summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore
Commit message (Collapse)AuthorAgeFilesLines
* Fix assert after makerope boundary check5.3Lucas Forschler2014-10-311-0/+1
| | | | | | | | | | The browser demo asserts on qt-project.org after the makerope security fix. Port of http://trac.webkit.org/changeset/169397 Change-Id: I19c98737735d9b17133742752928d4ce6349de13 Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* Add missing branchAdd32 implementations to fix sh4 and mips buildsJulien Brianceau2014-09-302-0/+29
| | | | | | | sh4 implementation has been taken from WebKit r173222. Change-Id: I1c188e88e9fd8772f97cac94d7ee31945b538b71 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* [ARM] Unreviewed build fix after r167336.Csaba Osztrogonác2014-09-261-0/+5
| | | | | | | | | * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::branchAdd32): Change-Id: I919df8301e69cca630f475afcc0c4311d713f10e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167565 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Unreviewed, ARMv7 build fix after r167336.Filip Pizlo2014-09-261-0/+6
| | | | | | | | | * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::branchAdd32): Change-Id: Ia16f8dce00ce660cf5f7b9eb1c3496e08cbdb603 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167354 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* compileMakeRope does not emit necessary bounds checksFilip Pizlo2014-09-266-23/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=130684 <rdar://problem/16398388> Reviewed by Oliver Hunt. Add string length bounds checks in a bunch of places. We should never allow a string to have a length greater than 2^31-1 because it's not clear that the language has semantics for it and because there is code that assumes that this cannot happen. Also add a bunch of tests to that effect to cover the various ways in which this was previously allowed to happen. * dfg/DFGOperations.cpp: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileMakeRope): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMakeRope): * runtime/JSString.cpp: (JSC::JSRopeString::RopeBuilder::expand): * runtime/JSString.h: (JSC::JSString::create): (JSC::JSRopeString::RopeBuilder::append): (JSC::JSRopeString::RopeBuilder::release): (JSC::JSRopeString::append): * runtime/Operations.h: (JSC::jsString): (JSC::jsStringFromRegisterArray): (JSC::jsStringFromArguments): * runtime/StringPrototype.cpp: (JSC::stringProtoFuncIndexOf): (JSC::stringProtoFuncSlice): (JSC::stringProtoFuncSubstring): (JSC::stringProtoFuncToLowerCase): * tests/stress/make-large-string-jit-strcat.js: Added. (foo): * tests/stress/make-large-string-jit.js: Added. (foo): * tests/stress/make-large-string-strcat.js: Added. * tests/stress/make-large-string.js: Added. Change-Id: If01dd2a2d2daa3d209eddf0213d2b391e94f54a0 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167336 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Crash during exception unwindingOliver Hunt2014-07-089-12/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://webkit.org/b/119860 Reviewed by Filip Pizlo. Add an "Unreachable" NodeType, and then rearrange op_throw and op_throw_reference_error to plant Throw or ThrowReferenceError followed by a flush and then the Unreachable node. We need this so that Throw and ThrowReferenceError no longer need to be treated as terminals and the subsequent flush keeps the activation (and other registers) live. * dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::::executeEffects): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGClobberize.h: (JSC::DFG::clobberize): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGNode.h: (JSC::DFG::Node::isTerminal): * dfg/DFGNodeType.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): Change-Id: Idb894e780cd3ebe15515d1796c58a339ae54d55f git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154290 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Fix android build error about already defined struct.Sergio Martins2014-06-271-8/+0
| | | | | | | | | | Minimum API version is 9, which already defines this struct in elf.h Also see qtscript/49ab1bd9838dc3c069be780ff6d69a2543c06ed6 which does the same thing there. Change-Id: Ia56f8399156a93edc569e7bb982bd7186a16a445 Reviewed-by: BogDan Vatra <bogdan@kde.org>
