOrOther()) {
+ node.setCanExit(
+ !isFinalObjectOrOtherPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictFinalObject | PredictOther);
- else if (child.shouldSpeculateArrayOrOther())
+ } else if (child.shouldSpeculateArrayOrOther()) {
+ node.setCanExit(
+ !isArrayOrOtherPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictArray | PredictOther);
- else if (child.shouldSpeculateInteger())
- forNode(node.child1()).filter(PredictInt32);
+ } else if (child.shouldSpeculateInteger())
+ speculateInt32Unary(node);
else if (child.shouldSpeculateNumber())
- forNode(node.child1()).filter(PredictNumber);
+ speculateNumberUnary(node);
else
- clobberStructures(indexInBlock);
+ node.setCanExit(false);
forNode(nodeIndex).set(PredictBoolean);
break;
}
@@ -415,6 +645,34 @@ bool AbstractState::execute(unsigned indexInBlock)
case IsString:
case IsObject:
case IsFunction: {
+ node.setCanExit(false);
+ JSValue child = forNode(node.child1()).value();
+ if (child) {
+ bool foundConstant = true;
+ switch (node.op()) {
+ case IsUndefined:
+ forNode(nodeIndex).set(jsBoolean(
+ child.isCell()
+ ? child.asCell()->structure()->typeInfo().masqueradesAsUndefined()
+ : child.isUndefined()));
+ break;
+ case IsBoolean:
+ forNode(nodeIndex).set(jsBoolean(child.isBoolean()));
+ break;
+ case IsNumber:
+ forNode(nodeIndex).set(jsBoolean(child.isNumber()));
+ break;
+ case IsString:
+ forNode(nodeIndex).set(jsBoolean(isJSString(child)));
+ break;
+ default:
+ break;
+ }
+ if (foundConstant) {
+ m_foundConstants = true;
+ break;
+ }
+ }
forNode(nodeIndex).set(PredictBoolean);
break;
}
@@ -424,74 +682,182 @@ bool AbstractState::execute(unsigned indexInBlock)
case CompareGreater:
case CompareGreaterEq:
case CompareEq: {
+ JSValue leftConst = forNode(node.child1()).value();
+ JSValue rightConst = forNode(node.child2()).value();
+ if (leftConst && rightConst && leftConst.isNumber() && rightConst.isNumber()) {
+ double a = leftConst.asNumber();
+ double b = rightConst.asNumber();
+ switch (node.op()) {
+ case CompareLess:
+ forNode(nodeIndex).set(jsBoolean(a < b));
+ break;
+ case CompareLessEq:
+ forNode(nodeIndex).set(jsBoolean(a <= b));
+ break;
+ case CompareGreater:
+ forNode(nodeIndex).set(jsBoolean(a > b));
+ break;
+ case CompareGreaterEq:
+ forNode(nodeIndex).set(jsBoolean(a >= b));
+ break;
+ case CompareEq:
+ forNode(nodeIndex).set(jsBoolean(a == b));
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ break;
+ }
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+
forNode(nodeIndex).set(PredictBoolean);
Node& left = m_graph[node.child1()];
Node& right = m_graph[node.child2()];
PredictedType filter;
- if (Node::shouldSpeculateInteger(left, right))
+ PredictionChecker checker;
+ if (Node::shouldSpeculateInteger(left, right)) {
filter = PredictInt32;
- else if (Node::shouldSpeculateNumber(left, right))
+ checker = isInt32Prediction;
+ } else if (Node::shouldSpeculateNumber(left, right)) {
filter = PredictNumber;
- else if (node.op() == CompareEq) {
+ checker = isNumberPrediction;
+ } else if (node.op() == CompareEq) {
if ((m_graph.isConstant(node.child1().index())
&& m_graph.valueOfJSConstant(node.child1().index()).isNull())
|| (m_graph.isConstant(node.child2().index())
&& m_graph.valueOfJSConstant(node.child2().index()).isNull())) {
// We know that this won't clobber the world. But that's all we know.
+ node.setCanExit(false);
break;
}
- if (Node::shouldSpeculateFinalObject(left, right))
+ if (Node::shouldSpeculateFinalObject(left, right)) {
filter = PredictFinalObject;
- else if (Node::shouldSpeculateArray(left, right))
+ checker = isFinalObjectPrediction;
+ } else if (Node::shouldSpeculateArray(left, right)) {
filter = PredictArray;
- else if (left.shouldSpeculateFinalObject() && right.shouldSpeculateFinalObjectOrOther()) {
+ checker = isArrayPrediction;
+ } else if (left.shouldSpeculateFinalObject() && right.shouldSpeculateFinalObjectOrOther()) {
+ node.setCanExit(
+ !isFinalObjectPrediction(forNode(node.child1()).m_type)
+ || !isFinalObjectOrOtherPrediction(forNode(node.child2()).m_type));
forNode(node.child1()).filter(PredictFinalObject);
forNode(node.child2()).filter(PredictFinalObject | PredictOther);
break;
} else if (right.shouldSpeculateFinalObject() && left.shouldSpeculateFinalObjectOrOther()) {
+ node.setCanExit(
+ !isFinalObjectOrOtherPrediction(forNode(node.child1()).m_type)
+ || !isFinalObjectPrediction(forNode(node.child2()).m_type));
forNode(node.child1()).filter(PredictFinalObject | PredictOther);
forNode(node.child2()).filter(PredictFinalObject);
break;
} else if (left.shouldSpeculateArray() && right.shouldSpeculateArrayOrOther()) {
- forNode(node.child1()).filter(PredictFinalObject);
- forNode(node.child2()).filter(PredictFinalObject | PredictOther);
+ node.setCanExit(
+ !isArrayPrediction(forNode(node.child1()).m_type)
+ || !isArrayOrOtherPrediction(forNode(node.child2()).m_type));
+ forNode(node.child1()).filter(PredictArray);
+ forNode(node.child2()).filter(PredictArray | PredictOther);
break;
} else if (right.shouldSpeculateArray() && left.shouldSpeculateArrayOrOther()) {
- forNode(node.child1()).filter(PredictFinalObject | PredictOther);
- forNode(node.child2()).filter(PredictFinalObject);
+ node.setCanExit(
+ !isArrayOrOtherPrediction(forNode(node.child1()).m_type)
+ || !isArrayPrediction(forNode(node.child2()).m_type));
+ forNode(node.child1()).filter(PredictArray | PredictOther);
+ forNode(node.child2()).filter(PredictArray);
break;
} else {
filter = PredictTop;
+ checker = isAnyPrediction;
clobberStructures(indexInBlock);
}
} else {
filter = PredictTop;
+ checker = isAnyPrediction;
clobberStructures(indexInBlock);
}
+ node.setCanExit(
+ !checker(forNode(node.child1()).m_type)
+ || !checker(forNode(node.child2()).m_type));
forNode(node.child1()).filter(filter);
forNode(node.child2()).filter(filter);
break;
}
- case CompareStrictEq:
+ case CompareStrictEq: {
+ JSValue left = forNode(node.child1()).value();
+ JSValue right = forNode(node.child2()).value();
+ if (left && right && left.isNumber() && right.isNumber()) {
+ forNode(nodeIndex).set(jsBoolean(left.asNumber() == right.asNumber()));
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
forNode(nodeIndex).set(PredictBoolean);
+ if (m_graph.isJSConstant(node.child1().index())) {
+ JSValue value = m_graph.valueOfJSConstant(node.child1().index());
+ if (!value.isNumber() && !value.isString()) {
+ node.setCanExit(false);
+ break;
+ }
+ }
+ if (m_graph.isJSConstant(node.child2().index())) {
+ JSValue value = m_graph.valueOfJSConstant(node.child2().index());
+ if (!value.isNumber() && !value.isString()) {
+ node.setCanExit(false);
+ break;
+ }
+ }
+ if (Node::shouldSpeculateInteger(
+ m_graph[node.child1()], m_graph[node.child2()])) {
+ speculateInt32Binary(node);
+ break;
+ }
+ if (Node::shouldSpeculateNumber(
+ m_graph[node.child1()], m_graph[node.child2()])) {
+ speculateNumberBinary(node);
+ break;
+ }
+ if (Node::shouldSpeculateFinalObject(
+ m_graph[node.child1()], m_graph[node.child2()])) {
+ node.setCanExit(
+ !isFinalObjectPrediction(forNode(node.child1()).m_type)
+ || !isFinalObjectPrediction(forNode(node.child2()).m_type));
+ forNode(node.child1()).filter(PredictFinalObject);
+ forNode(node.child2()).filter(PredictFinalObject);
+ break;
+ }
+ if (Node::shouldSpeculateArray(
+ m_graph[node.child1()], m_graph[node.child2()])) {
+ node.setCanExit(
+ !isArrayPrediction(forNode(node.child1()).m_type)
+ || !isArrayPrediction(forNode(node.child2()).m_type));
+ forNode(node.child1()).filter(PredictArray);
+ forNode(node.child2()).filter(PredictArray);
+ break;
+ }
+ node.setCanExit(false);
break;
+ }
case StringCharCodeAt:
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictString);
forNode(node.child2()).filter(PredictInt32);
forNode(nodeIndex).set(PredictInt32);
break;
case StringCharAt:
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictString);
forNode(node.child2()).filter(PredictInt32);
forNode(nodeIndex).set(PredictString);
break;
case GetByVal: {
+ node.setCanExit(true);
if (!node.prediction() || !m_graph[node.child1()].prediction() || !m_graph[node.child2()].prediction()) {
m_isValid = false;
break;
@@ -501,6 +867,12 @@ bool AbstractState::execute(unsigned indexInBlock)
forNode(nodeIndex).makeTop();
break;
}
+ if (m_graph[node.child1()].shouldSpeculateArguments()) {
+ forNode(node.child1()).filter(PredictArguments);
+ forNode(node.child2()).filter(PredictInt32);
+ forNode(nodeIndex).makeTop();
+ break;
+ }
if (m_graph[node.child1()].prediction() == PredictString) {
forNode(node.child1()).filter(PredictString);
forNode(node.child2()).filter(PredictInt32);
@@ -574,17 +946,27 @@ bool AbstractState::execute(unsigned indexInBlock)
case PutByVal:
case PutByValAlias: {
+ node.setCanExit(true);
if (!m_graph[node.child1()].prediction() || !m_graph[node.child2()].prediction()) {
m_isValid = false;
break;
}
- if (!m_graph[node.child2()].shouldSpeculateInteger() || !isActionableMutableArrayPrediction(m_graph[node.child1()].prediction())) {
+ if (!m_graph[node.child2()].shouldSpeculateInteger() || !isActionableMutableArrayPrediction(m_graph[node.child1()].prediction())
+#if USE(JSVALUE32_64)
+ || m_graph[node.child1()].shouldSpeculateArguments()
+#endif
+ ) {
ASSERT(node.op() == PutByVal);
clobberStructures(indexInBlock);
forNode(nodeIndex).makeTop();
break;
}
+ if (m_graph[node.child1()].shouldSpeculateArguments()) {
+ forNode(node.child1()).filter(PredictArguments);
+ forNode(node.child2()).filter(PredictInt32);
+ break;
+ }
if (m_graph[node.child1()].shouldSpeculateInt8Array()) {
forNode(node.child1()).filter(PredictInt8Array);
forNode(node.child2()).filter(PredictInt32);
@@ -667,53 +1049,93 @@ bool AbstractState::execute(unsigned indexInBlock)
}
case ArrayPush:
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictArray);
forNode(nodeIndex).set(PredictNumber);
break;
case ArrayPop:
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictArray);
forNode(nodeIndex).makeTop();
break;
case RegExpExec:
case RegExpTest:
+ node.setCanExit(
+ !isCellPrediction(forNode(node.child1()).m_type)
+ || !isCellPrediction(forNode(node.child2()).m_type));
forNode(node.child1()).filter(PredictCell);
forNode(node.child2()).filter(PredictCell);
forNode(nodeIndex).makeTop();
break;
case Jump:
+ node.setCanExit(false);
break;
case Branch: {
- // There is probably profit to be found in doing sparse conditional constant
- // propagation, and to take it one step further, where a variable's value
- // is specialized on each direction of a branch. For now, we don't do this.
+ JSValue value = forNode(node.child1()).value();
+ if (value) {
+ bool booleanValue = value.toBoolean();
+ if (booleanValue)
+ m_branchDirection = TakeTrue;
+ else
+ m_branchDirection = TakeFalse;
+ node.setCanExit(false);
+ break;
+ }
+ // FIXME: The above handles the trivial cases of sparse conditional
+ // constant propagation, but we can do better:
+ // 1) If the abstract value does not have a concrete value but describes
+ // something that is known to evaluate true (or false) then we ought
+ // to sparse conditional that.
+ // 2) We can specialize the source variable's value on each direction of
+ // the branch.
Node& child = m_graph[node.child1()];
if (child.shouldSpeculateBoolean())
- forNode(node.child1()).filter(PredictBoolean);
- else if (child.shouldSpeculateFinalObjectOrOther())
+ speculateBooleanUnary(node);
+ else if (child.shouldSpeculateFinalObjectOrOther()) {
+ node.setCanExit(
+ !isFinalObjectOrOtherPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictFinalObject | PredictOther);
- else if (child.shouldSpeculateArrayOrOther())
+ } else if (child.shouldSpeculateArrayOrOther()) {
+ node.setCanExit(
+ !isArrayOrOtherPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictArray | PredictOther);
- else if (child.shouldSpeculateInteger())
- forNode(node.child1()).filter(PredictInt32);
+ } else if (child.shouldSpeculateInteger())
+ speculateInt32Unary(node);
else if (child.shouldSpeculateNumber())
- forNode(node.child1()).filter(PredictNumber);
+ speculateNumberUnary(node);
+ else
+ node.setCanExit(false);
+ m_branchDirection = TakeBoth;
break;
}
case Return:
+ m_isValid = false;
+ node.setCanExit(false);
+ break;
+
case Throw:
case ThrowReferenceError:
m_isValid = false;
+ node.setCanExit(true);
break;
case ToPrimitive: {
+ JSValue childConst = forNode(node.child1()).value();
+ if (childConst && childConst.isNumber()) {
+ forNode(nodeIndex).set(childConst);
+ m_foundConstants = true;
+ node.setCanExit(false);
+ break;
+ }
+
Node& child = m_graph[node.child1()];
if (child.shouldSpeculateInteger()) {
- forNode(node.child1()).filter(PredictInt32);
+ speculateInt32Unary(node);
forNode(nodeIndex).set(PredictInt32);
break;
}
@@ -727,20 +1149,24 @@ bool AbstractState::execute(unsigned indexInBlock)
type |= PredictString;
}
destination.set(type);
+ node.setCanExit(false);
break;
}
case StrCat:
+ node.setCanExit(false);
forNode(nodeIndex).set(PredictString);
break;
case NewArray:
case NewArrayBuffer:
+ node.setCanExit(false);
forNode(nodeIndex).set(m_codeBlock->globalObject()->arrayStructure());
m_haveStructures = true;
break;
case NewRegexp:
+ node.setCanExit(false);
forNode(nodeIndex).set(m_codeBlock->globalObject()->regExpStructure());
m_haveStructures = true;
break;
@@ -755,9 +1181,12 @@ bool AbstractState::execute(unsigned indexInBlock)
// object, so there's nothing to do. I don't think this case will
// be hit, but then again, you never know.
destination = source;
+ node.setCanExit(false);
break;
}
+ node.setCanExit(true);
+
if (isOtherPrediction(child.prediction())) {
source.filter(PredictOther);
destination.set(PredictObjectOther);
@@ -778,6 +1207,8 @@ bool AbstractState::execute(unsigned indexInBlock)
case CreateThis: {
AbstractValue& source = forNode(node.child1());
AbstractValue& destination = forNode(nodeIndex);
+
+ node.setCanExit(!isCellPrediction(source.m_type));
source.filter(PredictFunction);
destination.set(PredictFinalObject);
@@ -785,43 +1216,107 @@ bool AbstractState::execute(unsigned indexInBlock)
}
case NewObject:
+ node.setCanExit(false);
forNode(nodeIndex).set(m_codeBlock->globalObjectFor(node.codeOrigin)->emptyObjectStructure());
m_haveStructures = true;
break;
case CreateActivation:
+ node.setCanExit(false);
forNode(nodeIndex).set(m_graph.m_globalData.activationStructure.get());
m_haveStructures = true;
break;
+ case CreateArguments:
+ node.setCanExit(false);
+ forNode(nodeIndex).set(m_codeBlock->globalObjectFor(node.codeOrigin)->argumentsStructure());
+ m_haveStructures = true;
+ break;
+
case TearOffActivation:
+ case TearOffArguments:
+ node.setCanExit(false);
// Does nothing that is user-visible.
break;
+
+ case CheckArgumentsNotCreated:
+ node.setCanExit(true);
+ break;
+
+ case GetMyArgumentsLength:
+ // We know that this executable does not escape its arguments, so we can optimize
+ // the arguments a bit. Note that this is not sufficient to force constant folding
+ // of GetMyArgumentsLength, because GetMyArgumentsLength is a clobbering operation.
+ // We perform further optimizations on this later on.
+ if (node.codeOrigin.inlineCallFrame) {
+ forNode(nodeIndex).set(jsNumber(node.codeOrigin.inlineCallFrame->arguments.size() - 1));
+ node.setCanExit(false);
+ break;
+ }
+ node.setCanExit(true);
+ forNode(nodeIndex).set(PredictInt32);
+ break;
+
+ case GetMyArgumentsLengthSafe:
+ node.setCanExit(false);
+ // This potentially clobbers all structures if the arguments object had a getter
+ // installed on the length property.
+ clobberStructures(indexInBlock);
+ // We currently make no guarantee about what this returns because it does not
+ // speculate that the length property is actually a length.
+ forNode(nodeIndex).makeTop();
+ break;
+
+ case GetMyArgumentByVal:
+ node.setCanExit(true);
+ // We know that this executable does not escape its arguments, so we can optimize
+ // the arguments a bit. Note that this ends up being further optimized by the
+ // ArgumentsSimplificationPhase.
+ forNode(node.child1()).filter(PredictInt32);
+ forNode(nodeIndex).makeTop();
+ break;
+
+ case GetMyArgumentByValSafe:
+ node.setCanExit(false);
+ // This potentially clobbers all structures if the property we're accessing has
+ // a getter. We don't speculate against this.
+ clobberStructures(indexInBlock);
+ // But we do speculate that the index is an integer.
+ forNode(node.child1()).filter(PredictInt32);
+ // And the result is unknown.
+ forNode(nodeIndex).makeTop();
+ break;
case NewFunction:
case NewFunctionExpression:
case NewFunctionNoCheck:
+ node.setCanExit(false);
forNode(nodeIndex).set(m_codeBlock->globalObjectFor(node.codeOrigin)->functionStructure());
break;
case GetCallee:
+ node.setCanExit(false);
forNode(nodeIndex).set(PredictFunction);
break;
case GetScopeChain:
+ node.setCanExit(false);
forNode(nodeIndex).set(PredictCellOther);
break;
case GetScopedVar:
+ node.setCanExit(false);
forNode(nodeIndex).makeTop();
break;
case PutScopedVar:
+ node.setCanExit(false);
clobberStructures(indexInBlock);
break;
case GetById:
case GetByIdFlush:
+ node.setCanExit(true);
if (!node.prediction()) {
m_isValid = false;
break;
@@ -833,73 +1328,102 @@ bool AbstractState::execute(unsigned indexInBlock)
break;
case GetArrayLength:
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictArray);
forNode(nodeIndex).set(PredictInt32);
break;
+ case GetArgumentsLength:
+ node.setCanExit(true);
+ forNode(node.child1()).filter(PredictArguments);
+ forNode(nodeIndex).set(PredictInt32);
+ break;
+
case GetStringLength:
+ node.setCanExit(!isStringPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictString);
forNode(nodeIndex).set(PredictInt32);
break;
case GetInt8ArrayLength:
+ node.setCanExit(!isInt8ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictInt8Array);
forNode(nodeIndex).set(PredictInt32);
break;
case GetInt16ArrayLength:
+ node.setCanExit(!isInt16ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictInt16Array);
forNode(nodeIndex).set(PredictInt32);
break;
case GetInt32ArrayLength:
+ node.setCanExit(!isInt32ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictInt32Array);
forNode(nodeIndex).set(PredictInt32);
break;
case GetUint8ArrayLength:
+ node.setCanExit(!isUint8ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictUint8Array);
forNode(nodeIndex).set(PredictInt32);
break;
case GetUint8ClampedArrayLength:
+ node.setCanExit(!isUint8ClampedArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictUint8ClampedArray);
forNode(nodeIndex).set(PredictInt32);
break;
case GetUint16ArrayLength:
+ node.setCanExit(!isUint16ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictUint16Array);
forNode(nodeIndex).set(PredictInt32);
break;
case GetUint32ArrayLength:
+ node.setCanExit(!isUint32ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictUint32Array);
forNode(nodeIndex).set(PredictInt32);
break;
case GetFloat32ArrayLength:
+ node.setCanExit(!isFloat32ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictFloat32Array);
forNode(nodeIndex).set(PredictInt32);
break;
case GetFloat64ArrayLength:
+ node.setCanExit(!isFloat64ArrayPrediction(forNode(node.child1()).m_type));
forNode(node.child1()).filter(PredictFloat64Array);
forNode(nodeIndex).set(PredictInt32);
break;
- case CheckStructure:
+ case CheckStructure: {
// FIXME: We should be able to propagate the structure sets of constants (i.e. prototypes).
- forNode(node.child1()).filter(node.structureSet());
+ AbstractValue& value = forNode(node.child1());
+ node.setCanExit(
+ !value.m_structure.isSubsetOf(node.structureSet())
+ || !isCellPrediction(value.m_type));
+ value.filter(node.structureSet());
m_haveStructures = true;
break;
+ }
case PutStructure:
+ node.setCanExit(false);
clobberStructures(indexInBlock);
forNode(node.child1()).set(node.structureTransitionData().newStructure);
m_haveStructures = true;
break;
case GetPropertyStorage:
+ node.setCanExit(false);
forNode(node.child1()).filter(PredictCell);
forNode(nodeIndex).clear(); // The result is not a JS value.
break;
case GetIndexedPropertyStorage: {
+ node.setCanExit(true); // Lies, but this is (almost) always followed by GetByVal, which does exit. So no point in trying to be more precise.
PredictedType basePrediction = m_graph[node.child2()].prediction();
if (!(basePrediction & PredictInt32) && basePrediction) {
forNode(nodeIndex).clear();
break;
}
+ if (m_graph[node.child1()].shouldSpeculateArguments()) {
+ ASSERT_NOT_REACHED();
+ break;
+ }
if (m_graph[node.child1()].prediction() == PredictString) {
forNode(node.child1()).filter(PredictString);
forNode(nodeIndex).clear();
@@ -956,38 +1480,46 @@ bool AbstractState::execute(unsigned indexInBlock)
break;
}
case GetByOffset:
+ node.setCanExit(false);
forNode(node.child1()).filter(PredictCell);
forNode(nodeIndex).makeTop();
break;
case PutByOffset:
+ node.setCanExit(false);
forNode(node.child1()).filter(PredictCell);
break;
case CheckFunction:
+ node.setCanExit(true); // Lies! We can do better.
forNode(node.child1()).filter(PredictFunction);
// FIXME: Should be able to propagate the fact that we know what the function is.
break;
case PutById:
case PutByIdDirect:
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictCell);
clobberStructures(indexInBlock);
break;
case GetGlobalVar:
+ node.setCanExit(false);
forNode(nodeIndex).makeTop();
break;
case PutGlobalVar:
+ node.setCanExit(false);
break;
case CheckHasInstance:
+ node.setCanExit(true);
forNode(node.child1()).filter(PredictCell);
// Sadly, we don't propagate the fact that we've done CheckHasInstance
break;
case InstanceOf:
+ node.setCanExit(true);
// Again, sadly, we don't propagate the fact that we've done InstanceOf
if (!(m_graph[node.child1()].prediction() & ~PredictCell) && !(forNode(node.child1()).m_type & ~PredictCell))
forNode(node.child1()).filter(PredictCell);
@@ -997,9 +1529,11 @@ bool AbstractState::execute(unsigned indexInBlock)
case Phi:
case Flush:
+ node.setCanExit(false);
break;
case Breakpoint:
+ node.setCanExit(false);
break;
case Call:
@@ -1008,17 +1542,20 @@ bool AbstractState::execute(unsigned indexInBlock)
case ResolveBase:
case ResolveBaseStrictPut:
case ResolveGlobal:
+ node.setCanExit(true);
clobberStructures(indexInBlock);
forNode(nodeIndex).makeTop();
break;
case ForceOSRExit:
+ node.setCanExit(true);
m_isValid = false;
break;
case Phantom:
case InlineStart:
case Nop:
+ node.setCanExit(false);
break;
case LastNodeType:
@@ -1065,7 +1602,9 @@ inline bool AbstractState::mergeStateAtTail(AbstractValue& destination, Abstract
// The block transfers the value from head to tail.
source = inVariable;
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
- dataLog(" Transfering from head to tail.\n");
+ dataLog(" Transfering ");
+ source.dump(WTF::dataFile());
+ dataLog(" from head to tail.\n");
#endif
break;
@@ -1073,7 +1612,9 @@ inline bool AbstractState::mergeStateAtTail(AbstractValue& destination, Abstract
// The block refines the value with additional speculations.
source = forNode(nodeIndex);
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
- dataLog(" Refining.\n");
+ dataLog(" Refining to ");
+ source.dump(WTF::dataFile());
+ dataLog("\n");
#endif
break;
@@ -1085,7 +1626,9 @@ inline bool AbstractState::mergeStateAtTail(AbstractValue& destination, Abstract
else
source = forNode(node.child1());
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
- dataLog(" Setting.\n");
+ dataLog(" Setting to ");
+ source.dump(WTF::dataFile());
+ dataLog("\n");
#endif
break;
@@ -1122,7 +1665,8 @@ inline bool AbstractState::merge(BasicBlock* from, BasicBlock* to)
for (size_t argument = 0; argument < from->variablesAtTail.numberOfArguments(); ++argument) {
AbstractValue& destination = to->valuesAtHead.argument(argument);
- if (m_graph.argumentIsCaptured(argument)) {
+ NodeIndex nodeIndex = from->variablesAtTail.argument(argument);
+ if (nodeIndex != NoNode && m_graph[nodeIndex].variableAccessData()->isCaptured()) {
if (destination.isTop())
continue;
destination.makeTop();
@@ -1134,7 +1678,8 @@ inline bool AbstractState::merge(BasicBlock* from, BasicBlock* to)
for (size_t local = 0; local < from->variablesAtTail.numberOfLocals(); ++local) {
AbstractValue& destination = to->valuesAtHead.local(local);
- if (m_graph.localIsCaptured(local)) {
+ NodeIndex nodeIndex = from->variablesAtTail.local(local);
+ if (nodeIndex != NoNode && m_graph[nodeIndex].variableAccessData()->isCaptured()) {
if (destination.isTop())
continue;
destination.makeTop();
@@ -1152,7 +1697,8 @@ inline bool AbstractState::merge(BasicBlock* from, BasicBlock* to)
return changed;
}
-inline bool AbstractState::mergeToSuccessors(Graph& graph, BasicBlock* basicBlock)
+inline bool AbstractState::mergeToSuccessors(
+ Graph& graph, BasicBlock* basicBlock, BranchDirection branchDirection)
{
PROFILE(FLAG_FOR_MERGE_TO_SUCCESSORS);
@@ -1161,16 +1707,34 @@ inline bool AbstractState::mergeToSuccessors(Graph& graph, BasicBlock* basicBloc
ASSERT(terminal.isTerminal());
switch (terminal.op()) {
- case Jump:
+ case Jump: {
+ ASSERT(branchDirection == InvalidBranchDirection);
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Merging to block #%u.\n", terminal.takenBlockIndex());
+#endif
return merge(basicBlock, graph.m_blocks[terminal.takenBlockIndex()].get());
+ }
- case Branch:
- return merge(basicBlock, graph.m_blocks[terminal.takenBlockIndex()].get())
- | merge(basicBlock, graph.m_blocks[terminal.notTakenBlockIndex()].get());
+ case Branch: {
+ ASSERT(branchDirection != InvalidBranchDirection);
+ bool changed = false;
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Merging to block #%u.\n", terminal.takenBlockIndex());
+#endif
+ if (branchDirection != TakeFalse)
+ changed |= merge(basicBlock, graph.m_blocks[terminal.takenBlockIndex()].get());
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Merging to block #%u.\n", terminal.notTakenBlockIndex());
+#endif
+ if (branchDirection != TakeTrue)
+ changed |= merge(basicBlock, graph.m_blocks[terminal.notTakenBlockIndex()].get());
+ return changed;
+ }
case Return:
case Throw:
case ThrowReferenceError:
+ ASSERT(branchDirection == InvalidBranchDirection);
return false;
default:
@@ -1191,7 +1755,6 @@ inline bool AbstractState::mergeVariableBetweenBlocks(AbstractValue& destination
return destination.merge(source);
}
-#ifndef NDEBUG
void AbstractState::dump(FILE* out)
{
bool first = true;
@@ -1208,7 +1771,6 @@ void AbstractState::dump(FILE* out)
value.dump(out);
}
}
-#endif
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.h b/Source/JavaScriptCore/dfg/DFGAbstractState.h
index 3325e0703..4ce3df19b 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractState.h
+++ b/Source/JavaScriptCore/dfg/DFGAbstractState.h
@@ -92,6 +92,36 @@ public:
MergeToSuccessors
};
+ enum BranchDirection {
+ // This is not a branch and so there is no branch direction, or
+ // the branch direction has yet to be set.
+ InvalidBranchDirection,
+
+ // The branch takes the true case.
+ TakeTrue,
+
+ // The branch takes the false case.
+ TakeFalse,
+
+ // For all we know, the branch could go either direction, so we
+ // have to assume the worst.
+ TakeBoth
+ };
+
+ static const char* branchDirectionToString(BranchDirection branchDirection)
+ {
+ switch (branchDirection) {
+ case InvalidBranchDirection:
+ return "Invalid";
+ case TakeTrue:
+ return "TakeTrue";
+ case TakeFalse:
+ return "TakeFalse";
+ case TakeBoth:
+ return "TakeBoth";
+ }
+ }
+
AbstractState(Graph&);
~AbstractState();
@@ -139,7 +169,11 @@ public:
// A true return means that you must revisit (at least) the successor
// blocks. This also sets cfaShouldRevisit to true for basic blocks
// that must be visited next.
- bool endBasicBlock(MergeMode);
+ //
+ // If you'd like to know what direction the branch at the end of the
+ // basic block is thought to have taken, you can pass a non-0 pointer
+ // for BranchDirection.
+ bool endBasicBlock(MergeMode, BranchDirection* = 0);
// Reset the AbstractState. This throws away any results, and at this point
// you can safely call beginBasicBlock() on any basic block.
@@ -169,11 +203,9 @@ public:
// successors. Returns true if any of the successors' states changed. Note
// that this is automatically called in endBasicBlock() if MergeMode is
// MergeToSuccessors.
- bool mergeToSuccessors(Graph&, BasicBlock*);
+ bool mergeToSuccessors(Graph&, BasicBlock*, BranchDirection);
-#ifndef NDEBUG
void dump(FILE* out);
-#endif
private:
void clobberStructures(unsigned);
@@ -182,6 +214,50 @@ private:
static bool mergeVariableBetweenBlocks(AbstractValue& destination, AbstractValue& source, NodeIndex destinationNodeIndex, NodeIndex sourceNodeIndex);
+ void speculateInt32Unary(Node& node, bool forceCanExit = false)
+ {
+ AbstractValue& childValue = forNode(node.child1());
+ node.setCanExit(forceCanExit || !isInt32Prediction(childValue.m_type));
+ childValue.filter(PredictInt32);
+ }
+
+ void speculateNumberUnary(Node& node)
+ {
+ AbstractValue& childValue = forNode(node.child1());
+ node.setCanExit(!isNumberPrediction(childValue.m_type));
+ childValue.filter(PredictNumber);
+ }
+
+ void speculateBooleanUnary(Node& node)
+ {
+ AbstractValue& childValue = forNode(node.child1());
+ node.setCanExit(!isBooleanPrediction(childValue.m_type));
+ childValue.filter(PredictBoolean);
+ }
+
+ void speculateInt32Binary(Node& node, bool forceCanExit = false)
+ {
+ AbstractValue& childValue1 = forNode(node.child1());
+ AbstractValue& childValue2 = forNode(node.child2());
+ node.setCanExit(
+ forceCanExit
+ || !isInt32Prediction(childValue1.m_type)
+ || !isInt32Prediction(childValue2.m_type));
+ childValue1.filter(PredictInt32);
+ childValue2.filter(PredictInt32);
+ }
+
+ void speculateNumberBinary(Node& node)
+ {
+ AbstractValue& childValue1 = forNode(node.child1());
+ AbstractValue& childValue2 = forNode(node.child2());
+ node.setCanExit(
+ !isNumberPrediction(childValue1.m_type)
+ || !isNumberPrediction(childValue2.m_type));
+ childValue1.filter(PredictNumber);
+ childValue2.filter(PredictNumber);
+ }
+
CodeBlock* m_codeBlock;
Graph& m_graph;
@@ -189,8 +265,11 @@ private:
Operands<AbstractValue> m_variables;
BasicBlock* m_block;
bool m_haveStructures;
+ bool m_foundConstants;
bool m_isValid;
+
+ BranchDirection m_branchDirection; // This is only set for blocks that end in Branch and that execute to completion (i.e. m_isValid == true).
};
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGAbstractValue.h b/Source/JavaScriptCore/dfg/DFGAbstractValue.h
index 682c7a90f..c61a383eb 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractValue.h
+++ b/Source/JavaScriptCore/dfg/DFGAbstractValue.h
@@ -317,18 +317,23 @@ struct AbstractValue {
{
m_type = PredictNone;
m_structure.clear();
+ m_value = JSValue();
checkConsistency();
}
- bool isClear()
+ bool isClear() const
{
- return m_type == PredictNone && m_structure.isClear();
+ bool result = m_type == PredictNone && m_structure.isClear();
+ if (result)
+ ASSERT(!m_value);
+ return result;
}
void makeTop()
{
m_type = PredictTop;
m_structure.makeTop();
+ m_value = JSValue();
checkConsistency();
}
@@ -341,11 +346,26 @@ struct AbstractValue {
checkConsistency();
}
+ void clobberValue()
+ {
+ m_value = JSValue();
+ }
+
bool isTop() const
{
return m_type == PredictTop && m_structure.isTop();
}
+ bool valueIsTop() const
+ {
+ return !m_value && m_type;
+ }
+
+ JSValue value() const
+ {
+ return m_value;
+ }
+
static AbstractValue top()
{
AbstractValue result;
@@ -355,11 +375,19 @@ struct AbstractValue {
void set(JSValue value)
{
- m_structure.clear();
- if (value.isCell())
- m_structure.add(value.asCell()->structure());
+ if (!!value && value.isCell()) {
+ // Have to be careful here! It's tempting to set the structure to the
+ // value's structure, but that would be wrong, since that would
+ // constitute a proof that this value will always have the same
+ // structure. The whole point of a value having a structure is that
+ // it may change in the future - for example between when we compile
+ // the code and when we run it.
+ m_structure.makeTop();
+ } else
+ m_structure.clear();
m_type = predictionFromValue(value);
+ m_value = value;
checkConsistency();
}
@@ -370,6 +398,7 @@ struct AbstractValue {
m_structure.add(structure);
m_type = predictionFromStructure(structure);
+ m_value = JSValue();
checkConsistency();
}
@@ -381,18 +410,40 @@ struct AbstractValue {
else
m_structure.clear();
m_type = type;
+ m_value = JSValue();
checkConsistency();
}
bool operator==(const AbstractValue& other) const
{
- return m_type == other.m_type && m_structure == other.m_structure;
+ return m_type == other.m_type
+ && m_structure == other.m_structure
+ && m_value == other.m_value;
+ }
+ bool operator!=(const AbstractValue& other) const
+ {
+ return !(*this == other);
}
bool merge(const AbstractValue& other)
{
- bool result = mergePrediction(m_type, other.m_type) | m_structure.addAll(other.m_structure);
+#if !ASSERT_DISABLED
+ AbstractValue oldMe = *this;
+#endif
+ bool result = false;
+ if (isClear()) {
+ *this = other;
+ result = !other.isClear();
+ } else {
+ result |= mergePrediction(m_type, other.m_type);
+ result |= m_structure.addAll(other.m_structure);
+ if (m_value != other.m_value) {
+ result |= !!m_value;
+ m_value = JSValue();
+ }
+ }
checkConsistency();
+ ASSERT(result == (*this != oldMe));
return result;
}
@@ -402,6 +453,7 @@ struct AbstractValue {
if (type & PredictCell)
m_structure.makeTop();
+ m_value = JSValue();
checkConsistency();
}
@@ -417,6 +469,10 @@ struct AbstractValue {
// sure that new information gleaned from the PredictedType needs to be fed back
// into the information gleaned from the StructureSet.
m_structure.filter(m_type);
+
+ if (!!m_value && !validateIgnoringValue(m_value))
+ clear();
+
checkConsistency();
}
@@ -431,14 +487,45 @@ struct AbstractValue {
// to ensure that the structure filtering does the right thing is to filter on
// the new type (None) rather than the one passed (Array).
m_structure.filter(m_type);
+
+ if (!!m_value && !validateIgnoringValue(m_value))
+ clear();
+
checkConsistency();
}
+ bool validateIgnoringValue(JSValue value) const
+ {
+ if (isTop())
+ return true;
+
+ if (mergePredictions(m_type, predictionFromValue(value)) != m_type)
+ return false;
+
+ if (value.isEmpty()) {
+ ASSERT(m_type & PredictEmpty);
+ return true;
+ }
+
+ if (m_structure.isTop())
+ return true;
+
+ if (!!value && value.isCell()) {
+ ASSERT(m_type & PredictCell);
+ return m_structure.contains(value.asCell()->structure());
+ }
+
+ return true;
+ }
+
bool validate(JSValue value) const
{
if (isTop())
return true;
+ if (!!m_value)
+ return m_value == value;
+
if (mergePredictions(m_type, predictionFromValue(value)) != m_type)
return false;
@@ -450,7 +537,7 @@ struct AbstractValue {
if (m_structure.isTop())
return true;
- if (value.isCell()) {
+ if (!!value && value.isCell()) {
ASSERT(m_type & PredictCell);
return m_structure.contains(value.asCell()->structure());
}
@@ -463,6 +550,12 @@ struct AbstractValue {
if (!(m_type & PredictCell))
ASSERT(m_structure.isClear());
+ if (isClear())
+ ASSERT(!m_value);
+
+ if (!!m_value)
+ ASSERT(mergePredictions(m_type, predictionFromValue(m_value)) == m_type);
+
// Note that it's possible for a prediction like (Final, []). This really means that
// the value is bottom and that any code that uses the value is unreachable. But
// we don't want to get pedantic about this as it would only increase the computational
@@ -473,11 +566,14 @@ struct AbstractValue {
{
fprintf(out, "(%s, ", predictionToString(m_type));
m_structure.dump(out);
+ if (!!m_value)
+ fprintf(out, ", %s", m_value.description());
fprintf(out, ")");
}
StructureAbstractValue m_structure;
PredictedType m_type;
+ JSValue m_value;
};
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGAdjacencyList.h b/Source/JavaScriptCore/dfg/DFGAdjacencyList.h
index e2b096bf4..a59223b05 100644
--- a/Source/JavaScriptCore/dfg/DFGAdjacencyList.h
+++ b/Source/JavaScriptCore/dfg/DFGAdjacencyList.h
@@ -41,7 +41,9 @@ public:
Fixed,
Variable
};
-
+
+ enum { Size = 3 };
+
AdjacencyList(Kind kind)
#if !ASSERT_DISABLED
: m_kind(kind)
@@ -74,21 +76,21 @@ public:
const Edge& child(unsigned i) const
{
- ASSERT(i < 3);
+ ASSERT(i < Size);
ASSERT(m_kind == Fixed);
return m_words[i];
}
Edge& child(unsigned i)
{
- ASSERT(i < 3);
+ ASSERT(i < Size);
ASSERT(m_kind == Fixed);
return m_words[i];
}
void setChild(unsigned i, Edge nodeUse)
{
- ASSERT(i < 30);
+ ASSERT(i < Size);
ASSERT(m_kind == Fixed);
m_words[i] = nodeUse;
}
@@ -114,10 +116,27 @@ public:
child(2) = child3;
}
- void initialize(NodeIndex child1, NodeIndex child2, NodeIndex child3)
+ void initialize(NodeIndex child1 = NoNode, NodeIndex child2 = NoNode, NodeIndex child3 = NoNode)
{
initialize(Edge(child1), Edge(child2), Edge(child3));
}
+
+ void reset()
+ {
+#if !ASSERT_DISABLED
+ m_kind = Fixed;
+#endif
+ initialize();
+ }
+
+ // Call this if you wish to remove an edge and the node treats the list of children
+ // as a "bag" - an unordered set where the index of the edge does not matter.
+ void removeEdgeFromBag(unsigned edgeIndex)
+ {
+ for (unsigned i = edgeIndex; i < Size - 1; ++i)
+ setChild(i, child(i + 1));
+ setChild(Size - 1, Edge());
+ }
unsigned firstChild() const
{
@@ -142,7 +161,7 @@ public:
}
private:
- Edge m_words[3];
+ Edge m_words[Size];
#if !ASSERT_DISABLED
Kind m_kind;
#endif
diff --git a/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp
new file mode 100644
index 000000000..5ab515bd7
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp
@@ -0,0 +1,750 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGArgumentsSimplificationPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGAbstractState.h"
+#include "DFGBasicBlock.h"
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+#include "DFGPhase.h"
+#include "DFGValidate.h"
+#include <wtf/HashSet.h>
+#include <wtf/HashMap.h>
+
+namespace JSC { namespace DFG {
+
+namespace {
+
+template<typename T>
+struct NullableHashTraits : public HashTraits<T> {
+ static const bool emptyValueIsZero = false;
+ static T emptyValue() { return reinterpret_cast<T>(1); }
+};
+
+struct ArgumentsAliasingData {
+ InlineCallFrame* callContext;
+ bool callContextSet;
+ bool multipleCallContexts;
+
+ bool assignedFromArguments;
+ bool assignedFromManyThings;
+
+ bool escapes;
+
+ ArgumentsAliasingData()
+ : callContext(0)
+ , callContextSet(false)
+ , multipleCallContexts(false)
+ , assignedFromArguments(false)
+ , assignedFromManyThings(false)
+ , escapes(false)
+ {
+ }
+
+ void mergeCallContext(InlineCallFrame* newCallContext)
+ {
+ if (multipleCallContexts)
+ return;
+
+ if (!callContextSet) {
+ callContext = newCallContext;
+ callContextSet = true;
+ return;
+ }
+
+ if (callContext == newCallContext)
+ return;
+
+ multipleCallContexts = true;
+ }
+
+ bool callContextIsValid()
+ {
+ return callContextSet && !multipleCallContexts;
+ }
+
+ void mergeArgumentsAssignment()
+ {
+ assignedFromArguments = true;
+ }
+
+ void mergeNonArgumentsAssignment()
+ {
+ assignedFromManyThings = true;
+ }
+
+ bool argumentsAssignmentIsValid()
+ {
+ return assignedFromArguments && !assignedFromManyThings;
+ }
+
+ bool isValid()
+ {
+ return callContextIsValid() && argumentsAssignmentIsValid() && !escapes;
+ }
+};
+
+} // end anonymous namespace
+
+class ArgumentsSimplificationPhase : public Phase {
+public:
+ ArgumentsSimplificationPhase(Graph& graph)
+ : Phase(graph, "arguments simplification")
+ {
+ }
+
+ bool run()
+ {
+ if (!m_graph.m_hasArguments)
+ return false;
+
+ bool changed = false;
+
+ // Record which arguments are known to escape no matter what.
+ for (unsigned i = codeBlock()->inlineCallFrames().size(); i--;) {
+ InlineCallFrame* inlineCallFrame = &codeBlock()->inlineCallFrames()[i];
+ if (m_graph.m_executablesWhoseArgumentsEscaped.contains(
+ m_graph.executableFor(inlineCallFrame)))
+ m_createsArguments.add(inlineCallFrame);
+ }
+
+ // Create data for variable access datas that we will want to analyze.
+ for (unsigned i = m_graph.m_variableAccessData.size(); i--;) {
+ VariableAccessData* variableAccessData = &m_graph.m_variableAccessData[i];
+ if (!variableAccessData->isRoot())
+ continue;
+ if (variableAccessData->isCaptured())
+ continue;
+ m_argumentsAliasing.add(variableAccessData, ArgumentsAliasingData());
+ }
+
+ // Figure out which variables alias the arguments and nothing else, and are
+ // used only for GetByVal and GetArgumentsLength accesses. At the same time,
+ // identify uses of CreateArguments that are not consistent with the arguments
+ // being aliased only to variables that satisfy these constraints.
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
+ NodeIndex nodeIndex = block->at(indexInBlock);
+ Node& node = m_graph[nodeIndex];
+ if (!node.shouldGenerate())
+ continue;
+ switch (node.op()) {
+ case CreateArguments: {
+ // Ignore this op. If we see a lone CreateArguments then we want to
+ // completely ignore it because:
+ // 1) The default would be to see that the child is a GetLocal on the
+ // arguments register and conclude that we have an arguments escape.
+ // 2) The fact that a CreateArguments exists does not mean that it
+ // will continue to exist after we're done with this phase. As far
+ // as this phase is concerned, a CreateArguments only "exists" if it
+ // is used in a manner that necessitates its existance.
+ break;
+ }
+
+ case SetLocal: {
+ Node& source = m_graph[node.child1()];
+ VariableAccessData* variableAccessData = node.variableAccessData();
+ if (source.op() != CreateArguments) {
+ // Make sure that the source of the SetLocal knows that if it's
+ // a variable that we think is aliased to the arguments, then it
+ // may escape at this point. In future, we could track transitive
+ // aliasing. But not yet.
+ observeBadArgumentsUse(node.child1());
+
+ if (variableAccessData->isCaptured())
+ break;
+
+ // Make sure that if it's a variable that we think is aliased to
+ // the arguments, that we know that it might actually not be.
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ data.mergeNonArgumentsAssignment();
+ data.mergeCallContext(node.codeOrigin.inlineCallFrame);
+ break;
+ }
+ int argumentsRegister =
+ m_graph.uncheckedArgumentsRegisterFor(node.codeOrigin);
+ if (variableAccessData->local() == argumentsRegister
+ || variableAccessData->local() ==
+ unmodifiedArgumentsRegister(argumentsRegister)) {
+ if (node.codeOrigin.inlineCallFrame == source.codeOrigin.inlineCallFrame)
+ break;
+ m_createsArguments.add(source.codeOrigin.inlineCallFrame);
+ break;
+ }
+ if (variableAccessData->isCaptured()) {
+ m_createsArguments.add(source.codeOrigin.inlineCallFrame);
+ break;
+ }
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ data.mergeArgumentsAssignment();
+ // This ensures that the variable's uses are in the same context as
+ // the arguments it is aliasing.
+ data.mergeCallContext(node.codeOrigin.inlineCallFrame);
+ data.mergeCallContext(source.codeOrigin.inlineCallFrame);
+ break;
+ }
+
+ case GetLocal:
+ case Phi: {
+ VariableAccessData* variableAccessData = node.variableAccessData();
+ if (variableAccessData->isCaptured())
+ break;
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ data.mergeCallContext(node.codeOrigin.inlineCallFrame);
+ break;
+ }
+
+ case Flush: {
+ VariableAccessData* variableAccessData = node.variableAccessData();
+ if (variableAccessData->isCaptured())
+ break;
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ data.mergeCallContext(node.codeOrigin.inlineCallFrame);
+
+ // If a variable is used in a flush then by definition it escapes.
+ data.escapes = true;
+ break;
+ }
+
+ case SetArgument: {
+ VariableAccessData* variableAccessData = node.variableAccessData();
+ if (variableAccessData->isCaptured())
+ break;
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ data.mergeNonArgumentsAssignment();
+ data.mergeCallContext(node.codeOrigin.inlineCallFrame);
+ break;
+ }
+
+ case GetByVal: {
+ if (!node.prediction()
+ || !m_graph[node.child1()].prediction()
+ || !m_graph[node.child2()].prediction()) {
+ observeBadArgumentsUses(node);
+ break;
+ }
+
+ if (!isActionableArrayPrediction(m_graph[node.child1()].prediction())
+ || !m_graph[node.child2()].shouldSpeculateInteger()) {
+ observeBadArgumentsUses(node);
+ break;
+ }
+
+ if (m_graph[node.child1()].shouldSpeculateArguments()) {
+ // If arguments is used as an index, then it's an escaping use.
+ // That's so awful and pretty much impossible since it would
+ // imply that the arguments were predicted integer, but it's
+ // good to be defensive and thorough.
+ observeBadArgumentsUse(node.child2());
+ observeProperArgumentsUse(node, node.child1());
+ break;
+ }
+
+ observeBadArgumentsUses(node);
+ break;
+ }
+
+ case GetArgumentsLength: {
+ observeProperArgumentsUse(node, node.child1());
+ break;
+ }
+
+ default:
+ observeBadArgumentsUses(node);
+ break;
+ }
+ }
+ }
+
+ // Now we know which variables are aliased to arguments. But if any of them are
+ // found to have escaped, or were otherwise invalidated, then we need to mark
+ // the arguments as requiring creation. This is a property of SetLocals to
+ // variables that are neither the correct arguments register nor are marked as
+ // being arguments-aliased.
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
+ NodeIndex nodeIndex = block->at(indexInBlock);
+ Node& node = m_graph[nodeIndex];
+ if (!node.shouldGenerate())
+ continue;
+ if (node.op() != SetLocal)
+ continue;
+ Node& source = m_graph[node.child1()];
+ if (source.op() != CreateArguments)
+ continue;
+ VariableAccessData* variableAccessData = node.variableAccessData();
+ if (variableAccessData->isCaptured()) {
+ // The captured case would have already been taken care of in the
+ // previous pass.
+ continue;
+ }
+
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ if (data.isValid())
+ continue;
+
+ m_createsArguments.add(source.codeOrigin.inlineCallFrame);
+ }
+ }
+
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("Arguments aliasing states:\n");
+ for (unsigned i = 0; i < m_graph.m_variableAccessData.size(); ++i) {
+ VariableAccessData* variableAccessData = &m_graph.m_variableAccessData[i];
+ if (!variableAccessData->isRoot())
+ continue;
+ dataLog(" r%d(%s): ", variableAccessData->local(), m_graph.nameOfVariableAccessData(variableAccessData));
+ if (variableAccessData->isCaptured())
+ dataLog("Captured");
+ else {
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ bool first = true;
+ if (data.callContextIsValid()) {
+ if (!first)
+ dataLog(", ");
+ dataLog("Have Call Context: %p", data.callContext);
+ first = false;
+ if (!m_createsArguments.contains(data.callContext))
+ dataLog(" (Does Not Create Arguments)");
+ }
+ if (data.argumentsAssignmentIsValid()) {
+ if (!first)
+ dataLog(", ");
+ dataLog("Arguments Assignment Is Valid");
+ first = false;
+ }
+ if (!data.escapes) {
+ if (!first)
+ dataLog(", ");
+ dataLog("Does Not Escape");
+ first = false;
+ }
+ if (!first)
+ dataLog(", ");
+ if (data.isValid()) {
+ if (m_createsArguments.contains(data.callContext))
+ dataLog("VALID");
+ else
+ dataLog("INVALID (due to argument creation)");
+ } else
+ dataLog("INVALID (due to bad variable use)");
+ }
+ dataLog("\n");
+ }
+#endif
+
+ InsertionSet<NodeIndex> insertionSet;
+
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
+ NodeIndex nodeIndex = block->at(indexInBlock);
+ Node& node = m_graph[nodeIndex];
+ if (!node.shouldGenerate())
+ continue;
+
+ switch (node.op()) {
+ case SetLocal: {
+ Node& source = m_graph[node.child1()];
+ if (source.op() != CreateArguments)
+ break;
+
+ VariableAccessData* variableAccessData = node.variableAccessData();
+
+ // If this is a store into the arguments register for an InlineCallFrame*
+ // that does not create arguments, then kill it.
+ int argumentsRegister =
+ m_graph.uncheckedArgumentsRegisterFor(node.codeOrigin);
+ if ((variableAccessData->local() == argumentsRegister
+ || variableAccessData->local()
+ == unmodifiedArgumentsRegister(argumentsRegister))
+ && !m_createsArguments.contains(source.codeOrigin.inlineCallFrame)) {
+ // Find the Flush. It should be the next instruction.
+ Node& flush = m_graph[block->at(indexInBlock + 1)];
+ ASSERT(flush.op() == Flush);
+ ASSERT(flush.variableAccessData() == variableAccessData);
+ ASSERT(flush.child1() == nodeIndex);
+ // Be defensive in release mode.
+ if (flush.op() != Flush
+ || flush.variableAccessData() != variableAccessData
+ || flush.child1() != nodeIndex)
+ break;
+ flush.setOpAndDefaultFlags(Nop);
+ m_graph.clearAndDerefChild1(flush);
+ flush.setRefCount(0);
+ changed = true;
+ break;
+ }
+
+ if (variableAccessData->isCaptured())
+ break;
+
+ // If this is a store into a VariableAccessData* that is marked as
+ // arguments aliasing for an InlineCallFrame* that does not create
+ // arguments, then flag the VariableAccessData as being an
+ // arguments-aliased. This'll let the OSR exit machinery do the right
+ // things. Note also that the SetLocal should become dead as soon as
+ // we replace all uses of this variable with GetMyArgumentsLength and
+ // GetMyArgumentByVal.
+ if (m_argumentsAliasing.find(variableAccessData)->second.isValid()
+ && !m_createsArguments.contains(source.codeOrigin.inlineCallFrame)) {
+ changed |= variableAccessData->mergeIsArgumentsAlias(true);
+ break;
+ }
+ break;
+ }
+
+ case Phantom: {
+ // It's highly likely that we will have a Phantom referencing either
+ // CreateArguments, or a local op for the arguments register, or a
+ // local op for an arguments-aliased variable. In any of those cases,
+ // we should remove the phantom reference, since:
+ // 1) Phantoms only exist to aid OSR exit. But arguments simplification
+ // has its own OSR exit story, which is to inform OSR exit to reify
+ // the arguments as necessary.
+ // 2) The Phantom may keep the CreateArguments node alive, which is
+ // precisely what we don't want.
+ for (unsigned i = 0; i < AdjacencyList::Size; ++i)
+ removeArgumentsReferencingPhantomChild(node, i);
+ break;
+ }
+
+ case GetByVal: {
+ if (!node.prediction()
+ || !m_graph[node.child1()].prediction()
+ || !m_graph[node.child2()].prediction())
+ break;
+
+ if (!isActionableArrayPrediction(m_graph[node.child1()].prediction())
+ || !m_graph[node.child2()].shouldSpeculateInteger())
+ break;
+
+ if (m_graph[node.child1()].shouldSpeculateArguments()) {
+ // This can be simplified to GetMyArgumentByVal if we know that
+ // it satisfies either condition (1) or (2):
+ // 1) Its first child is a valid ArgumentsAliasingData and the
+ // InlineCallFrame* is not marked as creating arguments.
+ // 2) Its first child is CreateArguments and its InlineCallFrame*
+ // is not marked as creating arguments.
+
+ if (!isOKToOptimize(m_graph[node.child1()]))
+ break;
+
+ m_graph.deref(node.child1());
+ node.children.child1() = node.children.child2();
+ node.children.child2() = Edge();
+ node.setOpAndDefaultFlags(GetMyArgumentByVal);
+ changed = true;
+ --indexInBlock; // Force reconsideration of this op now that it's a GetMyArgumentByVal.
+ break;
+ }
+ break;
+ }
+
+ case GetArgumentsLength: {
+ if (!isOKToOptimize(m_graph[node.child1()]))
+ break;
+
+ m_graph.deref(node.child1());
+ node.children.child1() = Edge();
+ node.setOpAndDefaultFlags(GetMyArgumentsLength);
+ changed = true;
+ --indexInBlock; // Force reconsideration of this op noew that it's a GetMyArgumentsLength.
+ break;
+ }
+
+ case GetMyArgumentsLength:
+ case GetMyArgumentsLengthSafe: {
+ if (m_createsArguments.contains(node.codeOrigin.inlineCallFrame)) {
+ ASSERT(node.op() == GetMyArgumentsLengthSafe);
+ break;
+ }
+ if (node.op() == GetMyArgumentsLengthSafe) {
+ node.setOp(GetMyArgumentsLength);
+ changed = true;
+ }
+ if (!node.codeOrigin.inlineCallFrame)
+ break;
+
+ // We know exactly what this will return. But only after we have checked
+ // that nobody has escaped our arguments.
+ Node check(CheckArgumentsNotCreated, node.codeOrigin);
+ check.ref();
+ NodeIndex checkIndex = m_graph.size();
+ m_graph.append(check);
+ insertionSet.append(indexInBlock, checkIndex);
+
+ m_graph.convertToConstant(
+ nodeIndex, jsNumber(node.codeOrigin.inlineCallFrame->arguments.size() - 1));
+ changed = true;
+ break;
+ }
+
+ case GetMyArgumentByVal:
+ case GetMyArgumentByValSafe: {
+ if (m_createsArguments.contains(node.codeOrigin.inlineCallFrame)) {
+ ASSERT(node.op() == GetMyArgumentByValSafe);
+ break;
+ }
+ if (node.op() == GetMyArgumentByValSafe) {
+ node.setOp(GetMyArgumentByVal);
+ changed = true;
+ }
+ if (!node.codeOrigin.inlineCallFrame)
+ break;
+ if (!m_graph[node.child1()].hasConstant())
+ break;
+ JSValue value = m_graph[node.child1()].valueOfJSConstant(codeBlock());
+ if (!value.isInt32())
+ break;
+ int32_t index = value.asInt32();
+ if (index < 0
+ || static_cast<size_t>(index + 1) >=
+ node.codeOrigin.inlineCallFrame->arguments.size())
+ break;
+
+ // We know which argument this is accessing. But only after we have checked
+ // that nobody has escaped our arguments. We also need to ensure that the
+ // index is kept alive. That's somewhat pointless since it's a constant, but
+ // it's important because this is one of those invariants that we like to
+ // have in the DFG. Note finally that we use the GetLocalUnlinked opcode
+ // here, since this is being done _after_ the prediction propagation phase
+ // has run - therefore it makes little sense to link the GetLocal operation
+ // into the VariableAccessData and Phi graphs.
+
+ Node check(CheckArgumentsNotCreated, node.codeOrigin);
+ check.ref();
+
+ Node phantom(Phantom, node.codeOrigin);
+ phantom.ref();
+ phantom.children = node.children;
+
+ node.convertToGetLocalUnlinked(
+ static_cast<VirtualRegister>(
+ node.codeOrigin.inlineCallFrame->stackOffset +
+ argumentToOperand(index + 1)));
+
+ NodeIndex checkNodeIndex = m_graph.size();
+ m_graph.append(check);
+ insertionSet.append(indexInBlock, checkNodeIndex);
+ NodeIndex phantomNodeIndex = m_graph.size();
+ m_graph.append(phantom);
+ insertionSet.append(indexInBlock, phantomNodeIndex);
+
+ changed = true;
+ break;
+ }
+
+ default:
+ break;
+ }
+ }
+ insertionSet.execute(*block);
+ }
+
+ if (changed)
+ m_graph.collectGarbage();
+
+ return changed;
+ }
+
+private:
+ HashSet<InlineCallFrame*,
+ DefaultHash<InlineCallFrame*>::Hash,
+ NullableHashTraits<InlineCallFrame*> > m_createsArguments;
+ HashMap<VariableAccessData*, ArgumentsAliasingData,
+ DefaultHash<VariableAccessData*>::Hash,
+ NullableHashTraits<VariableAccessData*> > m_argumentsAliasing;
+
+ void observeBadArgumentsUse(Edge edge)
+ {
+ if (!edge)
+ return;
+
+ Node& child = m_graph[edge];
+ switch (child.op()) {
+ case CreateArguments: {
+ m_createsArguments.add(child.codeOrigin.inlineCallFrame);
+ break;
+ }
+
+ case GetLocal: {
+ if (child.local() == m_graph.uncheckedArgumentsRegisterFor(child.codeOrigin)) {
+ m_createsArguments.add(child.codeOrigin.inlineCallFrame);
+ break;
+ }
+
+ VariableAccessData* variableAccessData = child.variableAccessData();
+ if (variableAccessData->isCaptured())
+ break;
+
+ ArgumentsAliasingData& data = m_argumentsAliasing.find(variableAccessData)->second;
+ data.escapes = true;
+ break;
+ }
+
+ default:
+ break;
+ }
+ }
+
+ void observeBadArgumentsUses(Node& node)
+ {
+ for (unsigned i = m_graph.numChildren(node); i--;)
+ observeBadArgumentsUse(m_graph.child(node, i));
+ }
+
+ void observeProperArgumentsUse(Node& node, Edge edge)
+ {
+ Node& child = m_graph[edge];
+ if (child.op() != GetLocal) {
+ // When can this happen? At least two cases that I can think
+ // of:
+ //
+ // 1) Aliased use of arguments in the same basic block,
+ // like:
+ //
+ // var a = arguments;
+ // var x = arguments[i];
+ //
+ // 2) If we're accessing arguments we got from the heap!
+
+ if (child.op() == CreateArguments
+ && node.codeOrigin.inlineCallFrame
+ != child.codeOrigin.inlineCallFrame)
+ m_createsArguments.add(child.codeOrigin.inlineCallFrame);
+
+ return;
+ }
+
+ VariableAccessData* variableAccessData = child.variableAccessData();
+ if (variableAccessData->isCaptured())
+ return;
+
+ ArgumentsAliasingData& data = m_argumentsAliasing.find(variableAccessData)->second;
+ data.mergeCallContext(node.codeOrigin.inlineCallFrame);
+ }
+
+ bool isOKToOptimize(Node& source)
+ {
+ switch (source.op()) {
+ case GetLocal: {
+ VariableAccessData* variableAccessData = source.variableAccessData();
+ if (variableAccessData->isCaptured())
+ break;
+ ArgumentsAliasingData& data =
+ m_argumentsAliasing.find(variableAccessData)->second;
+ if (!data.isValid())
+ break;
+ if (m_createsArguments.contains(source.codeOrigin.inlineCallFrame))
+ break;
+
+ return true;
+ }
+
+ case CreateArguments: {
+ if (m_createsArguments.contains(source.codeOrigin.inlineCallFrame))
+ break;
+
+ return true;
+ }
+
+ default:
+ break;
+ }
+
+ return false;
+ }
+
+ void removeArgumentsReferencingPhantomChild(Node& node, unsigned edgeIndex)
+ {
+ Edge edge = node.children.child(edgeIndex);
+ if (!edge)
+ return;
+
+ Node& child = m_graph[edge];
+ switch (child.op()) {
+ case Phi: // Arises if we had CSE on a GetLocal of the arguments register.
+ case GetLocal: // Arises if we had CSE on an arguments access to a variable aliased to the arguments.
+ case SetLocal: { // Arises if we had CSE on a GetLocal of the arguments register.
+ VariableAccessData* variableAccessData = child.variableAccessData();
+ bool isDeadArgumentsRegister =
+ variableAccessData->local() ==
+ m_graph.uncheckedArgumentsRegisterFor(child.codeOrigin)
+ && !m_createsArguments.contains(child.codeOrigin.inlineCallFrame);
+ bool isAliasedArgumentsRegister =
+ !variableAccessData->isCaptured()
+ && m_argumentsAliasing.find(variableAccessData)->second.isValid()
+ && !m_createsArguments.contains(child.codeOrigin.inlineCallFrame);
+ if (!isDeadArgumentsRegister && !isAliasedArgumentsRegister)
+ break;
+ m_graph.deref(edge);
+ node.children.removeEdgeFromBag(edgeIndex);
+ break;
+ }
+
+ case CreateArguments: { // Arises if we CSE two GetLocals to the arguments register and then CSE the second use of the GetLocal to the first.
+ if (m_createsArguments.contains(child.codeOrigin.inlineCallFrame))
+ break;
+ m_graph.deref(edge);
+ node.children.removeEdgeFromBag(edgeIndex);
+ break;
+ }
+
+ default:
+ break;
+ }
+ }
+};
+
+bool performArgumentsSimplification(Graph& graph)
+{
+ return runPhase<ArgumentsSimplificationPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+
diff --git a/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h b/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h
new file mode 100644
index 000000000..e8a24019e
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGArgumentsSimplificationPhase_h
+#define DFGArgumentsSimplificationPhase_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+// Simplifies reflective uses of the Arguments object:
+//
+// Inlined arguments.length -> constant
+// Inlined arguments[constant] -> GetLocalUnlinked
+
+bool performArgumentsSimplification(Graph&);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGArgumentsSimplificationPhase_h
+
diff --git a/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp b/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp
index 15f6d19a5..7799ee505 100644
--- a/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp
+++ b/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp
@@ -32,6 +32,14 @@ namespace JSC { namespace DFG {
const double AssemblyHelpers::twoToThe32 = (double)0x100000000ull;
+ExecutableBase* AssemblyHelpers::executableFor(const CodeOrigin& codeOrigin)
+{
+ if (!codeOrigin.inlineCallFrame)
+ return m_codeBlock->ownerExecutable();
+
+ return codeOrigin.inlineCallFrame->executable.get();
+}
+
Vector<BytecodeAndMachineOffset>& AssemblyHelpers::decodedCodeMapFor(CodeBlock* codeBlock)
{
ASSERT(codeBlock == codeBlock->baselineVersion());
diff --git a/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h b/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h
index e7a3132f3..9087eec57 100644
--- a/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h
+++ b/Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h
@@ -134,16 +134,28 @@ public:
{
return Address(GPRInfo::callFrameRegister, virtualRegister * sizeof(Register));
}
+ static Address addressFor(int operand)
+ {
+ return addressFor(static_cast<VirtualRegister>(operand));
+ }
static Address tagFor(VirtualRegister virtualRegister)
{
return Address(GPRInfo::callFrameRegister, virtualRegister * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
}
+ static Address tagFor(int operand)
+ {
+ return tagFor(static_cast<VirtualRegister>(operand));
+ }
static Address payloadFor(VirtualRegister virtualRegister)
{
return Address(GPRInfo::callFrameRegister, virtualRegister * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
}
+ static Address payloadFor(int operand)
+ {
+ return payloadFor(static_cast<VirtualRegister>(operand));
+ }
Jump branchIfNotObject(GPRReg structureReg)
{
@@ -170,14 +182,21 @@ public:
// Add a debug call. This call has no effect on JIT code execution state.
void debugCall(V_DFGDebugOperation_EP function, void* argument)
{
- EncodedJSValue* buffer = static_cast<EncodedJSValue*>(m_globalData->scratchBufferForSize(sizeof(EncodedJSValue) * (GPRInfo::numberOfRegisters + FPRInfo::numberOfRegisters)));
-
+ size_t scratchSize = sizeof(EncodedJSValue) * (GPRInfo::numberOfRegisters + FPRInfo::numberOfRegisters);
+ ScratchBuffer* scratchBuffer = m_globalData->scratchBufferForSize(scratchSize);
+ EncodedJSValue* buffer = static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer());
+
for (unsigned i = 0; i < GPRInfo::numberOfRegisters; ++i)
storePtr(GPRInfo::toRegister(i), buffer + i);
for (unsigned i = 0; i < FPRInfo::numberOfRegisters; ++i) {
move(TrustedImmPtr(buffer + GPRInfo::numberOfRegisters + i), GPRInfo::regT0);
storeDouble(FPRInfo::toRegister(i), GPRInfo::regT0);
}
+
+ // Tell GC mark phase how much of the scratch buffer is active during call.
+ move(TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::regT0);
+ storePtr(TrustedImmPtr(scratchSize), GPRInfo::regT0);
+
#if CPU(X86_64) || CPU(ARM_THUMB2)
move(TrustedImmPtr(argument), GPRInfo::argumentGPR1);
move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
@@ -191,6 +210,10 @@ public:
#endif
move(TrustedImmPtr(reinterpret_cast<void*>(function)), scratch);
call(scratch);
+
+ move(TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::regT0);
+ storePtr(TrustedImmPtr(0), GPRInfo::regT0);
+
for (unsigned i = 0; i < FPRInfo::numberOfRegisters; ++i) {
move(TrustedImmPtr(buffer + GPRInfo::numberOfRegisters + i), GPRInfo::regT0);
loadDouble(GPRInfo::regT0, FPRInfo::toRegister(i));
@@ -308,6 +331,8 @@ public:
return codeOrigin.inlineCallFrame->callee->jsExecutable()->isStrictMode();
}
+ ExecutableBase* executableFor(const CodeOrigin& codeOrigin);
+
CodeBlock* baselineCodeBlockFor(const CodeOrigin& codeOrigin)
{
return baselineCodeBlockForOriginAndBaselineCodeBlock(codeOrigin, baselineCodeBlock());
@@ -318,6 +343,20 @@ public:
return m_baselineCodeBlock;
}
+ int argumentsRegisterFor(InlineCallFrame* inlineCallFrame)
+ {
+ if (!inlineCallFrame)
+ return codeBlock()->argumentsRegister();
+
+ return baselineCodeBlockForInlineCallFrame(
+ inlineCallFrame)->argumentsRegister() + inlineCallFrame->stackOffset;
+ }
+
+ int argumentsRegisterFor(const CodeOrigin& codeOrigin)
+ {
+ return argumentsRegisterFor(codeOrigin.inlineCallFrame);
+ }
+
Vector<BytecodeAndMachineOffset>& decodedCodeMapFor(CodeBlock*);
static const double twoToThe32;
diff --git a/Source/JavaScriptCore/dfg/DFGBasicBlock.h b/Source/JavaScriptCore/dfg/DFGBasicBlock.h
index 92df58d09..9128f0882 100644
--- a/Source/JavaScriptCore/dfg/DFGBasicBlock.h
+++ b/Source/JavaScriptCore/dfg/DFGBasicBlock.h
@@ -44,6 +44,7 @@ struct BasicBlock : Vector<NodeIndex, 8> {
, isOSRTarget(false)
, cfaHasVisited(false)
, cfaShouldRevisit(false)
+ , cfaFoundConstants(false)
#if !ASSERT_DISABLED
, isLinked(false)
#endif
@@ -55,6 +56,10 @@ struct BasicBlock : Vector<NodeIndex, 8> {
{
}
+ ~BasicBlock()
+ {
+ }
+
void ensureLocals(unsigned newNumLocals)
{
variablesAtHead.ensureLocals(newNumLocals);
@@ -62,6 +67,33 @@ struct BasicBlock : Vector<NodeIndex, 8> {
valuesAtHead.ensureLocals(newNumLocals);
valuesAtTail.ensureLocals(newNumLocals);
}
+
+ size_t numNodes() const { return phis.size() + size(); }
+ NodeIndex nodeIndex(size_t i) const
+ {
+ if (i < phis.size())
+ return phis[i];
+ return at(i - phis.size());
+ }
+ bool isPhiIndex(size_t i) const { return i < phis.size(); }
+
+ bool isInPhis(NodeIndex nodeIndex) const
+ {
+ for (size_t i = 0; i < phis.size(); ++i) {
+ if (phis[i] == nodeIndex)
+ return true;
+ }
+ return false;
+ }
+
+ bool isInBlock(NodeIndex index) const
+ {
+ for (size_t i = 0; i < numNodes(); ++i) {
+ if (nodeIndex(i) == index)
+ return true;
+ }
+ return false;
+ }
// This value is used internally for block linking and OSR entry. It is mostly meaningless
// for other purposes due to inlining.
@@ -70,6 +102,7 @@ struct BasicBlock : Vector<NodeIndex, 8> {
bool isOSRTarget;
bool cfaHasVisited;
bool cfaShouldRevisit;
+ bool cfaFoundConstants;
#if !ASSERT_DISABLED
bool isLinked;
#endif
diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
index cc756c61e..27e198c75 100644
--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
@@ -45,8 +45,9 @@ namespace JSC { namespace DFG {
// This class is used to compile the dataflow graph from a CodeBlock.
class ByteCodeParser {
public:
- ByteCodeParser(Graph& graph)
- : m_globalData(&graph.m_globalData)
+ ByteCodeParser(ExecState* exec, Graph& graph)
+ : m_exec(exec)
+ , m_globalData(&graph.m_globalData)
, m_codeBlock(graph.m_codeBlock)
, m_profiledBlock(graph.m_profiledBlock)
, m_graph(graph)
@@ -97,10 +98,6 @@ private:
void prepareToParseBlock();
// Parse a single basic block of bytecode instructions.
bool parseBlock(unsigned limit);
- // Find reachable code and setup predecessor links in the graph's BasicBlocks.
- void determineReachability();
- // Enqueue a block onto the worklist, if necessary.
- void handleSuccessor(Vector<BlockIndex, 16>& worklist, BlockIndex, BlockIndex successor);
// Link block successors.
void linkBlock(BasicBlock*, Vector<BlockIndex>& possibleTargets);
void linkBlocks(Vector<UnlinkedBlock>& unlinkedBlocks, Vector<BlockIndex>& possibleTargets);
@@ -116,11 +113,11 @@ private:
// Add spill locations to nodes.
void allocateVirtualRegisters();
- VariableAccessData* newVariableAccessData(int operand)
+ VariableAccessData* newVariableAccessData(int operand, bool isCaptured)
{
ASSERT(operand < FirstConstantRegisterIndex);
- m_graph.m_variableAccessData.append(VariableAccessData(static_cast<VirtualRegister>(operand)));
+ m_graph.m_variableAccessData.append(VariableAccessData(static_cast<VirtualRegister>(operand), isCaptured));
return &m_graph.m_variableAccessData.last();
}
@@ -181,6 +178,7 @@ private:
NodeIndex getLocal(unsigned operand)
{
NodeIndex nodeIndex = m_currentBlock->variablesAtTail.local(operand);
+ bool isCaptured = m_codeBlock->localIsCaptured(m_inlineStackTop->m_inlineCallFrame, operand);
if (nodeIndex != NoNode) {
Node* nodePtr = &m_graph[nodeIndex];
@@ -192,6 +190,7 @@ private:
Node& flushChild = m_graph[nodeIndex];
if (flushChild.op() == Phi) {
VariableAccessData* variableAccessData = flushChild.variableAccessData();
+ variableAccessData->mergeIsCaptured(isCaptured);
nodeIndex = injectLazyOperandPrediction(addToGraph(GetLocal, OpInfo(variableAccessData), nodeIndex));
m_currentBlock->variablesAtTail.local(operand) = nodeIndex;
return nodeIndex;
@@ -202,7 +201,9 @@ private:
ASSERT(&m_graph[nodeIndex] == nodePtr);
ASSERT(nodePtr->op() != Flush);
- if (m_graph.localIsCaptured(operand)) {
+ nodePtr->variableAccessData()->mergeIsCaptured(isCaptured);
+
+ if (isCaptured) {
// We wish to use the same variable access data as the previous access,
// but for all other purposes we want to issue a load since for all we
// know, at this stage of compilation, the local has been clobbered.
@@ -224,7 +225,7 @@ private:
// expand m_preservedVars to cover these.
m_preservedVars.set(operand);
- VariableAccessData* variableAccessData = newVariableAccessData(operand);
+ VariableAccessData* variableAccessData = newVariableAccessData(operand, isCaptured);
NodeIndex phi = addToGraph(Phi, OpInfo(variableAccessData));
m_localPhiStack.append(PhiStackEntry(m_currentBlock, phi, operand));
@@ -237,11 +238,13 @@ private:
}
void setLocal(unsigned operand, NodeIndex value)
{
- VariableAccessData* variableAccessData = newVariableAccessData(operand);
+ bool isCaptured = m_codeBlock->localIsCaptured(m_inlineStackTop->m_inlineCallFrame, operand);
+
+ VariableAccessData* variableAccessData = newVariableAccessData(operand, isCaptured);
NodeIndex nodeIndex = addToGraph(SetLocal, OpInfo(variableAccessData), value);
m_currentBlock->variablesAtTail.local(operand) = nodeIndex;
- bool shouldFlush = m_graph.localIsCaptured(operand);
+ bool shouldFlush = isCaptured;
if (!shouldFlush) {
// If this is in argument position, then it should be flushed.
@@ -270,6 +273,9 @@ private:
NodeIndex getArgument(unsigned operand)
{
unsigned argument = operandToArgument(operand);
+
+ bool isCaptured = m_codeBlock->argumentIsCaptured(argument);
+
ASSERT(argument < m_numArguments);
NodeIndex nodeIndex = m_currentBlock->variablesAtTail.argument(argument);
@@ -284,6 +290,7 @@ private:
Node& flushChild = m_graph[nodeIndex];
if (flushChild.op() == Phi) {
VariableAccessData* variableAccessData = flushChild.variableAccessData();
+ variableAccessData->mergeIsCaptured(isCaptured);
nodeIndex = injectLazyOperandPrediction(addToGraph(GetLocal, OpInfo(variableAccessData), nodeIndex));
m_currentBlock->variablesAtTail.local(operand) = nodeIndex;
return nodeIndex;
@@ -294,6 +301,8 @@ private:
ASSERT(&m_graph[nodeIndex] == nodePtr);
ASSERT(nodePtr->op() != Flush);
+ nodePtr->variableAccessData()->mergeIsCaptured(isCaptured);
+
if (nodePtr->op() == SetArgument) {
// We're getting an argument in the first basic block; link
// the GetLocal to the SetArgument.
@@ -303,7 +312,7 @@ private:
return nodeIndex;
}
- if (m_graph.argumentIsCaptured(argument)) {
+ if (isCaptured) {
if (nodePtr->op() == GetLocal)
nodeIndex = nodePtr->child1().index();
return injectLazyOperandPrediction(addToGraph(GetLocal, OpInfo(nodePtr->variableAccessData()), nodeIndex));
@@ -316,7 +325,7 @@ private:
return nodePtr->child1().index();
}
- VariableAccessData* variableAccessData = newVariableAccessData(operand);
+ VariableAccessData* variableAccessData = newVariableAccessData(operand, isCaptured);
NodeIndex phi = addToGraph(Phi, OpInfo(variableAccessData));
m_argumentPhiStack.append(PhiStackEntry(m_currentBlock, phi, argument));
@@ -330,9 +339,11 @@ private:
void setArgument(int operand, NodeIndex value)
{
unsigned argument = operandToArgument(operand);
+ bool isCaptured = m_codeBlock->argumentIsCaptured(argument);
+
ASSERT(argument < m_numArguments);
- VariableAccessData* variableAccessData = newVariableAccessData(operand);
+ VariableAccessData* variableAccessData = newVariableAccessData(operand, isCaptured);
InlineStackEntry* stack = m_inlineStackTop;
while (stack->m_inlineCallFrame) // find the machine stack entry.
stack = stack->m_caller;
@@ -349,6 +360,7 @@ private:
// some other local variable.
operand = m_inlineStackTop->remapOperand(operand);
+ bool isCaptured = m_codeBlock->isCaptured(m_inlineStackTop->m_inlineCallFrame, operand);
ASSERT(operand < FirstConstantRegisterIndex);
@@ -383,11 +395,12 @@ private:
// This gives us guidance to see that the variable also needs to be flushed
// for arguments, even if it already had to be flushed for other reasons.
VariableAccessData* variableAccessData = node.variableAccessData();
+ variableAccessData->mergeIsCaptured(isCaptured);
addToGraph(Flush, OpInfo(variableAccessData), nodeIndex);
return variableAccessData;
}
- VariableAccessData* variableAccessData = newVariableAccessData(operand);
+ VariableAccessData* variableAccessData = newVariableAccessData(operand, isCaptured);
NodeIndex phi = addToGraph(Phi, OpInfo(variableAccessData));
nodeIndex = addToGraph(Flush, OpInfo(variableAccessData), phi);
if (operandIsArgument(operand)) {
@@ -846,6 +859,7 @@ private:
void buildOperandMapsIfNecessary();
+ ExecState* m_exec;
JSGlobalData* m_globalData;
CodeBlock* m_codeBlock;
CodeBlock* m_profiledBlock;
@@ -984,7 +998,17 @@ private:
InlineStackEntry* m_caller;
- InlineStackEntry(ByteCodeParser*, CodeBlock*, CodeBlock* profiledBlock, BlockIndex callsiteBlockHead, VirtualRegister calleeVR, JSFunction* callee, VirtualRegister returnValueVR, VirtualRegister inlineCallFrameStart, CodeSpecializationKind);
+ InlineStackEntry(
+ ByteCodeParser*,
+ CodeBlock*,
+ CodeBlock* profiledBlock,
+ BlockIndex callsiteBlockHead,
+ VirtualRegister calleeVR,
+ JSFunction* callee,
+ VirtualRegister returnValueVR,
+ VirtualRegister inlineCallFrameStart,
+ int argumentCountIncludingThis,
+ CodeSpecializationKind);
~InlineStackEntry()
{
@@ -1052,13 +1076,29 @@ void ByteCodeParser::handleCall(Interpreter* interpreter, Instruction* currentIn
dataLog("not set.\n");
#endif
- if (m_graph.isFunctionConstant(callTarget))
+ if (m_graph.isFunctionConstant(callTarget)) {
callType = ConstantFunction;
- else if (callLinkStatus.isSet() && !callLinkStatus.couldTakeSlowPath()
- && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCache))
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("Call at [@%lu, bc#%u] has a function constant: %p, exec %p.\n",
+ m_graph.size(), m_currentIndex,
+ m_graph.valueOfFunctionConstant(callTarget),
+ m_graph.valueOfFunctionConstant(callTarget)->executable());
+#endif
+ } else if (callLinkStatus.isSet() && !callLinkStatus.couldTakeSlowPath()
+ && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCache)) {
callType = LinkedFunction;
- else
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("Call at [@%lu, bc#%u] is linked to: %p, exec %p.\n",
+ m_graph.size(), m_currentIndex, callLinkStatus.callTarget(),
+ callLinkStatus.callTarget()->executable());
+#endif
+ } else {
callType = UnknownFunction;
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("Call at [@%lu, bc#%u] is has an unknown or ambiguous target.\n",
+ m_graph.size(), m_currentIndex);
+#endif
+ }
if (callType != UnknownFunction) {
int argumentCountIncludingThis = currentInstruction[2].u.operand;
int registerOffset = currentInstruction[3].u.operand;
@@ -1131,9 +1171,10 @@ bool ByteCodeParser::handleInlining(bool usesResult, int callTarget, NodeIndex c
FunctionExecutable* executable = expectedFunction->jsExecutable();
- // Does the number of arguments we're passing match the arity of the target? We could
- // inline arity check failures, but for simplicity we currently don't.
