Google Git
Sign in
webkit / WebKit / 5b4bdbbf48d34db870625c6ada53ccdb085fefc3 / . / Source / JavaScriptCore / ChangeLog
blob: 44206f6e245fe6e641d0802e48ee77843837ed33 [file] [log] [blame]
2011-11-18 Daniel Bates <dbates@rim.com>
Add CMake build infrastructure for the BlackBerry port
https://bugs.webkit.org/show_bug.cgi?id=72768
Reviewed by Antonio Gomes.
* PlatformBlackBerry.cmake: Added.
* shell/PlatformBlackBerry.cmake: Added.
* wtf/PlatformBlackBerry.cmake: Added.
2011-11-18 Filip Pizlo <fpizlo@apple.com>
DFG JIT fails speculation on InstanceOf if the base is not an object
https://bugs.webkit.org/show_bug.cgi?id=72709
Reviewed by Geoff Garen.
InstanceOf already leverages the fact that we only allow the default
hasInstance implementation. So, if the base is predicted to possibly
be not an object and the CFA has not yet proven otherwise, InstanceOf
will abstain from speculating cell and instead return false if the
base is not a cell.
This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so
speed-up in earley-boyer. Neutral according to bencher on SunSpider,
V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9%
win on V8 even on my harness, due to a 12.5% win on earley-boyer.
I also took this opportunity to make the code for InstanceOf common
between the two JITs. This was partially successful, in that the
"common code" has a bunch of #if's, but overall it seems like a code
size reduction.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
(JSC::DFG::SpeculativeJIT::compileInstanceOf):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
Forgot to completely de-virtualize isDynamicScope
https://bugs.webkit.org/show_bug.cgi?id=72763
Reviewed by Darin Adler.
* runtime/JSActivation.h: Removed virtual keyword.
2011-11-18 Filip Pizlo <fpizlo@apple.com>
Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
https://bugs.webkit.org/show_bug.cgi?id=72292
Reviewed by Darin Adler.
Fix this for 32_64.
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize ExecutableBase::intrinsic
https://bugs.webkit.org/show_bug.cgi?id=72548
Reviewed by Oliver Hunt.
* runtime/Executable.cpp:
(JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value.
* runtime/Executable.h:
* runtime/JSCell.h:
(JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo
rather than requiring C++ RTTI.
2011-11-18 Patrick Gansterer <paroga@webkit.org>
[CMake] Remove duplicate dtoa files from CMakeLists.txt
https://bugs.webkit.org/show_bug.cgi?id=72711
Reviewed by Brent Fulgham.
* wtf/CMakeLists.txt:
2011-11-17 Michael Saboff <msaboff@apple.com>
[Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=72602
Fixed StringImpl::foldCase by adding return in the case we need to handle
folding of 8 bit strings with Latin-1 characters.
Fixed case where StringImpl::replace was using a char temp instead of an
LChar temp.
Because of the second change, I changed other uses of char or
unsigned char to LChar.
Reviewed by Zoltan Herczeg.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::upper):
(WTF::StringImpl::foldCase):
(WTF::equal):
(WTF::equalIgnoringCase):
(WTF::StringImpl::replace):
2011-11-17 Patrick Gansterer <paroga@webkit.org>
[CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt
https://bugs.webkit.org/show_bug.cgi?id=72644
Reviewed by Brent Fulgham.
All ports need to do the same determination about fast malloc. Move the CMake code from
platform specific files into the generic one, so that additional ports can reuse it.
* wtf/CMakeLists.txt:
* wtf/PlatformEfl.cmake:
* wtf/PlatformWinCE.cmake:
2011-11-17 Mark Hahnenberg <mhahnenberg@apple.com>
Add finalizer to JSActivation
https://bugs.webkit.org/show_bug.cgi?id=72575
Reviewed by Geoffrey Garen.
* runtime/JSActivation.cpp:
(JSC::JSActivation::finishCreation): Attach finalize function to objects during creation.
(JSC::JSActivation::finalize):
* runtime/JSActivation.h: Replaced virtual destructor with static finalize function.
2011-11-15 Filip Pizlo <fpizlo@apple.com>
Code block jettisoning should be part of the GC's transitive closure
https://bugs.webkit.org/show_bug.cgi?id=72467
Reviewed by Geoff Garen.
Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all
DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak
references) and helps track what state each of those code blocks is in during
GC. The state consists of two flags; mayBeExecuting, which tells if the code block
is live from call frames; and isJettisoned, which tells if the code block is
not owned by any executable and thus should be deleted as soon as it is not
mayBeExecuting.
- Not executing, Not jettisoned: The code block may or may not be reachable from
any executables, but it is owned by an executable, and hence should be
kept alive if its executable is live and if all of its weak references are
live. Otherwise it should be deleted during the current GC cycle, and its
outgoing references should not be scanned.
- Not executing but jettisoned: The code block should be deleted as soon as
possible and none of its outgoing references should be scanned.
- Executing but not jettisoned: The code block should be kept alive during this
GC cycle, and all of its outgoing references (including the weak ones)
should be scanned and marked strongly. The mayBeExecuting bit will be cleared at
the end of the GC cycle.
- Executing and jettisoned: The code block should be kept alive during this
GC cycle, and all of its outgoing references (including the weak ones)
should be scanned and marked strongly. However, on the next GC cycle, it
will have its mayBeExecuting bit cleared and hence it will become a candidate
for immediate deletion provided it is not executing again.
This is performance-neutral.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::DFGData::DFGData):
(JSC::DFGCodeBlocks::mark):
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::add):
* heap/ConservativeRoots.h:
* heap/DFGCodeBlocks.cpp: Added.
(JSC::DFGCodeBlocks::DFGCodeBlocks):
(JSC::DFGCodeBlocks::~DFGCodeBlocks):
(JSC::DFGCodeBlocks::jettison):
(JSC::DFGCodeBlocks::clearMarks):
(JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
(JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
* heap/DFGCodeBlocks.h: Added.
* heap/Heap.cpp:
(JSC::Heap::jettisonDFGCodeBlock):
(JSC::Heap::markRoots):
(JSC::Heap::collect):
* heap/Heap.h:
* heap/JettisonedCodeBlocks.cpp: Removed.
* heap/JettisonedCodeBlocks.h: Removed.