* Fix SpeculateCellOperand ASSERT failure in DFG for 32-bit builds.Julien Brianceau2014-06-261-18/+27
| | | | | | | | | | Original patch by Filip Pizlo <fpizlo@apple.com> on 2013-08-28 taken from WebKit r154804 (http://trac.webkit.org/changeset/154804). Task-number: QTBUG-39768 Change-Id: I239f2ee2ec5d1c21f7e50709b8989e744fd87995 Reviewed-by: Zhang Zengbo <zengbo.zhang@gmail.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* [mips] Add floating point absolute support in JavaScriptCore.Julien Brianceau2014-06-102-3/+16
| | | | | Change-Id: I8b03fb0380fa444a6da239d8ddb19bdbe6b3d061 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Prevent register clobbering to fix negative zero check in SoftModulo.Julien Brianceau2014-06-061-1/+7
| | | | | | | | This fix is not relevant for x86 architectures. Covered by integer-division-neg2tothe32-by-neg1 JavaScript test. Change-Id: I8ffd1280063305bc98c564f5df57c76cc5b1d7a6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* [mips] Fix branchTruncateDoubleToUint32 implementation in macro assembler.Julien Brianceau2014-06-051-1/+1
| | | | | | | Test dfg-uint32array-overflow-values fails without this patch. Change-Id: Ia186ab5c3fbc19fd7621f5cc60678b82a6424641 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix problems with divot and lineStart mismatches.Mark Lam2014-05-0613-589/+529
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=118662. Reviewed by Oliver Hunt. Source/JavaScriptCore: r152494 added the recording of lineStart values for divot positions. This is needed for the computation of column numbers. Similarly, it also added the recording of line numbers for the divot positions. One problem with the approach taken was that the line and lineStart values were recorded independently, and hence were not always guaranteed to be sampled at the same place that the divot position is recorded. This resulted in potential mismatches that cause some assertions to fail. The solution is to introduce a JSTextPosition abstraction that records the divot position, line, and lineStart as a single quantity. Wherever we record the divot position as an unsigned int previously, we now record its JSTextPosition which captures all 3 values in one go. This ensures that the captured line and lineStart will always match the captured divot position. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitCall): (JSC::BytecodeGenerator::emitCallEval): (JSC::BytecodeGenerator::emitCallVarargs): (JSC::BytecodeGenerator::emitConstruct): (JSC::BytecodeGenerator::emitDebugHook): - Use JSTextPosition instead of passing line and lineStart explicitly. * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitExpressionInfo): - Use JSTextPosition instead of passing line and lineStart explicitly. * bytecompiler/NodesCodegen.cpp: (JSC::ThrowableExpressionData::emitThrowReferenceError): (JSC::ResolveNode::emitBytecode): (JSC::BracketAccessorNode::emitBytecode): (JSC::DotAccessorNode::emitBytecode): (JSC::NewExprNode::emitBytecode): (JSC::EvalFunctionCallNode::emitBytecode): (JSC::FunctionCallValueNode::emitBytecode): (JSC::FunctionCallResolveNode::emitBytecode): (JSC::FunctionCallBracketNode::emitBytecode): (JSC::FunctionCallDotNode::emitBytecode): (JSC::CallFunctionCallDotNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): (JSC::PostfixNode::emitResolve): (JSC::PostfixNode::emitBracket): (JSC::PostfixNode::emitDot): (JSC::DeleteResolveNode::emitBytecode): (JSC::DeleteBracketNode::emitBytecode): (JSC::DeleteDotNode::emitBytecode): (JSC::PrefixNode::emitResolve): (JSC::PrefixNode::emitBracket): (JSC::PrefixNode::emitDot): (JSC::UnaryOpNode::emitBytecode): (JSC::BinaryOpNode::emitStrcat): (JSC::BinaryOpNode::emitBytecode): (JSC::ThrowableBinaryOpNode::emitBytecode): (JSC::InstanceOfNode::emitBytecode): (JSC::emitReadModifyAssignment): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::AssignDotNode::emitBytecode): (JSC::ReadModifyDotNode::emitBytecode): (JSC::AssignBracketNode::emitBytecode): (JSC::ReadModifyBracketNode::emitBytecode): (JSC::ForInNode::emitBytecode): (JSC::WithNode::emitBytecode): (JSC::ThrowNode::emitBytecode): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/ASTBuilder.h: - Replaced ASTBuilder::PositionInfo with JSTextPosition. (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo): (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo): (JSC::ASTBuilder::createResolve): (JSC::ASTBuilder::createBracketAccess): (JSC::ASTBuilder::createDotAccess): (JSC::ASTBuilder::createRegExp): (JSC::ASTBuilder::createNewExpr): (JSC::ASTBuilder::createAssignResolve): (JSC::ASTBuilder::createExprStatement): (JSC::ASTBuilder::createForInLoop): (JSC::ASTBuilder::createReturnStatement): (JSC::ASTBuilder::createBreakStatement): (JSC::ASTBuilder::createContinueStatement): (JSC::ASTBuilder::createLabelStatement): (JSC::ASTBuilder::createWithStatement): (JSC::ASTBuilder::createThrowStatement): (JSC::ASTBuilder::appendBinaryExpressionInfo): (JSC::ASTBuilder::appendUnaryToken): (JSC::ASTBuilder::unaryTokenStackLastStart): (JSC::ASTBuilder::assignmentStackAppend): (JSC::ASTBuilder::createAssignment): (JSC::ASTBuilder::setExceptionLocation): (JSC::ASTBuilder::makeDeleteNode): (JSC::ASTBuilder::makeFunctionCallNode): (JSC::ASTBuilder::makeBinaryNode): (JSC::ASTBuilder::makeAssignNode): (JSC::ASTBuilder::makePrefixNode): (JSC::ASTBuilder::makePostfixNode): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Lexer.cpp: (JSC::::lex): - Added support for capturing the appropriate JSTextPositions instead of just the character offset. * parser/Lexer.h: (JSC::Lexer::currentPosition): (JSC::::lexExpectIdentifier): - Added support for capturing the appropriate JSTextPositions instead of just the character offset. * parser/NodeConstructors.h: (JSC::Node::Node): (JSC::ResolveNode::ResolveNode): (JSC::EvalFunctionCallNode::EvalFunctionCallNode): (JSC::FunctionCallValueNode::FunctionCallValueNode): (JSC::FunctionCallResolveNode::FunctionCallResolveNode): (JSC::FunctionCallBracketNode::FunctionCallBracketNode): (JSC::FunctionCallDotNode::FunctionCallDotNode): (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode): (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode): (JSC::PostfixNode::PostfixNode): (JSC::DeleteResolveNode::DeleteResolveNode): (JSC::DeleteBracketNode::DeleteBracketNode): (JSC::DeleteDotNode::DeleteDotNode): (JSC::PrefixNode::PrefixNode): (JSC::ReadModifyResolveNode::ReadModifyResolveNode): (JSC::ReadModifyBracketNode::ReadModifyBracketNode): (JSC::AssignBracketNode::AssignBracketNode): (JSC::AssignDotNode::AssignDotNode): (JSC::ReadModifyDotNode::ReadModifyDotNode): (JSC::AssignErrorNode::AssignErrorNode): (JSC::WithNode::WithNode): (JSC::ForInNode::ForInNode): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Nodes.cpp: (JSC::StatementNode::setLoc): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Nodes.h: (JSC::Node::lineNo): (JSC::Node::startOffset): (JSC::Node::lineStartOffset): (JSC::Node::position): (JSC::ThrowableExpressionData::ThrowableExpressionData): (JSC::ThrowableExpressionData::setExceptionSourceCode): (JSC::ThrowableExpressionData::divot): (JSC::ThrowableExpressionData::divotStart): (JSC::ThrowableExpressionData::divotEnd): (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData): (JSC::ThrowableSubExpressionData::setSubexpressionInfo): (JSC::ThrowableSubExpressionData::subexpressionDivot): (JSC::ThrowableSubExpressionData::subexpressionStart): (JSC::ThrowableSubExpressionData::subexpressionEnd): (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData): (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo): (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot): (JSC::ThrowablePrefixedSubExpressionData::subexpressionStart): (JSC::ThrowablePrefixedSubExpressionData::subexpressionEnd): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Parser.cpp: (JSC::::Parser): (JSC::::parseInner): - Use JSTextPosition instead of passing line and lineStart explicitly. (JSC::::didFinishParsing): - Remove setting of m_lastLine value. We always pass in the value from m_lastLine anyway. So, this assignment is effectively a