- if (static_cast<int>(executable->parameterCount()) + 1 != argumentCountIncludingThis)
+ // Does the number of arguments we're passing match the arity of the target? We currently
+ // inline only if the number of arguments passed is greater than or equal to the number
+ // arguments expected.
+ if (static_cast<int>(executable->parameterCount()) + 1 > argumentCountIncludingThis)
return false;
// Have we exceeded inline stack depth, or are we trying to inline a recursive call?
@@ -1178,8 +1219,15 @@ bool ByteCodeParser::handleInlining(bool usesResult, int callTarget, NodeIndex c
// FIXME: Don't flush constants!
Vector<VariableAccessData*, 8> arguments;
- for (int i = 1; i < argumentCountIncludingThis; ++i)
- arguments.append(flushArgument(registerOffset + argumentToOperand(i)));
+ for (int i = 1; i < argumentCountIncludingThis; ++i) {
+ VariableAccessData* variableAccessData =
+ flushArgument(registerOffset + argumentToOperand(i));
+ arguments.append(variableAccessData);
+
+ // Are we going to be capturing arguments? If so make sure we record this fact.
+ if (codeBlock->argumentIsCaptured(i))
+ variableAccessData->mergeIsCaptured(true);
+ }
int inlineCallFrameStart = m_inlineStackTop->remapOperand(registerOffset) - RegisterFile::CallFrameHeaderSize;
@@ -1195,11 +1243,19 @@ bool ByteCodeParser::handleInlining(bool usesResult, int callTarget, NodeIndex c
m_graph.m_blocks[i]->ensureLocals(newNumLocals);
}
- InlineStackEntry inlineStackEntry(this, codeBlock, profiledBlock, m_graph.m_blocks.size() - 1, (VirtualRegister)m_inlineStackTop->remapOperand(callTarget), expectedFunction, (VirtualRegister)m_inlineStackTop->remapOperand(usesResult ? resultOperand : InvalidVirtualRegister), (VirtualRegister)inlineCallFrameStart, kind);
+ InlineStackEntry inlineStackEntry(
+ this, codeBlock, profiledBlock, m_graph.m_blocks.size() - 1,
+ (VirtualRegister)m_inlineStackTop->remapOperand(callTarget), expectedFunction,
+ (VirtualRegister)m_inlineStackTop->remapOperand(
+ usesResult ? resultOperand : InvalidVirtualRegister),
+ (VirtualRegister)inlineCallFrameStart, argumentCountIncludingThis, kind);
// Link up the argument variable access datas to their argument positions.
- for (int i = 1; i < argumentCountIncludingThis; ++i)
+ for (int i = 1; i < argumentCountIncludingThis; ++i) {
+ if (static_cast<size_t>(i) >= inlineStackEntry.m_argumentPositions.size())
+ break;
inlineStackEntry.m_argumentPositions[i]->addVariable(arguments[i - 1]);
+ }
// This is where the actual inlining really happens.
unsigned oldIndex = m_currentIndex;
@@ -1482,7 +1538,7 @@ bool ByteCodeParser::parseBlock(unsigned limit)
if (m_currentBlock == m_graph.m_blocks[0].get() && !m_inlineStackTop->m_inlineCallFrame) {
m_graph.m_arguments.resize(m_numArguments);
for (unsigned argument = 0; argument < m_numArguments; ++argument) {
- NodeIndex setArgument = addToGraph(SetArgument, OpInfo(newVariableAccessData(argumentToOperand(argument))));
+ NodeIndex setArgument = addToGraph(SetArgument, OpInfo(newVariableAccessData(argumentToOperand(argument), m_codeBlock->argumentIsCaptured(argument))));
m_graph.m_arguments[argument] = setArgument;
m_currentBlock->variablesAtHead.setArgumentFirstTime(argument, setArgument);
m_currentBlock->variablesAtTail.setArgumentFirstTime(argument, setArgument);
@@ -2014,10 +2070,20 @@ bool ByteCodeParser::parseBlock(unsigned limit)
if (!hasExitSite && putByIdStatus.isSimpleReplace()) {
addToGraph(CheckStructure, OpInfo(m_graph.addStructureSet(putByIdStatus.oldStructure())), base);
- addToGraph(PutByOffset, OpInfo(m_graph.m_storageAccessData.size()), base, addToGraph(GetPropertyStorage, base), value);
+ size_t offsetOffset;
+ NodeIndex propertyStorage;
+ if (putByIdStatus.oldStructure()->isUsingInlineStorage()) {
+ propertyStorage = base;
+ ASSERT(!(sizeof(JSObject) % sizeof(EncodedJSValue)));
+ offsetOffset = sizeof(JSObject) / sizeof(EncodedJSValue);
+ } else {
+ propertyStorage = addToGraph(GetPropertyStorage, base);
+ offsetOffset = 0;
+ }
+ addToGraph(PutByOffset, OpInfo(m_graph.m_storageAccessData.size()), propertyStorage, base, value);
StorageAccessData storageAccessData;
- storageAccessData.offset = putByIdStatus.offset();
+ storageAccessData.offset = putByIdStatus.offset() + offsetOffset;
storageAccessData.identifierNumber = identifierNumber;
m_graph.m_storageAccessData.append(storageAccessData);
} else if (!hasExitSite
@@ -2056,15 +2122,25 @@ bool ByteCodeParser::parseBlock(unsigned limit)
putByIdStatus.newStructure()))),
base);
+ size_t offsetOffset;
+ NodeIndex propertyStorage;
+ if (putByIdStatus.newStructure()->isUsingInlineStorage()) {
+ propertyStorage = base;
+ ASSERT(!(sizeof(JSObject) % sizeof(EncodedJSValue)));
+ offsetOffset = sizeof(JSObject) / sizeof(EncodedJSValue);
+ } else {
+ propertyStorage = addToGraph(GetPropertyStorage, base);
+ offsetOffset = 0;
+ }
addToGraph(
PutByOffset,
OpInfo(m_graph.m_storageAccessData.size()),
+ propertyStorage,
base,
- addToGraph(GetPropertyStorage, base),
value);
StorageAccessData storageAccessData;
- storageAccessData.offset = putByIdStatus.offset();
+ storageAccessData.offset = putByIdStatus.offset() + offsetOffset;
storageAccessData.identifierNumber = identifierNumber;
m_graph.m_storageAccessData.append(storageAccessData);
} else {
@@ -2305,8 +2381,52 @@ bool ByteCodeParser::parseBlock(unsigned limit)
handleCall(interpreter, currentInstruction, Construct, CodeForConstruct);
NEXT_OPCODE(op_construct);
+ case op_call_varargs: {
+ ASSERT(m_inlineStackTop->m_inlineCallFrame);
+ ASSERT(currentInstruction[3].u.operand == m_inlineStackTop->m_codeBlock->argumentsRegister());
+ // It would be cool to funnel this into handleCall() so that it can handle
+ // inlining. But currently that won't be profitable anyway, since none of the
+ // uses of call_varargs will be inlineable. So we set this up manually and
+ // without inline/intrinsic detection.
+
+ Instruction* putInstruction = currentInstruction + OPCODE_LENGTH(op_call_varargs);
+
+ PredictedType prediction = PredictNone;
+ if (interpreter->getOpcodeID(putInstruction->u.opcode) == op_call_put_result) {
+ m_currentProfilingIndex = m_currentIndex + OPCODE_LENGTH(op_call_varargs);
+ prediction = getPrediction();
+ }
+
+ addToGraph(CheckArgumentsNotCreated);
+
+ unsigned argCount = m_inlineStackTop->m_inlineCallFrame->arguments.size();
+ if (RegisterFile::CallFrameHeaderSize + argCount > m_parameterSlots)
+ m_parameterSlots = RegisterFile::CallFrameHeaderSize + argCount;
+
+ addVarArgChild(get(currentInstruction[1].u.operand)); // callee
+ addVarArgChild(get(currentInstruction[2].u.operand)); // this
+ for (unsigned argument = 1; argument < argCount; ++argument)
+ addVarArgChild(get(argumentToOperand(argument)));
+
+ NodeIndex call = addToGraph(Node::VarArg, Call, OpInfo(0), OpInfo(prediction));
+ if (interpreter->getOpcodeID(putInstruction->u.opcode) == op_call_put_result)
+ set(putInstruction[1].u.operand, call);
+
+ NEXT_OPCODE(op_call_varargs);
+ }
+
case op_call_put_result:
NEXT_OPCODE(op_call_put_result);
+
+ case op_jneq_ptr:
+ // Statically speculate for now. It makes sense to let speculate-only jneq_ptr
+ // support simmer for a while before making it more general, since it's
+ // already gnarly enough as it is.
+ addToGraph(
+ CheckFunction, OpInfo(currentInstruction[2].u.jsCell.get()),
+ get(currentInstruction[1].u.operand));
+ addToGraph(Jump, OpInfo(m_currentIndex + OPCODE_LENGTH(op_jneq_ptr)));
+ LAST_OPCODE(op_jneq_ptr);
case op_resolve: {
PredictedType prediction = getPrediction();
@@ -2372,12 +2492,40 @@ bool ByteCodeParser::parseBlock(unsigned limit)
NEXT_OPCODE(op_create_activation);
}
+ case op_create_arguments: {
+ m_graph.m_hasArguments = true;
+ NodeIndex createArguments = addToGraph(CreateArguments, get(currentInstruction[1].u.operand));
+ set(currentInstruction[1].u.operand, createArguments);
+ set(unmodifiedArgumentsRegister(currentInstruction[1].u.operand), createArguments);
+ NEXT_OPCODE(op_create_arguments);
+ }
+
case op_tear_off_activation: {
- // This currently ignores arguments because we don't support them yet.
- addToGraph(TearOffActivation, get(currentInstruction[1].u.operand));
+ addToGraph(TearOffActivation, OpInfo(unmodifiedArgumentsRegister(currentInstruction[2].u.operand)), get(currentInstruction[1].u.operand), get(currentInstruction[2].u.operand));
NEXT_OPCODE(op_tear_off_activation);
}
+ case op_tear_off_arguments: {
+ m_graph.m_hasArguments = true;
+ addToGraph(TearOffArguments, get(unmodifiedArgumentsRegister(currentInstruction[1].u.operand)));
+ NEXT_OPCODE(op_tear_off_arguments);
+ }
+
+ case op_get_arguments_length: {
+ m_graph.m_hasArguments = true;
+ set(currentInstruction[1].u.operand, addToGraph(GetMyArgumentsLengthSafe));
+ NEXT_OPCODE(op_get_arguments_length);
+ }
+
+ case op_get_argument_by_val: {
+ m_graph.m_hasArguments = true;
+ set(currentInstruction[1].u.operand,
+ addToGraph(
+ GetMyArgumentByValSafe, OpInfo(0), OpInfo(getPrediction()),
+ get(currentInstruction[3].u.operand)));
+ NEXT_OPCODE(op_get_argument_by_val);
+ }
+
case op_new_func: {
if (!currentInstruction[3].u.operand) {
set(currentInstruction[1].u.operand,
@@ -2404,8 +2552,6 @@ bool ByteCodeParser::parseBlock(unsigned limit)
ASSERT_NOT_REACHED();
return false;
}
-
- ASSERT(canCompileOpcode(opcodeID));
}
}
@@ -2413,11 +2559,17 @@ template<ByteCodeParser::PhiStackType stackType>
void ByteCodeParser::processPhiStack()
{
Vector<PhiStackEntry, 16>& phiStack = (stackType == ArgumentPhiStack) ? m_argumentPhiStack : m_localPhiStack;
-
+
while (!phiStack.isEmpty()) {
PhiStackEntry entry = phiStack.last();
phiStack.removeLast();
+ if (!entry.m_block->isReachable)
+ continue;
+
+ if (!entry.m_block->isReachable)
+ continue;
+
PredecessorList& predecessors = entry.m_block->m_predecessors;
unsigned varNo = entry.m_varNo;
VariableAccessData* dataForPhi = m_graph[entry.m_phi].variableAccessData();
@@ -2425,7 +2577,7 @@ void ByteCodeParser::processPhiStack()
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
dataLog(" Handling phi entry for var %u, phi @%u.\n", entry.m_varNo, entry.m_phi);
#endif
-
+
for (size_t i = 0; i < predecessors.size(); ++i) {
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
dataLog(" Dealing with predecessor block %u.\n", predecessors[i]);
@@ -2441,7 +2593,7 @@ void ByteCodeParser::processPhiStack()
dataLog(" Did not find node, adding phi.\n");
#endif
- valueInPredecessor = insertPhiNode(OpInfo(newVariableAccessData(stackType == ArgumentPhiStack ? argumentToOperand(varNo) : static_cast<int>(varNo))), predecessorBlock);
+ valueInPredecessor = insertPhiNode(OpInfo(newVariableAccessData(stackType == ArgumentPhiStack ? argumentToOperand(varNo) : static_cast<int>(varNo), false)), predecessorBlock);
var = valueInPredecessor;
if (stackType == ArgumentPhiStack)
predecessorBlock->variablesAtHead.setArgumentFirstTime(varNo, valueInPredecessor);
@@ -2558,6 +2710,7 @@ void ByteCodeParser::fixVariableAccessPredictions()
for (unsigned i = 0; i < m_graph.m_variableAccessData.size(); ++i) {
VariableAccessData* data = &m_graph.m_variableAccessData[i];
data->find()->predict(data->nonUnifiedPrediction());
+ data->find()->mergeIsCaptured(data->isCaptured());
}
}
@@ -2606,41 +2759,6 @@ void ByteCodeParser::linkBlocks(Vector<UnlinkedBlock>& unlinkedBlocks, Vector<Bl
}
}
-void ByteCodeParser::handleSuccessor(Vector<BlockIndex, 16>& worklist, BlockIndex blockIndex, BlockIndex successorIndex)
-{
- BasicBlock* successor = m_graph.m_blocks[successorIndex].get();
- if (!successor->isReachable) {
- successor->isReachable = true;
- worklist.append(successorIndex);
- }
-
- successor->m_predecessors.append(blockIndex);
-}
-
-void ByteCodeParser::determineReachability()
-{
- Vector<BlockIndex, 16> worklist;
- worklist.append(0);
- m_graph.m_blocks[0]->isReachable = true;
- while (!worklist.isEmpty()) {
- BlockIndex index = worklist.last();
- worklist.removeLast();
-
- BasicBlock* block = m_graph.m_blocks[index].get();
- ASSERT(block->isLinked);
-
- Node& node = m_graph[block->last()];
- ASSERT(node.isTerminal());
-
- if (node.isJump())
- handleSuccessor(worklist, index, node.takenBlockIndex());
- else if (node.isBranch()) {
- handleSuccessor(worklist, index, node.takenBlockIndex());
- handleSuccessor(worklist, index, node.notTakenBlockIndex());
- }
- }
-}
-
void ByteCodeParser::buildOperandMapsIfNecessary()
{
if (m_haveBuiltOperandMaps)
@@ -2659,7 +2777,17 @@ void ByteCodeParser::buildOperandMapsIfNecessary()
m_haveBuiltOperandMaps = true;
}
-ByteCodeParser::InlineStackEntry::InlineStackEntry(ByteCodeParser* byteCodeParser, CodeBlock* codeBlock, CodeBlock* profiledBlock, BlockIndex callsiteBlockHead, VirtualRegister calleeVR, JSFunction* callee, VirtualRegister returnValueVR, VirtualRegister inlineCallFrameStart, CodeSpecializationKind kind)
+ByteCodeParser::InlineStackEntry::InlineStackEntry(
+ ByteCodeParser* byteCodeParser,
+ CodeBlock* codeBlock,
+ CodeBlock* profiledBlock,
+ BlockIndex callsiteBlockHead,
+ VirtualRegister calleeVR,
+ JSFunction* callee,
+ VirtualRegister returnValueVR,
+ VirtualRegister inlineCallFrameStart,
+ int argumentCountIncludingThis,
+ CodeSpecializationKind kind)
: m_byteCodeParser(byteCodeParser)
, m_codeBlock(codeBlock)
, m_profiledBlock(profiledBlock)
@@ -2678,6 +2806,12 @@ ByteCodeParser::InlineStackEntry::InlineStackEntry(ByteCodeParser* byteCodeParse
ArgumentPosition* argumentPosition = &byteCodeParser->m_graph.m_argumentPositions.last();
m_argumentPositions[i] = argumentPosition;
}
+
+ // Track the code-block-global exit sites.
+ if (m_exitProfile.hasExitSite(ArgumentsEscaped)) {
+ byteCodeParser->m_graph.m_executablesWhoseArgumentsEscaped.add(
+ codeBlock->ownerExecutable());
+ }
if (m_caller) {
// Inline case.
@@ -2692,8 +2826,29 @@ ByteCodeParser::InlineStackEntry::InlineStackEntry(ByteCodeParser* byteCodeParse
inlineCallFrame.stackOffset = inlineCallFrameStart + RegisterFile::CallFrameHeaderSize;
inlineCallFrame.callee.set(*byteCodeParser->m_globalData, byteCodeParser->m_codeBlock->ownerExecutable(), callee);
inlineCallFrame.caller = byteCodeParser->currentCodeOrigin();
- inlineCallFrame.arguments.resize(codeBlock->numParameters()); // Set the number of arguments including this, but don't configure the value recoveries, yet.
+ inlineCallFrame.arguments.resize(argumentCountIncludingThis); // Set the number of arguments including this, but don't configure the value recoveries, yet.
inlineCallFrame.isCall = isCall(kind);
+
+ if (inlineCallFrame.caller.inlineCallFrame)
+ inlineCallFrame.capturedVars = inlineCallFrame.caller.inlineCallFrame->capturedVars;
+ else {
+ for (int i = byteCodeParser->m_codeBlock->m_numCapturedVars; i--;)
+ inlineCallFrame.capturedVars.set(i);
+ }
+
+ if (codeBlock->usesArguments() || codeBlock->needsActivation()) {
+ for (int i = argumentCountIncludingThis; i--;)
+ inlineCallFrame.capturedVars.set(argumentToOperand(i) + inlineCallFrame.stackOffset);
+ }
+ for (int i = codeBlock->m_numCapturedVars; i--;)
+ inlineCallFrame.capturedVars.set(i + inlineCallFrame.stackOffset);
+
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("Current captured variables: ");
+ inlineCallFrame.capturedVars.dump(WTF::dataFile());
+ dataLog("\n");
+#endif
+
byteCodeParser->m_codeBlock->inlineCallFrames().append(inlineCallFrame);
m_inlineCallFrame = &byteCodeParser->m_codeBlock->inlineCallFrames().last();
@@ -2769,6 +2924,7 @@ void ByteCodeParser::parseCodeBlock()
codeBlock->needsFullScopeChain()?"true":"false",
codeBlock->ownerExecutable()->needsActivation()?"true":"false",
codeBlock->ownerExecutable()->isStrictMode()?"true":"false");
+ codeBlock->baselineVersion()->dump(m_exec);
#endif
for (unsigned jumpTargetIndex = 0; jumpTargetIndex <= codeBlock->numberOfJumpTargets(); ++jumpTargetIndex) {
@@ -2847,12 +3003,15 @@ bool ByteCodeParser::parse()
ASSERT(m_graph.needsActivation());
#endif
- InlineStackEntry inlineStackEntry(this, m_codeBlock, m_profiledBlock, NoBlock, InvalidVirtualRegister, 0, InvalidVirtualRegister, InvalidVirtualRegister, CodeForCall);
+ InlineStackEntry inlineStackEntry(
+ this, m_codeBlock, m_profiledBlock, NoBlock, InvalidVirtualRegister, 0,
+ InvalidVirtualRegister, InvalidVirtualRegister, m_codeBlock->numParameters(),
+ CodeForCall);
parseCodeBlock();
linkBlocks(inlineStackEntry.m_unlinkedBlocks, inlineStackEntry.m_blockLinkingTargets);
- determineReachability();
+ m_graph.determineReachability();
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
dataLog("Processing local variable phis.\n");
#endif
@@ -2864,6 +3023,13 @@ bool ByteCodeParser::parse()
dataLog("Processing argument phis.\n");
#endif
processPhiStack<ArgumentPhiStack>();
+
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ ASSERT(block);
+ if (!block->isReachable)
+ m_graph.m_blocks[blockIndex].clear();
+ }
fixVariableAccessPredictions();
@@ -2874,13 +3040,14 @@ bool ByteCodeParser::parse()
return true;
}
-bool parse(Graph& graph)
+bool parse(ExecState* exec, Graph& graph)
{
#if DFG_DEBUG_LOCAL_DISBALE
+ UNUSED_PARAM(exec);
UNUSED_PARAM(graph);
return false;
#else
- return ByteCodeParser(graph).parse();
+ return ByteCodeParser(exec, graph).parse();
#endif
}
diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.h b/Source/JavaScriptCore/dfg/DFGByteCodeParser.h
index 558cf0167..f1648acf8 100644
--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.h
+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.h
@@ -39,7 +39,7 @@ namespace DFG {
// Populate the Graph with a basic block of code from the CodeBlock,
// starting at the provided bytecode index.
-bool parse(Graph&);
+bool parse(ExecState*, Graph&);
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGCCallHelpers.h b/Source/JavaScriptCore/dfg/DFGCCallHelpers.h
index aa08da128..dc3af636e 100644
--- a/Source/JavaScriptCore/dfg/DFGCCallHelpers.h
+++ b/Source/JavaScriptCore/dfg/DFGCCallHelpers.h
@@ -115,6 +115,13 @@ public:
addCallArgument(arg1);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2)
{
resetCallArguments();
@@ -131,6 +138,22 @@ public:
addCallArgument(arg2);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ addCallArgument(arg2);
+ }
+
+ ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, GPRReg arg2)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ addCallArgument(arg2);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, TrustedImm32 arg2)
{
resetCallArguments();
@@ -419,6 +442,12 @@ public:
move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1)
+ {
+ move(arg1, GPRInfo::argumentGPR1);
+ move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2)
{
setupStubArguments(arg1, arg2);
@@ -432,6 +461,13 @@ public:
move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImm32 arg2)
+ {
+ move(arg1, GPRInfo::argumentGPR1);
+ move(arg2, GPRInfo::argumentGPR2);
+ move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, ImmPtr arg2)
{
move(arg1, GPRInfo::argumentGPR1);
@@ -446,6 +482,13 @@ public:
move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
}
+ ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, GPRReg arg2)
+ {
+ move(arg2, GPRInfo::argumentGPR2); // Move this first, so setting arg1 does not trample!
+ move(arg1, GPRInfo::argumentGPR1);
+ move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+ }
+
ALWAYS_INLINE void setupArgumentsWithExecState(ImmPtr arg1, GPRReg arg2)
{
move(arg2, GPRInfo::argumentGPR2); // Move this first, so setting arg1 does not trample!
diff --git a/Source/JavaScriptCore/dfg/DFGCFAPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFAPhase.cpp
index 6e69c1094..c6042448a 100644
--- a/Source/JavaScriptCore/dfg/DFGCFAPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCFAPhase.cpp
@@ -42,7 +42,7 @@ public:
{
}
- void run()
+ bool run()
{
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
m_count = 0;
@@ -65,12 +65,16 @@ public:
m_changed = false;
performForwardCFA();
} while (m_changed);
+
+ return true;
}
private:
void performBlockCFA(BlockIndex blockIndex)
{
BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ return;
if (!block->cfaShouldRevisit)
return;
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
@@ -126,9 +130,9 @@ private:
#endif
};
-void performCFA(Graph& graph)
+bool performCFA(Graph& graph)
{
- runPhase<CFAPhase>(graph);
+ return runPhase<CFAPhase>(graph);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGCFAPhase.h b/Source/JavaScriptCore/dfg/DFGCFAPhase.h
index 2b626c81f..cc9e6c4b4 100644
--- a/Source/JavaScriptCore/dfg/DFGCFAPhase.h
+++ b/Source/JavaScriptCore/dfg/DFGCFAPhase.h
@@ -39,7 +39,7 @@ class Graph;
// the code block. It's also responsible for identifying dead code, and in the
// future should be used as a hook for constant propagation.
-void performCFA(Graph&);
+bool performCFA(Graph&);
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
new file mode 100644
index 000000000..0f0a22562
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp
@@ -0,0 +1,730 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGCFGSimplificationPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGAbstractState.h"
+#include "DFGBasicBlock.h"
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+#include "DFGPhase.h"
+#include "DFGValidate.h"
+
+namespace JSC { namespace DFG {
+
+class CFGSimplificationPhase : public Phase {
+public:
+ CFGSimplificationPhase(Graph& graph)
+ : Phase(graph, "CFG simplification")
+ {
+ }
+
+ bool run()
+ {
+ const bool extremeLogging = false;
+
+ bool outerChanged = false;
+ bool innerChanged;
+
+ do {
+ innerChanged = false;
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ ASSERT(block->isReachable);
+
+ switch (m_graph[block->last()].op()) {
+ case Jump: {
+ // Successor with one predecessor -> merge.
+ if (m_graph.m_blocks[m_graph.successor(block, 0)]->m_predecessors.size() == 1) {
+ ASSERT(m_graph.m_blocks[m_graph.successor(block, 0)]->m_predecessors[0]
+ == blockIndex);
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("CFGSimplify: Jump merge on Block #%u to Block #%u.\n",
+ blockIndex, m_graph.successor(block, 0));
+#endif
+ if (extremeLogging)
+ m_graph.dump();
+ mergeBlocks(blockIndex, m_graph.successor(block, 0), NoBlock);
+ innerChanged = outerChanged = true;
+ break;
+ } else {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("Not jump merging on Block #%u to Block #%u because predecessors = ",
+ blockIndex, m_graph.successor(block, 0));
+ for (unsigned i = 0; i < m_graph.m_blocks[m_graph.successor(block, 0)]->m_predecessors.size(); ++i) {
+ if (i)
+ dataLog(", ");
+ dataLog("#%u", m_graph.m_blocks[m_graph.successor(block, 0)]->m_predecessors[i]);
+ }
+ dataLog(".\n");
+#endif
+ }
+
+ // FIXME: Block only has a jump -> remove. This is tricky though because of
+ // liveness. What we really want is to slam in a phantom at the end of the
+ // block, after the terminal. But we can't right now. :-(
+ // Idea: what if I slam the ghosties into my successor? Nope, that's
+ // suboptimal, because if my successor has multiple predecessors then we'll
+ // be keeping alive things on other predecessor edges unnecessarily.
+ // What we really need is the notion of end-of-block ghosties!
+ break;
+ }
+
+ case Branch: {
+ // Branch on constant -> jettison the not-taken block and merge.
+ if (m_graph[m_graph[block->last()].child1()].hasConstant()) {
+ bool condition =
+ m_graph.valueOfJSConstant(m_graph[block->last()].child1().index()).toBoolean();
+ BasicBlock* targetBlock = m_graph.m_blocks[
+ m_graph.successorForCondition(block, condition)].get();
+ if (targetBlock->m_predecessors.size() == 1) {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("CFGSimplify: Known condition (%s) branch merge on Block #%u to Block #%u, jettisoning Block #%u.\n",
+ condition ? "true" : "false",
+ blockIndex, m_graph.successorForCondition(block, condition),
+ m_graph.successorForCondition(block, !condition));
+#endif
+ if (extremeLogging)
+ m_graph.dump();
+ mergeBlocks(
+ blockIndex,
+ m_graph.successorForCondition(block, condition),
+ m_graph.successorForCondition(block, !condition));
+ } else {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("CFGSimplify: Known condition (%s) branch->jump conversion on Block #%u to Block #%u, jettisoning Block #%u.\n",
+ condition ? "true" : "false",
+ blockIndex, m_graph.successorForCondition(block, condition),
+ m_graph.successorForCondition(block, !condition));
+#endif
+ if (extremeLogging)
+ m_graph.dump();
+ BlockIndex takenBlockIndex = m_graph.successorForCondition(block, condition);
+ BlockIndex notTakenBlockIndex = m_graph.successorForCondition(block, !condition);
+
+ ASSERT(m_graph[block->last()].isTerminal());
+ CodeOrigin boundaryCodeOrigin = m_graph[block->last()].codeOrigin;
+ m_graph[block->last()].setOpAndDefaultFlags(Phantom);
+ ASSERT(m_graph[block->last()].refCount() == 1);
+
+ jettisonBlock(blockIndex, notTakenBlockIndex, boundaryCodeOrigin);
+
+ NodeIndex jumpNodeIndex = m_graph.size();
+ Node jump(Jump, boundaryCodeOrigin, OpInfo(takenBlockIndex));
+ jump.ref();
+ m_graph.append(jump);
+ block->append(jumpNodeIndex);
+ }
+ innerChanged = outerChanged = true;
+ break;
+ }
+
+ if (m_graph.successor(block, 0) == m_graph.successor(block, 1)) {
+ BlockIndex targetBlockIndex = m_graph.successor(block, 0);
+ BasicBlock* targetBlock = m_graph.m_blocks[targetBlockIndex].get();
+ ASSERT(targetBlock);
+ ASSERT(targetBlock->isReachable);
+ if (targetBlock->m_predecessors.size() == 1) {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("CFGSimplify: Branch to same successor merge on Block #%u to Block #%u.\n",
+ blockIndex, targetBlockIndex);
+#endif
+ mergeBlocks(blockIndex, targetBlockIndex, NoBlock);
+ } else {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("CFGSimplify: Branch->jump conversion to same successor on Block #%u to Block #%u.\n",
+ blockIndex, targetBlockIndex);
+#endif
+ ASSERT(m_graph[block->last()].isTerminal());
+ Node& branch = m_graph[block->last()];
+ ASSERT(branch.isTerminal());
+ ASSERT(branch.op() == Branch);
+ branch.setOpAndDefaultFlags(Phantom);
+ ASSERT(branch.refCount() == 1);
+
+ Node jump(Jump, branch.codeOrigin, OpInfo(targetBlockIndex));
+ jump.ref();
+ NodeIndex jumpNodeIndex = m_graph.size();
+ m_graph.append(jump);
+ block->append(jumpNodeIndex);
+ }
+ innerChanged = outerChanged = true;
+ break;
+ }
+
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("Not branch simplifying on Block #%u because the successors differ and the condition is not known.\n",
+ blockIndex);
+#endif
+
+ // Branch to same destination -> jump.
+ // FIXME: this will currently not be hit because of the lack of jump-only
+ // block simplification.
+
+ break;
+ }
+
+ default:
+ break;
+ }
+ }
+
+ if (innerChanged) {
+ // Here's the reason for this pass:
+ // Blocks: A, B, C, D, E, F
+ // A -> B, C
+ // B -> F
+ // C -> D, E
+ // D -> F
+ // E -> F
+ //
+ // Assume that A's branch is determined to go to B. Then the rest of this phase
+ // is smart enough to simplify down to:
+ // A -> B
+ // B -> F
+ // C -> D, E
+ // D -> F
+ // E -> F
+ //
+ // We will also merge A and B. But then we don't have any other mechanism to
+ // remove D, E as predecessors for F. Worse, the rest of this phase does not
+ // know how to fix the Phi functions of F to ensure that they no longer refer
+ // to variables in D, E. In general, we need a way to handle Phi simplification
+ // upon:
+ // 1) Removal of a predecessor due to branch simplification. The branch
+ // simplifier already does that.
+ // 2) Invalidation of a predecessor because said predecessor was rendered
+ // unreachable. We do this here.
+ //
+ // This implies that when a block is unreachable, we must inspect its
+ // successors' Phi functions to remove any references from them into the
+ // removed block.
+
+ m_graph.resetReachability();
+
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ if (block->isReachable)
+ continue;
+
+ killUnreachable(blockIndex);
+ }
+ }
+
+ validate(m_graph);
+ } while (innerChanged);
+
+ return outerChanged;
+ }
+
+private:
+ void killUnreachable(BlockIndex blockIndex)
+ {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+
+ ASSERT(block);
+ ASSERT(!block->isReachable);
+
+ // 1) Remove references from other blocks to this block.
+ for (unsigned i = m_graph.numSuccessors(block); i--;)
+ fixPhis(blockIndex, m_graph.successor(block, i));
+
+ // 2) Kill the block
+ m_graph.m_blocks[blockIndex].clear();
+ }
+
+ void keepOperandAlive(BasicBlock* block, CodeOrigin codeOrigin, int operand)
+ {
+ NodeIndex nodeIndex = block->variablesAtTail.operand(operand);
+ if (nodeIndex == NoNode)
+ return;
+ if (m_graph[nodeIndex].variableAccessData()->isCaptured())
+ return;
+ if (m_graph[nodeIndex].op() == SetLocal)
+ nodeIndex = m_graph[nodeIndex].child1().index();
+ Node& node = m_graph[nodeIndex];
+ if (!node.shouldGenerate())
+ return;
+ ASSERT(m_graph[nodeIndex].op() != SetLocal);
+ NodeIndex phantomNodeIndex = m_graph.size();
+ Node phantom(Phantom, codeOrigin, nodeIndex);
+ m_graph.append(phantom);
+ m_graph.ref(phantomNodeIndex);
+ block->append(phantomNodeIndex);
+ }
+
+ void fixPossibleGetLocal(BasicBlock* block, Edge& edge, bool changeRef)
+ {
+ Node& child = m_graph[edge];
+ if (child.op() != GetLocal)
+ return;
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Considering GetLocal at @%u.\n", edge.index());
+#endif
+ if (child.variableAccessData()->isCaptured()) {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" It's captured.\n");
+#endif
+ return;
+ }
+ NodeIndex originalNodeIndex = block->variablesAtTail.operand(child.local());
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Dealing with original @%u.\n", originalNodeIndex);
+#endif
+ ASSERT(originalNodeIndex != NoNode);
+ Node* originalNode = &m_graph[originalNodeIndex];
+ if (changeRef)
+ ASSERT(originalNode->shouldGenerate());
+ // Possibilities:
+ // SetLocal -> the secondBlock is getting the value of something that is immediately
+ // available in the first block with a known NodeIndex.
+ // GetLocal -> the secondBlock is getting the value of something that the first
+ // block also gets.
+ // Phi -> the secondBlock is asking for keep-alive on an operand that the first block
+ // was also asking for keep-alive on.
+ // SetArgument -> the secondBlock is asking for keep-alive on an operand that the
+ // first block was keeping alive by virtue of the firstBlock being the root and
+ // the operand being an argument.
+ // Flush -> the secondBlock is asking for keep-alive on an operand that the first
+ // block was forcing to be alive, so the second block should refer child of
+ // the flush.
+ if (originalNode->op() == Flush) {
+ originalNodeIndex = originalNode->child1().index();
+ originalNode = &m_graph[originalNodeIndex];
+ }
+ switch (originalNode->op()) {
+ case SetLocal: {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" It's a SetLocal.\n");
+#endif
+ m_graph.changeIndex(edge, originalNode->child1().index(), changeRef);
+ break;
+ }
+ case GetLocal: {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" It's a GetLocal.\n");
+#endif
+ m_graph.changeIndex(edge, originalNodeIndex, changeRef);
+ break;
+ }
+ case Phi:
+ case SetArgument: {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" It's Phi/SetArgument.\n");
+#endif
+ // Keep the GetLocal!
+ break;
+ }
+ default:
+ ASSERT_NOT_REACHED();
+ break;
+ }
+ }
+
+ void jettisonBlock(BlockIndex blockIndex, BlockIndex jettisonedBlockIndex, CodeOrigin boundaryCodeOrigin)
+ {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ BasicBlock* jettisonedBlock = m_graph.m_blocks[jettisonedBlockIndex].get();
+
+ for (size_t i = 0; i < jettisonedBlock->variablesAtHead.numberOfArguments(); ++i)
+ keepOperandAlive(block, boundaryCodeOrigin, argumentToOperand(i));
+ for (size_t i = 0; i < jettisonedBlock->variablesAtHead.numberOfLocals(); ++i)
+ keepOperandAlive(block, boundaryCodeOrigin, i);
+
+ fixJettisonedPredecessors(blockIndex, jettisonedBlockIndex);
+ }
+
+ void fixPhis(BlockIndex sourceBlockIndex, BlockIndex destinationBlockIndex)
+ {
+ BasicBlock* sourceBlock = m_graph.m_blocks[sourceBlockIndex].get();
+ BasicBlock* destinationBlock = m_graph.m_blocks[destinationBlockIndex].get();
+ if (!destinationBlock) {
+ // If we're trying to kill off the source block and the destination block is already
+ // dead, then we're done!
+ return;
+ }
+ for (size_t i = 0; i < destinationBlock->phis.size(); ++i) {
+ NodeIndex phiNodeIndex = destinationBlock->phis[i];
+ Node& phiNode = m_graph[phiNodeIndex];
+ NodeIndex myNodeIndex = sourceBlock->variablesAtTail.operand(phiNode.local());
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("Considering removing reference from phi @%u to @%u on local r%d:",
+ phiNodeIndex, myNodeIndex, phiNode.local());
+#endif
+ if (myNodeIndex == NoNode) {
+ // This will happen if there is a phi in the destination that refers into
+ // the destination itself.
+ continue;
+ }
+ Node& myNode = m_graph[myNodeIndex];
+ if (myNode.op() == GetLocal)
+ myNodeIndex = myNode.child1().index();
+ for (unsigned j = 0; j < AdjacencyList::Size; ++j)
+ removePotentiallyDeadPhiReference(myNodeIndex, phiNode, j);
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("\n");
+#endif
+ }
+ }
+
+ void fixJettisonedPredecessors(BlockIndex blockIndex, BlockIndex jettisonedBlockIndex)
+ {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog("Fixing predecessors and phis due to jettison of Block #%u from Block #%u.\n",
+ jettisonedBlockIndex, blockIndex);
+#endif
+ BasicBlock* jettisonedBlock = m_graph.m_blocks[jettisonedBlockIndex].get();
+ for (unsigned i = 0; i < jettisonedBlock->m_predecessors.size(); ++i) {
+ if (jettisonedBlock->m_predecessors[i] != blockIndex)
+ continue;
+ jettisonedBlock->m_predecessors[i] = jettisonedBlock->m_predecessors.last();
+ jettisonedBlock->m_predecessors.removeLast();
+ break;
+ }
+
+ fixPhis(blockIndex, jettisonedBlockIndex);
+ }
+
+ void removePotentiallyDeadPhiReference(NodeIndex myNodeIndex, Node& phiNode, unsigned edgeIndex)
+ {
+ if (phiNode.children.child(edgeIndex).indexUnchecked() != myNodeIndex)
+ return;
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Removing reference at child %u.", edgeIndex);
+#endif
+ if (phiNode.shouldGenerate())
+ m_graph.deref(myNodeIndex);
+ phiNode.children.removeEdgeFromBag(edgeIndex);
+ }
+
+ struct OperandSubstitution {
+ OperandSubstitution()
+ : oldChild(NoNode)
+ , newChild(NoNode)
+ {
+ }
+
+ explicit OperandSubstitution(NodeIndex oldChild)
+ : oldChild(oldChild)
+ , newChild(oldChild)
+ {
+ }
+
+ OperandSubstitution(NodeIndex oldChild, NodeIndex newChild)
+ : oldChild(oldChild)
+ , newChild(newChild)
+ {
+ ASSERT((oldChild == NoNode) == (newChild == NoNode));
+ }
+
+ void dump(FILE* out)
+ {
+ if (oldChild == NoNode)
+ fprintf(out, "-");
+ else
+ fprintf(out, "@%u -> @%u", oldChild, newChild);
+ }
+
+ NodeIndex oldChild;
+ NodeIndex newChild;
+ };
+
+ NodeIndex skipGetLocal(NodeIndex nodeIndex)
+ {
+ if (nodeIndex == NoNode)
+ return NoNode;
+ Node& node = m_graph[nodeIndex];
+ if (node.op() == GetLocal)
+ return node.child1().index();
+ return nodeIndex;
+ }
+
+ void recordPossibleIncomingReference(
+ BasicBlock* secondBlock, Operands<OperandSubstitution>& substitutions, int operand)
+ {
+ substitutions.operand(operand) = OperandSubstitution(
+ skipGetLocal(secondBlock->variablesAtTail.operand(operand)));
+ }
+
+ void recordNewTarget(Operands<OperandSubstitution>& substitutions, int operand, NodeIndex nodeIndex)
+ {
+ ASSERT(m_graph[nodeIndex].op() == SetLocal
+ || m_graph[nodeIndex].op() == SetArgument
+ || m_graph[nodeIndex].op() == Flush
+ || m_graph[nodeIndex].op() == Phi);
+ substitutions.operand(operand).newChild = nodeIndex;
+ }
+
+ void fixTailOperand(
+ BasicBlock* firstBlock, BasicBlock* secondBlock, int operand,
+ Operands<OperandSubstitution>& substitutions)
+ {
+ NodeIndex atSecondTail = secondBlock->variablesAtTail.operand(operand);
+
+ if (atSecondTail == NoNode) {
+ // If the variable is dead at the end of the second block, then do nothing; essentially
+ // this means that we want the tail state to reflect whatever the first block did.
+ return;
+ }
+
+ Node& secondNode = m_graph[atSecondTail];
+
+ switch (secondNode.op()) {
+ case SetLocal:
+ case Flush: {
+ // The second block did interesting things to the variables, so update the tail
+ // accordingly.
+ firstBlock->variablesAtTail.operand(operand) = atSecondTail;
+ break;
+ }
+
+ case Phi: {
+ // Keep what was in the first block.
+ ASSERT(firstBlock->variablesAtTail.operand(operand) != NoNode);
+ recordNewTarget(substitutions, operand, skipGetLocal(firstBlock->variablesAtTail.operand(operand)));
+ break;
+ }
+
+ case GetLocal: {
+ // If it's a GetLocal on a captured var, then definitely keep what was
+ // in the second block. In particular, it's possible that the first
+ // block doesn't even know about this variable.
+ if (secondNode.variableAccessData()->isCaptured()) {
+ firstBlock->variablesAtTail.operand(operand) = atSecondTail;
+ recordNewTarget(substitutions, operand, secondNode.child1().index());
+ break;
+ }
+
+ // It's possible that the second block had a GetLocal and the first block
+ // had a SetArgument or a Phi. Then update the tail. Otherwise keep what was in the
+ // first block.
+ NodeIndex atFirstTail = firstBlock->variablesAtTail.operand(operand);
+ ASSERT(atFirstTail != NoNode);
+ switch (m_graph[atFirstTail].op()) {
+ case SetArgument:
+ case Phi:
+ firstBlock->variablesAtTail.operand(operand) = atSecondTail;
+ recordNewTarget(substitutions, operand, secondNode.child1().index());
+ break;
+
+ default:
+ // Keep what was in the first block, and adjust the substitution to account for
+ // the fact that successors will refer to the child of the GetLocal.
+ ASSERT(firstBlock->variablesAtTail.operand(operand) != NoNode);
+ recordNewTarget(substitutions, operand, skipGetLocal(firstBlock->variablesAtTail.operand(operand)));
+ break;
+ }
+ break;
+ }
+
+ default:
+ ASSERT_NOT_REACHED();
+ }
+ }
+
+ void mergeBlocks(
+ BlockIndex firstBlockIndex, BlockIndex secondBlockIndex, BlockIndex jettisonedBlockIndex)
+ {
+ // This will add all of the nodes in secondBlock to firstBlock, but in so doing
+ // it will also ensure that any GetLocals from the second block that refer to
+ // SetLocals in the first block are relinked. If jettisonedBlock is not NoBlock,
+ // then Phantoms are inserted for anything that the jettisonedBlock would have
+ // kept alive.
+
+ BasicBlock* firstBlock = m_graph.m_blocks[firstBlockIndex].get();
+ BasicBlock* secondBlock = m_graph.m_blocks[secondBlockIndex].get();
+
+ // Remove the terminal of firstBlock since we don't need it anymore. Well, we don't
+ // really remove it; we actually turn it into a Phantom.
+ ASSERT(m_graph[firstBlock->last()].isTerminal());
+ CodeOrigin boundaryCodeOrigin = m_graph[firstBlock->last()].codeOrigin;
+ m_graph[firstBlock->last()].setOpAndDefaultFlags(Phantom);
+ ASSERT(m_graph[firstBlock->last()].refCount() == 1);
+
+ if (jettisonedBlockIndex != NoBlock) {
+ BasicBlock* jettisonedBlock = m_graph.m_blocks[jettisonedBlockIndex].get();
+
+ // Time to insert ghosties for things that need to be kept alive in case we OSR
+ // exit prior to hitting the firstBlock's terminal, and end up going down a
+ // different path than secondBlock.
+
+ for (size_t i = 0; i < jettisonedBlock->variablesAtHead.numberOfArguments(); ++i)
+ keepOperandAlive(firstBlock, boundaryCodeOrigin, argumentToOperand(i));
+ for (size_t i = 0; i < jettisonedBlock->variablesAtHead.numberOfLocals(); ++i)
+ keepOperandAlive(firstBlock, boundaryCodeOrigin, i);
+ }
+
+ for (size_t i = 0; i < secondBlock->phis.size(); ++i)
+ firstBlock->phis.append(secondBlock->phis[i]);
+
+ // Before we start changing the second block's graph, record what nodes would
+ // be referenced by successors of the second block.
+ Operands<OperandSubstitution> substitutions(
+ secondBlock->variablesAtTail.numberOfArguments(),
+ secondBlock->variablesAtTail.numberOfLocals());
+ for (size_t i = 0; i < secondBlock->variablesAtTail.numberOfArguments(); ++i)
+ recordPossibleIncomingReference(secondBlock, substitutions, argumentToOperand(i));
+ for (size_t i = 0; i < secondBlock->variablesAtTail.numberOfLocals(); ++i)
+ recordPossibleIncomingReference(secondBlock, substitutions, i);
+
+ for (size_t i = 0; i < secondBlock->size(); ++i) {
+ NodeIndex nodeIndex = secondBlock->at(i);
+ Node& node = m_graph[nodeIndex];
+
+ switch (node.op()) {
+ case Phantom: {
+ if (!node.child1())
+ break;
+
+ ASSERT(node.shouldGenerate());
+ Node& possibleLocalOp = m_graph[node.child1()];
+ if (possibleLocalOp.hasLocal()) {
+ NodeIndex setLocalIndex =
+ firstBlock->variablesAtTail.operand(possibleLocalOp.local());
+ Node& setLocal = m_graph[setLocalIndex];
+ if (setLocal.op() == SetLocal)
+ m_graph.changeEdge(node.children.child1(), setLocal.child1());
+ }
+ break;
+ }
+
+ case Flush:
+ case GetLocal: {
+ // A Flush could use a GetLocal, SetLocal, SetArgument, or a Phi.
+ // If it uses a GetLocal, it'll be taken care of below. If it uses a
+ // SetLocal or SetArgument, then it must be using a node from the
+ // same block. But if it uses a Phi, then we should redirect it to
+ // use whatever the first block advertised as a tail operand.
+ // Similarly for GetLocal; it could use any of those except for
+ // GetLocal. If it uses a Phi then it should be redirected to use a
+ // Phi from the tail operand.
+ if (m_graph[node.child1()].op() != Phi)
+ break;
+
+ NodeIndex atFirstIndex = firstBlock->variablesAtTail.operand(node.local());
+ m_graph.changeEdge(node.children.child1(), Edge(skipGetLocal(atFirstIndex)), node.shouldGenerate());
+ break;
+ }
+
+ default:
+ break;
+ }
+
+ bool changeRef = node.shouldGenerate();
+
+ // If the child is a GetLocal, then we might like to fix it.
+ if (node.flags() & NodeHasVarArgs) {
+ for (unsigned childIdx = node.firstChild();
+ childIdx < node.firstChild() + node.numChildren();
+ ++childIdx)
+ fixPossibleGetLocal(firstBlock, m_graph.m_varArgChildren[childIdx], changeRef);
+ } else if (!!node.child1()) {
+ fixPossibleGetLocal(firstBlock, node.children.child1(), changeRef);
+ if (!!node.child2()) {
+ fixPossibleGetLocal(firstBlock, node.children.child2(), changeRef);
+ if (!!node.child3())
+ fixPossibleGetLocal(firstBlock, node.children.child3(), changeRef);
+ }
+ }
+
+ firstBlock->append(nodeIndex);
+ }
+
+ ASSERT(m_graph[firstBlock->last()].isTerminal());
+
+ // Fix the predecessors of my new successors. This is tricky, since we are going to reset
+ // all predecessors anyway due to reachability analysis. But we need to fix the
+ // predecessors eagerly to ensure that we know what they are in case the next block we
+ // consider in this phase wishes to query the predecessors of one of the blocks we
+ // affected.
+ for (unsigned i = m_graph.numSuccessors(firstBlock); i--;) {
+ BasicBlock* successor = m_graph.m_blocks[m_graph.successor(firstBlock, i)].get();
+ for (unsigned j = 0; j < successor->m_predecessors.size(); ++j) {
+ if (successor->m_predecessors[j] == secondBlockIndex)
+ successor->m_predecessors[j] = firstBlockIndex;
+ }
+ }
+
+ // Fix the predecessors of my former successors. Again, we'd rather not do this, but it's
+ // an unfortunate necessity. See above comment.
+ if (jettisonedBlockIndex != NoBlock)
+ fixJettisonedPredecessors(firstBlockIndex, jettisonedBlockIndex);
+
+ // Fix up the variables at tail.
+ for (size_t i = 0; i < secondBlock->variablesAtHead.numberOfArguments(); ++i)
+ fixTailOperand(firstBlock, secondBlock, argumentToOperand(i), substitutions);
+ for (size_t i = 0; i < secondBlock->variablesAtHead.numberOfLocals(); ++i)
+ fixTailOperand(firstBlock, secondBlock, i, substitutions);
+
+ // Fix up the references from our new successors.
+ for (unsigned i = m_graph.numSuccessors(firstBlock); i--;) {
+ BasicBlock* successor = m_graph.m_blocks[m_graph.successor(firstBlock, i)].get();
+ for (unsigned j = 0; j < successor->phis.size(); ++j) {
+ NodeIndex phiNodeIndex = successor->phis[j];
+ Node& phiNode = m_graph[phiNodeIndex];
+ bool changeRef = phiNode.shouldGenerate();
+ OperandSubstitution substitution = substitutions.operand(phiNode.local());
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Performing operand substitution @%u -> @%u.\n",
+ substitution.oldChild, substitution.newChild);
+#endif
+ if (!phiNode.child1())
+ continue;
+ if (phiNode.child1().index() == substitution.oldChild)
+ m_graph.changeIndex(phiNode.children.child1(), substitution.newChild, changeRef);
+ if (!phiNode.child2())
+ continue;
+ if (phiNode.child2().index() == substitution.oldChild)
+ m_graph.changeIndex(phiNode.children.child2(), substitution.newChild, changeRef);
+ if (!phiNode.child3())
+ continue;
+ if (phiNode.child3().index() == substitution.oldChild)
+ m_graph.changeIndex(phiNode.children.child3(), substitution.newChild, changeRef);
+ }
+ }
+
+ firstBlock->valuesAtTail = secondBlock->valuesAtTail;
+
+ m_graph.m_blocks[secondBlockIndex].clear();
+ }
+};
+
+bool performCFGSimplification(Graph& graph)
+{
+ return runPhase<CFGSimplificationPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+
diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.h b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.h
new file mode 100644
index 000000000..a0f4856a4
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGCFGSimplificationPhase_h
+#define DFGCFGSimplificationPhase_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+// CFG simplification:
+//
+// jump to single predecessor -> merge blocks
+// branch on constant -> jump
+// branch to same blocks -> jump
+// jump-only block -> remove
+// kill dead code
+
+bool performCFGSimplification(Graph&);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGCFGSimplificationPhase_h
+
diff --git a/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp b/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp
index 020b1cfd2..842bcc236 100644
--- a/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp
@@ -35,8 +35,9 @@ namespace JSC { namespace DFG {
class CSEPhase : public Phase {
public:
- CSEPhase(Graph& graph)
+ CSEPhase(Graph& graph, OptimizationFixpointState fixpointState)
: Phase(graph, "common subexpression elimination")
+ , m_fixpointState(fixpointState)
{
// Replacements are used to implement local common subexpression elimination.
m_replacements.resize(m_graph.size());
@@ -45,10 +46,11 @@ public:
m_replacements[i] = NoNode;
}
- void run()
+ bool run()
{
for (unsigned block = 0; block < m_graph.m_blocks.size(); ++block)
- performBlockCSE(*m_graph.m_blocks[block]);
+ performBlockCSE(m_graph.m_blocks[block].get());
+ return true; // Maybe we'll need to make this reason about whether it changed the graph in an actionable way?
}
private:
@@ -123,50 +125,20 @@ private:
return NoNode;
}
- bool isPredictedNumerical(Node& node)
+ NodeIndex constantCSE(Node& node)
{
- PredictedType left = m_graph[node.child1()].prediction();
- PredictedType right = m_graph[node.child2()].prediction();
- return isNumberPrediction(left) && isNumberPrediction(right);
- }
-
- bool logicalNotIsPure(Node& node)
- {
- PredictedType prediction = m_graph[node.child1()].prediction();
- return isBooleanPrediction(prediction) || !prediction;
- }
-
- bool byValIsPure(Node& node)
- {
- return m_graph[node.child2()].shouldSpeculateInteger()
- && ((node.op() == PutByVal || node.op() == PutByValAlias)
- ? isActionableMutableArrayPrediction(m_graph[node.child1()].prediction())
- : isActionableArrayPrediction(m_graph[node.child1()].prediction()));
- }
-
- bool clobbersWorld(NodeIndex nodeIndex)
- {
- Node& node = m_graph[nodeIndex];
- if (node.flags() & NodeClobbersWorld)
- return true;
- if (!(node.flags() & NodeMightClobber))
- return false;
- switch (node.op()) {
- case ValueAdd:
- case CompareLess:
- case CompareLessEq:
- case CompareGreater:
- case CompareGreaterEq:
- case CompareEq:
- return !isPredictedNumerical(node);
- case LogicalNot:
- return !logicalNotIsPure(node);
- case GetByVal:
- return !byValIsPure(node);
- default:
- ASSERT_NOT_REACHED();
- return true; // If by some oddity we hit this case in release build it's safer to have CSE assume the worst.
+ for (unsigned i = endIndexForPureCSE(); i--;) {
+ NodeIndex index = m_currentBlock->at(i);
+ Node& otherNode = m_graph[index];
+ if (otherNode.op() != JSConstant)
+ continue;
+
+ if (otherNode.constantNumber() != node.constantNumber())
+ continue;
+
+ return index;
}
+ return NoNode;
}
NodeIndex impureCSE(Node& node)
@@ -199,7 +171,7 @@ private:
}
}
}
- if (clobbersWorld(index))
+ if (m_graph.clobbersWorld(index))
break;
}
return NoNode;
@@ -222,7 +194,7 @@ private:
default:
break;
}
- if (clobbersWorld(index))
+ if (m_graph.clobbersWorld(index))
break;
}
return NoNode;
@@ -238,14 +210,14 @@ private:
Node& node = m_graph[index];
switch (node.op()) {
case GetByVal:
- if (!byValIsPure(node))
+ if (!m_graph.byValIsPure(node))
return NoNode;
if (node.child1() == child1 && canonicalize(node.child2()) == canonicalize(child2))
return index;
break;
case PutByVal:
case PutByValAlias:
- if (!byValIsPure(node))
+ if (!m_graph.byValIsPure(node))
return NoNode;
if (node.child1() == child1 && canonicalize(node.child2()) == canonicalize(child2))
return node.child3().index();
@@ -264,7 +236,7 @@ private:
// A push cannot affect previously existing elements in the array.
break;
default:
- if (clobbersWorld(index))
+ if (m_graph.clobbersWorld(index))
return NoNode;
break;
}
@@ -315,7 +287,7 @@ private:
case PutByVal:
case PutByValAlias:
- if (byValIsPure(node)) {
+ if (m_graph.byValIsPure(node)) {
// If PutByVal speculates that it's accessing an array with an
// integer index, then it's impossible for it to cause a structure
// change.
@@ -324,7 +296,7 @@ private:
return false;
default:
- if (clobbersWorld(index))
+ if (m_graph.clobbersWorld(index))
return false;
break;
}
@@ -336,7 +308,7 @@ private:
{
for (unsigned i = m_indexInBlock; i--;) {
NodeIndex index = m_currentBlock->at(i);
- if (index == child1)
+ if (index == child1)
break;
Node& node = m_graph[index];
@@ -349,7 +321,7 @@ private:
case PutByOffset:
if (m_graph.m_storageAccessData[node.storageAccessDataIndex()].identifierNumber == identifierNumber) {
- if (node.child2() == child1)
+ if (node.child1() == child1) // Must be same property storage.
return node.child3().index();
return NoNode;
}
@@ -361,7 +333,7 @@ private:
case PutByVal:
case PutByValAlias:
- if (byValIsPure(node)) {
+ if (m_graph.byValIsPure(node)) {
// If PutByVal speculates that it's accessing an array with an
// integer index, then it's impossible for it to cause a structure
// change.
@@ -370,7 +342,7 @@ private:
return NoNode;
default:
- if (clobbersWorld(index))
+ if (m_graph.clobbersWorld(index))
return NoNode;
break;
}
@@ -400,7 +372,7 @@ private:
case PutByVal:
case PutByValAlias:
- if (byValIsPure(node)) {
+ if (m_graph.byValIsPure(node)) {
// If PutByVal speculates that it's accessing an array with an
// integer index, then it's impossible for it to cause a structure
// change.
@@ -409,7 +381,7 @@ private:
return NoNode;
default:
- if (clobbersWorld(index))
+ if (m_graph.clobbersWorld(index))
return NoNode;
break;
}
@@ -445,12 +417,12 @@ private:
break;
case PutByVal:
- if (isFixedIndexedStorageObjectPrediction(m_graph[node.child1()].prediction()) && byValIsPure(node))
+ if (isFixedIndexedStorageObjectPrediction(m_graph[node.child1()].prediction()) && m_graph.byValIsPure(node))
break;
return NoNode;
default:
- if (clobbersWorld(index))
+ if (m_graph.clobbersWorld(index))
return NoNode;
break;
}
@@ -470,6 +442,44 @@ private:
return NoNode;
}
+ NodeIndex getLocalLoadElimination(VirtualRegister local, NodeIndex& relevantLocalOp)
+ {
+ relevantLocalOp = NoNode;
+
+ for (unsigned i = m_indexInBlock; i--;) {
+ NodeIndex index = m_currentBlock->at(i);
+ Node& node = m_graph[index];
+ switch (node.op()) {
+ case GetLocal:
+ if (node.local() == local) {
+ relevantLocalOp = index;
+ return index;
+ }
+ break;
+
+ case GetLocalUnlinked:
+ if (node.unlinkedLocal() == local) {
+ relevantLocalOp = index;
+ return index;
+ }
+ break;
+
+ case SetLocal:
+ if (node.local() == local) {
+ relevantLocalOp = index;
+ return node.child1().index();
+ }
+ break;
+
+ default:
+ if (m_graph.clobbersWorld(index))
+ return NoNode;
+ break;
+ }
+ }
+ return NoNode;
+ }
+
void performSubstitution(Edge& child, bool addRef = true)
{
// Check if this operand is actually unused.
@@ -491,15 +501,15 @@ private:
m_graph[child].ref();
}
- void setReplacement(NodeIndex replacement)
+ bool setReplacement(NodeIndex replacement)
{
if (replacement == NoNode)
- return;
+ return false;
// Be safe. Don't try to perform replacements if the predictions don't
// agree.
if (m_graph[m_compileIndex].prediction() != m_graph[replacement].prediction())
- return;
+ return false;
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
dataLog(" Replacing @%u -> @%u", m_compileIndex, replacement);
@@ -511,6 +521,8 @@ private:
// At this point we will eliminate all references to this node.
m_replacements[m_compileIndex] = replacement;
+
+ return true;
}
void eliminate()
@@ -594,9 +606,51 @@ private:
case IsObject:
case IsFunction:
case DoubleAsInt32:
+ case LogicalNot:
setReplacement(pureCSE(node));
break;
+ case GetLocal: {
+ VariableAccessData* variableAccessData = node.variableAccessData();
+ if (!variableAccessData->isCaptured())
+ break;
+ NodeIndex relevantLocalOp;
+ NodeIndex possibleReplacement = getLocalLoadElimination(variableAccessData->local(), relevantLocalOp);
+ ASSERT(relevantLocalOp == NoNode
+ || m_graph[relevantLocalOp].op() == GetLocalUnlinked
+ || m_graph[relevantLocalOp].variableAccessData() == variableAccessData);
+ NodeIndex phiIndex = node.child1().index();
+ if (!setReplacement(possibleReplacement))
+ break;
+ NodeIndex oldTailIndex = m_currentBlock->variablesAtTail.operand(
+ variableAccessData->local());
+ if (oldTailIndex == m_compileIndex) {
+ m_currentBlock->variablesAtTail.operand(variableAccessData->local()) =
+ relevantLocalOp;
+
+ // Maintain graph integrity: since we're replacing a GetLocal with a GetLocalUnlinked,
+ // make sure that the GetLocalUnlinked is now linked.
+ if (m_graph[relevantLocalOp].op() == GetLocalUnlinked) {
+ m_graph[relevantLocalOp].setOp(GetLocal);
+ m_graph[relevantLocalOp].children.child1() = Edge(phiIndex);
+ m_graph.ref(phiIndex);
+ }
+ }
+ break;
+ }
+
+ case GetLocalUnlinked: {
+ NodeIndex relevantLocalOpIgnored;
+ setReplacement(getLocalLoadElimination(node.unlinkedLocal(), relevantLocalOpIgnored));
+ break;
+ }
+
+ case JSConstant:
+ // This is strange, but necessary. Some phases will convert nodes to constants,
+ // which may result in duplicated constants. We use CSE to clean this up.
+ setReplacement(constantCSE(node));
+ break;
+
case GetArrayLength:
setReplacement(impureCSE(node));
break;
@@ -613,18 +667,9 @@ private:
case CompareGreater:
case CompareGreaterEq:
case CompareEq: {
- if (isPredictedNumerical(node)) {
- NodeIndex replacementIndex = pureCSE(node);
- if (replacementIndex != NoNode && isPredictedNumerical(m_graph[replacementIndex]))
- setReplacement(replacementIndex);
- }
- break;
- }
-
- case LogicalNot: {
- if (logicalNotIsPure(node)) {
+ if (m_graph.isPredictedNumerical(node)) {
NodeIndex replacementIndex = pureCSE(node);
- if (replacementIndex != NoNode && logicalNotIsPure(m_graph[replacementIndex]))
+ if (replacementIndex != NoNode && m_graph.isPredictedNumerical(m_graph[replacementIndex]))
setReplacement(replacementIndex);
}
break;
@@ -637,12 +682,14 @@ private:
break;
case GetByVal:
- if (byValIsPure(node))
+ if (m_graph.byValIsPure(node))
setReplacement(getByValLoadElimination(node.child1().index(), node.child2().index()));
break;
case PutByVal:
- if (byValIsPure(node) && getByValLoadElimination(node.child1().index(), node.child2().index()) != NoNode)
+ if (m_graph.byValIsPure(node)
+ && !m_graph[node.child1()].shouldSpeculateArguments()
+ && getByValLoadElimination(node.child1().index(), node.child2().index()) != NoNode)
node.setOp(PutByValAlias);
break;
@@ -682,14 +729,19 @@ private:
#endif
}
- void performBlockCSE(BasicBlock& block)
+ void performBlockCSE(BasicBlock* block)
{
- m_currentBlock = &block;
+ if (!block)
+ return;
+ if (!block->isReachable)
+ return;
+
+ m_currentBlock = block;
for (unsigned i = 0; i < LastNodeType; ++i)
m_lastSeen[i] = UINT_MAX;
- for (m_indexInBlock = 0; m_indexInBlock < block.size(); ++m_indexInBlock) {
- m_compileIndex = block[m_indexInBlock];
+ for (m_indexInBlock = 0; m_indexInBlock < block->size(); ++m_indexInBlock) {
+ m_compileIndex = block->at(m_indexInBlock);
performNodeCSE(m_graph[m_compileIndex]);
}
}
@@ -699,11 +751,12 @@ private:
unsigned m_indexInBlock;
Vector<NodeIndex, 16> m_replacements;
FixedArray<unsigned, LastNodeType> m_lastSeen;
+ OptimizationFixpointState m_fixpointState;
};
-void performCSE(Graph& graph)
+bool performCSE(Graph& graph, OptimizationFixpointState fixpointState)
{
- runPhase<CSEPhase>(graph);
+ return runPhase<CSEPhase>(graph, fixpointState);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGCSEPhase.h b/Source/JavaScriptCore/dfg/DFGCSEPhase.h
index 3f13f102b..7e33c2243 100644
--- a/Source/JavaScriptCore/dfg/DFGCSEPhase.h
+++ b/Source/JavaScriptCore/dfg/DFGCSEPhase.h
@@ -30,6 +30,8 @@
#if ENABLE(DFG_JIT)
+#include "DFGCommon.h"
+
namespace JSC { namespace DFG {
class Graph;
@@ -39,7 +41,7 @@ class Graph;
// a wide range of subexpression similarities. It's known to produce big wins
// on a few benchmarks, and is relatively cheap to run.
-void performCSE(Graph&);
+bool performCSE(Graph&, OptimizationFixpointState);
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGCapabilities.cpp b/Source/JavaScriptCore/dfg/DFGCapabilities.cpp
index 450a5d83e..910c3d986 100644
--- a/Source/JavaScriptCore/dfg/DFGCapabilities.cpp
+++ b/Source/JavaScriptCore/dfg/DFGCapabilities.cpp
@@ -34,33 +34,56 @@ namespace JSC { namespace DFG {
#if ENABLE(DFG_JIT)
-static inline void debugFail(CodeBlock* codeBlock, OpcodeID opcodeID)
+static inline void debugFail(CodeBlock* codeBlock, OpcodeID opcodeID, bool result)
{
+ ASSERT_UNUSED(result, !result);
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("Cannot handle code block %p because of opcode %s.\n", codeBlock, opcodeNames[opcodeID]);
#else
UNUSED_PARAM(codeBlock);
UNUSED_PARAM(opcodeID);
+ UNUSED_PARAM(result);
#endif
}
-template<bool (*canHandleOpcode)(OpcodeID)>
-bool canHandleOpcodes(CodeBlock* codeBlock)
+static inline void debugFail(CodeBlock* codeBlock, OpcodeID opcodeID, CapabilityLevel result)
+{
+ ASSERT(result != CanCompile);
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ if (result == CannotCompile)
+ dataLog("Cannot handle code block %p because of opcode %s.\n", codeBlock, opcodeNames[opcodeID]);
+ else {
+ ASSERT(result == ShouldProfile);
+ dataLog("Cannot compile code block %p because of opcode %s, but inlining might be possible.\n", codeBlock, opcodeNames[opcodeID]);
+ }
+#else
+ UNUSED_PARAM(codeBlock);
+ UNUSED_PARAM(opcodeID);
+ UNUSED_PARAM(result);
+#endif
+}
+
+template<typename ReturnType, ReturnType (*canHandleOpcode)(OpcodeID, CodeBlock*, Instruction*)>
+ReturnType canHandleOpcodes(CodeBlock* codeBlock, ReturnType initialValue)
{
Interpreter* interpreter = codeBlock->globalData()->interpreter;
Instruction* instructionsBegin = codeBlock->instructions().begin();
unsigned instructionCount = codeBlock->instructions().size();
+ ReturnType result = initialValue;
for (unsigned bytecodeOffset = 0; bytecodeOffset < instructionCount; ) {
switch (interpreter->getOpcodeID(instructionsBegin[bytecodeOffset].u.opcode)) {
-#define DEFINE_OP(opcode, length) \
- case opcode: \
- if (!canHandleOpcode(opcode)) { \
- debugFail(codeBlock, opcode); \
- return false; \
- } \
- bytecodeOffset += length; \
- break;
+#define DEFINE_OP(opcode, length) \
+ case opcode: { \
+ ReturnType current = canHandleOpcode( \
+ opcode, codeBlock, instructionsBegin + bytecodeOffset); \
+ if (current < result) { \
+ result = current; \
+ debugFail(codeBlock, opcode, current); \
+ } \
+ bytecodeOffset += length; \
+ break; \
+ }
FOR_EACH_OPCODE_ID(DEFINE_OP)
#undef DEFINE_OP
default:
@@ -69,19 +92,19 @@ bool canHandleOpcodes(CodeBlock* codeBlock)
}
}
- return true;
+ return result;
}
-bool canCompileOpcodes(CodeBlock* codeBlock)
+CapabilityLevel canCompileOpcodes(CodeBlock* codeBlock)
{
if (!MacroAssembler::supportsFloatingPoint())
- return false;
- return canHandleOpcodes<canCompileOpcode>(codeBlock);
+ return CannotCompile;
+ return canHandleOpcodes<CapabilityLevel, canCompileOpcode>(codeBlock, CanCompile);
}
bool canInlineOpcodes(CodeBlock* codeBlock)
{
- return canHandleOpcodes<canInlineOpcode>(codeBlock);
+ return canHandleOpcodes<bool, canInlineOpcode>(codeBlock, true);
}
#endif
diff --git a/Source/JavaScriptCore/dfg/DFGCapabilities.h b/Source/JavaScriptCore/dfg/DFGCapabilities.h
index 8aae85ef7..694e886ee 100644
--- a/Source/JavaScriptCore/dfg/DFGCapabilities.h
+++ b/Source/JavaScriptCore/dfg/DFGCapabilities.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -27,6 +27,7 @@
#define DFGCapabilities_h
#include "Intrinsic.h"
+#include "DFGCommon.h"
#include "DFGNode.h"
#include "Executable.h"
#include "Options.h"
@@ -67,7 +68,7 @@ inline bool mightInlineFunctionForConstruct(CodeBlock* codeBlock)
}
// Opcode checking.
-inline bool canCompileOpcode(OpcodeID opcodeID)
+inline CapabilityLevel canCompileOpcode(OpcodeID opcodeID, CodeBlock*, Instruction*)
{
switch (opcodeID) {
case op_enter:
@@ -163,16 +164,24 @@ inline bool canCompileOpcode(OpcodeID opcodeID)
case op_init_lazy_reg:
case op_create_activation:
case op_tear_off_activation:
+ case op_create_arguments:
+ case op_tear_off_arguments:
case op_new_func:
case op_new_func_exp:
- return true;
+ case op_get_argument_by_val:
+ case op_get_arguments_length:
+ case op_jneq_ptr:
+ return CanCompile;
+ case op_call_varargs:
+ return ShouldProfile;
+
default:
- return false;
+ return CannotCompile;
}
}
-inline bool canInlineOpcode(OpcodeID opcodeID)
+inline bool canInlineOpcode(OpcodeID opcodeID, CodeBlock* codeBlock, Instruction* pc)
{
switch (opcodeID) {
@@ -190,22 +199,25 @@ inline bool canInlineOpcode(OpcodeID opcodeID)
// Inlining doesn't correctly remap regular expression operands.
case op_new_regexp:
- return false;
// We don't support inlining code that creates activations or has nested functions.
- case op_init_lazy_reg:
case op_create_activation:
case op_tear_off_activation:
case op_new_func:
case op_new_func_exp:
return false;
+ // Inlining supports op_call_varargs if it's a call that just forwards the caller's
+ // arguments.
+ case op_call_varargs:
+ return codeBlock->usesArguments() && pc[3].u.operand == codeBlock->argumentsRegister();
+
default:
- return canCompileOpcode(opcodeID);
+ return canCompileOpcode(opcodeID, codeBlock, pc) == CanCompile;
}
}
-bool canCompileOpcodes(CodeBlock*);
+CapabilityLevel canCompileOpcodes(CodeBlock*);
bool canInlineOpcodes(CodeBlock*);
#else // ENABLE(DFG_JIT)
inline bool mightCompileEval(CodeBlock*) { return false; }
@@ -215,30 +227,42 @@ inline bool mightCompileFunctionForConstruct(CodeBlock*) { return false; }
inline bool mightInlineFunctionForCall(CodeBlock*) { return false; }
inline bool mightInlineFunctionForConstruct(CodeBlock*) { return false; }
-inline bool canCompileOpcode(OpcodeID) { return false; }
-inline bool canInlineOpcode(OpcodeID) { return false; }
-inline bool canCompileOpcodes(CodeBlock*) { return false; }
+inline CapabilityLevel canCompileOpcode(OpcodeID, CodeBlock*, Instruction*) { return CannotCompile; }
+inline bool canInlineOpcode(OpcodeID, CodeBlock*, Instruction*) { return false; }
+inline CapabilityLevel canCompileOpcodes(CodeBlock*) { return CannotCompile; }
inline bool canInlineOpcodes(CodeBlock*) { return false; }
#endif // ENABLE(DFG_JIT)
-inline bool canCompileEval(CodeBlock* codeBlock)
+inline CapabilityLevel canCompileEval(CodeBlock* codeBlock)
{
- return mightCompileEval(codeBlock) && canCompileOpcodes(codeBlock);
+ if (!mightCompileEval(codeBlock))
+ return CannotCompile;
+
+ return canCompileOpcodes(codeBlock);
}
-inline bool canCompileProgram(CodeBlock* codeBlock)
+inline CapabilityLevel canCompileProgram(CodeBlock* codeBlock)
{
- return mightCompileProgram(codeBlock) && canCompileOpcodes(codeBlock);
+ if (!mightCompileProgram(codeBlock))
+ return CannotCompile;
+
+ return canCompileOpcodes(codeBlock);
}
-inline bool canCompileFunctionForCall(CodeBlock* codeBlock)
+inline CapabilityLevel canCompileFunctionForCall(CodeBlock* codeBlock)
{
- return mightCompileFunctionForCall(codeBlock) && canCompileOpcodes(codeBlock);
+ if (!mightCompileFunctionForCall(codeBlock))
+ return CannotCompile;
+
+ return canCompileOpcodes(codeBlock);
}
-inline bool canCompileFunctionForConstruct(CodeBlock* codeBlock)
+inline CapabilityLevel canCompileFunctionForConstruct(CodeBlock* codeBlock)
{
- return mightCompileFunctionForConstruct(codeBlock) && canCompileOpcodes(codeBlock);
+ if (!mightCompileFunctionForConstruct(codeBlock))
+ return CannotCompile;
+
+ return canCompileOpcodes(codeBlock);
}
inline bool canInlineFunctionForCall(CodeBlock* codeBlock)
diff --git a/Source/JavaScriptCore/dfg/DFGCommon.h b/Source/JavaScriptCore/dfg/DFGCommon.h
index 828bcb2a3..b2e3bb4ee 100644
--- a/Source/JavaScriptCore/dfg/DFGCommon.h
+++ b/Source/JavaScriptCore/dfg/DFGCommon.h
@@ -49,6 +49,12 @@
#else
#define DFG_ENABLE_JIT_ASSERT 0
#endif
+// Enable validation of the graph.
+#if !ASSERT_DISABLED
+#define DFG_ENABLE_VALIDATION 1
+#else
+#define DFG_ENABLE_VALIDATION 0
+#endif
// Consistency check contents compiler data structures.
#define DFG_ENABLE_CONSISTENCY_CHECK 0
// Emit a breakpoint into the head of every generated function, to aid debugging in GDB.
@@ -71,9 +77,6 @@
#define DFG_ENABLE_SUCCESS_STATS 0
// Enable verification that the DFG is able to insert code for control flow edges.
#define DFG_ENABLE_EDGE_CODE_VERIFICATION 0
-// Pretend that all variables in the top-level code block got captured. Great
-// for testing code gen for activations.
-#define DFG_ENABLE_ALL_VARIABLES_CAPTURED 0
namespace JSC { namespace DFG {
@@ -123,9 +126,23 @@ inline bool isX86()
#endif
}
+enum SpillRegistersMode { NeedToSpill, DontSpill };
+
+enum NoResultTag { NoResult };
+
+enum OptimizationFixpointState { FixpointConverged, FixpointNotConverged };
+
} } // namespace JSC::DFG
#endif // ENABLE(DFG_JIT)
+namespace JSC { namespace DFG {
+
+// Put things here that must be defined even if ENABLE(DFG_JIT) is false.
+
+enum CapabilityLevel { CannotCompile, ShouldProfile, CanCompile, CapabilityLevelNotSet };
+
+} } // namespace JSC::DFG
+
#endif // DFGCommon_h
diff --git a/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp b/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
new file mode 100644
index 000000000..b2b74ba04
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGConstantFoldingPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGAbstractState.h"
+#include "DFGBasicBlock.h"
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+#include "DFGPhase.h"
+
+namespace JSC { namespace DFG {
+
+class ConstantFoldingPhase : public Phase {
+public:
+ ConstantFoldingPhase(Graph& graph)
+ : Phase(graph, "constant folding")
+ {
+ }
+
+ bool run()
+ {
+ bool changed = false;
+
+ AbstractState state(m_graph);
+ InsertionSet<NodeIndex> insertionSet;
+
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ if (!block->cfaFoundConstants)
+ continue;
+ state.beginBasicBlock(block);
+ for (unsigned indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
+ if (!state.isValid())
+ break;
+ state.execute(indexInBlock);
+ NodeIndex nodeIndex = block->at(indexInBlock);
+ Node& node = m_graph[nodeIndex];
+ if (!node.shouldGenerate()
+ || m_graph.clobbersWorld(node)
+ || node.hasConstant())
+ continue;
+ JSValue value = state.forNode(nodeIndex).value();
+ if (!value)
+ continue;
+
+ Node phantom(Phantom, node.codeOrigin);
+
+ if (node.op() == GetLocal) {
+ ASSERT(m_graph[node.child1()].op() == Phi);
+ ASSERT(!m_graph[node.child1()].hasResult());
+
+ ASSERT(block->variablesAtHead.operand(node.local()) == nodeIndex);
+ ASSERT(block->isInPhis(node.child1().index()));
+ block->variablesAtHead.operand(node.local()) = node.child1().index();
+
+ NodeIndex tailNodeIndex = block->variablesAtTail.operand(node.local());
+ if (tailNodeIndex == nodeIndex)
+ block->variablesAtTail.operand(node.local()) = node.child1().index();
+ else {
+ ASSERT(m_graph[tailNodeIndex].op() == Flush
+ || m_graph[tailNodeIndex].op() == SetLocal);
+ }
+ }
+
+ phantom.children = node.children;
+ phantom.ref();
+
+ m_graph.convertToConstant(nodeIndex, value);
+ NodeIndex phantomNodeIndex = m_graph.size();
+ m_graph.append(phantom);
+ insertionSet.append(indexInBlock, phantomNodeIndex);
+
+ changed = true;
+ }
+ insertionSet.execute(*block);
+ state.reset();
+ }
+
+ return changed;
+ }
+};
+
+bool performConstantFolding(Graph& graph)
+{
+ return runPhase<ConstantFoldingPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+
diff --git a/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.h b/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.h
new file mode 100644
index 000000000..cde16806c
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGConstantFoldingPhase_h
+#define DFGConstantFoldingPhase_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+// CFA-based constant folding. Walks those blocks marked by the CFA as having
+// inferred constants, and replaces those nodes with constants whilst injecting
+// Phantom nodes to keep the children alive (which is necessary for OSR exit).
+
+bool performConstantFolding(Graph&);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGConstantFoldingPhase_h
+
diff --git a/Source/JavaScriptCore/dfg/DFGDominators.cpp b/Source/JavaScriptCore/dfg/DFGDominators.cpp
new file mode 100644
index 000000000..0b23d96a7
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGDominators.cpp
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGDominators.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGGraph.h"
+
+namespace JSC { namespace DFG {
+
+Dominators::Dominators()
+ : m_valid(false)
+{
+}
+
+Dominators::~Dominators()
+{
+}
+
+void Dominators::compute(Graph& graph)
+{
+ // This implements a naive dominator solver.
