summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore
Commit message (Collapse)AuthorAgeFilesLines
...
| * [sh4] Jump over maxJumpReplacementSize in revertJumpToMove.Julien Brianceau2013-10-211-10/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=120007 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-07 Reviewed by Oliver Hunt. Jump over maxJumpReplacementSize in revertJumpToMove, even if there is no constant value within the area. This patch fixes debug ASSERTs failures for sh4 architecture. * assembler/SH4Assembler.h: (JSC::SH4Assembler::revertJumpToMove): Change-Id: Ice297393b167eace620ace8d8957014f0b3945c8 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157046 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * [arm] Inverted src and dest FP registers in DFG speculative JIT when using ↵Julien Brianceau2013-10-181-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | hardfp. https://bugs.webkit.org/show_bug.cgi?id=122555 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-09 Reviewed by Michael Saboff. * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): (JSC::DFG::SpeculativeJIT::appendCallSetResult): Change-Id: Ib633513948031702efd5ca0d4b89920e99979755 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157173 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * Revert r152209Allan Sandfeld Jensen2013-10-171-1/+1
| | | | | | | | | | | | | | | | Revert another fixup patch for one of the commits we reverted in our branch. Change-Id: I423969481d398df7f334ba4fbf2f2e466ff418fb Reviewed-by: Julien Brianceau <jbriance@cisco.com> Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
| * 32-bit code gen for TypeOf doesn't properly update the AbstractInterpreter stateMark Hahnenberg2013-10-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=119555 Reviewed by Geoffrey Garen. It uses a speculationCheck where it should be using a DFG_TYPE_CHECK like the 64-bit backend does. This was causing crashes on maps.google.com in 32-bit debug builds. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): Change-Id: Icdcfe0719d22df7db6dc7ffcee309b75b63914df git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153793 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
| * Fix undefined reference linker errors with MinGWKai Koehne2013-10-167-0/+8
| | | | | | | | | | | | | | | | | | | | Make sure the inline methods are defined whereever referenced. This fixes 'undefined reference' errors when linking with MinGW-builds 4.8.2 32 bit posix dwarf rev2. Task-number: QTBUG-34083 Change-Id: Iadc7300634780741be9d97bc889290cd113181e1 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [sh4] Introduce const pools in LLINT.commit-queue@webkit.org2013-10-182-67/+192
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=122746 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-10-15 Reviewed by Michael Saboff. In current implementation of LLINT for sh4, immediate values outside range -128..127 are loaded this way: mov.l .label, rx bra out nop .balign 4 .label: .long immvalue out: This change introduces const pools for sh4 implementation to avoid lots of useless branches and reduce code size. It also removes lines of dirty code, like jmpf and callf. * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions. * offlineasm/sh4.rb: Change-Id: Ieeceaaa5eb55ab9439d923afccceb783e9930ee4 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157452 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [sh4] Fix typo in subp implementation in LLINT.commit-queue@webkit.org2013-10-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=121438 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-09-16 Reviewed by Andreas Kling. * offlineasm/sh4.rb: Change-Id: Ic3fb73ae9d40024652b07831562abab6347249ec git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155876 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [sh4] Handle subp opcode with 3 operands and bpbeq opcode in LLINT.commit-queue@webkit.org2013-10-171-4/+15
|/ | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=121412 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-09-16 Reviewed by Andreas Kling. * offlineasm/sh4.rb: Change-Id: I4c0cbe22fb409b8d0d20c4c498b13a7e0ff870d0 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155846 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix linux-clang with clang 3.4Allan Sandfeld Jensen2013-10-041-0/+3