nop. (JSC::::parseVarDeclaration): (JSC::::parseVarDeclarationList): (JSC::::parseForStatement): (JSC::::parseBreakStatement): (JSC::::parseContinueStatement): (JSC::::parseReturnStatement): (JSC::::parseThrowStatement): (JSC::::parseWithStatement): (JSC::::parseTryStatement): (JSC::::parseBlockStatement): (JSC::::parseFunctionDeclaration): (JSC::LabelInfo::LabelInfo): (JSC::::parseExpressionOrLabelStatement): (JSC::::parseExpressionStatement): (JSC::::parseAssignmentExpression): (JSC::::parseBinaryExpression): (JSC::::parseProperty): (JSC::::parsePrimaryExpression): (JSC::::parseMemberExpression): (JSC::::parseUnaryExpression): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Parser.h: (JSC::Parser::next): (JSC::Parser::nextExpectIdentifier): (JSC::Parser::getToken): (JSC::Parser::tokenStartPosition): (JSC::Parser::tokenEndPosition): (JSC::Parser::lastTokenEndPosition): (JSC::::parse): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/ParserTokens.h: (JSC::JSTextPosition::JSTextPosition): (JSC::JSTextPosition::operator+): (JSC::JSTextPosition::operator-): (JSC::JSTextPosition::operator int): - Added JSTextPosition. * parser/SyntaxChecker.h: (JSC::SyntaxChecker::makeFunctionCallNode): (JSC::SyntaxChecker::makeAssignNode): (JSC::SyntaxChecker::makePrefixNode): (JSC::SyntaxChecker::makePostfixNode): (JSC::SyntaxChecker::makeDeleteNode): (JSC::SyntaxChecker::createResolve): (JSC::SyntaxChecker::createBracketAccess): (JSC::SyntaxChecker::createDotAccess): (JSC::SyntaxChecker::createRegExp): (JSC::SyntaxChecker::createNewExpr): (JSC::SyntaxChecker::createAssignResolve): (JSC::SyntaxChecker::createForInLoop): (JSC::SyntaxChecker::createReturnStatement): (JSC::SyntaxChecker::createBreakStatement): (JSC::SyntaxChecker::createContinueStatement): (JSC::SyntaxChecker::createWithStatement): (JSC::SyntaxChecker::createLabelStatement): (JSC::SyntaxChecker::createThrowStatement): (JSC::SyntaxChecker::appendBinaryExpressionInfo): (JSC::SyntaxChecker::operatorStackPop): - Use JSTextPosition instead of passing line and lineStart explicitly. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153477 268f45cc-cd09-0410-ab3c-d52691b4dbfc Task-number: QTBUG-38708 Change-Id: Ic6a65e8915c634dffe76b7181b38d6be0ab4a45d Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* [mips] Fix or32 implementation in macro assembler.Julien Brianceau2014-04-081-1/+3
| | | | | | | | This patch fixes JavaScript issues for the mips backend, especially in the DFG stage when using (x|0) expressions. Change-Id: I4c7c7280735481dc06ca24745d2e42b2d8e13ef5 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix compiler warnings when building Qt WebKitAllan Sandfeld Jensen2014-03-181-4/+4
| | | | | | | | Fix warnings about C++11 violating syntax, unused variables in leveldb and non anynomous classes deriving from anonymous ones. Change-Id: I39326eed03fabe2856f1ea7c93eff65f30ee78ee Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Fix build: LLIntAssembly.h is in a subdir of generated/Thiago Macieira2014-03-171-1/+2
| | | | | | | | | ruby /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/offlineasm/asm.rb /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm LLIntOffsetsExtractor generated/LLIntOffsetsExtractor/LLIntAssembly.h offlineasm: Parsing /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm and LLIntOffsetsExtractor and creating assembly file generated/LLIntOffsetsExtractor/LLIntAssembly.h. Change-Id: If12f1476de74c3feeb5c6d6e2e115829e1106581 Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Use qmake optimize_fullAllan Sandfeld Jensen2014-03-101-4/+1
| | | | | | | | | | Qmake now has new config optimize_full that replaces -O2 with -O3. We should use that in QtWebKit instead of trying to do the same ourselves. This makes clang now use -O3 like gcc does. Change-Id: I3db6167833c579bdea941d3ad1b3636cbad62475 Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* Compile fix for Win64 with jit disabled.achristensen@apple.com2014-03-071-1/+1
| | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=119804 Reviewed by Michael Saboff. * offlineasm/cloop.rb: Added std:: before isnan. Change-Id: Ie7d922b7d6a0f45619a77029b07804aef5d01076 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154066 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on ↵Mark Hahnenberg2014-03-071-2/+2
