summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore
Commit message (Collapse)AuthorAgeFilesLines
...
* | Fix uninitialized accessAllan Sandfeld Jensen2014-10-101-0/+8
| | | | | | | | | | | | | | | | | | | | When an identifier is made from an empty string, the constructor still tries accessing the first character to populate a cache. This leads to access of uninitialized data, and wrong data in the cache. This causes no wrong behavior though except unuseful data in the cache. Change-Id: Ice9f10b08306799b160f8b95b76bd056f29d228d Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* | Fix valgrind warning about uninitialized accessAllan Sandfeld Jensen2014-10-061-3/+3
| | | | | | | | | | | | | | | | A default cache-entry has a null String and an uninitialized key. We should therefore only try to use the key if the String is not null. Change-Id: Icd6819b96b9b650305cf0611b6b2978c07dc9196 Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* | (un)shiftCountWithAnyIndexingType will start over in the middle of copying ↵Mark Hahnenberg2014-09-301-23/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if it sees a hole https://bugs.webkit.org/show_bug.cgi?id=121717 Reviewed by Oliver Hunt. Source/JavaScriptCore: This bug caused the array to become corrupted. We now check for holes before we start moving things, and start moving things only once we've determined that there are none. * runtime/JSArray.cpp: (JSC::JSArray::shiftCountWithAnyIndexingType): (JSC::JSArray::unshiftCountWithAnyIndexingType): Change-Id: I9948bfa2c9b4a345076f7f2b4e50a566f521b6fe git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156214 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | DFG 32Bit: Crash loading "Classic" site @ translate.google.comMichael Saboff2014-09-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=120015 Reviewed by Sam Weinig. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::fillSpeculateCell): Added checks for spillFormat being DataFormatInteger or DataFormatDouble similar to what is in the 64 bit code and in all versions of fillSpeculateBoolean(). Change-Id: I4de21707f00c1538b82b9bee6b2acc2903611983 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | <https://webkit.org/b/120079> Flattening a dictionary can cause CopiedSpace ↵Mark Hahnenberg2014-09-254-18/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | corruption Reviewed by Oliver Hunt. When we flatten an object in dictionary mode, we compact its properties. If the object had out-of-line storage in the form of a Butterfly prior to this compaction, and after compaction its properties fit inline, the object's Structure "forgets" that the object has a non-zero Butterfly pointer. During GC, we check the Butterfly and reportLiveBytes with bytes = 0, which causes all sorts of badness in CopiedSpace. Instead, after we flatten a dictionary, if properties fit inline we should clear the Butterfly pointer so that the GC doesn't get confused later. This patch does this clearing, and it also adds JSObject::checkStructure, which overrides JSCell::checkStructure to add an ASSERT that makes sure that the Structure being assigned agrees with the whether or not the object has a Butterfly. Also added an ASSERT to check that the number of bytes reported to SlotVisitor::copyLater is non-zero. * heap/SlotVisitorInlines.h: (JSC::SlotVisitor::copyLater): * runtime/JSObject.cpp: (JSC::JSObject::notifyPresenceOfIndexedAccessors): (JSC::JSObject::convertUndecidedToInt32): (JSC::JSObject::convertUndecidedToDouble): (JSC::JSObject::convertUndecidedToContiguous): (JSC::JSObject::convertInt32ToDouble): (JSC::JSObject::convertInt32ToContiguous): (JSC::JSObject::genericConvertDoubleToContiguous): (JSC::JSObject::switchToSlowPutArrayStorage): (JSC::JSObject::setPrototype): (JSC::JSObject::putDirectAccessor): (JSC::JSObject::seal): (JSC::JSObject::freeze): (JSC::JSObject::preventExtensions): (JSC::JSObject::reifyStaticFunctionsForDelete): (JSC::JSObject::removeDirect): * runtime/JSObject.h: (JSC::JSObject::setButterfly): (JSC::JSObject::putDirectInternal): (JSC::JSObject::setStructure): (JSC::JSObject::setStructureAndReallocateStorageIfNecessary): * runtime/Structure.cpp: (JSC::Structure::flattenDictionaryStructure): Change-Id: Idfd8c22555f4373c1104316ff1ee28f5f84ef083 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154366 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs ↵Geoffrey