| | | | | | | Cherry-picked upstream r153965 to fix linux build with clang 3.4 Change-Id: Ib3eeb5c424c4f0ef00c228ad02b61ef87dd9b3b6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* [sh4] Missing instruction in nativeCallTrampoline LLINT function.Julien Brianceau2013-10-041-14/+1
| | | | | | | | | "move t0, a0" is missing in sh4 implementation of nativeCallTrampoline. Reuse MIPS implementation to avoid code duplication. Fixed in changeset 153371 of WebKit trunk. Change-Id: Ifcc729006bcb426a797762aab093cd300401633c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Revert "Un-crashify JSC tests on debug bots after Anders had his way with ↵v5.2.0-alpha1Allan Sandfeld Jensen2013-09-241-1/+1
| | | | | | | | | StringImpl." Revert another commit that depended on the reverted SQLite commit. Change-Id: I629b6ab7822c15f9f61f61cd880edefd9545838b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix build with MingWAllan Sandfeld Jensen2013-09-201-2/+2
| | | | | | | | | Fix wrong export/import flags in inlined methods. Use normal GCC inline asm instead of _ReadWriteBarrier. Change-Id: Iba6b923be383777f2807d84349044dbe5a22eb57 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* QtWebKit should not require SQLite version to 3.6.16.Allan Sandfeld Jensen2013-09-191-1/+1
| | | | | | | | Revert r152134 which raised the minimum SQLite version, and r152201 which removed a method the reverted code needed. Change-Id: Ie028992137f3983d114f3491423afe6303173544 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Import Qt5x2 branch of QtWebkit for Qt 5.2Allan Sandfeld Jensen2013-09-19851-45952/+86306
| | | | | | | Importing a new snapshot of webkit. Change-Id: I2d01ad12cdc8af8cb015387641120a9d7ea5f10c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Merge branch 'stable' into devSergio Ahumada2013-09-134-14/+14
|\ | | | | | | | | | | | | Conflicts: Source/WebKit2/UIProcess/API/qt/qquickwebview.cpp Change-Id: Iaa6209d0d611d18b8c916bcd165c8bf5b7441b7b
| * JSC ARM traditional failing on Octane NavierStokes testGabor Rapcsanyi2013-09-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=115626 Reviewed by Zoltan Herczeg. Change the ARM traditional assembler to use double precision on value conversions. * assembler/ARMAssembler.h: Change-Id: I2fbf6323a59120b497215696e10a1582ff927347 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@149601 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
| * Failure building with python3Laszlo Papp2013-08-273-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=106645 Patch by Laszlo Papp <lpapp@kde.org> on 2013-08-23 Reviewed by Benjamin Poulain. Use print functions instead of python statements to be compatible with python 3.X and 2.7 as well. Archlinux has been using python3 and that is what causes issues while packaging QtWebKit along with Qt5. * disassembler/udis86/itab.py: (UdItabGenerator.genInsnTable): * disassembler/udis86/ud_opcode.py: (UdOpcodeTables.print_table): * disassembler/udis86/ud_optable.py: (UdOptableXmlParser.parseDef): (UdOptableXmlParser.parse): (printFn): Change-Id: Icec0024fc39bb342d23bbeefac4de0c81e176e6c git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154521 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Laszlo Papp <lpapp@kde.org> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | JavaScriptCore: Fix header guardTobias Hunger2013-09-031-1/+1
|/ | | | | | | Clang nags about it. Change-Id: I0f4629048e2e02370202cf47748be05bfa0cbf81 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* JSObject::getOwnNonIndexPropertyNames calculates numCacheableSlots ↵Mark Hahnenberg2013-07-012-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | incorrectly (2/2) https://bugs.webkit.org/show_bug.cgi?id=114235 Reviewed by Filip Pizlo. If the object doesn't have any properties but the prototype does, we'll assume those prototype properties are accessible in the base object's backing store, which is bad. Source/JavaScriptCore: * runtime/JSObject.cpp: (JSC::JSObject::getPropertyNames): (JSC::JSObject::getOwnNonIndexPropertyNames): * runtime/PropertyNameArray.h: (JSC::PropertyNameArray::PropertyNameArray): (JSC::PropertyNameArray::setNumCacheableSlotsForObject): (JSC::PropertyNameArray::setBaseObject): (PropertyNameArray): Change-Id: If61b609438fa1d62364bac556af635413198d8ad git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148142 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* JSObject::getOwnNonIndexPropertyNames calculates numCacheableSlots incorrectlyMark Hahnenberg2013-07-011-3/+5
| | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=114235 Reviewed by Geoffrey Garen. Due to the way that numCacheableSlots is currently calculated, checking an object's prototype for enumerable properties causes us not to cache any properties at all. We should only cache properties on the object itself since we currently don't take advantage of any sort of name caching for properties in the prototype chain. This fix undoes a ~2% SunSpider regression caused by http://trac.webkit.org/changeset/147570. * runtime/JSObject.cpp: (JSC::JSObject::getOwnNonIndexPropertyNames): Change-Id: I5853ab567cd0a8cd20aeac1372ec64fc4f25df1a git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148036 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* get_by_pname can become confused when iterating over objects with static ↵Mark Hahnenberg2013-07-013-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | properties https://bugs.webkit.org/show_bug.cgi?id=113831 Reviewed by Geoffrey Garen. get_by_pname doesn't take static properties into account when using a JSPropertyNameIterator to directly access an object's backing store. One way to fix this is to not cache any properties when iterating over objects with static properties. This patch fixes the bug that was originally reported on swisscom.ch. Source/JavaScriptCore: * runtime/JSObject.cpp: (JSC::JSObject::getOwnNonIndexPropertyNames): * runtime/JSPropertyNameIterator.cpp: (JSC::JSPropertyNameIterator::create): * runtime/PropertyNameArray.h: (JSC::PropertyNameArray::PropertyNameArray): (JSC::PropertyNameArray::numCacheableSlots): (JSC::PropertyNameArray::setNumCacheableSlots): (PropertyNameArray): Change-Id: I7ae9c48eea3c5300c4825a10a660b0e2210c8862 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@147570 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* LLInt conditional branch compilation fault on MIPS.Balazs Kilvady2013-05-232-14/+20
| | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=114264 Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-04-09 Reviewed by Filip Pizlo. Fix conditional branch compilation in LLInt offlineasm. * offlineasm/mips.rb: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148045 268f45cc-cd09-0410-ab3c-d52691b4dbfc Conflicts: Source/JavaScriptCore/ChangeLog Change-Id: I31b5c06f4424d06785ae53f2f5e34584082b4b02 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* offlineasm BaseIndex handling is broken on ARM due to MIPS changesBalazs Kilvady2013-05-233-4/+46
| | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=108261 Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-02-01 Reviewed by Filip Pizlo. offlineasm BaseIndex handling fix on MIPS. * offlineasm/mips.rb: * offlineasm/risc.rb: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141641 268f45cc-cd09-0410-ab3c-d52691b4dbfc Conflicts: Source/JavaScriptCore/ChangeLog Source/JavaScriptCore/offlineasm/mips.rb Change-Id: I7ec4d500e11717e1cb2b6fd7f310e4e66cfa7955 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* MIPS DFG implementation.Balazs Kilvady2013-05-2311-73/+873
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=101328 Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-02-18 Reviewed by Oliver Hunt. DFG implementation for MIPS. Source/JavaScriptCore: * assembler/MIPSAssembler.h: (JSC::MIPSAssembler::MIPSAssembler): (JSC::MIPSAssembler::sllv): (JSC::MIPSAssembler::movd): (MIPSAssembler): (JSC::MIPSAssembler::negd): (JSC::MIPSAssembler::labelForWatchpoint): (JSC::MIPSAssembler::label): (JSC::MIPSAssembler::vmov): (JSC::MIPSAssembler::linkDirectJump): (JSC::MIPSAssembler::maxJumpReplacementSize): (JSC::MIPSAssembler::revertJumpToMove): (JSC::MIPSAssembler::replaceWithJump): * assembler/MacroAssembler.h: (MacroAssembler): (JSC::MacroAssembler::poke): * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::add32): (MacroAssemblerMIPS): (JSC::MacroAssemblerMIPS::and32): (JSC::MacroAssemblerMIPS::lshift32): (JSC::MacroAssemblerMIPS::mul32): (JSC::MacroAssemblerMIPS::or32): (JSC::MacroAssemblerMIPS::rshift32): (JSC::MacroAssemblerMIPS::urshift32): (JSC::MacroAssemblerMIPS::sub32): (JSC::MacroAssemblerMIPS::xor32): (JSC::MacroAssemblerMIPS::store32): (JSC::MacroAssemblerMIPS::jump): (JSC::MacroAssemblerMIPS::branchAdd32): (JSC::MacroAssemblerMIPS::branchMul32): (JSC::MacroAssemblerMIPS::branchSub32): (JSC::MacroAssemblerMIPS::branchNeg32): (JSC::MacroAssemblerMIPS::call): (JSC::MacroAssemblerMIPS::loadDouble): (JSC::MacroAssemblerMIPS::moveDouble): (JSC::MacroAssemblerMIPS::swapDouble): (JSC::MacroAssemblerMIPS::subDouble): (JSC::MacroAssemblerMIPS::mulDouble): (JSC::MacroAssemblerMIPS::divDouble): (JSC::MacroAssemblerMIPS::negateDouble): (JSC::MacroAssemblerMIPS::branchEqual): (JSC::MacroAssemblerMIPS::branchNotEqual): (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32): (JSC::MacroAssemblerMIPS::branchTruncateDoubleToUint32): (JSC::MacroAssemblerMIPS::truncateDoubleToInt32): (JSC::MacroAssemblerMIPS::truncateDoubleToUint32): (JSC::MacroAssemblerMIPS::branchDoubleNonZero): (JSC::MacroAssemblerMIPS::branchDoubleZeroOrNaN): (JSC::MacroAssemblerMIPS::invert): (JSC::MacroAssemblerMIPS::replaceWithJump): (JSC::MacroAssemblerMIPS::maxJumpReplacementSize): * dfg/DFGAssemblyHelpers.h: (AssemblyHelpers): (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall): (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): (JSC::DFG::AssemblyHelpers::debugCall): * dfg/DFGCCallHelpers.h: (CCallHelpers): (JSC::DFG::CCallHelpers::setupArguments): (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): * dfg/DFGFPRInfo.h: (DFG): (FPRInfo): (JSC::DFG::FPRInfo::toRegister): (JSC::DFG::FPRInfo::toIndex): (JSC::DFG::FPRInfo::debugName): * dfg/DFGGPRInfo.h: (DFG): (GPRInfo): (JSC::DFG::GPRInfo::toRegister): (JSC::DFG::GPRInfo::toIndex): (JSC::DFG::GPRInfo::debugName): * dfg/DFGSpeculativeJIT.h: (SpeculativeJIT): * jit/JSInterfaceJIT.h: (JSInterfaceJIT): * runtime/JSGlobalData.h: (JSC::ScratchBuffer::allocationSize): (ScratchBuffer): Source/WTF: * wtf/Platform.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143247 268f45cc-cd09-0410-ab3c-d52691b4dbfc Conflicts: Source/JavaScriptCore/ChangeLog Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h Source/WTF/ChangeLog Change-Id: Ibc6c2a2b1d5c70d351ede37c6c111b66b4cf7fef Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* MIPS LLInt implementation.Balazs Kilvady2013-05-2311-18/+1047
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=99706 Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-01-07 Reviewed by Filip Pizlo. LLInt implementation for MIPS. Source/JavaScriptCore: * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::jump): * dfg/DFGOperations.cpp: (JSC): * jit/JITStubs.cpp: (JSC): * jit/JITStubs.h: (JITStackFrame): * llint/LLIntOfflineAsmConfig.h: * llint/LowLevelInterpreter.asm: * llint/LowLevelInterpreter32_64.asm: * offlineasm/backends.rb: * offlineasm/instructions.rb: * offlineasm/mips.rb: Added. Source/WTF: * wtf/Platform.h: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138970 268f45cc-cd09-0410-ab3c-d52691b4dbfc Conflicts: Source/JavaScriptCore/ChangeLog Source/JavaScriptCore/jit/JITStubs.h Change-Id: I1677d54c1641cf60e517772944582c8f387eeb6d Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* [Qt] Use GNU ar's thin archive format for intermediate static libsAndras Becsi2013-04-193-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=109052 http://trac.webkit.org/changeset/142088 Reviewed by Jocelyn Turcotte. With debug builds we exceed the 4GiB limit of GNU ar when creating the WebCore intermediate static library which results in build failure even with a x86_64 toolchain (http://sourceware.org/bugzilla/show_bug.cgi?id=14625). When using a GNU toolchain we can use the thin archive format for these static libraries which also has the benefit of not copying the object files, thus drastically reducing disk usage and overall compile time. Currently qmake does not support GNU ar's thin archive format so for now we need to do the magic in the build system as a stopgap solution. Adjust project files that used activeBuildConfig() to use targetSubDir(). Change-Id: I68604d5fc6acc32d45a734271aa87bfa5a14647f Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Implement JIT for MinGW-w64 64-bitJonathan Liu2013-04-191-1/+70
| | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=114580 Reviewed by Jocelyn Turcotte. * jit/JITStubs.cpp: (JSC): Change-Id: Ibdda0a09ba3db010bbd7858b745834dff2d92260 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148663 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Add more assertions to the property storage use in arraysOliver Hunt2013-04-162-5/+20
| | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107728 Reviewed by Filip Pizlo. Add a bunch of assertions to array and object butterfly usage. This should make debugging somewhat easier. I also converted a couple of assertions to release asserts as they were so low cost it seemed a sensible thing to do. * runtime/JSArray.cpp: (JSC::JSArray::sortVector): (JSC::JSArray::compactForSorting): * runtime/JSObject.h: (JSC::JSObject::getHolyIndexQuickly): Change-Id: Ie6164b837e7671b87c003de3e29fd33ef05f4362 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141029 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Merge "Merge remote-tracking branch 'origin/release' into stable" into ↵Frederik Gladhorn2013-04-051-2/+2
|\ | | | | | | refs/staging/stable
| * Merge remote-tracking branch 'origin/release' into stableFrederik Gladhorn2013-04-031-2/+2
| |\ | | | | | | | | | Change-Id: If3305d4a24584f4289f840e60a2362220d005013
| | * Crash at JSC::call when loading www.gap.com with JSVALUE32_64 EnabledMichael Saboff2013-03-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=108991 Reviewed by Oliver Hunt. Changed the restoration from calleeGPR to nonArgGPR0 because the restoration of the return location may step on calleeGPR is it happen to be nonArgGPR2. * dfg/DFGRepatch.cpp: (JSC::DFG::dfgLinkClosureCall): Change-Id: I2d27a111ae1edbfea9335f3a06c5cc53e065a673 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141951 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | Fix the build with GCC 4.8 https://bugs.webkit.org/show_bug.cgi?id=113147Andras Becsi2013-04-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reviewed by Allan Sandfeld Jensen. Source/JavaScriptCore: Initialize JSObject* exception to suppress warnings that make the build fail because of -Werror=maybe-uninitialized. * runtime/Executable.cpp: (JSC::FunctionExecutable::compileForCallInternal): (JSC::FunctionExecutable::compileForConstructInternal): Source/WTF: Disable diagnostic warning -Wunused-local-typedefs for GCC 4.8 since dummy typedefs are commonly used in the codebase. * wtf/Compiler.h: Change-Id: I084a47068324c6b9ddd7f4274f7c5a2d10904627 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | WeakSet::removeAllocator leaks WeakBlocksMark Hahnenberg2013-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=110228 Reviewed by Geoffrey Garen. We need to return the WeakBlock to the BlockAllocator after the call to WeakBlock::destroy. * heap/WeakSet.cpp: (JSC::WeakSet::removeAllocator): Change-Id: Iba6cff23e3d8b7a544a825dd1e435cf986b0d35f git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143351 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | JSC asserting with long parameter list functions in debug mode on ARM ↵Gabor Rapcsanyi2013-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | traditional https://bugs.webkit.org/show_bug.cgi?id=109565 Reviewed by Zoltan Herczeg. Increase the value of sequenceGetByIdSlowCaseInstructionSpace to 80. * jit/JIT.h: Change-Id: I593f09494314a36cb50f2511908f6243fd43f902 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142616 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | Change set r140201 broke editing/selection/move-by-word-visually-multi-line.htmlMichael Saboff2013-04-041-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107340 Reviewed by Filip Pizlo. Due to the change landed in r140201, more nodes might end up generating Int32ToDouble nodes. Therefore, changed the JSVALUE64 constant path of compileInt32ToDouble() to use the more restrictive isInt32Constant() check on the input. This check was the same as the existing ASSERT() so the ASSERT was eliminated. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileInt32ToDouble): Change-Id: I8e9f3858414e37f5b8232a58d8f6f9dada755343 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140221 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | Harden ArithDiv of integers fix-up by inserting Int32ToDouble node directlyMichael Saboff2013-04-041-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107321 Reviewed by Filip Pizlo. Split out the Int32ToDouble node insertion from fixDoubleEdge() and used it directly when we're fixing up an ArithDiv node with integer inputs and output for platforms that don't have integer division. Since we are checking that our inputs should be ints, we can just insert the Int32ToDouble node without any further checks. * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): (JSC::DFG::FixupPhase::fixDoubleEdge): (FixupPhase): (JSC::DFG::FixupPhase::injectInt32ToDoubleNode): Change-Id: Ic79f2823a7cfb9ce52bb935536972f48508579fd git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140203 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | Fix up of ArithDiv nodes for non-x86 CPUs is brokenMichael Saboff2013-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107309 Reviewed by Filip Pizlo. Changed the logic so that we insert an Int32ToDouble node when the existing edge is not SpecDouble. * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixDoubleEdge): Change-Id: I8e73ad242feb65c143857d3a4190e095aa5e9d06 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140201 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | r134080 causes heap problem on linux systems where PAGESIZE != 4096Balazs Kilvady2013-04-044-25/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=102828 Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-01-18 Reviewed by Mark Hahnenberg. Make MarkStackSegment::blockSize as the capacity of segments of a MarkStackArray. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: * heap/MarkStack.cpp: (JSC): (JSC::MarkStackArray::MarkStackArray): (JSC::MarkStackArray::expand): (JSC::MarkStackArray::donateSomeCellsTo): (JSC::MarkStackArray::stealSomeCellsFrom): * heap/MarkStack.h: (JSC::MarkStackSegment::data): (CapacityFromSize): (MarkStackArray): * heap/MarkStackInlines.h: (JSC::MarkStackArray::setTopForFullSegment): (JSC::MarkStackArray::append): (JSC::MarkStackArray::isEmpty): (JSC::MarkStackArray::size): * runtime/Options.h: (JSC): Change-Id: I4663100b6b8b054bed03c0c6eb01bb9274a1b264 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140195 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | Yarr JIT isn't big endian compatibleTobias Netzel2013-04-041-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=102897 Patch by Tobias Netzel <tobias.netzel@googlemail.com> on 2013-01-22 Reviewed by Oliver Hunt. This patch was tested in the current mozilla codebase only and has passed the regexp tests there. * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): Change-Id: I1eb463aa79a7976a87d1f36a6c0123b058c3ec87 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140438 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | If array allocation profiling causes a new_array to allocate double arrays, ↵Filip Pizlo2013-04-041-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | then the holes should end up being correctly initialized https://bugs.webkit.org/show_bug.cgi?id=106363 Reviewed by Mark Hahnenberg. Source/JavaScriptCore: * runtime/JSArray.h: (JSC::JSArray::tryCreateUninitialized): LayoutTests: * fast/js/jsc-test-list: * fast/js/new-array-double-with-holes-expected.txt: Added. * fast/js/new-array-double-with-holes.html: Added. * fast/js/script-tests/new-array-double-with-holes.js: Added. (foo): Change-Id: Iad48b7dd0e71bcbe8557fd6f19487fcd9eeed585 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139094 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | Dont use a node reference after appending to the graph.Filip Pizlo2013-04-041-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=103305 <rdar://problem/12753096> Reviewed by Mark Hahnenberg. * dfg/DFGArgumentsSimplificationPhase.cpp: (JSC::DFG::ArgumentsSimplificationPhase::run): Change-Id: I48ebd652e936ca5781fd6d1bab2df012b2027c34 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139264 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | | DFG X86: division in the used-as-int case doesn't correctly check for -2^31/-1Michael Saboff2013-04-041-2/+2