| | | | | | | | | | | | | | | | | the length of the ArrayStorage after possible reallocing it https://bugs.webkit.org/show_bug.cgi?id=120278 Reviewed by Geoffrey Garen. Source/JavaScriptCore: * runtime/JSObject.cpp: (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): Change-Id: I034d6950683304d08a4e076d58fb1b999ade444b git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154633 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Setting a large numeric property on an object causes it to allocate a huge ↵Mark Hahnenberg2014-03-072-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | backing store https://bugs.webkit.org/show_bug.cgi?id=118914 Reviewed by Geoffrey Garen. Source/JavaScriptCore: There are two distinct actions that we're trying to optimize for: new Array(100000); and: a = []; a[100000] = 42; In the first case, the programmer has indicated that they expect this Array to be very big, so they should get a contiguous array up until some threshold, above which we perform density calculations to see if it is indeed dense enough to warrant being contiguous. In the second case, the programmer hasn't indicated anything about the size of the Array, so we should be more conservative and assume it should be sparse until we've proven otherwise. Currently both of those cases are handled by MIN_SPARSE_ARRAY_INDEX. We should distinguish between them for the purposes of not over-allocating large backing stores like we see on http://www.peekanalytics.com/burgerjoints/ The way that we'll do this is to keep the MIN_SPARSE_ARRAY_INDEX for the first case, and introduce a new heuristic for the second case. If we are putting to an index above a certain threshold (say, 1000) and it is beyond the length of the array, then we will use a sparse map instead. So for example, in the second case above the empty array has a blank indexing type and a length of 0. We put-by-val to an index > 1000 and > a.length, so we'll use a sparse map. This fix is ~800x speedup on the accompanying regression test :-o * runtime/ArrayConventions.h: (JSC::indexIsSufficientlyBeyondLengthForSparseMap): * runtime/JSObject.cpp: (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes): (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage): (JSC::JSObject::putByIndexBeyondVectorLength): (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153374 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I1c29992d6e09c9d523a8093e76e3848a9581ce45 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Use moveDoubleToInts in SpecializedThunkJIT::returnDouble for non-X86 ↵Julien Brianceau2014-03-031-0/+5
| | | | | | | | | | | | | | | | | | | | JSVALUE32_64 ports. https://bugs.webkit.org/show_bug.cgi?id=124936 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-29 Reviewed by Zoltan Herczeg. The moveDoubleToInts implementations in ARM, MIPS and SH4 macro assemblers do not clobber src FPRegister and are likely to be more efficient than the current generic implementation using the stack. * jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::returnDouble): Change-Id: Ie3b6516a4047717212521315e85f5e2094373cbc git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159873 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix build on x32v5.3.0-alpha1Allan Sandfeld Jensen2014-02-251-1/+1
| | | | | | | Recognize x32 and disable JIT and native LLINT in this configuration. Change-Id: I1576e38ffcff92495c4c108f66f2df17de9a5e9c Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Fix Qt WebKit build on architectures without JIT supportAllan Sandfeld Jensen2014-02-211-0/+4
| | | | | | | | | | | | | The fallback LLINT interpreter was triggering YARR JIT which would fail to compile and also trigger ENABLE_ASSEMBLER which would trigger even more not to compile. YARR JIT is only supported on platforms with valid JIT or native LLINT support. So we must avoid it when the fallback is used Task-number: QTBUG-36969 Change-Id: Ie94bcb316e192feb33ab528ddc3a328af154cebf Reviewed-by: Michael Bruning <michael.bruning@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2014-02-122-52/+115
|\ | | | | | | Change-Id: Iea6cf3f34fb33f2d138b72243b0e688958d9424e
| * [mips] Wrong register usage in LLInt.old/5.2Balazs Kilvady2014-02-102-52/+115