+
+ ASSERT(graph.m_blocks[0]->m_predecessors.isEmpty());
+
+ unsigned numBlocks = graph.m_blocks.size();
+
+ if (numBlocks > m_results.size()) {
+ m_results.grow(numBlocks);
+ for (unsigned i = numBlocks; i--;)
+ m_results[i].resize(numBlocks);
+ m_scratch.resize(numBlocks);
+ }
+
+ m_results[0].clearAll();
+ m_results[0].set(0);
+
+ m_scratch.clearAll();
+ for (unsigned i = numBlocks; i--;) {
+ if (!graph.m_blocks[i])
+ continue;
+ m_scratch.set(i);
+ }
+
+ for (unsigned i = numBlocks; i-- > 1;) {
+ if (!graph.m_blocks[i] || graph.m_blocks[i]->m_predecessors.isEmpty())
+ m_results[i].clearAll();
+ else
+ m_results[i].set(m_scratch);
+ }
+
+ bool changed;
+ do {
+ changed = false;
+ for (unsigned i = 1; i < numBlocks; ++i)
+ changed |= iterateForBlock(graph, i);
+ if (!changed)
+ break;
+
+ changed = false;
+ for (unsigned i = numBlocks; i-- > 1;)
+ changed |= iterateForBlock(graph, i);
+ } while (changed);
+
+ m_valid = true;
+}
+
+bool Dominators::iterateForBlock(Graph& graph, BlockIndex i)
+{
+ BasicBlock* block = graph.m_blocks[i].get();
+ if (!block)
+ return false;
+ if (block->m_predecessors.isEmpty())
+ return false;
+ m_scratch.set(m_results[block->m_predecessors[0]]);
+ for (unsigned j = block->m_predecessors.size(); j-- > 1;)
+ m_scratch.filter(m_results[block->m_predecessors[j]]);
+ m_scratch.set(i);
+ return m_results[i].setAndCheck(m_scratch);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
diff --git a/Source/JavaScriptCore/dfg/DFGDominators.h b/Source/JavaScriptCore/dfg/DFGDominators.h
new file mode 100644
index 000000000..8eee3e899
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGDominators.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGDominators_h
+#define DFGDominators_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGCommon.h"
+#include <wtf/FastBitVector.h>
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+class Dominators {
+public:
+ Dominators();
+ ~Dominators();
+
+ void compute(Graph& graph);
+ void invalidate()
+ {
+ m_valid = false;
+ }
+ void computeIfNecessary(Graph& graph)
+ {
+ if (m_valid)
+ return;
+ compute(graph);
+ }
+
+ bool isValid() const { return m_valid; }
+
+ bool dominates(BlockIndex from, BlockIndex to) const
+ {
+ ASSERT(isValid());
+ return m_results[to].get(from);
+ }
+
+private:
+ bool iterateForBlock(Graph& graph, BlockIndex);
+
+ Vector<FastBitVector> m_results;
+ FastBitVector m_scratch;
+ bool m_valid;
+};
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGDominators_h
diff --git a/Source/JavaScriptCore/dfg/DFGDriver.cpp b/Source/JavaScriptCore/dfg/DFGDriver.cpp
index f583a8d63..6ebe338f5 100644
--- a/Source/JavaScriptCore/dfg/DFGDriver.cpp
+++ b/Source/JavaScriptCore/dfg/DFGDriver.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -28,32 +28,36 @@
#if ENABLE(DFG_JIT)
+#include "DFGArgumentsSimplificationPhase.h"
#include "DFGByteCodeParser.h"
#include "DFGCFAPhase.h"
+#include "DFGCFGSimplificationPhase.h"
#include "DFGCSEPhase.h"
+#include "DFGConstantFoldingPhase.h"
#include "DFGFixupPhase.h"
#include "DFGJITCompiler.h"
#include "DFGPredictionPropagationPhase.h"
#include "DFGRedundantPhiEliminationPhase.h"
+#include "DFGValidate.h"
#include "DFGVirtualRegisterAllocationPhase.h"
namespace JSC { namespace DFG {
enum CompileMode { CompileFunction, CompileOther };
-inline bool compile(CompileMode compileMode, JSGlobalData& globalData, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr* jitCodeWithArityCheck)
+inline bool compile(CompileMode compileMode, ExecState* exec, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr* jitCodeWithArityCheck)
{
SamplingRegion samplingRegion("DFG Compilation (Driver)");
ASSERT(codeBlock);
ASSERT(codeBlock->alternative());
ASSERT(codeBlock->alternative()->getJITType() == JITCode::BaselineJIT);
-
+
#if DFG_ENABLE(DEBUG_VERBOSE)
- dataLog("DFG compiling code block %p(%p), number of instructions = %u.\n", codeBlock, codeBlock->alternative(), codeBlock->instructionCount());
+ dataLog("DFG compiling code block %p(%p) for executable %p, number of instructions = %u.\n", codeBlock, codeBlock->alternative(), codeBlock->ownerExecutable(), codeBlock->instructionCount());
#endif
- Graph dfg(globalData, codeBlock);
- if (!parse(dfg))
+ Graph dfg(exec->globalData(), codeBlock);
+ if (!parse(exec, dfg))
return false;
if (compileMode == CompileFunction)
@@ -65,12 +69,30 @@ inline bool compile(CompileMode compileMode, JSGlobalData& globalData, CodeBlock
// that references any of the tables directly, yet.
codeBlock->shrinkToFit(CodeBlock::EarlyShrink);
- performRedundantPhiElimination(dfg);
+ validate(dfg);
performPredictionPropagation(dfg);
performFixup(dfg);
- performCSE(dfg);
+ unsigned cnt = 1;
+ for (;; ++cnt) {
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("DFG beginning optimization fixpoint iteration #%u.\n", cnt);
+#endif
+ bool changed = false;
+ performCFA(dfg);
+ changed |= performConstantFolding(dfg);
+ changed |= performArgumentsSimplification(dfg);
+ changed |= performCFGSimplification(dfg);
+ if (!changed)
+ break;
+ performCSE(dfg, FixpointNotConverged);
+ dfg.resetExitStates();
+ }
+ performCSE(dfg, FixpointConverged);
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("DFG optimization fixpoint converged in %u iterations.\n", cnt);
+#endif
+ dfg.m_dominators.compute(dfg);
performVirtualRegisterAllocation(dfg);
- performCFA(dfg);
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("Graph after optimization:\n");
@@ -93,14 +115,14 @@ inline bool compile(CompileMode compileMode, JSGlobalData& globalData, CodeBlock
return result;
}
-bool tryCompile(JSGlobalData& globalData, CodeBlock* codeBlock, JITCode& jitCode)
+bool tryCompile(ExecState* exec, CodeBlock* codeBlock, JITCode& jitCode)
{
- return compile(CompileOther, globalData, codeBlock, jitCode, 0);
+ return compile(CompileOther, exec, codeBlock, jitCode, 0);
}
-bool tryCompileFunction(JSGlobalData& globalData, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck)
+bool tryCompileFunction(ExecState* exec, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck)
{
- return compile(CompileFunction, globalData, codeBlock, jitCode, &jitCodeWithArityCheck);
+ return compile(CompileFunction, exec, codeBlock, jitCode, &jitCodeWithArityCheck);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGDriver.h b/Source/JavaScriptCore/dfg/DFGDriver.h
index 639b13f7a..ce798d0a6 100644
--- a/Source/JavaScriptCore/dfg/DFGDriver.h
+++ b/Source/JavaScriptCore/dfg/DFGDriver.h
@@ -26,6 +26,7 @@
#ifndef DFGDriver_h
#define DFGDriver_h
+#include "CallFrame.h"
#include <wtf/Platform.h>
namespace JSC {
@@ -38,11 +39,11 @@ class MacroAssemblerCodePtr;
namespace DFG {
#if ENABLE(DFG_JIT)
-bool tryCompile(JSGlobalData&, CodeBlock*, JITCode&);
-bool tryCompileFunction(JSGlobalData&, CodeBlock*, JITCode&, MacroAssemblerCodePtr& jitCodeWithArityCheck);
+bool tryCompile(ExecState*, CodeBlock*, JITCode&);
+bool tryCompileFunction(ExecState*, CodeBlock*, JITCode&, MacroAssemblerCodePtr& jitCodeWithArityCheck);
#else
-inline bool tryCompile(JSGlobalData&, CodeBlock*, JITCode&) { return false; }
-inline bool tryCompileFunction(JSGlobalData&, CodeBlock*, JITCode&, MacroAssemblerCodePtr&) { return false; }
+inline bool tryCompile(ExecState*, CodeBlock*, JITCode&) { return false; }
+inline bool tryCompileFunction(ExecState*, CodeBlock*, JITCode&, MacroAssemblerCodePtr&) { return false; }
#endif
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGEdge.h b/Source/JavaScriptCore/dfg/DFGEdge.h
index 7b4b5b8bf..10988bf39 100644
--- a/Source/JavaScriptCore/dfg/DFGEdge.h
+++ b/Source/JavaScriptCore/dfg/DFGEdge.h
@@ -78,6 +78,10 @@ public:
}
bool isSet() const { return indexUnchecked() != NoNode; }
+
+ typedef void* Edge::*UnspecifiedBoolType;
+ operator UnspecifiedBoolType*() const { return reinterpret_cast<UnspecifiedBoolType*>(isSet()); }
+
bool operator!() const { return !isSet(); }
bool operator==(Edge other) const
diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
index 242fdf852..e54d2cfaf 100644
--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
@@ -41,15 +41,19 @@ public:
{
}
- void run()
+ bool run()
{
for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex)
fixupBlock(m_graph.m_blocks[blockIndex].get());
+ return true;
}
private:
void fixupBlock(BasicBlock* block)
{
+ if (!block)
+ return;
+ ASSERT(block->isReachable);
for (m_indexInBlock = 0; m_indexInBlock < block->size(); ++m_indexInBlock) {
m_compileIndex = block->at(m_indexInBlock);
fixupNode(m_graph[m_compileIndex]);
@@ -75,6 +79,7 @@ private:
if (codeBlock()->identifier(node.identifierNumber()) != globalData().propertyNames->length)
break;
bool isArray = isArrayPrediction(m_graph[node.child1()].prediction());
+ bool isArguments = isArgumentsPrediction(m_graph[node.child1()].prediction());
bool isString = isStringPrediction(m_graph[node.child1()].prediction());
bool isInt8Array = m_graph[node.child1()].shouldSpeculateInt8Array();
bool isInt16Array = m_graph[node.child1()].shouldSpeculateInt16Array();
@@ -85,7 +90,7 @@ private:
bool isUint32Array = m_graph[node.child1()].shouldSpeculateUint32Array();
bool isFloat32Array = m_graph[node.child1()].shouldSpeculateFloat32Array();
bool isFloat64Array = m_graph[node.child1()].shouldSpeculateFloat64Array();
- if (!isArray && !isString && !isInt8Array && !isInt16Array && !isInt32Array && !isUint8Array && !isUint8ClampedArray && !isUint16Array && !isUint32Array && !isFloat32Array && !isFloat64Array)
+ if (!isArray && !isArguments && !isString && !isInt8Array && !isInt16Array && !isInt32Array && !isUint8Array && !isUint8ClampedArray && !isUint16Array && !isUint32Array && !isFloat32Array && !isFloat64Array)
break;
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
@@ -93,6 +98,8 @@ private:
#endif
if (isArray)
node.setOp(GetArrayLength);
+ else if (isArguments)
+ node.setOp(GetArgumentsLength);
else if (isString)
node.setOp(GetStringLength);
else if (isInt8Array)
@@ -123,7 +130,9 @@ private:
}
case GetIndexedPropertyStorage: {
PredictedType basePrediction = m_graph[node.child2()].prediction();
- if (!(basePrediction & PredictInt32) && basePrediction) {
+ if ((!(basePrediction & PredictInt32) && basePrediction)
+ || m_graph[node.child1()].shouldSpeculateArguments()
+ || !isActionableArrayPrediction(m_graph[node.child1()].prediction())) {
node.setOpAndDefaultFlags(Nop);
m_graph.clearAndDerefChild1(node);
m_graph.clearAndDerefChild2(node);
@@ -209,7 +218,7 @@ private:
}
case SetLocal: {
- if (m_graph.isCaptured(node.local()))
+ if (node.variableAccessData()->isCaptured())
break;
if (!node.variableAccessData()->shouldUseDoubleFormat())
break;
@@ -246,7 +255,6 @@ private:
case ArithMin:
case ArithMax:
- case ArithMul:
case ArithMod: {
if (Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child2()])
&& node.canSpeculateInteger())
@@ -256,6 +264,14 @@ private:
break;
}
+ case ArithMul: {
+ if (m_graph.mulShouldSpeculateInteger(node))
+ break;
+ fixDoubleEdge(0);
+ fixDoubleEdge(1);
+ break;
+ }
+
case ArithDiv: {
if (Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child2()])
&& node.canSpeculateInteger()) {
@@ -383,9 +399,9 @@ private:
InsertionSet<NodeIndex> m_insertionSet;
};
-void performFixup(Graph& graph)
+bool performFixup(Graph& graph)
{
- runPhase<FixupPhase>(graph);
+ return runPhase<FixupPhase>(graph);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.h b/Source/JavaScriptCore/dfg/DFGFixupPhase.h
index 1ba85ebfe..d496d59b2 100644
--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.h
+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.h
@@ -37,7 +37,7 @@ class Graph;
// Fix portions of the graph that are inefficient given the predictions that
// we have. This should run after prediction propagation but before CSE.
-void performFixup(Graph&);
+bool performFixup(Graph&);
} } // namespace JSC::DFG::Phase
diff --git a/Source/JavaScriptCore/dfg/DFGGPRInfo.h b/Source/JavaScriptCore/dfg/DFGGPRInfo.h
index 4a250328f..bd4fa32d1 100644
--- a/Source/JavaScriptCore/dfg/DFGGPRInfo.h
+++ b/Source/JavaScriptCore/dfg/DFGGPRInfo.h
@@ -271,6 +271,8 @@ public:
// These constants provide the names for the general purpose argument & return value registers.
static const GPRReg argumentGPR0 = X86Registers::ecx; // regT2
static const GPRReg argumentGPR1 = X86Registers::edx; // regT1
+ static const GPRReg nonArgGPR0 = X86Registers::eax; // regT0
+ static const GPRReg nonArgGPR1 = X86Registers::ebx; // regT3
static const GPRReg returnValueGPR = X86Registers::eax; // regT0
static const GPRReg returnValueGPR2 = X86Registers::edx; // regT1
static const GPRReg nonPreservedNonReturnGPR = X86Registers::ecx;
@@ -340,6 +342,8 @@ public:
static const GPRReg argumentGPR3 = X86Registers::ecx; // regT2
static const GPRReg argumentGPR4 = X86Registers::r8; // regT6
static const GPRReg argumentGPR5 = X86Registers::r9; // regT7
+ static const GPRReg nonArgGPR0 = X86Registers::eax; // regT0
+ static const GPRReg nonArgGPR1 = X86Registers::ebx; // regT3
static const GPRReg returnValueGPR = X86Registers::eax; // regT0
static const GPRReg returnValueGPR2 = X86Registers::edx; // regT1
static const GPRReg nonPreservedNonReturnGPR = X86Registers::esi;
@@ -410,6 +414,8 @@ public:
// between the arguments being set up, and the call being made. That said,
// any change introducing a problem here is likely to be immediately apparent!
static const GPRReg argumentGPR3 = ARMRegisters::r3; // FIXME!
+ static const GPRReg nonArgGPR0 = ARMRegisters::r4; // regT3
+ static const GPRReg nonArgGPR1 = ARMRegisters::r8; // regT4
static const GPRReg returnValueGPR = ARMRegisters::r0; // regT0
static const GPRReg returnValueGPR2 = ARMRegisters::r1; // regT1
static const GPRReg nonPreservedNonReturnGPR = ARMRegisters::r2;
diff --git a/Source/JavaScriptCore/dfg/DFGGraph.cpp b/Source/JavaScriptCore/dfg/DFGGraph.cpp
index 3c99e5d4e..4562e30ee 100644
--- a/Source/JavaScriptCore/dfg/DFGGraph.cpp
+++ b/Source/JavaScriptCore/dfg/DFGGraph.cpp
@@ -65,7 +65,7 @@ const char* Graph::nameOfVariableAccessData(VariableAccessData* variableAccessDa
if (!index)
return "A";
- static char buf[10];
+ static char buf[100];
BoundsCheckedPointer<char> ptr(buf, sizeof(buf));
while (index) {
@@ -73,6 +73,11 @@ const char* Graph::nameOfVariableAccessData(VariableAccessData* variableAccessDa
index /= 26;
}
+ if (variableAccessData->isCaptured())
+ *ptr++ = '*';
+
+ ptr.strcat(predictionToAbbreviatedString(variableAccessData->prediction()));
+
*ptr++ = 0;
return buf;
@@ -126,10 +131,8 @@ void Graph::dump(NodeIndex nodeIndex)
unsigned refCount = node.refCount();
bool skipped = !refCount;
bool mustGenerate = node.mustGenerate();
- if (mustGenerate) {
- ASSERT(refCount);
+ if (mustGenerate)
--refCount;
- }
printWhiteSpace((node.codeOrigin.inlineDepth() - 1) * 2);
@@ -166,7 +169,8 @@ void Graph::dump(NodeIndex nodeIndex)
dataLog("%s@%u%s",
useKindToString(m_varArgChildren[childIdx].useKind()),
m_varArgChildren[childIdx].index(),
- predictionToAbbreviatedString(at(childIdx).prediction()));
+ predictionToAbbreviatedString(
+ at(m_varArgChildren[childIdx]).prediction()));
}
} else {
if (!!node.child1()) {
@@ -278,12 +282,34 @@ void Graph::dump()
NodeIndex lastNodeIndex = NoNode;
for (size_t b = 0; b < m_blocks.size(); ++b) {
BasicBlock* block = m_blocks[b].get();
+ if (!block)
+ continue;
dataLog("Block #%u (bc#%u): %s%s\n", (int)b, block->bytecodeBegin, block->isReachable ? "" : " (skipped)", block->isOSRTarget ? " (OSR target)" : "");
+ dataLog(" Predecessors:");
+ for (size_t i = 0; i < block->m_predecessors.size(); ++i)
+ dataLog(" #%u", block->m_predecessors[i]);
+ dataLog("\n");
+ if (m_dominators.isValid()) {
+ dataLog(" Dominated by:");
+ for (size_t i = 0; i < m_blocks.size(); ++i) {
+ if (!m_dominators.dominates(i, b))
+ continue;
+ dataLog(" #%lu", static_cast<unsigned long>(i));
+ }
+ dataLog("\n");
+ dataLog(" Dominates:");
+ for (size_t i = 0; i < m_blocks.size(); ++i) {
+ if (!m_dominators.dominates(b, i))
+ continue;
+ dataLog(" #%lu", static_cast<unsigned long>(i));
+ }
+ dataLog("\n");
+ }
dataLog(" Phi Nodes:\n");
for (size_t i = 0; i < block->phis.size(); ++i) {
- // Dumping the dead Phi nodes is just annoying!
- if (at(block->phis[i]).refCount())
- dump(block->phis[i]);
+ dumpCodeOrigin(lastNodeIndex, block->phis[i]);
+ dump(block->phis[i]);
+ lastNodeIndex = block->phis[i];
}
dataLog(" vars before: ");
if (block->cfaHasVisited)
@@ -305,6 +331,9 @@ void Graph::dump()
else
dataLog("<empty>");
dataLog("\n");
+ dataLog(" var links: ");
+ dumpOperands(block->variablesAtTail, WTF::dataFile());
+ dataLog("\n");
}
}
@@ -362,6 +391,112 @@ void Graph::predictArgumentTypes()
}
}
+void Graph::handleSuccessor(Vector<BlockIndex, 16>& worklist, BlockIndex blockIndex, BlockIndex successorIndex)
+{
+ BasicBlock* successor = m_blocks[successorIndex].get();
+ if (!successor->isReachable) {
+ successor->isReachable = true;
+ worklist.append(successorIndex);
+ }
+
+ successor->m_predecessors.append(blockIndex);
+}
+
+void Graph::collectGarbage()
+{
+ // First reset the counts to 0 for all nodes.
+ for (unsigned i = size(); i--;)
+ at(i).setRefCount(0);
+
+ // Now find the roots: the nodes that are must-generate. Set their ref counts to
+ // 1 and put them on the worklist.
+ Vector<NodeIndex, 128> worklist;
+ for (BlockIndex blockIndex = 0; blockIndex < m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ for (unsigned indexInBlock = block->size(); indexInBlock--;) {
+ NodeIndex nodeIndex = block->at(indexInBlock);
+ Node& node = at(nodeIndex);
+ if (!(node.flags() & NodeMustGenerate))
+ continue;
+ node.setRefCount(1);
+ worklist.append(nodeIndex);
+ }
+ }
+
+ while (!worklist.isEmpty()) {
+ NodeIndex nodeIndex = worklist.last();
+ worklist.removeLast();
+ Node& node = at(nodeIndex);
+ ASSERT(node.shouldGenerate()); // It should not be on the worklist unless it's ref'ed.
+ if (node.flags() & NodeHasVarArgs) {
+ for (unsigned childIdx = node.firstChild();
+ childIdx < node.firstChild() + node.numChildren();
+ ++childIdx) {
+ NodeIndex childNodeIndex = m_varArgChildren[childIdx].index();
+ if (!at(childNodeIndex).ref())
+ continue;
+ worklist.append(childNodeIndex);
+ }
+ } else if (node.child1()) {
+ if (at(node.child1()).ref())
+ worklist.append(node.child1().index());
+ if (node.child2()) {
+ if (at(node.child2()).ref())
+ worklist.append(node.child2().index());
+ if (node.child3()) {
+ if (at(node.child3()).ref())
+ worklist.append(node.child3().index());
+ }
+ }
+ }
+ }
+}
+
+void Graph::determineReachability()
+{
+ Vector<BlockIndex, 16> worklist;
+ worklist.append(0);
+ m_blocks[0]->isReachable = true;
+ while (!worklist.isEmpty()) {
+ BlockIndex index = worklist.last();
+ worklist.removeLast();
+
+ BasicBlock* block = m_blocks[index].get();
+ ASSERT(block->isLinked);
+
+ Node& node = at(block->last());
+ ASSERT(node.isTerminal());
+
+ if (node.isJump())
+ handleSuccessor(worklist, index, node.takenBlockIndex());
+ else if (node.isBranch()) {
+ handleSuccessor(worklist, index, node.takenBlockIndex());
+ handleSuccessor(worklist, index, node.notTakenBlockIndex());
+ }
+ }
+}
+
+void Graph::resetReachability()
+{
+ for (BlockIndex blockIndex = m_blocks.size(); blockIndex--;) {
+ BasicBlock* block = m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ block->isReachable = false;
+ block->m_predecessors.clear();
+ }
+
+ determineReachability();
+}
+
+void Graph::resetExitStates()
+{
+ for (unsigned i = size(); i--;)
+ at(i).setCanExit(true);
+}
+
} } // namespace JSC::DFG
#endif
diff --git a/Source/JavaScriptCore/dfg/DFGGraph.h b/Source/JavaScriptCore/dfg/DFGGraph.h
index 0c8ac2dcf..52654d23b 100644
--- a/Source/JavaScriptCore/dfg/DFGGraph.h
+++ b/Source/JavaScriptCore/dfg/DFGGraph.h
@@ -26,12 +26,15 @@
#ifndef DFGGraph_h
#define DFGGraph_h
+#include <wtf/Platform.h>
+
#if ENABLE(DFG_JIT)
#include "CodeBlock.h"
#include "DFGArgumentPosition.h"
#include "DFGAssemblyHelpers.h"
#include "DFGBasicBlock.h"
+#include "DFGDominators.h"
#include "DFGNode.h"
#include "MethodOfGettingAValueProfile.h"
#include "RegisterFile.h"
@@ -77,6 +80,7 @@ public:
: m_globalData(globalData)
, m_codeBlock(codeBlock)
, m_profiledBlock(codeBlock->alternative())
+ , m_hasArguments(false)
{
ASSERT(m_profiledBlock);
}
@@ -105,6 +109,8 @@ public:
void deref(NodeIndex nodeIndex)
{
+ if (!at(nodeIndex).refCount())
+ dump();
if (at(nodeIndex).deref())
derefChildren(nodeIndex);
}
@@ -113,6 +119,24 @@ public:
deref(nodeUse.index());
}
+ void changeIndex(Edge& edge, NodeIndex newIndex, bool changeRef = true)
+ {
+ if (changeRef) {
+ ref(newIndex);
+ deref(edge.index());
+ }
+ edge.setIndex(newIndex);
+ }
+
+ void changeEdge(Edge& edge, Edge newEdge, bool changeRef = true)
+ {
+ if (changeRef) {
+ ref(newEdge);
+ deref(edge);
+ }
+ edge = newEdge;
+ }
+
void clearAndDerefChild1(Node& node)
{
if (!node.child1())
@@ -136,6 +160,22 @@ public:
deref(node.child3());
node.children.child3() = Edge();
}
+
+ // Call this if you've modified the reference counts of nodes that deal with
+ // local variables. This is necessary because local variable references can form
+ // cycles, and hence reference counting is not enough. This will reset the
+ // reference counts according to reachability.
+ void collectGarbage();
+
+ void convertToConstant(NodeIndex nodeIndex, unsigned constantNumber)
+ {
+ at(nodeIndex).convertToConstant(constantNumber);
+ }
+
+ void convertToConstant(NodeIndex nodeIndex, JSValue value)
+ {
+ convertToConstant(nodeIndex, m_codeBlock->addOrFindConstant(value));
+ }
// CodeBlock is optional, but may allow additional information to be dumped (e.g. Identifier names).
void dump();
@@ -167,6 +207,21 @@ public:
return Node::shouldSpeculateInteger(left, right) && add.canSpeculateInteger();
}
+ bool mulShouldSpeculateInteger(Node& mul)
+ {
+ ASSERT(mul.op() == ArithMul);
+
+ Node& left = at(mul.child1());
+ Node& right = at(mul.child2());
+
+ if (left.hasConstant())
+ return mulImmediateShouldSpeculateInteger(mul, right, left);
+ if (right.hasConstant())
+ return mulImmediateShouldSpeculateInteger(mul, left, right);
+
+ return Node::shouldSpeculateInteger(left, right) && mul.canSpeculateInteger() && !nodeMayOverflow(mul.arithNodeFlags());
+ }
+
bool negateShouldSpeculateInteger(Node& negate)
{
ASSERT(negate.op() == ArithNegate);
@@ -255,11 +310,48 @@ public:
return &m_structureTransitionData.last();
}
+ ExecutableBase* executableFor(InlineCallFrame* inlineCallFrame)
+ {
+ if (!inlineCallFrame)
+ return m_codeBlock->ownerExecutable();
+
+ return inlineCallFrame->executable.get();
+ }
+
+ ExecutableBase* executableFor(const CodeOrigin& codeOrigin)
+ {
+ return executableFor(codeOrigin.inlineCallFrame);
+ }
+
CodeBlock* baselineCodeBlockFor(const CodeOrigin& codeOrigin)
{
return baselineCodeBlockForOriginAndBaselineCodeBlock(codeOrigin, m_profiledBlock);
}
+ int argumentsRegisterFor(const CodeOrigin& codeOrigin)
+ {
+ if (!codeOrigin.inlineCallFrame)
+ return m_codeBlock->argumentsRegister();
+
+ return baselineCodeBlockForInlineCallFrame(
+ codeOrigin.inlineCallFrame)->argumentsRegister() +
+ codeOrigin.inlineCallFrame->stackOffset;
+ }
+
+ int uncheckedArgumentsRegisterFor(const CodeOrigin& codeOrigin)
+ {
+ if (!codeOrigin.inlineCallFrame)
+ return m_codeBlock->uncheckedArgumentsRegister();
+
+ CodeBlock* codeBlock = baselineCodeBlockForInlineCallFrame(
+ codeOrigin.inlineCallFrame);
+ if (!codeBlock->usesArguments())
+ return InvalidVirtualRegister;
+
+ return codeBlock->argumentsRegister() +
+ codeOrigin.inlineCallFrame->stackOffset;
+ }
+
ValueProfile* valueProfileFor(NodeIndex nodeIndex)
{
if (nodeIndex == NoNode)
@@ -303,37 +395,86 @@ public:
bool needsActivation() const
{
-#if DFG_ENABLE(ALL_VARIABLES_CAPTURED)
- return true;
-#else
return m_codeBlock->needsFullScopeChain() && m_codeBlock->codeType() != GlobalCode;
-#endif
}
- // Pass an argument index. Currently it's ignored, but that's somewhat
- // of a bug.
- bool argumentIsCaptured(int) const
+ bool usesArguments() const
{
- return needsActivation();
+ return m_codeBlock->usesArguments();
}
- bool localIsCaptured(int operand) const
+
+ unsigned numSuccessors(BasicBlock* block)
{
-#if DFG_ENABLE(ALL_VARIABLES_CAPTURED)
- return operand < m_codeBlock->m_numVars;
-#else
- return operand < m_codeBlock->m_numCapturedVars;
-#endif
+ return at(block->last()).numSuccessors();
+ }
+ BlockIndex successor(BasicBlock* block, unsigned index)
+ {
+ return at(block->last()).successor(index);
+ }
+ BlockIndex successorForCondition(BasicBlock* block, bool condition)
+ {
+ return at(block->last()).successorForCondition(condition);
+ }
+
+ bool isPredictedNumerical(Node& node)
+ {
+ PredictedType left = at(node.child1()).prediction();
+ PredictedType right = at(node.child2()).prediction();
+ return isNumberPrediction(left) && isNumberPrediction(right);
+ }
+
+ bool byValIsPure(Node& node)
+ {
+ return at(node.child2()).shouldSpeculateInteger()
+ && ((node.op() == PutByVal || node.op() == PutByValAlias)
+ ? isActionableMutableArrayPrediction(at(node.child1()).prediction())
+ : isActionableArrayPrediction(at(node.child1()).prediction()));
}
- bool isCaptured(int operand) const
+ bool clobbersWorld(Node& node)
{
- if (operandIsArgument(operand))
- return argumentIsCaptured(operandToArgument(operand));
- return localIsCaptured(operand);
+ if (node.flags() & NodeClobbersWorld)
+ return true;
+ if (!(node.flags() & NodeMightClobber))
+ return false;
+ switch (node.op()) {
+ case ValueAdd:
+ case CompareLess:
+ case CompareLessEq:
+ case CompareGreater:
+ case CompareGreaterEq:
+ case CompareEq:
+ return !isPredictedNumerical(node);
+ case GetByVal:
+ return !byValIsPure(node);
+ default:
+ ASSERT_NOT_REACHED();
+ return true; // If by some oddity we hit this case in release build it's safer to have CSE assume the worst.
+ }
}
- bool isCaptured(VirtualRegister virtualRegister) const
+
+ bool clobbersWorld(NodeIndex nodeIndex)
{
- return isCaptured(static_cast<int>(virtualRegister));
+ return clobbersWorld(at(nodeIndex));
+ }
+
+ void determineReachability();
+ void resetReachability();
+
+ void resetExitStates();
+
+ unsigned numChildren(Node& node)
+ {
+ if (node.flags() & NodeHasVarArgs)
+ return node.numChildren();
+ return AdjacencyList::Size;
+ }
+
+ Edge child(Node& node, unsigned index)
+ {
+ if (node.flags() & NodeHasVarArgs)
+ return m_varArgChildren[node.firstChild() + index];
+ return node.children.child(index);
}
JSGlobalData& m_globalData;
@@ -349,11 +490,16 @@ public:
SegmentedVector<ArgumentPosition, 8> m_argumentPositions;
SegmentedVector<StructureSet, 16> m_structureSet;
SegmentedVector<StructureTransitionData, 8> m_structureTransitionData;
+ bool m_hasArguments;
+ HashSet<ExecutableBase*> m_executablesWhoseArgumentsEscaped;
BitVector m_preservedVars;
+ Dominators m_dominators;
unsigned m_localVars;
unsigned m_parameterSlots;
private:
+ void handleSuccessor(Vector<BlockIndex, 16>& worklist, BlockIndex blockIndex, BlockIndex successorIndex);
+
bool addImmediateShouldSpeculateInteger(Node& add, Node& variable, Node& immediate)
{
ASSERT(immediate.hasConstant());
@@ -376,6 +522,30 @@ private:
return nodeCanTruncateInteger(add.arithNodeFlags());
}
+ bool mulImmediateShouldSpeculateInteger(Node& mul, Node& variable, Node& immediate)
+ {
+ ASSERT(immediate.hasConstant());
+
+ JSValue immediateValue = immediate.valueOfJSConstant(m_codeBlock);
+ if (!immediateValue.isInt32())
+ return false;
+
+ if (!variable.shouldSpeculateInteger())
+ return false;
+
+ int32_t intImmediate = immediateValue.asInt32();
+ // Doubles have a 53 bit mantissa so we expect a multiplication of 2^31 (the highest
+ // magnitude possible int32 value) and any value less than 2^22 to not result in any
+ // rounding in a double multiplication - hence it will be equivalent to an integer
+ // multiplication, if we are doing int32 truncation afterwards (which is what
+ // canSpeculateInteger() implies).
+ const int32_t twoToThe22 = 1 << 22;
+ if (intImmediate <= -twoToThe22 || intImmediate >= twoToThe22)
+ return mul.canSpeculateInteger() && !nodeMayOverflow(mul.arithNodeFlags());
+
+ return mul.canSpeculateInteger();
+ }
+
// When a node's refCount goes from 0 to 1, it must (logically) recursively ref all of its children, and vice versa.
void refChildren(NodeIndex);
void derefChildren(NodeIndex);
diff --git a/Source/JavaScriptCore/dfg/DFGInsertionSet.h b/Source/JavaScriptCore/dfg/DFGInsertionSet.h
index 82a6a6fa4..26ab1f28f 100644
--- a/Source/JavaScriptCore/dfg/DFGInsertionSet.h
+++ b/Source/JavaScriptCore/dfg/DFGInsertionSet.h
@@ -79,7 +79,7 @@ public:
Insertion<ElementType>& insertion = m_insertions[indexInInsertions];
size_t firstIndex = insertion.index() + indexInInsertions;
size_t indexOffset = indexInInsertions + 1;
- for (size_t i = lastIndex; i-- > firstIndex;)
+ for (size_t i = lastIndex; --i > firstIndex;)
collection[i] = collection[i - indexOffset];
collection[firstIndex] = insertion.element();
lastIndex = firstIndex;
diff --git a/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp b/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
index 8d5b7238c..54b5aaee6 100644
--- a/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
+++ b/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
@@ -32,6 +32,7 @@
#include "DFGOSRExitCompiler.h"
#include "DFGOperations.h"
#include "DFGRegisterBank.h"
+#include "DFGSlowPathGenerator.h"
#include "DFGSpeculativeJIT.h"
#include "DFGThunks.h"
#include "JSGlobalData.h"
@@ -78,9 +79,10 @@ void JITCompiler::compileBody(SpeculativeJIT& speculative)
bool compiledSpeculative = speculative.compile();
ASSERT_UNUSED(compiledSpeculative, compiledSpeculative);
+}
- linkOSRExits();
-
+void JITCompiler::compileExceptionHandlers()
+{
// Iterate over the m_calls vector, checking for jumps to link.
bool didLinkExceptionCheck = false;
for (unsigned i = 0; i < m_exceptionChecks.size(); ++i) {
@@ -148,19 +150,19 @@ void JITCompiler::link(LinkBuffer& linkBuffer)
m_codeBlock->setNumberOfStructureStubInfos(m_propertyAccesses.size());
for (unsigned i = 0; i < m_propertyAccesses.size(); ++i) {
StructureStubInfo& info = m_codeBlock->structureStubInfo(i);
- CodeLocationCall callReturnLocation = linkBuffer.locationOf(m_propertyAccesses[i].m_functionCall);
+ CodeLocationCall callReturnLocation = linkBuffer.locationOf(m_propertyAccesses[i].m_slowPathGenerator->call());
info.codeOrigin = m_propertyAccesses[i].m_codeOrigin;
info.callReturnLocation = callReturnLocation;
- info.patch.dfg.deltaCheckImmToCall = differenceBetweenCodePtr(linkBuffer.locationOf(m_propertyAccesses[i].m_deltaCheckImmToCall), callReturnLocation);
- info.patch.dfg.deltaCallToStructCheck = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_deltaCallToStructCheck));
+ info.patch.dfg.deltaCheckImmToCall = differenceBetweenCodePtr(linkBuffer.locationOf(m_propertyAccesses[i].m_structureImm), callReturnLocation);
+ info.patch.dfg.deltaCallToStructCheck = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_structureCheck));
#if USE(JSVALUE64)
- info.patch.dfg.deltaCallToLoadOrStore = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_deltaCallToLoadOrStore));
+ info.patch.dfg.deltaCallToLoadOrStore = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_loadOrStore));
#else
- info.patch.dfg.deltaCallToTagLoadOrStore = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_deltaCallToTagLoadOrStore));
- info.patch.dfg.deltaCallToPayloadLoadOrStore = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_deltaCallToPayloadLoadOrStore));
+ info.patch.dfg.deltaCallToTagLoadOrStore = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_tagLoadOrStore));
+ info.patch.dfg.deltaCallToPayloadLoadOrStore = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_payloadLoadOrStore));
#endif
- info.patch.dfg.deltaCallToSlowCase = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_deltaCallToSlowCase));
- info.patch.dfg.deltaCallToDone = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_deltaCallToDone));
+ info.patch.dfg.deltaCallToSlowCase = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_slowPathGenerator->label()));
+ info.patch.dfg.deltaCallToDone = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_propertyAccesses[i].m_done));
info.patch.dfg.baseGPR = m_propertyAccesses[i].m_baseGPR;
#if USE(JSVALUE64)
info.patch.dfg.valueGPR = m_propertyAccesses[i].m_valueGPR;
@@ -199,6 +201,12 @@ bool JITCompiler::compile(JITCode& entry)
SpeculativeJIT speculative(*this);
compileBody(speculative);
+ // Generate slow path code.
+ speculative.runSlowPathGenerators();
+
+ compileExceptionHandlers();
+ linkOSRExits();
+
// Create OSR entry trampolines if necessary.
speculative.createOSREntries();
@@ -268,6 +276,12 @@ bool JITCompiler::compileFunction(JITCode& entry, MacroAssemblerCodePtr& entryWi
move(GPRInfo::regT0, GPRInfo::callFrameRegister);
jump(fromArityCheck);
+ // Generate slow path code.
+ speculative.runSlowPathGenerators();
+
+ compileExceptionHandlers();
+ linkOSRExits();
+
// Create OSR entry trampolines if necessary.
speculative.createOSREntries();
diff --git a/Source/JavaScriptCore/dfg/DFGJITCompiler.h b/Source/JavaScriptCore/dfg/DFGJITCompiler.h
index 01a1e7246..360165b24 100644
--- a/Source/JavaScriptCore/dfg/DFGJITCompiler.h
+++ b/Source/JavaScriptCore/dfg/DFGJITCompiler.h
@@ -28,15 +28,15 @@
#if ENABLE(DFG_JIT)
-#include <assembler/LinkBuffer.h>
-#include <assembler/MacroAssembler.h>
-#include <bytecode/CodeBlock.h>
-#include <dfg/DFGCCallHelpers.h>
-#include <dfg/DFGFPRInfo.h>
-#include <dfg/DFGGPRInfo.h>
-#include <dfg/DFGGraph.h>
-#include <dfg/DFGRegisterBank.h>
-#include <jit/JITCode.h>
+#include "CodeBlock.h"
+#include "DFGCCallHelpers.h"
+#include "DFGFPRInfo.h"
+#include "DFGGPRInfo.h"
+#include "DFGGraph.h"
+#include "DFGRegisterBank.h"
+#include "JITCode.h"
+#include "LinkBuffer.h"
+#include "MacroAssembler.h"
namespace JSC {
@@ -48,6 +48,7 @@ namespace DFG {
class JITCodeGenerator;
class NodeToRegisterMap;
+class SlowPathGenerator;
class SpeculativeJIT;
class SpeculationRecovery;
@@ -130,22 +131,43 @@ struct PropertyAccessRecord {
enum RegisterMode { RegistersFlushed, RegistersInUse };
#if USE(JSVALUE64)
- PropertyAccessRecord(CodeOrigin codeOrigin, MacroAssembler::DataLabelPtr deltaCheckImmToCall, MacroAssembler::Call functionCall, MacroAssembler::PatchableJump deltaCallToStructCheck, MacroAssembler::DataLabelCompact deltaCallToLoadOrStore, MacroAssembler::Label deltaCallToSlowCase, MacroAssembler::Label deltaCallToDone, int8_t baseGPR, int8_t valueGPR, int8_t scratchGPR, RegisterMode registerMode = RegistersInUse)
+ PropertyAccessRecord(
+ CodeOrigin codeOrigin,
+ MacroAssembler::DataLabelPtr structureImm,
+ MacroAssembler::PatchableJump structureCheck,
+ MacroAssembler::DataLabelCompact loadOrStore,
+ SlowPathGenerator* slowPathGenerator,
+ MacroAssembler::Label done,
+ int8_t baseGPR,
+ int8_t valueGPR,
+ int8_t scratchGPR,
+ RegisterMode registerMode = RegistersInUse)
#elif USE(JSVALUE32_64)
- PropertyAccessRecord(CodeOrigin codeOrigin, MacroAssembler::DataLabelPtr deltaCheckImmToCall, MacroAssembler::Call functionCall, MacroAssembler::PatchableJump deltaCallToStructCheck, MacroAssembler::DataLabelCompact deltaCallToTagLoadOrStore, MacroAssembler::DataLabelCompact deltaCallToPayloadLoadOrStore, MacroAssembler::Label deltaCallToSlowCase, MacroAssembler::Label deltaCallToDone, int8_t baseGPR, int8_t valueTagGPR, int8_t valueGPR, int8_t scratchGPR, RegisterMode registerMode = RegistersInUse)
+ PropertyAccessRecord(
+ CodeOrigin codeOrigin,
+ MacroAssembler::DataLabelPtr structureImm,
+ MacroAssembler::PatchableJump structureCheck,
+ MacroAssembler::DataLabelCompact tagLoadOrStore,
+ MacroAssembler::DataLabelCompact payloadLoadOrStore,
+ SlowPathGenerator* slowPathGenerator,
+ MacroAssembler::Label done,
+ int8_t baseGPR,
+ int8_t valueTagGPR,
+ int8_t valueGPR,
+ int8_t scratchGPR,
+ RegisterMode registerMode = RegistersInUse)
#endif
: m_codeOrigin(codeOrigin)
- , m_deltaCheckImmToCall(deltaCheckImmToCall)
- , m_functionCall(functionCall)
- , m_deltaCallToStructCheck(deltaCallToStructCheck)
+ , m_structureImm(structureImm)
+ , m_structureCheck(structureCheck)
#if USE(JSVALUE64)
- , m_deltaCallToLoadOrStore(deltaCallToLoadOrStore)
+ , m_loadOrStore(loadOrStore)
#elif USE(JSVALUE32_64)
- , m_deltaCallToTagLoadOrStore(deltaCallToTagLoadOrStore)
- , m_deltaCallToPayloadLoadOrStore(deltaCallToPayloadLoadOrStore)
+ , m_tagLoadOrStore(tagLoadOrStore)
+ , m_payloadLoadOrStore(payloadLoadOrStore)
#endif
- , m_deltaCallToSlowCase(deltaCallToSlowCase)
- , m_deltaCallToDone(deltaCallToDone)
+ , m_slowPathGenerator(slowPathGenerator)
+ , m_done(done)
, m_baseGPR(baseGPR)
#if USE(JSVALUE32_64)
, m_valueTagGPR(valueTagGPR)
@@ -157,17 +179,16 @@ struct PropertyAccessRecord {
}
CodeOrigin m_codeOrigin;
- MacroAssembler::DataLabelPtr m_deltaCheckImmToCall;
- MacroAssembler::Call m_functionCall;
- MacroAssembler::PatchableJump m_deltaCallToStructCheck;
+ MacroAssembler::DataLabelPtr m_structureImm;
+ MacroAssembler::PatchableJump m_structureCheck;
#if USE(JSVALUE64)
- MacroAssembler::DataLabelCompact m_deltaCallToLoadOrStore;
+ MacroAssembler::DataLabelCompact m_loadOrStore;
#elif USE(JSVALUE32_64)
- MacroAssembler::DataLabelCompact m_deltaCallToTagLoadOrStore;
- MacroAssembler::DataLabelCompact m_deltaCallToPayloadLoadOrStore;
+ MacroAssembler::DataLabelCompact m_tagLoadOrStore;
+ MacroAssembler::DataLabelCompact m_payloadLoadOrStore;
#endif
- MacroAssembler::Label m_deltaCallToSlowCase;
- MacroAssembler::Label m_deltaCallToDone;
+ SlowPathGenerator* m_slowPathGenerator;
+ MacroAssembler::Label m_done;
int8_t m_baseGPR;
#if USE(JSVALUE32_64)
int8_t m_valueTagGPR;
@@ -193,7 +214,7 @@ public:
, m_currentCodeOriginIndex(0)
{
}
-
+
bool compile(JITCode& entry);
bool compileFunction(JITCode& entry, MacroAssemblerCodePtr& entryWithArityCheck);
@@ -316,6 +337,7 @@ private:
void link(LinkBuffer&);
void exitSpeculativeWithOSR(const OSRExit&, SpeculationRecovery*);
+ void compileExceptionHandlers();
void linkOSRExits();
// The dataflow graph currently being generated.
diff --git a/Source/JavaScriptCore/dfg/DFGNode.h b/Source/JavaScriptCore/dfg/DFGNode.h
index f79a93a69..1dbfccb8a 100644
--- a/Source/JavaScriptCore/dfg/DFGNode.h
+++ b/Source/JavaScriptCore/dfg/DFGNode.h
@@ -75,7 +75,7 @@ struct OpInfo {
// Node represents a single operation in the data flow graph.
struct Node {
enum VarArgTag { VarArg };
-
+
// Construct a node with up to 3 children, no immediate value.
Node(NodeType op, CodeOrigin codeOrigin, NodeIndex child1 = NoNode, NodeIndex child2 = NoNode, NodeIndex child3 = NoNode)
: codeOrigin(codeOrigin)
@@ -144,6 +144,7 @@ struct Node {
bool mergeFlags(NodeFlags flags)
{
+ ASSERT(!(flags & NodeDoesNotExit));
NodeFlags newFlags = m_flags | flags;
if (newFlags == m_flags)
return false;
@@ -153,6 +154,7 @@ struct Node {
bool filterFlags(NodeFlags flags)
{
+ ASSERT(flags & NodeDoesNotExit);
NodeFlags newFlags = m_flags & flags;
if (newFlags == m_flags)
return false;
@@ -175,7 +177,20 @@ struct Node {
{
return m_flags & NodeMustGenerate;
}
-
+
+ void setCanExit(bool exits)
+ {
+ if (exits)
+ m_flags &= ~NodeDoesNotExit;
+ else
+ m_flags |= NodeDoesNotExit;
+ }
+
+ bool canExit()
+ {
+ return !(m_flags & NodeDoesNotExit);
+ }
+
bool isConstant()
{
return op() == JSConstant;
@@ -197,6 +212,26 @@ struct Node {
return m_opInfo;
}
+ void convertToConstant(unsigned constantNumber)
+ {
+ m_op = JSConstant;
+ if (m_flags & NodeMustGenerate)
+ m_refCount--;
+ m_flags &= ~(NodeMustGenerate | NodeMightClobber | NodeClobbersWorld);
+ m_opInfo = constantNumber;
+ children.reset();
+ }
+
+ void convertToGetLocalUnlinked(VirtualRegister local)
+ {
+ m_op = GetLocalUnlinked;
+ if (m_flags & NodeMustGenerate)
+ m_refCount--;
+ m_flags &= ~(NodeMustGenerate | NodeMightClobber | NodeClobbersWorld);
+ m_opInfo = local;
+ children.reset();
+ }
+
JSCell* weakConstant()
{
return bitwise_cast<JSCell*>(m_opInfo);
@@ -264,6 +299,18 @@ struct Node {
return variableAccessData()->local();
}
+ VirtualRegister unmodifiedArgumentsRegister()
+ {
+ ASSERT(op() == TearOffActivation);
+ return static_cast<VirtualRegister>(m_opInfo);
+ }
+
+ VirtualRegister unlinkedLocal()
+ {
+ ASSERT(op() == GetLocalUnlinked);
+ return static_cast<VirtualRegister>(m_opInfo);
+ }
+
bool hasIdentifier()
{
switch (op()) {
@@ -458,12 +505,45 @@ struct Node {
return m_opInfo2;
}
+ unsigned numSuccessors()
+ {
+ switch (op()) {
+ case Jump:
+ return 1;
+ case Branch:
+ return 2;
+ default:
+ return 0;
+ }
+ }
+
+ BlockIndex successor(unsigned index)
+ {
+ switch (index) {
+ case 0:
+ return takenBlockIndex();
+ case 1:
+ return notTakenBlockIndex();
+ default:
+ ASSERT_NOT_REACHED();
+ return NoBlock;
+ }
+ }
+
+ BlockIndex successorForCondition(bool condition)
+ {
+ ASSERT(isBranch());
+ return condition ? takenBlockIndex() : notTakenBlockIndex();
+ }
+
bool hasHeapPrediction()
{
switch (op()) {
case GetById:
case GetByIdFlush:
case GetByVal:
+ case GetMyArgumentByVal:
+ case GetMyArgumentByValSafe:
case Call:
case Construct:
case GetByOffset:
@@ -700,6 +780,11 @@ struct Node {
return isArrayPrediction(prediction());
}
+ bool shouldSpeculateArguments()
+ {
+ return isArgumentsPrediction(prediction());
+ }
+
bool shouldSpeculateInt8Array()
{
return isInt8ArrayPrediction(prediction());
diff --git a/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp b/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
index 54e6b69b7..ca6257401 100644
--- a/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
+++ b/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
@@ -130,6 +130,13 @@ const char* nodeFlagsAsString(NodeFlags flags)
hasPrinted = true;
}
+ if (!(flags & NodeDoesNotExit)) {
+ if (hasPrinted)
+ ptr.strcat("|");
+ ptr.strcat("CanExit");
+ hasPrinted = true;
+ }
+
*ptr++ = 0;
return description;
diff --git a/Source/JavaScriptCore/dfg/DFGNodeFlags.h b/Source/JavaScriptCore/dfg/DFGNodeFlags.h
index 16d76655e..a897d0c4f 100644
--- a/Source/JavaScriptCore/dfg/DFGNodeFlags.h
+++ b/Source/JavaScriptCore/dfg/DFGNodeFlags.h
@@ -59,6 +59,8 @@ namespace JSC { namespace DFG {
#define NodeUsedAsValue (NodeUsedAsNumber | NodeNeedsNegZero)
#define NodeUsedAsInt 0x1000 // The result of this computation is known to be used in a context that prefers, but does not require, integer values.
+#define NodeDoesNotExit 0x2000 // This flag is negated to make it natural for the default to be that a node does exit.
+
typedef uint16_t NodeFlags;
static inline bool nodeUsedAsNumber(NodeFlags flags)
diff --git a/Source/JavaScriptCore/dfg/DFGNodeType.h b/Source/JavaScriptCore/dfg/DFGNodeType.h
index 8a3828c31..091f96c6f 100644
--- a/Source/JavaScriptCore/dfg/DFGNodeType.h
+++ b/Source/JavaScriptCore/dfg/DFGNodeType.h
@@ -48,7 +48,9 @@ namespace JSC { namespace DFG {
macro(CreateThis, NodeResultJS) /* Note this is not MustGenerate since we're returning it anyway. */ \
macro(GetCallee, NodeResultJS) \
\
- /* Nodes for local variable access. */\
+ /* Nodes for local variable access. These nodes are linked together using Phi nodes. */\
+ /* Any two nodes that are part of the same Phi graph will share the same */\
+ /* VariableAccessData, and thus will share predictions. */\
macro(GetLocal, NodeResultJS) \
macro(SetLocal, 0) \
macro(Phantom, NodeMustGenerate) \
@@ -56,7 +58,12 @@ namespace JSC { namespace DFG {
macro(Phi, 0) \
macro(Flush, NodeMustGenerate) \
\
- /* Marker for arguments being set. */\
+ /* Get the value of a local variable, without linking into the VariableAccessData */\
+ /* network. This is only valid for variable accesses whose predictions originated */\
+ /* as something other than a local access, and thus had their own profiling. */\
+ macro(GetLocalUnlinked, NodeResultJS) \
+ \
+ /* Marker for an argument being set at the prologue of a function. */\
macro(SetArgument, 0) \
\
/* Hint that inlining begins here. No code is generated for this node. It's only */\
@@ -117,6 +124,7 @@ namespace JSC { namespace DFG {
macro(GetByOffset, NodeResultJS) \
macro(PutByOffset, NodeMustGenerate | NodeClobbersWorld) \
macro(GetArrayLength, NodeResultInt32) \
+ macro(GetArgumentsLength, NodeResultInt32) \
macro(GetStringLength, NodeResultInt32) \
macro(GetInt8ArrayLength, NodeResultInt32) \
macro(GetInt16ArrayLength, NodeResultInt32) \
@@ -180,7 +188,7 @@ namespace JSC { namespace DFG {
macro(IsString, NodeResultBoolean) \
macro(IsObject, NodeResultBoolean) \
macro(IsFunction, NodeResultBoolean) \
- macro(LogicalNot, NodeResultBoolean | NodeMightClobber) \
+ macro(LogicalNot, NodeResultBoolean) \
macro(ToPrimitive, NodeResultJS | NodeMustGenerate | NodeClobbersWorld) \
macro(StrCat, NodeResultJS | NodeMustGenerate | NodeHasVarArgs | NodeClobbersWorld) \
\
@@ -190,6 +198,16 @@ namespace JSC { namespace DFG {
macro(CreateActivation, NodeResultJS) \
macro(TearOffActivation, NodeMustGenerate) \
\
+ /* Nodes used for arguments. Similar to activation support, only it makes even less */\
+ /* sense. */\
+ macro(CreateArguments, NodeResultJS) \
+ macro(TearOffArguments, NodeMustGenerate) \
+ macro(GetMyArgumentsLength, NodeResultJS | NodeMustGenerate) \
+ macro(GetMyArgumentByVal, NodeResultJS | NodeMustGenerate) \
+ macro(GetMyArgumentsLengthSafe, NodeResultJS | NodeMustGenerate | NodeClobbersWorld) \
+ macro(GetMyArgumentByValSafe, NodeResultJS | NodeMustGenerate | NodeClobbersWorld) \
+ macro(CheckArgumentsNotCreated, NodeMustGenerate) \
+ \
/* Nodes for creating functions. */\
macro(NewFunctionNoCheck, NodeResultJS) \
macro(NewFunction, NodeResultJS) \
diff --git a/Source/JavaScriptCore/dfg/DFGOSREntry.cpp b/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
index 21c76c6fe..9a7bc96cc 100644
--- a/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
@@ -42,7 +42,6 @@ void* prepareOSREntry(ExecState* exec, CodeBlock* codeBlock, unsigned bytecodeIn
ASSERT(codeBlock->alternative());
ASSERT(codeBlock->alternative()->getJITType() == JITCode::BaselineJIT);
ASSERT(!codeBlock->jitCodeMap());
- ASSERT(codeBlock->numberOfDFGOSREntries());
#if ENABLE(JIT_VERBOSE_OSR)
dataLog("OSR in %p(%p) from bc#%u\n", codeBlock, codeBlock->alternative(), bytecodeIndex);
@@ -51,6 +50,13 @@ void* prepareOSREntry(ExecState* exec, CodeBlock* codeBlock, unsigned bytecodeIn
JSGlobalData* globalData = &exec->globalData();
OSREntryData* entry = codeBlock->dfgOSREntryDataForBytecodeIndex(bytecodeIndex);
+ if (!entry) {
+#if ENABLE(JIT_VERBOSE_OSR)
+ dataLog(" OSR failed because the entrypoint was optimized out.\n");
+#endif
+ return 0;
+ }
+
ASSERT(entry->m_bytecodeIndex == bytecodeIndex);
// The code below checks if it is safe to perform OSR entry. It may find
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExit.cpp b/Source/JavaScriptCore/dfg/DFGOSRExit.cpp
index 844be2a7c..bcb98a1ed 100644
--- a/Source/JavaScriptCore/dfg/DFGOSRExit.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSRExit.cpp
@@ -78,7 +78,16 @@ bool OSRExit::considerAddingAsFrequentExitSiteSlow(CodeBlock* dfgCodeBlock, Code
if (static_cast<double>(m_count) / dfgCodeBlock->speculativeFailCounter() <= Options::osrExitProminenceForFrequentExitSite)
return false;
- return baselineCodeBlockForOriginAndBaselineCodeBlock(m_codeOriginForExitProfile, profiledCodeBlock)->addFrequentExitSite(FrequentExitSite(m_codeOriginForExitProfile.bytecodeIndex, m_kind));
+ FrequentExitSite exitSite;
+
+ if (m_kind == ArgumentsEscaped) {
+ // Count this one globally. It doesn't matter where in the code block the arguments excaped;
+ // the fact that they did is not associated with any particular instruction.
+ exitSite = FrequentExitSite(m_kind);
+ } else
+ exitSite = FrequentExitSite(m_codeOriginForExitProfile.bytecodeIndex, m_kind);
+
+ return baselineCodeBlockForOriginAndBaselineCodeBlock(m_codeOrigin, profiledCodeBlock)->addFrequentExitSite(exitSite);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp
index a63f671bc..888a4a2c5 100644
--- a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.cpp
@@ -60,7 +60,7 @@ void compileOSRExit(ExecState* exec)
for (CodeOrigin codeOrigin = exit.m_codeOrigin; codeOrigin.inlineCallFrame; codeOrigin = codeOrigin.inlineCallFrame->caller) {
static_cast<FunctionExecutable*>(codeOrigin.inlineCallFrame->executable.get())
->baselineCodeBlockFor(codeOrigin.inlineCallFrame->isCall ? CodeForCall : CodeForConstruct)
- ->jitCompile(*globalData);
+ ->jitCompile(exec);
}
SpeculationRecovery* recovery = 0;
@@ -72,7 +72,7 @@ void compileOSRExit(ExecState* exec)
#endif
{
- AssemblyHelpers jit(globalData, codeBlock);
+ CCallHelpers jit(globalData, codeBlock);
OSRExitCompiler exitCompiler(jit);
jit.jitAssertHasValidCallFrame();
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h
index 523644982..86345b0eb 100644
--- a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h
+++ b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler.h
@@ -31,6 +31,7 @@
#if ENABLE(DFG_JIT)
#include "DFGAssemblyHelpers.h"
+#include "DFGCCallHelpers.h"
#include "DFGOSRExit.h"
#include "DFGOperations.h"
@@ -42,7 +43,7 @@ namespace DFG {
class OSRExitCompiler {
public:
- OSRExitCompiler(AssemblyHelpers& jit)
+ OSRExitCompiler(CCallHelpers& jit)
: m_jit(jit)
{
}
@@ -72,7 +73,7 @@ private:
void handleExitCounts(const OSRExit&);
- AssemblyHelpers& m_jit;
+ CCallHelpers& m_jit;
Vector<unsigned> m_poisonScratchIndices;
};
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp
index 3c7f27579..d773cb4ac 100644
--- a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp
@@ -90,13 +90,14 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
GPRReg scratch = GPRInfo::regT0;
if (scratch == exit.m_jsValueSource.base())
scratch = GPRInfo::regT1;
- EncodedJSValue* scratchBuffer = static_cast<EncodedJSValue*>(m_jit.globalData()->scratchBufferForSize(sizeof(uint32_t)));
- m_jit.store32(scratch, scratchBuffer);
+ ScratchBuffer* scratchBuffer = m_jit.globalData()->scratchBufferForSize(sizeof(uint32_t));
+ EncodedJSValue* scratchDataBuffer = static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer());
+ m_jit.store32(scratch, scratchDataBuffer);
m_jit.load32(exit.m_jsValueSource.asAddress(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), scratch);
m_jit.store32(scratch, &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.tag);
m_jit.load32(exit.m_jsValueSource.asAddress(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), scratch);
m_jit.store32(scratch, &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.payload);
- m_jit.load32(scratchBuffer, scratch);
+ m_jit.load32(scratchDataBuffer, scratch);
} else if (exit.m_jsValueSource.hasKnownTag()) {
m_jit.store32(AssemblyHelpers::TrustedImm32(exit.m_jsValueSource.tag()), &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.tag);
m_jit.store32(exit.m_jsValueSource.payloadGPR(), &bitwise_cast<EncodedValueDescriptor*>(bucket)->asBits.payload);
@@ -130,6 +131,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
bool haveFPRs = false;
bool haveConstants = false;
bool haveUndefined = false;
+ bool haveArguments = false;
for (int index = 0; index < exit.numberOfRecoveries(); ++index) {
const ValueRecovery& recovery = exit.valueRecovery(index);
@@ -193,13 +195,18 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
haveUndefined = true;
break;
+ case ArgumentsThatWereNotCreated:
+ haveArguments = true;
+ break;
+
default:
break;
}
}
unsigned scratchBufferLengthBeforeUInt32s = numberOfPoisonedVirtualRegisters + ((numberOfDisplacedVirtualRegisters * 2) <= GPRInfo::numberOfRegisters ? 0 : numberOfDisplacedVirtualRegisters);
- EncodedJSValue* scratchBuffer = static_cast<EncodedJSValue*>(m_jit.globalData()->scratchBufferForSize(sizeof(EncodedJSValue) * (scratchBufferLengthBeforeUInt32s + (haveUInt32s ? 2 : 0))));
+ ScratchBuffer* scratchBuffer = m_jit.globalData()->scratchBufferForSize(sizeof(EncodedJSValue) * (scratchBufferLengthBeforeUInt32s + (haveUInt32s ? 2 : 0)));
+ EncodedJSValue* scratchDataBuffer = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
// From here on, the code assumes that it is profitable to maximize the distance
// between when something is computed and when it is stored.
@@ -243,7 +250,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
case UnboxedInt32InGPR:
case UnboxedBooleanInGPR:
if (exit.isVariable(index) && poisonedVirtualRegisters[exit.variableForIndex(index)]) {
- m_jit.store32(recovery.gpr(), reinterpret_cast<char*>(scratchBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
+ m_jit.store32(recovery.gpr(), reinterpret_cast<char*>(scratchDataBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
m_poisonScratchIndices[exit.variableForIndex(index)] = currentPoisonIndex;
currentPoisonIndex++;
} else {
@@ -260,8 +267,8 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
break;
case InPair:
if (exit.isVariable(index) && poisonedVirtualRegisters[exit.variableForIndex(index)]) {
- m_jit.store32(recovery.tagGPR(), reinterpret_cast<char*>(scratchBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
- m_jit.store32(recovery.payloadGPR(), reinterpret_cast<char*>(scratchBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
+ m_jit.store32(recovery.tagGPR(), reinterpret_cast<char*>(scratchDataBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
+ m_jit.store32(recovery.payloadGPR(), reinterpret_cast<char*>(scratchDataBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
m_poisonScratchIndices[exit.variableForIndex(index)] = currentPoisonIndex;
currentPoisonIndex++;
} else {
@@ -270,7 +277,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
}
break;
case UInt32InGPR: {
- EncodedJSValue* myScratch = scratchBuffer + scratchBufferLengthBeforeUInt32s;
+ EncodedJSValue* myScratch = scratchDataBuffer + scratchBufferLengthBeforeUInt32s;
GPRReg addressGPR = GPRInfo::regT0;
if (addressGPR == recovery.gpr())
@@ -285,7 +292,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
m_jit.convertInt32ToDouble(recovery.gpr(), FPRInfo::fpRegT0);
m_jit.addDouble(AssemblyHelpers::AbsoluteAddress(&AssemblyHelpers::twoToThe32), FPRInfo::fpRegT0);
if (exit.isVariable(index) && poisonedVirtualRegisters[exit.variableForIndex(index)]) {
- m_jit.move(AssemblyHelpers::TrustedImmPtr(scratchBuffer + currentPoisonIndex), addressGPR);
+ m_jit.move(AssemblyHelpers::TrustedImmPtr(scratchDataBuffer + currentPoisonIndex), addressGPR);
m_jit.storeDouble(FPRInfo::fpRegT0, addressGPR);
} else
m_jit.storeDouble(FPRInfo::fpRegT0, AssemblyHelpers::addressFor((VirtualRegister)operand));
@@ -295,8 +302,8 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
positive.link(&m_jit);
if (exit.isVariable(index) && poisonedVirtualRegisters[exit.variableForIndex(index)]) {
- m_jit.store32(recovery.gpr(), reinterpret_cast<char*>(scratchBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
- m_jit.store32(AssemblyHelpers::TrustedImm32(JSValue::Int32Tag), reinterpret_cast<char*>(scratchBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
+ m_jit.store32(recovery.gpr(), reinterpret_cast<char*>(scratchDataBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
+ m_jit.store32(AssemblyHelpers::TrustedImm32(JSValue::Int32Tag), reinterpret_cast<char*>(scratchDataBuffer + currentPoisonIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
} else {
m_jit.store32(recovery.gpr(), AssemblyHelpers::payloadFor((VirtualRegister)operand));
m_jit.store32(AssemblyHelpers::TrustedImm32(JSValue::Int32Tag), AssemblyHelpers::tagFor((VirtualRegister)operand));
@@ -327,7 +334,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
if (recovery.technique() != InFPR)
continue;
if (exit.isVariable(index) && poisonedVirtualRegisters[exit.variableForIndex(index)]) {
- m_jit.storeDouble(recovery.fpr(), scratchBuffer + currentPoisonIndex);
+ m_jit.storeDouble(recovery.fpr(), scratchDataBuffer + currentPoisonIndex);
m_poisonScratchIndices[exit.variableForIndex(index)] = currentPoisonIndex;
currentPoisonIndex++;
} else
@@ -413,15 +420,15 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
case DisplacedInRegisterFile:
m_jit.load32(AssemblyHelpers::payloadFor(recovery.virtualRegister()), GPRInfo::regT0);
m_jit.load32(AssemblyHelpers::tagFor(recovery.virtualRegister()), GPRInfo::regT1);
- m_jit.store32(GPRInfo::regT0, reinterpret_cast<char*>(scratchBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
- m_jit.store32(GPRInfo::regT1, reinterpret_cast<char*>(scratchBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
+ m_jit.store32(GPRInfo::regT0, reinterpret_cast<char*>(scratchDataBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
+ m_jit.store32(GPRInfo::regT1, reinterpret_cast<char*>(scratchDataBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
scratchIndex++;
break;
case Int32DisplacedInRegisterFile:
case CellDisplacedInRegisterFile:
case BooleanDisplacedInRegisterFile:
m_jit.load32(AssemblyHelpers::payloadFor(recovery.virtualRegister()), GPRInfo::regT0);
- m_jit.store32(GPRInfo::regT0, reinterpret_cast<char*>(scratchBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
+ m_jit.store32(GPRInfo::regT0, reinterpret_cast<char*>(scratchDataBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
break;
default:
break;
@@ -433,24 +440,24 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
const ValueRecovery& recovery = exit.valueRecovery(index);
switch (recovery.technique()) {
case DisplacedInRegisterFile:
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag), GPRInfo::regT1);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + scratchIndex) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag), GPRInfo::regT1);
m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)exit.operandForIndex(index)));
m_jit.store32(GPRInfo::regT1, AssemblyHelpers::tagFor((VirtualRegister)exit.operandForIndex(index)));
scratchIndex++;
break;
case Int32DisplacedInRegisterFile:
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
m_jit.store32(AssemblyHelpers::TrustedImm32(JSValue::Int32Tag), AssemblyHelpers::tagFor((VirtualRegister)exit.operandForIndex(index)));
m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)exit.operandForIndex(index)));
break;
case CellDisplacedInRegisterFile:
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
m_jit.store32(AssemblyHelpers::TrustedImm32(JSValue::CellTag), AssemblyHelpers::tagFor((VirtualRegister)exit.operandForIndex(index)));
m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)exit.operandForIndex(index)));
break;
case BooleanDisplacedInRegisterFile:
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + scratchIndex++) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
m_jit.store32(AssemblyHelpers::TrustedImm32(JSValue::BooleanTag), AssemblyHelpers::tagFor((VirtualRegister)exit.operandForIndex(index)));
m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)exit.operandForIndex(index)));
break;
@@ -475,7 +482,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
case InGPR:
case UnboxedInt32InGPR:
case UnboxedBooleanInGPR: {
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)virtualRegister));
uint32_t tag = JSValue::EmptyValueTag;
if (recovery.technique() == InGPR)
@@ -491,8 +498,8 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
case InFPR:
case InPair:
case UInt32InGPR:
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
- m_jit.load32(reinterpret_cast<char*>(scratchBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag), GPRInfo::regT1);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0);
+ m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag), GPRInfo::regT1);
m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)virtualRegister));
m_jit.store32(GPRInfo::regT1, AssemblyHelpers::tagFor((VirtualRegister)virtualRegister));
break;
@@ -526,7 +533,71 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
}
}
- // 11) Adjust the old JIT's execute counter. Since we are exiting OSR, we know
+ // 11) Create arguments if necessary and place them into the appropriate aliased
+ // registers.
+
+ if (haveArguments) {
+ for (int index = 0; index < exit.numberOfRecoveries(); ++index) {
+ const ValueRecovery& recovery = exit.valueRecovery(index);
+ if (recovery.technique() != ArgumentsThatWereNotCreated)
+ continue;
+ int operand = exit.operandForIndex(index);
+ // Find the right inline call frame.
+ InlineCallFrame* inlineCallFrame = 0;
+ for (InlineCallFrame* current = exit.m_codeOrigin.inlineCallFrame;
+ current;
+ current = current->caller.inlineCallFrame) {
+ if (current->stackOffset <= operand) {
+ inlineCallFrame = current;
+ break;
+ }
+ }
+ int argumentsRegister = m_jit.argumentsRegisterFor(inlineCallFrame);
+
+ m_jit.load32(AssemblyHelpers::payloadFor(argumentsRegister), GPRInfo::regT0);
+ AssemblyHelpers::Jump haveArguments = m_jit.branch32(
+ AssemblyHelpers::NotEqual,
+ AssemblyHelpers::tagFor(argumentsRegister),
+ AssemblyHelpers::TrustedImm32(JSValue::EmptyValueTag));
+
+ if (inlineCallFrame) {
+ m_jit.setupArgumentsWithExecState(
+ AssemblyHelpers::TrustedImmPtr(inlineCallFrame));
+ m_jit.move(
+ AssemblyHelpers::TrustedImmPtr(
+ bitwise_cast<void*>(operationCreateInlinedArguments)),
+ GPRInfo::nonArgGPR0);
+ } else {
+ m_jit.setupArgumentsExecState();
+ m_jit.move(
+ AssemblyHelpers::TrustedImmPtr(
+ bitwise_cast<void*>(operationCreateArguments)),
+ GPRInfo::nonArgGPR0);
+ }
+ m_jit.call(GPRInfo::nonArgGPR0);
+ m_jit.store32(
+ AssemblyHelpers::TrustedImm32(JSValue::CellTag),
+ AssemblyHelpers::tagFor(argumentsRegister));
+ m_jit.store32(
+ GPRInfo::returnValueGPR,
+ AssemblyHelpers::payloadFor(argumentsRegister));
+ m_jit.store32(
+ AssemblyHelpers::TrustedImm32(JSValue::CellTag),
+ AssemblyHelpers::tagFor(unmodifiedArgumentsRegister(argumentsRegister)));
+ m_jit.store32(
+ GPRInfo::returnValueGPR,
+ AssemblyHelpers::payloadFor(unmodifiedArgumentsRegister(argumentsRegister)));
+ m_jit.move(GPRInfo::returnValueGPR, GPRInfo::regT0); // no-op move on almost all platforms.
+
+ haveArguments.link(&m_jit);
+ m_jit.store32(
+ AssemblyHelpers::TrustedImm32(JSValue::CellTag),
+ AssemblyHelpers::tagFor(operand));
+ m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor(operand));
+ }
+ }
+
+ // 12) Adjust the old JIT's execute counter. Since we are exiting OSR, we know
// that all new calls into this code will go to the new JIT, so the execute
// counter only affects call frames that performed OSR exit and call frames
// that were still executing the old JIT at the time of another call frame's
@@ -564,14 +635,14 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
handleExitCounts(exit);
- // 12) Load the result of the last bytecode operation into regT0.
+ // 13) Load the result of the last bytecode operation into regT0.
if (exit.m_lastSetOperand != std::numeric_limits<int>::max()) {
m_jit.load32(AssemblyHelpers::payloadFor((VirtualRegister)exit.m_lastSetOperand), GPRInfo::cachedResultRegister);
m_jit.load32(AssemblyHelpers::tagFor((VirtualRegister)exit.m_lastSetOperand), GPRInfo::cachedResultRegister2);
}
- // 13) Fix call frame (s).
+ // 14) Fix call frame (s).
ASSERT(m_jit.baselineCodeBlock()->getJITType() == JITCode::BaselineJIT);
m_jit.storePtr(AssemblyHelpers::TrustedImmPtr(m_jit.baselineCodeBlock()), AssemblyHelpers::addressFor((VirtualRegister)RegisterFile::CodeBlock));
@@ -610,7 +681,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
if (exit.m_codeOrigin.inlineCallFrame)
m_jit.addPtr(AssemblyHelpers::TrustedImm32(exit.m_codeOrigin.inlineCallFrame->stackOffset * sizeof(EncodedJSValue)), GPRInfo::callFrameRegister);
- // 14) Jump into the corresponding baseline JIT code.
+ // 15) Jump into the corresponding baseline JIT code.
CodeBlock* baselineCodeBlock = m_jit.baselineCodeBlockFor(exit.m_codeOrigin);
Vector<BytecodeAndMachineOffset>& decodedCodeMap = m_jit.decodedCodeMapFor(baselineCodeBlock);
diff --git a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp
index 86d47b90e..22b236115 100644
--- a/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp
@@ -127,6 +127,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
bool haveConstants = false;
bool haveUndefined = false;
bool haveUInt32s = false;
+ bool haveArguments = false;
for (int index = 0; index < exit.numberOfRecoveries(); ++index) {
const ValueRecovery& recovery = exit.valueRecovery(index);
@@ -184,6 +185,10 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
haveUndefined = true;
break;
+ case ArgumentsThatWereNotCreated:
+ haveArguments = true;
+ break;
+
default:
break;
}
@@ -210,7 +215,8 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
dataLog(" ");
#endif
- EncodedJSValue* scratchBuffer = static_cast<EncodedJSValue*>(m_jit.globalData()->scratchBufferForSize(sizeof(EncodedJSValue) * std::max(haveUInt32s ? 2u : 0u, numberOfPoisonedVirtualRegisters + (numberOfDisplacedVirtualRegisters <= GPRInfo::numberOfRegisters ? 0 : numberOfDisplacedVirtualRegisters))));
+ ScratchBuffer* scratchBuffer = m_jit.globalData()->scratchBufferForSize(sizeof(EncodedJSValue) * std::max(haveUInt32s ? 2u : 0u, numberOfPoisonedVirtualRegisters + (numberOfDisplacedVirtualRegisters <= GPRInfo::numberOfRegisters ? 0 : numberOfDisplacedVirtualRegisters)));
+ EncodedJSValue* scratchDataBuffer = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
// From here on, the code assumes that it is profitable to maximize the distance
// between when something is computed and when it is stored.
@@ -245,8 +251,8 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
if (addressGPR == recovery.gpr())
addressGPR = GPRInfo::regT1;
- m_jit.storePtr(addressGPR, scratchBuffer);
- m_jit.move(AssemblyHelpers::TrustedImmPtr(scratchBuffer + 1), addressGPR);
+ m_jit.storePtr(addressGPR, scratchDataBuffer);
+ m_jit.move(AssemblyHelpers::TrustedImmPtr(scratchDataBuffer + 1), addressGPR);
m_jit.storeDouble(FPRInfo::fpRegT0, addressGPR);
AssemblyHelpers::Jump positive = m_jit.branch32(AssemblyHelpers::GreaterThanOrEqual, recovery.gpr(), AssemblyHelpers::TrustedImm32(0));
@@ -264,7 +270,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
done.link(&m_jit);
m_jit.loadDouble(addressGPR, FPRInfo::fpRegT0);
- m_jit.loadPtr(scratchBuffer, addressGPR);
+ m_jit.loadPtr(scratchDataBuffer, addressGPR);
break;
}
@@ -289,7 +295,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
case UnboxedInt32InGPR:
case UInt32InGPR:
if (exit.isVariable(index) && poisonedVirtualRegisters[exit.variableForIndex(index)]) {
- m_jit.storePtr(recovery.gpr(), scratchBuffer + currentPoisonIndex);
+ m_jit.storePtr(recovery.gpr(), scratchDataBuffer + currentPoisonIndex);
m_poisonScratchIndices[exit.variableForIndex(index)] = currentPoisonIndex;
currentPoisonIndex++;
} else
@@ -323,7 +329,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
continue;
GPRReg gpr = GPRInfo::toRegister(FPRInfo::toIndex(recovery.fpr()));
if (exit.isVariable(index) && poisonedVirtualRegisters[exit.variableForIndex(index)]) {
- m_jit.storePtr(gpr, scratchBuffer + currentPoisonIndex);
+ m_jit.storePtr(gpr, scratchDataBuffer + currentPoisonIndex);
m_poisonScratchIndices[exit.variableForIndex(index)] = currentPoisonIndex;
currentPoisonIndex++;
} else
@@ -422,20 +428,20 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
switch (recovery.technique()) {
case DisplacedInRegisterFile:
m_jit.loadPtr(AssemblyHelpers::addressFor(recovery.virtualRegister()), GPRInfo::regT0);
- m_jit.storePtr(GPRInfo::regT0, scratchBuffer + scratchIndex++);
+ m_jit.storePtr(GPRInfo::regT0, scratchDataBuffer + scratchIndex++);
break;
case Int32DisplacedInRegisterFile: {
m_jit.load32(AssemblyHelpers::addressFor(recovery.virtualRegister()), GPRInfo::regT0);
m_jit.orPtr(GPRInfo::tagTypeNumberRegister, GPRInfo::regT0);
- m_jit.storePtr(GPRInfo::regT0, scratchBuffer + scratchIndex++);
+ m_jit.storePtr(GPRInfo::regT0, scratchDataBuffer + scratchIndex++);
break;
}
case DoubleDisplacedInRegisterFile: {
m_jit.loadPtr(AssemblyHelpers::addressFor(recovery.virtualRegister()), GPRInfo::regT0);
m_jit.subPtr(GPRInfo::tagTypeNumberRegister, GPRInfo::regT0);
- m_jit.storePtr(GPRInfo::regT0, scratchBuffer + scratchIndex++);
+ m_jit.storePtr(GPRInfo::regT0, scratchDataBuffer + scratchIndex++);
break;
}
@@ -451,7 +457,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
case DisplacedInRegisterFile:
case Int32DisplacedInRegisterFile:
case DoubleDisplacedInRegisterFile:
- m_jit.loadPtr(scratchBuffer + scratchIndex++, GPRInfo::regT0);
+ m_jit.loadPtr(scratchDataBuffer + scratchIndex++, GPRInfo::regT0);
m_jit.storePtr(GPRInfo::regT0, AssemblyHelpers::addressFor((VirtualRegister)exit.operandForIndex(index)));
break;
@@ -477,7 +483,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
case UnboxedInt32InGPR:
case UInt32InGPR:
case InFPR:
- m_jit.loadPtr(scratchBuffer + poisonIndex(virtualRegister), GPRInfo::regT0);
+ m_jit.loadPtr(scratchDataBuffer + poisonIndex(virtualRegister), GPRInfo::regT0);
m_jit.storePtr(GPRInfo::regT0, AssemblyHelpers::addressFor((VirtualRegister)virtualRegister));
break;
@@ -505,7 +511,58 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
}
}
- // 13) Adjust the old JIT's execute counter. Since we are exiting OSR, we know
+ // 13) Create arguments if necessary and place them into the appropriate aliased
+ // registers.
+
+ if (haveArguments) {
+ for (int index = 0; index < exit.numberOfRecoveries(); ++index) {
+ const ValueRecovery& recovery = exit.valueRecovery(index);
+ if (recovery.technique() != ArgumentsThatWereNotCreated)
+ continue;
+ int operand = exit.operandForIndex(index);
+ // Find the right inline call frame.
+ InlineCallFrame* inlineCallFrame = 0;
+ for (InlineCallFrame* current = exit.m_codeOrigin.inlineCallFrame;
+ current;
+ current = current->caller.inlineCallFrame) {
+ if (current->stackOffset <= operand) {
+ inlineCallFrame = current;
+ break;
+ }
+ }
+ int argumentsRegister = m_jit.argumentsRegisterFor(inlineCallFrame);
+
+ m_jit.loadPtr(AssemblyHelpers::addressFor(argumentsRegister), GPRInfo::regT0);
+ AssemblyHelpers::Jump haveArguments = m_jit.branchTestPtr(
+ AssemblyHelpers::NonZero, GPRInfo::regT0);
+
+ if (inlineCallFrame) {
+ m_jit.setupArgumentsWithExecState(
+ AssemblyHelpers::TrustedImmPtr(inlineCallFrame));
+ m_jit.move(
+ AssemblyHelpers::TrustedImmPtr(
+ bitwise_cast<void*>(operationCreateInlinedArguments)),
+ GPRInfo::nonArgGPR0);
+ } else {
+ m_jit.setupArgumentsExecState();
+ m_jit.move(
+ AssemblyHelpers::TrustedImmPtr(
+ bitwise_cast<void*>(operationCreateArguments)),
+ GPRInfo::nonArgGPR0);
+ }
+ m_jit.call(GPRInfo::nonArgGPR0);
+ m_jit.storePtr(GPRInfo::returnValueGPR, AssemblyHelpers::addressFor(argumentsRegister));
+ m_jit.storePtr(
+ GPRInfo::returnValueGPR,
+ AssemblyHelpers::addressFor(unmodifiedArgumentsRegister(argumentsRegister)));
+ m_jit.move(GPRInfo::returnValueGPR, GPRInfo::regT0); // no-op move on almost all platforms.
+
+ haveArguments.link(&m_jit);
+ m_jit.storePtr(GPRInfo::regT0, AssemblyHelpers::addressFor(operand));
+ }
+ }
+
+ // 14) Adjust the old JIT's execute counter. Since we are exiting OSR, we know
// that all new calls into this code will go to the new JIT, so the execute
// counter only affects call frames that performed OSR exit and call frames
// that were still executing the old JIT at the time of another call frame's
@@ -543,12 +600,12 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
handleExitCounts(exit);
- // 14) Load the result of the last bytecode operation into regT0.
+ // 15) Load the result of the last bytecode operation into regT0.
if (exit.m_lastSetOperand != std::numeric_limits<int>::max())
m_jit.loadPtr(AssemblyHelpers::addressFor((VirtualRegister)exit.m_lastSetOperand), GPRInfo::cachedResultRegister);
- // 15) Fix call frame(s).
+ // 16) Fix call frame(s).
ASSERT(m_jit.baselineCodeBlock()->getJITType() == JITCode::BaselineJIT);
m_jit.storePtr(AssemblyHelpers::TrustedImmPtr(m_jit.baselineCodeBlock()), AssemblyHelpers::addressFor((VirtualRegister)RegisterFile::CodeBlock));
@@ -584,7 +641,7 @@ void OSRExitCompiler::compileExit(const OSRExit& exit, SpeculationRecovery* reco
if (exit.m_codeOrigin.inlineCallFrame)
m_jit.addPtr(AssemblyHelpers::TrustedImm32(exit.m_codeOrigin.inlineCallFrame->stackOffset * sizeof(EncodedJSValue)), GPRInfo::callFrameRegister);
- // 16) Jump into the corresponding baseline JIT code.
+ // 17) Jump into the corresponding baseline JIT code.
CodeBlock* baselineCodeBlock = m_jit.baselineCodeBlockFor(exit.m_codeOrigin);
Vector<BytecodeAndMachineOffset>& decodedCodeMap = m_jit.decodedCodeMapFor(baselineCodeBlock);
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp
index 376902d97..f95b993d7 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp
@@ -26,6 +26,7 @@
#include "config.h"
#include "DFGOperations.h"
+#include "Arguments.h"
#include "CodeBlock.h"
#include "DFGOSRExit.h"
#include "DFGRepatch.h"
@@ -36,6 +37,7 @@
#include "JSActivation.h"
#include "JSGlobalData.h"
#include "JSStaticScopeObject.h"
+#include "NameInstance.h"
#include "Operations.h"
#if ENABLE(DFG_JIT)
@@ -139,19 +141,19 @@
#endif
#define P_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function) \
-void* DFG_OPERATION function##WithReturnAddress(ExecState*, ReturnAddressPtr); \
+void* DFG_OPERATION function##WithReturnAddress(ExecState*, ReturnAddressPtr) REFERENCED_FROM_ASM; \
FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_E(function)
#define J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function) \
-EncodedJSValue DFG_OPERATION function##WithReturnAddress(ExecState*, JSCell*, Identifier*, ReturnAddressPtr); \
+EncodedJSValue DFG_OPERATION function##WithReturnAddress(ExecState*, JSCell*, Identifier*, ReturnAddressPtr) REFERENCED_FROM_ASM; \
FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_ECI(function)
#define J_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function) \
-EncodedJSValue DFG_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, Identifier*, ReturnAddressPtr); \
+EncodedJSValue DFG_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, Identifier*, ReturnAddressPtr) REFERENCED_FROM_ASM; \
FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJI(function)
#define V_FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function) \
-void DFG_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, JSCell*, Identifier*, ReturnAddressPtr); \
+void DFG_OPERATION function##WithReturnAddress(ExecState*, EncodedJSValue, JSCell*, Identifier*, ReturnAddressPtr) REFERENCED_FROM_ASM; \
FUNCTION_WRAPPER_WITH_RETURN_ADDRESS_EJCI(function)
namespace JSC { namespace DFG {
@@ -200,6 +202,11 @@ ALWAYS_INLINE static void DFG_OPERATION operationPutByValInternal(ExecState* exe
}
}
+ if (isName(property)) {
+ PutPropertySlot slot(strict);
+ baseValue.put(exec, jsCast<NameInstance*>(property.asCell())->privateName(), value, slot);
+ return;
+ }
// Don't put to an object if toString throws an exception.