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=106978 Reviewed by Filip Pizlo. Source/JavaScriptCore: Changed the numerator equal to -2^31 check to just return if we expect an integer result, since the check is after we have determined that the denominator is -1. The int result of -2^31 / -1 is -2^31, so just return the numerator as the result. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): LayoutTests: Added a new DFG check for -2^31 / -1 when we expect and integer result. * fast/js/integer-division-neg2tothe32-by-neg1-expected.txt: * fast/js/script-tests/integer-division-neg2tothe32-by-neg1.js: (myDivExpectingInt): Change-Id: Ifd8dd24e75e60520a140c09948dd3ab49aaa3fa8 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139835 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | Implement JIT on Windows 64 bitsJocelyn Turcotte2013-03-297-5/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107965 Reviewed by Simon Hausmann. Source/JavaScriptCore: 1. MSVC doesn't support inline assembly for 64 bits, implements the trampoline in a separate ASM file. 2. Windows 64 bits has a different calling convention than other OSes following the AMD64 ABI. Differences that we have to handle here: - Registers passed parameters are RCX, RDX, R8 and R9 instead of RDI, RSI, RDX, RCX, R8 and R9 - RDI and RSI must be preserved by callee - Only return values <= 8 bytes can be returned by register (RDX can't be used to return a second word) - There is no red-zone after RIP on the stack, but instead 4 reserved words before it * Target.pri: * jit/JITStubs.cpp: * jit/JITStubs.h: (JSC): (JITStackFrame): (JSC::JITStackFrame::returnAddressSlot): * jit/JITStubsMSVC64.asm: Added. * jit/JSInterfaceJIT.h: (JSInterfaceJIT): * jit/ThunkGenerators.cpp: (JSC::nativeForGenerator): * yarr/YarrJIT.cpp: (YarrGenerator): (JSC::Yarr::YarrGenerator::generateEnter): (JSC::Yarr::YarrGenerator::generateReturn): Source/WTF: * wtf/Platform.h: Change-Id: Ie1910350e36defcd427a95ceb9aa280fa61083e7 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144043 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | DFG 32_64 backend doesn't check for hasArrayStorage() in NewArrayWithSizeFilip Pizlo2013-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=107081 Reviewed by Michael Saboff. This bug led to the 32_64 backend emitting contiguous allocation code to allocate ArrayStorage arrays. This then led to all manner of heap corruption, since subsequent array accesses would be accessing the contiguous array "as if" it was an arraystorage array. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): Change-Id: Ide538ea42dc32f29daf7bfe4b035053f1e9471b1 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139949 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | DFG Phantom node should be honest about the fact that it can exitv5.1.0-alpha1Filip Pizlo2013-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=111115 Reviewed by Mark Hahnenberg. The chances of this having cause serious issues are low, since most clients of the NodeDoesNotExit flag run after CFA and CFA updates this properly. But one possible case of badness is if the ByteCodeParser inserted a Phantom with a type check in between a LogicalNot and a Branch; then that peephole optimization in Fixup might go slightly wrong. * dfg/DFGNodeType.h: (DFG): Change-Id: I568e22c3577979de0eeea945de519a920ee212b6 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144373 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | DFG is too aggressive with eliding overflow checks in loopsFilip Pizlo2013-03-272-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=105226 Reviewed by Mark Hahnenberg and Oliver Hunt. Source/JavaScriptCore: If we see a variable's live range cross basic block boundaries, conservatively assume that it may be part of a data-flow back-edge, and as a result, we may have entirely integer operations that could lead to the creation of an integer that is out of range of 2^52 (the significand of a double float). This does not seem to regress any of the benchmarks we care about, and it fixes the bug. In future we may want to actually look at whether or not there was a data-flow back-edge instead of being super conservative about it. But we have no evidence, yet, that this would help us on real code. * dfg/DFGNodeFlags.h: (DFG): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-int-overflow-in-loop-expected.txt: Added. * fast/js/dfg-int-overflow-in-loop.