Garen2014-09-252-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "wrong!", shouldn't! https://bugs.webkit.org/show_bug.cgi?id=123179 Reviewed by Mark Hahnenberg. Source/JavaScriptCore: * parser/NodeConstructors.h: (JSC::LogicalOpNode::LogicalOpNode): * parser/ResultType.h: (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean. This is JavaScript (aka Sparta). LayoutTests: * js/dom/branch-fold-correctness.html: Added a test for this case. Change-Id: I72f81f31d88dee306428dd5eab9d40fcec009042 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157830 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* | REGRESSION: Crash when opening Facebook.comOliver Hunt2014-09-252-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=119155 Reviewed by Andreas Kling. Scope nodes are always objects, so we should be using SpecObjectOther rather than SpecCellOther. Marking Scopes as CellOther leads to a contradiction in the CFA, resulting in bogus codegen. * dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::::executeEffects): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): Change-Id: Ic083c04b9351c904ea4b5ee41bcc98c7d66d757d git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153410 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | Incorrect behavior on emscripten-compiled cube2hashFilip Pizlo2014-09-241-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=120033 Source/JavaScriptCore: Reviewed by Mark Hahnenberg. If PutClosureVar is may-aliased to another PutClosureVar or GetClosureVar then we should bail attempts to CSE. * dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::scopedVarLoadElimination): (JSC::DFG::CSEPhase::scopedVarStoreElimination): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154344 268f45cc-cd09-0410-ab3c-d52691b4dbfc Task-number: QTBUG-41500 Change-Id: Ia6bd7b09b20a99d5f4b5a14bf58737bc4b8c6a2b Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | Aligned argument signatures of setupArgumentsWithExecState are missing on MIPS.commit-queue@webkit.org2014-09-191-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=121439 Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-09-16 Reviewed by Geoffrey Garen. Missing implementations of setupArgumentsWithExecState added. Change-Id: Ief1b1505d6c20b091ae0fcc24d7c21f50fcc712a git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155884 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | ARM EABI hardfp buildfix after r155675ossy@webkit.org2014-09-181-2/+3
| | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=121287 Reviewed by Geoffrey Garen. Change-Id: I03c086a652b501c5424a6de6763fed1c88466e3a git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155705 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Fixed crash in V8 benchmark suite in ARM,softp,EABI environment.commit-queue@webkit.org2014-09-182-13/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=117281 Patch by Youngho Yoo <youngho33.yoo@lge.com> on 2013-09-13 Reviewed by Michael Saboff. Fix the missing EABI_32BIT_DUMMY_ARG in FPRReg using callOperation function. Change-Id: I77e7e7a37ada9d33574949220d109e8b5f2392b2 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155675 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Fix building QtWebKit for QNXAllan Sandfeld Jensen2014-09-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | Fix method now available in QNX 6.6, lack of std::move even with C++11 enabled, binary structure of stack frames on QNX x86 and the wrongly advertised existence of MADV_FREE and MADV_REUSE. Change-Id: I0dacbd19ed932ec6b3b2cc1d625a347e169615a5 Reviewed-by: Milian Wolff <milian.wolff@kdab.com> Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* | [mips] Fix unaligned access in Low Level Interpreter (LLINT).Julien Brianceau2014-09-051-1/+6
| | | | | | | | | | | | | | | | Address loads used with btbxx opcodes were wrongly converted to lw instruction instead of lbu, leading to unaligned access on mips platforms. Change-Id: I7b14aa40215affe582bcadade2f783769a97a7d3 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | [mips] Handle properly halfword load in JavaScriptCore.Julien Brianceau2014-09-031-1/+47
| | | | | | | | | | | | | | | | This patch improves YarrJIT efficiency on mips platforms. SunSpider's regexp-dna test can be used to monitor performance impact. Change-Id: I28d99fb01628bc72f29c120caf8bc53c5d06e3ff Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Correct GC length unit and prevent division by 0 in showObjectStatistics.Julien Brianceau2014-08-281-13/+14
| | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=136340 Reviewed by Mark Hahnenberg. Change-Id: I20483be1225d674160bbdab183bc52121fe4411c git-svn-id: http://svn.webkit.org/repository/webkit/trunk@173062 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* | Take advantage of 3 parameters or32() callsJulien Brianceau2014-08-281-12/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=136287 Reviewed by Michael Saboff. For specific architectures (arm and mips for instance), or32() calls with 3 parameters are likely to produce a single instruction. Change-Id: I1c56f5b8229dd2d82d96c56cb10b1ac8dc9ba0b0 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@173006 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [mips] Use shorter j <address> jump in MacroAssembler::replaceWithJumpBalazs Kilvady2014-08-253-45/+20
| | | | | | | | | | | | | | Patch taken from https://bugs.webkit.org/show_bug.cgi?id=125920 Change-Id: I6583ea37e00f4dff80971bd44906936229540171 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | [mips] Take advantage of integer divide instruction for ArithDiv and ArithMod.Julien Brianceau2014-08-235-1/+75
|/ | | | | | | Added MIPS integer divide path for ArithDiv and ArithMod where operands and results are integer. Change-Id: I00d5b58e6e0be39f083676fb0c435b3545d3aca1 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Crash during exception unwindingOliver Hunt2014-07-089-12/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://webkit.org/b/119860 Reviewed by Filip Pizlo. Add an "Unreachable" NodeType, and then rearrange op_throw and op_throw_reference_error to plant Throw or ThrowReferenceError followed by a flush and then the Unreachable node. We need this so that Throw and ThrowReferenceError no longer need to be treated as terminals and the subsequent flush keeps the activation (and other registers) live. * dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::::executeEffects): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGClobberize.h: (JSC::DFG::clobberize): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGNode.h: (JSC::DFG::Node::isTerminal): * dfg/DFGNodeType.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): Change-Id: Idb894e780cd3ebe15515d1796c58a339ae54d55f git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154290 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Fix android build error about already defined struct.Sergio Martins2014-06-271-8/+0
| | | | | | | | | | Minimum API version is 9, which already defines this struct in elf.h Also see qtscript/49ab1bd9838dc3c069be780ff6d69a2543c06ed6 which does the same thing there. Change-Id: Ia56f8399156a93edc569e7bb982bd7186a16a445 Reviewed-by: BogDan Vatra <bogdan@kde.org>
* Fix SpeculateCellOperand ASSERT failure in DFG for 32-bit builds.Julien Brianceau2014-06-261-18/+27
| | | | | | | | | | Original patch by Filip Pizlo <fpizlo@apple.com> on 2013-08-28 taken from WebKit r154804 (http://trac.webkit.org/changeset/154804). Task-number: QTBUG-39768 Change-Id: I239f2ee2ec5d1c21f7e50709b8989e744fd87995 Reviewed-by: Zhang Zengbo <zengbo.zhang@gmail.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* [mips] Add floating point absolute support in JavaScriptCore.Julien Brianceau2014-06-102-3/+16
| | | | | Change-Id: I8b03fb0380fa444a6da239d8ddb19bdbe6b3d061 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Prevent register clobbering to fix negative zero check in SoftModulo.Julien Brianceau2014-06-061-1/+7
| | | | | | | | This fix is not relevant for x86 architectures. Covered by integer-division-neg2tothe32-by-neg1 JavaScript test. Change-Id: I8ffd1280063305bc98c564f5df57c76cc5b1d7a6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* [mips] Fix branchTruncateDoubleToUint32 implementation in macro assembler.Julien Brianceau2014-06-051-1/+1
| | | | | | | Test dfg-uint32array-overflow-values fails without this patch. Change-Id: Ia186ab5c3fbc19fd7621f5cc60678b82a6424641 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix problems with divot and lineStart mismatches.Mark Lam2014-05-0613-589/+529