| | | | | | | | | | | | | | | | | | | | | | Fix register usage and add PIC header to all LLInt operations. This patch is taken from https://bugs.webkit.org/show_bug.cgi?id=125168. It fixes the crash of fast/js/exception-propagate-from-dfg-to-llint test on mips architecture. Change-Id: I98ad3b5766451cab48a76f7e028b210f9ebe99ed Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Replace win32-g++ with mingw scopeKai Koehne2014-01-271-1/+1
| | | | | | | | | | | | | | | | | | | | Commit 773dd01 in qtbase introduced a general mingw platform scope, which is cleaner and more flexible than matching the spec name. (see 278152fff for a similar commit in qtbase). Change-Id: Id3dcd3474504aebeee16dc41cd1eeab7ac21b319 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-12-231-1/+0
|\ \ | |/ | | | | Change-Id: I31a326945d624b10d5c87703d0e2b8ac723a05ab
| * Do not completely erase LIBS variableJürgen Hunold2013-12-171-1/+0
| | | | | | | | | | | | | | | | | | | | Using an empty LIBS variable prevents usage of custom library paths and libraries via configure -L <path> -l <extra_lib>. This is needed for linking with an alternative stdlib implementation. Change-Id: Ie1009bfd435436bf584b2963066535ee90f4d5d0 Reviewed-by: Pierre Rossi <pierre.rossi@gmail.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-11-293-112/+73
|\ \ | |/ | | | | | | | | | | Conflicts: .qmake.conf Change-Id: I9f566e48b319664f2783788572935da39749c91c
| * Merge remote-tracking branch 'origin/release' into stableFrederik Gladhorn2013-11-261-3/+3
| |\ | | | | | | | | | Change-Id: I9088052f76de19e584cd16fd039502de6b22bec2
| | * Fix compilation on ARMSamuli Piippo2013-11-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Android fix broke ARM compilation on non-Android Linux platforms. Now correcly define Elf32_auxv_t only on Android/Qt and otherwise include asm/hwcap.h Same fix was previously applied to QtScript, which had the exact same android problem (QTBUG-30978). Task-number: QTBUG-34917 Change-Id: I29d570731754c6291f8dc0c379e6fdc8ec72b897 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Fix revertJumpReplacementToBranchPtrWithPatch in MacroAssembler.commit-queue@webkit.org2013-11-202-11/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=124468 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-17 Reviewed by Michael Saboff. Current implementation of revertJumpReplacementToBranchPtrWithPatch is wrong in the sh4 MacroAssembler part, leading to random instabilities. This patch fixes it and also renames the bad-named revertJumpToMove to revertJumpReplacementToBranchPtrWithPatch in the SH4Assembler. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): * assembler/SH4Assembler.h: (JSC::SH4Assembler::replaceWithJump): (JSC::SH4Assembler::revertJumpReplacementToBranchPtrWithPatch): Change-Id: Ifbc6851f506a1303c85cff3a47c23e932fad033c git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159400 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Protect repatchCompact from flushConstantPool.commit-queue@webkit.org2013-11-201-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=124278 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-13 Reviewed by Michael Saboff. Random crashes may occur with sh4 architecture, when a flushConstantPool occurs in movlMemRegCompact. As in this case a branch opcode and the constant pool are put before the movlMemRegCompact, the branch itself is patched when calling repatchCompact instead of the mov instruction, which is really bad. * assembler/SH4Assembler.h: (JSC::SH4Assembler::repatchCompact): Handle this specific case and add an ASSERT. Change-Id: I9c0e78cade4d20d0d83d683ffe6a499cee63bdbb git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159203 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Fix load32WithUnalignedHalfWords function in baseline JIT.commit-queue@webkit.org2013-11-201-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=124233 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-12 Reviewed by Michael Saboff. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): Do not claim scratch register too early. Test already covered by fast/regex/pcre-test-1. Change-Id: Ib783d70723754e80d961ade9463d7dc85ccb83f0 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159153 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Refactor jumps in baseline JIT to return label after the jump.commit-queue@webkit.org2013-11-202-93/+33