Identifier ident(exec, property.toString(exec)->value(exec));
@@ -307,6 +314,9 @@ EncodedJSValue DFG_OPERATION operationGetByVal(ExecState* exec, EncodedJSValue e
}
}
+ if (isName(property))
+ return JSValue::encode(baseValue.get(exec, jsCast<NameInstance*>(property.asCell())->privateName()));
+
Identifier ident(exec, property.toString(exec)->value(exec));
return JSValue::encode(baseValue.get(exec, ident));
}
@@ -330,6 +340,9 @@ EncodedJSValue DFG_OPERATION operationGetByValCell(ExecState* exec, JSCell* base
return JSValue::encode(result);
}
+ if (isName(property))
+ return JSValue::encode(JSValue(base).get(exec, jsCast<NameInstance*>(property.asCell())->privateName()));
+
Identifier ident(exec, property.toString(exec)->value(exec));
return JSValue::encode(JSValue(base).get(exec, ident));
}
@@ -979,20 +992,20 @@ EncodedJSValue DFG_OPERATION operationToPrimitive(ExecState* exec, EncodedJSValu
return JSValue::encode(JSValue::decode(value).toPrimitive(exec));
}
-EncodedJSValue DFG_OPERATION operationStrCat(ExecState* exec, void* start, size_t size)
+EncodedJSValue DFG_OPERATION operationStrCat(ExecState* exec, void* buffer, size_t size)
{
JSGlobalData* globalData = &exec->globalData();
NativeCallFrameTracer tracer(globalData, exec);
-
- return JSValue::encode(jsString(exec, static_cast<Register*>(start), size));
+
+ return JSValue::encode(jsString(exec, static_cast<Register*>(buffer), size));
}
-EncodedJSValue DFG_OPERATION operationNewArray(ExecState* exec, void* start, size_t size)
+EncodedJSValue DFG_OPERATION operationNewArray(ExecState* exec, void* buffer, size_t size)
{
JSGlobalData* globalData = &exec->globalData();
NativeCallFrameTracer tracer(globalData, exec);
-
- return JSValue::encode(constructArray(exec, static_cast<JSValue*>(start), size));
+
+ return JSValue::encode(constructArray(exec, static_cast<JSValue*>(buffer), size));
}
EncodedJSValue DFG_OPERATION operationNewArrayBuffer(ExecState* exec, size_t start, size_t size)
@@ -1025,13 +1038,73 @@ JSCell* DFG_OPERATION operationCreateActivation(ExecState* exec)
return activation;
}
-void DFG_OPERATION operationTearOffActivation(ExecState* exec, JSCell* activation)
+JSCell* DFG_OPERATION operationCreateArguments(ExecState* exec)
+{
+ // NB: This needs to be exceedingly careful with top call frame tracking, since it
+ // may be called from OSR exit, while the state of the call stack is bizarre.
+ Arguments* result = Arguments::create(exec->globalData(), exec);
+ ASSERT(!exec->globalData().exception);
+ return result;
+}
+
+JSCell* DFG_OPERATION operationCreateInlinedArguments(
+ ExecState* exec, InlineCallFrame* inlineCallFrame)
+{
+ // NB: This needs to be exceedingly careful with top call frame tracking, since it
+ // may be called from OSR exit, while the state of the call stack is bizarre.
+ Arguments* result = Arguments::create(exec->globalData(), exec, inlineCallFrame);
+ ASSERT(!exec->globalData().exception);
+ return result;
+}
+
+void DFG_OPERATION operationTearOffActivation(ExecState* exec, JSCell* activationCell, int32_t unmodifiedArgumentsRegister)
{
- ASSERT(activation);
- ASSERT(activation->inherits(&JSActivation::s_info));
JSGlobalData& globalData = exec->globalData();
NativeCallFrameTracer tracer(&globalData, exec);
- jsCast<JSActivation*>(activation)->tearOff(exec->globalData());
+ if (!activationCell) {
+ if (JSValue v = exec->uncheckedR(unmodifiedArgumentsRegister).jsValue()) {
+ if (!exec->codeBlock()->isStrictMode())
+ asArguments(v)->tearOff(exec);
+ }
+ return;
+ }
+ JSActivation* activation = jsCast<JSActivation*>(activationCell);
+ activation->tearOff(exec->globalData());
+ if (JSValue v = exec->uncheckedR(unmodifiedArgumentsRegister).jsValue())
+ asArguments(v)->didTearOffActivation(exec->globalData(), activation);
+}
+
+
+void DFG_OPERATION operationTearOffArguments(ExecState* exec, JSCell* argumentsCell)
+{
+ ASSERT(exec->codeBlock()->usesArguments());
+ ASSERT(!exec->codeBlock()->needsFullScopeChain());
+ asArguments(argumentsCell)->tearOff(exec);
+}
+
+void DFG_OPERATION operationTearOffInlinedArguments(
+ ExecState* exec, JSCell* argumentsCell, InlineCallFrame* inlineCallFrame)
+{
+ // This should only be called when the inline code block uses arguments but does not
+ // need a full scope chain. We could assert it, except that the assertion would be
+ // rather expensive and may cause side effects that would greatly diverge debug-mode
+ // behavior from release-mode behavior, since getting the code block of an inline
+ // call frame implies call frame reification.
+ asArguments(argumentsCell)->tearOff(exec, inlineCallFrame);
+}
+
+EncodedJSValue DFG_OPERATION operationGetArgumentsLength(ExecState* exec, int32_t argumentsRegister)
+{
+ Identifier ident(&exec->globalData(), "length");
+ JSValue baseValue = exec->uncheckedR(argumentsRegister).jsValue();
+ PropertySlot slot(baseValue);
+ return JSValue::encode(baseValue.get(exec, ident, slot));
+}
+
+EncodedJSValue DFG_OPERATION operationGetArgumentByVal(ExecState* exec, int32_t argumentsRegister, int32_t index)
+{
+ return JSValue::encode(
+ exec->uncheckedR(argumentsRegister).jsValue().get(exec, index));
}
JSCell* DFG_OPERATION operationNewFunction(ExecState* exec, JSCell* functionExecutable)
@@ -1129,7 +1202,7 @@ size_t DFG_OPERATION dfgConvertJSValueToBoolean(ExecState* exec, EncodedJSValue
JSGlobalData* globalData = &exec->globalData();
NativeCallFrameTracer tracer(globalData, exec);
- return JSValue::decode(encodedOp).toBoolean(exec);
+ return JSValue::decode(encodedOp).toBoolean();
}
#if DFG_ENABLE(VERBOSE_SPECULATION_FAILURE)
diff --git a/Source/JavaScriptCore/dfg/DFGOperations.h b/Source/JavaScriptCore/dfg/DFGOperations.h
index 601ed7665..03f198e9d 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.h
+++ b/Source/JavaScriptCore/dfg/DFGOperations.h
@@ -60,6 +60,7 @@ extern "C" {
I: Identifier*
G: GlobalResolveInfo*
*/
+typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_E)(ExecState*);
typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EA)(ExecState*, JSArray*);
typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_ECC)(ExecState*, JSCell*, JSCell*);
typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_ECI)(ExecState*, JSCell*, Identifier*);
@@ -75,9 +76,12 @@ typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EP)(ExecState*, void*);
typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EPP)(ExecState*, void*, void*);
typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EPS)(ExecState*, void*, size_t);
typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_ESS)(ExecState*, size_t, size_t);
+typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EZ)(ExecState*, int32_t);
+typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EZZ)(ExecState*, int32_t, int32_t);
typedef JSCell* DFG_OPERATION (*C_DFGOperation_E)(ExecState*);
typedef JSCell* DFG_OPERATION (*C_DFGOperation_EC)(ExecState*, JSCell*);
typedef JSCell* DFG_OPERATION (*C_DFGOperation_ECC)(ExecState*, JSCell*, JSCell*);
+typedef JSCell* DFG_OPERATION (*C_DFGOperation_EIcf)(ExecState*, InlineCallFrame*);
typedef double DFG_OPERATION (*D_DFGOperation_DD)(double, double);
typedef double DFG_OPERATION (*D_DFGOperation_ZZ)(int32_t, int32_t);
typedef double DFG_OPERATION (*D_DFGOperation_EJ)(ExecState*, EncodedJSValue);
@@ -87,12 +91,14 @@ typedef size_t DFG_OPERATION (*S_DFGOperation_EJ)(ExecState*, EncodedJSValue);
typedef size_t DFG_OPERATION (*S_DFGOperation_EJJ)(ExecState*, EncodedJSValue, EncodedJSValue);
typedef size_t DFG_OPERATION (*S_DFGOperation_J)(EncodedJSValue);
typedef void DFG_OPERATION (*V_DFGOperation_EAZJ)(ExecState*, JSArray*, int32_t, EncodedJSValue);
+typedef void DFG_OPERATION (*V_DFGOperation_EC)(ExecState*, JSCell*);
+typedef void DFG_OPERATION (*V_DFGOperation_ECIcf)(ExecState*, JSCell*, InlineCallFrame*);
typedef void DFG_OPERATION (*V_DFGOperation_ECJJ)(ExecState*, JSCell*, EncodedJSValue, EncodedJSValue);
+typedef void DFG_OPERATION (*V_DFGOperation_ECZ)(ExecState*, JSCell*, int32_t);
typedef void DFG_OPERATION (*V_DFGOperation_EJCI)(ExecState*, EncodedJSValue, JSCell*, Identifier*);
typedef void DFG_OPERATION (*V_DFGOperation_EJJJ)(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue);
typedef void DFG_OPERATION (*V_DFGOperation_EJPP)(ExecState*, EncodedJSValue, EncodedJSValue, void*);
typedef void DFG_OPERATION (*V_DFGOperation_EPZJ)(ExecState*, void*, int32_t, EncodedJSValue);
-typedef void DFG_OPERATION (V_DFGOperation_EC)(ExecState*, JSCell*);
typedef void* DFG_OPERATION (*P_DFGOperation_E)(ExecState*);
// These routines are provide callbacks out to C++ implementations of operations too complex to JIT.
@@ -114,8 +120,8 @@ EncodedJSValue DFG_OPERATION operationResolveBase(ExecState*, Identifier*);
EncodedJSValue DFG_OPERATION operationResolveBaseStrictPut(ExecState*, Identifier*);
EncodedJSValue DFG_OPERATION operationResolveGlobal(ExecState*, GlobalResolveInfo*, Identifier*);
EncodedJSValue DFG_OPERATION operationToPrimitive(ExecState*, EncodedJSValue);
-EncodedJSValue DFG_OPERATION operationStrCat(ExecState*, void* start, size_t);
-EncodedJSValue DFG_OPERATION operationNewArray(ExecState*, void* start, size_t);
+EncodedJSValue DFG_OPERATION operationStrCat(ExecState*, void*, size_t);
+EncodedJSValue DFG_OPERATION operationNewArray(ExecState*, void*, size_t);
EncodedJSValue DFG_OPERATION operationNewArrayBuffer(ExecState*, size_t, size_t);
EncodedJSValue DFG_OPERATION operationNewRegexp(ExecState*, void*);
void DFG_OPERATION operationPutByValStrict(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue);
@@ -153,7 +159,13 @@ void* DFG_OPERATION operationLinkCall(ExecState*);
void* DFG_OPERATION operationVirtualConstruct(ExecState*);
void* DFG_OPERATION operationLinkConstruct(ExecState*);
JSCell* DFG_OPERATION operationCreateActivation(ExecState*);
-void DFG_OPERATION operationTearOffActivation(ExecState*, JSCell*);
+JSCell* DFG_OPERATION operationCreateArguments(ExecState*);
+JSCell* DFG_OPERATION operationCreateInlinedArguments(ExecState*, InlineCallFrame*);
+void DFG_OPERATION operationTearOffActivation(ExecState*, JSCell*, int32_t unmodifiedArgumentsRegister);
+void DFG_OPERATION operationTearOffArguments(ExecState*, JSCell*);
+void DFG_OPERATION operationTearOffInlinedArguments(ExecState*, JSCell*, InlineCallFrame*);
+EncodedJSValue DFG_OPERATION operationGetArgumentsLength(ExecState*, int32_t);
+EncodedJSValue DFG_OPERATION operationGetArgumentByVal(ExecState*, int32_t, int32_t);
JSCell* DFG_OPERATION operationNewFunction(ExecState*, JSCell*);
JSCell* DFG_OPERATION operationNewFunctionExpression(ExecState*, JSCell*);
double DFG_OPERATION operationFModOnInts(int32_t, int32_t);
diff --git a/Source/JavaScriptCore/dfg/DFGPhase.cpp b/Source/JavaScriptCore/dfg/DFGPhase.cpp
index bae12b1cc..ecf669704 100644
--- a/Source/JavaScriptCore/dfg/DFGPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGPhase.cpp
@@ -28,6 +28,8 @@
#if ENABLE(DFG_JIT)
+#include "DFGValidate.h"
+
namespace JSC { namespace DFG {
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
@@ -40,6 +42,7 @@ void Phase::beginPhase()
void Phase::endPhase()
{
+ validate(m_graph, DumpGraph);
}
#endif
diff --git a/Source/JavaScriptCore/dfg/DFGPhase.h b/Source/JavaScriptCore/dfg/DFGPhase.h
index 1d344c0c3..6d13bcd25 100644
--- a/Source/JavaScriptCore/dfg/DFGPhase.h
+++ b/Source/JavaScriptCore/dfg/DFGPhase.h
@@ -73,10 +73,17 @@ private:
};
template<typename PhaseType>
-void runPhase(Graph& graph)
+bool runPhase(Graph& graph)
{
PhaseType phase(graph);
- phase.run();
+ return phase.run();
+}
+
+template<typename PhaseType, typename ArgumentType1>
+bool runPhase(Graph& graph, ArgumentType1 arg1)
+{
+ PhaseType phase(graph, arg1);
+ return phase.run();
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
index 53174604a..de01adb1f 100644
--- a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
@@ -40,7 +40,7 @@ public:
{
}
- void run()
+ bool run()
{
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
m_count = 0;
@@ -77,6 +77,8 @@ public:
doRoundOfDoubleVoting();
propagateBackward();
} while (m_changed);
+
+ return true;
}
private:
@@ -329,8 +331,29 @@ private:
changed |= m_graph[node.child2()].mergeFlags(flags);
break;
}
+
+ case ArithMul: {
+ PredictedType left = m_graph[node.child1()].prediction();
+ PredictedType right = m_graph[node.child2()].prediction();
+
+ if (left && right) {
+ if (m_graph.mulShouldSpeculateInteger(node))
+ changed |= mergePrediction(PredictInt32);
+ else
+ changed |= mergePrediction(PredictDouble);
+ }
+
+ // As soon as a multiply happens, we can easily end up in the part
+ // of the double domain where the point at which you do truncation
+ // can change the outcome. So, ArithMul always checks for overflow
+ // no matter what, and always forces its inputs to check as well.
+
+ flags |= NodeUsedAsNumber | NodeNeedsNegZero;
+ changed |= m_graph[node.child1()].mergeFlags(flags);
+ changed |= m_graph[node.child2()].mergeFlags(flags);
+ break;
+ }
- case ArithMul:
case ArithDiv: {
PredictedType left = m_graph[node.child1()].prediction();
PredictedType right = m_graph[node.child2()].prediction();
@@ -414,6 +437,17 @@ private:
break;
}
+ case GetMyArgumentByValSafe: {
+ changed |= mergePrediction(node.getHeapPrediction());
+ changed |= m_graph[node.child1()].mergeFlags(NodeUsedAsNumber | NodeUsedAsInt);
+ break;
+ }
+
+ case GetMyArgumentsLengthSafe: {
+ changed |= setPrediction(PredictInt32);
+ break;
+ }
+
case GetPropertyStorage:
case GetIndexedPropertyStorage: {
changed |= setPrediction(PredictOther);
@@ -553,6 +587,13 @@ private:
break;
}
+ case CreateArguments: {
+ // At this stage we don't try to predict whether the arguments are ours or
+ // someone else's. We could, but we don't, yet.
+ changed |= setPrediction(PredictArguments);
+ break;
+ }
+
case NewFunction:
case NewFunctionNoCheck:
case NewFunctionExpression: {
@@ -562,6 +603,7 @@ private:
case PutByValAlias:
case GetArrayLength:
+ case GetArgumentsLength:
case GetInt8ArrayLength:
case GetInt16ArrayLength:
case GetInt32ArrayLength:
@@ -573,7 +615,10 @@ private:
case GetFloat64ArrayLength:
case GetStringLength:
case Int32ToDouble:
- case DoubleAsInt32: {
+ case DoubleAsInt32:
+ case GetLocalUnlinked:
+ case GetMyArgumentsLength:
+ case GetMyArgumentByVal: {
// This node should never be visible at this stage of compilation. It is
// inserted by fixup(), which follows this phase.
ASSERT_NOT_REACHED();
@@ -619,7 +664,9 @@ private:
case CheckFunction:
case PutStructure:
case TearOffActivation:
+ case TearOffArguments:
case CheckNumber:
+ case CheckArgumentsNotCreated:
changed |= mergeDefaultFlags(node);
break;
@@ -751,7 +798,23 @@ private:
break;
}
- case ArithMul:
+ case ArithMul: {
+ PredictedType left = m_graph[node.child1()].prediction();
+ PredictedType right = m_graph[node.child2()].prediction();
+
+ VariableAccessData::Ballot ballot;
+
+ if (isNumberPrediction(left) && isNumberPrediction(right)
+ && !m_graph.mulShouldSpeculateInteger(node))
+ ballot = VariableAccessData::VoteDouble;
+ else
+ ballot = VariableAccessData::VoteValue;
+
+ vote(node.child1(), ballot);
+ vote(node.child2(), ballot);
+ break;
+ }
+
case ArithMin:
case ArithMax:
case ArithMod:
@@ -807,7 +870,7 @@ private:
if (!variableAccessData->isRoot())
continue;
if (operandIsArgument(variableAccessData->local())
- || m_graph.isCaptured(variableAccessData->local()))
+ || variableAccessData->isCaptured())
continue;
m_changed |= variableAccessData->tallyVotesForShouldUseDoubleFormat();
}
@@ -818,7 +881,7 @@ private:
if (!variableAccessData->isRoot())
continue;
if (operandIsArgument(variableAccessData->local())
- || m_graph.isCaptured(variableAccessData->local()))
+ || variableAccessData->isCaptured())
continue;
m_changed |= variableAccessData->makePredictionForDoubleFormat();
}
@@ -832,9 +895,9 @@ private:
#endif
};
-void performPredictionPropagation(Graph& graph)
+bool performPredictionPropagation(Graph& graph)
{
- runPhase<PredictionPropagationPhase>(graph);
+ return runPhase<PredictionPropagationPhase>(graph);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.h b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.h
index fe127136a..ae025cdeb 100644
--- a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.h
+++ b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.h
@@ -43,7 +43,7 @@ class Graph;
// arithmetic nodes) do not qualify for any of these categories. But after running
// this phase, we'll have full information for the expected type of each node.
-void performPredictionPropagation(Graph&);
+bool performPredictionPropagation(Graph&);
} } // namespace JSC::DFG::Phase
diff --git a/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.cpp b/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.cpp
index b16a72a7e..5453469fe 100644
--- a/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.cpp
@@ -39,7 +39,7 @@ public:
{
}
- void run()
+ bool run()
{
bool changed = false;
do {
@@ -63,7 +63,8 @@ public:
break;
}
}
-
+
+ return true;
}
private:
@@ -166,9 +167,9 @@ private:
};
-void performRedundantPhiElimination(Graph& graph)
+bool performRedundantPhiElimination(Graph& graph)
{
- runPhase<RedundantPhiEliminationPhase>(graph);
+ return runPhase<RedundantPhiEliminationPhase>(graph);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.h b/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.h
index 202ab4441..fd6634a88 100644
--- a/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.h
+++ b/Source/JavaScriptCore/dfg/DFGRedundantPhiEliminationPhase.h
@@ -39,7 +39,7 @@ class Graph;
// We inserted many can-be-redundant Phi nodes when building the graph.
// This phase will just remove them.
-void performRedundantPhiElimination(Graph&);
+bool performRedundantPhiElimination(Graph&);
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGScoreBoard.h b/Source/JavaScriptCore/dfg/DFGScoreBoard.h
index 578f2b147..430bdf552 100644
--- a/Source/JavaScriptCore/dfg/DFGScoreBoard.h
+++ b/Source/JavaScriptCore/dfg/DFGScoreBoard.h
@@ -120,12 +120,25 @@ public:
// Clear the use count & add to the free list.
m_used[index] = 0;
m_free.append(index);
+ } else {
+#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
+ dataLog(" Virtual register %u is at %u/%u uses.", index, m_used[index], node.refCount());
+#endif
}
}
void use(Edge child)
{
use(child.indexUnchecked());
}
+
+ void useIfHasResult(Edge child)
+ {
+ if (!child)
+ return;
+ if (!m_graph[child].hasResult())
+ return;
+ use(child);
+ }
unsigned highWatermark()
{
diff --git a/Source/JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h b/Source/JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h
new file mode 100644
index 000000000..ab99b014d
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGSilentRegisterSavePlan.h
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGSilentRegisterSavePlan_h
+#define DFGSilentRegisterSavePlan_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGCommon.h"
+#include "DFGFPRInfo.h"
+#include "DFGGPRInfo.h"
+
+namespace JSC { namespace DFG {
+
+enum SilentSpillAction {
+ DoNothingForSpill,
+ Store32Tag,
+ Store32Payload,
+ StorePtr,
+ StoreDouble
+};
+
+enum SilentFillAction {
+ DoNothingForFill,
+ SetInt32Constant,
+ SetBooleanConstant,
+ SetCellConstant,
+ SetTrustedJSConstant,
+ SetJSConstant,
+ SetJSConstantTag,
+ SetJSConstantPayload,
+ SetInt32Tag,
+ SetCellTag,
+ SetBooleanTag,
+ SetDoubleConstant,
+ Load32Tag,
+ Load32Payload,
+ Load32PayloadBoxInt,
+ LoadPtr,
+ LoadDouble,
+ LoadDoubleBoxDouble,
+ LoadJSUnboxDouble
+};
+
+class SilentRegisterSavePlan {
+public:
+ SilentRegisterSavePlan()
+ : m_spillAction(DoNothingForSpill)
+ , m_fillAction(DoNothingForFill)
+ , m_register(-1)
+ , m_nodeIndex(NoNode)
+ {
+ }
+
+ SilentRegisterSavePlan(
+ SilentSpillAction spillAction,
+ SilentFillAction fillAction,
+ NodeIndex nodeIndex,
+ GPRReg gpr)
+ : m_spillAction(spillAction)
+ , m_fillAction(fillAction)
+ , m_register(gpr)
+ , m_nodeIndex(nodeIndex)
+ {
+ }
+
+ SilentRegisterSavePlan(
+ SilentSpillAction spillAction,
+ SilentFillAction fillAction,
+ NodeIndex nodeIndex,
+ FPRReg fpr)
+ : m_spillAction(spillAction)
+ , m_fillAction(fillAction)
+ , m_register(fpr)
+ , m_nodeIndex(nodeIndex)
+ {
+ }
+
+ SilentSpillAction spillAction() const { return static_cast<SilentSpillAction>(m_spillAction); }
+ SilentFillAction fillAction() const { return static_cast<SilentFillAction>(m_fillAction); }
+
+ NodeIndex nodeIndex() const { return m_nodeIndex; }
+
+ GPRReg gpr() const { return static_cast<GPRReg>(m_register); }
+ FPRReg fpr() const { return static_cast<FPRReg>(m_register); }
+
+private:
+ int8_t m_spillAction;
+ int8_t m_fillAction;
+ int8_t m_register;
+ NodeIndex m_nodeIndex;
+};
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGSilentRegisterSavePlan_h
+
diff --git a/Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h b/Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h
new file mode 100644
index 000000000..fa1f888e0
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h
@@ -0,0 +1,496 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGSlowPathGenerator_h
+#define DFGSlowPathGenerator_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGCommon.h"
+#include "DFGSilentRegisterSavePlan.h"
+#include "DFGSpeculativeJIT.h"
+#include <wtf/FastAllocBase.h>
+#include <wtf/PassOwnPtr.h>
+
+namespace JSC { namespace DFG {
+
+class SlowPathGenerator {
+ WTF_MAKE_FAST_ALLOCATED;
+public:
+ SlowPathGenerator(SpeculativeJIT* jit)
+ : m_compileIndex(jit->m_compileIndex)
+ {
+ }
+ virtual ~SlowPathGenerator() { }
+ void generate(SpeculativeJIT* jit)
+ {
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("Generating slow path %p at offset 0x%x\n", this, jit->m_jit.debugOffset());
+#endif
+ m_label = jit->m_jit.label();
+ jit->m_compileIndex = m_compileIndex;
+ generateInternal(jit);
+#if !ASSERT_DISABLED
+ jit->m_jit.breakpoint(); // make sure that the generator jumps back to somewhere
+#endif
+ }
+ MacroAssembler::Label label() const { return m_label; }
+ virtual MacroAssembler::Call call() const
+ {
+ ASSERT_NOT_REACHED(); // By default slow path generators don't have a call.
+ return MacroAssembler::Call();
+ }
+protected:
+ virtual void generateInternal(SpeculativeJIT*) = 0;
+ MacroAssembler::Label m_label;
+ NodeIndex m_compileIndex;
+};
+
+template<typename JumpType>
+class JumpingSlowPathGenerator : public SlowPathGenerator {
+public:
+ JumpingSlowPathGenerator(JumpType from, SpeculativeJIT* jit)
+ : SlowPathGenerator(jit)
+ , m_from(from)
+ , m_to(jit->m_jit.label())
+ {
+ }
+
+protected:
+ void linkFrom(SpeculativeJIT* jit)
+ {
+ m_from.link(&jit->m_jit);
+ }
+
+ void jumpTo(SpeculativeJIT* jit)
+ {
+ jit->m_jit.jump().linkTo(m_to, &jit->m_jit);
+ }
+
+ JumpType m_from;
+ MacroAssembler::Label m_to;
+};
+
+template<typename JumpType, typename FunctionType, typename ResultType>
+class CallSlowPathGenerator : public JumpingSlowPathGenerator<JumpType> {
+public:
+ CallSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ SpillRegistersMode spillMode, ResultType result)
+ : JumpingSlowPathGenerator<JumpType>(from, jit)
+ , m_function(function)
+ , m_spillMode(spillMode)
+ , m_result(result)
+ {
+ if (m_spillMode == NeedToSpill)
+ jit->silentSpillAllRegistersImpl(false, m_plans, result);
+ }
+
+ virtual MacroAssembler::Call call() const
+ {
+ return m_call;
+ }
+
+protected:
+ void setUp(SpeculativeJIT* jit)
+ {
+ this->linkFrom(jit);
+ if (m_spillMode == NeedToSpill) {
+ for (unsigned i = 0; i < m_plans.size(); ++i)
+ jit->silentSpill(m_plans[i]);
+ }
+ }
+
+ void recordCall(MacroAssembler::Call call)
+ {
+ m_call = call;
+ }
+
+ void tearDown(SpeculativeJIT* jit)
+ {
+ if (m_spillMode == NeedToSpill) {
+ GPRReg canTrample = SpeculativeJIT::pickCanTrample(m_result);
+ for (unsigned i = m_plans.size(); i--;)
+ jit->silentFill(m_plans[i], canTrample);
+ }
+ this->jumpTo(jit);
+ }
+
+ FunctionType m_function;
+ SpillRegistersMode m_spillMode;
+ ResultType m_result;
+ MacroAssembler::Call m_call;
+ Vector<SilentRegisterSavePlan, 2> m_plans;
+};
+
+template<typename JumpType, typename FunctionType, typename ResultType>
+class CallResultAndNoArgumentsSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, FunctionType, ResultType> {
+public:
+ CallResultAndNoArgumentsSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ SpillRegistersMode spillMode, ResultType result)
+ : CallSlowPathGenerator<JumpType, FunctionType, ResultType>(
+ from, jit, function, spillMode, result)
+ {
+ }
+
+protected:
+ void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(jit->callOperation(this->m_function, this->m_result));
+ this->tearDown(jit);
+ }
+};
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1>
+class CallResultAndOneArgumentSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, FunctionType, ResultType> {
+public:
+ CallResultAndOneArgumentSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ SpillRegistersMode spillMode, ResultType result, ArgumentType1 argument1)
+ : CallSlowPathGenerator<JumpType, FunctionType, ResultType>(
+ from, jit, function, spillMode, result)
+ , m_argument1(argument1)
+ {
+ }
+
+protected:
+ void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(jit->callOperation(this->m_function, this->m_result, m_argument1));
+ this->tearDown(jit);
+ }
+
+ ArgumentType1 m_argument1;
+};
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2>
+class CallResultAndTwoArgumentsSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, FunctionType, ResultType> {
+public:
+ CallResultAndTwoArgumentsSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ SpillRegistersMode spillMode, ResultType result, ArgumentType1 argument1,
+ ArgumentType2 argument2)
+ : CallSlowPathGenerator<JumpType, FunctionType, ResultType>(
+ from, jit, function, spillMode, result)
+ , m_argument1(argument1)
+ , m_argument2(argument2)
+ {
+ }
+
+protected:
+ void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(jit->callOperation(this->m_function, this->m_result, m_argument1, m_argument2));
+ this->tearDown(jit);
+ }
+
+ ArgumentType1 m_argument1;
+ ArgumentType2 m_argument2;
+};
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2, typename ArgumentType3>
+class CallResultAndThreeArgumentsSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, FunctionType, ResultType> {
+public:
+ CallResultAndThreeArgumentsSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ SpillRegistersMode spillMode, ResultType result, ArgumentType1 argument1,
+ ArgumentType2 argument2, ArgumentType3 argument3)
+ : CallSlowPathGenerator<JumpType, FunctionType, ResultType>(
+ from, jit, function, spillMode, result)
+ , m_argument1(argument1)
+ , m_argument2(argument2)
+ , m_argument3(argument3)
+ {
+ }
+
+protected:
+ void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(
+ jit->callOperation(
+ this->m_function, this->m_result, m_argument1, m_argument2,
+ m_argument3));
+ this->tearDown(jit);
+ }
+
+ ArgumentType1 m_argument1;
+ ArgumentType2 m_argument2;
+ ArgumentType3 m_argument3;
+};
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2, typename ArgumentType3,
+ typename ArgumentType4>
+class CallResultAndFourArgumentsSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, FunctionType, ResultType> {
+public:
+ CallResultAndFourArgumentsSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ SpillRegistersMode spillMode, ResultType result, ArgumentType1 argument1,
+ ArgumentType2 argument2, ArgumentType3 argument3, ArgumentType4 argument4)
+ : CallSlowPathGenerator<JumpType, FunctionType, ResultType>(
+ from, jit, function, spillMode, result)
+ , m_argument1(argument1)
+ , m_argument2(argument2)
+ , m_argument3(argument3)
+ , m_argument4(argument4)
+ {
+ }
+
+protected:
+ void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(
+ jit->callOperation(
+ this->m_function, this->m_result, m_argument1, m_argument2,
+ m_argument3, m_argument4));
+ this->tearDown(jit);
+ }
+
+ ArgumentType1 m_argument1;
+ ArgumentType2 m_argument2;
+ ArgumentType3 m_argument3;
+ ArgumentType4 m_argument4;
+};
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2, typename ArgumentType3,
+ typename ArgumentType4, typename ArgumentType5>
+class CallResultAndFiveArgumentsSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, FunctionType, ResultType> {
+public:
+ CallResultAndFiveArgumentsSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ SpillRegistersMode spillMode, ResultType result, ArgumentType1 argument1,
+ ArgumentType2 argument2, ArgumentType3 argument3, ArgumentType4 argument4,
+ ArgumentType5 argument5)
+ : CallSlowPathGenerator<JumpType, FunctionType, ResultType>(
+ from, jit, function, spillMode, result)
+ , m_argument1(argument1)
+ , m_argument2(argument2)
+ , m_argument3(argument3)
+ , m_argument4(argument4)
+ , m_argument5(argument5)
+ {
+ }
+
+protected:
+ void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(
+ jit->callOperation(
+ this->m_function, this->m_result, m_argument1, m_argument2,
+ m_argument3, m_argument4, m_argument5));
+ this->tearDown(jit);
+ }
+
+ ArgumentType1 m_argument1;
+ ArgumentType2 m_argument2;
+ ArgumentType3 m_argument3;
+ ArgumentType4 m_argument4;
+ ArgumentType5 m_argument5;
+};
+
+template<typename JumpType, typename FunctionType, typename ResultType>
+inline PassOwnPtr<SlowPathGenerator> slowPathCall(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ ResultType result, SpillRegistersMode spillMode = NeedToSpill)
+{
+ return adoptPtr(
+ new CallResultAndNoArgumentsSlowPathGenerator<
+ JumpType, FunctionType, ResultType>(
+ from, jit, function, spillMode, result));
+}
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1>
+inline PassOwnPtr<SlowPathGenerator> slowPathCall(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ ResultType result, ArgumentType1 argument1,
+ SpillRegistersMode spillMode = NeedToSpill)
+{
+ return adoptPtr(
+ new CallResultAndOneArgumentSlowPathGenerator<
+ JumpType, FunctionType, ResultType, ArgumentType1>(
+ from, jit, function, spillMode, result, argument1));
+}
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2>
+inline PassOwnPtr<SlowPathGenerator> slowPathCall(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ ResultType result, ArgumentType1 argument1, ArgumentType2 argument2,
+ SpillRegistersMode spillMode = NeedToSpill)
+{
+ return adoptPtr(
+ new CallResultAndTwoArgumentsSlowPathGenerator<
+ JumpType, FunctionType, ResultType, ArgumentType1, ArgumentType2>(
+ from, jit, function, spillMode, result, argument1, argument2));
+}
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2, typename ArgumentType3>
+inline PassOwnPtr<SlowPathGenerator> slowPathCall(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ ResultType result, ArgumentType1 argument1, ArgumentType2 argument2,
+ ArgumentType3 argument3, SpillRegistersMode spillMode = NeedToSpill)
+{
+ return adoptPtr(
+ new CallResultAndThreeArgumentsSlowPathGenerator<
+ JumpType, FunctionType, ResultType, ArgumentType1, ArgumentType2,
+ ArgumentType3>(
+ from, jit, function, spillMode, result, argument1, argument2,
+ argument3));
+}
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2, typename ArgumentType3,
+ typename ArgumentType4>
+inline PassOwnPtr<SlowPathGenerator> slowPathCall(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ ResultType result, ArgumentType1 argument1, ArgumentType2 argument2,
+ ArgumentType3 argument3, ArgumentType4 argument4,
+ SpillRegistersMode spillMode = NeedToSpill)
+{
+ return adoptPtr(
+ new CallResultAndFourArgumentsSlowPathGenerator<
+ JumpType, FunctionType, ResultType, ArgumentType1, ArgumentType2,
+ ArgumentType3, ArgumentType4>(
+ from, jit, function, spillMode, result, argument1, argument2,
+ argument3, argument4));
+}
+
+template<
+ typename JumpType, typename FunctionType, typename ResultType,
+ typename ArgumentType1, typename ArgumentType2, typename ArgumentType3,
+ typename ArgumentType4, typename ArgumentType5>
+inline PassOwnPtr<SlowPathGenerator> slowPathCall(
+ JumpType from, SpeculativeJIT* jit, FunctionType function,
+ ResultType result, ArgumentType1 argument1, ArgumentType2 argument2,
+ ArgumentType3 argument3, ArgumentType4 argument4, ArgumentType5 argument5,
+ SpillRegistersMode spillMode = NeedToSpill)
+{
+ return adoptPtr(
+ new CallResultAndFiveArgumentsSlowPathGenerator<
+ JumpType, FunctionType, ResultType, ArgumentType1, ArgumentType2,
+ ArgumentType3, ArgumentType4, ArgumentType5>(
+ from, jit, function, spillMode, result, argument1, argument2,
+ argument3, argument4, argument5));
+}
+
+template<typename JumpType, typename DestinationType, typename SourceType, unsigned numberOfAssignments>
+class AssigningSlowPathGenerator : public JumpingSlowPathGenerator<JumpType> {
+public:
+ AssigningSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit,
+ DestinationType destination[numberOfAssignments],
+ SourceType source[numberOfAssignments])
+ : JumpingSlowPathGenerator<JumpType>(from, jit)
+ {
+ for (unsigned i = numberOfAssignments; i--;) {
+ m_destination[i] = destination[i];
+ m_source[i] = source[i];
+ }
+ }
+
+protected:
+ virtual void generateInternal(SpeculativeJIT* jit)
+ {
+ this->linkFrom(jit);
+ for (unsigned i = numberOfAssignments; i--;)
+ jit->m_jit.move(m_source[i], m_destination[i]);
+ this->jumpTo(jit);
+ }
+
+private:
+ DestinationType m_destination[numberOfAssignments];
+ SourceType m_source[numberOfAssignments];
+};
+
+template<typename JumpType, typename DestinationType, typename SourceType, unsigned numberOfAssignments>
+inline PassOwnPtr<SlowPathGenerator> slowPathMove(
+ JumpType from, SpeculativeJIT* jit, SourceType source[numberOfAssignments], DestinationType destination[numberOfAssignments])
+{
+ return adoptPtr(
+ new AssigningSlowPathGenerator<
+ JumpType, DestinationType, SourceType, numberOfAssignments>(
+ from, jit, destination, source));
+}
+
+template<typename JumpType, typename DestinationType, typename SourceType>
+inline PassOwnPtr<SlowPathGenerator> slowPathMove(
+ JumpType from, SpeculativeJIT* jit, SourceType source, DestinationType destination)
+{
+ SourceType sourceArray[1] = { source };
+ DestinationType destinationArray[1] = { destination };
+ return adoptPtr(
+ new AssigningSlowPathGenerator<
+ JumpType, DestinationType, SourceType, 1>(
+ from, jit, destinationArray, sourceArray));
+}
+
+template<typename JumpType, typename DestinationType, typename SourceType>
+inline PassOwnPtr<SlowPathGenerator> slowPathMove(
+ JumpType from, SpeculativeJIT* jit, SourceType source1, DestinationType destination1, SourceType source2, DestinationType destination2)
+{
+ SourceType sourceArray[2] = { source1, source2 };
+ DestinationType destinationArray[2] = { destination1, destination2 };
+ return adoptPtr(
+ new AssigningSlowPathGenerator<
+ JumpType, DestinationType, SourceType, 2>(
+ from, jit, destinationArray, sourceArray));
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLD(DFG_JIT)
+
+#endif // DFGSlowPathGenerator_h
+
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index 0bcee7510..db71fc01f 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -28,10 +28,46 @@
#if ENABLE(DFG_JIT)
+#include "Arguments.h"
+#include "DFGSlowPathGenerator.h"
#include "LinkBuffer.h"
namespace JSC { namespace DFG {
+SpeculativeJIT::SpeculativeJIT(JITCompiler& jit)
+ : m_compileOkay(true)
+ , m_jit(jit)
+ , m_compileIndex(0)
+ , m_indexInBlock(0)
+ , m_generationInfo(m_jit.codeBlock()->m_numCalleeRegisters)
+ , m_blockHeads(jit.graph().m_blocks.size())
+ , m_arguments(jit.codeBlock()->numParameters())
+ , m_variables(jit.graph().m_localVars)
+ , m_lastSetOperand(std::numeric_limits<int>::max())
+ , m_state(m_jit.graph())
+ , m_isCheckingArgumentTypes(false)
+{
+}
+
+SpeculativeJIT::~SpeculativeJIT()
+{
+ WTF::deleteAllValues(m_slowPathGenerators);
+}
+
+void SpeculativeJIT::addSlowPathGenerator(PassOwnPtr<SlowPathGenerator> slowPathGenerator)
+{
+ m_slowPathGenerators.append(slowPathGenerator.leakPtr());
+}
+
+void SpeculativeJIT::runSlowPathGenerators()
+{
+#if DFG_ENABLE(DEBUG_VERBOSE)
+ dataLog("Running %lu slow path generators.\n", m_slowPathGenerators.size());
+#endif
+ for (unsigned i = 0; i < m_slowPathGenerators.size(); ++i)
+ m_slowPathGenerators[i]->generate(this);
+}
+
// On Windows we need to wrap fmod; on other platforms we can call it directly.
// On ARMv7 we assert that all function pointers have to low bit set (point to thumb code).
#if CALLING_CONVENTION_IS_STDCALL || CPU(ARM_THUMB2)
@@ -768,6 +804,9 @@ void ValueSource::dump(FILE* out) const
case DoubleInRegisterFile:
fprintf(out, "Double");
break;
+ case ArgumentsSource:
+ fprintf(out, "Arguments");
+ break;
case HaveNode:
fprintf(out, "Node(%d)", m_nodeIndex);
break;
@@ -795,7 +834,7 @@ void SpeculativeJIT::compilePeepHoleObjectEquality(Node& node, NodeIndex branchN
MacroAssembler::RelationalCondition condition = MacroAssembler::Equal;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
condition = MacroAssembler::NotEqual;
BlockIndex tmp = taken;
taken = notTaken;
@@ -825,7 +864,7 @@ void SpeculativeJIT::compilePeepHoleIntegerBranch(Node& node, NodeIndex branchNo
// The branch instruction will branch to the taken block.
// If taken is next, switch taken with notTaken & invert the branch condition so we can fall through.
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
condition = JITCompiler::invert(condition);
BlockIndex tmp = taken;
taken = notTaken;
@@ -939,7 +978,7 @@ void SpeculativeJIT::compile(BasicBlock& block)
ASSERT(m_arguments.size() == block.variablesAtHead.numberOfArguments());
for (size_t i = 0; i < m_arguments.size(); ++i) {
NodeIndex nodeIndex = block.variablesAtHead.argument(i);
- if (nodeIndex == NoNode || m_jit.graph().argumentIsCaptured(i))
+ if (nodeIndex == NoNode || m_jit.codeBlock()->argumentIsCaptured(i))
m_arguments[i] = ValueSource(ValueInRegisterFile);
else
m_arguments[i] = ValueSource::forPrediction(at(nodeIndex).variableAccessData()->prediction());
@@ -951,10 +990,16 @@ void SpeculativeJIT::compile(BasicBlock& block)
ASSERT(m_variables.size() == block.variablesAtHead.numberOfLocals());
for (size_t i = 0; i < m_variables.size(); ++i) {
NodeIndex nodeIndex = block.variablesAtHead.local(i);
- if ((nodeIndex == NoNode || !at(nodeIndex).refCount()) && !m_jit.graph().localIsCaptured(i))
- m_variables[i] = ValueSource(SourceIsDead);
- else if (m_jit.graph().localIsCaptured(i))
+ // FIXME: Use the variable access data, not the first node in the block.
+ // https://bugs.webkit.org/show_bug.cgi?id=87205
+ if (m_jit.codeBlock()->localIsCaptured(at(block[0]).codeOrigin.inlineCallFrame, i))
m_variables[i] = ValueSource(ValueInRegisterFile);
+ else if (nodeIndex == NoNode)
+ m_variables[i] = ValueSource(SourceIsDead);
+ else if (at(nodeIndex).variableAccessData()->isArgumentsAlias())
+ m_variables[i] = ValueSource(ArgumentsSource);
+ else if (!at(nodeIndex).refCount())
+ m_variables[i] = ValueSource(SourceIsDead);
else if (at(nodeIndex).variableAccessData()->shouldUseDoubleFormat())
m_variables[i] = ValueSource(DoubleInRegisterFile);
else
@@ -1082,6 +1127,7 @@ void SpeculativeJIT::compile(BasicBlock& block)
void SpeculativeJIT::checkArgumentTypes()
{
ASSERT(!m_compileIndex);
+ m_isCheckingArgumentTypes = true;
m_codeOriginForOSR = CodeOrigin(0);
for (size_t i = 0; i < m_arguments.size(); ++i)
@@ -1231,6 +1277,7 @@ void SpeculativeJIT::checkArgumentTypes()
}
#endif
}
+ m_isCheckingArgumentTypes = false;
}
bool SpeculativeJIT::compile()
@@ -1241,8 +1288,11 @@ bool SpeculativeJIT::compile()
m_jit.move(TrustedImm32(0), GPRInfo::regT0);
ASSERT(!m_compileIndex);
- for (m_block = 0; m_block < m_jit.graph().m_blocks.size(); ++m_block)
- compile(*m_jit.graph().m_blocks[m_block]);
+ for (m_block = 0; m_block < m_jit.graph().m_blocks.size(); ++m_block) {
+ BasicBlock* block = m_jit.graph().m_blocks[m_block].get();
+ if (block)
+ compile(*block);
+ }
linkBranches();
return true;
}
@@ -1250,8 +1300,10 @@ bool SpeculativeJIT::compile()
void SpeculativeJIT::createOSREntries()
{
for (BlockIndex blockIndex = 0; blockIndex < m_jit.graph().m_blocks.size(); ++blockIndex) {
- BasicBlock& block = *m_jit.graph().m_blocks[blockIndex];
- if (!block.isOSRTarget)
+ BasicBlock* block = m_jit.graph().m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ if (!block->isOSRTarget)
continue;
// Currently we only need to create OSR entry trampolines when using edge code
@@ -1273,9 +1325,12 @@ void SpeculativeJIT::linkOSREntries(LinkBuffer& linkBuffer)
{
unsigned osrEntryIndex = 0;
for (BlockIndex blockIndex = 0; blockIndex < m_jit.graph().m_blocks.size(); ++blockIndex) {
- BasicBlock& block = *m_jit.graph().m_blocks[blockIndex];
- if (block.isOSRTarget)
- m_jit.noticeOSREntry(block, m_osrEntryHeads[osrEntryIndex++], linkBuffer);
+ BasicBlock* block = m_jit.graph().m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ if (!block->isOSRTarget)
+ continue;
+ m_jit.noticeOSREntry(*block, m_osrEntryHeads[osrEntryIndex++], linkBuffer);
}
ASSERT(osrEntryIndex == m_osrEntryHeads.size());
}
@@ -1300,13 +1355,18 @@ ValueRecovery SpeculativeJIT::computeValueRecoveryFor(const ValueSource& valueSo
case DoubleInRegisterFile:
return ValueRecovery::alreadyInRegisterFileAsUnboxedDouble();
+
+ case ArgumentsSource:
+ return ValueRecovery::argumentsThatWereNotCreated();
case HaveNode: {
if (isConstant(valueSource.nodeIndex()))
return ValueRecovery::constant(valueOfJSConstant(valueSource.nodeIndex()));
-
+
Node* nodePtr = &at(valueSource.nodeIndex());
if (!nodePtr->shouldGenerate()) {
+ if (nodePtr->op() == CreateArguments)
+ return ValueRecovery::argumentsThatWereNotCreated();
// It's legitimately dead. As in, nobody will ever use this node, or operand,
// ever. Set it to Undefined to make the GC happy after the OSR.
return ValueRecovery::constant(jsUndefined());
@@ -1591,13 +1651,10 @@ void SpeculativeJIT::compileValueToInt32(Node& node)
DoubleOperand op1(this, node.child1());
FPRReg fpr = op1.fpr();
GPRReg gpr = result.gpr();
- JITCompiler::Jump truncatedToInteger = m_jit.branchTruncateDoubleToInt32(fpr, gpr, JITCompiler::BranchIfTruncateSuccessful);
-
- silentSpillAllRegisters(gpr);
- callOperation(toInt32, gpr, fpr);
- silentFillAllRegisters(gpr);
+ JITCompiler::Jump notTruncatedToInteger = m_jit.branchTruncateDoubleToInt32(fpr, gpr, JITCompiler::BranchIfTruncateFailed);
+
+ addSlowPathGenerator(slowPathCall(notTruncatedToInteger, this, toInt32, gpr, fpr));
- truncatedToInteger.link(&m_jit);
integerResult(gpr, m_compileIndex);
return;
}
@@ -1613,7 +1670,8 @@ void SpeculativeJIT::compileValueToInt32(Node& node)
JITCompiler::Jump isInteger = m_jit.branchPtr(MacroAssembler::AboveOrEqual, gpr, GPRInfo::tagTypeNumberRegister);
- speculationCheck(BadType, JSValueRegs(gpr), node.child1().index(), m_jit.branchTestPtr(MacroAssembler::Zero, gpr, GPRInfo::tagTypeNumberRegister));
+ if (!isNumberPrediction(m_state.forNode(node.child1()).m_type))
+ speculationCheck(BadType, JSValueRegs(gpr), node.child1().index(), m_jit.branchTestPtr(MacroAssembler::Zero, gpr, GPRInfo::tagTypeNumberRegister));
// First, if we get here we have a double encoded as a JSValue
m_jit.move(gpr, resultGpr);
@@ -1649,7 +1707,8 @@ void SpeculativeJIT::compileValueToInt32(Node& node)
JITCompiler::Jump isInteger = m_jit.branch32(MacroAssembler::Equal, tagGPR, TrustedImm32(JSValue::Int32Tag));
- speculationCheck(BadType, JSValueRegs(tagGPR, payloadGPR), node.child1().index(), m_jit.branch32(MacroAssembler::AboveOrEqual, tagGPR, TrustedImm32(JSValue::LowestTag)));
+ if (!isNumberPrediction(m_state.forNode(node.child1()).m_type))
+ speculationCheck(BadType, JSValueRegs(tagGPR, payloadGPR), node.child1().index(), m_jit.branch32(MacroAssembler::AboveOrEqual, tagGPR, TrustedImm32(JSValue::LowestTag)));
unboxDouble(tagGPR, payloadGPR, fpr, scratch.fpr());
@@ -2008,17 +2067,14 @@ void SpeculativeJIT::compilePutByValForIntTypedArray(const TypedArrayDescriptor&
MacroAssembler::Jump fixed = m_jit.jump();
notNaN.link(&m_jit);
- MacroAssembler::Jump done;
+ MacroAssembler::Jump failed;
if (signedness == SignedTypedArray)
- done = m_jit.branchTruncateDoubleToInt32(fpr, gpr, MacroAssembler::BranchIfTruncateSuccessful);
+ failed = m_jit.branchTruncateDoubleToInt32(fpr, gpr, MacroAssembler::BranchIfTruncateFailed);
else
- done = m_jit.branchTruncateDoubleToUint32(fpr, gpr, MacroAssembler::BranchIfTruncateSuccessful);
-
- silentSpillAllRegisters(gpr);
- callOperation(toInt32, gpr, fpr);
- silentFillAllRegisters(gpr);
+ failed = m_jit.branchTruncateDoubleToUint32(fpr, gpr, MacroAssembler::BranchIfTruncateFailed);
+
+ addSlowPathGenerator(slowPathCall(failed, this, toInt32, gpr, fpr));
- done.link(&m_jit);
fixed.link(&m_jit);
value.adopt(result);
valueGPR = gpr;
@@ -2553,7 +2609,7 @@ void SpeculativeJIT::compileArithNegate(Node& node)
void SpeculativeJIT::compileArithMul(Node& node)
{
- if (Node::shouldSpeculateInteger(at(node.child1()), at(node.child2())) && node.canSpeculateInteger()) {
+ if (m_jit.graph().mulShouldSpeculateInteger(node)) {
SpeculateIntegerOperand op1(this, node.child1());
SpeculateIntegerOperand op2(this, node.child2());
GPRTemporary result(this);
@@ -2561,15 +2617,17 @@ void SpeculativeJIT::compileArithMul(Node& node)
GPRReg reg1 = op1.gpr();
GPRReg reg2 = op2.gpr();
- // What is unfortunate is that we cannot take advantage of nodeCanTruncateInteger()
- // here. A multiply on integers performed in the double domain and then truncated to
- // an integer will give a different result than a multiply performed in the integer
- // domain and then truncated, if the integer domain result would have resulted in
- // something bigger than what a 32-bit integer can hold. JavaScript mandates that
- // the semantics are always as if the multiply had been performed in the double
- // domain.
-
- speculationCheck(Overflow, JSValueRegs(), NoNode, m_jit.branchMul32(MacroAssembler::Overflow, reg1, reg2, result.gpr()));
+ // We can perform truncated multiplications if we get to this point, because if the
+ // fixup phase could not prove that it would be safe, it would have turned us into
+ // a double multiplication.
+ if (nodeCanTruncateInteger(node.arithNodeFlags())) {
+ m_jit.move(reg1, result.gpr());
+ m_jit.mul32(reg2, result.gpr());
+ } else {
+ speculationCheck(
+ Overflow, JSValueRegs(), NoNode,
+ m_jit.branchMul32(MacroAssembler::Overflow, reg1, reg2, result.gpr()));
+ }
// Check for negative zero, if the users of this node care about such things.
if (!nodeCanIgnoreNegativeZero(node.arithNodeFlags())) {
@@ -2772,7 +2830,7 @@ bool SpeculativeJIT::compileStrictEqForConstant(Node& node, Edge value, JSValue
// The branch instruction will branch to the taken block.
// If taken is next, switch taken with notTaken & invert the branch condition so we can fall through.
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
condition = MacroAssembler::NotEqual;
BlockIndex tmp = taken;
taken = notTaken;
@@ -2940,7 +2998,9 @@ void SpeculativeJIT::compileGetIndexedPropertyStorage(Node& node)
GPRTemporary storage(this);
GPRReg storageReg = storage.gpr();
- if (at(node.child1()).prediction() == PredictString) {
+ if (at(node.child1()).shouldSpeculateArguments()) {
+ ASSERT_NOT_REACHED();
+ } else if (at(node.child1()).prediction() == PredictString) {
if (!isStringPrediction(m_state.forNode(node.child1()).m_type))
speculationCheck(BadType, JSValueSource::unboxedCell(baseReg), node.child1(), m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(baseReg, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSString::s_info)));
@@ -3003,6 +3063,120 @@ void SpeculativeJIT::compileGetIndexedPropertyStorage(Node& node)
storageResult(storageReg, m_compileIndex);
}
+void SpeculativeJIT::compileGetByValOnArguments(Node& node)
+{
+ SpeculateCellOperand base(this, node.child1());
+ SpeculateStrictInt32Operand property(this, node.child2());
+ GPRTemporary result(this);
+#if USE(JSVALUE32_64)
+ GPRTemporary resultTag(this);
+#endif
+ GPRTemporary scratch(this);
+
+ GPRReg baseReg = base.gpr();
+ GPRReg propertyReg = property.gpr();
+ GPRReg resultReg = result.gpr();
+#if USE(JSVALUE32_64)
+ GPRReg resultTagReg = resultTag.gpr();
+#endif
+ GPRReg scratchReg = scratch.gpr();
+
+ if (!m_compileOkay)
+ return;
+
+ if (!isArgumentsPrediction(m_state.forNode(node.child1()).m_type)) {
+ speculationCheck(
+ BadType, JSValueSource::unboxedCell(baseReg), node.child1(),
+ m_jit.branchPtr(
+ MacroAssembler::NotEqual,
+ MacroAssembler::Address(baseReg, JSCell::classInfoOffset()),
+ MacroAssembler::TrustedImmPtr(&Arguments::s_info)));
+ }
+
+ m_jit.loadPtr(
+ MacroAssembler::Address(baseReg, Arguments::offsetOfData()),
+ scratchReg);
+
+ // Two really lame checks.
+ speculationCheck(
+ Uncountable, JSValueSource(), NoNode,
+ m_jit.branchPtr(
+ MacroAssembler::AboveOrEqual, propertyReg,
+ MacroAssembler::Address(scratchReg, OBJECT_OFFSETOF(ArgumentsData, numArguments))));
+ speculationCheck(
+ Uncountable, JSValueSource(), NoNode,
+ m_jit.branchTestPtr(
+ MacroAssembler::NonZero,
+ MacroAssembler::Address(
+ scratchReg, OBJECT_OFFSETOF(ArgumentsData, deletedArguments))));
+
+ m_jit.move(propertyReg, resultReg);
+ m_jit.neg32(resultReg);
+ m_jit.signExtend32ToPtr(resultReg, resultReg);
+ m_jit.loadPtr(
+ MacroAssembler::Address(scratchReg, OBJECT_OFFSETOF(ArgumentsData, registers)),
+ scratchReg);
+
+#if USE(JSVALUE32_64)
+ m_jit.load32(
+ MacroAssembler::BaseIndex(
+ scratchReg, resultReg, MacroAssembler::TimesEight,
+ CallFrame::thisArgumentOffset() * sizeof(Register) - sizeof(Register) +
+ OBJECT_OFFSETOF(JSValue, u.asBits.tag)),
+ resultTagReg);
+ m_jit.load32(
+ MacroAssembler::BaseIndex(
+ scratchReg, resultReg, MacroAssembler::TimesEight,
+ CallFrame::thisArgumentOffset() * sizeof(Register) - sizeof(Register) +
+ OBJECT_OFFSETOF(JSValue, u.asBits.payload)),
+ resultReg);
+ jsValueResult(resultTagReg, resultReg, m_compileIndex);
+#else
+ m_jit.loadPtr(
+ MacroAssembler::BaseIndex(
+ scratchReg, resultReg, MacroAssembler::TimesEight,
+ CallFrame::thisArgumentOffset() * sizeof(Register) - sizeof(Register)),
+ resultReg);
+ jsValueResult(resultReg, m_compileIndex);
+#endif
+}
+
+void SpeculativeJIT::compileGetArgumentsLength(Node& node)
+{
+ SpeculateCellOperand base(this, node.child1());
+ GPRTemporary result(this, base);
+
+ GPRReg baseReg = base.gpr();
+ GPRReg resultReg = result.gpr();
+
+ if (!m_compileOkay)
+ return;
+
+ if (!isArgumentsPrediction(m_state.forNode(node.child1()).m_type)) {
+ speculationCheck(
+ BadType, JSValueSource::unboxedCell(baseReg), node.child1(),
+ m_jit.branchPtr(
+ MacroAssembler::NotEqual,
+ MacroAssembler::Address(baseReg, JSCell::classInfoOffset()),
+ MacroAssembler::TrustedImmPtr(&Arguments::s_info)));
+ }
+
+ m_jit.loadPtr(
+ MacroAssembler::Address(baseReg, Arguments::offsetOfData()),
+ resultReg);
+
+ speculationCheck(
+ Uncountable, JSValueSource(), NoNode,
+ m_jit.branchTest8(
+ MacroAssembler::NonZero,
+ MacroAssembler::Address(resultReg, OBJECT_OFFSETOF(ArgumentsData, overrodeLength))));
+
+ m_jit.load32(
+ MacroAssembler::Address(resultReg, OBJECT_OFFSETOF(ArgumentsData, numArguments)),
+ resultReg);
+ integerResult(resultReg, m_compileIndex);
+}
+
void SpeculativeJIT::compileNewFunctionNoCheck(Node& node)
{
GPRResult result(this);
@@ -3038,7 +3212,7 @@ bool SpeculativeJIT::compileRegExpExec(Node& node)
BlockIndex notTaken = branchNode.notTakenBlockIndex();
bool invert = false;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
invert = true;
BlockIndex tmp = taken;
taken = notTaken;
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
index 6f8dc1156..912078a79 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
@@ -33,12 +33,14 @@
#include "DFGJITCompiler.h"
#include "DFGOSRExit.h"
#include "DFGOperations.h"
+#include "DFGSilentRegisterSavePlan.h"
#include "MarkedAllocator.h"
#include "ValueRecovery.h"
namespace JSC { namespace DFG {
class JSValueOperand;
+class SlowPathGenerator;
class SpeculativeJIT;
class SpeculateIntegerOperand;
class SpeculateStrictInt32Operand;
@@ -54,6 +56,7 @@ enum ValueSourceKind {
CellInRegisterFile,
BooleanInRegisterFile,
DoubleInRegisterFile,
+ ArgumentsSource,
SourceIsDead,
HaveNode
};
@@ -176,6 +179,7 @@ private:
public:
SpeculativeJIT(JITCompiler&);
+ ~SpeculativeJIT();
bool compile();
void createOSREntries();
@@ -190,6 +194,16 @@ public:
return at(nodeUse.index());
}
+ BlockIndex nextBlock()
+ {
+ for (BlockIndex result = m_block + 1; ; result++) {
+ if (result >= m_jit.graph().m_blocks.size())
+ return NoBlock;
+ if (m_jit.graph().m_blocks[result])
+ return result;
+ }
+ }
+
GPRReg fillInteger(NodeIndex, DataFormat& returnFormat);
FPRReg fillDouble(NodeIndex);
#if USE(JSVALUE64)
@@ -304,7 +318,10 @@ public:
// Called on an operand once it has been consumed by a parent node.
void use(NodeIndex nodeIndex)
{
- VirtualRegister virtualRegister = at(nodeIndex).virtualRegister();
+ Node& node = at(nodeIndex);
+ if (!node.hasResult())
+ return;
+ VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
// use() returns true when the value becomes dead, and any
@@ -355,7 +372,9 @@ public:
GPRReg fillSpeculateBoolean(NodeIndex);
GeneratedOperandType checkGeneratedTypeForToInt32(NodeIndex);
-private:
+ void addSlowPathGenerator(PassOwnPtr<SlowPathGenerator>);
+ void runSlowPathGenerators();
+
void compile(Node&);
void compileMovHint(Node&);
void compile(BasicBlock&);
@@ -369,243 +388,355 @@ private:
// they spill all live values to the appropriate
// slots in the RegisterFile without changing any state
// in the GenerationInfo.
- void silentSpillGPR(VirtualRegister spillMe, GPRReg source)
+ SilentRegisterSavePlan silentSavePlanForGPR(VirtualRegister spillMe, GPRReg source)
{
GenerationInfo& info = m_generationInfo[spillMe];
- ASSERT(info.registerFormat() != DataFormatNone);
- ASSERT(info.registerFormat() != DataFormatDouble);
-
- if (!info.needsSpill())
- return;
-
+ NodeIndex nodeIndex = info.nodeIndex();
+ Node& node = at(nodeIndex);
DataFormat registerFormat = info.registerFormat();
-
-#if USE(JSVALUE64)
- ASSERT(info.gpr() == source);
- if (registerFormat == DataFormatInteger)
- m_jit.store32(source, JITCompiler::addressFor(spillMe));
+ ASSERT(registerFormat != DataFormatNone);
+ ASSERT(registerFormat != DataFormatDouble);
+
+ SilentSpillAction spillAction;
+ SilentFillAction fillAction;
+
+ if (!info.needsSpill())
+ spillAction = DoNothingForSpill;
else {
- ASSERT(registerFormat & DataFormatJS || registerFormat == DataFormatCell || registerFormat == DataFormatStorage);
- m_jit.storePtr(source, JITCompiler::addressFor(spillMe));
- }
-#elif USE(JSVALUE32_64)
- if (registerFormat & DataFormatJS) {
- ASSERT(info.tagGPR() == source || info.payloadGPR() == source);
- m_jit.store32(source, source == info.tagGPR() ? JITCompiler::tagFor(spillMe) : JITCompiler::payloadFor(spillMe));
- } else {
+#if USE(JSVALUE64)
ASSERT(info.gpr() == source);
- m_jit.store32(source, JITCompiler::payloadFor(spillMe));
- }
+ if (registerFormat == DataFormatInteger)
+ spillAction = Store32Payload;
+ else {
+ ASSERT(registerFormat & DataFormatJS || registerFormat == DataFormatCell || registerFormat == DataFormatStorage);
+ spillAction = StorePtr;
+ }
+#elif USE(JSVALUE32_64)
+ if (registerFormat & DataFormatJS) {
+ ASSERT(info.tagGPR() == source || info.payloadGPR() == source);
+ spillAction = source == info.tagGPR() ? Store32Tag : Store32Payload;
+ } else {
+ ASSERT(info.gpr() == source);
+ spillAction = Store32Payload;
+ }
#endif
- }
- void silentSpillFPR(VirtualRegister spillMe, FPRReg source)
- {
- GenerationInfo& info = m_generationInfo[spillMe];
- ASSERT(info.registerFormat() == DataFormatDouble);
-
- if (!info.needsSpill()) {
- // it's either a constant or it's already been spilled
- ASSERT(at(info.nodeIndex()).hasConstant() || info.spillFormat() != DataFormatNone);
- return;
}
- // it's neither a constant nor has it been spilled.
- ASSERT(!at(info.nodeIndex()).hasConstant());
- ASSERT(info.spillFormat() == DataFormatNone);
- ASSERT(info.fpr() == source);
-
- m_jit.storeDouble(source, JITCompiler::addressFor(spillMe));
- }
-
- void silentFillGPR(VirtualRegister spillMe, GPRReg target)
- {
- GenerationInfo& info = m_generationInfo[spillMe];
-
- NodeIndex nodeIndex = info.nodeIndex();
- Node& node = at(nodeIndex);
- ASSERT(info.registerFormat() != DataFormatNone);
- ASSERT(info.registerFormat() != DataFormatDouble);
- DataFormat registerFormat = info.registerFormat();
-
if (registerFormat == DataFormatInteger) {
- ASSERT(info.gpr() == target);
+ ASSERT(info.gpr() == source);
ASSERT(isJSInteger(info.registerFormat()));
if (node.hasConstant()) {
ASSERT(isInt32Constant(nodeIndex));
- m_jit.move(Imm32(valueOfInt32Constant(nodeIndex)), target);
+ fillAction = SetInt32Constant;
} else
- m_jit.load32(JITCompiler::payloadFor(spillMe), target);
- return;
- }
-
- if (registerFormat == DataFormatBoolean) {
+ fillAction = Load32Payload;
+ } else if (registerFormat == DataFormatBoolean) {
#if USE(JSVALUE64)
ASSERT_NOT_REACHED();
+ fillAction = DoNothingForFill;
#elif USE(JSVALUE32_64)
- ASSERT(info.gpr() == target);
+ ASSERT(info.gpr() == source);
if (node.hasConstant()) {
ASSERT(isBooleanConstant(nodeIndex));
- m_jit.move(TrustedImm32(valueOfBooleanConstant(nodeIndex)), target);
+ fillAction = SetBooleanConstant;
} else
- m_jit.load32(JITCompiler::payloadFor(spillMe), target);
+ fillAction = Load32Payload;
#endif
- return;
- }
-
- if (registerFormat == DataFormatCell) {
- ASSERT(info.gpr() == target);
+ } else if (registerFormat == DataFormatCell) {
+ ASSERT(info.gpr() == source);
if (node.hasConstant()) {
JSValue value = valueOfJSConstant(nodeIndex);
- ASSERT(value.isCell());
- m_jit.move(TrustedImmPtr(value.asCell()), target);
- } else
- m_jit.loadPtr(JITCompiler::payloadFor(spillMe), target);
- return;
- }
-
- if (registerFormat == DataFormatStorage) {
- ASSERT(info.gpr() == target);
- m_jit.loadPtr(JITCompiler::addressFor(spillMe), target);
- return;
- }
-
- ASSERT(registerFormat & DataFormatJS);
+ ASSERT_UNUSED(value, value.isCell());
+ fillAction = SetCellConstant;
+ } else {
#if USE(JSVALUE64)
- ASSERT(info.gpr() == target);
- if (node.hasConstant()) {
- if (valueOfJSConstant(nodeIndex).isCell())
- m_jit.move(valueOfJSConstantAsImmPtr(nodeIndex).asTrustedImmPtr(), target);
- else
- m_jit.move(valueOfJSConstantAsImmPtr(nodeIndex), target);
- } else if (info.spillFormat() == DataFormatInteger) {
- ASSERT(registerFormat == DataFormatJSInteger);
- m_jit.load32(JITCompiler::payloadFor(spillMe), target);
- m_jit.orPtr(GPRInfo::tagTypeNumberRegister, target);
- } else if (info.spillFormat() == DataFormatDouble) {
- ASSERT(registerFormat == DataFormatJSDouble);
- m_jit.loadPtr(JITCompiler::addressFor(spillMe), target);
- m_jit.subPtr(GPRInfo::tagTypeNumberRegister, target);
- } else
- m_jit.loadPtr(JITCompiler::addressFor(spillMe), target);
+ fillAction = LoadPtr;
#else
- ASSERT(info.tagGPR() == target || info.payloadGPR() == target);
- if (node.hasConstant()) {
- JSValue v = valueOfJSConstant(nodeIndex);
- m_jit.move(info.tagGPR() == target ? Imm32(v.tag()) : Imm32(v.payload()), target);
- } else if (info.payloadGPR() == target)
- m_jit.load32(JITCompiler::payloadFor(spillMe), target);
- else { // Fill the Tag
- switch (info.spillFormat()) {
- case DataFormatInteger:
+ fillAction = Load32Payload;
+#endif
+ }
+ } else if (registerFormat == DataFormatStorage) {
+ ASSERT(info.gpr() == source);
+ fillAction = LoadPtr;
+ } else {
+ ASSERT(registerFormat & DataFormatJS);
+#if USE(JSVALUE64)
+ ASSERT(info.gpr() == source);
+ if (node.hasConstant()) {
+ if (valueOfJSConstant(nodeIndex).isCell())
+ fillAction = SetTrustedJSConstant;
+ else
+ fillAction = SetJSConstant;
+ } else if (info.spillFormat() == DataFormatInteger) {
ASSERT(registerFormat == DataFormatJSInteger);
- m_jit.move(TrustedImm32(JSValue::Int32Tag), target);
- break;
- case DataFormatCell:
- ASSERT(registerFormat == DataFormatJSCell);
- m_jit.move(TrustedImm32(JSValue::CellTag), target);
- break;
- case DataFormatBoolean:
- ASSERT(registerFormat == DataFormatJSBoolean);
- m_jit.move(TrustedImm32(JSValue::BooleanTag), target);
- break;
- default:
- m_jit.load32(JITCompiler::tagFor(spillMe), target);
- break;
+ fillAction = Load32PayloadBoxInt;
+ } else if (info.spillFormat() == DataFormatDouble) {
+ ASSERT(registerFormat == DataFormatJSDouble);
+ fillAction = LoadDoubleBoxDouble;
+ } else
+ fillAction = LoadPtr;
+#else
+ ASSERT(info.tagGPR() == source || info.payloadGPR() == source);
+ if (node.hasConstant())
+ fillAction = info.tagGPR() == source ? SetJSConstantTag : SetJSConstantPayload;
+ else if (info.payloadGPR() == source)
+ fillAction = Load32Payload;
+ else { // Fill the Tag
+ switch (info.spillFormat()) {
+ case DataFormatInteger:
+ ASSERT(registerFormat == DataFormatJSInteger);
+ fillAction = SetInt32Tag;
+ break;
+ case DataFormatCell:
+ ASSERT(registerFormat == DataFormatJSCell);
+ fillAction = SetCellTag;
+ break;
+ case DataFormatBoolean:
+ ASSERT(registerFormat == DataFormatJSBoolean);
+ fillAction = SetBooleanTag;
+ break;
+ default:
+ fillAction = Load32Tag;
+ break;
+ }
}
- }
#endif
+ }
+
+ return SilentRegisterSavePlan(spillAction, fillAction, nodeIndex, source);
}
-
- void silentFillFPR(VirtualRegister spillMe, GPRReg canTrample, FPRReg target)
+
+ SilentRegisterSavePlan silentSavePlanForFPR(VirtualRegister spillMe, FPRReg source)
{
GenerationInfo& info = m_generationInfo[spillMe];
- ASSERT(info.fpr() == target);
-
NodeIndex nodeIndex = info.nodeIndex();
Node& node = at(nodeIndex);
-#if USE(JSVALUE64)
ASSERT(info.registerFormat() == DataFormatDouble);
- if (node.hasConstant()) {
- ASSERT(isNumberConstant(nodeIndex));
- m_jit.move(ImmPtr(bitwise_cast<void*>(valueOfNumberConstant(nodeIndex))), canTrample);
- m_jit.movePtrToDouble(canTrample, target);
- return;
+ SilentSpillAction spillAction;
+ SilentFillAction fillAction;
+
+ if (!info.needsSpill())
+ spillAction = DoNothingForSpill;
+ else {
+ ASSERT(!at(info.nodeIndex()).hasConstant());
+ ASSERT(info.spillFormat() == DataFormatNone);
+ ASSERT(info.fpr() == source);
+ spillAction = StoreDouble;
}
- if (info.spillFormat() != DataFormatNone && info.spillFormat() != DataFormatDouble) {
+#if USE(JSVALUE64)
+ if (node.hasConstant()) {
+ ASSERT(isNumberConstant(nodeIndex));
+ fillAction = SetDoubleConstant;
+ } else if (info.spillFormat() != DataFormatNone && info.spillFormat() != DataFormatDouble) {
// it was already spilled previously and not as a double, which means we need unboxing.
ASSERT(info.spillFormat() & DataFormatJS);
- m_jit.loadPtr(JITCompiler::addressFor(spillMe), canTrample);
- unboxDouble(canTrample, target);
- return;
- }
-
- m_jit.loadDouble(JITCompiler::addressFor(spillMe), target);
+ fillAction = LoadJSUnboxDouble;
+ } else
+ fillAction = LoadDouble;
#elif USE(JSVALUE32_64)
- UNUSED_PARAM(canTrample);
ASSERT(info.registerFormat() == DataFormatDouble || info.registerFormat() == DataFormatJSDouble);
if (node.hasConstant()) {
ASSERT(isNumberConstant(nodeIndex));
- m_jit.loadDouble(addressOfDoubleConstant(nodeIndex), target);
+ fillAction = SetDoubleConstant;
} else
- m_jit.loadDouble(JITCompiler::addressFor(spillMe), target);
+ fillAction = LoadDouble;
#endif
- }
- void silentSpillAllRegisters(GPRReg exclude, GPRReg exclude2 = InvalidGPRReg)
+ return SilentRegisterSavePlan(spillAction, fillAction, nodeIndex, source);
+ }
+
+ void silentSpill(const SilentRegisterSavePlan& plan)
{
- for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
- GPRReg gpr = iter.regID();
- if (iter.name() != InvalidVirtualRegister && gpr != exclude && gpr != exclude2)
- silentSpillGPR(iter.name(), gpr);
+ switch (plan.spillAction()) {
+ case DoNothingForSpill:
+ break;
+ case Store32Tag:
+ m_jit.store32(plan.gpr(), JITCompiler::tagFor(at(plan.nodeIndex()).virtualRegister()));
+ break;
+ case Store32Payload:
+ m_jit.store32(plan.gpr(), JITCompiler::payloadFor(at(plan.nodeIndex()).virtualRegister()));
+ break;
+ case StorePtr:
+ m_jit.storePtr(plan.gpr(), JITCompiler::addressFor(at(plan.nodeIndex()).virtualRegister()));
+ break;
+ case StoreDouble:
+ m_jit.storeDouble(plan.fpr(), JITCompiler::addressFor(at(plan.nodeIndex()).virtualRegister()));
+ break;
+ default:
+ ASSERT_NOT_REACHED();
}
- for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
- if (iter.name() != InvalidVirtualRegister)
- silentSpillFPR(iter.name(), iter.regID());
+ }
+
+ void silentFill(const SilentRegisterSavePlan& plan, GPRReg canTrample)
+ {
+#if USE(JSVALUE32_64)
+ UNUSED_PARAM(canTrample);
+#endif
+ switch (plan.fillAction()) {
+ case DoNothingForFill:
+ break;
+ case SetInt32Constant:
+ m_jit.move(Imm32(valueOfInt32Constant(plan.nodeIndex())), plan.gpr());
+ break;
+ case SetBooleanConstant:
+ m_jit.move(TrustedImm32(valueOfBooleanConstant(plan.nodeIndex())), plan.gpr());
+ break;
+ case SetCellConstant:
+ m_jit.move(TrustedImmPtr(valueOfJSConstant(plan.nodeIndex()).asCell()), plan.gpr());
+ break;
+#if USE(JSVALUE64)
+ case SetTrustedJSConstant:
+ m_jit.move(valueOfJSConstantAsImmPtr(plan.nodeIndex()).asTrustedImmPtr(), plan.gpr());
+ break;
+ case SetJSConstant:
+ m_jit.move(valueOfJSConstantAsImmPtr(plan.nodeIndex()), plan.gpr());
+ break;
+ case SetDoubleConstant:
+ m_jit.move(ImmPtr(bitwise_cast<void*>(valueOfNumberConstant(plan.nodeIndex()))), canTrample);
+ m_jit.movePtrToDouble(canTrample, plan.fpr());
+ break;
+ case Load32PayloadBoxInt:
+ m_jit.load32(JITCompiler::payloadFor(at(plan.nodeIndex()).virtualRegister()), plan.gpr());
+ m_jit.orPtr(GPRInfo::tagTypeNumberRegister, plan.gpr());
+ break;
+ case LoadDoubleBoxDouble:
+ m_jit.loadPtr(JITCompiler::addressFor(at(plan.nodeIndex()).virtualRegister()), plan.gpr());
+ m_jit.subPtr(GPRInfo::tagTypeNumberRegister, plan.gpr());
+ break;
+ case LoadJSUnboxDouble:
+ m_jit.loadPtr(JITCompiler::addressFor(at(plan.nodeIndex()).virtualRegister()), canTrample);
+ unboxDouble(canTrample, plan.fpr());
+ break;
+#else
+ case SetJSConstantTag:
+ m_jit.move(Imm32(valueOfJSConstant(plan.nodeIndex()).tag()), plan.gpr());
+ break;
+ case SetJSConstantPayload:
+ m_jit.move(Imm32(valueOfJSConstant(plan.nodeIndex()).payload()), plan.gpr());
+ break;
+ case SetInt32Tag:
+ m_jit.move(TrustedImm32(JSValue::Int32Tag), plan.gpr());
+ break;
+ case SetCellTag:
+ m_jit.move(TrustedImm32(JSValue::CellTag), plan.gpr());
+ break;
+ case SetBooleanTag:
+ m_jit.move(TrustedImm32(JSValue::BooleanTag), plan.gpr());
+ break;
+ case SetDoubleConstant:
+ m_jit.loadDouble(addressOfDoubleConstant(plan.nodeIndex()), plan.fpr());
+ break;
+#endif
+ case Load32Tag:
+ m_jit.load32(JITCompiler::tagFor(at(plan.nodeIndex()).virtualRegister()), plan.gpr());
+ break;
+ case Load32Payload:
+ m_jit.load32(JITCompiler::payloadFor(at(plan.nodeIndex()).virtualRegister()), plan.gpr());
+ break;
+ case LoadPtr:
+ m_jit.loadPtr(JITCompiler::addressFor(at(plan.nodeIndex()).virtualRegister()), plan.gpr());
+ break;
+ case LoadDouble:
+ m_jit.loadDouble(JITCompiler::addressFor(at(plan.nodeIndex()).virtualRegister()), plan.fpr());
+ break;
+ default:
+ ASSERT_NOT_REACHED();
}
}
- void silentSpillAllRegisters(FPRReg exclude)
+
+ template<typename CollectionType>
+ void silentSpillAllRegistersImpl(bool doSpill, CollectionType& plans, GPRReg exclude, GPRReg exclude2 = InvalidGPRReg, FPRReg fprExclude = InvalidFPRReg)
{
+ ASSERT(plans.isEmpty());
for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
- if (iter.name() != InvalidVirtualRegister)
- silentSpillGPR(iter.name(), iter.regID());
+ GPRReg gpr = iter.regID();
+ if (iter.name() != InvalidVirtualRegister && gpr != exclude && gpr != exclude2) {
+ SilentRegisterSavePlan plan = silentSavePlanForGPR(iter.name(), gpr);
+ if (doSpill)
+ silentSpill(plan);
+ plans.append(plan);
+ }
}
for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
- FPRReg fpr = iter.regID();
- if (iter.name() != InvalidVirtualRegister && fpr != exclude)
- silentSpillFPR(iter.name(), fpr);
+ if (iter.name() != InvalidVirtualRegister && iter.regID() != fprExclude) {
+ SilentRegisterSavePlan plan = silentSavePlanForFPR(iter.name(), iter.regID());
+ if (doSpill)
+ silentSpill(plan);
+ plans.append(plan);
+ }
}
}
-
- void silentFillAllRegisters(GPRReg exclude, GPRReg exclude2 = InvalidGPRReg)
+ template<typename CollectionType>
+ void silentSpillAllRegistersImpl(bool doSpill, CollectionType& plans, NoResultTag)
{
- GPRReg canTrample = GPRInfo::regT0;
- if (exclude == GPRInfo::regT0)
- canTrample = GPRInfo::regT1;
-
- for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
- if (iter.name() != InvalidVirtualRegister)
- silentFillFPR(iter.name(), canTrample, iter.regID());
- }
- for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
- GPRReg gpr = iter.regID();
- if (iter.name() != InvalidVirtualRegister && gpr != exclude && gpr != exclude2)
- silentFillGPR(iter.name(), gpr);
+ silentSpillAllRegistersImpl(doSpill, plans, InvalidGPRReg, InvalidGPRReg, InvalidFPRReg);
+ }
+ template<typename CollectionType>
+ void silentSpillAllRegistersImpl(bool doSpill, CollectionType& plans, FPRReg exclude)
+ {
+ silentSpillAllRegistersImpl(doSpill, plans, InvalidGPRReg, InvalidGPRReg, exclude);
+ }
+#if USE(JSVALUE32_64)
+ template<typename CollectionType>
+ void silentSpillAllRegistersImpl(bool doSpill, CollectionType& plans, JSValueRegs exclude)
+ {
+ silentSpillAllRegistersImpl(doSpill, plans, exclude.tagGPR(), exclude.payloadGPR());
+ }
+#endif
+
+ void silentSpillAllRegisters(GPRReg exclude, GPRReg exclude2 = InvalidGPRReg, FPRReg fprExclude = InvalidFPRReg)
+ {
+ silentSpillAllRegistersImpl(true, m_plans, exclude, exclude2, fprExclude);
+ }
+ void silentSpillAllRegisters(FPRReg exclude)
+ {
+ silentSpillAllRegisters(InvalidGPRReg, InvalidGPRReg, exclude);
+ }
+
+ static GPRReg pickCanTrample(GPRReg exclude)
+ {
+ GPRReg result = GPRInfo::regT0;
+ if (result == exclude)
+ result = GPRInfo::regT1;
+ return result;
+ }
+ static GPRReg pickCanTrample(FPRReg)
+ {
+ return GPRInfo::regT0;
+ }
+ static GPRReg pickCanTrample(NoResultTag)
+ {
+ return GPRInfo::regT0;
+ }
+
+#if USE(JSVALUE32_64)
+ static GPRReg pickCanTrample(JSValueRegs exclude)
+ {
+ GPRReg result = GPRInfo::regT0;
+ if (result == exclude.tagGPR()) {
+ result = GPRInfo::regT1;
+ if (result == exclude.payloadGPR())
+ result = GPRInfo::regT2;
+ } else if (result == exclude.payloadGPR()) {
+ result = GPRInfo::regT1;
+ if (result == exclude.tagGPR())
+ result = GPRInfo::regT2;
}
+ return result;
}
- void silentFillAllRegisters(FPRReg exclude)
+#endif
+
+ template<typename RegisterType>
+ void silentFillAllRegisters(RegisterType exclude)
{
- GPRReg canTrample = GPRInfo::regT0;
+ GPRReg canTrample = pickCanTrample(exclude);
- for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
- FPRReg fpr = iter.regID();
- if (iter.name() != InvalidVirtualRegister && fpr != exclude)
- silentFillFPR(iter.name(), canTrample, fpr);
- }
- for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
- if (iter.name() != InvalidVirtualRegister)
- silentFillGPR(iter.name(), iter.regID());
+ while (!m_plans.isEmpty()) {
+ SilentRegisterSavePlan& plan = m_plans.last();
+ silentFill(plan, canTrample);
+ m_plans.removeLast();
}
}
@@ -887,12 +1018,11 @@ private:
void nonSpeculativeValueToInt32(Node&);
void nonSpeculativeUInt32ToNumber(Node&);
- enum SpillRegistersMode { NeedToSpill, DontSpill };
#if USE(JSVALUE64)
- JITCompiler::Call cachedGetById(CodeOrigin, GPRReg baseGPR, GPRReg resultGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
+ void cachedGetById(CodeOrigin, GPRReg baseGPR, GPRReg resultGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
void cachedPutById(CodeOrigin, GPRReg base, GPRReg value, Edge valueUse, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump());
#elif USE(JSVALUE32_64)
- JITCompiler::Call cachedGetById(CodeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
+ void cachedGetById(CodeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
void cachedPutById(CodeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, Edge valueUse, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump());
#endif
@@ -1082,6 +1212,11 @@ private:
// machine registers, and delegate the calling convention specific
// decision as to how to fill the regsiters to setupArguments* methods.