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=118662. Reviewed by Oliver Hunt. Source/JavaScriptCore: r152494 added the recording of lineStart values for divot positions. This is needed for the computation of column numbers. Similarly, it also added the recording of line numbers for the divot positions. One problem with the approach taken was that the line and lineStart values were recorded independently, and hence were not always guaranteed to be sampled at the same place that the divot position is recorded. This resulted in potential mismatches that cause some assertions to fail. The solution is to introduce a JSTextPosition abstraction that records the divot position, line, and lineStart as a single quantity. Wherever we record the divot position as an unsigned int previously, we now record its JSTextPosition which captures all 3 values in one go. This ensures that the captured line and lineStart will always match the captured divot position. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitCall): (JSC::BytecodeGenerator::emitCallEval): (JSC::BytecodeGenerator::emitCallVarargs): (JSC::BytecodeGenerator::emitConstruct): (JSC::BytecodeGenerator::emitDebugHook): - Use JSTextPosition instead of passing line and lineStart explicitly. * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitExpressionInfo): - Use JSTextPosition instead of passing line and lineStart explicitly. * bytecompiler/NodesCodegen.cpp: (JSC::ThrowableExpressionData::emitThrowReferenceError): (JSC::ResolveNode::emitBytecode): (JSC::BracketAccessorNode::emitBytecode): (JSC::DotAccessorNode::emitBytecode): (JSC::NewExprNode::emitBytecode): (JSC::EvalFunctionCallNode::emitBytecode): (JSC::FunctionCallValueNode::emitBytecode): (JSC::FunctionCallResolveNode::emitBytecode): (JSC::FunctionCallBracketNode::emitBytecode): (JSC::FunctionCallDotNode::emitBytecode): (JSC::CallFunctionCallDotNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): (JSC::PostfixNode::emitResolve): (JSC::PostfixNode::emitBracket): (JSC::PostfixNode::emitDot): (JSC::DeleteResolveNode::emitBytecode): (JSC::DeleteBracketNode::emitBytecode): (JSC::DeleteDotNode::emitBytecode): (JSC::PrefixNode::emitResolve): (JSC::PrefixNode::emitBracket): (JSC::PrefixNode::emitDot): (JSC::UnaryOpNode::emitBytecode): (JSC::BinaryOpNode::emitStrcat): (JSC::BinaryOpNode::emitBytecode): (JSC::ThrowableBinaryOpNode::emitBytecode): (JSC::InstanceOfNode::emitBytecode): (JSC::emitReadModifyAssignment): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::AssignDotNode::emitBytecode): (JSC::ReadModifyDotNode::emitBytecode): (JSC::AssignBracketNode::emitBytecode): (JSC::ReadModifyBracketNode::emitBytecode): (JSC::ForInNode::emitBytecode): (JSC::WithNode::emitBytecode): (JSC::ThrowNode::emitBytecode): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/ASTBuilder.h: - Replaced ASTBuilder::PositionInfo with JSTextPosition. (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo): (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo): (JSC::ASTBuilder::createResolve): (JSC::ASTBuilder::createBracketAccess): (JSC::ASTBuilder::createDotAccess): (JSC::ASTBuilder::createRegExp): (JSC::ASTBuilder::createNewExpr): (JSC::ASTBuilder::createAssignResolve): (JSC::ASTBuilder::createExprStatement): (JSC::ASTBuilder::createForInLoop): (JSC::ASTBuilder::createReturnStatement): (JSC::ASTBuilder::createBreakStatement): (JSC::ASTBuilder::createContinueStatement): (JSC::ASTBuilder::createLabelStatement): (JSC::ASTBuilder::createWithStatement): (JSC::ASTBuilder::createThrowStatement): (JSC::ASTBuilder::appendBinaryExpressionInfo): (JSC::ASTBuilder::appendUnaryToken): (JSC::ASTBuilder::unaryTokenStackLastStart): (JSC::ASTBuilder::assignmentStackAppend): (JSC::ASTBuilder::createAssignment): (JSC::ASTBuilder::setExceptionLocation): (JSC::ASTBuilder::makeDeleteNode): (JSC::ASTBuilder::makeFunctionCallNode): (JSC::ASTBuilder::makeBinaryNode): (JSC::ASTBuilder::makeAssignNode): (JSC::ASTBuilder::makePrefixNode): (JSC::ASTBuilder::makePostfixNode): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Lexer.cpp: (JSC::::lex): - Added support for capturing the appropriate JSTextPositions instead of just the character offset. * parser/Lexer.h: (JSC::Lexer::currentPosition): (JSC::::lexExpectIdentifier): - Added support for capturing the appropriate JSTextPositions instead of just the character offset. * parser/NodeConstructors.h: (JSC::Node::Node): (JSC::ResolveNode::ResolveNode): (JSC::EvalFunctionCallNode::EvalFunctionCallNode): (JSC::FunctionCallValueNode::FunctionCallValueNode): (JSC::FunctionCallResolveNode::FunctionCallResolveNode): (JSC::FunctionCallBracketNode::FunctionCallBracketNode): (JSC::FunctionCallDotNode::FunctionCallDotNode): (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode): (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode): (JSC::PostfixNode::PostfixNode): (JSC::DeleteResolveNode::DeleteResolveNode): (JSC::DeleteBracketNode::DeleteBracketNode): (JSC::DeleteDotNode::DeleteDotNode): (JSC::PrefixNode::PrefixNode): (JSC::ReadModifyResolveNode::ReadModifyResolveNode): (JSC::ReadModifyBracketNode::ReadModifyBracketNode): (JSC::AssignBracketNode::AssignBracketNode): (JSC::AssignDotNode::AssignDotNode): (JSC::ReadModifyDotNode::ReadModifyDotNode): (JSC::AssignErrorNode::AssignErrorNode): (JSC::WithNode::WithNode): (JSC::ForInNode::ForInNode): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Nodes.cpp: (JSC::StatementNode::setLoc): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Nodes.h: (JSC::Node::lineNo): (JSC::Node::startOffset): (JSC::Node::lineStartOffset): (JSC::Node::position): (JSC::ThrowableExpressionData::ThrowableExpressionData): (JSC::ThrowableExpressionData::setExceptionSourceCode): (JSC::ThrowableExpressionData::divot): (JSC::ThrowableExpressionData::divotStart): (JSC::ThrowableExpressionData::divotEnd): (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData): (JSC::ThrowableSubExpressionData::setSubexpressionInfo): (JSC::ThrowableSubExpressionData::subexpressionDivot): (JSC::ThrowableSubExpressionData::subexpressionStart): (JSC::ThrowableSubExpressionData::subexpressionEnd): (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData): (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo): (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot): (JSC::ThrowablePrefixedSubExpressionData::subexpressionStart): (JSC::ThrowablePrefixedSubExpressionData::subexpressionEnd): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Parser.cpp: (JSC::::Parser): (JSC::::parseInner): - Use JSTextPosition instead of passing line and lineStart explicitly. (JSC::::didFinishParsing): - Remove setting of m_lastLine value. We always pass in the value from m_lastLine anyway. So, this assignment is effectively a nop. (JSC::::parseVarDeclaration): (JSC::::parseVarDeclarationList): (JSC::::parseForStatement): (JSC::::parseBreakStatement): (JSC::::parseContinueStatement): (JSC::::parseReturnStatement): (JSC::::parseThrowStatement): (JSC::::parseWithStatement): (JSC::::parseTryStatement): (JSC::::parseBlockStatement): (JSC::::parseFunctionDeclaration): (JSC::LabelInfo::LabelInfo): (JSC::::parseExpressionOrLabelStatement): (JSC::::parseExpressionStatement): (JSC::::parseAssignmentExpression): (JSC::::parseBinaryExpression): (JSC::::parseProperty): (JSC::::parsePrimaryExpression): (JSC::::parseMemberExpression): (JSC::::parseUnaryExpression): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/Parser.h: (JSC::Parser::next): (JSC::Parser::nextExpectIdentifier): (JSC::Parser::getToken): (JSC::Parser::tokenStartPosition): (JSC::Parser::tokenEndPosition): (JSC::Parser::lastTokenEndPosition): (JSC::::parse): - Use JSTextPosition instead of passing line and lineStart explicitly. * parser/ParserTokens.h: (JSC::JSTextPosition::JSTextPosition): (JSC::JSTextPosition::operator+): (JSC::JSTextPosition::operator-): (JSC::JSTextPosition::operator int): - Added JSTextPosition. * parser/SyntaxChecker.h: (JSC::SyntaxChecker::makeFunctionCallNode): (JSC::SyntaxChecker::makeAssignNode): (JSC::SyntaxChecker::makePrefixNode): (JSC::SyntaxChecker::makePostfixNode): (JSC::SyntaxChecker::makeDeleteNode): (JSC::SyntaxChecker::createResolve): (JSC::SyntaxChecker::createBracketAccess): (JSC::SyntaxChecker::createDotAccess): (JSC::SyntaxChecker::createRegExp): (JSC::SyntaxChecker::createNewExpr): (JSC::SyntaxChecker::createAssignResolve): (JSC::SyntaxChecker::createForInLoop): (JSC::SyntaxChecker::createReturnStatement): (JSC::SyntaxChecker::createBreakStatement): (JSC::SyntaxChecker::createContinueStatement): (JSC::SyntaxChecker::createWithStatement): (JSC::SyntaxChecker::createLabelStatement): (JSC::SyntaxChecker::createThrowStatement): (JSC::SyntaxChecker::appendBinaryExpressionInfo): (JSC::SyntaxChecker::operatorStackPop): - Use JSTextPosition instead of passing line and lineStart explicitly. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153477 268f45cc-cd09-0410-ab3c-d52691b4dbfc Task-number: QTBUG-38708 Change-Id: Ic6a65e8915c634dffe76b7181b38d6be0ab4a45d Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* [mips] Fix or32 implementation in macro assembler.Julien Brianceau2014-04-081-1/+3