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-int-overflow-in-loop.js: Added. (foo): Change-Id: I9df2d6d17ba404802456f4e2da313e47f0f4f62e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137963 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | DFG is too aggressive eliding overflow checks for additions involving large ↵Filip Pizlo2013-03-262-11/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | constants https://bugs.webkit.org/show_bug.cgi?id=105239 Reviewed by Gavin Barraclough. Source/JavaScriptCore: If we elide overflow checks on an addition (or subtraction) involving a larger-than-2^32 immediate, then make sure that the non-constant child of the addition knows that he's got to do an overflow check, by flowing the UsedAsNumber property at him. * dfg/DFGGraph.h: (JSC::DFG::Graph::addSpeculationMode): (Graph): (JSC::DFG::Graph::addShouldSpeculateInteger): (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-int-overflow-large-constants-in-a-line-expected.txt: Added. * fast/js/dfg-int-overflow-large-constants-in-a-line.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-int-overflow-large-constants-in-a-line.js: Added. (foo): Change-Id: If9f7c71050b6f07fc024e6e9f42083d7d3ca71f6 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137980 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | javascript integer overflowFilip Pizlo2013-03-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104967 Reviewed by Mark Hahnenberg. Source/JavaScriptCore: Fix PutScopedVar backward flow. * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-put-scoped-var-backward-flow-expected.txt: Added. * fast/js/dfg-put-scoped-var-backward-flow.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-put-scoped-var-backward-flow.js: Added. (sum): Change-Id: I63c3091751555d3690f22e38a55408ced098adf8 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137951 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | Don't assert that flags <= 0x3ff in JSTypeInfoFilip Pizlo2013-03-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104988 Reviewed by Sam Weinig. This assertion doesn't accomplish anything other than crashes. * runtime/JSTypeInfo.h: (JSC::TypeInfo::TypeInfo): Change-Id: I16848f37dd75c3de061e737097f0a09a01e31626 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137705 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | Named lookups on HTML documents produce inconsistent results in ↵Filip Pizlo2013-03-264-7/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JavaScriptCore bindings https://bugs.webkit.org/show_bug.cgi?id=104623 Reviewed by Geoffrey Garen. Source/JavaScriptCore: Add the notion of objects that HasImpureGetOwnPropertySlot, and use that to inhibit prototype chain caching in some cases. This appears to be perf-neutral on benchmarks that we track. * dfg/DFGRepatch.cpp: (JSC::DFG::tryCacheGetByID): (JSC::DFG::tryBuildGetByIDProtoList): * jit/JITStubs.cpp: (JSC::JITThunks::tryCacheGetByID): (JSC::DEFINE_STUB_FUNCTION): * runtime/JSTypeInfo.h: (JSC): (JSC::TypeInfo::hasImpureGetOwnPropertySlot): * runtime/Operations.h: (JSC::normalizePrototypeChainForChainAccess): Source/WebCore: All DOM objects that have named getters or directly override getOwnPropertySlot are now marked as HasImpureGetOwnPropertySlot. Tests: fast/js/prototype-chain-caching-with-impure-get-own-property-slot-traps fast/js/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): LayoutTests: * fast/js/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps-expected.txt: Added. * fast/js/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps.html: Added. * fast/js/prototype-chain-caching-with-impure-get-own-property-slot-traps-expected.txt: Added. * fast/js/prototype-chain-caching-with-impure-get-own-property-slot-traps.html: Added. * fast/js/script-tests/dfg-prototype-chain-caching-with-impure-get-own-property-slot-traps.js: Added. (f): * fast/js/script-tests/prototype-chain-caching-with-impure-get-own-property-slot-traps.js: Added. (f): Change-Id: Ie17e39f2b8139778455e28aca9428698f4dd362f git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137700 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
View Lorry Controller Status