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::gatherConservativeRoots):
* interpreter/RegisterFile.h:
* runtime/Executable.cpp:
(JSC::jettisonCodeBlock):
2011-11-16 Filip Pizlo <fpizlo@apple.com>
Unreviewed, build fix for 32-bit.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-11-16 Geoffrey Garen <ggaren@apple.com>
Some CachedCall cleanup, in preparation for reversing argument order.
Reviewed by Gavin Barraclough.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter,
so I can test it.
* interpreter/CachedCall.h:
(JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because
we are not that desperate for character saving.
(JSC::CachedCall::setThis):
(JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for
CallFrameClosure.
* interpreter/CallFrameClosure.h:
(JSC::CallFrameClosure::setThis):
(JSC::CallFrameClosure::setArgument):
(JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing,
with an explicit setter for 'this', since that's how most clients think.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::prepareForRepeatCall):
* interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis,
for clarity.
2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize ScriptExecutable::unlinkCalls
https://bugs.webkit.org/show_bug.cgi?id=72546
Reviewed by Geoffrey Garen.
* runtime/Executable.cpp:
(JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error
due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which
didn't have complete type information on the things that needed to be destructed in the implicit destructor.
* runtime/Executable.h:
(JSC::EvalExecutable::createStructure): Used new type value from JSType
(JSC::ProgramExecutable::createStructure): Ditto
(JSC::FunctionExecutable::createStructure): Ditto
(JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation.
* runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable. Remove explicit numbers, since
that just adds noise to patches and they currently have no significance.
2011-11-16 Filip Pizlo <fpizlo@apple.com>
JSC::CodeBlock should know which references generated by the DFG are weak
https://bugs.webkit.org/show_bug.cgi?id=72563
Reviewed by Geoff Garen.
CodeBlock::m_dfgData now tracks weak references and weak reference transitions
(like ephemerons) generated by the DFG. The DFG makes sure to notify the
CodeBlock of all uses of weak references and weak reference transitions.
CodeBlock currently marks them strongly, since the weak marking logic is not
in place, yet.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::stronglyVisitWeakReferences):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::appendWeakReference):
(JSC::CodeBlock::shrinkWeakReferencesToFit):
(JSC::CodeBlock::appendWeakReferenceTransition):
(JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
(JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
* bytecode/CodeOrigin.h:
(JSC::CodeOrigin::codeOriginOwner):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addWeakReference):
(JSC::DFG::JITCompiler::addWeakReferenceTransition):
(JSC::DFG::JITCompiler::branchWeakPtr):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::compile):
2011-11-16 Michael Saboff <msaboff@apple.com>
LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185)
https://bugs.webkit.org/show_bug.cgi?id=72561
Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED().
Simplified the code in the process.
Reviewed by James Robinson.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::CharAccess::CharAccess):
(JSC::Yarr::Interpreter::CharAccess::~CharAccess):
2011-11-16 Geoffrey Garen <ggaren@apple.com>
Interpreter build fixes.
* bytecode/CodeBlock.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
2011-11-16 Patrick Gansterer <paroga@webkit.org>
Unreviewed. Build fix for !ENABLE(JIT) after r100363.
* bytecode/CodeBlock.h:
2011-11-16 Geoffrey Garen <ggaren@apple.com>
Rolled back in r100375 and r100385 with 32-bit build fixed.
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArgList.cpp:
(JSC::ArgList::getSlice):
* runtime/ArgList.h:
* runtime/JSArray.cpp:
(JSC::JSArray::finishCreation):
* runtime/JSArray.h:
(JSC::JSArray::create):
* runtime/JSGlobalObject.h:
(JSC::constructArray):
2011-11-16 Filip Pizlo <fpizlo@apple.com>
DFG global variable CSE mishandles the cross-global-object inlining corner case
https://bugs.webkit.org/show_bug.cgi?id=72542
Reviewed by Geoff Garen.
Moved code to get the global object for a code origin into CodeBlock, so it is
more broadly accessible. Fixed CSE to compare both the variable number, and the
global object, before deciding to perform elimination.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::globalObjectFor):
* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::globalObjectFor):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::globalVarLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):
2011-11-16 Michael Saboff <msaboff@apple.com>
Enable 8 Bit Strings in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=71337
This patch turns on 8 bit strings in StringImpl and enables
their use in JavaScriptCore. Some of the changes are to
turn on code that had been staged (Lexer.cpp, Identifier.cpp,
SmallStrings.cpp and some of StringImpl.{h,cpp}).
Other changes are minor fixes to make 8 bit strings work
(UString.h, StringImpl::getData16SlowCase()).
Changed StringBuffer to be a templated class based on character
type. This change rippled into WebCore code as well.
Reviewed by Geoffrey Garen.
* JavaScriptCore.exp:
* parser/Lexer.cpp:
(JSC::::append8): Changed to use 8 bit buffers.
(JSC::::parseIdentifier): Changed to use 8 bit buffers.
(JSC::::parseString): Changed to use 8 bit buffers.
* runtime/Identifier.cpp:
(JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit
(JSC::Identifier::toUInt32FromCharacters): Templated helper.
(JSC::Identifier::toUInt32): Added 8 bit optimized path.
* runtime/SmallStrings.cpp:
(JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings
* runtime/UString.h:
(JSC::UString::characters): Now calls StringImpl::characters()
* wtf/Forward.h:
* wtf/text/StringBuffer.h: Made StringBuffer a template base on character type.
(WTF::StringBuffer::StringBuffer):
(WTF::StringBuffer::characters):
(WTF::StringBuffer::release):
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::create):
(WTF::StringImpl::getData16SlowCase): Fixed null terminated case.
(WTF::StringImpl::removeCharacters): Added 8 bit path.
(WTF::StringImpl::simplifyMatchedCharactersToSpace):
(WTF::StringImpl::simplifyWhiteSpace):
(WTF::equal): Removed bug from code copied from null terminated version.
(WTF::StringImpl::adopt): Added 8 bit path.
(WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation.
* wtf/text/StringImpl.h:
(WTF::StringImpl::StringImpl): Added new 8 bit constructor.
(WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED().
(WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings.
(WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings.
* wtf/text/WTFString.h:
(WTF::String::adopt): Changed to use StringBuffer template.
2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize ExecutableBase::clearCodeVirtual
https://bugs.webkit.org/show_bug.cgi?id=72337
Reviewed by Darin Adler.
Added static finalize functions to the subclasses of ExecutableBase that provide an implementation
of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method,
and had the finalize functions call the corresponding clearCode methods.