| | | | | | | | This patch fixes JavaScript issues for the mips backend, especially in the DFG stage when using (x|0) expressions. Change-Id: I4c7c7280735481dc06ca24745d2e42b2d8e13ef5 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix compiler warnings when building Qt WebKitAllan Sandfeld Jensen2014-03-181-4/+4
| | | | | | | | Fix warnings about C++11 violating syntax, unused variables in leveldb and non anynomous classes deriving from anonymous ones. Change-Id: I39326eed03fabe2856f1ea7c93eff65f30ee78ee Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Fix build: LLIntAssembly.h is in a subdir of generated/Thiago Macieira2014-03-171-1/+2
| | | | | | | | | ruby /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/offlineasm/asm.rb /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm LLIntOffsetsExtractor generated/LLIntOffsetsExtractor/LLIntAssembly.h offlineasm: Parsing /home/thiago/src/qt/qt5/qtwebkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm and LLIntOffsetsExtractor and creating assembly file generated/LLIntOffsetsExtractor/LLIntAssembly.h. Change-Id: If12f1476de74c3feeb5c6d6e2e115829e1106581 Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@digia.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Use qmake optimize_fullAllan Sandfeld Jensen2014-03-101-4/+1
| | | | | | | | | | Qmake now has new config optimize_full that replaces -O2 with -O3. We should use that in QtWebKit instead of trying to do the same ourselves. This makes clang now use -O3 like gcc does. Change-Id: I3db6167833c579bdea941d3ad1b3636cbad62475 Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* Compile fix for Win64 with jit disabled.achristensen@apple.com2014-03-071-1/+1
| | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=119804 Reviewed by Michael Saboff. * offlineasm/cloop.rb: Added std:: before isnan. Change-Id: Ie7d922b7d6a0f45619a77029b07804aef5d01076 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154066 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on ↵Mark Hahnenberg2014-03-071-2/+2
| | | | | | | | | | | | | | | | | the length of the ArrayStorage after possible reallocing it https://bugs.webkit.org/show_bug.cgi?id=120278 Reviewed by Geoffrey Garen. Source/JavaScriptCore: * runtime/JSObject.cpp: (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): Change-Id: I034d6950683304d08a4e076d58fb1b999ade444b git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154633 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Setting a large numeric property on an object causes it to allocate a huge ↵Mark Hahnenberg2014-03-072-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | backing store https://bugs.webkit.org/show_bug.cgi?id=118914 Reviewed by Geoffrey Garen. Source/JavaScriptCore: There are two distinct actions that we're trying to optimize for: new Array(100000); and: a = []; a[100000] = 42; In the first case, the programmer has indicated that they expect this Array to be very big, so they should get a contiguous array up until some threshold, above which we perform density calculations to see if it is indeed dense enough to warrant being contiguous. In the second case, the programmer hasn't indicated anything about the size of the Array, so we should be more conservative and assume it should be sparse until we've proven otherwise. Currently both of those cases are handled by MIN_SPARSE_ARRAY_INDEX. We should distinguish between them for the purposes of not over-allocating large backing stores like we see on http://www.peekanalytics.com/burgerjoints/ The way that we'll do this is to keep the MIN_SPARSE_ARRAY_INDEX for the first case, and introduce a new heuristic for the second case. If we are putting to an index above a certain threshold (say, 1000) and it is beyond the length of the array, then we will use a sparse map instead. So for example, in the second case above the empty array has a blank indexing type and a length of 0. We put-by-val to an index > 1000 and > a.length, so we'll use a sparse map. This fix is ~800x speedup on the accompanying regression test :-o * runtime/ArrayConventions.h: (JSC::indexIsSufficientlyBeyondLengthForSparseMap): * runtime/JSObject.cpp: (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes): (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage): (JSC::JSObject::putByIndexBeyondVectorLength): (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153374 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I1c29992d6e09c9d523a8093e76e3848a9581ce45 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Use moveDoubleToInts in SpecializedThunkJIT::returnDouble for non-X86 ↵Julien Brianceau2014-03-031-0/+5