#if USE(JSVALUE64)
+ JITCompiler::Call callOperation(J_DFGOperation_E operation, GPRReg result)
+ {
+ m_jit.setupArgumentsExecState();
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
JITCompiler::Call callOperation(J_DFGOperation_EP operation, GPRReg result, void* pointer)
{
m_jit.setupArgumentsWithExecState(TrustedImmPtr(pointer));
@@ -1144,6 +1279,21 @@ private:
m_jit.setupArgumentsWithExecState(arg1);
return appendCallWithExceptionCheckSetResult(operation, result);
}
+ JITCompiler::Call callOperation(J_DFGOperation_EZ operation, GPRReg result, GPRReg arg1)
+ {
+ m_jit.setupArgumentsWithExecState(arg1);
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(J_DFGOperation_EZ operation, GPRReg result, int32_t arg1)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImm32(arg1));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(J_DFGOperation_EZZ operation, GPRReg result, int32_t arg1, GPRReg arg2)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImm32(arg1), arg2);
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
JITCompiler::Call callOperation(C_DFGOperation_E operation, GPRReg result)
{
m_jit.setupArgumentsExecState();
@@ -1164,6 +1314,11 @@ private:
m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(cell));
return appendCallWithExceptionCheckSetResult(operation, result);
}
+ JITCompiler::Call callOperation(C_DFGOperation_EIcf operation, GPRReg result, InlineCallFrame* inlineCallFrame)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(inlineCallFrame));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
JITCompiler::Call callOperation(S_DFGOperation_J operation, GPRReg result, GPRReg arg1)
{
m_jit.setupArguments(arg1);
@@ -1214,6 +1369,11 @@ private:
m_jit.setupArgumentsWithExecState(arg1);
return appendCallWithExceptionCheck(operation);
}
+ JITCompiler::Call callOperation(V_DFGOperation_ECIcf operation, GPRReg arg1, InlineCallFrame* arg2)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(arg2));
+ return appendCallWithExceptionCheck(operation);
+ }
JITCompiler::Call callOperation(V_DFGOperation_EJPP operation, GPRReg arg1, GPRReg arg2, void* pointer)
{
m_jit.setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(pointer));
@@ -1244,6 +1404,26 @@ private:
m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
return appendCallWithExceptionCheck(operation);
}
+ JITCompiler::Call callOperation(V_DFGOperation_ECZ operation, GPRReg arg1, int arg2)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImm32(arg2));
+ return appendCallWithExceptionCheck(operation);
+ }
+ template<typename FunctionType, typename ArgumentType1>
+ JITCompiler::Call callOperation(FunctionType operation, NoResultTag, ArgumentType1 arg1)
+ {
+ return callOperation(operation, arg1);
+ }
+ template<typename FunctionType, typename ArgumentType1, typename ArgumentType2>
+ JITCompiler::Call callOperation(FunctionType operation, NoResultTag, ArgumentType1 arg1, ArgumentType2 arg2)
+ {
+ return callOperation(operation, arg1, arg2);
+ }
+ template<typename FunctionType, typename ArgumentType1, typename ArgumentType2, typename ArgumentType3>
+ JITCompiler::Call callOperation(FunctionType operation, NoResultTag, ArgumentType1 arg1, ArgumentType2 arg2, ArgumentType3 arg3)
+ {
+ return callOperation(operation, arg1, arg2, arg3);
+ }
JITCompiler::Call callOperation(D_DFGOperation_EJ operation, FPRReg result, GPRReg arg1)
{
m_jit.setupArgumentsWithExecState(arg1);
@@ -1277,6 +1457,11 @@ private:
m_jit.zeroExtend32ToPtr(GPRInfo::returnValueGPR, result);
return call;
}
+ JITCompiler::Call callOperation(J_DFGOperation_E operation, GPRReg resultTag, GPRReg resultPayload)
+ {
+ m_jit.setupArgumentsExecState();
+ return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
+ }
JITCompiler::Call callOperation(J_DFGOperation_EP operation, GPRReg resultTag, GPRReg resultPayload, void* pointer)
{
m_jit.setupArgumentsWithExecState(TrustedImmPtr(pointer));
@@ -1352,6 +1537,21 @@ private:
m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag);
return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
}
+ JITCompiler::Call callOperation(J_DFGOperation_EZ operation, GPRReg resultTag, GPRReg resultPayload, GPRReg arg1)
+ {
+ m_jit.setupArgumentsWithExecState(arg1);
+ return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
+ }
+ JITCompiler::Call callOperation(J_DFGOperation_EZ operation, GPRReg resultTag, GPRReg resultPayload, int32_t arg1)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImm32(arg1));
+ return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
+ }
+ JITCompiler::Call callOperation(J_DFGOperation_EZZ operation, GPRReg resultTag, GPRReg resultPayload, int32_t arg1, GPRReg arg2)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImm32(arg1), arg2);
+ return appendCallWithExceptionCheckSetResult(operation, resultPayload, resultTag);
+ }
JITCompiler::Call callOperation(C_DFGOperation_E operation, GPRReg result)
{
m_jit.setupArgumentsExecState();
@@ -1372,6 +1572,11 @@ private:
m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(cell));
return appendCallWithExceptionCheckSetResult(operation, result);
}
+ JITCompiler::Call callOperation(C_DFGOperation_EIcf operation, GPRReg result, InlineCallFrame* inlineCallFrame)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(inlineCallFrame));
+ return appendCallWithExceptionCheckSetResult(operation, result);
+ }
JITCompiler::Call callOperation(S_DFGOperation_J operation, GPRReg result, GPRReg arg1Tag, GPRReg arg1Payload)
{
m_jit.setupArguments(arg1Payload, arg1Tag);
@@ -1422,6 +1627,11 @@ private:
m_jit.setupArgumentsWithExecState(arg1);
return appendCallWithExceptionCheck(operation);
}
+ JITCompiler::Call callOperation(V_DFGOperation_ECIcf operation, GPRReg arg1, InlineCallFrame* inlineCallFrame)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImmPtr(inlineCallFrame));
+ return appendCallWithExceptionCheck(operation);
+ }
JITCompiler::Call callOperation(V_DFGOperation_EJPP operation, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2, void* pointer)
{
m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, arg2, TrustedImmPtr(pointer));
@@ -1437,6 +1647,11 @@ private:
m_jit.setupArgumentsWithExecState(arg1, arg2Payload, arg2Tag, arg3Payload, arg3Tag);
return appendCallWithExceptionCheck(operation);
}
+ JITCompiler::Call callOperation(V_DFGOperation_ECZ operation, GPRReg arg1, int arg2)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, TrustedImm32(arg2));
+ return appendCallWithExceptionCheck(operation);
+ }
JITCompiler::Call callOperation(V_DFGOperation_EPZJ operation, GPRReg arg1, GPRReg arg2, GPRReg arg3Tag, GPRReg arg3Payload)
{
m_jit.setupArgumentsWithExecState(arg1, arg2, EABI_32BIT_DUMMY_ARG arg3Payload, arg3Tag);
@@ -1447,6 +1662,26 @@ private:
m_jit.setupArgumentsWithExecState(arg1, arg2, EABI_32BIT_DUMMY_ARG arg3Payload, arg3Tag);
return appendCallWithExceptionCheck(operation);
}
+ template<typename FunctionType, typename ArgumentType1>
+ JITCompiler::Call callOperation(FunctionType operation, NoResultTag, ArgumentType1 arg1)
+ {
+ return callOperation(operation, arg1);
+ }
+ template<typename FunctionType, typename ArgumentType1, typename ArgumentType2>
+ JITCompiler::Call callOperation(FunctionType operation, NoResultTag, ArgumentType1 arg1, ArgumentType2 arg2)
+ {
+ return callOperation(operation, arg1, arg2);
+ }
+ template<typename FunctionType, typename ArgumentType1, typename ArgumentType2, typename ArgumentType3, typename ArgumentType4>
+ JITCompiler::Call callOperation(FunctionType operation, NoResultTag, ArgumentType1 arg1, ArgumentType2 arg2, ArgumentType3 arg3, ArgumentType4 arg4)
+ {
+ return callOperation(operation, arg1, arg2, arg3, arg4);
+ }
+ template<typename FunctionType, typename ArgumentType1, typename ArgumentType2, typename ArgumentType3, typename ArgumentType4, typename ArgumentType5>
+ JITCompiler::Call callOperation(FunctionType operation, NoResultTag, ArgumentType1 arg1, ArgumentType2 arg2, ArgumentType3 arg3, ArgumentType4 arg4, ArgumentType5 arg5)
+ {
+ return callOperation(operation, arg1, arg2, arg3, arg4, arg5);
+ }
JITCompiler::Call callOperation(D_DFGOperation_EJ operation, FPRReg result, GPRReg arg1Tag, GPRReg arg1Payload)
{
@@ -1466,10 +1701,56 @@ private:
}
#undef EABI_32BIT_DUMMY_ARG
-
+
+ template<typename FunctionType>
+ JITCompiler::Call callOperation(
+ FunctionType operation, JSValueRegs result)
+ {
+ return callOperation(operation, result.tagGPR(), result.payloadGPR());
+ }
+ template<typename FunctionType, typename ArgumentType1>
+ JITCompiler::Call callOperation(
+ FunctionType operation, JSValueRegs result, ArgumentType1 arg1)
+ {
+ return callOperation(operation, result.tagGPR(), result.payloadGPR(), arg1);
+ }
+ template<typename FunctionType, typename ArgumentType1, typename ArgumentType2>
+ JITCompiler::Call callOperation(
+ FunctionType operation, JSValueRegs result, ArgumentType1 arg1, ArgumentType2 arg2)
+ {
+ return callOperation(operation, result.tagGPR(), result.payloadGPR(), arg1, arg2);
+ }
+ template<
+ typename FunctionType, typename ArgumentType1, typename ArgumentType2,
+ typename ArgumentType3>
+ JITCompiler::Call callOperation(
+ FunctionType operation, JSValueRegs result, ArgumentType1 arg1, ArgumentType2 arg2,
+ ArgumentType3 arg3)
+ {
+ return callOperation(operation, result.tagGPR(), result.payloadGPR(), arg1, arg2, arg3);
+ }
+ template<
+ typename FunctionType, typename ArgumentType1, typename ArgumentType2,
+ typename ArgumentType3, typename ArgumentType4>
+ JITCompiler::Call callOperation(
+ FunctionType operation, JSValueRegs result, ArgumentType1 arg1, ArgumentType2 arg2,
+ ArgumentType3 arg3, ArgumentType4 arg4)
+ {
+ return callOperation(operation, result.tagGPR(), result.payloadGPR(), arg1, arg2, arg3, arg4);
+ }
+ template<
+ typename FunctionType, typename ArgumentType1, typename ArgumentType2,
+ typename ArgumentType3, typename ArgumentType4, typename ArgumentType5>
+ JITCompiler::Call callOperation(
+ FunctionType operation, JSValueRegs result, ArgumentType1 arg1, ArgumentType2 arg2,
+ ArgumentType3 arg3, ArgumentType4 arg4, ArgumentType5 arg5)
+ {
+ return callOperation(
+ operation, result.tagGPR(), result.payloadGPR(), arg1, arg2, arg3, arg4, arg5);
+ }
#endif
-#ifndef NDEBUG
+#if !defined(NDEBUG) && !CPU(ARM_THUMB2)
void prepareForExternalCall()
{
for (unsigned i = 0; i < sizeof(void*) / 4; i++)
@@ -1689,7 +1970,7 @@ private:
{
if (haveEdgeCodeToEmit(destination))
emitEdgeCode(destination);
- if (destination == m_block + 1
+ if (destination == nextBlock()
&& fallThroughMode == AtFallThroughPoint)
return;
addBranch(m_jit.jump(), destination);
@@ -1774,6 +2055,10 @@ private:
void compileGetCharCodeAt(Node&);
void compileGetByValOnString(Node&);
+
+ void compileGetByValOnArguments(Node&);
+ void compileGetArgumentsLength(Node&);
+
void compileValueToInt32(Node&);
void compileUInt32ToNumber(Node&);
void compileDoubleAsInt32(Node&);
@@ -1863,21 +2148,25 @@ private:
{
if (!m_compileOkay)
return;
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
m_jit.codeBlock()->appendOSRExit(OSRExit(kind, jsValueSource, m_jit.graph().methodOfGettingAValueProfileFor(nodeIndex), jumpToFail, this));
}
void speculationCheck(ExitKind kind, JSValueSource jsValueSource, Edge nodeUse, MacroAssembler::Jump jumpToFail)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
speculationCheck(kind, jsValueSource, nodeUse.index(), jumpToFail);
}
// Add a set of speculation checks without additional recovery.
void speculationCheck(ExitKind kind, JSValueSource jsValueSource, NodeIndex nodeIndex, MacroAssembler::JumpList& jumpsToFail)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
Vector<MacroAssembler::Jump, 16> jumpVector = jumpsToFail.jumps();
for (unsigned i = 0; i < jumpVector.size(); ++i)
speculationCheck(kind, jsValueSource, nodeIndex, jumpVector[i]);
}
void speculationCheck(ExitKind kind, JSValueSource jsValueSource, Edge nodeUse, MacroAssembler::JumpList& jumpsToFail)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
speculationCheck(kind, jsValueSource, nodeUse.index(), jumpsToFail);
}
// Add a speculation check with additional recovery.
@@ -1885,15 +2174,18 @@ private:
{
if (!m_compileOkay)
return;
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
m_jit.codeBlock()->appendSpeculationRecovery(recovery);
m_jit.codeBlock()->appendOSRExit(OSRExit(kind, jsValueSource, m_jit.graph().methodOfGettingAValueProfileFor(nodeIndex), jumpToFail, this, m_jit.codeBlock()->numberOfSpeculationRecoveries()));
}
void speculationCheck(ExitKind kind, JSValueSource jsValueSource, Edge nodeUse, MacroAssembler::Jump jumpToFail, const SpeculationRecovery& recovery)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
speculationCheck(kind, jsValueSource, nodeUse.index(), jumpToFail, recovery);
}
void forwardSpeculationCheck(ExitKind kind, JSValueSource jsValueSource, NodeIndex nodeIndex, MacroAssembler::Jump jumpToFail, const ValueRecovery& valueRecovery)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
speculationCheck(kind, jsValueSource, nodeIndex, jumpToFail);
unsigned setLocalIndexInBlock = m_indexInBlock + 1;
@@ -1925,6 +2217,7 @@ private:
}
void forwardSpeculationCheck(ExitKind kind, JSValueSource jsValueSource, NodeIndex nodeIndex, MacroAssembler::JumpList& jumpsToFail, const ValueRecovery& valueRecovery)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
Vector<MacroAssembler::Jump, 16> jumpVector = jumpsToFail.jumps();
for (unsigned i = 0; i < jumpVector.size(); ++i)
forwardSpeculationCheck(kind, jsValueSource, nodeIndex, jumpVector[i], valueRecovery);
@@ -1933,6 +2226,7 @@ private:
// Called when we statically determine that a speculation will fail.
void terminateSpeculativeExecution(ExitKind kind, JSValueRegs jsValueRegs, NodeIndex nodeIndex)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("SpeculativeJIT was terminated.\n");
#endif
@@ -1943,6 +2237,7 @@ private:
}
void terminateSpeculativeExecution(ExitKind kind, JSValueRegs jsValueRegs, Edge nodeUse)
{
+ ASSERT(at(m_compileIndex).canExit() || m_isCheckingArgumentTypes);
terminateSpeculativeExecution(kind, jsValueRegs, nodeUse.index());
}
@@ -1985,8 +2280,8 @@ private:
return m_variables[operand];
}
- // The JIT, while also provides MacroAssembler functionality.
JITCompiler& m_jit;
+
// The current node being generated.
BlockIndex m_block;
NodeIndex m_compileIndex;
@@ -2018,6 +2313,11 @@ private:
AbstractState m_state;
+ bool m_isCheckingArgumentTypes;
+
+ Vector<SlowPathGenerator*, 8> m_slowPathGenerators; // doesn't use OwnPtr<> because I don't want to include DFGSlowPathGenerator.h
+ Vector<SilentRegisterSavePlan> m_plans;
+
ValueRecovery computeValueRecoveryFor(const ValueSource&);
ValueRecovery computeValueRecoveryFor(int operand)
@@ -2637,20 +2937,6 @@ private:
GPRReg m_gprOrInvalid;
};
-inline SpeculativeJIT::SpeculativeJIT(JITCompiler& jit)
- : m_compileOkay(true)
- , m_jit(jit)
- , m_compileIndex(0)
- , m_indexInBlock(0)
- , m_generationInfo(m_jit.codeBlock()->m_numCalleeRegisters)
- , m_blockHeads(jit.graph().m_blocks.size())
- , m_arguments(jit.codeBlock()->numParameters())
- , m_variables(jit.graph().m_localVars)
- , m_lastSetOperand(std::numeric_limits<int>::max())
- , m_state(m_jit.graph())
-{
-}
-
} } // namespace JSC::DFG
#endif
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
index 05c418d1e..637e335a3 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
@@ -29,6 +29,8 @@
#if ENABLE(DFG_JIT)
+#include "DFGSlowPathGenerator.h"
+
namespace JSC { namespace DFG {
#if USE(JSVALUE32_64)
@@ -356,6 +358,33 @@ bool SpeculativeJIT::fillJSValue(NodeIndex nodeIndex, GPRReg& tagGPR, GPRReg& pa
return true;
}
+class ValueToNumberSlowPathGenerator
+ : public CallSlowPathGenerator<MacroAssembler::Jump, D_DFGOperation_EJ, JSValueRegs> {
+public:
+ ValueToNumberSlowPathGenerator(
+ MacroAssembler::Jump from, SpeculativeJIT* jit,
+ GPRReg resultTagGPR, GPRReg resultPayloadGPR, GPRReg jsValueTagGPR, GPRReg jsValuePayloadGPR)
+ : CallSlowPathGenerator<MacroAssembler::Jump, D_DFGOperation_EJ, JSValueRegs>(
+ from, jit, dfgConvertJSValueToNumber, NeedToSpill, JSValueRegs(resultTagGPR, resultPayloadGPR))
+ , m_jsValueTagGPR(jsValueTagGPR)
+ , m_jsValuePayloadGPR(jsValuePayloadGPR)
+ {
+ }
+
+protected:
+ virtual void generateInternal(SpeculativeJIT* jit)
+ {
+ setUp(jit);
+ recordCall(jit->callOperation(dfgConvertJSValueToNumber, FPRInfo::returnValueFPR, m_jsValueTagGPR, m_jsValuePayloadGPR));
+ jit->boxDouble(FPRInfo::returnValueFPR, m_result.tagGPR(), m_result.payloadGPR());
+ tearDown(jit);
+ }
+
+private:
+ GPRReg m_jsValueTagGPR;
+ GPRReg m_jsValuePayloadGPR;
+};
+
void SpeculativeJIT::nonSpeculativeValueToNumber(Node& node)
{
if (isKnownNumeric(node.child1().index())) {
@@ -391,23 +420,12 @@ void SpeculativeJIT::nonSpeculativeValueToNumber(Node& node)
JITCompiler::Jump isInteger = m_jit.branch32(MacroAssembler::Equal, tagGPR, TrustedImm32(JSValue::Int32Tag));
JITCompiler::Jump nonNumeric = m_jit.branch32(MacroAssembler::AboveOrEqual, tagGPR, TrustedImm32(JSValue::LowestTag));
- // First, if we get here we have a double encoded as a JSValue
- JITCompiler::Jump hasUnboxedDouble = m_jit.jump();
-
- // Next handle cells (& other JS immediates)
- nonNumeric.link(&m_jit);
- silentSpillAllRegisters(resultTagGPR, resultPayloadGPR);
- callOperation(dfgConvertJSValueToNumber, FPRInfo::returnValueFPR, tagGPR, payloadGPR);
- boxDouble(FPRInfo::returnValueFPR, resultTagGPR, resultPayloadGPR);
- silentFillAllRegisters(resultTagGPR, resultPayloadGPR);
- JITCompiler::Jump hasCalledToNumber = m_jit.jump();
-
- // Finally, handle integers.
isInteger.link(&m_jit);
- hasUnboxedDouble.link(&m_jit);
m_jit.move(tagGPR, resultTagGPR);
m_jit.move(payloadGPR, resultPayloadGPR);
- hasCalledToNumber.link(&m_jit);
+
+ addSlowPathGenerator(adoptPtr(new ValueToNumberSlowPathGenerator(nonNumeric, this, resultTagGPR, resultPayloadGPR, tagGPR, payloadGPR)));
+
jsValueResult(resultTagGPR, resultPayloadGPR, m_compileIndex, UseChildrenCalledExplicitly);
}
@@ -430,13 +448,10 @@ void SpeculativeJIT::nonSpeculativeValueToInt32(Node& node)
FPRReg fpr = op1.fpr();
GPRReg gpr = result.gpr();
op1.use();
- JITCompiler::Jump truncatedToInteger = m_jit.branchTruncateDoubleToInt32(fpr, gpr, JITCompiler::BranchIfTruncateSuccessful);
+ JITCompiler::Jump notTruncatedToInteger = m_jit.branchTruncateDoubleToInt32(fpr, gpr, JITCompiler::BranchIfTruncateFailed);
- silentSpillAllRegisters(gpr);
- callOperation(toInt32, gpr, fpr);
- silentFillAllRegisters(gpr);
+ addSlowPathGenerator(slowPathCall(notTruncatedToInteger, this, toInt32, gpr, fpr));
- truncatedToInteger.link(&m_jit);
integerResult(gpr, m_compileIndex, UseChildrenCalledExplicitly);
return;
}
@@ -448,19 +463,12 @@ void SpeculativeJIT::nonSpeculativeValueToInt32(Node& node)
GPRReg resultGPR = result.gpr();
op1.use();
- JITCompiler::Jump isInteger = m_jit.branch32(MacroAssembler::Equal, tagGPR, TrustedImm32(JSValue::Int32Tag));
+ JITCompiler::Jump isNotInteger = m_jit.branch32(MacroAssembler::NotEqual, tagGPR, TrustedImm32(JSValue::Int32Tag));
- // First handle non-integers
- silentSpillAllRegisters(resultGPR);
- callOperation(dfgConvertJSValueToInt32, GPRInfo::returnValueGPR, tagGPR, payloadGPR);
- m_jit.move(GPRInfo::returnValueGPR, resultGPR);
- silentFillAllRegisters(resultGPR);
- JITCompiler::Jump hasCalledToInt32 = m_jit.jump();
-
- // Then handle integers.
- isInteger.link(&m_jit);
m_jit.move(payloadGPR, resultGPR);
- hasCalledToInt32.link(&m_jit);
+
+ addSlowPathGenerator(slowPathCall(isNotInteger, this, dfgConvertJSValueToInt32, resultGPR, tagGPR, payloadGPR));
+
integerResult(resultGPR, m_compileIndex, UseChildrenCalledExplicitly);
}
@@ -491,7 +499,7 @@ void SpeculativeJIT::nonSpeculativeUInt32ToNumber(Node& node)
jsValueResult(resultTag.gpr(), resultPayload.gpr(), m_compileIndex);
}
-JITCompiler::Call SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
+void SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
{
JITCompiler::DataLabelPtr structureToCompare;
JITCompiler::PatchableJump structureCheck = m_jit.patchableBranchPtrWithPatch(JITCompiler::NotEqual, JITCompiler::Address(basePayloadGPR, JSCell::structureOffset()), structureToCompare, JITCompiler::TrustedImmPtr(reinterpret_cast<void*>(-1)));
@@ -500,32 +508,50 @@ JITCompiler::Call SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg ba
JITCompiler::DataLabelCompact tagLoadWithPatch = m_jit.load32WithCompactAddressOffsetPatch(JITCompiler::Address(resultPayloadGPR, OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), resultTagGPR);
JITCompiler::DataLabelCompact payloadLoadWithPatch = m_jit.load32WithCompactAddressOffsetPatch(JITCompiler::Address(resultPayloadGPR, OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), resultPayloadGPR);
- JITCompiler::Jump done = m_jit.jump();
-
- structureCheck.m_jump.link(&m_jit);
-
- if (slowPathTarget.isSet())
- slowPathTarget.link(&m_jit);
-
- JITCompiler::Label slowCase = m_jit.label();
-
- if (spillMode == NeedToSpill)
- silentSpillAllRegisters(resultTagGPR, resultPayloadGPR);
- JITCompiler::Call functionCall;
- if (baseTagGPROrNone == InvalidGPRReg)
- functionCall = callOperation(operationGetByIdOptimize, resultTagGPR, resultPayloadGPR, JSValue::CellTag, basePayloadGPR, identifier(identifierNumber));
- else
- functionCall = callOperation(operationGetByIdOptimize, resultTagGPR, resultPayloadGPR, baseTagGPROrNone, basePayloadGPR, identifier(identifierNumber));
- if (spillMode == NeedToSpill)
- silentFillAllRegisters(resultTagGPR, resultPayloadGPR);
-
- done.link(&m_jit);
-
JITCompiler::Label doneLabel = m_jit.label();
- m_jit.addPropertyAccess(PropertyAccessRecord(codeOrigin, structureToCompare, functionCall, structureCheck, tagLoadWithPatch, payloadLoadWithPatch, slowCase, doneLabel, safeCast<int8_t>(basePayloadGPR), safeCast<int8_t>(resultTagGPR), safeCast<int8_t>(resultPayloadGPR), safeCast<int8_t>(scratchGPR), spillMode == NeedToSpill ? PropertyAccessRecord::RegistersInUse : PropertyAccessRecord::RegistersFlushed));
-
- return functionCall;
+ OwnPtr<SlowPathGenerator> slowPath;
+ if (baseTagGPROrNone == InvalidGPRReg) {
+ if (!slowPathTarget.isSet()) {
+ slowPath = slowPathCall(
+ structureCheck.m_jump, this, operationGetByIdOptimize,
+ JSValueRegs(resultTagGPR, resultPayloadGPR),
+ static_cast<int32_t>(JSValue::CellTag), basePayloadGPR,
+ identifier(identifierNumber));
+ } else {
+ JITCompiler::JumpList slowCases;
+ slowCases.append(structureCheck.m_jump);
+ slowCases.append(slowPathTarget);
+ slowPath = slowPathCall(
+ slowCases, this, operationGetByIdOptimize,
+ JSValueRegs(resultTagGPR, resultPayloadGPR),
+ static_cast<int32_t>(JSValue::CellTag), basePayloadGPR,
+ identifier(identifierNumber));
+ }
+ } else {
+ if (!slowPathTarget.isSet()) {
+ slowPath = slowPathCall(
+ structureCheck.m_jump, this, operationGetByIdOptimize,
+ JSValueRegs(resultTagGPR, resultPayloadGPR), baseTagGPROrNone, basePayloadGPR,
+ identifier(identifierNumber));
+ } else {
+ JITCompiler::JumpList slowCases;
+ slowCases.append(structureCheck.m_jump);
+ slowCases.append(slowPathTarget);
+ slowPath = slowPathCall(
+ slowCases, this, operationGetByIdOptimize,
+ JSValueRegs(resultTagGPR, resultPayloadGPR), baseTagGPROrNone, basePayloadGPR,
+ identifier(identifierNumber));
+ }
+ }
+ m_jit.addPropertyAccess(
+ PropertyAccessRecord(
+ codeOrigin, structureToCompare, structureCheck,
+ tagLoadWithPatch, payloadLoadWithPatch, slowPath.get(), doneLabel,
+ safeCast<int8_t>(basePayloadGPR), safeCast<int8_t>(resultTagGPR),
+ safeCast<int8_t>(resultPayloadGPR), safeCast<int8_t>(scratchGPR),
+ spillMode == NeedToSpill ? PropertyAccessRecord::RegistersInUse : PropertyAccessRecord::RegistersFlushed));
+ addSlowPathGenerator(slowPath.release());
}
void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, Edge valueUse, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget)
@@ -539,16 +565,7 @@ void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg basePayloadGPR,
JITCompiler::DataLabel32 tagStoreWithPatch = m_jit.store32WithAddressOffsetPatch(valueTagGPR, JITCompiler::Address(scratchGPR, OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
JITCompiler::DataLabel32 payloadStoreWithPatch = m_jit.store32WithAddressOffsetPatch(valuePayloadGPR, JITCompiler::Address(scratchGPR, OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
- JITCompiler::Jump done = m_jit.jump();
-
- structureCheck.m_jump.link(&m_jit);
-
- if (slowPathTarget.isSet())
- slowPathTarget.link(&m_jit);
-
- JITCompiler::Label slowCase = m_jit.label();
-
- silentSpillAllRegisters(InvalidGPRReg);
+ JITCompiler::Label doneLabel = m_jit.label();
V_DFGOperation_EJCI optimizedCall;
if (m_jit.strictModeFor(at(m_compileIndex).codeOrigin)) {
if (putKind == Direct)
@@ -561,13 +578,28 @@ void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg basePayloadGPR,
else
optimizedCall = operationPutByIdNonStrictOptimize;
}
- JITCompiler::Call functionCall = callOperation(optimizedCall, valueTagGPR, valuePayloadGPR, basePayloadGPR, identifier(identifierNumber));
- silentFillAllRegisters(InvalidGPRReg);
-
- done.link(&m_jit);
- JITCompiler::Label doneLabel = m_jit.label();
-
- m_jit.addPropertyAccess(PropertyAccessRecord(codeOrigin, structureToCompare, functionCall, structureCheck, JITCompiler::DataLabelCompact(tagStoreWithPatch.label()), JITCompiler::DataLabelCompact(payloadStoreWithPatch.label()), slowCase, doneLabel, safeCast<int8_t>(basePayloadGPR), safeCast<int8_t>(valueTagGPR), safeCast<int8_t>(valuePayloadGPR), safeCast<int8_t>(scratchGPR)));
+ OwnPtr<SlowPathGenerator> slowPath;
+ if (!slowPathTarget.isSet()) {
+ slowPath = slowPathCall(
+ structureCheck.m_jump, this, optimizedCall, NoResult, valueTagGPR, valuePayloadGPR,
+ basePayloadGPR, identifier(identifierNumber));
+ } else {
+ JITCompiler::JumpList slowCases;
+ slowCases.append(structureCheck.m_jump);
+ slowCases.append(slowPathTarget);
+ slowPath = slowPathCall(
+ slowCases, this, optimizedCall, NoResult, valueTagGPR, valuePayloadGPR,
+ basePayloadGPR, identifier(identifierNumber));
+ }
+ m_jit.addPropertyAccess(
+ PropertyAccessRecord(
+ codeOrigin, structureToCompare, structureCheck,
+ JITCompiler::DataLabelCompact(tagStoreWithPatch.label()),
+ JITCompiler::DataLabelCompact(payloadStoreWithPatch.label()),
+ slowPath.get(), doneLabel, safeCast<int8_t>(basePayloadGPR),
+ safeCast<int8_t>(valueTagGPR), safeCast<int8_t>(valuePayloadGPR),
+ safeCast<int8_t>(scratchGPR)));
+ addSlowPathGenerator(slowPath.release());
}
void SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull(Edge operand, bool invert)
@@ -608,7 +640,7 @@ void SpeculativeJIT::nonSpeculativePeepholeBranchNull(Edge operand, NodeIndex br
BlockIndex taken = branchNode.takenBlockIndex();
BlockIndex notTaken = branchNode.notTakenBlockIndex();
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
invert = !invert;
BlockIndex tmp = taken;
taken = notTaken;
@@ -677,7 +709,7 @@ void SpeculativeJIT::nonSpeculativePeepholeBranch(Node& node, NodeIndex branchNo
// The branch instruction will branch to the taken block.
// If taken is next, switch taken with notTaken & invert the branch condition so we can fall through.
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
cond = JITCompiler::invert(cond);
callResultCondition = JITCompiler::Zero;
BlockIndex tmp = taken;
@@ -738,6 +770,42 @@ void SpeculativeJIT::nonSpeculativePeepholeBranch(Node& node, NodeIndex branchNo
m_compileIndex = branchNodeIndex;
}
+template<typename JumpType>
+class CompareAndBoxBooleanSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, S_DFGOperation_EJJ, GPRReg> {
+public:
+ CompareAndBoxBooleanSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit,
+ S_DFGOperation_EJJ function, GPRReg result, GPRReg arg1Tag, GPRReg arg1Payload,
+ GPRReg arg2Tag, GPRReg arg2Payload)
+ : CallSlowPathGenerator<JumpType, S_DFGOperation_EJJ, GPRReg>(
+ from, jit, function, NeedToSpill, result)
+ , m_arg1Tag(arg1Tag)
+ , m_arg1Payload(arg1Payload)
+ , m_arg2Tag(arg2Tag)
+ , m_arg2Payload(arg2Payload)
+ {
+ }
+
+protected:
+ virtual void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(
+ jit->callOperation(
+ this->m_function, this->m_result, m_arg1Tag, m_arg1Payload, m_arg2Tag,
+ m_arg2Payload));
+ jit->m_jit.and32(JITCompiler::TrustedImm32(1), this->m_result);
+ this->tearDown(jit);
+ }
+
+private:
+ GPRReg m_arg1Tag;
+ GPRReg m_arg1Payload;
+ GPRReg m_arg2Tag;
+ GPRReg m_arg2Payload;
+};
+
void SpeculativeJIT::nonSpeculativeNonPeepholeCompare(Node& node, MacroAssembler::RelationalCondition cond, S_DFGOperation_EJJ helperFunction)
{
JSValueOperand arg1(this, node.child1());
@@ -775,17 +843,10 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeCompare(Node& node, MacroAssembler
m_jit.compare32(cond, arg1PayloadGPR, arg2PayloadGPR, resultPayloadGPR);
if (!isKnownInteger(node.child1().index()) || !isKnownInteger(node.child2().index())) {
- JITCompiler::Jump haveResult = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(resultPayloadGPR);
- callOperation(helperFunction, resultPayloadGPR, arg1TagGPR, arg1PayloadGPR, arg2TagGPR, arg2PayloadGPR);
- silentFillAllRegisters(resultPayloadGPR);
-
- m_jit.andPtr(TrustedImm32(1), resultPayloadGPR);
-
- haveResult.link(&m_jit);
+ addSlowPathGenerator(adoptPtr(
+ new CompareAndBoxBooleanSlowPathGenerator<JITCompiler::JumpList>(
+ slowPath, this, helperFunction, resultPayloadGPR, arg1TagGPR,
+ arg1PayloadGPR, arg2TagGPR, arg2PayloadGPR)));
}
booleanResult(resultPayloadGPR, m_compileIndex, UseChildrenCalledExplicitly);
@@ -800,7 +861,7 @@ void SpeculativeJIT::nonSpeculativePeepholeStrictEq(Node& node, NodeIndex branch
// The branch instruction will branch to the taken block.
// If taken is next, switch taken with notTaken & invert the branch condition so we can fall through.
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
invert = !invert;
BlockIndex tmp = taken;
taken = notTaken;
@@ -861,6 +922,7 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq(Node& node, bool invert)
if (isKnownCell(node.child1().index()) && isKnownCell(node.child2().index())) {
// see if we get lucky: if the arguments are cells and they reference the same
// cell, then they must be strictly equal.
+ // FIXME: this should flush registers instead of silent spill/fill.
JITCompiler::Jump notEqualCase = m_jit.branchPtr(JITCompiler::NotEqual, arg1PayloadGPR, arg2PayloadGPR);
m_jit.move(JITCompiler::TrustedImm32(!invert), resultPayloadGPR);
@@ -989,6 +1051,7 @@ GPRReg SpeculativeJIT::fillSpeculateIntInternal(NodeIndex nodeIndex, DataFormat&
return allocate();
}
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = at(nodeIndex);
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1007,10 +1070,10 @@ GPRReg SpeculativeJIT::fillSpeculateIntInternal(NodeIndex nodeIndex, DataFormat&
}
DataFormat spillFormat = info.spillFormat();
- ASSERT((spillFormat & DataFormatJS) || spillFormat == DataFormatInteger);
+ ASSERT_UNUSED(spillFormat, (spillFormat & DataFormatJS) || spillFormat == DataFormatInteger);
// If we know this was spilled as an integer we can fill without checking.
- if (spillFormat != DataFormatJSInteger && spillFormat != DataFormatInteger)
+ if (!isInt32Prediction(type))
speculationCheck(BadType, JSValueSource(JITCompiler::addressFor(virtualRegister)), nodeIndex, m_jit.branch32(MacroAssembler::NotEqual, JITCompiler::tagFor(virtualRegister), TrustedImm32(JSValue::Int32Tag)));
GPRReg gpr = allocate();
@@ -1028,7 +1091,7 @@ GPRReg SpeculativeJIT::fillSpeculateIntInternal(NodeIndex nodeIndex, DataFormat&
GPRReg payloadGPR = info.payloadGPR();
m_gprs.lock(tagGPR);
m_gprs.lock(payloadGPR);
- if (info.registerFormat() != DataFormatJSInteger)
+ if (!isInt32Prediction(type))
speculationCheck(BadType, JSValueRegs(tagGPR, payloadGPR), nodeIndex, m_jit.branch32(MacroAssembler::NotEqual, tagGPR, TrustedImm32(JSValue::Int32Tag)));
m_gprs.unlock(tagGPR);
m_gprs.release(tagGPR);
@@ -1084,6 +1147,7 @@ FPRReg SpeculativeJIT::fillSpeculateDouble(NodeIndex nodeIndex)
return fprAllocate();
}
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = at(nodeIndex);
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1121,7 +1185,8 @@ FPRReg SpeculativeJIT::fillSpeculateDouble(NodeIndex nodeIndex)
if (spillFormat != DataFormatJSInteger && spillFormat != DataFormatInteger) {
JITCompiler::Jump isInteger = m_jit.branch32(MacroAssembler::Equal, JITCompiler::tagFor(virtualRegister), TrustedImm32(JSValue::Int32Tag));
- speculationCheck(BadType, JSValueSource(JITCompiler::addressFor(virtualRegister)), nodeIndex, m_jit.branch32(MacroAssembler::AboveOrEqual, JITCompiler::tagFor(virtualRegister), TrustedImm32(JSValue::LowestTag)));
+ if (!isNumberPrediction(type))
+ speculationCheck(BadType, JSValueSource(JITCompiler::addressFor(virtualRegister)), nodeIndex, m_jit.branch32(MacroAssembler::AboveOrEqual, JITCompiler::tagFor(virtualRegister), TrustedImm32(JSValue::LowestTag)));
m_jit.loadDouble(JITCompiler::addressFor(virtualRegister), fpr);
hasUnboxedDouble = m_jit.jump();
@@ -1154,7 +1219,8 @@ FPRReg SpeculativeJIT::fillSpeculateDouble(NodeIndex nodeIndex)
if (info.registerFormat() != DataFormatJSInteger) {
FPRTemporary scratch(this);
JITCompiler::Jump isInteger = m_jit.branch32(MacroAssembler::Equal, tagGPR, TrustedImm32(JSValue::Int32Tag));
- speculationCheck(BadType, JSValueRegs(tagGPR, payloadGPR), nodeIndex, m_jit.branch32(MacroAssembler::AboveOrEqual, tagGPR, TrustedImm32(JSValue::LowestTag)));
+ if (!isNumberPrediction(type))
+ speculationCheck(BadType, JSValueRegs(tagGPR, payloadGPR), nodeIndex, m_jit.branch32(MacroAssembler::AboveOrEqual, tagGPR, TrustedImm32(JSValue::LowestTag)));
unboxDouble(tagGPR, payloadGPR, fpr, scratch.fpr());
hasUnboxedDouble = m_jit.jump();
isInteger.link(&m_jit);
@@ -1214,6 +1280,7 @@ GPRReg SpeculativeJIT::fillSpeculateCell(NodeIndex nodeIndex)
return allocate();
}
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = at(nodeIndex);
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1232,7 +1299,7 @@ GPRReg SpeculativeJIT::fillSpeculateCell(NodeIndex nodeIndex)
}
ASSERT((info.spillFormat() & DataFormatJS) || info.spillFormat() == DataFormatCell);
- if (info.spillFormat() != DataFormatJSCell && info.spillFormat() != DataFormatCell)
+ if (!isCellPrediction(type))
speculationCheck(BadType, JSValueSource(JITCompiler::addressFor(virtualRegister)), nodeIndex, m_jit.branch32(MacroAssembler::NotEqual, JITCompiler::tagFor(virtualRegister), TrustedImm32(JSValue::CellTag)));
GPRReg gpr = allocate();
m_jit.load32(JITCompiler::payloadFor(virtualRegister), gpr);
@@ -1253,7 +1320,7 @@ GPRReg SpeculativeJIT::fillSpeculateCell(NodeIndex nodeIndex)
GPRReg payloadGPR = info.payloadGPR();
m_gprs.lock(tagGPR);
m_gprs.lock(payloadGPR);
- if (info.spillFormat() != DataFormatJSCell)
+ if (!isCellPrediction(type))
speculationCheck(BadType, JSValueRegs(tagGPR, payloadGPR), nodeIndex, m_jit.branch32(MacroAssembler::NotEqual, tagGPR, TrustedImm32(JSValue::CellTag)));
m_gprs.unlock(tagGPR);
m_gprs.release(tagGPR);
@@ -1280,8 +1347,9 @@ GPRReg SpeculativeJIT::fillSpeculateCell(NodeIndex nodeIndex)
GPRReg SpeculativeJIT::fillSpeculateBoolean(NodeIndex nodeIndex)
{
#if DFG_ENABLE(DEBUG_VERBOSE)
- dataLog("SpecBool@%d ", nodeIndex);
+ dataLog("SpecBool@%d ", nodeIndex);
#endif
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = m_jit.graph()[nodeIndex];
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1306,7 +1374,7 @@ GPRReg SpeculativeJIT::fillSpeculateBoolean(NodeIndex nodeIndex)
ASSERT((info.spillFormat() & DataFormatJS) || info.spillFormat() == DataFormatBoolean);
- if (info.spillFormat() != DataFormatJSBoolean && info.spillFormat() != DataFormatBoolean)
+ if (!isBooleanPrediction(type))
speculationCheck(BadType, JSValueSource(JITCompiler::addressFor(virtualRegister)), nodeIndex, m_jit.branch32(MacroAssembler::NotEqual, JITCompiler::tagFor(virtualRegister), TrustedImm32(JSValue::BooleanTag)));
GPRReg gpr = allocate();
@@ -1328,7 +1396,7 @@ GPRReg SpeculativeJIT::fillSpeculateBoolean(NodeIndex nodeIndex)
GPRReg payloadGPR = info.payloadGPR();
m_gprs.lock(tagGPR);
m_gprs.lock(payloadGPR);
- if (info.registerFormat() != DataFormatJSBoolean)
+ if (!isBooleanPrediction(type))
speculationCheck(BadType, JSValueRegs(tagGPR, payloadGPR), nodeIndex, m_jit.branch32(MacroAssembler::NotEqual, tagGPR, TrustedImm32(JSValue::BooleanTag)));
m_gprs.unlock(tagGPR);
@@ -1658,17 +1726,15 @@ void SpeculativeJIT::compileLogicalNot(Node& node)
arg1.use();
- JITCompiler::Jump fastCase = m_jit.branch32(JITCompiler::Equal, arg1TagGPR, TrustedImm32(JSValue::BooleanTag));
-
- silentSpillAllRegisters(resultPayloadGPR);
- callOperation(dfgConvertJSValueToBoolean, resultPayloadGPR, arg1TagGPR, arg1PayloadGPR);
- silentFillAllRegisters(resultPayloadGPR);
- JITCompiler::Jump doNot = m_jit.jump();
-
- fastCase.link(&m_jit);
+ JITCompiler::Jump slowCase = m_jit.branch32(JITCompiler::NotEqual, arg1TagGPR, TrustedImm32(JSValue::BooleanTag));
+
m_jit.move(arg1PayloadGPR, resultPayloadGPR);
- doNot.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ slowCase, this, dfgConvertJSValueToBoolean, resultPayloadGPR, arg1TagGPR,
+ arg1PayloadGPR));
+
m_jit.xor32(TrustedImm32(1), resultPayloadGPR);
booleanResult(resultPayloadGPR, m_compileIndex, UseChildrenCalledExplicitly);
}
@@ -1709,7 +1775,7 @@ void SpeculativeJIT::emitBranch(Node& node)
SpeculateBooleanOperand value(this, node.child1());
MacroAssembler::ResultCondition condition = MacroAssembler::NonZero;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
condition = MacroAssembler::Zero;
BlockIndex tmp = taken;
taken = notTaken;
@@ -1728,7 +1794,7 @@ void SpeculativeJIT::emitBranch(Node& node)
if (at(node.child1()).shouldSpeculateInteger()) {
bool invert = false;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
invert = true;
BlockIndex tmp = taken;
taken = notTaken;
@@ -1795,12 +1861,19 @@ void SpeculativeJIT::compile(Node& node)
AbstractValue& value = block()->valuesAtHead.operand(node.local());
// If we have no prediction for this local, then don't attempt to compile.
- if (prediction == PredictNone || value.isClear()) {
+ if (prediction == PredictNone) {
terminateSpeculativeExecution(InadequateCoverage, JSValueRegs(), NoNode);
break;
}
- if (!m_jit.graph().isCaptured(node.local())) {
+ if (!node.variableAccessData()->isCaptured()) {
+ // If the CFA is tracking this variable and it found that the variable
+ // cannot have been assigned, then don't attempt to proceed.
+ if (value.isClear()) {
+ terminateSpeculativeExecution(InadequateCoverage, JSValueRegs(), NoNode);
+ break;
+ }
+
if (node.variableAccessData()->shouldUseDoubleFormat()) {
FPRTemporary result(this);
m_jit.loadDouble(JITCompiler::addressFor(node.local()), result.fpr());
@@ -1860,13 +1933,22 @@ void SpeculativeJIT::compile(Node& node)
DataFormat format;
if (isCellPrediction(value.m_type)
- && !m_jit.graph().isCaptured(node.local()))
+ && !node.variableAccessData()->isCaptured())
format = DataFormatJSCell;
else
format = DataFormatJS;
m_generationInfo[virtualRegister].initJSValue(m_compileIndex, node.refCount(), tag.gpr(), result.gpr(), format);
break;
}
+
+ case GetLocalUnlinked: {
+ GPRTemporary payload(this);
+ GPRTemporary tag(this);
+ m_jit.load32(JITCompiler::payloadFor(node.unlinkedLocal()), payload.gpr());
+ m_jit.load32(JITCompiler::tagFor(node.unlinkedLocal()), tag.gpr());
+ jsValueResult(tag.gpr(), payload.gpr(), m_compileIndex);
+ break;
+ }
case SetLocal: {
// SetLocal doubles as a hint as to where a node will be stored and
@@ -1905,7 +1987,7 @@ void SpeculativeJIT::compile(Node& node)
// OSR exit, would not be visible to the old JIT in any way.
m_codeOriginForOSR = nextNode->codeOrigin;
- if (!m_jit.graph().isCaptured(node.local())) {
+ if (!node.variableAccessData()->isCaptured()) {
if (node.variableAccessData()->shouldUseDoubleFormat()) {
SpeculateDoubleOperand value(this, node.child1());
m_jit.storeDouble(value.fpr(), JITCompiler::addressFor(node.local()));
@@ -2258,6 +2340,13 @@ void SpeculativeJIT::compile(Node& node)
jsValueResult(resultTag.gpr(), resultPayload.gpr(), m_compileIndex);
break;
}
+
+ if (at(node.child1()).shouldSpeculateArguments()) {
+ compileGetByValOnArguments(node);
+ if (!m_compileOkay)
+ return;
+ break;
+ }
if (at(node.child1()).prediction() == PredictString) {
compileGetByValOnString(node);
@@ -2369,7 +2458,9 @@ void SpeculativeJIT::compile(Node& node)
break;
}
- if (!at(node.child2()).shouldSpeculateInteger() || !isActionableMutableArrayPrediction(at(node.child1()).prediction())) {
+ if (!at(node.child2()).shouldSpeculateInteger()
+ || !isActionableMutableArrayPrediction(at(node.child1()).prediction())
+ || at(node.child1()).shouldSpeculateArguments()) {
SpeculateCellOperand base(this, node.child1()); // Save a register, speculate cell. We'll probably be right.
JSValueOperand property(this, node.child2());
JSValueOperand value(this, node.child3());
@@ -2477,15 +2568,7 @@ void SpeculativeJIT::compile(Node& node)
property.use();
value.use();
- MacroAssembler::Jump withinArrayBounds = m_jit.branch32(MacroAssembler::Below, propertyReg, MacroAssembler::Address(baseReg, JSArray::vectorLengthOffset()));
-
- // Code to handle put beyond array bounds.
- silentSpillAllRegisters(scratchReg);
- callOperation(m_jit.codeBlock()->isStrictMode() ? operationPutByValBeyondArrayBoundsStrict : operationPutByValBeyondArrayBoundsNonStrict, baseReg, propertyReg, valueTagReg, valuePayloadReg);
- silentFillAllRegisters(scratchReg);
- JITCompiler::Jump wasBeyondArrayBounds = m_jit.jump();
-
- withinArrayBounds.link(&m_jit);
+ MacroAssembler::Jump beyondArrayBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(baseReg, JSArray::vectorLengthOffset()));
// Get the array storage.
GPRReg storageReg = scratchReg;
@@ -2507,8 +2590,12 @@ void SpeculativeJIT::compile(Node& node)
// Store the value to the array.
m_jit.store32(valueTagReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
m_jit.store32(valuePayloadReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-
- wasBeyondArrayBounds.link(&m_jit);
+
+ addSlowPathGenerator(
+ slowPathCall(
+ beyondArrayBounds, this,
+ m_jit.codeBlock()->isStrictMode() ? operationPutByValBeyondArrayBoundsStrict : operationPutByValBeyondArrayBoundsNonStrict,
+ NoResult, baseReg, propertyReg, valueTagReg, valuePayloadReg));
noResult(m_compileIndex, UseChildrenCalledExplicitly);
break;
@@ -2694,15 +2781,7 @@ void SpeculativeJIT::compile(Node& node)
m_jit.add32(TrustedImm32(1), MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
m_jit.move(TrustedImm32(JSValue::Int32Tag), storageGPR);
- MacroAssembler::Jump done = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(storageGPR, storageLengthGPR);
- callOperation(operationArrayPush, storageGPR, storageLengthGPR, valueTagGPR, valuePayloadGPR, baseGPR);
- silentFillAllRegisters(storageGPR, storageLengthGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(slowPathCall(slowPath, this, operationArrayPush, JSValueRegs(storageGPR, storageLengthGPR), valueTagGPR, valuePayloadGPR, baseGPR));
jsValueResult(storageGPR, storageLengthGPR, m_compileIndex);
break;
@@ -2727,7 +2806,8 @@ void SpeculativeJIT::compile(Node& node)
m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSArray::storageOffset()), storageGPR);
m_jit.load32(MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_length)), storageLengthGPR);
- MacroAssembler::Jump emptyArrayCase = m_jit.branchTest32(MacroAssembler::Zero, storageLengthGPR);
+ JITCompiler::JumpList setUndefinedCases;
+ setUndefinedCases.append(m_jit.branchTest32(MacroAssembler::Zero, storageLengthGPR));
m_jit.sub32(TrustedImm32(1), storageLengthGPR);
@@ -2738,30 +2818,23 @@ void SpeculativeJIT::compile(Node& node)
m_jit.store32(storageLengthGPR, MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_length)));
- MacroAssembler::Jump holeCase = m_jit.branch32(MacroAssembler::Equal, TrustedImm32(JSValue::EmptyValueTag), valueTagGPR);
+ setUndefinedCases.append(m_jit.branch32(MacroAssembler::Equal, TrustedImm32(JSValue::EmptyValueTag), valueTagGPR));
m_jit.store32(TrustedImm32(JSValue::EmptyValueTag), MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
m_jit.sub32(TrustedImm32(1), MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
- MacroAssembler::JumpList done;
-
- done.append(m_jit.jump());
-
- holeCase.link(&m_jit);
- emptyArrayCase.link(&m_jit);
- m_jit.move(MacroAssembler::TrustedImm32(jsUndefined().tag()), valueTagGPR);
- m_jit.move(MacroAssembler::TrustedImm32(jsUndefined().payload()), valuePayloadGPR);
- done.append(m_jit.jump());
-
- slowCase.link(&m_jit);
-
- silentSpillAllRegisters(valueTagGPR, valuePayloadGPR);
- callOperation(operationArrayPop, valueTagGPR, valuePayloadGPR, baseGPR);
- silentFillAllRegisters(valueTagGPR, valuePayloadGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathMove(
+ setUndefinedCases, this,
+ MacroAssembler::TrustedImm32(jsUndefined().tag()), valueTagGPR,
+ MacroAssembler::TrustedImm32(jsUndefined().payload()), valuePayloadGPR));
+ addSlowPathGenerator(
+ slowPathCall(
+ slowCase, this, operationArrayPop,
+ JSValueRegs(valueTagGPR, valuePayloadGPR), baseGPR));
+
jsValueResult(valueTagGPR, valuePayloadGPR, m_compileIndex);
break;
}
@@ -2782,7 +2855,7 @@ void SpeculativeJIT::compile(Node& node)
MacroAssembler::ResultCondition condition = MacroAssembler::NonZero;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
condition = MacroAssembler::Zero;
BlockIndex tmp = taken;
taken = notTaken;
@@ -2877,22 +2950,17 @@ void SpeculativeJIT::compile(Node& node)
m_jit.move(op1TagGPR, resultTagGPR);
m_jit.move(op1PayloadGPR, resultPayloadGPR);
} else {
- MacroAssembler::JumpList alreadyPrimitive;
-
- alreadyPrimitive.append(m_jit.branch32(MacroAssembler::NotEqual, op1TagGPR, TrustedImm32(JSValue::CellTag)));
- alreadyPrimitive.append(m_jit.branchPtr(MacroAssembler::Equal, MacroAssembler::Address(op1PayloadGPR, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSString::s_info)));
-
- silentSpillAllRegisters(resultTagGPR, resultPayloadGPR);
- callOperation(operationToPrimitive, resultTagGPR, resultPayloadGPR, op1TagGPR, op1PayloadGPR);
- silentFillAllRegisters(resultTagGPR, resultPayloadGPR);
-
- MacroAssembler::Jump done = m_jit.jump();
+ MacroAssembler::Jump alreadyPrimitive = m_jit.branch32(MacroAssembler::NotEqual, op1TagGPR, TrustedImm32(JSValue::CellTag));
+ MacroAssembler::Jump notPrimitive = m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(op1PayloadGPR, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSString::s_info));
alreadyPrimitive.link(&m_jit);
m_jit.move(op1TagGPR, resultTagGPR);
m_jit.move(op1PayloadGPR, resultPayloadGPR);
- done.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ notPrimitive, this, operationToPrimitive,
+ JSValueRegs(resultTagGPR, resultPayloadGPR), op1TagGPR, op1PayloadGPR));
}
jsValueResult(resultTagGPR, resultPayloadGPR, m_compileIndex, UseChildrenCalledExplicitly);
@@ -2917,8 +2985,10 @@ void SpeculativeJIT::compile(Node& node)
// probably has the best balance of performance and sensibility in the sense
// that it does not increase the complexity of the DFG JIT just to make StrCat
// fast and pretty.
-
- EncodedJSValue* buffer = static_cast<EncodedJSValue*>(m_jit.globalData()->scratchBufferForSize(sizeof(EncodedJSValue) * node.numChildren()));
+
+ size_t scratchSize = sizeof(EncodedJSValue) * node.numChildren();
+ ScratchBuffer* scratchBuffer = m_jit.globalData()->scratchBufferForSize(scratchSize);
+ EncodedJSValue* buffer = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
for (unsigned operandIdx = 0; operandIdx < node.numChildren(); ++operandIdx) {
JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
@@ -2931,11 +3001,26 @@ void SpeculativeJIT::compile(Node& node)
}
flushRegisters();
-
+
+ if (scratchSize) {
+ GPRTemporary scratch(this);
+
+ // Tell GC mark phase how much of the scratch buffer is active during call.
+ m_jit.move(TrustedImmPtr(scratchBuffer->activeLengthPtr()), scratch.gpr());
+ m_jit.storePtr(TrustedImmPtr(scratchSize), scratch.gpr());
+ }
+
GPRResult resultPayload(this);
GPRResult2 resultTag(this);
- callOperation(op == StrCat ? operationStrCat : operationNewArray, resultTag.gpr(), resultPayload.gpr(), buffer, node.numChildren());
+ callOperation(op == StrCat ? operationStrCat : operationNewArray, resultTag.gpr(), resultPayload.gpr(), static_cast<void *>(buffer), node.numChildren());
+
+ if (scratchSize) {
+ GPRTemporary scratch(this);
+
+ m_jit.move(TrustedImmPtr(scratchBuffer->activeLengthPtr()), scratch.gpr());
+ m_jit.storePtr(TrustedImmPtr(0), scratch.gpr());
+ }
// FIXME: make the callOperation above explicitly return a cell result, or jitAssert the tag is a cell tag.
cellResult(resultPayload.gpr(), m_compileIndex, UseChildrenCalledExplicitly);
@@ -3044,15 +3129,7 @@ void SpeculativeJIT::compile(Node& node)
emitAllocateJSFinalObject(scratchGPR, resultGPR, scratchGPR, slowPath);
- MacroAssembler::Jump done = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationCreateThis, resultGPR, calleeGPR);
- silentFillAllRegisters(resultGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR));
cellResult(resultGPR, m_compileIndex);
break;
@@ -3069,15 +3146,7 @@ void SpeculativeJIT::compile(Node& node)
emitAllocateJSFinalObject(MacroAssembler::TrustedImmPtr(m_jit.globalObjectFor(node.codeOrigin)->emptyObjectStructure()), resultGPR, scratchGPR, slowPath);
- MacroAssembler::Jump done = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationNewObject, resultGPR);
- silentFillAllRegisters(resultGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(slowPathCall(slowPath, this, operationNewObject, resultGPR));
cellResult(resultGPR, m_compileIndex);
break;
@@ -3261,6 +3330,11 @@ void SpeculativeJIT::compile(Node& node)
integerResult(resultGPR, m_compileIndex);
break;
}
+
+ case GetArgumentsLength: {
+ compileGetArgumentsLength(node);
+ break;
+ }
case GetStringLength: {
SpeculateCellOperand base(this, node.child1());
@@ -3323,7 +3397,9 @@ void SpeculativeJIT::compile(Node& node)
}
case CheckStructure: {
- if (m_state.forNode(node.child1()).m_structure.isSubsetOf(node.structureSet())) {
+ AbstractValue& value = m_state.forNode(node.child1());
+ if (value.m_structure.isSubsetOf(node.structureSet())
+ && isCellPrediction(value.m_type)) {
noResult(m_compileIndex);
break;
}
@@ -3411,9 +3487,9 @@ void SpeculativeJIT::compile(Node& node)
case PutByOffset: {
#if ENABLE(GGC) || ENABLE(WRITE_BARRIER_PROFILING)
- SpeculateCellOperand base(this, node.child1());
+ SpeculateCellOperand base(this, node.child2());
#endif
- StorageOperand storage(this, node.child2());
+ StorageOperand storage(this, node.child1());
JSValueOperand value(this, node.child3());
GPRReg storageGPR = storage.gpr();
@@ -3671,14 +3747,11 @@ void SpeculativeJIT::compile(Node& node)
m_jit.load32(JITCompiler::BaseIndex(resultPayloadGPR, resolveInfoGPR, JITCompiler::TimesEight, OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), resultTagGPR);
m_jit.load32(JITCompiler::BaseIndex(resultPayloadGPR, resolveInfoGPR, JITCompiler::TimesEight, OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), resultPayloadGPR);
- JITCompiler::Jump wasFast = m_jit.jump();
-
- structuresNotMatch.link(&m_jit);
- silentSpillAllRegisters(resultTagGPR, resultPayloadGPR);
- callOperation(operationResolveGlobal, resultTagGPR, resultPayloadGPR, resolveInfoGPR, &m_jit.codeBlock()->identifier(data.identifierNumber));
- silentFillAllRegisters(resultTagGPR, resultPayloadGPR);
-
- wasFast.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ structuresNotMatch, this, operationResolveGlobal,
+ JSValueRegs(resultTagGPR, resultPayloadGPR), resolveInfoGPR,
+ &m_jit.codeBlock()->identifier(data.identifierNumber)));
jsValueResult(resultTagGPR, resultPayloadGPR, m_compileIndex);
break;
@@ -3694,36 +3767,260 @@ void SpeculativeJIT::compile(Node& node)
m_jit.move(valuePayloadGPR, resultGPR);
- JITCompiler::Jump alreadyCreated = m_jit.branch32(JITCompiler::NotEqual, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationCreateActivation, resultGPR);
- silentFillAllRegisters(resultGPR);
+ JITCompiler::Jump notCreated = m_jit.branch32(JITCompiler::Equal, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
- alreadyCreated.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(notCreated, this, operationCreateActivation, resultGPR));
cellResult(resultGPR, m_compileIndex);
break;
}
- case TearOffActivation: {
+ case CreateArguments: {
JSValueOperand value(this, node.child1());
+ GPRTemporary result(this, value, false);
GPRReg valueTagGPR = value.tagGPR();
GPRReg valuePayloadGPR = value.payloadGPR();
+ GPRReg resultGPR = result.gpr();
+
+ m_jit.move(valuePayloadGPR, resultGPR);
JITCompiler::Jump notCreated = m_jit.branch32(JITCompiler::Equal, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
- silentSpillAllRegisters(InvalidGPRReg);
- callOperation(operationTearOffActivation, valuePayloadGPR);
- silentFillAllRegisters(InvalidGPRReg);
+ if (node.codeOrigin.inlineCallFrame) {
+ addSlowPathGenerator(
+ slowPathCall(
+ notCreated, this, operationCreateInlinedArguments, resultGPR,
+ node.codeOrigin.inlineCallFrame));
+ } else {
+ addSlowPathGenerator(
+ slowPathCall(notCreated, this, operationCreateArguments, resultGPR));
+ }
- notCreated.link(&m_jit);
+ cellResult(resultGPR, m_compileIndex);
+ break;
+ }
+
+ case TearOffActivation: {
+ JSValueOperand activationValue(this, node.child1());
+ JSValueOperand argumentsValue(this, node.child2());
+
+ GPRReg activationValueTagGPR = activationValue.tagGPR();
+ GPRReg activationValuePayloadGPR = activationValue.payloadGPR();
+ GPRReg argumentsValueTagGPR = argumentsValue.tagGPR();
+
+ JITCompiler::JumpList created;
+ created.append(m_jit.branch32(JITCompiler::NotEqual, activationValueTagGPR, TrustedImm32(JSValue::EmptyValueTag)));
+ created.append(m_jit.branch32(JITCompiler::NotEqual, argumentsValueTagGPR, TrustedImm32(JSValue::EmptyValueTag)));
+
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationTearOffActivation, NoResult, activationValuePayloadGPR,
+ static_cast<int32_t>(node.unmodifiedArgumentsRegister())));
+
+ noResult(m_compileIndex);
+ break;
+ }
+
+ case TearOffArguments: {
+ JSValueOperand argumentsValue(this, node.child1());
+ GPRReg argumentsValueTagGPR = argumentsValue.tagGPR();
+ GPRReg argumentsValuePayloadGPR = argumentsValue.payloadGPR();
+
+ JITCompiler::Jump created = m_jit.branch32(
+ JITCompiler::NotEqual, argumentsValueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
+
+ if (node.codeOrigin.inlineCallFrame) {
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationTearOffInlinedArguments, NoResult,
+ argumentsValuePayloadGPR, node.codeOrigin.inlineCallFrame));
+ } else {
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationTearOffArguments, NoResult,
+ argumentsValuePayloadGPR));
+ }
noResult(m_compileIndex);
break;
}
+ case CheckArgumentsNotCreated: {
+ speculationCheck(
+ Uncountable, JSValueRegs(), NoNode,
+ m_jit.branch32(
+ JITCompiler::NotEqual,
+ JITCompiler::tagFor(m_jit.argumentsRegisterFor(node.codeOrigin)),
+ TrustedImm32(JSValue::EmptyValueTag)));
+ noResult(m_compileIndex);
+ break;
+ }
+
+ case GetMyArgumentsLength: {
+ GPRTemporary result(this);
+ GPRReg resultGPR = result.gpr();
+
+ speculationCheck(
+ ArgumentsEscaped, JSValueRegs(), NoNode,
+ m_jit.branch32(
+ JITCompiler::NotEqual,
+ JITCompiler::tagFor(m_jit.argumentsRegisterFor(node.codeOrigin)),
+ TrustedImm32(JSValue::EmptyValueTag)));
+
+ ASSERT(!node.codeOrigin.inlineCallFrame);
+ m_jit.load32(JITCompiler::payloadFor(RegisterFile::ArgumentCount), resultGPR);
+ m_jit.sub32(TrustedImm32(1), resultGPR);
+ integerResult(resultGPR, m_compileIndex);
+ break;
+ }
+
+ case GetMyArgumentsLengthSafe: {
+ GPRTemporary resultPayload(this);
+ GPRTemporary resultTag(this);
+ GPRReg resultPayloadGPR = resultPayload.gpr();
+ GPRReg resultTagGPR = resultTag.gpr();
+
+ JITCompiler::Jump created = m_jit.branch32(
+ JITCompiler::NotEqual,
+ JITCompiler::tagFor(m_jit.argumentsRegisterFor(node.codeOrigin)),
+ TrustedImm32(JSValue::EmptyValueTag));
+
+ if (node.codeOrigin.inlineCallFrame) {
+ m_jit.move(
+ Imm32(node.codeOrigin.inlineCallFrame->arguments.size() - 1),
+ resultPayloadGPR);
+ } else {
+ m_jit.load32(JITCompiler::payloadFor(RegisterFile::ArgumentCount), resultPayloadGPR);
+ m_jit.sub32(TrustedImm32(1), resultPayloadGPR);
+ }
+ m_jit.move(TrustedImm32(JSValue::Int32Tag), resultTagGPR);
+
+ // FIXME: the slow path generator should perform a forward speculation that the
+ // result is an integer. For now we postpone the speculation by having this return
+ // a JSValue.
+
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationGetArgumentsLength,
+ JSValueRegs(resultTagGPR, resultPayloadGPR),
+ m_jit.argumentsRegisterFor(node.codeOrigin)));
+
+ jsValueResult(resultTagGPR, resultPayloadGPR, m_compileIndex);
+ break;
+ }
+
+ case GetMyArgumentByVal: {
+ SpeculateStrictInt32Operand index(this, node.child1());
+ GPRTemporary resultPayload(this);
+ GPRTemporary resultTag(this);
+ GPRReg indexGPR = index.gpr();
+ GPRReg resultPayloadGPR = resultPayload.gpr();
+ GPRReg resultTagGPR = resultTag.gpr();
+
+ speculationCheck(
+ ArgumentsEscaped, JSValueRegs(), NoNode,
+ m_jit.branch32(
+ JITCompiler::NotEqual,
+ JITCompiler::tagFor(m_jit.argumentsRegisterFor(node.codeOrigin)),
+ TrustedImm32(JSValue::EmptyValueTag)));
+
+ m_jit.add32(TrustedImm32(1), indexGPR, resultPayloadGPR);
+
+ if (node.codeOrigin.inlineCallFrame) {
+ speculationCheck(
+ Uncountable, JSValueRegs(), NoNode,
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultPayloadGPR,
+ Imm32(node.codeOrigin.inlineCallFrame->arguments.size())));
+ } else {
+ speculationCheck(
+ Uncountable, JSValueRegs(), NoNode,
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultPayloadGPR,
+ JITCompiler::payloadFor(RegisterFile::ArgumentCount)));
+ }
+
+ m_jit.neg32(resultPayloadGPR);
+
+ size_t baseOffset =
+ ((node.codeOrigin.inlineCallFrame
+ ? node.codeOrigin.inlineCallFrame->stackOffset
+ : 0) + CallFrame::argumentOffsetIncludingThis(0)) * sizeof(Register);
+ m_jit.load32(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
+ baseOffset + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)),
+ resultTagGPR);
+ m_jit.load32(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
+ baseOffset + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)),
+ resultPayloadGPR);
+
+ jsValueResult(resultTagGPR, resultPayloadGPR, m_compileIndex);
+ break;
+ }
+ case GetMyArgumentByValSafe: {
+ SpeculateStrictInt32Operand index(this, node.child1());
+ GPRTemporary resultPayload(this);
+ GPRTemporary resultTag(this);
+ GPRReg indexGPR = index.gpr();
+ GPRReg resultPayloadGPR = resultPayload.gpr();
+ GPRReg resultTagGPR = resultTag.gpr();
+
+ JITCompiler::JumpList slowPath;
+ slowPath.append(
+ m_jit.branch32(
+ JITCompiler::NotEqual,
+ JITCompiler::tagFor(m_jit.argumentsRegisterFor(node.codeOrigin)),
+ TrustedImm32(JSValue::EmptyValueTag)));
+
+ m_jit.add32(TrustedImm32(1), indexGPR, resultPayloadGPR);
+ if (node.codeOrigin.inlineCallFrame) {
+ slowPath.append(
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultPayloadGPR,
+ Imm32(node.codeOrigin.inlineCallFrame->arguments.size())));
+ } else {
+ slowPath.append(
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultPayloadGPR,
+ JITCompiler::payloadFor(RegisterFile::ArgumentCount)));
+ }
+
+ m_jit.neg32(resultPayloadGPR);
+
+ size_t baseOffset =
+ ((node.codeOrigin.inlineCallFrame
+ ? node.codeOrigin.inlineCallFrame->stackOffset
+ : 0) + CallFrame::argumentOffsetIncludingThis(0)) * sizeof(Register);
+ m_jit.load32(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
+ baseOffset + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)),
+ resultTagGPR);
+ m_jit.load32(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, resultPayloadGPR, JITCompiler::TimesEight,
+ baseOffset + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)),
+ resultPayloadGPR);
+
+ addSlowPathGenerator(
+ slowPathCall(
+ slowPath, this, operationGetArgumentByVal,
+ JSValueRegs(resultTagGPR, resultPayloadGPR),
+ m_jit.argumentsRegisterFor(node.codeOrigin), indexGPR));
+
+ jsValueResult(resultTagGPR, resultPayloadGPR, m_compileIndex);
+ break;
+ }
+
case NewFunctionNoCheck:
compileNewFunctionNoCheck(node);
break;
@@ -3738,14 +4035,12 @@ void SpeculativeJIT::compile(Node& node)
m_jit.move(valuePayloadGPR, resultGPR);
- JITCompiler::Jump alreadyCreated = m_jit.branch32(JITCompiler::NotEqual, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
-
- silentSpillAllRegisters(resultGPR);
- callOperation(
- operationNewFunction, resultGPR, m_jit.codeBlock()->functionDecl(node.functionDeclIndex()));
- silentFillAllRegisters(resultGPR);
+ JITCompiler::Jump notCreated = m_jit.branch32(JITCompiler::Equal, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
- alreadyCreated.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ notCreated, this, operationNewFunction, resultGPR,
+ m_jit.codeBlock()->functionDecl(node.functionDeclIndex())));
cellResult(resultGPR, m_compileIndex);
break;
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
index 08e7d966d..543e2b913 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
@@ -28,6 +28,9 @@
#if ENABLE(DFG_JIT)
+#include "Arguments.h"
+#include "DFGSlowPathGenerator.h"
+
namespace JSC { namespace DFG {
#if USE(JSVALUE64)
@@ -356,6 +359,31 @@ GPRReg SpeculativeJIT::fillJSValue(NodeIndex nodeIndex)
return InvalidGPRReg;
}
+class ValueToNumberSlowPathGenerator
+ : public CallSlowPathGenerator<MacroAssembler::Jump, D_DFGOperation_EJ, GPRReg> {
+public:
+ ValueToNumberSlowPathGenerator(
+ MacroAssembler::Jump from, SpeculativeJIT* jit,
+ GPRReg resultGPR, GPRReg jsValueGPR)
+ : CallSlowPathGenerator<MacroAssembler::Jump, D_DFGOperation_EJ, GPRReg>(
+ from, jit, dfgConvertJSValueToNumber, NeedToSpill, resultGPR)
+ , m_jsValueGPR(jsValueGPR)
+ {
+ }
+
+protected:
+ virtual void generateInternal(SpeculativeJIT* jit)
+ {
+ setUp(jit);
+ recordCall(jit->callOperation(dfgConvertJSValueToNumber, FPRInfo::returnValueFPR, m_jsValueGPR));
+ jit->boxDouble(FPRInfo::returnValueFPR, m_result);
+ tearDown(jit);
+ }
+
+private:
+ GPRReg m_jsValueGPR;
+};
+
void SpeculativeJIT::nonSpeculativeValueToNumber(Node& node)
{
if (isKnownNumeric(node.child1().index())) {
@@ -383,19 +411,12 @@ void SpeculativeJIT::nonSpeculativeValueToNumber(Node& node)
m_jit.move(jsValueGpr, gpr);
JITCompiler::Jump hasUnboxedDouble = m_jit.jump();
- // Next handle cells (& other JS immediates)
- nonNumeric.link(&m_jit);
- silentSpillAllRegisters(gpr);
- callOperation(dfgConvertJSValueToNumber, FPRInfo::returnValueFPR, jsValueGpr);
- boxDouble(FPRInfo::returnValueFPR, gpr);
- silentFillAllRegisters(gpr);
- JITCompiler::Jump hasCalledToNumber = m_jit.jump();
-
// Finally, handle integers.
isInteger.link(&m_jit);
m_jit.orPtr(GPRInfo::tagTypeNumberRegister, jsValueGpr, gpr);
hasUnboxedDouble.link(&m_jit);
- hasCalledToNumber.link(&m_jit);
+
+ addSlowPathGenerator(adoptPtr(new ValueToNumberSlowPathGenerator(nonNumeric, this, gpr, jsValueGpr)));
jsValueResult(result.gpr(), m_compileIndex, UseChildrenCalledExplicitly);
}
@@ -419,13 +440,11 @@ void SpeculativeJIT::nonSpeculativeValueToInt32(Node& node)
FPRReg fpr = op1.fpr();
GPRReg gpr = result.gpr();
op1.use();
- JITCompiler::Jump truncatedToInteger = m_jit.branchTruncateDoubleToInt32(fpr, gpr, JITCompiler::BranchIfTruncateSuccessful);
+ JITCompiler::Jump notTruncatedToInteger = m_jit.branchTruncateDoubleToInt32(fpr, gpr, JITCompiler::BranchIfTruncateFailed);
- silentSpillAllRegisters(gpr);
- callOperation(toInt32, gpr, fpr);
- silentFillAllRegisters(gpr);
-
- truncatedToInteger.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(notTruncatedToInteger, this, toInt32, gpr, fpr));
+
integerResult(gpr, m_compileIndex, UseChildrenCalledExplicitly);
return;
}
@@ -436,18 +455,13 @@ void SpeculativeJIT::nonSpeculativeValueToInt32(Node& node)
GPRReg resultGPR = result.gpr();
op1.use();
- JITCompiler::Jump isInteger = m_jit.branchPtr(MacroAssembler::AboveOrEqual, jsValueGpr, GPRInfo::tagTypeNumberRegister);
-
- // First handle non-integers
- silentSpillAllRegisters(resultGPR);
- callOperation(dfgConvertJSValueToInt32, resultGPR, jsValueGpr);
- silentFillAllRegisters(resultGPR);
- JITCompiler::Jump hasCalledToInt32 = m_jit.jump();
+ JITCompiler::Jump isNotInteger = m_jit.branchPtr(MacroAssembler::Below, jsValueGpr, GPRInfo::tagTypeNumberRegister);
- // Then handle integers.
- isInteger.link(&m_jit);
m_jit.zeroExtend32ToPtr(jsValueGpr, resultGPR);
- hasCalledToInt32.link(&m_jit);
+
+ addSlowPathGenerator(
+ slowPathCall(isNotInteger, this, dfgConvertJSValueToInt32, resultGPR, jsValueGpr));
+
integerResult(resultGPR, m_compileIndex, UseChildrenCalledExplicitly);
}
@@ -475,7 +489,7 @@ void SpeculativeJIT::nonSpeculativeUInt32ToNumber(Node& node)
jsValueResult(result.gpr(), m_compileIndex);
}
-JITCompiler::Call SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg resultGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
+void SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg resultGPR, GPRReg scratchGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
{
JITCompiler::DataLabelPtr structureToCompare;
JITCompiler::PatchableJump structureCheck = m_jit.patchableBranchPtrWithPatch(JITCompiler::NotEqual, JITCompiler::Address(baseGPR, JSCell::structureOffset()), structureToCompare, JITCompiler::TrustedImmPtr(reinterpret_cast<void*>(-1)));
@@ -483,31 +497,32 @@ JITCompiler::Call SpeculativeJIT::cachedGetById(CodeOrigin codeOrigin, GPRReg ba
m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::offsetOfPropertyStorage()), resultGPR);
JITCompiler::DataLabelCompact loadWithPatch = m_jit.loadPtrWithCompactAddressOffsetPatch(JITCompiler::Address(resultGPR, 0), resultGPR);
- JITCompiler::Jump done = m_jit.jump();
+ JITCompiler::Label doneLabel = m_jit.label();
- structureCheck.m_jump.link(&m_jit);
-
- if (slowPathTarget.isSet())
- slowPathTarget.link(&m_jit);
-
- JITCompiler::Label slowCase = m_jit.label();
+ OwnPtr<SlowPathGenerator> slowPath;
+ if (!slowPathTarget.isSet()) {
+ slowPath = slowPathCall(
+ structureCheck.m_jump, this, operationGetByIdOptimize, resultGPR, baseGPR,
+ identifier(identifierNumber), spillMode);
+ } else {
+ JITCompiler::JumpList slowCases;
+ slowCases.append(structureCheck.m_jump);
+ slowCases.append(slowPathTarget);
+ slowPath = slowPathCall(
+ slowCases, this, operationGetByIdOptimize, resultGPR, baseGPR,
+ identifier(identifierNumber), spillMode);
+ }
+ m_jit.addPropertyAccess(
+ PropertyAccessRecord(
+ codeOrigin, structureToCompare, structureCheck, loadWithPatch, slowPath.get(),
+ doneLabel, safeCast<int8_t>(baseGPR), safeCast<int8_t>(resultGPR),
+ safeCast<int8_t>(scratchGPR),
+ spillMode == NeedToSpill ? PropertyAccessRecord::RegistersInUse : PropertyAccessRecord::RegistersFlushed));
+ addSlowPathGenerator(slowPath.release());
- if (spillMode == NeedToSpill)
- silentSpillAllRegisters(resultGPR);
- JITCompiler::Call functionCall = callOperation(operationGetByIdOptimize, resultGPR, baseGPR, identifier(identifierNumber));
- if (spillMode == NeedToSpill)
- silentFillAllRegisters(resultGPR);
-
- done.link(&m_jit);
-
- JITCompiler::Label doneLabel = m_jit.label();
- m_jit.addPropertyAccess(PropertyAccessRecord(codeOrigin, structureToCompare, functionCall, structureCheck, loadWithPatch, slowCase, doneLabel, safeCast<int8_t>(baseGPR), safeCast<int8_t>(resultGPR), safeCast<int8_t>(scratchGPR), spillMode == NeedToSpill ? PropertyAccessRecord::RegistersInUse : PropertyAccessRecord::RegistersFlushed));
-
if (scratchGPR != resultGPR && scratchGPR != InvalidGPRReg && spillMode == NeedToSpill)
unlock(scratchGPR);
-
- return functionCall;
}
void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg valueGPR, Edge valueUse, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget)
@@ -521,16 +536,8 @@ void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg
m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::offsetOfPropertyStorage()), scratchGPR);
JITCompiler::DataLabel32 storeWithPatch = m_jit.storePtrWithAddressOffsetPatch(valueGPR, JITCompiler::Address(scratchGPR, 0));
- JITCompiler::Jump done = m_jit.jump();
-
- structureCheck.m_jump.link(&m_jit);
-
- if (slowPathTarget.isSet())
- slowPathTarget.link(&m_jit);
-
- JITCompiler::Label slowCase = m_jit.label();
-
- silentSpillAllRegisters(InvalidGPRReg);
+ JITCompiler::Label doneLabel = m_jit.label();
+
V_DFGOperation_EJCI optimizedCall;
if (m_jit.strictModeFor(at(m_compileIndex).codeOrigin)) {
if (putKind == Direct)
@@ -543,13 +550,21 @@ void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg
else
optimizedCall = operationPutByIdNonStrictOptimize;
}
- JITCompiler::Call functionCall = callOperation(optimizedCall, valueGPR, baseGPR, identifier(identifierNumber));
- silentFillAllRegisters(InvalidGPRReg);
-
- done.link(&m_jit);
- JITCompiler::Label doneLabel = m_jit.label();
-
- m_jit.addPropertyAccess(PropertyAccessRecord(codeOrigin, structureToCompare, functionCall, structureCheck, JITCompiler::DataLabelCompact(storeWithPatch.label()), slowCase, doneLabel, safeCast<int8_t>(baseGPR), safeCast<int8_t>(valueGPR), safeCast<int8_t>(scratchGPR)));
+ OwnPtr<SlowPathGenerator> slowPath;
+ if (!slowPathTarget.isSet()) {
+ slowPath = slowPathCall(
+ structureCheck.m_jump, this, optimizedCall, NoResult, valueGPR, baseGPR,
+ identifier(identifierNumber));
+ } else {
+ JITCompiler::JumpList slowCases;
+ slowCases.append(structureCheck.m_jump);
+ slowCases.append(slowPathTarget);
+ slowPath = slowPathCall(
+ slowCases, this, optimizedCall, NoResult, valueGPR, baseGPR,
+ identifier(identifierNumber));
+ }
+ m_jit.addPropertyAccess(PropertyAccessRecord(codeOrigin, structureToCompare, structureCheck, JITCompiler::DataLabelCompact(storeWithPatch.label()), slowPath.get(), doneLabel, safeCast<int8_t>(baseGPR), safeCast<int8_t>(valueGPR), safeCast<int8_t>(scratchGPR)));
+ addSlowPathGenerator(slowPath.release());
}
void SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull(Edge operand, bool invert)
@@ -590,7 +605,7 @@ void SpeculativeJIT::nonSpeculativePeepholeBranchNull(Edge operand, NodeIndex br
BlockIndex taken = branchNode.takenBlockIndex();
BlockIndex notTaken = branchNode.notTakenBlockIndex();
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
invert = !invert;
BlockIndex tmp = taken;
taken = notTaken;
@@ -657,7 +672,7 @@ void SpeculativeJIT::nonSpeculativePeepholeBranch(Node& node, NodeIndex branchNo
// The branch instruction will branch to the taken block.