* runtime/Executable.cpp:
(JSC::ExecutableBase::clearCode):
(JSC::NativeExecutable::finalize):
(JSC::EvalExecutable::finalize):
(JSC::EvalExecutable::clearCode):
(JSC::ProgramExecutable::finalize):
(JSC::ProgramExecutable::clearCode):
(JSC::FunctionExecutable::discardCode):
(JSC::FunctionExecutable::finalize):
(JSC::FunctionExecutable::clearCode):
* runtime/Executable.h:
(JSC::ExecutableBase::finishCreation):
(JSC::NativeExecutable::create):
(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::create):
(JSC::FunctionExecutable::create):
2011-11-16 Yusuke Suzuki <utatane.tea@gmail.com>
String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral
https://bugs.webkit.org/show_bug.cgi?id=71572
Reviewed by Gavin Barraclough and Darin Adler.
* runtime/RegExpObject.cpp:
(JSC::regExpObjectSource):
2011-11-16 Darin Adler <darin@apple.com>
Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer
https://bugs.webkit.org/show_bug.cgi?id=72475
Reviewed by Adam Roben.
* wtf/HashTraits.h: Specialize HashTraits for OwnPtr.
Do overloads so we can pass a nullptr and also be sure to get the
raw pointer type from the OwnPtr template so we handle both forms
of OwnPtr: OwnPtr<T> and OwnPtr<T*>.
2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
[Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
Reviewed by Tor Arne Vestbø.
* Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
Unreviewed, rolling out r100266.
http://trac.webkit.org/changeset/100266
Broke WTR.
* Target.pri:
2011-11-16 Darin Adler <darin@apple.com>
Add a "pass type" and "peek type" concept to HashTraits
https://bugs.webkit.org/show_bug.cgi?id=72473
Reviewed by Filip Pizlo.
* wtf/HashTraits.h: Added the pass type and peek type.
For OwnPtr, the pass type will be PassOwnPtr and the peek
type will be a raw pointer.
2011-11-16 Darin Adler <darin@apple.com>
Fix some hash traits that don't derive from the base hash traits
https://bugs.webkit.org/show_bug.cgi?id=72470
Reviewed by Filip Pizlo.
Hash traits structures need to derive from the base hash traits in
HashTraits.h, but some were not. This is needed for compatibility with
some additional traits we will be adding to make OwnPtr work with HashMap.
* runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from
HashTraits<int>. This enabled removal of all the members except for the
ones that control the empty value, because this is otherwise the same
as the standard int hash.
* runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive
from HashTraits<SymbolTableEntry> and removed redundant members.
2011-11-15 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r100375 and r100385.
http://trac.webkit.org/changeset/100375
http://trac.webkit.org/changeset/100385
https://bugs.webkit.org/show_bug.cgi?id=72465
They broke 32 bit builds on Qt (Requested by ossy on #webkit).
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArgList.cpp:
(JSC::ArgList::getSlice):
* runtime/ArgList.h:
(JSC::ArgList::ArgList):
* runtime/JSArray.cpp:
* runtime/JSArray.h:
* runtime/JSGlobalObject.h:
2011-11-15 George Staikos <staikos@webkit.org>
Remove the guard page from the addressable stack region on QNX.
https://bugs.webkit.org/show_bug.cgi?id=72455
Reviewed by Daniel Bates.
* wtf/StackBounds.cpp:
(WTF::StackBounds::initialize):
2011-11-15 Michael Saboff <msaboff@apple.com>
Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings
https://bugs.webkit.org/show_bug.cgi?id=72323
Added 8 bit optimized paths for String and UString ascii() and utf8() methods.
Added String::characters8(), characters16() and is8Bit() helper methods.
Added an new Unicode::convertLatin1ToUTF8() method that works on
LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8().
Reviewed by Geoff Garen.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/UString.cpp:
(JSC::UString::utf8):
* wtf/text/WTFString.cpp:
(WTF::String::ascii):
(WTF::String::utf8):
* wtf/text/WTFString.h:
(WTF::String::characters8):
(WTF::String::characters16):
(WTF::String::is8Bit):
(WTF::LChar):
(WTF::UChar):
* wtf/unicode/UTF8.cpp:
(WTF::Unicode::convertLatin1ToUTF8):
* wtf/unicode/UTF8.h:
* wtf/unicode/Unicode.h:
2011-11-15 Darin Adler <darin@apple.com>
REGRESSION (r98887): ParserArena and Keywords leaking
https://bugs.webkit.org/show_bug.cgi?id=72428
Reviewed by Sam Weinig.
* parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr
need to be able to destroy it.
* parser/Parser.cpp:
(JSC::Parser::Parser): Use get now that parserArena is an OwnPtr.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members.
* runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr.
2011-11-15 Geoffrey Garen <ggaren@apple.com>
Removed another use of ArgList that baked in the assumption that arguments
are forward in the regiter file.
Reviewed by Sam Weinig.
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of
working through ArgList.
* runtime/ArgList.h: Removed!
2011-11-15 Geoffrey Garen <ggaren@apple.com>
Removed a use of ArgList that baked in the assumption that arguments
are forward in the regiter file.
Reviewed by Sam Weinig.
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION): Use new API.
* runtime/ArgList.cpp:
(JSC::ArgList::getSlice): No need to provide an arbitrary constructor --
getSlice can do the right thing by using its rights to private data.
* runtime/ArgList.h: Removed constructor that took a forward-contiguous
set of arguments.
* runtime/JSArray.cpp:
(JSC::JSArray::finishCreation):
* runtime/JSArray.h:
(JSC::JSArray::create):
* runtime/JSGlobalObject.h:
(JSC::constructArray): Added explicit support for creating an array from
a pre-allocated set of values, so we could stop relying on the ArgList
API we want to remove.
2011-11-15 Filip Pizlo <fpizlo@apple.com>
Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
https://bugs.webkit.org/show_bug.cgi?id=72292
Reviewed by Geoff Garen.
We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling
an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion()
instead of CodeBlock::alternative().
No performance effect.
No tests because all of our heuristics work very hard to make sure that this never happens in
the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation)
is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still
because the whole point of jettisoning is to bring the probability of future OSR exits to as
close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR
exit after a jettison to be the first of its kind; our whole design tries to ensure that
CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning
is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR
compilation. So this is a truly evil case, and any test for it would be quite fragile.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::specializationKind):
(JSC::CodeBlock::largeFailCountThreshold):
(JSC::CodeBlock::largeFailCountThresholdForLoop):
* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::AssemblyHelpers):
(JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
(JSC::DFG::AssemblyHelpers::baselineCodeBlock):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
2011-11-15 Geoffrey Garen <ggaren@apple.com>
Use MarkedArgumentBuffer to avoid making assumptions about argument order
https://bugs.webkit.org/show_bug.cgi?id=72418
Reviewed by Sam Weinig.