| | | | | | | | | | | | | | | | | | | | JSVALUE32_64 ports. https://bugs.webkit.org/show_bug.cgi?id=124936 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-29 Reviewed by Zoltan Herczeg. The moveDoubleToInts implementations in ARM, MIPS and SH4 macro assemblers do not clobber src FPRegister and are likely to be more efficient than the current generic implementation using the stack. * jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::returnDouble): Change-Id: Ie3b6516a4047717212521315e85f5e2094373cbc git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159873 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Fix build on x32v5.3.0-alpha1Allan Sandfeld Jensen2014-02-251-1/+1
| | | | | | | Recognize x32 and disable JIT and native LLINT in this configuration. Change-Id: I1576e38ffcff92495c4c108f66f2df17de9a5e9c Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Fix Qt WebKit build on architectures without JIT supportAllan Sandfeld Jensen2014-02-211-0/+4
| | | | | | | | | | | | | The fallback LLINT interpreter was triggering YARR JIT which would fail to compile and also trigger ENABLE_ASSEMBLER which would trigger even more not to compile. YARR JIT is only supported on platforms with valid JIT or native LLINT support. So we must avoid it when the fallback is used Task-number: QTBUG-36969 Change-Id: Ie94bcb316e192feb33ab528ddc3a328af154cebf Reviewed-by: Michael Bruning <michael.bruning@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2014-02-122-52/+115
|\ | | | | | | Change-Id: Iea6cf3f34fb33f2d138b72243b0e688958d9424e
| * [mips] Wrong register usage in LLInt.old/5.2Balazs Kilvady2014-02-102-52/+115
| | | | | | | | | | | | | | | | | | | | | | Fix register usage and add PIC header to all LLInt operations. This patch is taken from https://bugs.webkit.org/show_bug.cgi?id=125168. It fixes the crash of fast/js/exception-propagate-from-dfg-to-llint test on mips architecture. Change-Id: I98ad3b5766451cab48a76f7e028b210f9ebe99ed Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Replace win32-g++ with mingw scopeKai Koehne2014-01-271-1/+1
| | | | | | | | | | | | | | | | | | | | Commit 773dd01 in qtbase introduced a general mingw platform scope, which is cleaner and more flexible than matching the spec name. (see 278152fff for a similar commit in qtbase). Change-Id: Id3dcd3474504aebeee16dc41cd1eeab7ac21b319 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-12-231-1/+0
|\ \ | |/ | | | | Change-Id: I31a326945d624b10d5c87703d0e2b8ac723a05ab
| * Do not completely erase LIBS variableJürgen Hunold2013-12-171-1/+0
| | | | | | | | | | | | | | | | | | | | Using an empty LIBS variable prevents usage of custom library paths and libraries via configure -L <path> -l <extra_lib>. This is needed for linking with an alternative stdlib implementation. Change-Id: Ie1009bfd435436bf584b2963066535ee90f4d5d0 Reviewed-by: Pierre Rossi <pierre.rossi@gmail.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-11-293-112/+73
|\ \ | |/ | | | | | | | | | | Conflicts: .qmake.conf Change-Id: I9f566e48b319664f2783788572935da39749c91c
| * Merge remote-tracking branch 'origin/release' into stableFrederik Gladhorn2013-11-261-3/+3
| |\ | | | | | | | | | Change-Id: I9088052f76de19e584cd16fd039502de6b22bec2
| | * Fix compilation on ARMSamuli Piippo2013-11-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Android fix broke ARM compilation on non-Android Linux platforms. Now correcly define Elf32_auxv_t only on Android/Qt and otherwise include asm/hwcap.h Same fix was previously applied to QtScript, which had the exact same android problem (QTBUG-30978). Task-number: QTBUG-34917 Change-Id: I29d570731754c6291f8dc0c379e6fdc8ec72b897 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Fix revertJumpReplacementToBranchPtrWithPatch in MacroAssembler.commit-queue@webkit.org2013-11-202-11/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=124468 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-17 Reviewed by Michael Saboff. Current implementation of revertJumpReplacementToBranchPtrWithPatch is wrong in the sh4 MacroAssembler part, leading to random instabilities. This patch fixes it and also renames the bad-named revertJumpToMove to revertJumpReplacementToBranchPtrWithPatch in the SH4Assembler. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): * assembler/SH4Assembler.h: (JSC::SH4Assembler::replaceWithJump): (JSC::SH4Assembler::revertJumpReplacementToBranchPtrWithPatch): Change-Id: Ifbc6851f506a1303c85cff3a47c23e932fad033c git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159400 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Protect repatchCompact from flushConstantPool.commit-queue@webkit.org2013-11-201-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=124278 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-13 Reviewed by Michael Saboff. Random crashes may occur with sh4 architecture, when a flushConstantPool occurs in movlMemRegCompact. As in this case a branch opcode and the constant pool are put before the movlMemRegCompact, the branch itself is patched when calling repatchCompact instead of the mov instruction, which is really bad. * assembler/SH4Assembler.h: (JSC::SH4Assembler::repatchCompact): Handle this specific case and add an ASSERT. Change-Id: I9c0e78cade4d20d0d83d683ffe6a499cee63bdbb git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159203 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Fix load32WithUnalignedHalfWords function in baseline JIT.commit-queue@webkit.org2013-11-201-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=124233 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-12 Reviewed by Michael Saboff. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): Do not claim scratch register too early. Test already covered by fast/regex/pcre-test-1. Change-Id: Ib783d70723754e80d961ade9463d7dc85ccb83f0 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159153 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
| * | [sh4] Refactor jumps in baseline JIT to return label after the jump.commit-queue@webkit.org2013-11-202-93/+33
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=123734 Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-04 Reviewed by Michael Saboff. Current implementation of jumps in sh4 baseline JIT returns a label on the jump itself and not after it. This is not correct and leads to issues like infinite loop the DFG (https://bugs.webkit.org/show_bug.cgi?id=122597 for instance). This refactor fixes this and also simplifies the link and relink procedures for sh4 jumps. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::branchDouble): (JSC::MacroAssemblerSH4::branchTrue): (JSC::MacroAssemblerSH4::branchFalse): * assembler/SH4Assembler.h: (JSC::SH4Assembler::jmp): (JSC::SH4Assembler::extraInstrForBranch): (JSC::SH4Assembler::jne): (JSC::SH4Assembler::je): (JSC::SH4Assembler::bra): (JSC::SH4Assembler::linkJump): (JSC::SH4Assembler::relinkJump): Change-Id: Ia31b326a1f3c41e9c913e513563ff1e6b8f8e55e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158580 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* | Merge remote-tracking branch 'origin/stable' into devSergio Ahumada2013-11-0814-28/+35
|\ \ | |/ | | | | Change-Id: I4e82a7abec9b95d3148e1eddc786ee5a16d1f768
| * Only use 64bit atomics when supportedAllan Sandfeld Jensen2013-10-281-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To support Windows XP we must avoid using the 64bit variants of the atomicIncrement/atomicDecrement operations which are only supported from Windows 2003 and up. This patch rolls back the minimum Win32 API version to WinNT 5.1 (32bit WinXP), and adds a new flag to indicate the support of 64bit atomics. The new flag is now also used to support MIPS and other architectures without 64bit intrinsics, instead of hacking in poor support. This also extends the atomic operations to sparc64 which was previously skipped because it did not work with __exchange_and_add. Task-number: QTBUG-34271 Change-Id: I21b09df3cafb7f0987a2f44c89036ff34ed34aa0 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com> Reviewed-by: Kai Koehne <kai.koehne@digia.com>
| * Fix build for boot2qt eAndroidAllan Sandfeld Jensen2013-10-212-5/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Reverts the removal of Android support in WTF, and brings the support up to date. Merged change to MacroAssemblerARM.cpp from QtScript. Replaces use of statvfs with statfs in one place. Replaces shm-based shared memory with ashmem-based in WebKit2. Change-Id: I440b1fbd94bb4148f7ba764d77de65230d13ed90 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
View Lorry Controller Status