// If taken is next, switch taken with notTaken & invert the branch condition so we can fall through.
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
cond = JITCompiler::invert(cond);
callResultCondition = JITCompiler::Zero;
BlockIndex tmp = taken;
@@ -716,6 +731,35 @@ void SpeculativeJIT::nonSpeculativePeepholeBranch(Node& node, NodeIndex branchNo
m_compileIndex = branchNodeIndex;
}
+template<typename JumpType>
+class CompareAndBoxBooleanSlowPathGenerator
+ : public CallSlowPathGenerator<JumpType, S_DFGOperation_EJJ, GPRReg> {
+public:
+ CompareAndBoxBooleanSlowPathGenerator(
+ JumpType from, SpeculativeJIT* jit,
+ S_DFGOperation_EJJ function, GPRReg result, GPRReg arg1, GPRReg arg2)
+ : CallSlowPathGenerator<JumpType, S_DFGOperation_EJJ, GPRReg>(
+ from, jit, function, NeedToSpill, result)
+ , m_arg1(arg1)
+ , m_arg2(arg2)
+ {
+ }
+
+protected:
+ virtual void generateInternal(SpeculativeJIT* jit)
+ {
+ this->setUp(jit);
+ this->recordCall(jit->callOperation(this->m_function, this->m_result, m_arg1, m_arg2));
+ jit->m_jit.and32(JITCompiler::TrustedImm32(1), this->m_result);
+ jit->m_jit.or32(JITCompiler::TrustedImm32(ValueFalse), this->m_result);
+ this->tearDown(jit);
+ }
+
+private:
+ GPRReg m_arg1;
+ GPRReg m_arg2;
+};
+
void SpeculativeJIT::nonSpeculativeNonPeepholeCompare(Node& node, MacroAssembler::RelationalCondition cond, S_DFGOperation_EJJ helperFunction)
{
JSValueOperand arg1(this, node.child1());
@@ -750,23 +794,14 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeCompare(Node& node, MacroAssembler
slowPath.append(m_jit.branchPtr(MacroAssembler::Below, arg2GPR, GPRInfo::tagTypeNumberRegister));
m_jit.compare32(cond, arg1GPR, arg2GPR, resultGPR);
-
- if (!isKnownInteger(node.child1().index()) || !isKnownInteger(node.child2().index())) {
- JITCompiler::Jump haveResult = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(resultGPR);
- callOperation(helperFunction, resultGPR, arg1GPR, arg2GPR);
- silentFillAllRegisters(resultGPR);
-
- m_jit.andPtr(TrustedImm32(1), resultGPR);
-
- haveResult.link(&m_jit);
- }
-
m_jit.or32(TrustedImm32(ValueFalse), resultGPR);
+ if (!isKnownInteger(node.child1().index()) || !isKnownInteger(node.child2().index())) {
+ addSlowPathGenerator(adoptPtr(
+ new CompareAndBoxBooleanSlowPathGenerator<JITCompiler::JumpList>(
+ slowPath, this, helperFunction, resultGPR, arg1GPR, arg2GPR)));
+ }
+
jsValueResult(resultGPR, m_compileIndex, DataFormatJSBoolean, UseChildrenCalledExplicitly);
}
}
@@ -779,7 +814,7 @@ void SpeculativeJIT::nonSpeculativePeepholeStrictEq(Node& node, NodeIndex branch
// The branch instruction will branch to the taken block.
// If taken is next, switch taken with notTaken & invert the branch condition so we can fall through.
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
invert = !invert;
BlockIndex tmp = taken;
taken = notTaken;
@@ -854,6 +889,7 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq(Node& node, bool invert)
if (isKnownCell(node.child1().index()) && isKnownCell(node.child2().index())) {
// see if we get lucky: if the arguments are cells and they reference the same
// cell, then they must be strictly equal.
+ // FIXME: this should flush registers instead of silent spill/fill.
JITCompiler::Jump notEqualCase = m_jit.branchPtr(JITCompiler::NotEqual, arg1GPR, arg2GPR);
m_jit.move(JITCompiler::TrustedImmPtr(JSValue::encode(jsBoolean(!invert))), resultGPR);
@@ -873,41 +909,34 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq(Node& node, bool invert)
} else {
m_jit.orPtr(arg1GPR, arg2GPR, resultGPR);
+ JITCompiler::JumpList slowPathCases;
+
JITCompiler::Jump twoCellsCase = m_jit.branchTestPtr(JITCompiler::Zero, resultGPR, GPRInfo::tagMaskRegister);
JITCompiler::Jump leftOK = m_jit.branchPtr(JITCompiler::AboveOrEqual, arg1GPR, GPRInfo::tagTypeNumberRegister);
- JITCompiler::Jump leftDouble = m_jit.branchTestPtr(JITCompiler::NonZero, arg1GPR, GPRInfo::tagTypeNumberRegister);
+ slowPathCases.append(m_jit.branchTestPtr(JITCompiler::NonZero, arg1GPR, GPRInfo::tagTypeNumberRegister));
leftOK.link(&m_jit);
JITCompiler::Jump rightOK = m_jit.branchPtr(JITCompiler::AboveOrEqual, arg2GPR, GPRInfo::tagTypeNumberRegister);
- JITCompiler::Jump rightDouble = m_jit.branchTestPtr(JITCompiler::NonZero, arg2GPR, GPRInfo::tagTypeNumberRegister);
+ slowPathCases.append(m_jit.branchTestPtr(JITCompiler::NonZero, arg2GPR, GPRInfo::tagTypeNumberRegister));
rightOK.link(&m_jit);
m_jit.comparePtr(invert ? JITCompiler::NotEqual : JITCompiler::Equal, arg1GPR, arg2GPR, resultGPR);
+ m_jit.or32(JITCompiler::TrustedImm32(ValueFalse), resultGPR);
- JITCompiler::Jump done1 = m_jit.jump();
+ JITCompiler::Jump done = m_jit.jump();
twoCellsCase.link(&m_jit);
- JITCompiler::Jump notEqualCase = m_jit.branchPtr(JITCompiler::NotEqual, arg1GPR, arg2GPR);
+ slowPathCases.append(m_jit.branchPtr(JITCompiler::NotEqual, arg1GPR, arg2GPR));
m_jit.move(JITCompiler::TrustedImmPtr(JSValue::encode(jsBoolean(!invert))), resultGPR);
- JITCompiler::Jump done2 = m_jit.jump();
+ addSlowPathGenerator(
+ adoptPtr(
+ new CompareAndBoxBooleanSlowPathGenerator<MacroAssembler::JumpList>(
+ slowPathCases, this, operationCompareStrictEq, resultGPR, arg1GPR,
+ arg2GPR)));
- leftDouble.link(&m_jit);
- rightDouble.link(&m_jit);
- notEqualCase.link(&m_jit);
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationCompareStrictEq, resultGPR, arg1GPR, arg2GPR);
- silentFillAllRegisters(resultGPR);
-
- m_jit.andPtr(JITCompiler::TrustedImm32(1), resultGPR);
-
- done1.link(&m_jit);
-
- m_jit.or32(JITCompiler::TrustedImm32(ValueFalse), resultGPR);
-
- done2.link(&m_jit);
+ done.link(&m_jit);
}
jsValueResult(resultGPR, m_compileIndex, DataFormatJSBoolean, UseChildrenCalledExplicitly);
@@ -935,8 +964,8 @@ void SpeculativeJIT::emitCall(Node& node)
GPRReg calleeGPR = callee.gpr();
use(calleeEdge);
- // The call instruction's first child is either the function (normal call) or the
- // receiver (method call). subsequent children are the arguments.
+ // The call instruction's first child is the function; the subsequent children are the
+ // arguments.
int numPassedArgs = node.numChildren() - 1;
m_jit.store32(MacroAssembler::TrustedImm32(numPassedArgs + dummyThisArgument), callFramePayloadSlot(RegisterFile::ArgumentCount));
@@ -999,6 +1028,7 @@ GPRReg SpeculativeJIT::fillSpeculateIntInternal(NodeIndex nodeIndex, DataFormat&
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("SpecInt@%d ", nodeIndex);
#endif
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = at(nodeIndex);
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1056,7 +1086,8 @@ GPRReg SpeculativeJIT::fillSpeculateIntInternal(NodeIndex nodeIndex, DataFormat&
// Check the value is an integer.
GPRReg gpr = info.gpr();
m_gprs.lock(gpr);
- speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchPtr(MacroAssembler::Below, gpr, GPRInfo::tagTypeNumberRegister));
+ if (!isInt32Prediction(type))
+ speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchPtr(MacroAssembler::Below, gpr, GPRInfo::tagTypeNumberRegister));
info.fillJSValue(gpr, DataFormatJSInteger);
// If !strict we're done, return.
if (!strict) {
@@ -1144,6 +1175,7 @@ FPRReg SpeculativeJIT::fillSpeculateDouble(NodeIndex nodeIndex)
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("SpecDouble@%d ", nodeIndex);
#endif
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = at(nodeIndex);
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1228,7 +1260,8 @@ FPRReg SpeculativeJIT::fillSpeculateDouble(NodeIndex nodeIndex)
JITCompiler::Jump isInteger = m_jit.branchPtr(MacroAssembler::AboveOrEqual, jsValueGpr, GPRInfo::tagTypeNumberRegister);
- speculationCheck(BadType, JSValueRegs(jsValueGpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::Zero, jsValueGpr, GPRInfo::tagTypeNumberRegister));
+ if (!isNumberPrediction(type))
+ speculationCheck(BadType, JSValueRegs(jsValueGpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::Zero, jsValueGpr, GPRInfo::tagTypeNumberRegister));
// First, if we get here we have a double encoded as a JSValue
m_jit.move(jsValueGpr, tempGpr);
@@ -1295,6 +1328,7 @@ GPRReg SpeculativeJIT::fillSpeculateCell(NodeIndex nodeIndex)
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("SpecCell@%d ", nodeIndex);
#endif
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = at(nodeIndex);
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1324,7 +1358,7 @@ GPRReg SpeculativeJIT::fillSpeculateCell(NodeIndex nodeIndex)
m_jit.loadPtr(JITCompiler::addressFor(virtualRegister), gpr);
info.fillJSValue(gpr, DataFormatJS);
- if (info.spillFormat() != DataFormatJSCell)
+ if (!isCellPrediction(type))
speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::NonZero, gpr, GPRInfo::tagMaskRegister));
info.fillJSValue(gpr, DataFormatJSCell);
return gpr;
@@ -1340,7 +1374,8 @@ GPRReg SpeculativeJIT::fillSpeculateCell(NodeIndex nodeIndex)
case DataFormatJS: {
GPRReg gpr = info.gpr();
m_gprs.lock(gpr);
- speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::NonZero, gpr, GPRInfo::tagMaskRegister));
+ if (!isCellPrediction(type))
+ speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::NonZero, gpr, GPRInfo::tagMaskRegister));
info.fillJSValue(gpr, DataFormatJSCell);
return gpr;
}
@@ -1368,6 +1403,7 @@ GPRReg SpeculativeJIT::fillSpeculateBoolean(NodeIndex nodeIndex)
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("SpecBool@%d ", nodeIndex);
#endif
+ PredictedType type = m_state.forNode(nodeIndex).m_type;
Node& node = at(nodeIndex);
VirtualRegister virtualRegister = node.virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1397,7 +1433,7 @@ GPRReg SpeculativeJIT::fillSpeculateBoolean(NodeIndex nodeIndex)
m_jit.loadPtr(JITCompiler::addressFor(virtualRegister), gpr);
info.fillJSValue(gpr, DataFormatJS);
- if (info.spillFormat() != DataFormatJSBoolean) {
+ if (!isBooleanPrediction(type)) {
m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueFalse)), gpr);
speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::NonZero, gpr, TrustedImm32(static_cast<int32_t>(~1))), SpeculationRecovery(BooleanSpeculationCheck, gpr, InvalidGPRReg));
m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueFalse)), gpr);
@@ -1416,9 +1452,11 @@ GPRReg SpeculativeJIT::fillSpeculateBoolean(NodeIndex nodeIndex)
case DataFormatJS: {
GPRReg gpr = info.gpr();
m_gprs.lock(gpr);
- m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueFalse)), gpr);
- speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::NonZero, gpr, TrustedImm32(static_cast<int32_t>(~1))), SpeculationRecovery(BooleanSpeculationCheck, gpr, InvalidGPRReg));
- m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueFalse)), gpr);
+ if (!isBooleanPrediction(type)) {
+ m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueFalse)), gpr);
+ speculationCheck(BadType, JSValueRegs(gpr), nodeIndex, m_jit.branchTestPtr(MacroAssembler::NonZero, gpr, TrustedImm32(static_cast<int32_t>(~1))), SpeculationRecovery(BooleanSpeculationCheck, gpr, InvalidGPRReg));
+ m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueFalse)), gpr);
+ }
info.fillJSValue(gpr, DataFormatJSBoolean);
return gpr;
}
@@ -1764,13 +1802,10 @@ void SpeculativeJIT::compileLogicalNot(Node& node)
m_jit.move(arg1GPR, resultGPR);
m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueFalse)), resultGPR);
- JITCompiler::Jump fastCase = m_jit.branchTestPtr(JITCompiler::Zero, resultGPR, TrustedImm32(static_cast<int32_t>(~1)));
-
- silentSpillAllRegisters(resultGPR);
- callOperation(dfgConvertJSValueToBoolean, resultGPR, arg1GPR);
- silentFillAllRegisters(resultGPR);
+ JITCompiler::Jump slowCase = m_jit.branchTestPtr(JITCompiler::NonZero, resultGPR, TrustedImm32(static_cast<int32_t>(~1)));
- fastCase.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(slowCase, this, dfgConvertJSValueToBoolean, resultGPR, arg1GPR));
m_jit.xorPtr(TrustedImm32(static_cast<int32_t>(ValueTrue)), resultGPR);
jsValueResult(resultGPR, m_compileIndex, DataFormatJSBoolean, UseChildrenCalledExplicitly);
@@ -1813,7 +1848,7 @@ void SpeculativeJIT::emitBranch(Node& node)
if (at(node.child1()).shouldSpeculateInteger()) {
bool invert = false;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
invert = true;
BlockIndex tmp = taken;
taken = notTaken;
@@ -1841,7 +1876,7 @@ void SpeculativeJIT::emitBranch(Node& node)
if (isBooleanPrediction(m_state.forNode(node.child1()).m_type)) {
MacroAssembler::ResultCondition condition = MacroAssembler::NonZero;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
condition = MacroAssembler::Zero;
BlockIndex tmp = taken;
taken = notTaken;
@@ -1902,12 +1937,19 @@ void SpeculativeJIT::compile(Node& node)
AbstractValue& value = block()->valuesAtHead.operand(node.local());
// If we have no prediction for this local, then don't attempt to compile.
- if (prediction == PredictNone || value.isClear()) {
+ if (prediction == PredictNone) {
terminateSpeculativeExecution(InadequateCoverage, JSValueRegs(), NoNode);
break;
}
- if (!m_jit.graph().isCaptured(node.local())) {
+ if (!node.variableAccessData()->isCaptured()) {
+ // If the CFA is tracking this variable and it found that the variable
+ // cannot have been assigned, then don't attempt to proceed.
+ if (value.isClear()) {
+ terminateSpeculativeExecution(InadequateCoverage, JSValueRegs(), NoNode);
+ break;
+ }
+
if (node.variableAccessData()->shouldUseDoubleFormat()) {
FPRTemporary result(this);
m_jit.loadDouble(JITCompiler::addressFor(node.local()), result.fpr());
@@ -1939,7 +1981,7 @@ void SpeculativeJIT::compile(Node& node)
m_gprs.retain(result.gpr(), virtualRegister, SpillOrderJS);
DataFormat format;
- if (m_jit.graph().isCaptured(node.local()))
+ if (node.variableAccessData()->isCaptured())
format = DataFormatJS;
else if (isCellPrediction(value.m_type))
format = DataFormatJSCell;
@@ -1952,6 +1994,15 @@ void SpeculativeJIT::compile(Node& node)
break;
}
+ case GetLocalUnlinked: {
+ GPRTemporary result(this);
+
+ m_jit.loadPtr(JITCompiler::addressFor(node.unlinkedLocal()), result.gpr());
+
+ jsValueResult(result.gpr(), m_compileIndex);
+ break;
+ }
+
case SetLocal: {
// SetLocal doubles as a hint as to where a node will be stored and
// as a speculation point. So before we speculate make sure that we
@@ -1989,7 +2040,7 @@ void SpeculativeJIT::compile(Node& node)
// OSR exit, would not be visible to the old JIT in any way.
m_codeOriginForOSR = nextNode->codeOrigin;
- if (!m_jit.graph().isCaptured(node.local())) {
+ if (!node.variableAccessData()->isCaptured()) {
if (node.variableAccessData()->shouldUseDoubleFormat()) {
SpeculateDoubleOperand value(this, node.child1());
m_jit.storeDouble(value.fpr(), JITCompiler::addressFor(node.local()));
@@ -2332,6 +2383,13 @@ void SpeculativeJIT::compile(Node& node)
break;
}
+ if (at(node.child1()).shouldSpeculateArguments()) {
+ compileGetByValOnArguments(node);
+ if (!m_compileOkay)
+ return;
+ break;
+ }
+
if (at(node.child1()).prediction() == PredictString) {
compileGetByValOnString(node);
if (!m_compileOkay)
@@ -2453,6 +2511,65 @@ void SpeculativeJIT::compile(Node& node)
SpeculateCellOperand base(this, node.child1());
SpeculateStrictInt32Operand property(this, node.child2());
+ if (at(node.child1()).shouldSpeculateArguments()) {
+ JSValueOperand value(this, node.child3());
+ SpeculateCellOperand base(this, node.child1());
+ SpeculateStrictInt32Operand property(this, node.child2());
+ GPRTemporary scratch(this);
+ GPRTemporary scratch2(this);
+
+ GPRReg baseReg = base.gpr();
+ GPRReg propertyReg = property.gpr();
+ GPRReg valueReg = value.gpr();
+ GPRReg scratchReg = scratch.gpr();
+ GPRReg scratch2Reg = scratch2.gpr();
+
+ if (!m_compileOkay)
+ return;
+
+ if (!isArgumentsPrediction(m_state.forNode(node.child1()).m_type)) {
+ speculationCheck(
+ BadType, JSValueSource::unboxedCell(baseReg), node.child1(),
+ m_jit.branchPtr(
+ MacroAssembler::NotEqual,
+ MacroAssembler::Address(baseReg, JSCell::classInfoOffset()),
+ MacroAssembler::TrustedImmPtr(&Arguments::s_info)));
+ }
+
+ m_jit.loadPtr(
+ MacroAssembler::Address(baseReg, Arguments::offsetOfData()),
+ scratchReg);
+
+ // Two really lame checks.
+ speculationCheck(
+ Uncountable, JSValueSource(), NoNode,
+ m_jit.branchPtr(
+ MacroAssembler::AboveOrEqual, propertyReg,
+ MacroAssembler::Address(scratchReg, OBJECT_OFFSETOF(ArgumentsData, numArguments))));
+ speculationCheck(
+ Uncountable, JSValueSource(), NoNode,
+ m_jit.branchTestPtr(
+ MacroAssembler::NonZero,
+ MacroAssembler::Address(
+ scratchReg, OBJECT_OFFSETOF(ArgumentsData, deletedArguments))));
+
+ m_jit.move(propertyReg, scratch2Reg);
+ m_jit.neg32(scratch2Reg);
+ m_jit.signExtend32ToPtr(scratch2Reg, scratch2Reg);
+ m_jit.loadPtr(
+ MacroAssembler::Address(scratchReg, OBJECT_OFFSETOF(ArgumentsData, registers)),
+ scratchReg);
+
+ m_jit.storePtr(
+ valueReg,
+ MacroAssembler::BaseIndex(
+ scratchReg, scratch2Reg, MacroAssembler::TimesEight,
+ CallFrame::thisArgumentOffset() * sizeof(Register) - sizeof(Register)));
+
+ noResult(m_compileIndex);
+ break;
+ }
+
if (at(node.child1()).shouldSpeculateInt8Array()) {
compilePutByValForIntTypedArray(m_jit.globalData()->int8ArrayDescriptor(), base.gpr(), property.gpr(), node, sizeof(int8_t), isInt8ArrayPrediction(m_state.forNode(node.child1()).m_type) ? NoTypedArrayTypeSpecCheck : AllTypedArraySpecChecks, SignedTypedArray);
if (!m_compileOkay)
@@ -2539,15 +2656,7 @@ void SpeculativeJIT::compile(Node& node)
property.use();
value.use();
- MacroAssembler::Jump withinArrayBounds = m_jit.branch32(MacroAssembler::Below, propertyReg, MacroAssembler::Address(baseReg, JSArray::vectorLengthOffset()));
-
- // Code to handle put beyond array bounds.
- silentSpillAllRegisters(scratchReg);
- callOperation(m_jit.codeBlock()->isStrictMode() ? operationPutByValBeyondArrayBoundsStrict : operationPutByValBeyondArrayBoundsNonStrict, baseReg, propertyReg, valueReg);
- silentFillAllRegisters(scratchReg);
- JITCompiler::Jump wasBeyondArrayBounds = m_jit.jump();
-
- withinArrayBounds.link(&m_jit);
+ MacroAssembler::Jump beyondArrayBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(baseReg, JSArray::vectorLengthOffset()));
// Get the array storage.
GPRReg storageReg = scratchReg;
@@ -2569,7 +2678,11 @@ void SpeculativeJIT::compile(Node& node)
// Store the value to the array.
m_jit.storePtr(valueReg, MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::ScalePtr, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])));
- wasBeyondArrayBounds.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ beyondArrayBounds, this,
+ m_jit.codeBlock()->isStrictMode() ? operationPutByValBeyondArrayBoundsStrict : operationPutByValBeyondArrayBoundsNonStrict,
+ NoResult, baseReg, propertyReg, valueReg));
noResult(m_compileIndex, UseChildrenCalledExplicitly);
break;
@@ -2751,15 +2864,10 @@ void SpeculativeJIT::compile(Node& node)
m_jit.add32(TrustedImm32(1), MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
m_jit.orPtr(GPRInfo::tagTypeNumberRegister, storageLengthGPR);
- MacroAssembler::Jump done = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(storageLengthGPR);
- callOperation(operationArrayPush, storageLengthGPR, valueGPR, baseGPR);
- silentFillAllRegisters(storageLengthGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ slowPath, this, operationArrayPush, NoResult, storageLengthGPR,
+ valueGPR, baseGPR));
jsValueResult(storageLengthGPR, m_compileIndex);
break;
@@ -2782,7 +2890,8 @@ void SpeculativeJIT::compile(Node& node)
m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSArray::storageOffset()), storageGPR);
m_jit.load32(MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_length)), storageLengthGPR);
- MacroAssembler::Jump emptyArrayCase = m_jit.branchTest32(MacroAssembler::Zero, storageLengthGPR);
+ JITCompiler::JumpList setUndefinedCases;
+ setUndefinedCases.append(m_jit.branchTest32(MacroAssembler::Zero, storageLengthGPR));
m_jit.sub32(TrustedImm32(1), storageLengthGPR);
@@ -2792,28 +2901,20 @@ void SpeculativeJIT::compile(Node& node)
m_jit.store32(storageLengthGPR, MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_length)));
- MacroAssembler::Jump holeCase = m_jit.branchTestPtr(MacroAssembler::Zero, valueGPR);
+ setUndefinedCases.append(m_jit.branchTestPtr(MacroAssembler::Zero, valueGPR));
m_jit.storePtr(MacroAssembler::TrustedImmPtr(0), MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::ScalePtr, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])));
m_jit.sub32(MacroAssembler::TrustedImm32(1), MacroAssembler::Address(storageGPR, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
- MacroAssembler::JumpList done;
-
- done.append(m_jit.jump());
-
- holeCase.link(&m_jit);
- emptyArrayCase.link(&m_jit);
- m_jit.move(MacroAssembler::TrustedImmPtr(JSValue::encode(jsUndefined())), valueGPR);
- done.append(m_jit.jump());
-
- slowCase.link(&m_jit);
-
- silentSpillAllRegisters(valueGPR);
- callOperation(operationArrayPop, valueGPR, baseGPR);
- silentFillAllRegisters(valueGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathMove(
+ setUndefinedCases, this,
+ MacroAssembler::TrustedImmPtr(JSValue::encode(jsUndefined())), valueGPR));
+ addSlowPathGenerator(
+ slowPathCall(
+ slowCase, this, operationArrayPop, valueGPR, baseGPR));
+
jsValueResult(valueGPR, m_compileIndex);
break;
}
@@ -2834,7 +2935,7 @@ void SpeculativeJIT::compile(Node& node)
MacroAssembler::ResultCondition condition = MacroAssembler::NonZero;
- if (taken == (m_block + 1)) {
+ if (taken == nextBlock()) {
condition = MacroAssembler::Zero;
BlockIndex tmp = taken;
taken = notTaken;
@@ -2913,21 +3014,14 @@ void SpeculativeJIT::compile(Node& node)
if (!(m_state.forNode(node.child1()).m_type & ~(PredictNumber | PredictBoolean)))
m_jit.move(op1GPR, resultGPR);
else {
- MacroAssembler::JumpList alreadyPrimitive;
-
- alreadyPrimitive.append(m_jit.branchTestPtr(MacroAssembler::NonZero, op1GPR, GPRInfo::tagMaskRegister));
- alreadyPrimitive.append(m_jit.branchPtr(MacroAssembler::Equal, MacroAssembler::Address(op1GPR, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSString::s_info)));
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationToPrimitive, resultGPR, op1GPR);
- silentFillAllRegisters(resultGPR);
-
- MacroAssembler::Jump done = m_jit.jump();
+ MacroAssembler::Jump alreadyPrimitive = m_jit.branchTestPtr(MacroAssembler::NonZero, op1GPR, GPRInfo::tagMaskRegister);
+ MacroAssembler::Jump notPrimitive = m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(op1GPR, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSString::s_info));
alreadyPrimitive.link(&m_jit);
m_jit.move(op1GPR, resultGPR);
- done.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(notPrimitive, this, operationToPrimitive, resultGPR, op1GPR));
}
jsValueResult(resultGPR, m_compileIndex, UseChildrenCalledExplicitly);
@@ -2952,8 +3046,10 @@ void SpeculativeJIT::compile(Node& node)
// probably has the best balance of performance and sensibility in the sense
// that it does not increase the complexity of the DFG JIT just to make StrCat
// fast and pretty.
-
- EncodedJSValue* buffer = static_cast<EncodedJSValue*>(m_jit.globalData()->scratchBufferForSize(sizeof(EncodedJSValue) * node.numChildren()));
+
+ size_t scratchSize = sizeof(EncodedJSValue) * node.numChildren();
+ ScratchBuffer* scratchBuffer = m_jit.globalData()->scratchBufferForSize(scratchSize);
+ EncodedJSValue* buffer = scratchBuffer ? static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer()) : 0;
for (unsigned operandIdx = 0; operandIdx < node.numChildren(); ++operandIdx) {
JSValueOperand operand(this, m_jit.graph().m_varArgChildren[node.firstChild() + operandIdx]);
@@ -2964,11 +3060,26 @@ void SpeculativeJIT::compile(Node& node)
}
flushRegisters();
-
+
+ if (scratchSize) {
+ GPRTemporary scratch(this);
+
+ // Tell GC mark phase how much of the scratch buffer is active during call.
+ m_jit.move(TrustedImmPtr(scratchBuffer->activeLengthPtr()), scratch.gpr());
+ m_jit.storePtr(TrustedImmPtr(scratchSize), scratch.gpr());
+ }
+
GPRResult result(this);
- callOperation(op == StrCat ? operationStrCat : operationNewArray, result.gpr(), buffer, node.numChildren());
-
+ callOperation(op == StrCat ? operationStrCat : operationNewArray, result.gpr(), static_cast<void *>(buffer), node.numChildren());
+
+ if (scratchSize) {
+ GPRTemporary scratch(this);
+
+ m_jit.move(TrustedImmPtr(scratchBuffer->activeLengthPtr()), scratch.gpr());
+ m_jit.storePtr(TrustedImmPtr(0), scratch.gpr());
+ }
+
cellResult(result.gpr(), m_compileIndex, UseChildrenCalledExplicitly);
break;
}
@@ -3068,15 +3179,7 @@ void SpeculativeJIT::compile(Node& node)
emitAllocateJSFinalObject(scratchGPR, resultGPR, scratchGPR, slowPath);
- MacroAssembler::Jump done = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationCreateThis, resultGPR, calleeGPR);
- silentFillAllRegisters(resultGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR));
cellResult(resultGPR, m_compileIndex);
break;
@@ -3093,15 +3196,7 @@ void SpeculativeJIT::compile(Node& node)
emitAllocateJSFinalObject(MacroAssembler::TrustedImmPtr(m_jit.globalObjectFor(node.codeOrigin)->emptyObjectStructure()), resultGPR, scratchGPR, slowPath);
- MacroAssembler::Jump done = m_jit.jump();
-
- slowPath.link(&m_jit);
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationNewObject, resultGPR);
- silentFillAllRegisters(resultGPR);
-
- done.link(&m_jit);
+ addSlowPathGenerator(slowPathCall(slowPath, this, operationNewObject, resultGPR));
cellResult(resultGPR, m_compileIndex);
break;
@@ -3271,6 +3366,11 @@ void SpeculativeJIT::compile(Node& node)
integerResult(resultGPR, m_compileIndex);
break;
}
+
+ case GetArgumentsLength: {
+ compileGetArgumentsLength(node);
+ break;
+ }
case GetStringLength: {
SpeculateCellOperand base(this, node.child1());
@@ -3331,7 +3431,9 @@ void SpeculativeJIT::compile(Node& node)
break;
}
case CheckStructure: {
- if (m_state.forNode(node.child1()).m_structure.isSubsetOf(node.structureSet())) {
+ AbstractValue& value = m_state.forNode(node.child1());
+ if (value.m_structure.isSubsetOf(node.structureSet())
+ && isCellPrediction(value.m_type)) {
noResult(m_compileIndex);
break;
}
@@ -3416,9 +3518,9 @@ void SpeculativeJIT::compile(Node& node)
case PutByOffset: {
#if ENABLE(GGC) || ENABLE(WRITE_BARRIER_PROFILING)
- SpeculateCellOperand base(this, node.child1());
+ SpeculateCellOperand base(this, node.child2());
#endif
- StorageOperand storage(this, node.child2());
+ StorageOperand storage(this, node.child1());
JSValueOperand value(this, node.child3());
GPRReg storageGPR = storage.gpr();
@@ -3660,27 +3762,26 @@ void SpeculativeJIT::compile(Node& node)
m_jit.move(JITCompiler::TrustedImmPtr(m_jit.globalObjectFor(node.codeOrigin)), globalObjectGPR);
m_jit.move(JITCompiler::TrustedImmPtr(resolveInfoAddress), resolveInfoGPR);
m_jit.loadPtr(JITCompiler::Address(resolveInfoGPR, OBJECT_OFFSETOF(GlobalResolveInfo, structure)), resultGPR);
- JITCompiler::Jump structuresMatch = m_jit.branchPtr(JITCompiler::Equal, resultGPR, JITCompiler::Address(globalObjectGPR, JSCell::structureOffset()));
-
- silentSpillAllRegisters(resultGPR);
- callOperation(operationResolveGlobal, resultGPR, resolveInfoGPR, &m_jit.codeBlock()->identifier(data.identifierNumber));
- silentFillAllRegisters(resultGPR);
-
- JITCompiler::Jump wasSlow = m_jit.jump();
+ JITCompiler::Jump structuresDontMatch = m_jit.branchPtr(JITCompiler::NotEqual, resultGPR, JITCompiler::Address(globalObjectGPR, JSCell::structureOffset()));
// Fast case
- structuresMatch.link(&m_jit);
m_jit.loadPtr(JITCompiler::Address(globalObjectGPR, JSObject::offsetOfPropertyStorage()), resultGPR);
m_jit.load32(JITCompiler::Address(resolveInfoGPR, OBJECT_OFFSETOF(GlobalResolveInfo, offset)), resolveInfoGPR);
m_jit.loadPtr(JITCompiler::BaseIndex(resultGPR, resolveInfoGPR, JITCompiler::ScalePtr), resultGPR);
- wasSlow.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ structuresDontMatch, this, operationResolveGlobal,
+ resultGPR, resolveInfoGPR,
+ &m_jit.codeBlock()->identifier(data.identifierNumber)));
jsValueResult(resultGPR, m_compileIndex);
break;
}
case CreateActivation: {
+ ASSERT(!node.codeOrigin.inlineCallFrame);
+
JSValueOperand value(this, node.child1());
GPRTemporary result(this, value);
@@ -3689,34 +3790,240 @@ void SpeculativeJIT::compile(Node& node)
m_jit.move(valueGPR, resultGPR);
- JITCompiler::Jump alreadyCreated = m_jit.branchTestPtr(JITCompiler::NonZero, resultGPR);
+ JITCompiler::Jump notCreated = m_jit.branchTestPtr(JITCompiler::Zero, resultGPR);
- silentSpillAllRegisters(resultGPR);
- callOperation(operationCreateActivation, resultGPR);
- silentFillAllRegisters(resultGPR);
-
- alreadyCreated.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(notCreated, this, operationCreateActivation, resultGPR));
cellResult(resultGPR, m_compileIndex);
break;
}
- case TearOffActivation: {
+ case CreateArguments: {
JSValueOperand value(this, node.child1());
+ GPRTemporary result(this, value);
+
GPRReg valueGPR = value.gpr();
+ GPRReg resultGPR = result.gpr();
+
+ m_jit.move(valueGPR, resultGPR);
+
+ JITCompiler::Jump notCreated = m_jit.branchTestPtr(JITCompiler::Zero, resultGPR);
+
+ if (node.codeOrigin.inlineCallFrame) {
+ addSlowPathGenerator(
+ slowPathCall(
+ notCreated, this, operationCreateInlinedArguments, resultGPR,
+ node.codeOrigin.inlineCallFrame));
+ } else {
+ addSlowPathGenerator(
+ slowPathCall(notCreated, this, operationCreateArguments, resultGPR));
+ }
+
+ cellResult(resultGPR, m_compileIndex);
+ break;
+ }
- JITCompiler::Jump notCreated = m_jit.branchTestPtr(JITCompiler::Zero, valueGPR);
+ case TearOffActivation: {
+ ASSERT(!node.codeOrigin.inlineCallFrame);
+
+ JSValueOperand activationValue(this, node.child1());
+ JSValueOperand argumentsValue(this, node.child2());
+ GPRReg activationValueGPR = activationValue.gpr();
+ GPRReg argumentsValueGPR = argumentsValue.gpr();
+
+ JITCompiler::JumpList created;
+ created.append(m_jit.branchTestPtr(JITCompiler::NonZero, activationValueGPR));
+ created.append(m_jit.branchTestPtr(JITCompiler::NonZero, argumentsValueGPR));
+
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationTearOffActivation, NoResult, activationValueGPR,
+ static_cast<int32_t>(node.unmodifiedArgumentsRegister())));
+
+ noResult(m_compileIndex);
+ break;
+ }
- silentSpillAllRegisters(InvalidGPRReg);
- callOperation(operationTearOffActivation, valueGPR);
- silentFillAllRegisters(InvalidGPRReg);
+ case TearOffArguments: {
+ JSValueOperand argumentsValue(this, node.child1());
+ GPRReg argumentsValueGPR = argumentsValue.gpr();
- notCreated.link(&m_jit);
+ JITCompiler::Jump created = m_jit.branchTestPtr(JITCompiler::NonZero, argumentsValueGPR);
+
+ if (node.codeOrigin.inlineCallFrame) {
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationTearOffInlinedArguments, NoResult,
+ argumentsValueGPR, node.codeOrigin.inlineCallFrame));
+ } else {
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationTearOffArguments, NoResult, argumentsValueGPR));
+ }
noResult(m_compileIndex);
break;
}
+ case GetMyArgumentsLength: {
+ GPRTemporary result(this);
+ GPRReg resultGPR = result.gpr();
+
+ speculationCheck(
+ ArgumentsEscaped, JSValueRegs(), NoNode,
+ m_jit.branchTestPtr(
+ JITCompiler::NonZero,
+ JITCompiler::addressFor(
+ m_jit.argumentsRegisterFor(node.codeOrigin))));
+
+ ASSERT(!node.codeOrigin.inlineCallFrame);
+ m_jit.load32(JITCompiler::payloadFor(RegisterFile::ArgumentCount), resultGPR);
+ m_jit.sub32(TrustedImm32(1), resultGPR);
+ integerResult(resultGPR, m_compileIndex);
+ break;
+ }
+
+ case GetMyArgumentsLengthSafe: {
+ GPRTemporary result(this);
+ GPRReg resultGPR = result.gpr();
+
+ JITCompiler::Jump created = m_jit.branchTestPtr(
+ JITCompiler::NonZero,
+ JITCompiler::addressFor(
+ m_jit.argumentsRegisterFor(node.codeOrigin)));
+
+ if (node.codeOrigin.inlineCallFrame) {
+ m_jit.move(
+ ImmPtr(
+ bitwise_cast<void*>(
+ JSValue::encode(
+ jsNumber(node.codeOrigin.inlineCallFrame->arguments.size() - 1)))),
+ resultGPR);
+ } else {
+ m_jit.load32(JITCompiler::payloadFor(RegisterFile::ArgumentCount), resultGPR);
+ m_jit.sub32(TrustedImm32(1), resultGPR);
+ m_jit.orPtr(GPRInfo::tagTypeNumberRegister, resultGPR);
+ }
+
+ // FIXME: the slow path generator should perform a forward speculation that the
+ // result is an integer. For now we postpone the speculation by having this return
+ // a JSValue.
+
+ addSlowPathGenerator(
+ slowPathCall(
+ created, this, operationGetArgumentsLength, resultGPR,
+ m_jit.argumentsRegisterFor(node.codeOrigin)));
+
+ jsValueResult(resultGPR, m_compileIndex);
+ break;
+ }
+
+ case GetMyArgumentByVal: {
+ SpeculateStrictInt32Operand index(this, node.child1());
+ GPRTemporary result(this);
+ GPRReg indexGPR = index.gpr();
+ GPRReg resultGPR = result.gpr();
+
+ speculationCheck(
+ ArgumentsEscaped, JSValueRegs(), NoNode,
+ m_jit.branchTestPtr(
+ JITCompiler::NonZero,
+ JITCompiler::addressFor(
+ m_jit.argumentsRegisterFor(node.codeOrigin))));
+
+ m_jit.add32(TrustedImm32(1), indexGPR, resultGPR);
+ if (node.codeOrigin.inlineCallFrame) {
+ speculationCheck(
+ Uncountable, JSValueRegs(), NoNode,
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultGPR,
+ Imm32(node.codeOrigin.inlineCallFrame->arguments.size())));
+ } else {
+ speculationCheck(
+ Uncountable, JSValueRegs(), NoNode,
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultGPR,
+ JITCompiler::payloadFor(RegisterFile::ArgumentCount)));
+ }
+
+ m_jit.neg32(resultGPR);
+ m_jit.signExtend32ToPtr(resultGPR, resultGPR);
+
+ m_jit.loadPtr(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, resultGPR, JITCompiler::TimesEight,
+ ((node.codeOrigin.inlineCallFrame
+ ? node.codeOrigin.inlineCallFrame->stackOffset
+ : 0) + CallFrame::argumentOffsetIncludingThis(0)) * sizeof(Register)),
+ resultGPR);
+
+ jsValueResult(resultGPR, m_compileIndex);
+ break;
+ }
+
+ case GetMyArgumentByValSafe: {
+ SpeculateStrictInt32Operand index(this, node.child1());
+ GPRTemporary result(this);
+ GPRReg indexGPR = index.gpr();
+ GPRReg resultGPR = result.gpr();
+
+ JITCompiler::JumpList slowPath;
+ slowPath.append(
+ m_jit.branchTestPtr(
+ JITCompiler::NonZero,
+ JITCompiler::addressFor(
+ m_jit.argumentsRegisterFor(node.codeOrigin))));
+
+ m_jit.add32(TrustedImm32(1), indexGPR, resultGPR);
+ if (node.codeOrigin.inlineCallFrame) {
+ slowPath.append(
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultGPR,
+ Imm32(node.codeOrigin.inlineCallFrame->arguments.size())));
+ } else {
+ slowPath.append(
+ m_jit.branch32(
+ JITCompiler::AboveOrEqual,
+ resultGPR,
+ JITCompiler::payloadFor(RegisterFile::ArgumentCount)));
+ }
+
+ m_jit.neg32(resultGPR);
+ m_jit.signExtend32ToPtr(resultGPR, resultGPR);
+
+ m_jit.loadPtr(
+ JITCompiler::BaseIndex(
+ GPRInfo::callFrameRegister, resultGPR, JITCompiler::TimesEight,
+ ((node.codeOrigin.inlineCallFrame
+ ? node.codeOrigin.inlineCallFrame->stackOffset
+ : 0) + CallFrame::argumentOffsetIncludingThis(0)) * sizeof(Register)),
+ resultGPR);
+
+ addSlowPathGenerator(
+ slowPathCall(
+ slowPath, this, operationGetArgumentByVal, resultGPR,
+ m_jit.argumentsRegisterFor(node.codeOrigin),
+ indexGPR));
+
+ jsValueResult(resultGPR, m_compileIndex);
+ break;
+ }
+
+ case CheckArgumentsNotCreated: {
+ speculationCheck(
+ ArgumentsEscaped, JSValueRegs(), NoNode,
+ m_jit.branchTestPtr(
+ JITCompiler::NonZero,
+ JITCompiler::addressFor(
+ m_jit.argumentsRegisterFor(node.codeOrigin))));
+ noResult(m_compileIndex);
+ break;
+ }
+
case NewFunctionNoCheck:
compileNewFunctionNoCheck(node);
break;
@@ -3730,14 +4037,12 @@ void SpeculativeJIT::compile(Node& node)
m_jit.move(valueGPR, resultGPR);
- JITCompiler::Jump alreadyCreated = m_jit.branchTestPtr(JITCompiler::NonZero, resultGPR);
-
- silentSpillAllRegisters(resultGPR);
- callOperation(
- operationNewFunction, resultGPR, m_jit.codeBlock()->functionDecl(node.functionDeclIndex()));
- silentFillAllRegisters(resultGPR);
+ JITCompiler::Jump notCreated = m_jit.branchTestPtr(JITCompiler::Zero, resultGPR);
- alreadyCreated.link(&m_jit);
+ addSlowPathGenerator(
+ slowPathCall(
+ notCreated, this, operationNewFunction,
+ resultGPR, m_jit.codeBlock()->functionDecl(node.functionDeclIndex())));
cellResult(resultGPR, m_compileIndex);
break;
diff --git a/Source/JavaScriptCore/dfg/DFGThunks.cpp b/Source/JavaScriptCore/dfg/DFGThunks.cpp
index d7c3fab23..1ed46c11f 100644
--- a/Source/JavaScriptCore/dfg/DFGThunks.cpp
+++ b/Source/JavaScriptCore/dfg/DFGThunks.cpp
@@ -39,7 +39,9 @@ MacroAssemblerCodeRef osrExitGenerationThunkGenerator(JSGlobalData* globalData)
{
MacroAssembler jit;
- EncodedJSValue* buffer = static_cast<EncodedJSValue*>(globalData->scratchBufferForSize(sizeof(EncodedJSValue) * (GPRInfo::numberOfRegisters + FPRInfo::numberOfRegisters)));
+ size_t scratchSize = sizeof(EncodedJSValue) * (GPRInfo::numberOfRegisters + FPRInfo::numberOfRegisters);
+ ScratchBuffer* scratchBuffer = globalData->scratchBufferForSize(scratchSize);
+ EncodedJSValue* buffer = static_cast<EncodedJSValue*>(scratchBuffer->dataBuffer());
for (unsigned i = 0; i < GPRInfo::numberOfRegisters; ++i)
jit.storePtr(GPRInfo::toRegister(i), buffer + i);
@@ -48,15 +50,22 @@ MacroAssemblerCodeRef osrExitGenerationThunkGenerator(JSGlobalData* globalData)
jit.storeDouble(FPRInfo::toRegister(i), GPRInfo::regT0);
}
+ // Tell GC mark phase how much of the scratch buffer is active during call.
+ jit.move(MacroAssembler::TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::regT0);
+ jit.storePtr(MacroAssembler::TrustedImmPtr(scratchSize), GPRInfo::regT0);
+
// Set up one argument.
#if CPU(X86)
jit.poke(GPRInfo::callFrameRegister, 0);
#else
jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
#endif
-
+
MacroAssembler::Call functionCall = jit.call();
-
+
+ jit.move(MacroAssembler::TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::regT0);
+ jit.storePtr(MacroAssembler::TrustedImmPtr(0), GPRInfo::regT0);
+
for (unsigned i = 0; i < FPRInfo::numberOfRegisters; ++i) {
jit.move(MacroAssembler::TrustedImmPtr(buffer + GPRInfo::numberOfRegisters + i), GPRInfo::regT0);
jit.loadDouble(GPRInfo::regT0, FPRInfo::toRegister(i));
diff --git a/Source/JavaScriptCore/dfg/DFGValidate.cpp b/Source/JavaScriptCore/dfg/DFGValidate.cpp
new file mode 100644
index 000000000..2b26123d8
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGValidate.cpp
@@ -0,0 +1,362 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGValidate.h"
+
+#if ENABLE(DFG_JIT)
+
+#include <wtf/Assertions.h>
+#include <wtf/BitVector.h>
+
+namespace JSC { namespace DFG {
+
+#if DFG_ENABLE(VALIDATION)
+
+class Validate {
+public:
+ Validate(Graph& graph, GraphDumpMode graphDumpMode)
+ : m_graph(graph)
+ , m_graphDumpMode(graphDumpMode)
+ {
+ }
+
+ #define VALIDATE(context, assertion) do { \
+ if (!(assertion)) { \
+ dataLog("\n\n\nAt "); \
+ reportValidationContext context; \
+ dataLog(": validation %s (%s:%d) failed.\n", #assertion, __FILE__, __LINE__); \
+ dumpGraphIfAppropriate(); \
+ WTFReportAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #assertion); \
+ CRASH(); \
+ } \
+ } while (0)
+
+ #define V_EQUAL(context, left, right) do { \
+ if (left != right) { \
+ dataLog("\n\n\nAt "); \
+ reportValidationContext context; \
+ dataLog(": validation (%s = ", #left); \
+ dumpData(left); \
+ dataLog(") == (%s = ", #right); \
+ dumpData(right); \
+ dataLog(") (%s:%d) failed.\n", __FILE__, __LINE__); \
+ dumpGraphIfAppropriate(); \
+ WTFReportAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #left " == " #right); \
+ CRASH(); \
+ } \
+ } while (0)
+
+ #define notSet (static_cast<size_t>(-1))
+
+ void validate()
+ {
+ // NB. This code is not written for performance, since it is not intended to run
+ // in release builds.
+
+ // Validate ref counts and uses.
+ Vector<unsigned> myRefCounts;
+ myRefCounts.fill(0, m_graph.size());
+ BitVector acceptableNodeIndices;
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ if (!block->isReachable)
+ continue;
+ for (size_t i = 0; i < block->numNodes(); ++i) {
+ NodeIndex nodeIndex = block->nodeIndex(i);
+ acceptableNodeIndices.set(nodeIndex);
+ Node& node = m_graph[nodeIndex];
+ if (!node.shouldGenerate())
+ continue;
+ for (unsigned j = 0; j < m_graph.numChildren(node); ++j) {
+ Edge edge = m_graph.child(node, j);
+ if (!edge)
+ continue;
+
+ myRefCounts[edge.index()]++;
+
+ // Unless I'm a Flush, Phantom, GetLocal, or Phi, my children should hasResult().
+ switch (node.op()) {
+ case Flush:
+ case Phantom:
+ case GetLocal:
+ case Phi:
+ break;
+ default:
+ VALIDATE((nodeIndex, edge), m_graph[edge].hasResult());
+ break;
+ }
+ }
+ }
+ }
+ for (BlockIndex blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ if (!block->isReachable)
+ continue;
+
+ BitVector phisInThisBlock;
+ BitVector nodesInThisBlock;
+
+ for (size_t i = 0; i < block->numNodes(); ++i) {
+ NodeIndex nodeIndex = block->nodeIndex(i);
+ Node& node = m_graph[nodeIndex];
+ nodesInThisBlock.set(nodeIndex);
+ if (block->isPhiIndex(i))
+ phisInThisBlock.set(nodeIndex);
+ V_EQUAL((nodeIndex), myRefCounts[nodeIndex], node.adjustedRefCount());
+ for (unsigned j = 0; j < m_graph.numChildren(node); ++j) {
+ Edge edge = m_graph.child(node, j);
+ if (!edge)
+ continue;
+ VALIDATE((nodeIndex, edge), acceptableNodeIndices.get(edge.index()));
+ }
+ }
+
+ for (size_t i = 0; i < block->phis.size(); ++i) {
+ NodeIndex nodeIndex = block->phis[i];
+ Node& node = m_graph[nodeIndex];
+ ASSERT(phisInThisBlock.get(nodeIndex));
+ VALIDATE((nodeIndex), node.op() == Phi);
+ VirtualRegister local = node.local();
+ for (unsigned j = 0; j < m_graph.numChildren(node); ++j) {
+ Edge edge = m_graph.child(node, j);
+ if (!edge)
+ continue;
+
+ VALIDATE((nodeIndex, edge),
+ m_graph[edge].op() == SetLocal
+ || m_graph[edge].op() == SetArgument
+ || m_graph[edge].op() == Flush
+ || m_graph[edge].op() == Phi);
+
+ if (phisInThisBlock.get(edge.index()))
+ continue;
+
+ if (nodesInThisBlock.get(edge.index())) {
+ VALIDATE((nodeIndex, edge),
+ m_graph[edge].op() == SetLocal
+ || m_graph[edge].op() == SetArgument
+ || m_graph[edge].op() == Flush);
+
+ continue;
+ }
+
+ // There must exist a predecessor block that has this node index in
+ // its tail variables.
+ bool found = false;
+ for (unsigned k = 0; k < block->m_predecessors.size(); ++k) {
+ BasicBlock* prevBlock = m_graph.m_blocks[block->m_predecessors[k]].get();
+ VALIDATE((Block, block->m_predecessors[k]), prevBlock);
+ VALIDATE((Block, block->m_predecessors[k]), prevBlock->isReachable);
+ NodeIndex prevNodeIndex = prevBlock->variablesAtTail.operand(local);
+ // If we have a Phi that is not referring to *this* block then all predecessors
+ // must have that local available.
+ VALIDATE((local, blockIndex, Block, block->m_predecessors[k]), prevNodeIndex != NoNode);
+ Node* prevNode = &m_graph[prevNodeIndex];
+ if (prevNode->op() == GetLocal) {
+ prevNodeIndex = prevNode->child1().index();
+ prevNode = &m_graph[prevNodeIndex];
+ }
+ if (node.shouldGenerate()) {
+ VALIDATE((local, block->m_predecessors[k], prevNodeIndex),
+ prevNode->shouldGenerate());
+ }
+ VALIDATE((local, block->m_predecessors[k], prevNodeIndex),
+ prevNode->op() == SetLocal
+ || prevNode->op() == SetArgument
+ || prevNode->op() == Flush
+ || prevNode->op() == Phi);
+ if (prevNodeIndex == edge.index()) {
+ found = true;
+ break;
+ }
+ // At this point it cannot refer into this block.
+ VALIDATE((local, block->m_predecessors[k], prevNodeIndex), !prevBlock->isInBlock(edge.index()));
+ }
+
+ VALIDATE((nodeIndex, edge), found);
+ }
+ }
+
+ Operands<size_t> getLocalPositions(
+ block->variablesAtHead.numberOfArguments(),
+ block->variablesAtHead.numberOfLocals());
+ Operands<size_t> setLocalPositions(
+ block->variablesAtHead.numberOfArguments(),
+ block->variablesAtHead.numberOfLocals());
+
+ for (size_t i = 0; i < block->variablesAtHead.numberOfArguments(); ++i) {
+ getLocalPositions.argument(i) = notSet;
+ setLocalPositions.argument(i) = notSet;
+ }
+ for (size_t i = 0; i < block->variablesAtHead.numberOfLocals(); ++i) {
+ getLocalPositions.local(i) = notSet;
+ setLocalPositions.local(i) = notSet;
+ }
+
+ for (size_t i = 0; i < block->size(); ++i) {
+ NodeIndex nodeIndex = block->at(i);
+ Node& node = m_graph[nodeIndex];
+ ASSERT(nodesInThisBlock.get(nodeIndex));
+ VALIDATE((nodeIndex), node.op() != Phi);
+ for (unsigned j = 0; j < m_graph.numChildren(node); ++j) {
+ Edge edge = m_graph.child(node, j);
+ if (!edge)
+ continue;
+ VALIDATE((nodeIndex, edge), nodesInThisBlock.get(nodeIndex));
+ }
+
+ if (!node.shouldGenerate())
+ continue;
+ switch (node.op()) {
+ case GetLocal:
+ if (node.variableAccessData()->isCaptured())
+ break;
+ VALIDATE((nodeIndex, blockIndex), getLocalPositions.operand(node.local()) == notSet);
+ getLocalPositions.operand(node.local()) = i;
+ break;
+ case SetLocal:
+ if (node.variableAccessData()->isCaptured())
+ break;
+ // Only record the first SetLocal. There may be multiple SetLocals
+ // because of flushing.
+ if (setLocalPositions.operand(node.local()) != notSet)
+ break;
+ setLocalPositions.operand(node.local()) = i;
+ break;
+ default:
+ break;
+ }
+ }
+
+ for (size_t i = 0; i < block->variablesAtHead.numberOfArguments(); ++i) {
+ checkOperand(
+ blockIndex, getLocalPositions, setLocalPositions, argumentToOperand(i));
+ }
+ for (size_t i = 0; i < block->variablesAtHead.numberOfLocals(); ++i) {
+ checkOperand(
+ blockIndex, getLocalPositions, setLocalPositions, i);
+ }
+ }
+ }
+
+private:
+ Graph& m_graph;
+ GraphDumpMode m_graphDumpMode;
+
+ void checkOperand(
+ BlockIndex blockIndex, Operands<size_t>& getLocalPositions,
+ Operands<size_t>& setLocalPositions, int operand)
+ {
+ if (getLocalPositions.operand(operand) == notSet)
+ return;
+ if (setLocalPositions.operand(operand) == notSet)
+ return;
+
+ BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+
+ VALIDATE(
+ (block->at(getLocalPositions.operand(operand)),
+ block->at(setLocalPositions.operand(operand)),
+ blockIndex),
+ getLocalPositions.operand(operand) < setLocalPositions.operand(operand));
+ }
+
+ void reportValidationContext(NodeIndex nodeIndex)
+ {
+ dataLog("@%u", nodeIndex);
+ }
+
+ enum BlockTag { Block };
+ void reportValidationContext(BlockTag, BlockIndex blockIndex)
+ {
+ dataLog("Block #%u", blockIndex);
+ }
+
+ void reportValidationContext(NodeIndex nodeIndex, Edge edge)
+ {
+ dataLog("@%u -> %s@%u", nodeIndex, useKindToString(edge.useKind()), edge.index());
+ }
+
+ void reportValidationContext(
+ VirtualRegister local, BlockIndex sourceBlockIndex, BlockTag, BlockIndex destinationBlockIndex)
+ {
+ dataLog("r%d in Block #%u -> #%u", local, sourceBlockIndex, destinationBlockIndex);
+ }
+
+ void reportValidationContext(
+ VirtualRegister local, BlockIndex sourceBlockIndex, NodeIndex prevNodeIndex)
+ {
+ dataLog("@%u for r%d in Block #%u", prevNodeIndex, local, sourceBlockIndex);
+ }
+
+ void reportValidationContext(
+ NodeIndex nodeIndex, BlockIndex blockIndex)
+ {
+ dataLog("@%u in Block #%u", nodeIndex, blockIndex);
+ }
+
+ void reportValidationContext(
+ NodeIndex nodeIndex, NodeIndex nodeIndex2, BlockIndex blockIndex)
+ {
+ dataLog("@%u and @%u in Block #%u", nodeIndex, nodeIndex2, blockIndex);
+ }
+
+ void reportValidationContext(
+ NodeIndex nodeIndex, BlockIndex blockIndex, NodeIndex expectedNodeIndex, Edge incomingEdge)
+ {
+ dataLog("@%u in Block #%u, searching for @%u from @%u", nodeIndex, blockIndex, expectedNodeIndex, incomingEdge.index());
+ }
+
+ void dumpData(unsigned value)
+ {
+ dataLog("%u", value);
+ }
+
+ void dumpGraphIfAppropriate()
+ {
+ if (m_graphDumpMode == DontDumpGraph)
+ return;
+ dataLog("Graph at time of failure:\n");
+ m_graph.dump();
+ }
+};
+
+void validate(Graph& graph, GraphDumpMode graphDumpMode)
+{
+ Validate validationObject(graph, graphDumpMode);
+ validationObject.validate();
+}
+
+#endif // DFG_ENABLE(VALIDATION)
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
diff --git a/Source/JavaScriptCore/dfg/DFGValidate.h b/Source/JavaScriptCore/dfg/DFGValidate.h
new file mode 100644
index 000000000..353c3b696
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGValidate.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGValidate_h
+#define DFGValidate_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGCommon.h"
+#include "DFGGraph.h"
+
+namespace JSC { namespace DFG {
+
+enum GraphDumpMode { DontDumpGraph, DumpGraph };
+
+#if DFG_ENABLE(VALIDATION)
+void validate(Graph&, GraphDumpMode = DumpGraph);
+#else
+inline void validate(Graph&, GraphDumpMode = DumpGraph) { }
+#endif
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGPhase_h
+
diff --git a/Source/JavaScriptCore/dfg/DFGVariableAccessData.h b/Source/JavaScriptCore/dfg/DFGVariableAccessData.h
index 1d99ed516..3dfd94d01 100644
--- a/Source/JavaScriptCore/dfg/DFGVariableAccessData.h
+++ b/Source/JavaScriptCore/dfg/DFGVariableAccessData.h
@@ -47,16 +47,20 @@ public:
, m_argumentAwarePrediction(PredictNone)
, m_flags(0)
, m_doubleFormatState(EmptyDoubleFormatState)
+ , m_isCaptured(false)
+ , m_isArgumentsAlias(false)
{
clearVotes();
}
- VariableAccessData(VirtualRegister local)
+ VariableAccessData(VirtualRegister local, bool isCaptured)
: m_local(local)
, m_prediction(PredictNone)
, m_argumentAwarePrediction(PredictNone)
, m_flags(0)
, m_doubleFormatState(EmptyDoubleFormatState)
+ , m_isCaptured(isCaptured)
+ , m_isArgumentsAlias(false)
{
clearVotes();
}
@@ -72,6 +76,34 @@ public:
return static_cast<int>(local());
}
+ bool mergeIsCaptured(bool isCaptured)
+ {
+ bool newIsCaptured = m_isCaptured | isCaptured;
+ if (newIsCaptured == m_isCaptured)
+ return false;
+ m_isCaptured = newIsCaptured;
+ return true;
+ }
+
+ bool isCaptured()
+ {
+ return m_isCaptured;
+ }
+
+ bool mergeIsArgumentsAlias(bool isArgumentsAlias)
+ {
+ bool newIsArgumentsAlias = m_isArgumentsAlias | isArgumentsAlias;
+ if (newIsArgumentsAlias == m_isArgumentsAlias)
+ return false;
+ m_isArgumentsAlias = newIsArgumentsAlias;
+ return true;
+ }
+
+ bool isArgumentsAlias()
+ {
+ return m_isArgumentsAlias;
+ }
+
bool predict(PredictedType prediction)
{
VariableAccessData* self = find();
@@ -220,6 +252,9 @@ private:
float m_votes[2];
DoubleFormatState m_doubleFormatState;
+
+ bool m_isCaptured;
+ bool m_isArgumentsAlias;
};
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp b/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp
index 11ac69524..2d7ce33c9 100644
--- a/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.cpp
@@ -40,7 +40,7 @@ public:
{
}
- void run()
+ bool run()
{
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("Preserved vars: ");
@@ -54,6 +54,10 @@ public:
#endif
for (size_t blockIndex = 0; blockIndex < m_graph.m_blocks.size(); ++blockIndex) {
BasicBlock* block = m_graph.m_blocks[blockIndex].get();
+ if (!block)
+ continue;
+ if (!block->isReachable)
+ continue;
for (size_t indexInBlock = 0; indexInBlock < block->size(); ++indexInBlock) {
NodeIndex nodeIndex = block->at(indexInBlock);
#if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE)
@@ -66,22 +70,21 @@ public:
if (!node.shouldGenerate() || node.op() == Phi || node.op() == Flush)
continue;
-
- // GetLocal nodes are effectively phi nodes in the graph, referencing
- // results from prior blocks.
- if (node.op() != GetLocal) {
- // First, call use on all of the current node's children, then
- // allocate a VirtualRegister for this node. We do so in this
- // order so that if a child is on its last use, and a
- // VirtualRegister is freed, then it may be reused for node.
- if (node.flags() & NodeHasVarArgs) {
- for (unsigned childIdx = node.firstChild(); childIdx < node.firstChild() + node.numChildren(); childIdx++)
- scoreBoard.use(m_graph.m_varArgChildren[childIdx]);
- } else {
- scoreBoard.use(node.child1());
- scoreBoard.use(node.child2());
- scoreBoard.use(node.child3());
- }
+
+ if (node.op() == GetLocal)
+ ASSERT(!m_graph[node.child1()].hasResult());
+
+ // First, call use on all of the current node's children, then
+ // allocate a VirtualRegister for this node. We do so in this
+ // order so that if a child is on its last use, and a
+ // VirtualRegister is freed, then it may be reused for node.
+ if (node.flags() & NodeHasVarArgs) {
+ for (unsigned childIdx = node.firstChild(); childIdx < node.firstChild() + node.numChildren(); childIdx++)
+ scoreBoard.useIfHasResult(m_graph.m_varArgChildren[childIdx]);
+ } else {
+ scoreBoard.useIfHasResult(node.child1());
+ scoreBoard.useIfHasResult(node.child2());
+ scoreBoard.useIfHasResult(node.child3());
}
if (!node.hasResult())
@@ -122,12 +125,14 @@ public:
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLog("Num callee registers: %u\n", calleeRegisters);
#endif
+
+ return true;
}
};
-void performVirtualRegisterAllocation(Graph& graph)
+bool performVirtualRegisterAllocation(Graph& graph)
{
- runPhase<VirtualRegisterAllocationPhase>(graph);
+ return runPhase<VirtualRegisterAllocationPhase>(graph);
}
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.h b/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.h
index abfa6ae64..5878ed13f 100644
--- a/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.h
+++ b/Source/JavaScriptCore/dfg/DFGVirtualRegisterAllocationPhase.h
@@ -42,7 +42,7 @@ class Graph;
// for look-up tables for the linear scan register allocator that the backend
// uses.
-void performVirtualRegisterAllocation(Graph&);
+bool performVirtualRegisterAllocation(Graph&);
} } // namespace JSC::DFG
diff --git a/Source/JavaScriptCore/heap/BlockAllocator.cpp b/Source/JavaScriptCore/heap/BlockAllocator.cpp
index ce6024079..485ec8dd1 100644
--- a/Source/JavaScriptCore/heap/BlockAllocator.cpp
+++ b/Source/JavaScriptCore/heap/BlockAllocator.cpp
@@ -26,7 +26,6 @@
#include "config.h"
#include "BlockAllocator.h"
-#include "MarkedBlock.h"
#include <wtf/CurrentTime.h>
namespace JSC {
@@ -54,14 +53,13 @@ BlockAllocator::~BlockAllocator()
void BlockAllocator::releaseFreeBlocks()
{
while (true) {
- MarkedBlock* block;
+ HeapBlock* block;
{
MutexLocker locker(m_freeBlockLock);
if (!m_numberOfFreeBlocks)
block = 0;
else {
- // FIXME: How do we know this is a MarkedBlock? It could be a CopiedBlock.
- block = static_cast<MarkedBlock*>(m_freeBlocks.removeHead());
+ block = m_freeBlocks.removeHead();
ASSERT(block);
m_numberOfFreeBlocks--;
}
@@ -69,8 +67,8 @@ void BlockAllocator::releaseFreeBlocks()
if (!block)
break;
-
- MarkedBlock::destroy(block);
+
+ block->m_allocation.deallocate();
}
}
@@ -120,14 +118,13 @@ void BlockAllocator::blockFreeingThreadMain()
size_t desiredNumberOfFreeBlocks = currentNumberOfFreeBlocks / 2;
while (!m_blockFreeingThreadShouldQuit) {
- MarkedBlock* block;
+ HeapBlock* block;
{
MutexLocker locker(m_freeBlockLock);
if (m_numberOfFreeBlocks <= desiredNumberOfFreeBlocks)
block = 0;
else {
- // FIXME: How do we know this is a MarkedBlock? It could be a CopiedBlock.
- block = static_cast<MarkedBlock*>(m_freeBlocks.removeHead());
+ block = m_freeBlocks.removeHead();
ASSERT(block);
m_numberOfFreeBlocks--;
}
@@ -136,7 +133,7 @@ void BlockAllocator::blockFreeingThreadMain()
if (!block)
break;
- MarkedBlock::destroy(block);
+ block->m_allocation.deallocate();
}
}
}
diff --git a/Source/JavaScriptCore/heap/BlockAllocator.h b/Source/JavaScriptCore/heap/BlockAllocator.h
index cc9557f85..846bdfa2a 100644
--- a/Source/JavaScriptCore/heap/BlockAllocator.h
+++ b/Source/JavaScriptCore/heap/BlockAllocator.h
@@ -26,14 +26,14 @@
#ifndef BlockAllocator_h
#define BlockAllocator_h
+#include "HeapBlock.h"
#include <wtf/DoublyLinkedList.h>
#include <wtf/Forward.h>
+#include <wtf/PageAllocationAligned.h>
#include <wtf/Threading.h>
namespace JSC {
-class HeapBlock;
-
// Simple allocator to reduce VM cost by holding onto blocks of memory for
// short periods of time and then freeing them on a secondary thread.
@@ -42,8 +42,8 @@ public:
BlockAllocator();
~BlockAllocator();
- HeapBlock* allocate();
- void deallocate(HeapBlock*);
+ PageAllocationAligned allocate();
+ void deallocate(PageAllocationAligned);
private:
void waitForRelativeTimeWhileHoldingLock(double relative);
@@ -63,24 +63,28 @@ private:
ThreadIdentifier m_blockFreeingThread;
};
-inline HeapBlock* BlockAllocator::allocate()
+inline PageAllocationAligned BlockAllocator::allocate()
{
MutexLocker locker(m_freeBlockLock);
m_isCurrentlyAllocating = true;
- if (!m_numberOfFreeBlocks) {
- ASSERT(m_freeBlocks.isEmpty());
- return 0;
+ if (m_numberOfFreeBlocks) {
+ ASSERT(!m_freeBlocks.isEmpty());
+ m_numberOfFreeBlocks--;
+ return m_freeBlocks.removeHead()->m_allocation;
}
- ASSERT(!m_freeBlocks.isEmpty());
- m_numberOfFreeBlocks--;
- return m_freeBlocks.removeHead();
+ ASSERT(m_freeBlocks.isEmpty());
+ PageAllocationAligned allocation = PageAllocationAligned::allocate(HeapBlock::s_blockSize, HeapBlock::s_blockSize, OSAllocator::JSGCHeapPages);
+ if (!static_cast<bool>(allocation))
+ CRASH();
+ return allocation;
}
-inline void BlockAllocator::deallocate(HeapBlock* block)
+inline void BlockAllocator::deallocate(PageAllocationAligned allocation)
{
MutexLocker locker(m_freeBlockLock);
- m_freeBlocks.push(block);
+ HeapBlock* heapBlock = new(NotNull, allocation.base()) HeapBlock(allocation);
+ m_freeBlocks.push(heapBlock);
m_numberOfFreeBlocks++;
}
diff --git a/Source/JavaScriptCore/heap/CopiedBlock.h b/Source/JavaScriptCore/heap/CopiedBlock.h
index 431b86c38..b408aa40b 100644
--- a/Source/JavaScriptCore/heap/CopiedBlock.h
+++ b/Source/JavaScriptCore/heap/CopiedBlock.h
@@ -38,32 +38,51 @@ class CopiedBlock : public HeapBlock {
friend class CopiedSpace;
friend class CopiedAllocator;
public:
- CopiedBlock(PageAllocationAligned& allocation)
- : HeapBlock(allocation)
- , m_offset(payload())
- , m_isPinned(false)
- {
- ASSERT(is8ByteAligned(static_cast<void*>(m_offset)));
-#if USE(JSVALUE64)
- char* offset = static_cast<char*>(m_offset);
- memset(static_cast<void*>(offset), 0, static_cast<size_t>((reinterpret_cast<char*>(this) + allocation.size()) - offset));
-#else
- JSValue emptyValue;
- JSValue* limit = reinterpret_cast_ptr<JSValue*>(reinterpret_cast<char*>(this) + allocation.size());
- for (JSValue* currentValue = reinterpret_cast<JSValue*>(m_offset); currentValue < limit; currentValue++)
- *currentValue = emptyValue;
-#endif
- }
+ static CopiedBlock* create(const PageAllocationAligned&);
+ static PageAllocationAligned destroy(CopiedBlock*);
char* payload();
size_t size();
size_t capacity();
private:
+ CopiedBlock(const PageAllocationAligned&);
+
void* m_offset;
uintptr_t m_isPinned;
};
+inline CopiedBlock* CopiedBlock::create(const PageAllocationAligned& allocation)
+{
+ return new(NotNull, allocation.base()) CopiedBlock(allocation);
+}
+
+inline PageAllocationAligned CopiedBlock::destroy(CopiedBlock* block)
+{
+ PageAllocationAligned allocation;
+ swap(allocation, block->m_allocation);
+
+ block->~CopiedBlock();
+ return allocation;
+}
+
+inline CopiedBlock::CopiedBlock(const PageAllocationAligned& allocation)
+ : HeapBlock(allocation)
+ , m_offset(payload())
+ , m_isPinned(false)
+{
+ ASSERT(is8ByteAligned(static_cast<void*>(m_offset)));
+#if USE(JSVALUE64)
+ char* offset = static_cast<char*>(m_offset);
+ memset(static_cast<void*>(offset), 0, static_cast<size_t>((reinterpret_cast<char*>(this) + allocation.size()) - offset));
+#else
+ JSValue emptyValue;
+ JSValue* limit = reinterpret_cast_ptr<JSValue*>(reinterpret_cast<char*>(this) + allocation.size());
+ for (JSValue* currentValue = reinterpret_cast<JSValue*>(m_offset); currentValue < limit; currentValue++)
+ *currentValue = emptyValue;
+#endif
+}
+
inline char* CopiedBlock::payload()
{
return reinterpret_cast<char*>(this) + ((sizeof(CopiedBlock) + 7) & ~7);
diff --git a/Source/JavaScriptCore/heap/CopiedSpace.cpp b/Source/JavaScriptCore/heap/CopiedSpace.cpp
index d52c4e756..7f5a665df 100644
--- a/Source/JavaScriptCore/heap/CopiedSpace.cpp
+++ b/Source/JavaScriptCore/heap/CopiedSpace.cpp
@@ -40,6 +40,18 @@ CopiedSpace::CopiedSpace(Heap* heap)
{
}
+CopiedSpace::~CopiedSpace()
+{
+ while (!m_toSpace->isEmpty())
+ m_heap->blockAllocator().deallocate(CopiedBlock::destroy(static_cast<CopiedBlock*>(m_toSpace->removeHead())));
+
+ while (!m_fromSpace->isEmpty())
+ m_heap->blockAllocator().deallocate(CopiedBlock::destroy(static_cast<CopiedBlock*>(m_fromSpace->removeHead())));
+
+ while (!m_oversizeBlocks.isEmpty())
+ CopiedBlock::destroy(static_cast<CopiedBlock*>(m_oversizeBlocks.removeHead())).deallocate();
+}
+
void CopiedSpace::init()
{
m_toSpace = &m_blocks1;
@@ -77,9 +89,10 @@ CheckedBoolean CopiedSpace::tryAllocateOversize(size_t bytes, void** outPtr)
return false;
}
- CopiedBlock* block = new (NotNull, allocation.base()) CopiedBlock(allocation);
+ CopiedBlock* block = CopiedBlock::create(allocation);
m_oversizeBlocks.push(block);
- m_oversizeFilter.add(reinterpret_cast<Bits>(block));
+ m_blockFilter.add(reinterpret_cast<Bits>(block));
+ m_blockSet.add(block);
*outPtr = allocateFromBlock(block, bytes);
@@ -135,7 +148,8 @@ CheckedBoolean CopiedSpace::tryReallocateOversize(void** ptr, size_t oldSize, si
if (isOversize(oldSize)) {
CopiedBlock* oldBlock = oversizeBlockFor(oldPtr);
m_oversizeBlocks.remove(oldBlock);
- oldBlock->m_allocation.deallocate();
+ m_blockSet.remove(oldBlock);
+ CopiedBlock::destroy(oldBlock).deallocate();
}
*ptr = newPtr;
@@ -156,8 +170,8 @@ void CopiedSpace::doneFillingBlock(CopiedBlock* block)
{
MutexLocker locker(m_toSpaceLock);
m_toSpace->push(block);
- m_toSpaceSet.add(block);
- m_toSpaceFilter.add(reinterpret_cast<Bits>(block));
+ m_blockSet.add(block);
+ m_blockFilter.add(reinterpret_cast<Bits>(block));
}
{
@@ -183,15 +197,15 @@ void CopiedSpace::doneCopying()
CopiedBlock* block = static_cast<CopiedBlock*>(m_fromSpace->removeHead());
if (block->m_isPinned) {
block->m_isPinned = false;
- // We don't add the block to the toSpaceSet because it was never removed.
- ASSERT(m_toSpaceSet.contains(block));
- m_toSpaceFilter.add(reinterpret_cast<Bits>(block));
+ // We don't add the block to the blockSet because it was never removed.
+ ASSERT(m_blockSet.contains(block));
+ m_blockFilter.add(reinterpret_cast<Bits>(block));
m_toSpace->push(block);
continue;
}
- m_toSpaceSet.remove(block);
- m_heap->blockAllocator().deallocate(block);
+ m_blockSet.remove(block);
+ m_heap->blockAllocator().deallocate(CopiedBlock::destroy(block));
}
CopiedBlock* curr = static_cast<CopiedBlock*>(m_oversizeBlocks.head());
@@ -199,9 +213,12 @@ void CopiedSpace::doneCopying()
CopiedBlock* next = static_cast<CopiedBlock*>(curr->next());
if (!curr->m_isPinned) {
m_oversizeBlocks.remove(curr);
- curr->m_allocation.deallocate();
- } else
+ m_blockSet.remove(curr);
+ CopiedBlock::destroy(curr).deallocate();
+ } else {
+ m_blockFilter.add(reinterpret_cast<Bits>(curr));
curr->m_isPinned = false;
+ }
curr = next;
}
@@ -215,15 +232,9 @@ void CopiedSpace::doneCopying()
CheckedBoolean CopiedSpace::getFreshBlock(AllocationEffort allocationEffort, CopiedBlock** outBlock)
{
CopiedBlock* block = 0;
- if (allocationEffort == AllocationMustSucceed) {
- if (HeapBlock* heapBlock = m_heap->blockAllocator().allocate())
- block = new (NotNull, heapBlock) CopiedBlock(heapBlock->m_allocation);
- else if (!allocateNewBlock(&block)) {
- *outBlock = 0;
- ASSERT_NOT_REACHED();
- return false;
- }
- } else {
+ if (allocationEffort == AllocationMustSucceed)
+ block = CopiedBlock::create(m_heap->blockAllocator().allocate());
+ else {
ASSERT(allocationEffort == AllocationCanFail);
if (m_heap->shouldCollect())
m_heap->collect(Heap::DoNotSweep);
@@ -240,18 +251,6 @@ CheckedBoolean CopiedSpace::getFreshBlock(AllocationEffort allocationEffort, Cop
return true;
}
-void CopiedSpace::freeAllBlocks()
-{
- while (!m_toSpace->isEmpty())
- m_heap->blockAllocator().deallocate(m_toSpace->removeHead());
-
- while (!m_fromSpace->isEmpty())
- m_heap->blockAllocator().deallocate(m_fromSpace->removeHead());
-
- while (!m_oversizeBlocks.isEmpty())
- m_oversizeBlocks.removeHead()->m_allocation.deallocate();
-}
-
size_t CopiedSpace::size()
{
size_t calculatedSize = 0;
diff --git a/Source/JavaScriptCore/heap/CopiedSpace.h b/Source/JavaScriptCore/heap/CopiedSpace.h
index d3cc040a5..27011781d 100644
--- a/Source/JavaScriptCore/heap/CopiedSpace.h
+++ b/Source/JavaScriptCore/heap/CopiedSpace.h
@@ -50,6 +50,7 @@ class CopiedSpace {
friend class JIT;
public:
CopiedSpace(Heap*);
+ ~CopiedSpace();
void init();
CheckedBoolean tryAllocate(size_t, void**);
@@ -64,12 +65,12 @@ public:
void pin(CopiedBlock*);
bool isPinned(void*);
+ bool contains(CopiedBlock*);
bool contains(void*, CopiedBlock*&);
size_t size();
size_t capacity();
- void freeAllBlocks();
bool isPagedOut(double deadline);
static CopiedBlock* blockFor(void*);
@@ -96,9 +97,8 @@ private:
CopiedAllocator m_allocator;
- TinyBloomFilter m_toSpaceFilter;
- TinyBloomFilter m_oversizeFilter;
- HashSet<CopiedBlock*> m_toSpaceSet;
+ TinyBloomFilter m_blockFilter;
+ HashSet<CopiedBlock*> m_blockSet;
Mutex m_toSpaceLock;
diff --git a/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h b/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
index a8e45658b..c97762598 100644
--- a/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
+++ b/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h
@@ -35,11 +35,21 @@
namespace JSC {
+inline bool CopiedSpace::contains(CopiedBlock* block)
+{
+ return !m_blockFilter.ruleOut(reinterpret_cast<Bits>(block)) && m_blockSet.contains(block);
+}
+
inline bool CopiedSpace::contains(void* ptr, CopiedBlock*& result)
{
CopiedBlock* block = blockFor(ptr);
+ if (contains(block)) {
+ result = block;
+ return true;
+ }
+ block = oversizeBlockFor(ptr);
result = block;
- return !m_toSpaceFilter.ruleOut(reinterpret_cast<Bits>(block)) && m_toSpaceSet.contains(block);
+ return contains(block);
}
inline void CopiedSpace::pin(CopiedBlock* block)
@@ -53,7 +63,7 @@ inline void CopiedSpace::startedCopying()
m_fromSpace = m_toSpace;
m_toSpace = temp;
- m_toSpaceFilter.reset();
+ m_blockFilter.reset();
m_allocator.startedCopying();
ASSERT(!m_inCopyingPhase);
@@ -63,7 +73,7 @@ inline void CopiedSpace::startedCopying()
inline void CopiedSpace::recycleBlock(CopiedBlock* block)
{
- m_heap->blockAllocator().deallocate(block);
+ m_heap->blockAllocator().deallocate(CopiedBlock::destroy(block));
{
MutexLocker locker(m_loanedBlocksLock);
@@ -98,8 +108,8 @@ inline CheckedBoolean CopiedSpace::addNewBlock()
return false;
m_toSpace->push(block);
- m_toSpaceFilter.add(reinterpret_cast<Bits>(block));
- m_toSpaceSet.add(block);
+ m_blockFilter.add(reinterpret_cast<Bits>(block));
+ m_blockSet.add(block);
m_allocator.resetCurrentBlock(block);
return true;
}
diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp
index 2254b5b01..9b68fb10a 100644
--- a/Source/JavaScriptCore/heap/Heap.cpp
+++ b/Source/JavaScriptCore/heap/Heap.cpp
@@ -35,9 +35,9 @@
#include "Tracing.h"
#include "WeakSetInlines.h"
#include <algorithm>
+#include <wtf/RAMSize.h>
#include <wtf/CurrentTime.h>
-
using namespace std;
using namespace JSC;
@@ -45,14 +45,8 @@ namespace JSC {
namespace {
-#if CPU(X86) || CPU(X86_64)
-static const size_t largeHeapSize = 16 * 1024 * 1024;
-#elif PLATFORM(IOS)
-static const size_t largeHeapSize = 8 * 1024 * 1024;
-#else
-static const size_t largeHeapSize = 512 * 1024;
-#endif
-static const size_t smallHeapSize = 512 * 1024;
+static const size_t largeHeapSize = 32 * MB; // About 1.5X the average webpage.