A step toward reversing the argument order.
* runtime/JSONObject.cpp:
(JSC::Stringifier::toJSON):
(JSC::Stringifier::appendStringifiedValue):
(JSC::Walker::callReviver): Don't assume that ArgList wants to point
at arguments in forward order. Instead, use MarkedArgumentBuffer, which
will make the decision for us.
2011-11-15 Filip Pizlo <fpizlo@apple.com>
DFG should distinguish between constants in the constant pool and weak
constants added as artifacts of code generation
https://bugs.webkit.org/show_bug.cgi?id=72367
Reviewed by Geoff Garen.
Added the notion of a WeakJSConstant, which is like a JSConstant except that
it can only refer to JSCell*. Currently all WeakJSConstants are also backed
by constants in the constant pool, since weak references originated from
machine code are not yet properly handled.
Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant
and CheckStructure. This results in improved CSE, leading to a 1% win on V8.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::prepareToParseBlock):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::getJSConstantPrediction):
(JSC::DFG::Graph::valueOfJSConstant):
(JSC::DFG::Graph::valueOfInt32Constant):
(JSC::DFG::Graph::valueOfNumberConstant):
(JSC::DFG::Graph::valueOfBooleanConstant):
* dfg/DFGNode.h:
(JSC::DFG::Node::isWeakConstant):
(JSC::DFG::Node::hasConstant):
(JSC::DFG::Node::weakConstant):
(JSC::DFG::Node::valueOfJSConstant):
(JSC::DFG::Node::isInt32Constant):
(JSC::DFG::Node::isDoubleConstant):
(JSC::DFG::Node::isNumberConstant):
(JSC::DFG::Node::isBooleanConstant):
(JSC::DFG::Node::hasIdentifier):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-11-15 Michael Saboff <msaboff@apple.com>
Towards 8 bit Strings - Initial JS String Tuning
https://bugs.webkit.org/show_bug.cgi?id=72326
Added 8 bit optimized paths for the methods below.
Reviewed by Geoffrey Garen.
* runtime/JSString.h:
(JSC::jsSubstring8):
* runtime/StringPrototype.cpp:
(JSC::jsSpliceSubstrings):
(JSC::jsSpliceSubstringsWithSeparators):
(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncCharCodeAt):
2011-11-15 Gavin Barraclough <barraclough@apple.com>
Result of Error.prototype.toString not ES5 conformant
https://bugs.webkit.org/show_bug.cgi?id=70889
Reviewed by Oliver Hunt.
* runtime/ErrorPrototype.cpp:
(JSC::errorProtoFuncToString):
2011-11-15 Simon Hausmann <simon.hausmann@nokia.com>
[Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
Reviewed by Tor Arne Vestbø.
* Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
2011-11-15 Yuqiang Xian <yuqiang.xian@intel.com>
Remove DFGJITCompilerInlineMethods
https://bugs.webkit.org/show_bug.cgi?id=72366
Reviewed by Filip Pizlo.
Those methods are actually seldom used. Modify the few such places and
remove DFGJITCompilerInlineMethods stuffs totally.
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addressOfDoubleConstant):
* dfg/DFGJITCompilerInlineMethods.h: Removed.
* dfg/DFGSpeculativeJIT.cpp:
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::silentFillFPR):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::cachedGetMethod):
2011-11-14 Filip Pizlo <fpizlo@apple.com>
DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined
https://bugs.webkit.org/show_bug.cgi?id=72348
Reviewed by Gavin Barraclough.
Moved all of JITCodeGenerator into SpeculativeJIT.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* dfg/DFGJITCodeGenerator.cpp: Removed.
* dfg/DFGJITCodeGenerator.h: Removed.
* dfg/DFGJITCodeGenerator32_64.cpp: Removed.
* dfg/DFGJITCodeGenerator64.cpp: Removed.
* dfg/DFGJITCompiler.cpp:
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryCachePutByID):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::clearGenerationInfo):
(JSC::DFG::SpeculativeJIT::fillStorage):
(JSC::DFG::SpeculativeJIT::useChildren):
(JSC::DFG::SpeculativeJIT::isStrictInt32):
(JSC::DFG::SpeculativeJIT::isKnownInteger):
(JSC::DFG::SpeculativeJIT::isKnownNumeric):
(JSC::DFG::SpeculativeJIT::isKnownCell):
(JSC::DFG::SpeculativeJIT::isKnownNotCell):
(JSC::DFG::SpeculativeJIT::isKnownNotInteger):
(JSC::DFG::SpeculativeJIT::isKnownNotNumber):
(JSC::DFG::SpeculativeJIT::isKnownBoolean):
(JSC::DFG::SpeculativeJIT::writeBarrier):
(JSC::DFG::SpeculativeJIT::markCellCard):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
(JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
(JSC::DFG::dataFormatString):
(JSC::DFG::SpeculativeJIT::dump):
(JSC::DFG::SpeculativeJIT::checkConsistency):
(JSC::DFG::GPRTemporary::GPRTemporary):
(JSC::DFG::GPRTemporary::adopt):
(JSC::DFG::FPRTemporary::FPRTemporary):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::at):
(JSC::DFG::SpeculativeJIT::lock):
(JSC::DFG::SpeculativeJIT::unlock):
(JSC::DFG::SpeculativeJIT::canReuse):
(JSC::DFG::SpeculativeJIT::reuse):
(JSC::DFG::SpeculativeJIT::allocate):
(JSC::DFG::SpeculativeJIT::tryAllocate):
(JSC::DFG::SpeculativeJIT::fprAllocate):
(JSC::DFG::SpeculativeJIT::isFilled):
(JSC::DFG::SpeculativeJIT::isFilledDouble):
(JSC::DFG::SpeculativeJIT::use):
(JSC::DFG::SpeculativeJIT::selectScratchGPR):
(JSC::DFG::SpeculativeJIT::silentSpillGPR):
(JSC::DFG::SpeculativeJIT::silentSpillFPR):
(JSC::DFG::SpeculativeJIT::silentFillGPR):
(JSC::DFG::SpeculativeJIT::silentFillFPR):
(JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
(JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