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=123734 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-04 Reviewed by Michael Saboff. Current implementation of jumps in sh4 baseline JIT returns a label on the jump itself and not after it. This is not correct and leads to issues like infinite loop the DFG (https://bugs.webkit.org/show_bug.cgi?id=122597 for instance). This refactor fixes this and also simplifies the link and relink procedures for sh4 jumps. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::branchDouble): (JSC::MacroAssemblerSH4::branchTrue): (JSC::MacroAssemblerSH4::branchFalse): * assembler/SH4Assembler.h: (JSC::SH4Assembler::jmp): (JSC::SH4Assembler::extraInstrForBranch): (JSC::SH4Assembler::jne): (JSC::SH4Assembler::je): (JSC::SH4Assembler::bra): (JSC::SH4Assembler::linkJump): (JSC::SH4Assembler::relinkJump): Change-Id: Ia31b326a1f3c41e9c913e513563ff1e6b8f8e55e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158580 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Merge remote-tracking branch 'origin/stable' into devSergio Ahumada2013-11-0814-28/+35
|\ \ | |/ | | | | Change-Id: I4e82a7abec9b95d3148e1eddc786ee5a16d1f768
| * Only use 64bit atomics when supportedAllan Sandfeld Jensen2013-10-281-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To support Windows XP we must avoid using the 64bit variants of the atomicIncrement/atomicDecrement operations which are only supported from Windows 2003 and up. This patch rolls back the minimum Win32 API version to WinNT 5.1 (32bit WinXP), and adds a new flag to indicate the support of 64bit atomics. The new flag is now also used to support MIPS and other architectures without 64bit intrinsics, instead of hacking in poor support. This also extends the atomic operations to sparc64 which was previously skipped because it did not work with __exchange_and_add. Task-number: QTBUG-34271 Change-Id: I21b09df3cafb7f0987a2f44c89036ff34ed34aa0 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com> Reviewed-by: Kai Koehne <kai.koehne@digia.com>
| * Fix build for boot2qt eAndroidAllan Sandfeld Jensen2013-10-212-5/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Reverts the removal of Android support in WTF, and brings the support up to date. Merged change to MacroAssemblerARM.cpp from QtScript. Replaces use of statvfs with statfs in one place. Replaces shm-based shared memory with ashmem-based in WebKit2. Change-Id: I440b1fbd94bb4148f7ba764d77de65230d13ed90 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
| * [sh4] Jump over maxJumpReplacementSize in revertJumpToMove.Julien Brianceau2013-10-211-10/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=120007 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-07 Reviewed by Oliver Hunt. Jump over maxJumpReplacementSize in revertJumpToMove, even if there is no constant value within the area. This patch fixes debug ASSERTs failures for sh4 architecture. * assembler/SH4Assembler.h: (JSC::SH4Assembler::revertJumpToMove): Change-Id: Ice297393b167eace620ace8d8957014f0b3945c8 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157046 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * [arm] Inverted src and dest FP registers in DFG speculative JIT when using ↵Julien Brianceau2013-10-181-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | hardfp. https://bugs.webkit.org/show_bug.cgi?id=122555 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-09 Reviewed by Michael Saboff. * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): (JSC::DFG::SpeculativeJIT::appendCallSetResult): Change-Id: Ib633513948031702efd5ca0d4b89920e99979755 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157173 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * Revert r152209Allan Sandfeld Jensen2013-10-171-1/+1
| | | | | | | | | | | | | | | | Revert another fixup patch for one of the commits we reverted in our branch. Change-Id: I423969481d398df7f334ba4fbf2f2e466ff418fb Reviewed-by: Julien Brianceau <jbriance@cisco.com> Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