+static const size_t smallHeapSize = 1 * MB; // Matches the FastMalloc per-thread cache.
#if ENABLE(GC_LOGGING)
#if COMPILER(CLANG)
@@ -148,14 +142,23 @@ struct GCCounter {
#define GCCOUNTER(name, value) do { } while (false)
#endif
-static size_t heapSizeForHint(HeapSize heapSize)
+static inline size_t minHeapSize(HeapType heapType, size_t ramSize)
{
- if (heapSize == LargeHeap)
- return largeHeapSize;
- ASSERT(heapSize == SmallHeap);
+ if (heapType == LargeHeap)
+ return min(largeHeapSize, ramSize / 4);
return smallHeapSize;
}
+static inline size_t proportionalHeapSize(size_t heapSize, size_t ramSize)
+{
+ // Try to stay under 1/2 RAM size to leave room for the DOM, rendering, networking, etc.
+ if (heapSize < ramSize / 4)
+ return 2 * heapSize;
+ if (heapSize < ramSize / 2)
+ return 1.5 * heapSize;
+ return 1.25 * heapSize;
+}
+
static inline bool isValidSharedInstanceThreadState()
{
if (!JSLock::lockCount())
@@ -230,9 +233,10 @@ inline PassOwnPtr<TypeCountSet> RecordType::returnValue()
} // anonymous namespace
-Heap::Heap(JSGlobalData* globalData, HeapSize heapSize)
- : m_heapSize(heapSize)
- , m_minBytesPerCycle(heapSizeForHint(heapSize))
+Heap::Heap(JSGlobalData* globalData, HeapType heapType)
+ : m_heapType(heapType)
+ , m_ramSize(ramSize())
+ , m_minBytesPerCycle(minHeapSize(m_heapType, m_ramSize))
, m_sizeAfterLastCollect(0)
, m_bytesAllocatedLimit(m_minBytesPerCycle)
, m_bytesAllocated(0)
@@ -240,12 +244,10 @@ Heap::Heap(JSGlobalData* globalData, HeapSize heapSize)
, m_operationInProgress(NoOperation)
, m_objectSpace(this)
, m_storageSpace(this)
- , m_markListSet(0)
, m_activityCallback(DefaultGCActivityCallback::create(this))
, m_machineThreads(this)
, m_sharedData(globalData)
, m_slotVisitor(m_sharedData)
- , m_weakSet(this)
, m_handleSet(globalData)
, m_isSafeToCollect(false)
, m_globalData(globalData)
@@ -257,13 +259,6 @@ Heap::Heap(JSGlobalData* globalData, HeapSize heapSize)
Heap::~Heap()
{
- delete m_markListSet;
-
- m_objectSpace.shrink();
- m_storageSpace.freeAllBlocks();
-
- ASSERT(!size());
- ASSERT(!capacity());
}
bool Heap::isPagedOut(double deadline)
@@ -282,11 +277,7 @@ void Heap::lastChanceToFinalize()
if (size_t size = m_protectedValues.size())
WTFLogAlways("ERROR: JavaScriptCore heap deallocated while %ld values were still protected", static_cast<unsigned long>(size));
- m_weakSet.finalizeAll();
- m_objectSpace.canonicalizeCellLivenessData();
- m_objectSpace.clearMarks();
- m_objectSpace.sweep();
- m_globalData->smallStrings.finalizeSmallStrings();
+ m_objectSpace.lastChanceToFinalize();
#if ENABLE(SIMPLE_HEAP_PROFILING)
m_slotVisitor.m_visitedTypeCounts.dump(WTF::dataFile(), "Visited Type Counts");
@@ -451,6 +442,15 @@ void Heap::markRoots(bool fullGC)
GCPHASE(GatherRegisterFileRoots);
registerFile().gatherConservativeRoots(registerFileRoots, m_dfgCodeBlocks);
}
+
+#if ENABLE(DFG_JIT)
+ ConservativeRoots scratchBufferRoots(&m_objectSpace.blocks(), &m_storageSpace);
+ {
+ GCPHASE(GatherScratchBufferRoots);
+ m_globalData->gatherConservativeRoots(scratchBufferRoots);
+ }
+#endif
+
#if ENABLE(GGC)
MarkedBlock::DirtyCellVector dirtyCells;
if (!fullGC) {
@@ -497,6 +497,13 @@ void Heap::markRoots(bool fullGC)
visitor.append(registerFileRoots);
visitor.donateAndDrain();
}
+#if ENABLE(DFG_JIT)
+ {
+ GCPHASE(VisitScratchBufferRoots);
+ visitor.append(scratchBufferRoots);
+ visitor.donateAndDrain();
+ }
+#endif
{
GCPHASE(VisitProtectedObjects);
markProtectedObjects(heapRootVisitor);
@@ -552,7 +559,7 @@ void Heap::markRoots(bool fullGC)
{
GCPHASE(VisitingLiveWeakHandles);
while (true) {
- m_weakSet.visitLiveWeakImpls(heapRootVisitor);
+ m_objectSpace.visitWeakSets(heapRootVisitor);
harvestWeakReferences();
if (visitor.isEmpty())
break;
@@ -566,11 +573,6 @@ void Heap::markRoots(bool fullGC)
}
}
- {
- GCPHASE(VisitingDeadWeakHandles);
- m_weakSet.visitDeadWeakImpls(heapRootVisitor);
- }
-
GCCOUNTER(VisitedValueCount, visitor.visitCount());
visitor.doneCopying();
@@ -674,25 +676,24 @@ void Heap::collect(SweepToggle sweepToggle)
markRoots(fullGC);
{
+ GCPHASE(ReapingWeakHandles);
+ m_objectSpace.reapWeakSets();
+ }
+
+ {
GCPHASE(FinalizeUnconditionalFinalizers);
finalizeUnconditionalFinalizers();
}
-
+
{
GCPHASE(FinalizeWeakHandles);
- m_weakSet.sweep();
+ m_objectSpace.sweepWeakSets();
m_globalData->smallStrings.finalizeSmallStrings();
}
JAVASCRIPTCORE_GC_MARKED();
{
- GCPHASE(ResetAllocators);
- m_objectSpace.resetAllocators();
- m_weakSet.resetAllocator();
- }
-
- {
GCPHASE(DeleteCodeBlocks);
m_dfgCodeBlocks.deleteUnmarkedJettisonedCodeBlocks();
}
@@ -702,19 +703,23 @@ void Heap::collect(SweepToggle sweepToggle)
GCPHASE(Sweeping);
m_objectSpace.sweep();
m_objectSpace.shrink();
- m_weakSet.shrink();
m_bytesAbandoned = 0;
}
- // To avoid pathological GC churn in large heaps, we set the new allocation
- // limit to be the current size of the heap. This heuristic
- // is a bit arbitrary. Using the current size of the heap after this
- // collection gives us a 2X multiplier, which is a 1:1 (heap size :
- // new bytes allocated) proportion, and seems to work well in benchmarks.
- size_t newSize = size();
+ {
+ GCPHASE(ResetAllocators);
+ m_objectSpace.resetAllocators();
+ }
+
+ size_t currentHeapSize = size();
if (fullGC) {
- m_sizeAfterLastCollect = newSize;
- m_bytesAllocatedLimit = max(newSize, m_minBytesPerCycle);
+ m_sizeAfterLastCollect = currentHeapSize;
+
+ // To avoid pathological GC churn in very small and very large heaps, we set
+ // the new allocation limit based on the current size of the heap, with a
+ // fixed minimum.
+ size_t maxHeapSize = max(minHeapSize(m_heapType, m_ramSize), proportionalHeapSize(currentHeapSize, m_ramSize));
+ m_bytesAllocatedLimit = maxHeapSize - currentHeapSize;
}
m_bytesAllocated = 0;
double lastGCEndTime = WTF::currentTime();
diff --git a/Source/JavaScriptCore/heap/Heap.h b/Source/JavaScriptCore/heap/Heap.h
index 6bf82e4a5..edfd91483 100644
--- a/Source/JavaScriptCore/heap/Heap.h
+++ b/Source/JavaScriptCore/heap/Heap.h
@@ -32,7 +32,6 @@
#include "MarkedSpace.h"
#include "SlotVisitor.h"
#include "WeakHandleOwner.h"
-#include "WeakSet.h"
#include "WriteBarrierSupport.h"
#include <wtf/HashCountedSet.h>
#include <wtf/HashSet.h>
@@ -65,8 +64,7 @@ namespace JSC {
enum OperationInProgress { NoOperation, Allocation, Collection };
- // Heap size hint.
- enum HeapSize { SmallHeap, LargeHeap };
+ enum HeapType { SmallHeap, LargeHeap };
class Heap {
WTF_MAKE_NONCOPYABLE(Heap);
@@ -90,7 +88,7 @@ namespace JSC {
static void writeBarrier(const JSCell*, JSCell*);
static uint8_t* addressOfCardFor(JSCell*);
- Heap(JSGlobalData*, HeapSize);
+ Heap(JSGlobalData*, HeapType);
~Heap();
JS_EXPORT_PRIVATE void lastChanceToFinalize();
@@ -144,12 +142,11 @@ namespace JSC {
void pushTempSortVector(Vector<ValueStringPair>*);
void popTempSortVector(Vector<ValueStringPair>*);
- HashSet<MarkedArgumentBuffer*>& markListSet() { if (!m_markListSet) m_markListSet = new HashSet<MarkedArgumentBuffer*>; return *m_markListSet; }
+ HashSet<MarkedArgumentBuffer*>& markListSet() { if (!m_markListSet) m_markListSet = adoptPtr(new HashSet<MarkedArgumentBuffer*>); return *m_markListSet; }
template<typename Functor> typename Functor::ReturnType forEachProtectedCell(Functor&);
template<typename Functor> typename Functor::ReturnType forEachProtectedCell();
- WeakSet* weakSet() { return &m_weakSet; }
HandleSet* handleSet() { return &m_handleSet; }
HandleStack* handleStack() { return &m_handleStack; }
@@ -197,7 +194,8 @@ namespace JSC {
RegisterFile& registerFile();
BlockAllocator& blockAllocator();
- const HeapSize m_heapSize;
+ const HeapType m_heapType;
+ const size_t m_ramSize;
const size_t m_minBytesPerCycle;
size_t m_sizeAfterLastCollect;
@@ -206,18 +204,17 @@ namespace JSC {
size_t m_bytesAbandoned;
OperationInProgress m_operationInProgress;
+ BlockAllocator m_blockAllocator;
MarkedSpace m_objectSpace;
CopiedSpace m_storageSpace;
- BlockAllocator m_blockAllocator;
-
#if ENABLE(SIMPLE_HEAP_PROFILING)
VTableSpectrum m_destroyedTypeCounts;
#endif
ProtectCountSet m_protectedValues;
Vector<Vector<ValueStringPair>* > m_tempSortingVectors;
- HashSet<MarkedArgumentBuffer*>* m_markListSet;
+ OwnPtr<HashSet<MarkedArgumentBuffer*> > m_markListSet;
OwnPtr<GCActivityCallback> m_activityCallback;
@@ -226,7 +223,6 @@ namespace JSC {
MarkStackThreadSharedData m_sharedData;
SlotVisitor m_slotVisitor;
- WeakSet m_weakSet;
HandleSet m_handleSet;
HandleStack m_handleStack;
DFGCodeBlocks m_dfgCodeBlocks;
diff --git a/Source/JavaScriptCore/heap/HeapBlock.h b/Source/JavaScriptCore/heap/HeapBlock.h
index 591520d2b..3cd3c6322 100644
--- a/Source/JavaScriptCore/heap/HeapBlock.h
+++ b/Source/JavaScriptCore/heap/HeapBlock.h
@@ -36,13 +36,13 @@ enum AllocationEffort { AllocationCanFail, AllocationMustSucceed };
class HeapBlock : public DoublyLinkedListNode<HeapBlock> {
public:
- HeapBlock(PageAllocationAligned& allocation)
+ HeapBlock(const PageAllocationAligned& allocation)
: DoublyLinkedListNode<HeapBlock>()
, m_prev(0)
, m_next(0)
, m_allocation(allocation)
{
- ASSERT(allocation);
+ ASSERT(m_allocation);
}
HeapBlock* m_prev;
diff --git a/Source/JavaScriptCore/heap/MachineStackMarker.cpp b/Source/JavaScriptCore/heap/MachineStackMarker.cpp
index affd833eb..6989047ac 100644
--- a/Source/JavaScriptCore/heap/MachineStackMarker.cpp
+++ b/Source/JavaScriptCore/heap/MachineStackMarker.cpp
@@ -356,14 +356,20 @@ static size_t getPlatformThreadRegisters(const PlatformThread& platformThread, P
return sizeof(CONTEXT);
#elif OS(QNX)
memset(&regs, 0, sizeof(regs));
- regs.tid = pthread_self();
- int fd = open("/proc/self", O_RDONLY);
+ regs.tid = platformThread;
+ // FIXME: If we find this hurts performance, we can consider caching the fd and keeping it open.
+ int fd = open("/proc/self/as", O_RDONLY);
if (fd == -1) {
- LOG_ERROR("Unable to open /proc/self (errno: %d)", errno);
+ LOG_ERROR("Unable to open /proc/self/as (errno: %d)", errno);
+ CRASH();
+ }
+ int rc = devctl(fd, DCMD_PROC_TIDSTATUS, &regs, sizeof(regs), 0);
+ if (rc != EOK) {
+ LOG_ERROR("devctl(DCMD_PROC_TIDSTATUS) failed (error: %d)", rc);
CRASH();
}
- devctl(fd, DCMD_PROC_TIDSTATUS, &regs, sizeof(regs), 0);
close(fd);
+ return sizeof(struct _debug_thread_info);
#elif USE(PTHREADS)
pthread_attr_init(&regs);
#if HAVE(PTHREAD_NP_H) || OS(NETBSD)
diff --git a/Source/JavaScriptCore/heap/MarkedAllocator.cpp b/Source/JavaScriptCore/heap/MarkedAllocator.cpp
index 01f00c376..ac0cf570a 100644
--- a/Source/JavaScriptCore/heap/MarkedAllocator.cpp
+++ b/Source/JavaScriptCore/heap/MarkedAllocator.cpp
@@ -86,17 +86,11 @@ void* MarkedAllocator::allocateSlowCase()
ASSERT(result);
return result;
}
-
+
MarkedBlock* MarkedAllocator::allocateBlock()
{
- MarkedBlock* block = static_cast<MarkedBlock*>(m_heap->blockAllocator().allocate());
- if (block)
- block = MarkedBlock::recycle(block, m_heap, m_cellSize, m_cellsNeedDestruction);
- else
- block = MarkedBlock::create(m_heap, m_cellSize, m_cellsNeedDestruction);
-
+ MarkedBlock* block = MarkedBlock::create(m_heap->blockAllocator().allocate(), m_heap, m_cellSize, m_cellsNeedDestruction);
m_markedSpace->didAddBlock(block);
-
return block;
}
diff --git a/Source/JavaScriptCore/heap/MarkedBlock.cpp b/Source/JavaScriptCore/heap/MarkedBlock.cpp
index 3a58b5a42..42dc10371 100644
--- a/Source/JavaScriptCore/heap/MarkedBlock.cpp
+++ b/Source/JavaScriptCore/heap/MarkedBlock.cpp
@@ -32,31 +32,27 @@
namespace JSC {
-MarkedBlock* MarkedBlock::create(Heap* heap, size_t cellSize, bool cellsNeedDestruction)
+MarkedBlock* MarkedBlock::create(const PageAllocationAligned& allocation, Heap* heap, size_t cellSize, bool cellsNeedDestruction)
{
- PageAllocationAligned allocation = PageAllocationAligned::allocate(blockSize, blockSize, OSAllocator::JSGCHeapPages);
- if (!static_cast<bool>(allocation))
- CRASH();
return new (NotNull, allocation.base()) MarkedBlock(allocation, heap, cellSize, cellsNeedDestruction);
}
-MarkedBlock* MarkedBlock::recycle(MarkedBlock* block, Heap* heap, size_t cellSize, bool cellsNeedDestruction)
+PageAllocationAligned MarkedBlock::destroy(MarkedBlock* block)
{
- return new (NotNull, block) MarkedBlock(block->m_allocation, heap, cellSize, cellsNeedDestruction);
-}
+ PageAllocationAligned allocation;
+ swap(allocation, block->m_allocation);
-void MarkedBlock::destroy(MarkedBlock* block)
-{
- block->m_allocation.deallocate();
+ block->~MarkedBlock();
+ return allocation;
}
-MarkedBlock::MarkedBlock(PageAllocationAligned& allocation, Heap* heap, size_t cellSize, bool cellsNeedDestruction)
+MarkedBlock::MarkedBlock(const PageAllocationAligned& allocation, Heap* heap, size_t cellSize, bool cellsNeedDestruction)
: HeapBlock(allocation)
, m_atomsPerCell((cellSize + atomSize - 1) / atomSize)
, m_endAtom(atomsPerBlock - m_atomsPerCell + 1)
, m_cellsNeedDestruction(cellsNeedDestruction)
, m_state(New) // All cells start out unmarked.
- , m_heap(heap)
+ , m_weakSet(heap)
{
ASSERT(heap);
HEAP_LOG_BLOCK_STATE_TRANSITION(this);
diff --git a/Source/JavaScriptCore/heap/MarkedBlock.h b/Source/JavaScriptCore/heap/MarkedBlock.h
index aa99ebf48..c21e20b19 100644
--- a/Source/JavaScriptCore/heap/MarkedBlock.h
+++ b/Source/JavaScriptCore/heap/MarkedBlock.h
@@ -25,6 +25,7 @@
#include "CardSet.h"
#include "HeapBlock.h"
+#include "WeakSet.h"
#include <wtf/Bitmap.h>
#include <wtf/DataLog.h>
#include <wtf/DoublyLinkedList.h>
@@ -112,21 +113,28 @@ namespace JSC {
ReturnType m_count;
};
- static MarkedBlock* create(Heap*, size_t cellSize, bool cellsNeedDestruction);
- static MarkedBlock* recycle(MarkedBlock*, Heap*, size_t cellSize, bool cellsNeedDestruction);
- static void destroy(MarkedBlock*);
+ static MarkedBlock* create(const PageAllocationAligned&, Heap*, size_t cellSize, bool cellsNeedDestruction);
+ static PageAllocationAligned destroy(MarkedBlock*);
static bool isAtomAligned(const void*);
static MarkedBlock* blockFor(const void*);
static size_t firstAtom();
+ void lastChanceToFinalize();
+
Heap* heap() const;
+ WeakSet& weakSet();
- void* allocate();
-
enum SweepMode { SweepOnly, SweepToFreeList };
FreeList sweep(SweepMode = SweepOnly);
+ void shrink();
+ void resetAllocator();
+
+ void visitWeakSet(HeapRootVisitor&);
+ void reapWeakSet();
+ void sweepWeakSet();
+
// While allocating from a free list, MarkedBlock temporarily has bogus
// cell liveness data. To restore accurate cell liveness data, call one
// of these functions:
@@ -135,7 +143,7 @@ namespace JSC {
void clearMarks();
size_t markCount();
- bool markCountIsZero(); // Faster than markCount().
+ bool isEmpty();
size_t cellSize();
bool cellsNeedDestruction();
@@ -187,7 +195,7 @@ namespace JSC {
typedef char Atom[atomSize];
- MarkedBlock(PageAllocationAligned&, Heap*, size_t cellSize, bool cellsNeedDestruction);
+ MarkedBlock(const PageAllocationAligned&, Heap*, size_t cellSize, bool cellsNeedDestruction);
Atom* atoms();
size_t atomNumber(const void*);
void callDestructor(JSCell*);
@@ -206,7 +214,7 @@ namespace JSC {
#endif
bool m_cellsNeedDestruction;
BlockState m_state;
- Heap* m_heap;
+ WeakSet m_weakSet;
};
inline MarkedBlock::FreeList::FreeList()
@@ -241,9 +249,47 @@ namespace JSC {
return reinterpret_cast<MarkedBlock*>(reinterpret_cast<Bits>(p) & blockMask);
}
+ inline void MarkedBlock::lastChanceToFinalize()
+ {
+ m_weakSet.lastChanceToFinalize();
+
+ clearMarks();
+ sweep();
+ }
+
inline Heap* MarkedBlock::heap() const
{
- return m_heap;
+ return m_weakSet.heap();
+ }
+
+ inline WeakSet& MarkedBlock::weakSet()
+ {
+ return m_weakSet;
+ }
+
+ inline void MarkedBlock::shrink()
+ {
+ m_weakSet.shrink();
+ }
+
+ inline void MarkedBlock::resetAllocator()
+ {
+ m_weakSet.resetAllocator();
+ }
+
+ inline void MarkedBlock::visitWeakSet(HeapRootVisitor& heapRootVisitor)
+ {
+ m_weakSet.visit(heapRootVisitor);
+ }
+
+ inline void MarkedBlock::reapWeakSet()
+ {
+ m_weakSet.reap();
+ }
+
+ inline void MarkedBlock::sweepWeakSet()
+ {
+ m_weakSet.sweep();
}
inline void MarkedBlock::didConsumeFreeList()
@@ -271,9 +317,9 @@ namespace JSC {
return m_marks.count();
}
- inline bool MarkedBlock::markCountIsZero()
+ inline bool MarkedBlock::isEmpty()
{
- return m_marks.isEmpty();
+ return m_marks.isEmpty() && m_weakSet.isEmpty();
}
inline size_t MarkedBlock::cellSize()
@@ -410,7 +456,7 @@ void MarkedBlock::gatherDirtyCells(DirtyCellVector& dirtyCells)
// blocks twice during GC.
m_state = Marked;
- if (markCountIsZero())
+ if (isEmpty())
return;
size_t cellSize = this->cellSize();
diff --git a/Source/JavaScriptCore/heap/MarkedSpace.cpp b/Source/JavaScriptCore/heap/MarkedSpace.cpp
index 405ed571a..1604d2d63 100644
--- a/Source/JavaScriptCore/heap/MarkedSpace.cpp
+++ b/Source/JavaScriptCore/heap/MarkedSpace.cpp
@@ -30,6 +30,57 @@ namespace JSC {
class Structure;
+class Take {
+public:
+ typedef MarkedBlock* ReturnType;
+
+ enum TakeMode { TakeIfEmpty, TakeAll };
+
+ Take(TakeMode, MarkedSpace*);
+ void operator()(MarkedBlock*);
+ ReturnType returnValue();
+
+private:
+ TakeMode m_takeMode;
+ MarkedSpace* m_markedSpace;
+ DoublyLinkedList<MarkedBlock> m_blocks;
+};
+
+inline Take::Take(TakeMode takeMode, MarkedSpace* newSpace)
+ : m_takeMode(takeMode)
+ , m_markedSpace(newSpace)
+{
+}
+
+inline void Take::operator()(MarkedBlock* block)
+{
+ if (m_takeMode == TakeIfEmpty && !block->isEmpty())
+ return;
+
+ m_markedSpace->allocatorFor(block).removeBlock(block);
+ m_blocks.append(block);
+}
+
+inline Take::ReturnType Take::returnValue()
+{
+ return m_blocks.head();
+}
+
+struct VisitWeakSet : MarkedBlock::VoidFunctor {
+ VisitWeakSet(HeapRootVisitor& heapRootVisitor) : m_heapRootVisitor(heapRootVisitor) { }
+ void operator()(MarkedBlock* block) { block->visitWeakSet(m_heapRootVisitor); }
+private:
+ HeapRootVisitor& m_heapRootVisitor;
+};
+
+struct ReapWeakSet : MarkedBlock::VoidFunctor {
+ void operator()(MarkedBlock* block) { block->reapWeakSet(); }
+};
+
+struct SweepWeakSet : MarkedBlock::VoidFunctor {
+ void operator()(MarkedBlock* block) { block->sweepWeakSet(); }
+};
+
MarkedSpace::MarkedSpace(Heap* heap)
: m_heap(heap)
{
@@ -44,6 +95,27 @@ MarkedSpace::MarkedSpace(Heap* heap)
}
}
+MarkedSpace::~MarkedSpace()
+{
+ // We record a temporary list of empties to avoid modifying m_blocks while iterating it.
+ Take take(Take::TakeAll, this);
+ freeBlocks(forEachBlock(take));
+}
+
+struct LastChanceToFinalize : MarkedBlock::VoidFunctor {
+ void operator()(MarkedBlock* block) { block->lastChanceToFinalize(); }
+};
+
+void MarkedSpace::lastChanceToFinalize()
+{
+ canonicalizeCellLivenessData();
+ forEachBlock<LastChanceToFinalize>();
+}
+
+struct ResetAllocator : MarkedBlock::VoidFunctor {
+ void operator()(MarkedBlock* block) { block->resetAllocator(); }
+};
+
void MarkedSpace::resetAllocators()
{
for (size_t cellSize = preciseStep; cellSize <= preciseCutoff; cellSize += preciseStep) {
@@ -55,6 +127,24 @@ void MarkedSpace::resetAllocators()
allocatorFor(cellSize).reset();
destructorAllocatorFor(cellSize).reset();
}
+
+ forEachBlock<ResetAllocator>();
+}
+
+void MarkedSpace::visitWeakSets(HeapRootVisitor& heapRootVisitor)
+{
+ VisitWeakSet visitWeakSet(heapRootVisitor);
+ forEachBlock(visitWeakSet);
+}
+
+void MarkedSpace::reapWeakSets()
+{
+ forEachBlock<ReapWeakSet>();
+}
+
+void MarkedSpace::sweepWeakSets()
+{
+ forEachBlock<SweepWeakSet>();
}
void MarkedSpace::canonicalizeCellLivenessData()
@@ -94,47 +184,21 @@ void MarkedSpace::freeBlocks(MarkedBlock* head)
m_blocks.remove(block);
block->sweep();
- m_heap->blockAllocator().deallocate(block);
+ m_heap->blockAllocator().deallocate(MarkedBlock::destroy(block));
}
}
-class TakeIfUnmarked {
-public:
- typedef MarkedBlock* ReturnType;
-
- TakeIfUnmarked(MarkedSpace*);
- void operator()(MarkedBlock*);
- ReturnType returnValue();
-
-private:
- MarkedSpace* m_markedSpace;
- DoublyLinkedList<MarkedBlock> m_empties;
+struct Shrink : MarkedBlock::VoidFunctor {
+ void operator()(MarkedBlock* block) { block->shrink(); }
};
-inline TakeIfUnmarked::TakeIfUnmarked(MarkedSpace* newSpace)
- : m_markedSpace(newSpace)
-{
-}
-
-inline void TakeIfUnmarked::operator()(MarkedBlock* block)
-{
- if (!block->markCountIsZero())
- return;
-
- m_markedSpace->allocatorFor(block).removeBlock(block);
- m_empties.append(block);
-}
-
-inline TakeIfUnmarked::ReturnType TakeIfUnmarked::returnValue()
-{
- return m_empties.head();
-}
-
void MarkedSpace::shrink()
{
// We record a temporary list of empties to avoid modifying m_blocks while iterating it.
- TakeIfUnmarked takeIfUnmarked(this);
- freeBlocks(forEachBlock(takeIfUnmarked));
+ Take takeIfEmpty(Take::TakeIfEmpty, this);
+ freeBlocks(forEachBlock(takeIfEmpty));
+
+ forEachBlock<Shrink>();
}
#if ENABLE(GGC)
diff --git a/Source/JavaScriptCore/heap/MarkedSpace.h b/Source/JavaScriptCore/heap/MarkedSpace.h
index 7bd5ca509..18b57c6d0 100644
--- a/Source/JavaScriptCore/heap/MarkedSpace.h
+++ b/Source/JavaScriptCore/heap/MarkedSpace.h
@@ -71,6 +71,8 @@ public:
static const size_t maxCellSize = 2048;
MarkedSpace(Heap*);
+ ~MarkedSpace();
+ void lastChanceToFinalize();
MarkedAllocator& firstAllocator();
MarkedAllocator& allocatorFor(size_t);
@@ -81,6 +83,10 @@ public:
void resetAllocators();
+ void visitWeakSets(HeapRootVisitor&);
+ void reapWeakSets();
+ void sweepWeakSets();
+
MarkedBlockSet& blocks() { return m_blocks; }
void canonicalizeCellLivenessData();
@@ -93,7 +99,6 @@ public:
template<typename Functor> typename Functor::ReturnType forEachBlock();
void shrink();
- void freeAllBlocks();
void freeBlocks(MarkedBlock* head);
void didAddBlock(MarkedBlock*);
diff --git a/Source/JavaScriptCore/heap/PassWeak.h b/Source/JavaScriptCore/heap/PassWeak.h
index 8c6364e4b..acd6e52c7 100644
--- a/Source/JavaScriptCore/heap/PassWeak.h
+++ b/Source/JavaScriptCore/heap/PassWeak.h
@@ -46,9 +46,7 @@ public:
T& operator*() const;
GetType get() const;
-#if !ASSERT_DISABLED
bool was(GetType) const;
-#endif
};
template<typename T> class PassWeak : public WeakImplAccessor<PassWeak<T>, T> {
@@ -102,12 +100,10 @@ template<typename Base, typename T> inline typename WeakImplAccessor<Base, T>::G
return jsCast<T*>(static_cast<const Base*>(this)->m_impl->jsValue().asCell());
}
-#if !ASSERT_DISABLED
template<typename Base, typename T> inline bool WeakImplAccessor<Base, T>::was(typename WeakImplAccessor<Base, T>::GetType other) const
{
return jsCast<T*>(static_cast<const Base*>(this)->m_impl->jsValue().asCell()) == other;
}
-#endif
template<typename T> inline PassWeak<T>::PassWeak()
: m_impl(0)
diff --git a/Source/JavaScriptCore/heap/Weak.h b/Source/JavaScriptCore/heap/Weak.h
index 0938249b8..e5e0a97ec 100644
--- a/Source/JavaScriptCore/heap/Weak.h
+++ b/Source/JavaScriptCore/heap/Weak.h
@@ -26,9 +26,10 @@
#ifndef Weak_h
#define Weak_h
-#include <wtf/Assertions.h>
#include "PassWeak.h"
#include "WeakSetInlines.h"
+#include <wtf/Assertions.h>
+#include <wtf/HashMap.h>
namespace JSC {
@@ -150,6 +151,32 @@ template<typename T> inline WeakImpl* Weak<T>::hashTableDeletedValue()
return reinterpret_cast<WeakImpl*>(-1);
}
+// This function helps avoid modifying a weak table while holding an iterator into it. (Object allocation
+// can run a finalizer that modifies the table. We avoid that by requiring a pre-constructed object as our value.)
+template<typename T, typename U> inline void weakAdd(HashMap<T, Weak<U> >& map, const T& key, PassWeak<U> value)
+{
+ ASSERT(!map.get(key));
+ map.set(key, value); // The table may still have a zombie for value.
+}
+
+template<typename T, typename U> inline void weakRemove(HashMap<T, Weak<U> >& map, const T& key, typename Weak<U>::GetType value)
+{
+ typename HashMap<T, Weak<U> >::iterator it = map.find(key);
+ ASSERT_UNUSED(value, value);
+ ASSERT(it != map.end());
+ ASSERT(it->second.was(value));
+ ASSERT(!it->second);
+ map.remove(it);
+}
+
+template<typename T> inline void weakClear(Weak<T>& weak, typename Weak<T>::GetType value)
+{
+ ASSERT_UNUSED(value, value);
+ ASSERT(weak.was(value));
+ ASSERT(!weak);
+ weak.clear();
+}
+
} // namespace JSC
namespace WTF {
diff --git a/Source/JavaScriptCore/heap/WeakBlock.cpp b/Source/JavaScriptCore/heap/WeakBlock.cpp
index f307e111e..685779d3a 100644
--- a/Source/JavaScriptCore/heap/WeakBlock.cpp
+++ b/Source/JavaScriptCore/heap/WeakBlock.cpp
@@ -36,19 +36,16 @@ namespace JSC {
WeakBlock* WeakBlock::create()
{
- PageAllocation allocation = PageAllocation::allocate(blockSize, OSAllocator::JSGCHeapPages);
- if (!static_cast<bool>(allocation))
- CRASH();
- return new (NotNull, allocation.base()) WeakBlock(allocation);
+ void* allocation = fastMalloc(blockSize);
+ return new (NotNull, allocation) WeakBlock;
}
void WeakBlock::destroy(WeakBlock* block)
{
- block->m_allocation.deallocate();
+ fastFree(block);
}
-WeakBlock::WeakBlock(PageAllocation& allocation)
- : m_allocation(allocation)
+WeakBlock::WeakBlock()
{
for (size_t i = 0; i < weakImplCount(); ++i) {
WeakImpl* weakImpl = &weakImpls()[i];
@@ -56,10 +53,10 @@ WeakBlock::WeakBlock(PageAllocation& allocation)
addToFreeList(&m_sweepResult.freeList, weakImpl);
}
- ASSERT(!m_sweepResult.isNull() && m_sweepResult.blockIsFree);
+ ASSERT(isEmpty());
}
-void WeakBlock::finalizeAll()
+void WeakBlock::lastChanceToFinalize()
{
for (size_t i = 0; i < weakImplCount(); ++i) {
WeakImpl* weakImpl = &weakImpls()[i];
@@ -90,10 +87,10 @@ void WeakBlock::sweep()
ASSERT(!m_sweepResult.isNull());
}
-void WeakBlock::visitLiveWeakImpls(HeapRootVisitor& heapRootVisitor)
+void WeakBlock::visit(HeapRootVisitor& heapRootVisitor)
{
// If a block is completely empty, a visit won't have any effect.
- if (!m_sweepResult.isNull() && m_sweepResult.blockIsFree)
+ if (isEmpty())
return;
SlotVisitor& visitor = heapRootVisitor.visitor();
@@ -118,10 +115,10 @@ void WeakBlock::visitLiveWeakImpls(HeapRootVisitor& heapRootVisitor)
}
}
-void WeakBlock::visitDeadWeakImpls(HeapRootVisitor&)
+void WeakBlock::reap()
{
- // If a block is completely empty, a visit won't have any effect.
- if (!m_sweepResult.isNull() && m_sweepResult.blockIsFree)
+ // If a block is completely empty, a reaping won't have any effect.
+ if (isEmpty())
return;
for (size_t i = 0; i < weakImplCount(); ++i) {
diff --git a/Source/JavaScriptCore/heap/WeakBlock.h b/Source/JavaScriptCore/heap/WeakBlock.h
index 9e546ea32..dc3e89d55 100644
--- a/Source/JavaScriptCore/heap/WeakBlock.h
+++ b/Source/JavaScriptCore/heap/WeakBlock.h
@@ -30,7 +30,6 @@
#include "WeakHandleOwner.h"
#include "WeakImpl.h"
#include <wtf/DoublyLinkedList.h>
-#include <wtf/PageAllocation.h>
#include <wtf/StdLibExtras.h>
namespace JSC {
@@ -42,7 +41,7 @@ class WeakHandleOwner;
class WeakBlock : public DoublyLinkedListNode<WeakBlock> {
public:
friend class WTF::DoublyLinkedListNode<WeakBlock>;
- static const size_t blockSize = 4 * KB;
+ static const size_t blockSize = 3 * KB; // 5% of MarkedBlock size
struct FreeCell {
FreeCell* next;
@@ -61,26 +60,26 @@ public:
static WeakImpl* asWeakImpl(FreeCell*);
+ bool isEmpty();
+
void sweep();
- const SweepResult& sweepResult();
SweepResult takeSweepResult();
- void visitLiveWeakImpls(HeapRootVisitor&);
- void visitDeadWeakImpls(HeapRootVisitor&);
+ void visit(HeapRootVisitor&);
+ void reap();
- void finalizeAll();
+ void lastChanceToFinalize();
private:
static FreeCell* asFreeCell(WeakImpl*);
- WeakBlock(PageAllocation&);
+ WeakBlock();
WeakImpl* firstWeakImpl();
void finalize(WeakImpl*);
WeakImpl* weakImpls();
size_t weakImplCount();
void addToFreeList(FreeCell**, WeakImpl*);
- PageAllocation m_allocation;
WeakBlock* m_prev;
WeakBlock* m_next;
SweepResult m_sweepResult;
@@ -111,11 +110,6 @@ inline WeakBlock::SweepResult WeakBlock::takeSweepResult()
return tmp;
}
-inline const WeakBlock::SweepResult& WeakBlock::sweepResult()
-{
- return m_sweepResult;
-}
-
inline WeakBlock::FreeCell* WeakBlock::asFreeCell(WeakImpl* weakImpl)
{
return reinterpret_cast<FreeCell*>(weakImpl);
@@ -151,6 +145,11 @@ inline void WeakBlock::addToFreeList(FreeCell** freeList, WeakImpl* weakImpl)
*freeList = freeCell;
}
+inline bool WeakBlock::isEmpty()
+{
+ return !m_sweepResult.isNull() && m_sweepResult.blockIsFree;
+}
+
} // namespace JSC
#endif // WeakBlock_h
diff --git a/Source/JavaScriptCore/heap/WeakSet.cpp b/Source/JavaScriptCore/heap/WeakSet.cpp
index d9c773cef..9374fd8ff 100644
--- a/Source/JavaScriptCore/heap/WeakSet.cpp
+++ b/Source/JavaScriptCore/heap/WeakSet.cpp
@@ -40,24 +40,6 @@ WeakSet::~WeakSet()
m_blocks.clear();
}
-void WeakSet::finalizeAll()
-{
- for (WeakBlock* block = m_blocks.head(); block; block = block->next())
- block->finalizeAll();
-}
-
-void WeakSet::visitLiveWeakImpls(HeapRootVisitor& visitor)
-{
- for (WeakBlock* block = m_blocks.head(); block; block = block->next())
- block->visitLiveWeakImpls(visitor);
-}
-
-void WeakSet::visitDeadWeakImpls(HeapRootVisitor& visitor)
-{
- for (WeakBlock* block = m_blocks.head(); block; block = block->next())
- block->visitDeadWeakImpls(visitor);
-}
-
void WeakSet::sweep()
{
WeakBlock* next;
@@ -65,7 +47,7 @@ void WeakSet::sweep()
next = block->next();
// If a block is completely empty, a new sweep won't have any effect.
- if (!block->sweepResult().isNull() && block->sweepResult().blockIsFree)
+ if (block->isEmpty())
continue;
block->takeSweepResult(); // Force a new sweep by discarding the last sweep.
@@ -73,23 +55,6 @@ void WeakSet::sweep()
}
}
-void WeakSet::shrink()
-{
- WeakBlock* next;
- for (WeakBlock* block = m_blocks.head(); block; block = next) {
- next = block->next();
-
- if (!block->sweepResult().isNull() && block->sweepResult().blockIsFree)
- removeAllocator(block);
- }
-}
-
-void WeakSet::resetAllocator()
-{
- m_allocator = 0;
- m_nextAllocator = m_blocks.head();
-}
-
WeakBlock::FreeCell* WeakSet::findAllocator()
{
if (WeakBlock::FreeCell* allocator = tryFindAllocator())
diff --git a/Source/JavaScriptCore/heap/WeakSet.h b/Source/JavaScriptCore/heap/WeakSet.h
index 0a683bd5f..be9844a64 100644
--- a/Source/JavaScriptCore/heap/WeakSet.h
+++ b/Source/JavaScriptCore/heap/WeakSet.h
@@ -35,20 +35,22 @@ class WeakImpl;
class WeakSet {
public:
+ static WeakImpl* allocate(JSValue, WeakHandleOwner* = 0, void* context = 0);
+ static void deallocate(WeakImpl*);
+
WeakSet(Heap*);
- void finalizeAll();
~WeakSet();
+ void lastChanceToFinalize();
- static WeakImpl* allocate(JSValue, WeakHandleOwner* = 0, void* context = 0);
- static void deallocate(WeakImpl*);
+ Heap* heap() const;
- void visitLiveWeakImpls(HeapRootVisitor&);
- void visitDeadWeakImpls(HeapRootVisitor&);
+ bool isEmpty() const;
+ void visit(HeapRootVisitor&);
+ void reap();
void sweep();
- void resetAllocator();
-
void shrink();
+ void resetAllocator();
private:
JS_EXPORT_PRIVATE WeakBlock::FreeCell* findAllocator();
@@ -69,11 +71,61 @@ inline WeakSet::WeakSet(Heap* heap)
{
}
+inline Heap* WeakSet::heap() const
+{
+ return m_heap;
+}
+
+inline bool WeakSet::isEmpty() const
+{
+ for (WeakBlock* block = m_blocks.head(); block; block = block->next()) {
+ if (!block->isEmpty())
+ return false;
+ }
+
+ return true;
+}
+
inline void WeakSet::deallocate(WeakImpl* weakImpl)
{
weakImpl->setState(WeakImpl::Deallocated);
}
+inline void WeakSet::lastChanceToFinalize()
+{
+ for (WeakBlock* block = m_blocks.head(); block; block = block->next())
+ block->lastChanceToFinalize();
+}
+
+inline void WeakSet::visit(HeapRootVisitor& visitor)
+{
+ for (WeakBlock* block = m_blocks.head(); block; block = block->next())
+ block->visit(visitor);
+}
+
+inline void WeakSet::reap()
+{
+ for (WeakBlock* block = m_blocks.head(); block; block = block->next())
+ block->reap();
+}
+
+inline void WeakSet::shrink()
+{
+ WeakBlock* next;
+ for (WeakBlock* block = m_blocks.head(); block; block = next) {
+ next = block->next();
+
+ if (block->isEmpty())
+ removeAllocator(block);
+ }
+}
+
+inline void WeakSet::resetAllocator()
+{
+ m_allocator = 0;
+ m_nextAllocator = m_blocks.head();
+}
+
} // namespace JSC
#endif // WeakSet_h
diff --git a/Source/JavaScriptCore/heap/WeakSetInlines.h b/Source/JavaScriptCore/heap/WeakSetInlines.h
index 0515904fc..6e2420c45 100644
--- a/Source/JavaScriptCore/heap/WeakSetInlines.h
+++ b/Source/JavaScriptCore/heap/WeakSetInlines.h
@@ -32,7 +32,7 @@ namespace JSC {
inline WeakImpl* WeakSet::allocate(JSValue jsValue, WeakHandleOwner* weakHandleOwner, void* context)
{
- WeakSet& weakSet = *Heap::heap(jsValue.asCell())->weakSet();
+ WeakSet& weakSet = MarkedBlock::blockFor(jsValue.asCell())->weakSet();
WeakBlock::FreeCell* allocator = weakSet.m_allocator;
if (UNLIKELY(!allocator))
allocator = weakSet.findAllocator();
diff --git a/Source/JavaScriptCore/interpreter/CallFrame.cpp b/Source/JavaScriptCore/interpreter/CallFrame.cpp
index a5ffaee8d..cfbfb3e3a 100644
--- a/Source/JavaScriptCore/interpreter/CallFrame.cpp
+++ b/Source/JavaScriptCore/interpreter/CallFrame.cpp
@@ -181,6 +181,16 @@ CallFrame* CallFrame::trueCallerFrame()
return machineCaller->trueCallFrame(returnPC())->removeHostCallFrameFlag();
}
+
+CodeBlock* CallFrame::someCodeBlockForPossiblyInlinedCode()
+{
+ if (!isInlineCallFrame())
+ return codeBlock();
+
+ return jsCast<FunctionExecutable*>(inlineCallFrame()->executable.get())->baselineCodeBlockFor(
+ inlineCallFrame()->isCall ? CodeForCall : CodeForConstruct);
+}
+
#endif
Register* CallFrame::frameExtentInternal()
diff --git a/Source/JavaScriptCore/interpreter/CallFrame.h b/Source/JavaScriptCore/interpreter/CallFrame.h
index 4ec3de7f3..0488bb4ea 100644
--- a/Source/JavaScriptCore/interpreter/CallFrame.h
+++ b/Source/JavaScriptCore/interpreter/CallFrame.h
@@ -90,6 +90,7 @@ namespace JSC {
static const HashTable* numberPrototypeTable(CallFrame* callFrame) { return callFrame->globalData().numberPrototypeTable; }
static const HashTable* objectConstructorTable(CallFrame* callFrame) { return callFrame->globalData().objectConstructorTable; }
static const HashTable* objectPrototypeTable(CallFrame* callFrame) { return callFrame->globalData().objectPrototypeTable; }
+ static const HashTable* privateNamePrototypeTable(CallFrame* callFrame) { return callFrame->globalData().privateNamePrototypeTable; }
static const HashTable* regExpTable(CallFrame* callFrame) { return callFrame->globalData().regExpTable; }
static const HashTable* regExpConstructorTable(CallFrame* callFrame) { return callFrame->globalData().regExpConstructorTable; }
static const HashTable* regExpPrototypeTable(CallFrame* callFrame) { return callFrame->globalData().regExpPrototypeTable; }
@@ -237,11 +238,15 @@ namespace JSC {
// to the caller. This resolves issues surrounding inlining and the
// HostCallFrameFlag stuff.
CallFrame* trueCallerFrame();
+
+ CodeBlock* someCodeBlockForPossiblyInlinedCode();
#else
bool isInlineCallFrame() { return false; }
CallFrame* trueCallFrame(AbstractPC) { return this; }
CallFrame* trueCallerFrame() { return callerFrame()->removeHostCallFrameFlag(); }
+
+ CodeBlock* someCodeBlockForPossiblyInlinedCode() { return codeBlock(); }
#endif
// Call this to get the true call frame (accounted for inlining and any
diff --git a/Source/JavaScriptCore/interpreter/Interpreter.cpp b/Source/JavaScriptCore/interpreter/Interpreter.cpp
index 355acaa02..5eaed9657 100644
--- a/Source/JavaScriptCore/interpreter/Interpreter.cpp
+++ b/Source/JavaScriptCore/interpreter/Interpreter.cpp
@@ -50,6 +50,7 @@
#include "LiteralParser.h"
#include "JSStaticScopeObject.h"
#include "JSString.h"
+#include "NameInstance.h"
#include "ObjectPrototype.h"
#include "Operations.h"
#include "Parser.h"
@@ -2620,7 +2621,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
*/
int dst = vPC[1].u.operand;
int src = vPC[2].u.operand;
- JSValue result = jsBoolean(!callFrame->r(src).jsValue().toBoolean(callFrame));
+ JSValue result = jsBoolean(!callFrame->r(src).jsValue().toBoolean());
CHECK_FOR_EXCEPTION();
callFrame->uncheckedR(dst) = result;
@@ -2795,6 +2796,8 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
uint32_t i;
if (propName.getUInt32(i))
callFrame->uncheckedR(dst) = jsBoolean(baseObj->hasProperty(callFrame, i));
+ else if (isName(propName))
+ callFrame->uncheckedR(dst) = jsBoolean(baseObj->hasProperty(callFrame, jsCast<NameInstance*>(propName.asCell())->privateName()));
else {
Identifier property(callFrame, propName.toString(callFrame)->value(callFrame));
CHECK_FOR_EXCEPTION();
@@ -3775,7 +3778,9 @@ skip_id_custom_self:
result = asString(baseValue)->getIndex(callFrame, i);
else
result = baseValue.get(callFrame, i);
- } else {
+ } else if (isName(subscript))
+ result = baseValue.get(callFrame, jsCast<NameInstance*>(subscript.asCell())->privateName());
+ else {
Identifier property(callFrame, subscript.toString(callFrame)->value(callFrame));
result = baseValue.get(callFrame, property);
}
@@ -3813,6 +3818,9 @@ skip_id_custom_self:
jsArray->JSArray::putByIndex(jsArray, callFrame, i, callFrame->r(value).jsValue(), codeBlock->isStrictMode());
} else
baseValue.putByIndex(callFrame, i, callFrame->r(value).jsValue(), codeBlock->isStrictMode());
+ } else if (isName(subscript)) {
+ PutPropertySlot slot(codeBlock->isStrictMode());
+ baseValue.put(callFrame, jsCast<NameInstance*>(subscript.asCell())->privateName(), callFrame->r(value).jsValue(), slot);
} else {
Identifier property(callFrame, subscript.toString(callFrame)->value(callFrame));
if (!globalData->exception) { // Don't put to an object if toString threw an exception.
@@ -3844,6 +3852,8 @@ skip_id_custom_self:
uint32_t i;
if (subscript.getUInt32(i))
result = baseObj->methodTable()->deletePropertyByIndex(baseObj, callFrame, i);
+ else if (isName(subscript))
+ result = baseObj->methodTable()->deleteProperty(baseObj, callFrame, jsCast<NameInstance*>(subscript.asCell())->privateName());
else {
CHECK_FOR_EXCEPTION();
Identifier property(callFrame, subscript.toString(callFrame)->value(callFrame));
@@ -3929,7 +3939,7 @@ skip_id_custom_self:
*/
int cond = vPC[1].u.operand;
int target = vPC[2].u.operand;
- if (callFrame->r(cond).jsValue().toBoolean(callFrame)) {
+ if (callFrame->r(cond).jsValue().toBoolean()) {
vPC += target;
CHECK_FOR_TIMEOUT();
NEXT_INSTRUCTION();
@@ -3949,7 +3959,7 @@ skip_id_custom_self:
*/
int cond = vPC[1].u.operand;
int target = vPC[2].u.operand;
- if (!callFrame->r(cond).jsValue().toBoolean(callFrame)) {
+ if (!callFrame->r(cond).jsValue().toBoolean()) {
vPC += target;
CHECK_FOR_TIMEOUT();
NEXT_INSTRUCTION();
@@ -3966,7 +3976,7 @@ skip_id_custom_self:
*/
int cond = vPC[1].u.operand;
int target = vPC[2].u.operand;
- if (callFrame->r(cond).jsValue().toBoolean(callFrame)) {
+ if (callFrame->r(cond).jsValue().toBoolean()) {
vPC += target;
NEXT_INSTRUCTION();
}
@@ -3982,7 +3992,7 @@ skip_id_custom_self:
*/
int cond = vPC[1].u.operand;
int target = vPC[2].u.operand;
- if (!callFrame->r(cond).jsValue().toBoolean(callFrame)) {
+ if (!callFrame->r(cond).jsValue().toBoolean()) {
vPC += target;
NEXT_INSTRUCTION();
}
@@ -5272,7 +5282,7 @@ JSValue Interpreter::retrieveArgumentsFromVMCode(CallFrame* callFrame, JSFunctio
if (!functionCallFrame)
return jsNull();
- CodeBlock* codeBlock = functionCallFrame->codeBlock();
+ CodeBlock* codeBlock = functionCallFrame->someCodeBlockForPossiblyInlinedCode();
if (codeBlock->usesArguments()) {
ASSERT(codeBlock->codeType() == FunctionCode);
int argumentsRegister = codeBlock->argumentsRegister();
diff --git a/Source/JavaScriptCore/jit/ExecutableAllocator.cpp b/Source/JavaScriptCore/jit/ExecutableAllocator.cpp
index e30c892e3..79399196e 100644
--- a/Source/JavaScriptCore/jit/ExecutableAllocator.cpp
+++ b/Source/JavaScriptCore/jit/ExecutableAllocator.cpp
@@ -261,23 +261,6 @@ void ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSe
#endif
-#if CPU(ARM_TRADITIONAL) && OS(LINUX) && COMPILER(RVCT)
-
-__asm void ExecutableAllocator::cacheFlush(void* code, size_t size)
-{
- ARM
- push {r7}
- add r1, r1, r0
- mov r7, #0xf0000
- add r7, r7, #0x2
- mov r2, #0x0
- svc #0x0
- pop {r7}
- bx lr
-}
-
-#endif
-
}
#endif // HAVE(ASSEMBLER)
diff --git a/Source/JavaScriptCore/jit/ExecutableAllocator.h b/Source/JavaScriptCore/jit/ExecutableAllocator.h
index c1edc9752..8cd5cba07 100644
--- a/Source/JavaScriptCore/jit/ExecutableAllocator.h
+++ b/Source/JavaScriptCore/jit/ExecutableAllocator.h
@@ -139,108 +139,6 @@ public:
static void makeExecutable(void*, size_t) {}
#endif
-#if CPU(X86) || CPU(X86_64)
- static void cacheFlush(void*, size_t)
- {
- }
-#elif CPU(MIPS)
- static void cacheFlush(void* code, size_t size)
- {
-#if GCC_VERSION_AT_LEAST(4, 3, 0)
-#if WTF_MIPS_ISA_REV(2) && !GCC_VERSION_AT_LEAST(4, 4, 3)
- int lineSize;
- asm("rdhwr %0, $1" : "=r" (lineSize));
- //
- // Modify "start" and "end" to avoid GCC 4.3.0-4.4.2 bug in
- // mips_expand_synci_loop that may execute synci one more time.
- // "start" points to the fisrt byte of the cache line.
- // "end" points to the last byte of the line before the last cache line.
- // Because size is always a multiple of 4, this is safe to set
- // "end" to the last byte.
- //
- intptr_t start = reinterpret_cast<intptr_t>(code) & (-lineSize);
- intptr_t end = ((reinterpret_cast<intptr_t>(code) + size - 1) & (-lineSize)) - 1;
- __builtin___clear_cache(reinterpret_cast<char*>(start), reinterpret_cast<char*>(end));
-#else
- intptr_t end = reinterpret_cast<intptr_t>(code) + size;
- __builtin___clear_cache(reinterpret_cast<char*>(code), reinterpret_cast<char*>(end));
-#endif
-#else
- _flush_cache(reinterpret_cast<char*>(code), size, BCACHE);
-#endif
- }
-#elif CPU(ARM_THUMB2) && OS(IOS)
- static void cacheFlush(void* code, size_t size)
- {
- sys_cache_control(kCacheFunctionPrepareForExecution, code, size);
- }
-#elif CPU(ARM_THUMB2) && OS(LINUX)
- static void cacheFlush(void* code, size_t size)
- {
- asm volatile (
- "push {r7}\n"
- "mov r0, %0\n"
- "mov r1, %1\n"
- "movw r7, #0x2\n"
- "movt r7, #0xf\n"
- "movs r2, #0x0\n"
- "svc 0x0\n"
- "pop {r7}\n"
- :
- : "r" (code), "r" (reinterpret_cast<char*>(code) + size)
- : "r0", "r1", "r2");
- }
-#elif CPU(ARM_TRADITIONAL) && OS(LINUX) && COMPILER(RVCT)
- static __asm void cacheFlush(void* code, size_t size);
-#elif CPU(ARM_TRADITIONAL) && OS(LINUX) && COMPILER(GCC)
- static void cacheFlush(void* code, size_t size)
- {
- uintptr_t currentPage = reinterpret_cast<uintptr_t>(code) & ~(pageSize() - 1);
- uintptr_t lastPage = (reinterpret_cast<uintptr_t>(code) + size) & ~(pageSize() - 1);
-
- do {
- asm volatile (
- "push {r7}\n"
- "mov r0, %0\n"
- "mov r1, %1\n"
- "mov r7, #0xf0000\n"
- "add r7, r7, #0x2\n"
- "mov r2, #0x0\n"
- "svc 0x0\n"
- "pop {r7}\n"
- :
- : "r" (currentPage), "r" (currentPage + pageSize())
- : "r0", "r1", "r2");
- currentPage += pageSize();
- } while (lastPage >= currentPage);
- }
-#elif OS(WINCE)
- static void cacheFlush(void* code, size_t size)
- {
- CacheRangeFlush(code, size, CACHE_SYNC_ALL);
- }
-#elif CPU(SH4) && OS(LINUX)
- static void cacheFlush(void* code, size_t size)
- {
-#ifdef CACHEFLUSH_D_L2
- syscall(__NR_cacheflush, reinterpret_cast<unsigned>(code), size, CACHEFLUSH_D_WB | CACHEFLUSH_I | CACHEFLUSH_D_L2);
-#else
- syscall(__NR_cacheflush, reinterpret_cast<unsigned>(code), size, CACHEFLUSH_D_WB | CACHEFLUSH_I);
-#endif
- }
-#elif OS(QNX)
- static void cacheFlush(void* code, size_t size)
- {
-#if !ENABLE(ASSEMBLER_WX_EXCLUSIVE)
- msync(code, size, MS_INVALIDATE_ICACHE);
-#else
- UNUSED_PARAM(code);
- UNUSED_PARAM(size);
-#endif
- }
-#else
- #error "The cacheFlush support is missing on this platform."
-#endif
static size_t committedByteCount();
private:
diff --git a/Source/JavaScriptCore/jit/HostCallReturnValue.h b/Source/JavaScriptCore/jit/HostCallReturnValue.h
index 12fe10b10..fc9127faf 100644
--- a/Source/JavaScriptCore/jit/HostCallReturnValue.h
+++ b/Source/JavaScriptCore/jit/HostCallReturnValue.h
@@ -43,10 +43,10 @@
namespace JSC {
-extern "C" EncodedJSValue HOST_CALL_RETURN_VALUE_OPTION getHostCallReturnValue();
+extern "C" EncodedJSValue HOST_CALL_RETURN_VALUE_OPTION getHostCallReturnValue() REFERENCED_FROM_ASM;
// This is a public declaration only to convince CLANG not to elide it.
-extern "C" EncodedJSValue HOST_CALL_RETURN_VALUE_OPTION getHostCallReturnValueWithExecState(ExecState*);
+extern "C" EncodedJSValue HOST_CALL_RETURN_VALUE_OPTION getHostCallReturnValueWithExecState(ExecState*) REFERENCED_FROM_ASM;
inline void initializeHostCallReturnValue()
{
diff --git a/Source/JavaScriptCore/jit/JIT.cpp b/Source/JavaScriptCore/jit/JIT.cpp
index c2aec549a..ff5615f44 100644
--- a/Source/JavaScriptCore/jit/JIT.cpp
+++ b/Source/JavaScriptCore/jit/JIT.cpp
@@ -96,7 +96,7 @@ JIT::JIT(JSGlobalData* globalData, CodeBlock* codeBlock)
#if ENABLE(DFG_JIT)
void JIT::emitOptimizationCheck(OptimizationCheckKind kind)
{
- if (!shouldEmitProfiling())
+ if (!canBeOptimized())
return;
Jump skipOptimize = branchAdd32(Signed, TrustedImm32(kind == LoopOptimizationCheck ? Options::executionCounterIncrementForLoop : Options::executionCounterIncrementForReturn), AbsoluteAddress(m_codeBlock->addressOfJITExecuteCounter()));
@@ -417,7 +417,7 @@ void JIT::privateCompileSlowCases()
#if ENABLE(VALUE_PROFILER)
RareCaseProfile* rareCaseProfile = 0;
- if (m_canBeOptimized)
+ if (shouldEmitProfiling())
rareCaseProfile = m_codeBlock->addRareCaseProfile(m_bytecodeOffset);
#endif
@@ -497,7 +497,7 @@ void JIT::privateCompileSlowCases()
ASSERT_WITH_MESSAGE(firstTo == (iter - 1)->to, "Too many jumps linked in slow case codegen.");
#if ENABLE(VALUE_PROFILER)
- if (m_canBeOptimized)
+ if (shouldEmitProfiling())
add32(TrustedImm32(1), AbsoluteAddress(&rareCaseProfile->m_counter));
#endif
@@ -565,7 +565,24 @@ JITCode JIT::privateCompile(CodePtr* functionEntryArityCheck, JITCompilationEffo
#endif
#if ENABLE(VALUE_PROFILER)
- m_canBeOptimized = m_codeBlock->canCompileWithDFG();
+ DFG::CapabilityLevel level = m_codeBlock->canCompileWithDFG();
+ switch (level) {
+ case DFG::CannotCompile:
+ m_canBeOptimized = false;
+ m_shouldEmitProfiling = false;
+ break;
+ case DFG::ShouldProfile:
+ m_canBeOptimized = false;
+ m_shouldEmitProfiling = true;
+ break;
+ case DFG::CanCompile:
+ m_canBeOptimized = true;
+ m_shouldEmitProfiling = true;
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ break;
+ }
#endif
// Just add a little bit of randomness to the codegen
@@ -619,7 +636,7 @@ JITCode JIT::privateCompile(CodePtr* functionEntryArityCheck, JITCompilationEffo
Label functionBody = label();
#if ENABLE(VALUE_PROFILER)
- if (m_canBeOptimized)
+ if (canBeOptimized())
add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->m_executionEntryCount));
#endif
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h
index 6dc0137d9..d1143105a 100644
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -836,7 +836,7 @@ namespace JSC {
#if ENABLE(DFG_JIT)
bool canBeOptimized() { return m_canBeOptimized; }
- bool shouldEmitProfiling() { return m_canBeOptimized; }
+ bool shouldEmitProfiling() { return m_shouldEmitProfiling; }
#else
bool canBeOptimized() { return false; }
// Enables use of value profiler with tiered compilation turned off,
@@ -885,6 +885,7 @@ namespace JSC {
#if ENABLE(VALUE_PROFILER)
bool m_canBeOptimized;
+ bool m_shouldEmitProfiling;
#endif
} JIT_CLASS_ALIGNMENT;
diff --git a/Source/JavaScriptCore/jit/JITArithmetic.cpp b/Source/JavaScriptCore/jit/JITArithmetic.cpp
index a9390e35f..b66e2cd07 100644
--- a/Source/JavaScriptCore/jit/JITArithmetic.cpp
+++ b/Source/JavaScriptCore/jit/JITArithmetic.cpp
@@ -818,7 +818,7 @@ void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned, unsigned op1, unsign
else {
ASSERT(opcodeID == op_mul);
#if ENABLE(VALUE_PROFILER)
- if (m_canBeOptimized) {
+ if (shouldEmitProfiling()) {
// We want to be able to measure if this is taking the slow case just
// because of negative zero. If this produces positive zero, then we
// don't want the slow case to be taken because that will throw off
diff --git a/Source/JavaScriptCore/jit/JITCode.h b/Source/JavaScriptCore/jit/JITCode.h
index 3ae5ff234..c85e02e80 100644
--- a/Source/JavaScriptCore/jit/JITCode.h
+++ b/Source/JavaScriptCore/jit/JITCode.h
@@ -107,7 +107,7 @@ namespace JSC {
void* dataAddressAtOffset(size_t offset) const
{
- ASSERT(offset < size());
+ ASSERT(offset <= size()); // use <= instead of < because it is valid to ask for an address at the exclusive end of the code.
return reinterpret_cast<char*>(m_ref.code().dataLocation()) + offset;
}
diff --git a/Source/JavaScriptCore/jit/JITDriver.h b/Source/JavaScriptCore/jit/JITDriver.h
index 66cf51925..6c50f4bd1 100644
--- a/Source/JavaScriptCore/jit/JITDriver.h
+++ b/Source/JavaScriptCore/jit/JITDriver.h
@@ -38,8 +38,10 @@
namespace JSC {
template<typename CodeBlockType>
-inline bool jitCompileIfAppropriate(JSGlobalData& globalData, OwnPtr<CodeBlockType>& codeBlock, JITCode& jitCode, JITCode::JITType jitType, JITCompilationEffort effort)
+inline bool jitCompileIfAppropriate(ExecState* exec, OwnPtr<CodeBlockType>& codeBlock, JITCode& jitCode, JITCode::JITType jitType, JITCompilationEffort effort)
{
+ JSGlobalData& globalData = exec->globalData();
+
if (jitType == codeBlock->getJITType())
return true;
@@ -52,7 +54,7 @@ inline bool jitCompileIfAppropriate(JSGlobalData& globalData, OwnPtr<CodeBlockTy
bool dfgCompiled = false;
if (jitType == JITCode::DFGJIT)
- dfgCompiled = DFG::tryCompile(globalData, codeBlock.get(), jitCode);
+ dfgCompiled = DFG::tryCompile(exec, codeBlock.get(), jitCode);
if (dfgCompiled) {
if (codeBlock->alternative())
codeBlock->alternative()->unlinkIncomingCalls();
@@ -73,8 +75,10 @@ inline bool jitCompileIfAppropriate(JSGlobalData& globalData, OwnPtr<CodeBlockTy
return true;
}
-inline bool jitCompileFunctionIfAppropriate(JSGlobalData& globalData, OwnPtr<FunctionCodeBlock>& codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck, SharedSymbolTable*& symbolTable, JITCode::JITType jitType, JITCompilationEffort effort)
+inline bool jitCompileFunctionIfAppropriate(ExecState* exec, OwnPtr<FunctionCodeBlock>& codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck, SharedSymbolTable*& symbolTable, JITCode::JITType jitType, JITCompilationEffort effort)
{
+ JSGlobalData& globalData = exec->globalData();
+
if (jitType == codeBlock->getJITType())
return true;
@@ -88,7 +92,7 @@ inline bool jitCompileFunctionIfAppropriate(JSGlobalData& globalData, OwnPtr<Fun
bool dfgCompiled = false;
if (jitType == JITCode::DFGJIT)
- dfgCompiled = DFG::tryCompileFunction(globalData, codeBlock.get(), jitCode, jitCodeWithArityCheck);
+ dfgCompiled = DFG::tryCompileFunction(exec, codeBlock.get(), jitCode, jitCodeWithArityCheck);
if (dfgCompiled) {
if (codeBlock->alternative())
codeBlock->alternative()->unlinkIncomingCalls();
diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp
index f43e98c45..d458f7fb5 100644
--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp
+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp
@@ -1526,6 +1526,7 @@ void JIT::emit_op_get_argument_by_val(Instruction* currentInstruction)
neg32(regT1);
signExtend32ToPtr(regT1, regT1);
loadPtr(BaseIndex(callFrameRegister, regT1, TimesEight, CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))), regT0);
+ emitValueProfilingSite();
emitPutVirtualRegister(dst, regT0);
}
@@ -1548,7 +1549,7 @@ void JIT::emitSlow_op_get_argument_by_val(Instruction* currentInstruction, Vecto
JITStubCall stubCall(this, cti_op_get_by_val);
stubCall.addArgument(arguments, regT2);
stubCall.addArgument(property, regT2);
- stubCall.call(dst);
+ stubCall.callWithValueProfiling(dst);
}
#endif // USE(JSVALUE64)
diff --git a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
index c9f8922fa..5643fe9f3 100644
--- a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
@@ -1636,6 +1636,7 @@ void JIT::emit_op_get_argument_by_val(Instruction* currentInstruction)
neg32(regT2);
loadPtr(BaseIndex(callFrameRegister, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload) + CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))), regT0);
loadPtr(BaseIndex(callFrameRegister, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag) + CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))), regT1);
+ emitValueProfilingSite();
emitStore(dst, regT1, regT0);
}
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
index 8c7148c9d..5d39735af 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
@@ -513,7 +513,7 @@ void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure
// If we succeed in all of our checks, and the code was optimizable, then make sure we
// decrement the rare case counter.
#if ENABLE(VALUE_PROFILER)
- if (m_codeBlock->canCompileWithDFG()) {
+ if (m_codeBlock->canCompileWithDFG() >= DFG::ShouldProfile) {
sub32(
TrustedImm32(1),
AbsoluteAddress(&m_codeBlock->rareCaseProfileForBytecodeOffset(stubInfo->bytecodeIndex)->m_counter));
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
index 550ad0b2e..bd57484c4 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
@@ -479,7 +479,7 @@ void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure
// If we succeed in all of our checks, and the code was optimizable, then make sure we
// decrement the rare case counter.
#if ENABLE(VALUE_PROFILER)
- if (m_codeBlock->canCompileWithDFG()) {
+ if (m_codeBlock->canCompileWithDFG() >= DFG::ShouldProfile) {
sub32(
TrustedImm32(1),
AbsoluteAddress(&m_codeBlock->rareCaseProfileForBytecodeOffset(stubInfo->bytecodeIndex)->m_counter));
diff --git a/Source/JavaScriptCore/jit/JITStubs.cpp b/Source/JavaScriptCore/jit/JITStubs.cpp
index a6d6be106..e75f2825c 100644
--- a/Source/JavaScriptCore/jit/JITStubs.cpp
+++ b/Source/JavaScriptCore/jit/JITStubs.cpp
@@ -54,6 +54,7 @@
#include "JSPropertyNameIterator.h"
#include "JSStaticScopeObject.h"
#include "JSString.h"
+#include "NameInstance.h"
#include "ObjectPrototype.h"
#include "Operations.h"
#include "Parser.h"
@@ -2447,7 +2448,13 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_val)
CHECK_FOR_EXCEPTION();
return JSValue::encode(result);
}
-
+
+ if (isName(subscript)) {
+ JSValue result = baseValue.get(callFrame, jsCast<NameInstance*>(subscript.asCell())->privateName());
+ CHECK_FOR_EXCEPTION();
+ return JSValue::encode(result);
+ }
+
Identifier property(callFrame, subscript.toString(callFrame)->value(callFrame));
JSValue result = baseValue.get(callFrame, property);
CHECK_FOR_EXCEPTION_AT_END();
@@ -2474,7 +2481,9 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_val_string)
if (!isJSString(baseValue))
ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val));
}
- } else {
+ } else if (isName(subscript))
+ result = baseValue.get(callFrame, jsCast<NameInstance*>(subscript.asCell())->privateName());
+ else {
Identifier property(callFrame, subscript.toString(callFrame)->value(callFrame));
result = baseValue.get(callFrame, property);
}
@@ -2520,6 +2529,9 @@ DEFINE_STUB_FUNCTION(void, op_put_by_val)
JSArray::putByIndex(jsArray, callFrame, i, value, callFrame->codeBlock()->isStrictMode());
} else
baseValue.putByIndex(callFrame, i, value, callFrame->codeBlock()->isStrictMode());
+ } else if (isName(subscript)) {
+ PutPropertySlot slot(callFrame->codeBlock()->isStrictMode());
+ baseValue.put(callFrame, jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot);
} else {
Identifier property(callFrame, subscript.toString(callFrame)->value(callFrame));
if (!stackFrame.globalData->exception) { // Don't put to an object if toString threw an exception.
@@ -2759,9 +2771,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_not)
JSValue src = stackFrame.args[0].jsValue();
- CallFrame* callFrame = stackFrame.callFrame;
-
- JSValue result = jsBoolean(!src.toBoolean(callFrame));
+ JSValue result = jsBoolean(!src.toBoolean());
CHECK_FOR_EXCEPTION_AT_END();
return JSValue::encode(result);
}
@@ -2772,9 +2782,7 @@ DEFINE_STUB_FUNCTION(int, op_jtrue)
JSValue src1 = stackFrame.args[0].jsValue();
- CallFrame* callFrame = stackFrame.callFrame;
-
- bool result = src1.toBoolean(callFrame);
+ bool result = src1.toBoolean();
CHECK_FOR_EXCEPTION_AT_END();
return result;
}
@@ -3245,6 +3253,9 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_in)
if (propName.getUInt32(i))
return JSValue::encode(jsBoolean(baseObj->hasProperty(callFrame, i)));
+ if (isName(propName))
+ return JSValue::encode(jsBoolean(baseObj->hasProperty(callFrame, jsCast<NameInstance*>(propName.asCell())->privateName())));
+
Identifier property(callFrame, propName.toString(callFrame)->value(callFrame));
CHECK_FOR_EXCEPTION();
return JSValue::encode(jsBoolean(baseObj->hasProperty(callFrame, property)));
@@ -3357,6 +3368,8 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_del_by_val)
uint32_t i;
if (subscript.getUInt32(i))
result = baseObj->methodTable()->deletePropertyByIndex(baseObj, callFrame, i);
+ else if (isName(subscript))
+ result = baseObj->methodTable()->deleteProperty(baseObj, callFrame, jsCast<NameInstance*>(subscript.asCell())->privateName());
else {
CHECK_FOR_EXCEPTION();
Identifier property(callFrame, subscript.toString(callFrame)->value(callFrame));
@@ -3445,27 +3458,31 @@ MacroAssemblerCodeRef JITThunks::ctiStub(JSGlobalData* globalData, ThunkGenerato
NativeExecutable* JITThunks::hostFunctionStub(JSGlobalData* globalData, NativeFunction function, NativeFunction constructor)
{
- HostFunctionStubMap::AddResult result = m_hostFunctionStubMap->add(function, PassWeak<NativeExecutable>());
- if (!result.iterator->second)
- result.iterator->second = PassWeak<NativeExecutable>(NativeExecutable::create(*globalData, JIT::compileCTINativeCall(globalData, function), function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct()), constructor, NoIntrinsic));
- return result.iterator->second.get();
+ if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(function))
+ return nativeExecutable;
+
+ NativeExecutable* nativeExecutable = NativeExecutable::create(*globalData, JIT::compileCTINativeCall(globalData, function), function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct()), constructor, NoIntrinsic);
+ weakAdd(*m_hostFunctionStubMap, function, PassWeak<NativeExecutable>(nativeExecutable));
+ return nativeExecutable;
}
NativeExecutable* JITThunks::hostFunctionStub(JSGlobalData* globalData, NativeFunction function, ThunkGenerator generator, Intrinsic intrinsic)
{
- HostFunctionStubMap::AddResult entry = m_hostFunctionStubMap->add(function, PassWeak<NativeExecutable>());
- if (!entry.iterator->second) {
- MacroAssemblerCodeRef code;
- if (generator) {
- if (globalData->canUseJIT())
- code = generator(globalData);
- else
- code = MacroAssemblerCodeRef();
- } else
- code = JIT::compileCTINativeCall(globalData, function);
- entry.iterator->second = PassWeak<NativeExecutable>(NativeExecutable::create(*globalData, code, function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct()), callHostFunctionAsConstructor, intrinsic));
- }
- return entry.iterator->second.get();
+ if (NativeExecutable* nativeExecutable = m_hostFunctionStubMap->get(function))
+ return nativeExecutable;
+
+ MacroAssemblerCodeRef code;
+ if (generator) {
+ if (globalData->canUseJIT())
+ code = generator(globalData);
+ else
+ code = MacroAssemblerCodeRef();
+ } else
+ code = JIT::compileCTINativeCall(globalData, function);
+
+ NativeExecutable* nativeExecutable = NativeExecutable::create(*globalData, code, function, MacroAssemblerCodeRef::createSelfManagedCodeRef(ctiNativeConstruct()), callHostFunctionAsConstructor, intrinsic);
+ weakAdd(*m_hostFunctionStubMap, function, PassWeak<NativeExecutable>(nativeExecutable));
+ return nativeExecutable;
}
void JITThunks::clearHostFunctionStubs()
diff --git a/Source/JavaScriptCore/jit/JITStubs.h b/Source/JavaScriptCore/jit/JITStubs.h
index 786353df5..664338fd3 100644
--- a/Source/JavaScriptCore/jit/JITStubs.h
+++ b/Source/JavaScriptCore/jit/JITStubs.h
@@ -463,7 +463,7 @@ extern "C" {
void* JIT_STUB cti_register_file_check(STUB_ARGS_DECLARATION);
void* JIT_STUB cti_vm_lazyLinkCall(STUB_ARGS_DECLARATION);
void* JIT_STUB cti_vm_lazyLinkConstruct(STUB_ARGS_DECLARATION);
- void* JIT_STUB cti_vm_throw(STUB_ARGS_DECLARATION);
+ void* JIT_STUB cti_vm_throw(STUB_ARGS_DECLARATION) REFERENCED_FROM_ASM;
} // extern "C"
#endif // ENABLE(JIT)
diff --git a/Source/JavaScriptCore/jit/ThunkGenerators.cpp b/Source/JavaScriptCore/jit/ThunkGenerators.cpp
index 371aff2f9..e46ba809c 100644
--- a/Source/JavaScriptCore/jit/ThunkGenerators.cpp
+++ b/Source/JavaScriptCore/jit/ThunkGenerators.cpp
@@ -118,7 +118,7 @@ enum MathThunkCallingConvention { };
typedef MathThunkCallingConvention(*MathThunk)(MathThunkCallingConvention);
extern "C" {
-double jsRound(double);
+double jsRound(double) REFERENCED_FROM_ASM;
double jsRound(double d)
{
double integer = ceil(d);
diff --git a/Source/JavaScriptCore/jsc.cpp b/Source/JavaScriptCore/jsc.cpp
index 8407edd86..f796333ca 100644
--- a/Source/JavaScriptCore/jsc.cpp
+++ b/Source/JavaScriptCore/jsc.cpp
@@ -169,12 +169,15 @@ public:
}
static const ClassInfo s_info;
+ static const GlobalObjectMethodTable s_globalObjectMethodTable;
static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)
{
return Structure::create(globalData, 0, prototype, TypeInfo(GlobalObjectType, StructureFlags), &s_info);
}
+ static bool javaScriptExperimentsEnabled(const JSGlobalObject*) { return true; }
+
protected:
void finishCreation(JSGlobalData& globalData, const Vector<UString>& arguments)
{
@@ -231,9 +234,11 @@ COMPILE_ASSERT(!IsInteger<GlobalObject>::value, WTF_IsInteger_GlobalObject_false
ASSERT_CLASS_FITS_IN_CELL(GlobalObject);
const ClassInfo GlobalObject::s_info = { "global", &JSGlobalObject::s_info, 0, ExecState::globalObjectTable, CREATE_METHOD_TABLE(GlobalObject) };
+const GlobalObjectMethodTable GlobalObject::s_globalObjectMethodTable = { &allowsAccessFrom, &supportsProfiling, &supportsRichSourceInfo, &shouldInterruptScript, &javaScriptExperimentsEnabled };
+
GlobalObject::GlobalObject(JSGlobalData& globalData, Structure* structure)
- : JSGlobalObject(globalData, structure)
+ : JSGlobalObject(globalData, structure, &s_globalObjectMethodTable)
{
}
diff --git a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
index d184b6e62..066530c87 100644
--- a/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
+++ b/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
@@ -263,7 +263,7 @@ inline bool jitCompileAndSetHeuristics(CodeBlock* codeBlock, ExecState* exec)
return false;
}
- CodeBlock::JITCompilationResult result = codeBlock->jitCompile(exec->globalData());
+ CodeBlock::JITCompilationResult result = codeBlock->jitCompile(exec);
switch (result) {
case CodeBlock::AlreadyCompiled:
#if ENABLE(JIT_VERBOSE_OSR)
@@ -500,7 +500,7 @@ LLINT_SLOW_PATH_DECL(slow_path_new_regexp)
LLINT_SLOW_PATH_DECL(slow_path_not)
{
LLINT_BEGIN();
- LLINT_RETURN(jsBoolean(!LLINT_OP_C(2).jsValue().toBoolean(exec)));
+ LLINT_RETURN(jsBoolean(!LLINT_OP_C(2).jsValue().toBoolean()));
}
LLINT_SLOW_PATH_DECL(slow_path_eq)
@@ -952,6 +952,9 @@ inline JSValue getByVal(ExecState* exec, JSValue baseValue, JSValue subscript)
return baseValue.get(exec, i);
}
+
+ if (isName(subscript))
+ return baseValue.get(exec, jsCast<NameInstance*>(subscript.asCell())->privateName());
Identifier property(exec, subscript.toString(exec)->value(exec));
return baseValue.get(exec, property);
@@ -1004,7 +1007,13 @@ LLINT_SLOW_PATH_DECL(slow_path_put_by_val)
baseValue.putByIndex(exec, i, value, exec->codeBlock()->isStrictMode());
LLINT_END();
}
-
+
+ if (isName(subscript)) {
+ PutPropertySlot slot(exec->codeBlock()->isStrictMode());
+ baseValue.put(exec, jsCast<NameInstance*>(subscript.asCell())->privateName(), value, slot);
+ LLINT_END();
+ }
+
Identifier property(exec, subscript.toString(exec)->value(exec));
LLINT_CHECK_EXCEPTION();
PutPropertySlot slot(exec->codeBlock()->isStrictMode());
@@ -1025,6 +1034,8 @@ LLINT_SLOW_PATH_DECL(slow_path_del_by_val)
uint32_t i;
if (subscript.getUInt32(i))
couldDelete = baseObject->methodTable()->deletePropertyByIndex(baseObject, exec, i);
+ else if (isName(subscript))
+ couldDelete = baseObject->methodTable()->deleteProperty(baseObject, exec, jsCast<NameInstance*>(subscript.asCell())->privateName());
else {
LLINT_CHECK_EXCEPTION();
Identifier property(exec, subscript.toString(exec)->value(exec));
@@ -1088,13 +1099,13 @@ LLINT_SLOW_PATH_DECL(slow_path_jmp_scopes)
LLINT_SLOW_PATH_DECL(slow_path_jtrue)
{
LLINT_BEGIN();
- LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean(exec));
+ LLINT_BRANCH(op_jtrue, LLINT_OP_C(1).jsValue().toBoolean());
}
LLINT_SLOW_PATH_DECL(slow_path_jfalse)
{
LLINT_BEGIN();
- LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean(exec));
+ LLINT_BRANCH(op_jfalse, !LLINT_OP_C(1).jsValue().toBoolean());
}
LLINT_SLOW_PATH_DECL(slow_path_jless)
diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
index e1361315f..e1b08eaa5 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
@@ -1214,8 +1214,10 @@ _llint_op_get_argument_by_val:
loadi 4[PC], t3
loadi ThisArgumentOffset + TagOffset[cfr, t2, 8], t0
loadi ThisArgumentOffset + PayloadOffset[cfr, t2, 8], t1
+ loadi 16[PC], t2
storei t0, TagOffset[cfr, t3, 8]
storei t1, PayloadOffset[cfr, t3, 8]
+ valueProfile(t0, t1, t2)
dispatch(5)
.opGetArgumentByValSlow:
diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
index baf246b0b..a73085f76 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
@@ -1058,8 +1058,10 @@ _llint_op_get_argument_by_val:
negi t2
sxi2p t2, t2
loadis 8[PB, PC, 8], t3
+ loadp 32[PB, PC, 8], t1
loadp ThisArgumentOffset[cfr, t2, 8], t0
storep t0, [cfr, t3, 8]
+ valueProfile(t0, t1)
dispatch(5)
.opGetArgumentByValSlow:
diff --git a/Source/JavaScriptCore/runtime/Arguments.cpp b/Source/JavaScriptCore/runtime/Arguments.cpp
index 1fd05fd9e..4628cec8d 100644
--- a/Source/JavaScriptCore/runtime/Arguments.cpp
+++ b/Source/JavaScriptCore/runtime/Arguments.cpp
@@ -358,6 +358,9 @@ void Arguments::tearOff(CallFrame* callFrame)
if (!d->numArguments)
return;
+ // Must be called for the same call frame from which it was created.