(JSC::DFG::SpeculativeJIT::boxDouble):
(JSC::DFG::SpeculativeJIT::unboxDouble):
(JSC::DFG::SpeculativeJIT::spill):
(JSC::DFG::SpeculativeJIT::isConstant):
(JSC::DFG::SpeculativeJIT::isJSConstant):
(JSC::DFG::SpeculativeJIT::isInt32Constant):
(JSC::DFG::SpeculativeJIT::isDoubleConstant):
(JSC::DFG::SpeculativeJIT::isNumberConstant):
(JSC::DFG::SpeculativeJIT::isBooleanConstant):
(JSC::DFG::SpeculativeJIT::isFunctionConstant):
(JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
(JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
(JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
(JSC::DFG::SpeculativeJIT::valueOfJSConstant):
(JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
(JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
(JSC::DFG::SpeculativeJIT::isNullConstant):
(JSC::DFG::SpeculativeJIT::identifier):
(JSC::DFG::SpeculativeJIT::flushRegisters):
(JSC::DFG::SpeculativeJIT::isFlushed):
(JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr):
(JSC::DFG::SpeculativeJIT::bitOp):
(JSC::DFG::SpeculativeJIT::shiftOp):
(JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
(JSC::DFG::SpeculativeJIT::addressOfCallData):
(JSC::DFG::SpeculativeJIT::tagOfCallData):
(JSC::DFG::SpeculativeJIT::payloadOfCallData):
(JSC::DFG::SpeculativeJIT::integerResult):
(JSC::DFG::SpeculativeJIT::noResult):
(JSC::DFG::SpeculativeJIT::cellResult):
(JSC::DFG::SpeculativeJIT::booleanResult):
(JSC::DFG::SpeculativeJIT::jsValueResult):
(JSC::DFG::SpeculativeJIT::storageResult):
(JSC::DFG::SpeculativeJIT::doubleResult):
(JSC::DFG::SpeculativeJIT::initConstantInfo):
(JSC::DFG::SpeculativeJIT::resetCallArguments):
(JSC::DFG::SpeculativeJIT::addCallArgument):
(JSC::DFG::SpeculativeJIT::setupArguments):
(JSC::DFG::SpeculativeJIT::setupArgumentsExecState):
(JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
(JSC::DFG::SpeculativeJIT::setupTwoStubArgs):
(JSC::DFG::SpeculativeJIT::setupStubArguments):
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
(JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
(JSC::DFG::SpeculativeJIT::setupResults):
(JSC::DFG::SpeculativeJIT::appendCallSetResult):
(JSC::DFG::SpeculativeJIT::addBranch):
(JSC::DFG::SpeculativeJIT::linkBranches):
(JSC::DFG::SpeculativeJIT::block):
(JSC::DFG::SpeculativeJIT::checkConsistency):
(JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
(JSC::DFG::IntegerOperand::IntegerOperand):
(JSC::DFG::IntegerOperand::~IntegerOperand):
(JSC::DFG::IntegerOperand::index):
(JSC::DFG::IntegerOperand::format):
(JSC::DFG::IntegerOperand::gpr):
(JSC::DFG::IntegerOperand::use):
(JSC::DFG::DoubleOperand::DoubleOperand):
(JSC::DFG::DoubleOperand::~DoubleOperand):
(JSC::DFG::DoubleOperand::index):
(JSC::DFG::DoubleOperand::fpr):
(JSC::DFG::DoubleOperand::use):
(JSC::DFG::JSValueOperand::JSValueOperand):
(JSC::DFG::JSValueOperand::~JSValueOperand):
(JSC::DFG::JSValueOperand::index):
(JSC::DFG::JSValueOperand::gpr):
(JSC::DFG::JSValueOperand::jsValueRegs):
(JSC::DFG::JSValueOperand::isDouble):
(JSC::DFG::JSValueOperand::fill):
(JSC::DFG::JSValueOperand::tagGPR):
(JSC::DFG::JSValueOperand::payloadGPR):
(JSC::DFG::JSValueOperand::fpr):
(JSC::DFG::JSValueOperand::use):
(JSC::DFG::StorageOperand::StorageOperand):
(JSC::DFG::StorageOperand::~StorageOperand):
(JSC::DFG::StorageOperand::index):
(JSC::DFG::StorageOperand::gpr):
(JSC::DFG::StorageOperand::use):
(JSC::DFG::GPRTemporary::~GPRTemporary):
(JSC::DFG::GPRTemporary::gpr):
(JSC::DFG::FPRTemporary::~FPRTemporary):
(JSC::DFG::FPRTemporary::fpr):
(JSC::DFG::FPRTemporary::FPRTemporary):
(JSC::DFG::GPRResult::GPRResult):
(JSC::DFG::GPRResult2::GPRResult2):
(JSC::DFG::FPRResult::FPRResult):
(JSC::DFG::FPRResult::lockedResult):
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillInteger):
(JSC::DFG::SpeculativeJIT::fillDouble):
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
(JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
(JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::cachedGetMethod):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillInteger):
(JSC::DFG::SpeculativeJIT::fillDouble):
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
(JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
(JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::cachedGetMethod):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
* runtime/JSFunction.h:
2011-11-14 Filip Pizlo <fpizlo@apple.com>
Weak reference harvesters should run to fixpoint
https://bugs.webkit.org/show_bug.cgi?id=72346
Reviewed by Oliver Hunt.
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* heap/ListableHandler.h:
(JSC::ListableHandler::next):
(JSC::ListableHandler::List::head):
(JSC::ListableHandler::List::removeNext):
(JSC::ListableHandler::List::removeAll):
* heap/MarkStack.cpp:
(JSC::MarkStackThreadSharedData::reset):
(JSC::SlotVisitor::harvestWeakReferences):
* heap/MarkStack.h:
(JSC::MarkStack::isEmpty):
2011-11-14 Oliver Hunt <oliver@apple.com>
Start migrating typed array impl types to WTF
https://bugs.webkit.org/show_bug.cgi?id=72336
Reviewed by Geoffrey Garen.
Add typed array impls to WTF forwarding header.
* wtf/Forward.h:
2011-11-14 Julien Chaffraix <jchaffraix@webkit.org>
Add --css-grid-layout to build-webkit and the build systems
https://bugs.webkit.org/show_bug.cgi?id=72320
Reviewed by Ojan Vafai.