| * 32-bit code gen for TypeOf doesn't properly update the AbstractInterpreter stateMark Hahnenberg2013-10-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=119555 Reviewed by Geoffrey Garen. It uses a speculationCheck where it should be using a DFG_TYPE_CHECK like the 64-bit backend does. This was causing crashes on maps.google.com in 32-bit debug builds. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): Change-Id: Icdcfe0719d22df7db6dc7ffcee309b75b63914df git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153793 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
| * Fix undefined reference linker errors with MinGWKai Koehne2013-10-167-0/+8
| | | | | | | | | | | | | | | | | | | | Make sure the inline methods are defined whereever referenced. This fixes 'undefined reference' errors when linking with MinGW-builds 4.8.2 32 bit posix dwarf rev2. Task-number: QTBUG-34083 Change-Id: Iadc7300634780741be9d97bc889290cd113181e1 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [sh4] Introduce const pools in LLINT.commit-queue@webkit.org2013-10-182-67/+192
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=122746 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-15 Reviewed by Michael Saboff. In current implementation of LLINT for sh4, immediate values outside range -128..127 are loaded this way: mov.l .label, rx bra out nop .balign 4 .label: .long immvalue out: This change introduces const pools for sh4 implementation to avoid lots of useless branches and reduce code size. It also removes lines of dirty code, like jmpf and callf. * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions. * offlineasm/sh4.rb: Change-Id: Ieeceaaa5eb55ab9439d923afccceb783e9930ee4 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157452 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [sh4] Fix typo in subp implementation in LLINT.commit-queue@webkit.org2013-10-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=121438 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-09-16 Reviewed by Andreas Kling. * offlineasm/sh4.rb: Change-Id: Ic3fb73ae9d40024652b07831562abab6347249ec git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155876 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [sh4] Handle subp opcode with 3 operands and bpbeq opcode in LLINT.commit-queue@webkit.org2013-10-171-4/+15
|/ | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=121412 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-09-16 Reviewed by Andreas Kling. * offlineasm/sh4.rb: Change-Id: I4c0cbe22fb409b8d0d20c4c498b13a7e0ff870d0 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155846 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix linux-clang with clang 3.4Allan Sandfeld Jensen2013-10-041-0/+3
| | | | | | | Cherry-picked upstream r153965 to fix linux build with clang 3.4 Change-Id: Ib3eeb5c424c4f0ef00c228ad02b61ef87dd9b3b6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* [sh4] Missing instruction in nativeCallTrampoline LLINT function.Julien Brianceau2013-10-041-14/+1
| | | | | | | | | "move t0, a0" is missing in sh4 implementation of nativeCallTrampoline. Reuse MIPS implementation to avoid code duplication. Fixed in changeset 153371 of WebKit trunk. Change-Id: Ifcc729006bcb426a797762aab093cd300401633c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Revert "Un-crashify JSC tests on debug bots after Anders had his way with ↵v5.2.0-alpha1Allan Sandfeld Jensen2013-09-241-1/+1
| | | | | | | | | StringImpl." Revert another commit that depended on the reverted SQLite commit. Change-Id: I629b6ab7822c15f9f61f61cd880edefd9545838b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix build with MingWAllan Sandfeld Jensen2013-09-201-2/+2
| | | | | | | | | Fix wrong export/import flags in inlined methods. Use normal GCC inline asm instead of _ReadWriteBarrier. Change-Id: Iba6b923be383777f2807d84349044dbe5a22eb57 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* QtWebKit should not require SQLite version to 3.6.16.Allan Sandfeld Jensen2013-09-191-1/+1
| | | | | | | | Revert r152134 which raised the minimum SQLite version, and r152201 which removed a method the reverted code needed. Change-Id: Ie028992137f3983d114f3491423afe6303173544 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
View Lorry Controller Status