+ ASSERT(bitwise_cast<WriteBarrier<Unknown>*>(callFrame) == d->registers);
+
d->registerArray = adoptArrayPtr(new WriteBarrier<Unknown>[d->numArguments]);
d->registers = d->registerArray.get() + CallFrame::offsetFor(d->numArguments + 1);
@@ -367,7 +370,28 @@ void Arguments::tearOff(CallFrame* callFrame)
return;
}
- InlineCallFrame* inlineCallFrame = callFrame->inlineCallFrame();
+ tearOffForInlineCallFrame(
+ callFrame->globalData(), callFrame->registers(), callFrame->inlineCallFrame());
+}
+
+void Arguments::tearOff(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
+{
+ if (isTornOff())
+ return;
+
+ if (!d->numArguments)
+ return;
+
+ d->registerArray = adoptArrayPtr(new WriteBarrier<Unknown>[d->numArguments]);
+ d->registers = d->registerArray.get() + CallFrame::offsetFor(d->numArguments + 1);
+
+ tearOffForInlineCallFrame(
+ callFrame->globalData(), callFrame->registers() + inlineCallFrame->stackOffset,
+ inlineCallFrame);
+}
+
+void Arguments::tearOffForInlineCallFrame(JSGlobalData& globalData, Register* registers, InlineCallFrame* inlineCallFrame)
+{
for (size_t i = 0; i < d->numArguments; ++i) {
ValueRecovery& recovery = inlineCallFrame->arguments[i + 1];
// In the future we'll support displaced recoveries (indicating that the
@@ -376,7 +400,7 @@ void Arguments::tearOff(CallFrame* callFrame)
// it's much less likely that we'll support in-register recoveries since
// this code does not (easily) have access to registers.
JSValue value;
- Register* location = &callFrame->registers()[CallFrame::argumentOffset(i)];
+ Register* location = &registers[CallFrame::argumentOffset(i)];
switch (recovery.technique()) {
case AlreadyInRegisterFile:
value = location->jsValue();
@@ -404,7 +428,7 @@ void Arguments::tearOff(CallFrame* callFrame)
ASSERT_NOT_REACHED();
break;
}
- argument(i).set(callFrame->globalData(), this, value);
+ argument(i).set(globalData, this, value);
}
}
diff --git a/Source/JavaScriptCore/runtime/Arguments.h b/Source/JavaScriptCore/runtime/Arguments.h
index 5925ed491..90eed25fa 100644
--- a/Source/JavaScriptCore/runtime/Arguments.h
+++ b/Source/JavaScriptCore/runtime/Arguments.h
@@ -41,16 +41,20 @@ namespace JSC {
unsigned numArguments;
+ // We make these full byte booleans to make them easy to test from the JIT,
+ // and because even if they were single-bit booleans we still wouldn't save
+ // any space.
+ bool overrodeLength;
+ bool overrodeCallee;
+ bool overrodeCaller;
+ bool isStrictMode;
+
WriteBarrier<Unknown>* registers;
OwnArrayPtr<WriteBarrier<Unknown> > registerArray;
OwnArrayPtr<bool> deletedArguments;
WriteBarrier<JSFunction> callee;
- bool overrodeLength : 1;
- bool overrodeCallee : 1;
- bool overrodeCaller : 1;
- bool isStrictMode : 1;
};
class Arguments : public JSNonFinalObject {
@@ -63,6 +67,13 @@ namespace JSC {
arguments->finishCreation(callFrame);
return arguments;
}
+
+ static Arguments* create(JSGlobalData& globalData, CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
+ {
+ Arguments* arguments = new (NotNull, allocateCell<Arguments>(globalData.heap)) Arguments(callFrame);
+ arguments->finishCreation(callFrame, inlineCallFrame);
+ return arguments;
+ }
enum { MaxArguments = 0x10000 };
@@ -71,6 +82,8 @@ namespace JSC {
Arguments(CallFrame*);
Arguments(CallFrame*, NoParametersType);
+
+ void tearOffForInlineCallFrame(JSGlobalData& globalData, Register*, InlineCallFrame*);
public:
static const ClassInfo s_info;
@@ -88,6 +101,7 @@ namespace JSC {
void copyToArguments(ExecState*, CallFrame*, uint32_t length);
void tearOff(CallFrame*);
+ void tearOff(CallFrame*, InlineCallFrame*);
bool isTornOff() const { return d->registerArray; }
void didTearOffActivation(JSGlobalData& globalData, JSActivation* activation)
{
@@ -101,11 +115,14 @@ namespace JSC {
{
return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info);
}
+
+ static ptrdiff_t offsetOfData() { return OBJECT_OFFSETOF(Arguments, d); }
protected:
static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesVisitChildren | OverridesGetPropertyNames | JSObject::StructureFlags;
void finishCreation(CallFrame*);
+ void finishCreation(CallFrame*, InlineCallFrame*);
private:
static void destroy(JSCell*);
@@ -173,6 +190,26 @@ namespace JSC {
tearOff(callFrame);
}
+ inline void Arguments::finishCreation(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
+ {
+ Base::finishCreation(callFrame->globalData());
+ ASSERT(inherits(&s_info));
+
+ JSFunction* callee = inlineCallFrame->callee.get();
+ d->numArguments = inlineCallFrame->arguments.size() - 1;
+ d->registers = reinterpret_cast<WriteBarrier<Unknown>*>(callFrame->registers()) + inlineCallFrame->stackOffset;
+ d->callee.set(callFrame->globalData(), this, callee);
+ d->overrodeLength = false;
+ d->overrodeCallee = false;
+ d->overrodeCaller = false;
+ d->isStrictMode = jsCast<FunctionExecutable*>(inlineCallFrame->executable.get())->isStrictMode();
+
+ // The bytecode generator omits op_tear_off_activation in cases of no
+ // declared parameters, so we need to tear off immediately.
+ if (d->isStrictMode || !callee->jsExecutable()->parameterCount())
+ tearOff(callFrame, inlineCallFrame);
+ }
+
} // namespace JSC
#endif // Arguments_h
diff --git a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
index b73a1296a..b0adb7f0f 100644
--- a/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
@@ -797,7 +797,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec)
cachedCall.setArgument(2, thisObj);
JSValue result = cachedCall.call();
- if (result.toBoolean(exec))
+ if (result.toBoolean())
resultArray->putDirectIndex(exec, filterIndex++, v);
}
if (k == length)
@@ -818,7 +818,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec)
eachArguments.append(thisObj);
JSValue result = call(exec, function, callType, callData, applyThis, eachArguments);
- if (result.toBoolean(exec))
+ if (result.toBoolean())
resultArray->putDirectIndex(exec, filterIndex++, v);
}
return JSValue::encode(resultArray);
@@ -917,7 +917,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState* exec)
cachedCall.setArgument(1, jsNumber(k));
cachedCall.setArgument(2, thisObj);
JSValue result = cachedCall.call();
- if (!result.toBoolean(cachedCall.newCallFrame(exec)))
+ if (!result.toBoolean())
return JSValue::encode(jsBoolean(false));
}
}
@@ -934,7 +934,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState* exec)
if (exec->hadException())
return JSValue::encode(jsUndefined());
- bool predicateResult = call(exec, function, callType, callData, applyThis, eachArguments).toBoolean(exec);
+ bool predicateResult = call(exec, function, callType, callData, applyThis, eachArguments).toBoolean();
if (!predicateResult) {
result = jsBoolean(false);
break;
@@ -1025,7 +1025,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState* exec)
cachedCall.setArgument(1, jsNumber(k));
cachedCall.setArgument(2, thisObj);
JSValue result = cachedCall.call();
- if (result.toBoolean(cachedCall.newCallFrame(exec)))
+ if (result.toBoolean())
return JSValue::encode(jsBoolean(true));
}
}
@@ -1042,7 +1042,7 @@ EncodedJSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState* exec)
if (exec->hadException())
return JSValue::encode(jsUndefined());
- bool predicateResult = call(exec, function, callType, callData, applyThis, eachArguments).toBoolean(exec);
+ bool predicateResult = call(exec, function, callType, callData, applyThis, eachArguments).toBoolean();
if (predicateResult) {
result = jsBoolean(true);
break;
diff --git a/Source/JavaScriptCore/runtime/BooleanConstructor.cpp b/Source/JavaScriptCore/runtime/BooleanConstructor.cpp
index 9b666292c..090be0aaa 100644
--- a/Source/JavaScriptCore/runtime/BooleanConstructor.cpp
+++ b/Source/JavaScriptCore/runtime/BooleanConstructor.cpp
@@ -49,7 +49,7 @@ void BooleanConstructor::finishCreation(ExecState* exec, BooleanPrototype* boole
JSObject* constructBoolean(ExecState* exec, const ArgList& args)
{
BooleanObject* obj = BooleanObject::create(exec->globalData(), asInternalFunction(exec->callee())->globalObject()->booleanObjectStructure());
- obj->setInternalValue(exec->globalData(), jsBoolean(args.at(0).toBoolean(exec)));
+ obj->setInternalValue(exec->globalData(), jsBoolean(args.at(0).toBoolean()));
return obj;
}
@@ -68,7 +68,7 @@ ConstructType BooleanConstructor::getConstructData(JSCell*, ConstructData& const
// ECMA 15.6.1
static EncodedJSValue JSC_HOST_CALL callBooleanConstructor(ExecState* exec)
{
- return JSValue::encode(jsBoolean(exec->argument(0).toBoolean(exec)));
+ return JSValue::encode(jsBoolean(exec->argument(0).toBoolean()));
}
CallType BooleanConstructor::getCallData(JSCell*, CallData& callData)
diff --git a/Source/JavaScriptCore/runtime/CommonSlowPaths.h b/Source/JavaScriptCore/runtime/CommonSlowPaths.h
index c41ced7ee..0d3480104 100644
--- a/Source/JavaScriptCore/runtime/CommonSlowPaths.h
+++ b/Source/JavaScriptCore/runtime/CommonSlowPaths.h
@@ -30,6 +30,7 @@
#include "CodeSpecializationKind.h"
#include "ExceptionHelpers.h"
#include "JSArray.h"
+#include "NameInstance.h"
namespace JSC {
@@ -109,6 +110,9 @@ inline bool opIn(ExecState* exec, JSValue propName, JSValue baseVal)
if (propName.getUInt32(i))
return baseObj->hasProperty(exec, i);
+ if (isName(propName))
+ return baseObj->hasProperty(exec, jsCast<NameInstance*>(propName.asCell())->privateName());
+
Identifier property(exec, propName.toString(exec)->value(exec));
if (exec->globalData().exception)
return false;
diff --git a/Source/JavaScriptCore/runtime/Executable.cpp b/Source/JavaScriptCore/runtime/Executable.cpp
index 3690c2c33..0a6425a59 100644
--- a/Source/JavaScriptCore/runtime/Executable.cpp
+++ b/Source/JavaScriptCore/runtime/Executable.cpp
@@ -181,9 +181,9 @@ JSObject* EvalExecutable::compileOptimized(ExecState* exec, ScopeChainNode* scop
}
#if ENABLE(JIT)
-bool EvalExecutable::jitCompile(JSGlobalData& globalData)
+bool EvalExecutable::jitCompile(ExecState* exec)
{
- return jitCompileIfAppropriate(globalData, m_evalCodeBlock, m_jitCodeForCall, JITCode::bottomTierJIT(), JITCompilationCanFail);
+ return jitCompileIfAppropriate(exec, m_evalCodeBlock, m_jitCodeForCall, JITCode::bottomTierJIT(), JITCompilationCanFail);
}
#endif
@@ -244,7 +244,7 @@ JSObject* EvalExecutable::compileInternal(ExecState* exec, ScopeChainNode* scope
}
#if ENABLE(JIT)
- if (!prepareForExecution(*globalData, m_evalCodeBlock, m_jitCodeForCall, jitType))
+ if (!prepareForExecution(exec, m_evalCodeBlock, m_jitCodeForCall, jitType))
return 0;
#endif
@@ -330,9 +330,9 @@ JSObject* ProgramExecutable::compileOptimized(ExecState* exec, ScopeChainNode* s
}
#if ENABLE(JIT)
-bool ProgramExecutable::jitCompile(JSGlobalData& globalData)
+bool ProgramExecutable::jitCompile(ExecState* exec)
{
- return jitCompileIfAppropriate(globalData, m_programCodeBlock, m_jitCodeForCall, JITCode::bottomTierJIT(), JITCompilationCanFail);
+ return jitCompileIfAppropriate(exec, m_programCodeBlock, m_jitCodeForCall, JITCode::bottomTierJIT(), JITCompilationCanFail);
}
#endif
@@ -376,7 +376,7 @@ JSObject* ProgramExecutable::compileInternal(ExecState* exec, ScopeChainNode* sc
}
#if ENABLE(JIT)
- if (!prepareForExecution(*globalData, m_programCodeBlock, m_jitCodeForCall, jitType))
+ if (!prepareForExecution(exec, m_programCodeBlock, m_jitCodeForCall, jitType))
return 0;
#endif
@@ -479,14 +479,14 @@ JSObject* FunctionExecutable::compileOptimizedForConstruct(ExecState* exec, Scop
}
#if ENABLE(JIT)
-bool FunctionExecutable::jitCompileForCall(JSGlobalData& globalData)
+bool FunctionExecutable::jitCompileForCall(ExecState* exec)
{
- return jitCompileFunctionIfAppropriate(globalData, m_codeBlockForCall, m_jitCodeForCall, m_jitCodeForCallWithArityCheck, m_symbolTable, JITCode::bottomTierJIT(), JITCompilationCanFail);
+ return jitCompileFunctionIfAppropriate(exec, m_codeBlockForCall, m_jitCodeForCall, m_jitCodeForCallWithArityCheck, m_symbolTable, JITCode::bottomTierJIT(), JITCompilationCanFail);
}
-bool FunctionExecutable::jitCompileForConstruct(JSGlobalData& globalData)
+bool FunctionExecutable::jitCompileForConstruct(ExecState* exec)
{
- return jitCompileFunctionIfAppropriate(globalData, m_codeBlockForConstruct, m_jitCodeForConstruct, m_jitCodeForConstructWithArityCheck, m_symbolTable, JITCode::bottomTierJIT(), JITCompilationCanFail);
+ return jitCompileFunctionIfAppropriate(exec, m_codeBlockForConstruct, m_jitCodeForConstruct, m_jitCodeForConstructWithArityCheck, m_symbolTable, JITCode::bottomTierJIT(), JITCompilationCanFail);
}
#endif
@@ -551,7 +551,7 @@ JSObject* FunctionExecutable::compileForCallInternal(ExecState* exec, ScopeChain
m_symbolTable = m_codeBlockForCall->sharedSymbolTable();
#if ENABLE(JIT)
- if (!prepareFunctionForExecution(exec->globalData(), m_codeBlockForCall, m_jitCodeForCall, m_jitCodeForCallWithArityCheck, m_symbolTable, jitType, CodeForCall))
+ if (!prepareFunctionForExecution(exec, m_codeBlockForCall, m_jitCodeForCall, m_jitCodeForCallWithArityCheck, m_symbolTable, jitType, CodeForCall))
return 0;
#endif
@@ -593,7 +593,7 @@ JSObject* FunctionExecutable::compileForConstructInternal(ExecState* exec, Scope
m_symbolTable = m_codeBlockForConstruct->sharedSymbolTable();
#if ENABLE(JIT)
- if (!prepareFunctionForExecution(exec->globalData(), m_codeBlockForConstruct, m_jitCodeForConstruct, m_jitCodeForConstructWithArityCheck, m_symbolTable, jitType, CodeForConstruct))
+ if (!prepareFunctionForExecution(exec, m_codeBlockForConstruct, m_jitCodeForConstruct, m_jitCodeForConstructWithArityCheck, m_symbolTable, jitType, CodeForConstruct))
return 0;
#endif
diff --git a/Source/JavaScriptCore/runtime/Executable.h b/Source/JavaScriptCore/runtime/Executable.h
index d8367ecc8..debb3e369 100644
--- a/Source/JavaScriptCore/runtime/Executable.h
+++ b/Source/JavaScriptCore/runtime/Executable.h
@@ -345,7 +345,7 @@ namespace JSC {
#if ENABLE(JIT)
void jettisonOptimizedCode(JSGlobalData&);
- bool jitCompile(JSGlobalData&);
+ bool jitCompile(ExecState*);
#endif
EvalCodeBlock& generatedBytecode()
@@ -420,7 +420,7 @@ namespace JSC {
#if ENABLE(JIT)
void jettisonOptimizedCode(JSGlobalData&);
- bool jitCompile(JSGlobalData&);
+ bool jitCompile(ExecState*);
#endif
ProgramCodeBlock& generatedBytecode()
@@ -522,7 +522,7 @@ namespace JSC {
#if ENABLE(JIT)
void jettisonOptimizedCodeForCall(JSGlobalData&);
- bool jitCompileForCall(JSGlobalData&);
+ bool jitCompileForCall(ExecState*);
#endif
bool isGeneratedForCall() const
@@ -550,7 +550,7 @@ namespace JSC {
#if ENABLE(JIT)
void jettisonOptimizedCodeForConstruct(JSGlobalData&);
- bool jitCompileForConstruct(JSGlobalData&);
+ bool jitCompileForConstruct(ExecState*);
#endif
bool isGeneratedForConstruct() const
@@ -599,12 +599,12 @@ namespace JSC {
}
}
- bool jitCompileFor(JSGlobalData& globalData, CodeSpecializationKind kind)
+ bool jitCompileFor(ExecState* exec, CodeSpecializationKind kind)
{
if (kind == CodeForCall)
- return jitCompileForCall(globalData);
+ return jitCompileForCall(exec);
ASSERT(kind == CodeForConstruct);
- return jitCompileForConstruct(globalData);
+ return jitCompileForConstruct(exec);
}
#endif
diff --git a/Source/JavaScriptCore/runtime/ExecutionHarness.h b/Source/JavaScriptCore/runtime/ExecutionHarness.h
index e58e6fc74..4cc37f3b7 100644
--- a/Source/JavaScriptCore/runtime/ExecutionHarness.h
+++ b/Source/JavaScriptCore/runtime/ExecutionHarness.h
@@ -36,32 +36,32 @@
namespace JSC {
template<typename CodeBlockType>
-inline bool prepareForExecution(JSGlobalData& globalData, OwnPtr<CodeBlockType>& codeBlock, JITCode& jitCode, JITCode::JITType jitType)
+inline bool prepareForExecution(ExecState* exec, OwnPtr<CodeBlockType>& codeBlock, JITCode& jitCode, JITCode::JITType jitType)
{
#if ENABLE(LLINT)
if (JITCode::isBaselineCode(jitType)) {
// Start off in the low level interpreter.
- LLInt::getEntrypoint(globalData, codeBlock.get(), jitCode);
+ LLInt::getEntrypoint(exec->globalData(), codeBlock.get(), jitCode);
codeBlock->setJITCode(jitCode, MacroAssemblerCodePtr());
return true;
}
#endif // ENABLE(LLINT)
- return jitCompileIfAppropriate(globalData, codeBlock, jitCode, jitType, JITCode::isBaselineCode(jitType) ? JITCompilationMustSucceed : JITCompilationCanFail);
+ return jitCompileIfAppropriate(exec, codeBlock, jitCode, jitType, JITCode::isBaselineCode(jitType) ? JITCompilationMustSucceed : JITCompilationCanFail);
}
-inline bool prepareFunctionForExecution(JSGlobalData& globalData, OwnPtr<FunctionCodeBlock>& codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck, SharedSymbolTable*& symbolTable, JITCode::JITType jitType, CodeSpecializationKind kind)
+inline bool prepareFunctionForExecution(ExecState* exec, OwnPtr<FunctionCodeBlock>& codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck, SharedSymbolTable*& symbolTable, JITCode::JITType jitType, CodeSpecializationKind kind)
{
#if ENABLE(LLINT)
if (JITCode::isBaselineCode(jitType)) {
// Start off in the low level interpreter.
- LLInt::getFunctionEntrypoint(globalData, kind, jitCode, jitCodeWithArityCheck);
+ LLInt::getFunctionEntrypoint(exec->globalData(), kind, jitCode, jitCodeWithArityCheck);
codeBlock->setJITCode(jitCode, jitCodeWithArityCheck);
return true;
}
#else
UNUSED_PARAM(kind);
#endif // ENABLE(LLINT)
- return jitCompileFunctionIfAppropriate(globalData, codeBlock, jitCode, jitCodeWithArityCheck, symbolTable, jitType, JITCode::isBaselineCode(jitType) ? JITCompilationMustSucceed : JITCompilationCanFail);
+ return jitCompileFunctionIfAppropriate(exec, codeBlock, jitCode, jitCodeWithArityCheck, symbolTable, jitType, JITCode::isBaselineCode(jitType) ? JITCompilationMustSucceed : JITCompilationCanFail);
}
} // namespace JSC
diff --git a/Source/JavaScriptCore/runtime/JSActivation.cpp b/Source/JavaScriptCore/runtime/JSActivation.cpp
index f8883187e..5417b0023 100644
--- a/Source/JavaScriptCore/runtime/JSActivation.cpp
+++ b/Source/JavaScriptCore/runtime/JSActivation.cpp
@@ -92,7 +92,7 @@ void JSActivation::visitChildren(JSCell* cell, SlotVisitor& visitor)
inline bool JSActivation::symbolTableGet(PropertyName propertyName, PropertySlot& slot)
{
- SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl());
+ SymbolTableEntry entry = symbolTable().inlineGet(propertyName.publicName());
if (entry.isNull())
return false;
if (m_isTornOff && entry.getIndex() >= m_numCapturedVars)
@@ -107,7 +107,7 @@ inline bool JSActivation::symbolTablePut(ExecState* exec, PropertyName propertyN
JSGlobalData& globalData = exec->globalData();
ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
- SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl());
+ SymbolTableEntry entry = symbolTable().inlineGet(propertyName.publicName());
if (entry.isNull())
return false;
if (entry.isReadOnly()) {
@@ -141,7 +141,7 @@ inline bool JSActivation::symbolTablePutWithAttributes(JSGlobalData& globalData,
{
ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
- SymbolTable::iterator iter = symbolTable().find(propertyName.impl());
+ SymbolTable::iterator iter = symbolTable().find(propertyName.publicName());
if (iter == symbolTable().end())
return false;
SymbolTableEntry& entry = iter->second;
diff --git a/Source/JavaScriptCore/runtime/JSCell.h b/Source/JavaScriptCore/runtime/JSCell.h
index fa675fbca..0233f0fec 100644
--- a/Source/JavaScriptCore/runtime/JSCell.h
+++ b/Source/JavaScriptCore/runtime/JSCell.h
@@ -96,7 +96,7 @@ namespace JSC {
// Basic conversions.
JS_EXPORT_PRIVATE JSValue toPrimitive(ExecState*, PreferredPrimitiveType) const;
bool getPrimitiveNumber(ExecState*, double& number, JSValue&) const;
- bool toBoolean(ExecState*) const;
+ bool toBoolean() const;
JS_EXPORT_PRIVATE double toNumber(ExecState*) const;
JS_EXPORT_PRIVATE JSObject* toObject(ExecState*, JSGlobalObject*) const;
diff --git a/Source/JavaScriptCore/runtime/JSGlobalData.cpp b/Source/JavaScriptCore/runtime/JSGlobalData.cpp
index 91ff9cefb..a13eb79c5 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalData.cpp
+++ b/Source/JavaScriptCore/runtime/JSGlobalData.cpp
@@ -57,6 +57,10 @@
#include <wtf/Threading.h>
#include <wtf/WTFThreadData.h>
+#if ENABLE(DFG_JIT)
+#include "ConservativeRoots.h"
+#endif
+
#if ENABLE(REGEXP_TRACING)
#include "RegExp.h"
#endif
@@ -82,6 +86,7 @@ extern const HashTable numberConstructorTable;
extern const HashTable numberPrototypeTable;
JS_EXPORTDATA extern const HashTable objectConstructorTable;
extern const HashTable objectPrototypeTable;
+extern const HashTable privateNamePrototypeTable;
extern const HashTable regExpTable;
extern const HashTable regExpConstructorTable;
extern const HashTable regExpPrototypeTable;
@@ -113,8 +118,8 @@ static bool enableAssembler(ExecutableAllocator& executableAllocator)
}
#endif
-JSGlobalData::JSGlobalData(GlobalDataType globalDataType, ThreadStackType threadStackType, HeapSize heapSize)
- : heap(this, heapSize)
+JSGlobalData::JSGlobalData(GlobalDataType globalDataType, ThreadStackType threadStackType, HeapType heapType)
+ : heap(this, heapType)
, globalDataType(globalDataType)
, clientData(0)
, topCallFrame(CallFrame::noCaller())
@@ -131,6 +136,7 @@ JSGlobalData::JSGlobalData(GlobalDataType globalDataType, ThreadStackType thread
, numberPrototypeTable(fastNew<HashTable>(JSC::numberPrototypeTable))
, objectConstructorTable(fastNew<HashTable>(JSC::objectConstructorTable))
, objectPrototypeTable(fastNew<HashTable>(JSC::objectPrototypeTable))
+ , privateNamePrototypeTable(fastNew<HashTable>(JSC::privateNamePrototypeTable))
, regExpTable(fastNew<HashTable>(JSC::regExpTable))
, regExpConstructorTable(fastNew<HashTable>(JSC::regExpConstructorTable))
, regExpPrototypeTable(fastNew<HashTable>(JSC::regExpPrototypeTable))
@@ -237,6 +243,7 @@ JSGlobalData::~JSGlobalData()
numberPrototypeTable->deleteTable();
objectConstructorTable->deleteTable();
objectPrototypeTable->deleteTable();
+ privateNamePrototypeTable->deleteTable();
regExpTable->deleteTable();
regExpConstructorTable->deleteTable();
regExpPrototypeTable->deleteTable();
@@ -256,6 +263,7 @@ JSGlobalData::~JSGlobalData()
fastDelete(const_cast<HashTable*>(numberPrototypeTable));
fastDelete(const_cast<HashTable*>(objectConstructorTable));
fastDelete(const_cast<HashTable*>(objectPrototypeTable));
+ fastDelete(const_cast<HashTable*>(privateNamePrototypeTable));
fastDelete(const_cast<HashTable*>(regExpTable));
fastDelete(const_cast<HashTable*>(regExpConstructorTable));
fastDelete(const_cast<HashTable*>(regExpPrototypeTable));
@@ -282,19 +290,19 @@ JSGlobalData::~JSGlobalData()
#endif
}
-PassRefPtr<JSGlobalData> JSGlobalData::createContextGroup(ThreadStackType type, HeapSize heapSize)
+PassRefPtr<JSGlobalData> JSGlobalData::createContextGroup(ThreadStackType type, HeapType heapType)
{
- return adoptRef(new JSGlobalData(APIContextGroup, type, heapSize));
+ return adoptRef(new JSGlobalData(APIContextGroup, type, heapType));
}
-PassRefPtr<JSGlobalData> JSGlobalData::create(ThreadStackType type, HeapSize heapSize)
+PassRefPtr<JSGlobalData> JSGlobalData::create(ThreadStackType type, HeapType heapType)
{
- return adoptRef(new JSGlobalData(Default, type, heapSize));
+ return adoptRef(new JSGlobalData(Default, type, heapType));
}
-PassRefPtr<JSGlobalData> JSGlobalData::createLeaked(ThreadStackType type, HeapSize heapSize)
+PassRefPtr<JSGlobalData> JSGlobalData::createLeaked(ThreadStackType type, HeapType heapType)
{
- return create(type, heapSize);
+ return create(type, heapType);
}
bool JSGlobalData::sharedInstanceExists()
@@ -450,6 +458,19 @@ void releaseExecutableMemory(JSGlobalData& globalData)
globalData.releaseExecutableMemory();
}
+#if ENABLE(DFG_JIT)
+void JSGlobalData::gatherConservativeRoots(ConservativeRoots& conservativeRoots)
+{
+ for (size_t i = 0; i < scratchBuffers.size(); i++) {
+ ScratchBuffer* scratchBuffer = scratchBuffers[i];
+ if (scratchBuffer->activeLength()) {
+ void* bufferStart = scratchBuffer->dataBuffer();
+ conservativeRoots.add(bufferStart, static_cast<void*>(static_cast<char*>(bufferStart) + scratchBuffer->activeLength()));
+ }
+ }
+}
+#endif
+
#if ENABLE(REGEXP_TRACING)
void JSGlobalData::addRegExpToTrace(RegExp* regExp)
{
diff --git a/Source/JavaScriptCore/runtime/JSGlobalData.h b/Source/JavaScriptCore/runtime/JSGlobalData.h
index 177d80298..c39a01920 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalData.h
+++ b/Source/JavaScriptCore/runtime/JSGlobalData.h
@@ -123,7 +123,34 @@ namespace JSC {
size_t m_storageOffset;
size_t m_lengthOffset;
};
-
+
+#if ENABLE(DFG_JIT)
+ class ConservativeRoots;
+
+ struct ScratchBuffer {
+ ScratchBuffer()
+ : m_activeLength(0)
+ {
+ }
+
+ static ScratchBuffer* create(size_t size)
+ {
+ ScratchBuffer* result = new (fastMalloc(ScratchBuffer::allocationSize(size))) ScratchBuffer;
+
+ return result;
+ }
+
+ static size_t allocationSize(size_t bufferSize) { return sizeof(size_t) + bufferSize; }
+ void setActiveLength(size_t activeLength) { m_activeLength = activeLength; }
+ size_t activeLength() const { return m_activeLength; };
+ size_t* activeLengthPtr() { return &m_activeLength; };
+ void* dataBuffer() { return m_buffer; }
+
+ size_t m_activeLength;
+ void* m_buffer[0];
+ };
+#endif
+
class JSGlobalData : public RefCounted<JSGlobalData> {
public:
// WebCore has a one-to-one mapping of threads to JSGlobalDatas;
@@ -145,9 +172,9 @@ namespace JSC {
static bool sharedInstanceExists();
JS_EXPORT_PRIVATE static JSGlobalData& sharedInstance();
- JS_EXPORT_PRIVATE static PassRefPtr<JSGlobalData> create(ThreadStackType, HeapSize = SmallHeap);
- JS_EXPORT_PRIVATE static PassRefPtr<JSGlobalData> createLeaked(ThreadStackType, HeapSize = SmallHeap);
- static PassRefPtr<JSGlobalData> createContextGroup(ThreadStackType, HeapSize = SmallHeap);
+ JS_EXPORT_PRIVATE static PassRefPtr<JSGlobalData> create(ThreadStackType, HeapType = SmallHeap);
+ JS_EXPORT_PRIVATE static PassRefPtr<JSGlobalData> createLeaked(ThreadStackType, HeapType = SmallHeap);
+ static PassRefPtr<JSGlobalData> createContextGroup(ThreadStackType, HeapType = SmallHeap);
JS_EXPORT_PRIVATE ~JSGlobalData();
void makeUsableFromMultipleThreads() { heap.machineThreads().makeUsableFromMultipleThreads(); }
@@ -171,6 +198,7 @@ namespace JSC {
const HashTable* numberPrototypeTable;
const HashTable* objectConstructorTable;
const HashTable* objectPrototypeTable;
+ const HashTable* privateNamePrototypeTable;
const HashTable* regExpTable;
const HashTable* regExpConstructorTable;
const HashTable* regExpPrototypeTable;
@@ -278,10 +306,10 @@ namespace JSC {
#if ENABLE(DFG_JIT)
uint32_t osrExitIndex;
void* osrExitJumpDestination;
- Vector<void*> scratchBuffers;
+ Vector<ScratchBuffer*> scratchBuffers;
size_t sizeOfLastScratchBuffer;
- void* scratchBufferForSize(size_t size)
+ ScratchBuffer* scratchBufferForSize(size_t size)
{
if (!size)
return 0;
@@ -292,12 +320,16 @@ namespace JSC {
// total memory usage is somewhere around
// max(scratch buffer size) * 4.
sizeOfLastScratchBuffer = size * 2;
-
- scratchBuffers.append(fastMalloc(sizeOfLastScratchBuffer));
+
+ scratchBuffers.append(ScratchBuffer::create(sizeOfLastScratchBuffer));
}
-
- return scratchBuffers.last();
+
+ ScratchBuffer* result = scratchBuffers.last();
+ result->setActiveLength(0);
+ return result;
}
+
+ void gatherConservativeRoots(ConservativeRoots&);
#endif
HashMap<OpaqueJSClass*, OwnPtr<OpaqueJSClassContextData> > opaqueJSClassData;
@@ -373,7 +405,7 @@ namespace JSC {
private:
friend class LLIntOffsetsExtractor;
- JSGlobalData(GlobalDataType, ThreadStackType, HeapSize);
+ JSGlobalData(GlobalDataType, ThreadStackType, HeapType);
static JSGlobalData*& sharedInstanceInternal();
void createNativeThunk();
#if ENABLE(ASSEMBLER) && (ENABLE(CLASSIC_INTERPRETER) || ENABLE(LLINT))
diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
index da55c0191..2a4231537 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
@@ -56,6 +56,9 @@
#include "Interpreter.h"
#include "Lookup.h"
#include "MathObject.h"
+#include "NameConstructor.h"
+#include "NameInstance.h"
+#include "NamePrototype.h"
#include "NativeErrorConstructor.h"
#include "NativeErrorPrototype.h"
#include "NumberConstructor.h"
@@ -78,7 +81,7 @@ namespace JSC {
const ClassInfo JSGlobalObject::s_info = { "GlobalObject", &JSVariableObject::s_info, 0, ExecState::globalObjectTable, CREATE_METHOD_TABLE(JSGlobalObject) };
-const GlobalObjectMethodTable JSGlobalObject::s_globalObjectMethodTable = { &allowsAccessFrom, &supportsProfiling, &supportsRichSourceInfo, &shouldInterruptScript };
+const GlobalObjectMethodTable JSGlobalObject::s_globalObjectMethodTable = { &allowsAccessFrom, &supportsProfiling, &supportsRichSourceInfo, &shouldInterruptScript, &javaScriptExperimentsEnabled };
/* Source for JSGlobalObject.lut.h
@begin globalObjectTable
@@ -306,6 +309,15 @@ void JSGlobalObject::reset(JSValue prototype)
};
addStaticGlobals(staticGlobals, WTF_ARRAY_LENGTH(staticGlobals));
+ if (m_experimentsEnabled) {
+ NamePrototype* privateNamePrototype = NamePrototype::create(exec, NamePrototype::createStructure(exec->globalData(), this, m_objectPrototype.get()));
+ m_privateNameStructure.set(exec->globalData(), this, NameInstance::createStructure(exec->globalData(), this, privateNamePrototype));
+
+ JSCell* privateNameConstructor = NameConstructor::create(exec, this, NameConstructor::createStructure(exec->globalData(), this, m_functionPrototype.get()), privateNamePrototype);
+ privateNamePrototype->putDirectWithoutTransition(exec->globalData(), exec->propertyNames().constructor, privateNameConstructor, DontEnum);
+ putDirectWithoutTransition(exec->globalData(), Identifier(exec, "Name"), privateNameConstructor, DontEnum);
+ }
+
resetPrototype(exec->globalData(), prototype);
}
diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.h b/Source/JavaScriptCore/runtime/JSGlobalObject.h
index a330f5f1c..59b49755b 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalObject.h
+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.h
@@ -68,6 +68,9 @@ namespace JSC {
typedef bool (*ShouldInterruptScriptFunctionPtr)(const JSGlobalObject*);
ShouldInterruptScriptFunctionPtr shouldInterruptScript;
+
+ typedef bool (*JavaScriptExperimentsEnabledFunctionPtr)(const JSGlobalObject*);
+ JavaScriptExperimentsEnabledFunctionPtr javaScriptExperimentsEnabled;
};
class JSGlobalObject : public JSVariableObject {
@@ -130,6 +133,7 @@ namespace JSC {
WriteBarrier<Structure> m_namedFunctionStructure;
size_t m_functionNameOffset;
WriteBarrier<Structure> m_numberObjectStructure;
+ WriteBarrier<Structure> m_privateNameStructure;
WriteBarrier<Structure> m_regExpMatchesArrayStructure;
WriteBarrier<Structure> m_regExpStructure;
WriteBarrier<Structure> m_stringObjectStructure;
@@ -144,6 +148,7 @@ namespace JSC {
SymbolTable m_symbolTable;
bool m_evalEnabled;
+ bool m_experimentsEnabled;
static JS_EXPORTDATA const GlobalObjectMethodTable s_globalObjectMethodTable;
const GlobalObjectMethodTable* m_globalObjectMethodTable;
@@ -183,6 +188,7 @@ namespace JSC {
{
Base::finishCreation(globalData);
structure()->setGlobalObject(globalData, this);
+ m_experimentsEnabled = m_globalObjectMethodTable->javaScriptExperimentsEnabled(this);
init(this);
}
@@ -190,6 +196,7 @@ namespace JSC {
{
Base::finishCreation(globalData);
structure()->setGlobalObject(globalData, this);
+ m_experimentsEnabled = m_globalObjectMethodTable->javaScriptExperimentsEnabled(this);
init(thisValue);
}
@@ -263,6 +270,7 @@ namespace JSC {
Structure* namedFunctionStructure() const { return m_namedFunctionStructure.get(); }
size_t functionNameOffset() const { return m_functionNameOffset; }
Structure* numberObjectStructure() const { return m_numberObjectStructure.get(); }
+ Structure* privateNameStructure() const { return m_privateNameStructure.get(); }
Structure* internalFunctionStructure() const { return m_internalFunctionStructure.get(); }
Structure* regExpMatchesArrayStructure() const { return m_regExpMatchesArrayStructure.get(); }
Structure* regExpStructure() const { return m_regExpStructure.get(); }
@@ -290,6 +298,7 @@ namespace JSC {
JS_EXPORT_PRIVATE ExecState* globalExec();
static bool shouldInterruptScript(const JSGlobalObject*) { return true; }
+ static bool javaScriptExperimentsEnabled(const JSGlobalObject*) { return false; }
bool isDynamicScope(bool& requiresDynamicChecks) const;
@@ -376,7 +385,7 @@ namespace JSC {
inline bool JSGlobalObject::symbolTableHasProperty(PropertyName propertyName)
{
- SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl());
+ SymbolTableEntry entry = symbolTable().inlineGet(propertyName.publicName());
return !entry.isNull();
}
diff --git a/Source/JavaScriptCore/runtime/JSObject.cpp b/Source/JavaScriptCore/runtime/JSObject.cpp
index baba28b46..8d9e4a96b 100644
--- a/Source/JavaScriptCore/runtime/JSObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSObject.cpp
@@ -422,11 +422,6 @@ void JSObject::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNa
getClassPropertyNames(exec, object->classInfo(), propertyNames, mode);
}
-bool JSObject::toBoolean(ExecState*) const
-{
- return true;
-}
-
double JSObject::toNumber(ExecState* exec) const
{
JSValue primitive = toPrimitive(exec, PreferNumber);
diff --git a/Source/JavaScriptCore/runtime/JSObject.h b/Source/JavaScriptCore/runtime/JSObject.h
index 0a4f1c745..67aa1516c 100644
--- a/Source/JavaScriptCore/runtime/JSObject.h
+++ b/Source/JavaScriptCore/runtime/JSObject.h
@@ -138,7 +138,6 @@ namespace JSC {
JS_EXPORT_PRIVATE static void getPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
JSValue toPrimitive(ExecState*, PreferredPrimitiveType = NoPreference) const;
- JS_EXPORT_PRIVATE bool toBoolean(ExecState*) const;
bool getPrimitiveNumber(ExecState*, double& number, JSValue&) const;
JS_EXPORT_PRIVATE double toNumber(ExecState*) const;
JS_EXPORT_PRIVATE JSString* toString(ExecState*) const;
diff --git a/Source/JavaScriptCore/runtime/JSString.cpp b/Source/JavaScriptCore/runtime/JSString.cpp
index 7faa393c3..ad6bd3812 100644
--- a/Source/JavaScriptCore/runtime/JSString.cpp
+++ b/Source/JavaScriptCore/runtime/JSString.cpp
@@ -230,7 +230,7 @@ bool JSString::getPrimitiveNumber(ExecState* exec, double& number, JSValue& resu
return false;
}
-bool JSString::toBoolean(ExecState*) const
+bool JSString::toBoolean() const
{
return m_length;
}
diff --git a/Source/JavaScriptCore/runtime/JSString.h b/Source/JavaScriptCore/runtime/JSString.h
index 4ba9b79ad..5079e8583 100644
--- a/Source/JavaScriptCore/runtime/JSString.h
+++ b/Source/JavaScriptCore/runtime/JSString.h
@@ -134,7 +134,7 @@ namespace JSC {
unsigned length() { return m_length; }
JSValue toPrimitive(ExecState*, PreferredPrimitiveType) const;
- JS_EXPORT_PRIVATE bool toBoolean(ExecState*) const;
+ JS_EXPORT_PRIVATE bool toBoolean() const;
bool getPrimitiveNumber(ExecState*, double& number, JSValue&) const;
JSObject* toObject(ExecState*, JSGlobalObject*) const;
double toNumber(ExecState*) const;
@@ -468,23 +468,23 @@ namespace JSC {
inline bool isJSString(JSValue v) { return v.isCell() && v.asCell()->classInfo() == &JSString::s_info; }
- inline bool JSCell::toBoolean(ExecState* exec) const
+ inline bool JSCell::toBoolean() const
{
if (isString())
- return static_cast<const JSString*>(this)->toBoolean(exec);
+ return static_cast<const JSString*>(this)->toBoolean();
return !structure()->typeInfo().masqueradesAsUndefined();
}
// --- JSValue inlines ----------------------------
- inline bool JSValue::toBoolean(ExecState* exec) const
+ inline bool JSValue::toBoolean() const
{
if (isInt32())
return asInt32();
if (isDouble())
return asDouble() > 0.0 || asDouble() < 0.0; // false for NaN
if (isCell())
- return asCell()->toBoolean(exec);
+ return asCell()->toBoolean();
return isTrue(); // false, null, and undefined all convert to false.
}
diff --git a/Source/JavaScriptCore/runtime/JSType.h b/Source/JavaScriptCore/runtime/JSType.h
index 880240e60..c9603437b 100644
--- a/Source/JavaScriptCore/runtime/JSType.h
+++ b/Source/JavaScriptCore/runtime/JSType.h
@@ -45,6 +45,7 @@ enum JSType {
ObjectType,
FinalObjectType,
JSFunctionType,
+ NameInstanceType,
NumberObjectType,
ErrorInstanceType,
GlobalThisType,
diff --git a/Source/JavaScriptCore/runtime/JSTypeInfo.h b/Source/JavaScriptCore/runtime/JSTypeInfo.h
index 83a3594db..8c62fa166 100644
--- a/Source/JavaScriptCore/runtime/JSTypeInfo.h
+++ b/Source/JavaScriptCore/runtime/JSTypeInfo.h
@@ -67,6 +67,7 @@ namespace JSC {
bool isObject() const { return type() >= ObjectType; }
bool isFinalObject() const { return type() == FinalObjectType; }
bool isNumberObject() const { return type() == NumberObjectType; }
+ bool isName() const { return type() == NameInstanceType; }
bool masqueradesAsUndefined() const { return isSetOnFlags1(MasqueradesAsUndefined); }
bool implementsHasInstance() const { return isSetOnFlags1(ImplementsHasInstance); }
diff --git a/Source/JavaScriptCore/runtime/JSValue.cpp b/Source/JavaScriptCore/runtime/JSValue.cpp
index 628642f71..e10867176 100644
--- a/Source/JavaScriptCore/runtime/JSValue.cpp
+++ b/Source/JavaScriptCore/runtime/JSValue.cpp
@@ -172,7 +172,7 @@ void JSValue::putToPrimitive(ExecState* exec, PropertyName propertyName, JSValue
return;
}
-char* JSValue::description()
+char* JSValue::description() const
{
static const size_t size = 128;
static char description[size];
diff --git a/Source/JavaScriptCore/runtime/JSValue.h b/Source/JavaScriptCore/runtime/JSValue.h
index 40cf69979..27046097c 100644
--- a/Source/JavaScriptCore/runtime/JSValue.h
+++ b/Source/JavaScriptCore/runtime/JSValue.h
@@ -197,7 +197,7 @@ namespace JSC {
JSValue toPrimitive(ExecState*, PreferredPrimitiveType = NoPreference) const;
bool getPrimitiveNumber(ExecState*, double& number, JSValue&);
- bool toBoolean(ExecState*) const;
+ bool toBoolean() const;
// toNumber conversion is expected to be side effect free if an exception has
// been set in the ExecState already.
@@ -240,7 +240,7 @@ namespace JSC {
JSCell* asCell() const;
JS_EXPORT_PRIVATE bool isValidCallee();
- char* description();
+ char* description() const;
JS_EXPORT_PRIVATE JSObject* synthesizePrototype(ExecState*) const;
diff --git a/Source/JavaScriptCore/runtime/JSVariableObject.cpp b/Source/JavaScriptCore/runtime/JSVariableObject.cpp
index 3a4df7464..eb9dfd4be 100644
--- a/Source/JavaScriptCore/runtime/JSVariableObject.cpp
+++ b/Source/JavaScriptCore/runtime/JSVariableObject.cpp
@@ -45,7 +45,7 @@ void JSVariableObject::destroy(JSCell* cell)
bool JSVariableObject::deleteProperty(JSCell* cell, ExecState* exec, PropertyName propertyName)
{
JSVariableObject* thisObject = jsCast<JSVariableObject*>(cell);
- if (thisObject->symbolTable().contains(propertyName.impl()))
+ if (thisObject->symbolTable().contains(propertyName.publicName()))
return false;
return JSObject::deleteProperty(thisObject, exec, propertyName);
@@ -65,7 +65,7 @@ void JSVariableObject::getOwnPropertyNames(JSObject* object, ExecState* exec, Pr
bool JSVariableObject::symbolTableGet(PropertyName propertyName, PropertyDescriptor& descriptor)
{
- SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl());
+ SymbolTableEntry entry = symbolTable().inlineGet(propertyName.publicName());
if (!entry.isNull()) {
descriptor.setDescriptor(registerAt(entry.getIndex()).get(), entry.getAttributes() | DontDelete);
return true;
diff --git a/Source/JavaScriptCore/runtime/JSVariableObject.h b/Source/JavaScriptCore/runtime/JSVariableObject.h
index 8b7587b5c..ea2798457 100644
--- a/Source/JavaScriptCore/runtime/JSVariableObject.h
+++ b/Source/JavaScriptCore/runtime/JSVariableObject.h
@@ -102,7 +102,7 @@ namespace JSC {
inline bool JSVariableObject::symbolTableGet(PropertyName propertyName, PropertySlot& slot)
{
- SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl());
+ SymbolTableEntry entry = symbolTable().inlineGet(propertyName.publicName());
if (!entry.isNull()) {
slot.setValue(registerAt(entry.getIndex()).get());
return true;
@@ -112,7 +112,7 @@ namespace JSC {
inline bool JSVariableObject::symbolTableGet(PropertyName propertyName, PropertySlot& slot, bool& slotIsWriteable)
{
- SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl());
+ SymbolTableEntry entry = symbolTable().inlineGet(propertyName.publicName());
if (!entry.isNull()) {
slot.setValue(registerAt(entry.getIndex()).get());
slotIsWriteable = !entry.isReadOnly();
@@ -126,7 +126,7 @@ namespace JSC {
JSGlobalData& globalData = exec->globalData();
ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
- SymbolTableEntry entry = symbolTable().inlineGet(propertyName.impl());
+ SymbolTableEntry entry = symbolTable().inlineGet(propertyName.publicName());
if (entry.isNull())
return false;
if (entry.isReadOnly()) {
@@ -142,7 +142,7 @@ namespace JSC {
{
ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
- SymbolTable::iterator iter = symbolTable().find(propertyName.impl());
+ SymbolTable::iterator iter = symbolTable().find(propertyName.publicName());
if (iter == symbolTable().end())
return false;
SymbolTableEntry& entry = iter->second;
diff --git a/Source/JavaScriptCore/runtime/Lookup.cpp b/Source/JavaScriptCore/runtime/Lookup.cpp
index 30d982d2c..a6a349974 100644
--- a/Source/JavaScriptCore/runtime/Lookup.cpp
+++ b/Source/JavaScriptCore/runtime/Lookup.cpp
@@ -76,7 +76,10 @@ bool setUpStaticFunctionSlot(ExecState* exec, const HashEntry* entry, JSObject*
if (thisObj->staticFunctionsReified())
return false;
- JSFunction* function = JSFunction::create(exec, thisObj->globalObject(), entry->functionLength(), propertyName.ustring(), entry->function(), entry->intrinsic());
+ StringImpl* name = propertyName.publicName();
+ ASSERT(name);
+
+ JSFunction* function = JSFunction::create(exec, thisObj->globalObject(), entry->functionLength(), name, entry->function(), entry->intrinsic());
thisObj->putDirect(exec->globalData(), propertyName, function, entry->attributes());
location = thisObj->getDirectLocation(exec->globalData(), propertyName);
}
diff --git a/Source/JavaScriptCore/runtime/Lookup.h b/Source/JavaScriptCore/runtime/Lookup.h
index d6806ae0c..a75b521cd 100644
--- a/Source/JavaScriptCore/runtime/Lookup.h
+++ b/Source/JavaScriptCore/runtime/Lookup.h
@@ -199,17 +199,21 @@ namespace JSC {
}
private:
- ALWAYS_INLINE const HashEntry* entry(PropertyName identifier) const
+ ALWAYS_INLINE const HashEntry* entry(PropertyName propertyName) const
{
+ StringImpl* impl = propertyName.publicName();
+ if (!impl)
+ return 0;
+
ASSERT(table);
- const HashEntry* entry = &table[identifier.impl()->existingHash() & compactHashSizeMask];
+ const HashEntry* entry = &table[impl->existingHash() & compactHashSizeMask];
if (!entry->key())
return 0;
do {
- if (entry->key() == identifier.impl())
+ if (entry->key() == impl)
return entry;
entry = entry->next();
} while (entry);
diff --git a/Source/JavaScriptCore/runtime/NameConstructor.cpp b/Source/JavaScriptCore/runtime/NameConstructor.cpp
new file mode 100644
index 000000000..63f1f647a
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/NameConstructor.cpp
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "NameConstructor.h"
+
+#include "JSGlobalObject.h"
+#include "NamePrototype.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(NameConstructor);
+ASSERT_HAS_TRIVIAL_DESTRUCTOR(NameConstructor);
+
+const ClassInfo NameConstructor::s_info = { "Function", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(NameConstructor) };
+
+NameConstructor::NameConstructor(JSGlobalObject* globalObject, Structure* structure)
+ : InternalFunction(globalObject, structure)
+{
+}
+
+void NameConstructor::finishCreation(ExecState* exec, NamePrototype* prototype)
+{
+ Base::finishCreation(exec->globalData(), prototype->classInfo()->className);
+ putDirectWithoutTransition(exec->globalData(), exec->propertyNames().prototype, prototype, DontEnum | DontDelete | ReadOnly);
+ putDirectWithoutTransition(exec->globalData(), exec->propertyNames().length, jsNumber(1), DontDelete | ReadOnly | DontEnum);
+}
+
+static EncodedJSValue JSC_HOST_CALL constructPrivateName(ExecState* exec)
+{
+ JSValue publicName = exec->argumentCount() ? exec->argument(0) : jsUndefined();
+ return JSValue::encode(NameInstance::create(exec->globalData(), exec->lexicalGlobalObject()->privateNameStructure(), publicName.toString(exec)));
+}
+
+ConstructType NameConstructor::getConstructData(JSCell*, ConstructData& constructData)
+{
+ constructData.native.function = constructPrivateName;
+ return ConstructTypeHost;
+}
+
+CallType NameConstructor::getCallData(JSCell*, CallData& callData)
+{
+ callData.native.function = constructPrivateName;
+ return CallTypeHost;
+}
+
+} // namespace JSC
diff --git a/Source/JavaScriptCore/runtime/NameConstructor.h b/Source/JavaScriptCore/runtime/NameConstructor.h
new file mode 100644
index 000000000..16c5eef68
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/NameConstructor.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef NameConstructor_h
+#define NameConstructor_h
+
+#include "InternalFunction.h"
+#include "NameInstance.h"
+
+namespace JSC {
+
+class NamePrototype;
+
+class NameConstructor : public InternalFunction {
+public:
+ typedef InternalFunction Base;
+
+ static NameConstructor* create(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, NamePrototype* prototype)
+ {
+ NameConstructor* constructor = new (NotNull, allocateCell<NameConstructor>(*exec->heap())) NameConstructor(globalObject, structure);
+ constructor->finishCreation(exec, prototype);
+ return constructor;
+ }
+
+ static const ClassInfo s_info;
+
+ static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
+ {
+ return Structure::create(globalData, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), &s_info);
+ }
+
+protected:
+ void finishCreation(ExecState*, NamePrototype*);
+
+private:
+ NameConstructor(JSGlobalObject*, Structure*);
+ static ConstructType getConstructData(JSCell*, ConstructData&);
+ static CallType getCallData(JSCell*, CallData&);
+};
+
+} // namespace JSC
+
+#endif // NameConstructor_h
diff --git a/Source/JavaScriptCore/runtime/NameInstance.cpp b/Source/JavaScriptCore/runtime/NameInstance.cpp
new file mode 100644
index 000000000..aae290cb2
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/NameInstance.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "NameInstance.h"
+
+namespace JSC {
+
+const ClassInfo NameInstance::s_info = { "Name", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(NameInstance) };
+
+NameInstance::NameInstance(JSGlobalData& globalData, Structure* structure, JSString* nameString)
+ : Base(globalData, structure)
+{
+ m_nameString.set(globalData, this, nameString);
+}
+
+void NameInstance::destroy(JSCell* cell)
+{
+ jsCast<NameInstance*>(cell)->NameInstance::~NameInstance();
+}
+
+} // namespace JSC
diff --git a/Source/JavaScriptCore/runtime/NameInstance.h b/Source/JavaScriptCore/runtime/NameInstance.h
new file mode 100644
index 000000000..c5931e8ef
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/NameInstance.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef NameInstance_h
+#define NameInstance_h
+
+#include "JSObject.h"
+#include "PrivateName.h"
+
+namespace JSC {
+
+class NameInstance : public JSNonFinalObject {
+public:
+ typedef JSNonFinalObject Base;
+
+ static const ClassInfo s_info;
+
+ static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
+ {
+ return Structure::create(globalData, globalObject, prototype, TypeInfo(NameInstanceType, StructureFlags), &s_info);
+ }
+
+ static NameInstance* create(JSGlobalData& globalData, Structure* structure, JSString* nameString)
+ {
+ NameInstance* name = new (NotNull, allocateCell<NameInstance>(globalData.heap)) NameInstance(globalData, structure, nameString);
+ name->finishCreation(globalData);
+ return name;
+ }
+
+ const PrivateName& privateName() { return m_privateName; }
+ JSString* nameString() { return m_nameString.get(); }
+
+protected:
+ static void destroy(JSCell*);
+
+ NameInstance(JSGlobalData&, Structure*, JSString*);
+
+ void finishCreation(JSGlobalData& globalData)
+ {
+ Base::finishCreation(globalData);
+ ASSERT(inherits(&s_info));
+ }
+
+ PrivateName m_privateName;
+ WriteBarrier<JSString> m_nameString;
+};
+
+inline bool isName(JSValue v)
+{
+ return v.isCell() && v.asCell()->structure()->typeInfo().isName();
+}
+
+} // namespace JSC
+
+#endif // NameInstance_h
diff --git a/Source/JavaScriptCore/runtime/NamePrototype.cpp b/Source/JavaScriptCore/runtime/NamePrototype.cpp
new file mode 100644
index 000000000..3e52856b6
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/NamePrototype.cpp
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "NamePrototype.h"
+
+#include "Error.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(NamePrototype);
+
+static EncodedJSValue JSC_HOST_CALL privateNameProtoFuncToString(ExecState*);
+
+}
+
+#include "NamePrototype.lut.h"
+
+namespace JSC {
+
+const ClassInfo NamePrototype::s_info = { "Name", &Base::s_info, 0, ExecState::privateNamePrototypeTable, CREATE_METHOD_TABLE(NamePrototype) };
+
+/* Source for NamePrototype.lut.h
+@begin privateNamePrototypeTable
+ toString privateNameProtoFuncToString DontEnum|Function 0
+@end
+*/
+
+ASSERT_CLASS_FITS_IN_CELL(NamePrototype);
+
+NamePrototype::NamePrototype(ExecState* exec, Structure* structure)
+ : Base(exec->globalData(), structure, jsEmptyString(exec))
+{
+}
+
+void NamePrototype::finishCreation(ExecState* exec)
+{
+ Base::finishCreation(exec->globalData());
+ ASSERT(inherits(&s_info));
+}
+
+bool NamePrototype::getOwnPropertySlot(JSCell* cell, ExecState* exec, PropertyName propertyName, PropertySlot &slot)
+{
+ return getStaticFunctionSlot<Base>(exec, ExecState::privateNamePrototypeTable(exec), jsCast<NamePrototype*>(cell), propertyName, slot);
+}
+
+bool NamePrototype::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, PropertyName propertyName, PropertyDescriptor& descriptor)
+{
+ return getStaticFunctionDescriptor<Base>(exec, ExecState::privateNamePrototypeTable(exec), jsCast<NamePrototype*>(object), propertyName, descriptor);
+}
+
+// ------------------------------ Functions ---------------------------
+
+EncodedJSValue JSC_HOST_CALL privateNameProtoFuncToString(ExecState* exec)
+{
+ JSValue thisValue = exec->hostThisValue();
+ if (!thisValue.isObject())
+ return throwVMTypeError(exec);
+
+ JSObject* thisObject = asObject(thisValue);
+ if (!thisObject->inherits(&NameInstance::s_info))
+ return throwVMTypeError(exec);
+
+ return JSValue::encode(jsCast<NameInstance*>(thisObject)->nameString());
+}
+
+} // namespace JSC
diff --git a/Source/JavaScriptCore/runtime/NamePrototype.h b/Source/JavaScriptCore/runtime/NamePrototype.h
new file mode 100644
index 000000000..5d86decfd
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/NamePrototype.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef NamePrototype_h
+#define NamePrototype_h
+
+#include "NameInstance.h"
+
+namespace JSC {
+
+class NamePrototype : public NameInstance {
+public:
+ typedef NameInstance Base;
+
+ static NamePrototype* create(ExecState* exec, Structure* structure)
+ {
+ NamePrototype* prototype = new (NotNull, allocateCell<NamePrototype>(*exec->heap())) NamePrototype(exec, structure);
+ prototype->finishCreation(exec);
+ return prototype;
+ }
+
+ static const ClassInfo s_info;
+
+ static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue prototype)
+ {
+ return Structure::create(globalData, globalObject, prototype, TypeInfo(NameInstanceType, StructureFlags), &s_info);
+ }
+
+protected:
+ NamePrototype(ExecState*, Structure*);
+ void finishCreation(ExecState*);
+
+ static const unsigned StructureFlags = OverridesGetOwnPropertySlot | NameInstance::StructureFlags;
+
+private:
+ static bool getOwnPropertySlot(JSCell*, ExecState*, PropertyName, PropertySlot&);
+ static bool getOwnPropertyDescriptor(JSObject*, ExecState*, PropertyName, PropertyDescriptor&);
+};
+
+} // namespace JSC
+
+#endif // NamePrototype_h
diff --git a/Source/JavaScriptCore/runtime/ObjectConstructor.cpp b/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
index 5a6fcddf0..7b6a5f669 100644
--- a/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
+++ b/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
@@ -214,14 +214,14 @@ static bool toPropertyDescriptor(ExecState* exec, JSValue in, PropertyDescriptor
PropertySlot enumerableSlot(description);
if (description->getPropertySlot(exec, exec->propertyNames().enumerable, enumerableSlot)) {
- desc.setEnumerable(enumerableSlot.getValue(exec, exec->propertyNames().enumerable).toBoolean(exec));
+ desc.setEnumerable(enumerableSlot.getValue(exec, exec->propertyNames().enumerable).toBoolean());
if (exec->hadException())
return false;
}
PropertySlot configurableSlot(description);
if (description->getPropertySlot(exec, exec->propertyNames().configurable, configurableSlot)) {
- desc.setConfigurable(configurableSlot.getValue(exec, exec->propertyNames().configurable).toBoolean(exec));
+ desc.setConfigurable(configurableSlot.getValue(exec, exec->propertyNames().configurable).toBoolean());
if (exec->hadException())
return false;
}
@@ -236,7 +236,7 @@ static bool toPropertyDescriptor(ExecState* exec, JSValue in, PropertyDescriptor
PropertySlot writableSlot(description);
if (description->getPropertySlot(exec, exec->propertyNames().writable, writableSlot)) {
- desc.setWritable(writableSlot.getValue(exec, exec->propertyNames().writable).toBoolean(exec));
+ desc.setWritable(writableSlot.getValue(exec, exec->propertyNames().writable).toBoolean());
if (exec->hadException())
return false;
}
diff --git a/Source/JavaScriptCore/runtime/PrivateName.h b/Source/JavaScriptCore/runtime/PrivateName.h
new file mode 100644
index 000000000..91254fc26
--- /dev/null
+++ b/Source/JavaScriptCore/runtime/PrivateName.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef PrivateName_h
+#define PrivateName_h
+
+#include <wtf/text/StringImpl.h>
+
+namespace JSC {
+
+class PrivateName {
+public:
+ PrivateName()
+ : m_impl(StringImpl::createEmptyUnique())
+ {
+ }
+
+ StringImpl* uid() const { return m_impl.get(); }
+
+private:
+ RefPtr<StringImpl> m_impl;
+};
+
+}
+
+#endif
diff --git a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h
index 7c8cabb7b..c47f3476a 100644
--- a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h
+++ b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h
@@ -325,7 +325,7 @@ inline PropertyTable::const_iterator PropertyTable::end() const
inline PropertyTable::find_iterator PropertyTable::find(const KeyType& key)
{
ASSERT(key);
- ASSERT(key->isIdentifier());
+ ASSERT(key->isIdentifier() || key->isEmptyUnique());
unsigned hash = key->existingHash();
unsigned step = 0;
@@ -369,7 +369,8 @@ inline PropertyTable::find_iterator PropertyTable::findWithString(const KeyType&
unsigned entryIndex = m_index[hash & m_indexMask];
if (entryIndex == EmptyEntryIndex)
return std::make_pair((ValueType*)0, hash & m_indexMask);
- if (equal(key, table()[entryIndex - 1].key))
+ const KeyType& keyInMap = table()[entryIndex - 1].key;
+ if (equal(key, keyInMap) && keyInMap->isIdentifier())
return std::make_pair(&table()[entryIndex - 1], hash & m_indexMask);
#if DUMP_PROPERTYMAP_STATS
diff --git a/Source/JavaScriptCore/runtime/PropertyName.h b/Source/JavaScriptCore/runtime/PropertyName.h
index d2258b471..7253756fa 100644
--- a/Source/JavaScriptCore/runtime/PropertyName.h
+++ b/Source/JavaScriptCore/runtime/PropertyName.h
@@ -27,6 +27,7 @@
#define PropertyName_h
#include "Identifier.h"
+#include "PrivateName.h"
namespace JSC {
@@ -80,15 +81,33 @@ public:
PropertyName(const Identifier& propertyName)
: m_impl(propertyName.impl())
{
+ ASSERT(!m_impl || m_impl->isIdentifier());
}
- StringImpl* impl() const { return m_impl; }
- UString ustring() const { return m_impl; }
+ PropertyName(const PrivateName& propertyName)
+ : m_impl(propertyName.uid())
+ {
+ ASSERT(m_impl && m_impl->isEmptyUnique());
+ }
+
+ StringImpl* uid() const
+ {
+ ASSERT(!m_impl || (m_impl->isIdentifier() == !m_impl->isEmptyUnique()));
+ return m_impl;
+ }
+
+ StringImpl* publicName() const
+ {
+ ASSERT(!m_impl || (m_impl->isIdentifier() == !m_impl->isEmptyUnique()));
+ return m_impl->isIdentifier() ? m_impl : 0;
+ }
static const uint32_t NotAnIndex = UINT_MAX;
+
uint32_t asIndex()
{
- return toUInt32FromStringImpl(m_impl);
+ ASSERT(!m_impl || (m_impl->isIdentifier() == !m_impl->isEmptyUnique()));
+ return m_impl ? toUInt32FromStringImpl(m_impl) : NotAnIndex;
}
private:
@@ -97,32 +116,32 @@ private:
inline bool operator==(PropertyName a, const Identifier& b)
{
- return a.impl() == b.impl();
+ return a.uid() == b.impl();
}
inline bool operator==(const Identifier& a, PropertyName b)
{
- return a.impl() == b.impl();
+ return a.impl() == b.uid();
}
inline bool operator==(PropertyName a, PropertyName b)
{
- return a.impl() == b.impl();
+ return a.uid() == b.uid();
}
inline bool operator!=(PropertyName a, const Identifier& b)
{
- return a.impl() != b.impl();
+ return a.uid() != b.impl();
}
inline bool operator!=(const Identifier& a, PropertyName b)
{
- return a.impl() != b.impl();
+ return a.impl() != b.uid();
}
inline bool operator!=(PropertyName a, PropertyName b)
{
- return a.impl() != b.impl();
+ return a.uid() != b.uid();
}
}
diff --git a/Source/JavaScriptCore/runtime/RegExpCache.cpp b/Source/JavaScriptCore/runtime/RegExpCache.cpp
index 36ea326e6..53a13a4b5 100644
--- a/Source/JavaScriptCore/runtime/RegExpCache.cpp
+++ b/Source/JavaScriptCore/runtime/RegExpCache.cpp
@@ -36,17 +36,15 @@ namespace JSC {
RegExp* RegExpCache::lookupOrCreate(const UString& patternString, RegExpFlags flags)
{
RegExpKey key(flags, patternString);
- RegExpCacheMap::iterator result = m_weakCache.find(key);
- if (result != m_weakCache.end())
- return result->second.get();
+ if (RegExp* regExp = m_weakCache.get(key))
+ return regExp;
+
RegExp* regExp = RegExp::createWithoutCaching(*m_globalData, patternString, flags);
#if ENABLE(REGEXP_TRACING)
m_globalData->addRegExpToTrace(regExp);
#endif
- // We need to do a second lookup to add the RegExp as
- // allocating it may have caused a gc cycle, which in
- // turn may have removed items from the cache.
- m_weakCache.add(key, PassWeak<RegExp>(regExp, this));
+
+ weakAdd(m_weakCache, key, PassWeak<RegExp>(regExp, this));
return regExp;
}
@@ -59,7 +57,7 @@ RegExpCache::RegExpCache(JSGlobalData* globalData)
void RegExpCache::finalize(Handle<Unknown> handle, void*)
{
RegExp* regExp = static_cast<RegExp*>(handle.get().asCell());
- m_weakCache.remove(regExp->key());
+ weakRemove(m_weakCache, regExp->key(), regExp);
regExp->invalidateCode();
}
@@ -79,9 +77,14 @@ void RegExpCache::invalidateCode()
for (int i = 0; i < maxStrongCacheableEntries; i++)
m_strongCache[i].clear();
m_nextEntryInStrongCache = 0;
+
RegExpCacheMap::iterator end = m_weakCache.end();
- for (RegExpCacheMap::iterator ptr = m_weakCache.begin(); ptr != end; ++ptr)
- ptr->second->invalidateCode();
+ for (RegExpCacheMap::iterator it = m_weakCache.begin(); it != end; ++it) {
+ RegExp* regExp = it->second.get();
+ if (!regExp) // Skip zombies.
+ continue;
+ regExp->invalidateCode();
+ }
}
}
diff --git a/Source/JavaScriptCore/runtime/RegExpConstructor.cpp b/Source/JavaScriptCore/runtime/RegExpConstructor.cpp
index 879511ac2..2c0f0c000 100644
--- a/Source/JavaScriptCore/runtime/RegExpConstructor.cpp
+++ b/Source/JavaScriptCore/runtime/RegExpConstructor.cpp
@@ -249,9 +249,9 @@ void setRegExpConstructorInput(ExecState* exec, JSObject* baseObject, JSValue va
asRegExpConstructor(baseObject)->setInput(exec, value.toString(exec));
}
-void setRegExpConstructorMultiline(ExecState* exec, JSObject* baseObject, JSValue value)
+void setRegExpConstructorMultiline(ExecState*, JSObject* baseObject, JSValue value)
{
- asRegExpConstructor(baseObject)->setMultiline(value.toBoolean(exec));
+ asRegExpConstructor(baseObject)->setMultiline(value.toBoolean());
}
// ECMA 15.10.4
diff --git a/Source/JavaScriptCore/runtime/RegExpKey.h b/Source/JavaScriptCore/runtime/RegExpKey.h
index b4847f971..cdaff27f5 100644
--- a/Source/JavaScriptCore/runtime/RegExpKey.h
+++ b/Source/JavaScriptCore/runtime/RegExpKey.h
@@ -103,6 +103,7 @@ template<> struct DefaultHash<JSC::RegExpKey> {
};
template<> struct HashTraits<JSC::RegExpKey> : GenericHashTraits<JSC::RegExpKey> {
+ static const bool emptyValueIsZero = true;
static void constructDeletedValue(JSC::RegExpKey& slot) { slot.flagsValue = JSC::DeletedValueFlags; }
static bool isDeletedValue(const JSC::RegExpKey& value) { return value.flagsValue == JSC::DeletedValueFlags; }
};
diff --git a/Source/JavaScriptCore/runtime/RegExpPrototype.cpp b/Source/JavaScriptCore/runtime/RegExpPrototype.cpp
index 24c7c8027..6080a1c99 100644
--- a/Source/JavaScriptCore/runtime/RegExpPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/RegExpPrototype.cpp
@@ -147,11 +147,11 @@ EncodedJSValue JSC_HOST_CALL regExpProtoFuncToString(ExecState* exec)
char postfix[5] = { '/', 0, 0, 0, 0 };
int index = 1;
- if (thisObject->get(exec, exec->propertyNames().global).toBoolean(exec))
+ if (thisObject->get(exec, exec->propertyNames().global).toBoolean())
postfix[index++] = 'g';
- if (thisObject->get(exec, exec->propertyNames().ignoreCase).toBoolean(exec))
+ if (thisObject->get(exec, exec->propertyNames().ignoreCase).toBoolean())
postfix[index++] = 'i';
- if (thisObject->get(exec, exec->propertyNames().multiline).toBoolean(exec))
+ if (thisObject->get(exec, exec->propertyNames().multiline).toBoolean())
postfix[index] = 'm';
UString source = thisObject->get(exec, exec->propertyNames().source).toString(exec)->value(exec);
// If source is empty, use "/(?:)/" to avoid colliding with comment syntax
diff --git a/Source/JavaScriptCore/runtime/Structure.cpp b/Source/JavaScriptCore/runtime/Structure.cpp
index 693f3f317..b22deb0fa 100644
--- a/Source/JavaScriptCore/runtime/Structure.cpp
+++ b/Source/JavaScriptCore/runtime/Structure.cpp
@@ -67,7 +67,7 @@ bool StructureTransitionTable::contains(StringImpl* rep, unsigned attributes) co
Structure* transition = singleTransition();
return transition && transition->m_nameInPrevious == rep && transition->m_attributesInPrevious == attributes;
}
- return map()->contains(make_pair(rep, attributes));
+ return map()->get(make_pair(rep, attributes));
}
inline Structure* StructureTransitionTable::get(StringImpl* rep, unsigned attributes) const
@@ -101,13 +101,7 @@ inline void StructureTransitionTable::add(JSGlobalData& globalData, Structure* s
// Newer versions of the STL have an std::make_pair function that takes rvalue references.
// When either of the parameters are bitfields, the C++ compiler will try to bind them as lvalues, which is invalid. To work around this, use unary "+" to make the parameter an rvalue.
// See https://bugs.webkit.org/show_bug.cgi?id=59261 for more details
- TransitionMap::AddResult result = map()->add(globalData, make_pair(structure->m_nameInPrevious, +structure->m_attributesInPrevious), structure);
- if (!result.isNewEntry) {
- // There already is an entry! - we should only hit this when despecifying.
- ASSERT(result.iterator.get().second->m_specificValueInPrevious);
- ASSERT(!structure->m_specificValueInPrevious);
- map()->set(globalData, result.iterator.get().first, structure);
- }
+ map()->set(globalData, make_pair(structure->m_nameInPrevious, +structure->m_attributesInPrevious), structure);
}
void Structure::dumpStatistics()
@@ -275,7 +269,7 @@ size_t Structure::suggestedNewPropertyStorageSize()
void Structure::despecifyDictionaryFunction(JSGlobalData& globalData, PropertyName propertyName)
{
- StringImpl* rep = propertyName.impl();
+ StringImpl* rep = propertyName.uid();
materializePropertyMapIfNecessary(globalData);
@@ -292,7 +286,7 @@ Structure* Structure::addPropertyTransitionToExistingStructure(Structure* struct
ASSERT(!structure->isDictionary());
ASSERT(structure->isObject());
- if (Structure* existingTransition = structure->m_transitionTable.get(propertyName.impl(), attributes)) {
+ if (Structure* existingTransition = structure->m_transitionTable.get(propertyName.uid(), attributes)) {
JSCell* specificValueInPrevious = existingTransition->m_specificValueInPrevious.get();
if (specificValueInPrevious && specificValueInPrevious != specificValue)
return 0;
@@ -313,7 +307,7 @@ Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure*
// In this case we clear the value of specificFunction which will result
// in us adding a non-specific transition, and any subsequent lookup in
// Structure::addPropertyTransitionToExistingStructure will just use that.
- if (specificValue && structure->m_transitionTable.contains(propertyName.impl(), attributes))
+ if (specificValue && structure->m_transitionTable.contains(propertyName.uid(), attributes))
specificValue = 0;
ASSERT(!structure->isDictionary());
@@ -336,7 +330,7 @@ Structure* Structure::addPropertyTransition(JSGlobalData& globalData, Structure*
transition->m_cachedPrototypeChain.setMayBeNull(globalData, transition, structure->m_cachedPrototypeChain.get());
transition->m_previous.set(globalData, transition, structure);
- transition->m_nameInPrevious = propertyName.impl();
+ transition->m_nameInPrevious = propertyName.uid();
transition->m_attributesInPrevious = attributes;
transition->m_specificValueInPrevious.setMayBeNull(globalData, transition, specificValue);
@@ -425,7 +419,7 @@ Structure* Structure::attributeChangeTransition(JSGlobalData& globalData, Struct
}
ASSERT(structure->m_propertyTable);
- PropertyMapEntry* entry = structure->m_propertyTable->find(propertyName.impl()).first;
+ PropertyMapEntry* entry = structure->m_propertyTable->find(propertyName.uid()).first;
ASSERT(entry);
entry->attributes = attributes;
@@ -650,7 +644,7 @@ size_t Structure::get(JSGlobalData& globalData, PropertyName propertyName, unsig
if (!m_propertyTable)
return WTF::notFound;
- PropertyMapEntry* entry = m_propertyTable->find(propertyName.impl()).first;
+ PropertyMapEntry* entry = m_propertyTable->find(propertyName.uid()).first;
if (!entry)
return WTF::notFound;
@@ -665,7 +659,7 @@ bool Structure::despecifyFunction(JSGlobalData& globalData, PropertyName propert
if (!m_propertyTable)
return false;
- PropertyMapEntry* entry = m_propertyTable->find(propertyName.impl()).first;
+ PropertyMapEntry* entry = m_propertyTable->find(propertyName.uid()).first;
if (!entry)
return false;
@@ -693,7 +687,7 @@ size_t Structure::putSpecificValue(JSGlobalData& globalData, PropertyName proper
if (attributes & DontEnum)
m_hasNonEnumerableProperties = true;
- StringImpl* rep = propertyName.impl();
+ StringImpl* rep = propertyName.uid();
if (!m_propertyTable)
createPropertyMap();
@@ -715,7 +709,7 @@ size_t Structure::remove(PropertyName propertyName)
{
checkConsistency();
- StringImpl* rep = propertyName.impl();
+ StringImpl* rep = propertyName.uid();
if (!m_propertyTable)
return notFound;
@@ -753,7 +747,7 @@ void Structure::getPropertyNamesFromStructure(JSGlobalData& globalData, Property
PropertyTable::iterator end = m_propertyTable->end();
for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter) {
ASSERT(m_hasNonEnumerableProperties || !(iter->attributes & DontEnum));
- if (!(iter->attributes & DontEnum) || (mode == IncludeDontEnumProperties)) {
+ if (iter->key->isIdentifier() && (!(iter->attributes & DontEnum) || mode == IncludeDontEnumProperties)) {
if (knownUnique)
propertyNames.addKnownUnique(iter->key);
else
diff --git a/Source/JavaScriptCore/runtime/Structure.h b/Source/JavaScriptCore/runtime/Structure.h
index 230f59d65..74336a288 100644
--- a/Source/JavaScriptCore/runtime/Structure.h
+++ b/Source/JavaScriptCore/runtime/Structure.h
@@ -317,7 +317,7 @@ namespace JSC {
if (!m_propertyTable)
return notFound;
- PropertyMapEntry* entry = m_propertyTable->find(propertyName.impl()).first;
+ PropertyMapEntry* entry = m_propertyTable->find(propertyName.uid()).first;
return entry ? entry->offset : notFound;
}
diff --git a/Source/JavaScriptCore/runtime/WeakGCMap.h b/Source/JavaScriptCore/runtime/WeakGCMap.h
index ec010fb4b..98483c312 100644
--- a/Source/JavaScriptCore/runtime/WeakGCMap.h
+++ b/Source/JavaScriptCore/runtime/WeakGCMap.h
@@ -53,80 +53,25 @@ class WeakGCMap : private WeakHandleOwner {
typedef HashMap<KeyType, WeakImpl*, HashArg, KeyTraitsArg> MapType;
typedef typename HandleTypes<MappedType>::ExternalType ExternalType;
- typedef typename MapType::iterator map_iterator;
public:
-
- struct iterator {
- friend class WeakGCMap;
- iterator(map_iterator iter)
- : m_iterator(iter)
- {
- }
-
- std::pair<KeyType, ExternalType> get() const { return std::make_pair(m_iterator->first, HandleTypes<MappedType>::getFromSlot(const_cast<JSValue*>(&m_iterator->second->jsValue()))); }
-
- iterator& operator++() { ++m_iterator; return *this; }
-
- // postfix ++ intentionally omitted
-
- // Comparison.
- bool operator==(const iterator& other) const { return m_iterator == other.m_iterator; }
- bool operator!=(const iterator& other) const { return m_iterator != other.m_iterator; }
-
- private:
- map_iterator m_iterator;
- };
-
- typedef WTF::HashTableAddResult<iterator> AddResult;
-
WeakGCMap()
{
}
- bool isEmpty() { return m_map.isEmpty(); }
void clear()
{
- map_iterator end = m_map.end();
- for (map_iterator ptr = m_map.begin(); ptr != end; ++ptr)
+ typename MapType::iterator end = m_map.end();
+ for (typename MapType::iterator ptr = m_map.begin(); ptr != end; ++ptr)
WeakSet::deallocate(ptr->second);
m_map.clear();
}
- bool contains(const KeyType& key) const
- {
- return m_map.contains(key);
- }
-
- iterator find(const KeyType& key)
- {
- return m_map.find(key);
- }
-
- void remove(iterator iter)
- {
- ASSERT(iter.m_iterator != m_map.end());
- WeakImpl* impl = iter.m_iterator->second;
- ASSERT(impl);
- WeakSet::deallocate(impl);
- m_map.remove(iter.m_iterator);
- }
-
ExternalType get(const KeyType& key) const
{
return HandleTypes<MappedType>::getFromSlot(const_cast<JSValue*>(&m_map.get(key)->jsValue()));
}
- AddResult add(JSGlobalData&, const KeyType& key, ExternalType value)
- {
- typename MapType::AddResult result = m_map.add(key, 0);
- if (result.isNewEntry)
- result.iterator->second = WeakSet::allocate(value, this, FinalizerCallback::finalizerContextFor(key));
-
- // WeakGCMap exposes a different iterator, so we need to wrap it and create our own AddResult.
- return AddResult(iterator(result.iterator), result.isNewEntry);
- }
-
void set(JSGlobalData&, const KeyType& key, ExternalType value)
{
typename MapType::AddResult result = m_map.add(key, 0);
@@ -135,21 +80,14 @@ public:
result.iterator->second = WeakSet::allocate(value, this, FinalizerCallback::finalizerContextFor(key));
}
- ExternalType take(const KeyType& key)
+ void remove(const KeyType& key)
{
WeakImpl* impl = m_map.take(key);
if (!impl)
- return HashTraits<ExternalType>::emptyValue();
- ExternalType result = HandleTypes<MappedType>::getFromSlot(const_cast<JSValue*>(&impl->jsValue()));
+ return;
WeakSet::deallocate(impl);
- return result;
}
- size_t size() { return m_map.size(); }
-
- iterator begin() { return iterator(m_map.begin()); }
- iterator end() { return iterator(m_map.end()); }
-
~WeakGCMap()
{
clear();
diff --git a/Source/JavaScriptCore/tools/CodeProfile.cpp b/Source/JavaScriptCore/tools/CodeProfile.cpp
index beed4b2d5..0020c7285 100644
--- a/Source/JavaScriptCore/tools/CodeProfile.cpp
+++ b/Source/JavaScriptCore/tools/CodeProfile.cpp
@@ -107,7 +107,7 @@ void CodeProfile::sample(void* pc, void** framePointer)
CodeBlock* codeBlock = static_cast<CodeBlock*>(ownerUID);
if (codeBlock->getJITType() == JITCode::DFGJIT)
type = DFGJIT;
- else if (codeBlock->canCompileWithDFGState() == CodeBlock::CompileWithDFGFalse)
+ else if (codeBlock->canCompileWithDFGState() != DFG::CanCompile)
type = BaselineOnly;
else if (codeBlock->replacement())
type = BaselineOSR;
View Lorry Controller Status