* Configurations/FeatureDefines.xcconfig:
2011-11-14 Geoffrey Garen <ggaren@apple.com>
A little bit of arguments / activation cleanup
https://bugs.webkit.org/show_bug.cgi?id=72339
Reviewed by Gavin Barraclough.
Renamed copyRegisters => tearOff to match bytecode and other terminology.
Renamed setActivation => didTearOffActivation to indicate that this is a
notification the object may choose to ignore. Moved "Should I ignore?"
code into the arguments object to avoid duplication elsewhere.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::unwindCallFrame):
(JSC::Interpreter::privateExecute):
(JSC::Interpreter::retrieveArguments):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Arguments.h:
(JSC::Arguments::createAndTearOff):
(JSC::Arguments::didTearOffActivation):
(JSC::Arguments::finishCreationButDontTearOff):
(JSC::Arguments::finishCreation):
(JSC::Arguments::finishCreationAndTearOff):
(JSC::Arguments::tearOff):
* runtime/JSActivation.h:
(JSC::JSActivation::tearOff): Moved Activation's code into its own header
because that's where it belongs.
2011-11-14 Gavin Barraclough <barraclough@apple.com>
Should sign the jsc binary
https://bugs.webkit.org/show_bug.cgi?id=72332
Reviewed by David Kilzer.
* Configurations/JSC.xcconfig:
* entitlements.plist: Added.
2011-11-14 Filip Pizlo <fpizlo@apple.com>
DFG's inline references to objects should be tracked
https://bugs.webkit.org/show_bug.cgi?id=72313
Reviewed by Gavin Barraclough.
Added a pinCell() method in the parser that currently creates a
dummy constant in CodeBlock. Added calls to pinCell() wherever the
DFG would inline a constant reference that the original code would
not have referred to.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getCellConstantIndex):
(JSC::DFG::ByteCodeParser::pinCell):
(JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
2011-11-14 Filip Pizlo <fpizlo@apple.com>
DFG put_by_id transition optimizations test the wrong structures
https://bugs.webkit.org/show_bug.cgi?id=72324
Reviewed by Gavin Barraclough.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::structureChainIsStillValid):
(JSC::DFG::ByteCodeParser::parseBlock):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
2011-11-14 Michael Saboff <msaboff@apple.com>
Further changes and cleanup to JSString.h and cpp.
Reviewed by Darin Adler.
* runtime/JSString.cpp:
(JSC::JSString::resolveRope): Change PassRefPtr to RefPtr. Eliminated exec in slow case calls.
(JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name.
(JSC::JSString::resolveRopeSlowCase): Removed exec parameter.
* runtime/JSString.h:
2011-11-14 Adam Barth <abarth@webkit.org>
DateMath.cpp should not depend on JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=71747
Reviewed by Darin Adler.
This patch moves the JSC-specific parts of DateMath into JSDateMath in
JavaScriptCore. There shouldn't be any behavior change.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* runtime/DateConstructor.cpp:
* runtime/DateConversion.cpp:
* runtime/DateInstance.cpp:
* runtime/DateInstanceCache.h:
* runtime/DatePrototype.cpp:
* runtime/InitializeThreading.cpp:
* runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp.
(JSC::timeToMS):
(JSC::msToSeconds):
* runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h.
* wtf/DateMath.cpp:
(WTF::isLeapYear):
(WTF::msToDays):
(WTF::msToMinutes):
(WTF::msToHours):
(WTF::parseDateFromNullTerminatedCharacters):
(WTF::makeRFC2822DateString):
* wtf/DateMath.h:
2011-11-14 Michael Saboff <msaboff@apple.com>
Towards 8 bit strings - Add 8 bit handling to JSString Ropes
https://bugs.webkit.org/show_bug.cgi?id=72317
Added bit to track that a rope is made up of all 8 bit fibers.
Created an 8 bit path (fast and slow cases) to handle 8 bit
only ropes.
Reviewed by Oliver Hunt.
* runtime/JSString.cpp:
(JSC::JSString::resolveRope):
(JSC::JSString::resolveRopeSlowCase8):
(JSC::JSString::resolveRopeSlowCase16):
* runtime/JSString.h:
(JSC::RopeBuilder::finishCreation):
(JSC::RopeBuilder::is8Bit):
(JSC::jsSubstring8):
2011-11-14 Geoffrey Garen <ggaren@apple.com>
A little bit of function call cleanup
https://bugs.webkit.org/show_bug.cgi?id=72314
Reviewed by Oliver Hunt.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset
because this value doesn't give you the offset of the callee's call frame.
(JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead
of greater-than. Removed comment since its reasoning was wrong.
(JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above.
(JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way
to ask this question, giving the bytecode generator more freedom to change
internal implementation details.
* bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because
16 was overkill.
(JSC::CallArguments::registerOffset): Updated for rename mentioned above.
* bytecompiler/NodesCodegen.cpp:
(JSC::CallArguments::CallArguments):
(JSC::CallArguments::newArgument): Factored out argument allocation into
a helper function, so I can change it later.
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above.
2011-11-14 Tony Chang <tony@chromium.org>
Remove the CSS3_FLEXBOX compile time flag and enable on all ports
https://bugs.webkit.org/show_bug.cgi?id=72196
Reviewed by Ojan Vafai.
* Configurations/FeatureDefines.xcconfig:
2011-11-14 Mark Rowe <mrowe@apple.com>
<rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore
testRegExp and testapi.js were being installed in the JavaScriptCore framework.
As test-only tools they shouldn't be installed there by default, only when
FORCE_TOOL_INSTALL is set to YES.
This patch incorprorates a few related changes:
1) Make the jsc and testRegExp targets be configured via .xcconfig files.
2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when
FORCE_TOOL_INSTALL is YES.
3) Switches the testapi target to using a script build phase to install testapi.js
so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure
why this isn't the built-in behavior when a Copy Files build phase has "Copy only
when installing" checked, but it doesn't seem to be.
4) Other random cleanup such as removing a bogus group that refers to files that do
not exist, moving testRegExp.cpp in to the tests group, etc.
Reviewed by Geoff Garen.
* Configurations/JSC.xcconfig: Added.
* Configurations/TestRegExp.xcconfig: Added.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-11-14 Michael Saboff <msaboff@apple.com>
Towards 8 bit strings - Add 8 bit paths to StringImpl methods
https://bugs.webkit.org/show_bug.cgi?id=72290
Added 8 bit patchs to StringImpl to number and find methods.
Reviewed by Oliver Hunt.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::toIntStrict):
(WTF::StringImpl::toUIntStrict):
(WTF::StringImpl::toInt64Strict):
(WTF::StringImpl::toUInt64Strict):
(WTF::StringImpl::toIntPtrStrict):
(WTF::StringImpl::toInt):
(WTF::StringImpl::toUInt):
(WTF::StringImpl::toInt64):
(WTF::StringImpl::toUInt64):
(WTF::StringImpl::toIntPtr):
(WTF::StringImpl::toDouble):
(WTF::StringImpl::toFloat):
(WTF::StringImpl::find):
(WTF::StringImpl::reverseFind):
* wtf/text/WTFString.cpp:
(WTF::toIntegralType):
(WTF::lengthOfCharactersAsInteger):
(WTF::charactersToIntStrict):
(WTF::charactersToUIntStrict):
(WTF::charactersToInt64Strict):
(WTF::charactersToUInt64Strict):
(WTF::charactersToIntPtrStrict):
(WTF::charactersToInt):
(WTF::charactersToUInt):
(WTF::charactersToInt64):
(WTF::charactersToUInt64):
(WTF::charactersToIntPtr):
(WTF::toDoubleType):
(WTF::charactersToDouble):
(WTF::charactersToFloat):
* wtf/text/WTFString.h:
(WTF::find):
(WTF::reverseFind):
2011-11-14 Vincent Scheib <scheib@chromium.org>
Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags
https://bugs.webkit.org/show_bug.cgi?id=72286
Reviewed by Adam Barth.
* wtf/Platform.h:
2011-11-14 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=72280
Rubber stamped by Geoff Garen.
Fix 32-bit Lion.
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveAndCommit):
2011-11-14 Geoffrey Garen <ggaren@apple.com>
32-bit Build fix: declare virtual register indices to be int rather than
unsigned, since they can be positive or negative.
For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
state, since we'll never load and operate on the ReturnPC as a JS value.
* jit/JIT.cpp:
(JSC::JIT::JIT):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitLoadTag):
(JSC::JIT::emitLoadPayload):
(JSC::JIT::emitLoad):
(JSC::JIT::emitLoad2):
(JSC::JIT::emitLoadDouble):
(JSC::JIT::emitLoadInt32ToDouble):
(JSC::JIT::emitStore):
(JSC::JIT::emitStoreInt32):
(JSC::JIT::emitStoreAndMapInt32):
(JSC::JIT::emitStoreCell):
(JSC::JIT::emitStoreBool):
(JSC::JIT::emitStoreDouble):
(JSC::JIT::map):
(JSC::JIT::unmap):
(JSC::JIT::isMapped):
(JSC::JIT::getMappedPayload):
(JSC::JIT::getMappedTag):
(JSC::JIT::emitJumpSlowCaseIfNotJSCell):
2011-11-14 Michael Saboff <msaboff@apple.com>
Remove unused m_data member from UStringSourceProvider
https://bugs.webkit.org/show_bug.cgi?id=72289
Removed unused m_data member from UStringSourceProvider.
Reviewed by Oliver Hunt.
* parser/SourceProvider.h:
(JSC::UStringSourceProvider::UStringSourceProvider):
2011-11-14 Michael Saboff <msaboff@apple.com>
Towards 8 Bit Strings: Templatize YARR Parser
https://bugs.webkit.org/show_bug.cgi?id=72288
Changed Yarr::Parser to be a template based on character type.
Reviewed by Oliver Hunt.
* yarr/YarrParser.h:
(JSC::Yarr::Parser::Parser):
(JSC::Yarr::parse):
2011-11-14 Geoffrey Garen <ggaren@apple.com>
32-bit build fix: Removed unused declaration.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
2011-11-12 Geoffrey Garen <ggaren@apple.com>
Standardized the JS calling convention
https://bugs.webkit.org/show_bug.cgi?id=72221
Reviewed by Oliver Hunt.
This patch standardizes the calling convention so that the caller always
sets up the callee's CallFrame. Adjustments for call type, callee type,
argument count, etc. now always take place after that initial setup.
This is a step toward reversing the argument order, but also has these
immediate benefits (measured on x64):
(1) 1% benchmark speedup across the board.
(2) 50% code size reduction in baseline JIT function calls.
(3) 1.5x speedup for single-dispatch .apply forwarding.
(4) 1.1x speedup for multi-dispatch .apply forwarding.
This change affected the baseline JIT most, since the baseline JIT had
lots of ad hoc calling conventions for different caller / callee types.
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::branchPtr):
(JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
a test, like other assemblers do. (I added some compares to 0, and didn't
want them to be slow.)
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
op_call_varargs could share code generation with other forms of op_call.
This is also a small optimization, since op_*varargs no longer have to
pass arguments to each other through the register file.
(JSC::CallLinkInfo::unlink):
* bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
us to link functions called through .apply syntax. We need to distinguish
CallVarargs from Call because CallVarargs changes its argument count
on each inovcation, so we must always link to the argument count checking
version of the callee.
* bytecode/Opcode.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCallVarargs):
* bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
* bytecompiler/NodesCodegen.cpp:
(JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
some of this bytecode generation to remove redundant copies.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
DFG doesn't support this type, but its code needs to change slightly
to accomodate a 3-state variable.
Stopped passing the argument count in regT1 because this is non-standard.
(The argument count goes in the CallFrame. This trades speed on the slow
path for speed and code size on the fast path, and simplicity on all paths.
A good trade, in my opinion.)
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
setup more obvious when single-stepping. Also, updated for argument count
not being in regT1.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addJSCall):
(JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
type: CallVarargs.
* dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
doing anything else. Don't check for stack overflow because we have no callee
registers, and our caller has already checked for its own registers.
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
count doesn't match -- we just need to link to the argument count checking
version.
* interpreter/CallFrameClosure.h:
(JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
arguments from C++, we need to supply a full copy of the arguments prior
to the subset copy that matches our callee's argument count. (That is what
the standard calling convention would have produced in JS.) I would have
split this into its own patch, but I couldn't find a way to get the JIT
to fail a regression test in this area without my patch applied.
* interpreter/Interpreter.cpp: Let the true code bomb begin!
(JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
and not eval()'s caller frame. We no longer leave the CallFrame pointing
to eval()'s caller during a call to eval(), since that is not standard.
(JSC::loadVarargs): Factored out a shared helper function for use by JIT
and interpreter because half the code means one quarter the bugs -- in my
programming, at least.
(JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
(JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
putDirect, because it got in the way of my testing. (When putting a
function, the cached base of a PutPropertySlot can be 0 to signify "do
not optimize".)
op_call_eval: Updated for new, standard eval calling convention.
op_load_varargs: Merged op_load_varargs into op_call_varargs.
op_call_varags: Updated for new, standard eval calling convention. Don't
check for stack overflow because the loadVarargs helper function already
checked.
* interpreter/Interpreter.h:
(JSC::Interpreter::execute): Headers are fun and educational!
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::growSlowCase):
* interpreter/RegisterFile.h:
(JSC::RegisterFile::grow): Factored out the slow case into a slow
case because it was cramping the style of my fast case.
* jit/JIT.cpp:
(JSC::JIT::privateCompile): Moved initialization of
RegisterFile::CodeBlock to make it more obvious when debugging. Removed
assumption that argument count is in regT1, as above. Removed call to
restoreArgumentReference() because the JITStubCall abstraction does this for us.
(JSC::JIT::linkFor): Link even if we miss on argument count, as above.
* jit/JIT.h:
* jit/JITCall32_64.cpp:
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_construct):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs): Share all function call code generation.
Don't count call_eval when accounting for linkable function calls because
eval doesn't link. (Its fast path is to perform the eval.)
(JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
to our new calling convention. The key to this optimization is the
observation that, in a function that declares no arguments, if any
arguments are passed, they all end up right behind 'this'.
(JSC::JIT::compileCallEval):
(JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
this is the whole point of my patch. The caller now unconditionally moves
the CallFrame forward and fills in the data it knows before taking any
branches to deal with weird caller/callee pairs.
This also means that there is almost no slow path for calls -- it all
gets folded into the shared virtual call stub. The only things remaining
in the slow path are the rare case counter and a call to the stub.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall): Updated for values being in
different registers or in memory, based on our new standard calling
convention.
Added a shared path for calling out to CTI helper functions for non-JS
calls.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_method_check): method_check emits its own code and
the following get_by_id's code, so it needs to add both when informing
result chaining of its result. This is important because the standard
calling convention can now take advantage of this chaining.
* jit/JITCall.cpp:
(JSC::JIT::compileLoadVarargs):
(JSC::JIT::compileCallEval):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
second time, now with 64 bits.
* jit/JITStubs.cpp:
(JSC::throwExceptionFromOpCall):
(JSC::jitCompileFor):
(JSC::arityCheckFor):
(JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
Exceptions thrown in the middle of a function call now use a shared helper
function (throwExceptionFromOpCall). This function understands that the
CallFrame currently points to the callEE, and the exception must be
thrown by the callER. (The old calling convention would often still have
the CallFrame pointing at the callER at the point of an exception. That
is not the way of our new, standard calling convention.)
(JSC::op_call_eval): Finish standard CallFrame setup before calling
our eval helper function, which now depends on that setup.
* runtime/Arguments.h:
(JSC::Arguments::length): Renamed numProvidedArguments() to length()
because that's what other objects call it, and the difference made our
new loadVarargs helper function hard to read.
* runtime/Executable.cpp:
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
fixes.
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
the .apply call_varargs optimization fails. (This bug appears on layout
tests when you disable the optimization.)
2011-11-11 Jer Noble <jer.noble@apple.com>
Implement MediaController.
https://bugs.webkit.org/show_bug.cgi?id=71408
Reviewed by Eric Carlson.
Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as
CoreAudioClock.h is not available there.
* wtf/Platform.h:
2011-11-14 Patrick Gansterer <paroga@webkit.org>
[WIN] Remove dependency on pthread from FastMalloc
https://bugs.webkit.org/show_bug.cgi?id=72098
Reviewed by Adam Roben.
All pthread calls are already ported to native Windows calls.
Use the native version for all OS(WINDOWS) to remove the
runtime dependency on the pthread dll.
* wtf/FastMalloc.cpp:
2011-11-14 Simon Hausmann <simon.hausmann@nokia.com>
[Qt] Replace use of QApplication with QGuiApplication.
Reviewed by Tor Arne Vestbø.
* wtf/qt/compat/qguiapplication.h:
(QGuiApplication::styleHints): Introduce styleHints wrapper hack.
2011-11-14 Carlos Garcia Campos <cgarcia@igalia.com>
Unreviewed. Fix make distcheck build.
* GNUmakefile.list.am: Add missing files.
2011-11-11 Yury Semikhatsky <yurys@chromium.org>
Web Inspector: function remote objetct should provide access to function position in the script
https://bugs.webkit.org/show_bug.cgi?id=71808
Exposed accessor for function source code.
Reviewed by Pavel Feldman.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSFunction.cpp:
(JSC::JSFunction::sourceCode):
* runtime/JSFunction.h:
2011-11-13 Yuqiang Xian <yuqiang.xian@intel.com>
Fix silent spilling/filling GPRs in DFG 32_64
https://bugs.webkit.org/show_bug.cgi?id=72201
Reviewed by Gavin Barraclough.
Current silentSpillGPR/silentFillGPR may not work as expected for some
cases in 32_64. If there's a JSValue which was retained by two GPRs,
we may end up failing to spill/fill some GPRs or redundantly
spilling/filling some GPRs. For example, if we tend to exclude "eax"
from spilling while a JSValue is retained by both "eax" and "edx",
then "edx" won't be spilled as well (wrong). And if another JSValue is
retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
twice. The similar problem applies to silentFillGPR.
The fix is to make silentSpillGPR/silentFillGPR more straightforward,
i.e., spilling/filling based on the GPR instead of the virtual
register. FPR spilling/filling is also modified accordingly to make it
consistent with GPR spilling/filling.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentSpillFPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
(JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
2011-11-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
[Qt][Symbian] Remove support for WINSCW compiler
https://bugs.webkit.org/show_bug.cgi?id=70178
Reviewed by Chang Shu.
* API/JSStringRef.h:
* create_hash_table: Revert r45553.
* runtime/JSGlobalData.cpp: Revert r45553.
* runtime/LiteralParser.cpp: Remove WINSCW comment.
(JSC::LiteralParser::Lexer::lexString):
* runtime/Lookup.h: Revert r45553.
* runtime/Structure.h: Revert r48461.
* wtf/Alignment.h:
* wtf/Assertions.h: Revert r52337.
* wtf/Compiler.h:
* wtf/ListRefPtr.h: Revert r48988.
(WTF::ListRefPtr::~ListRefPtr):
* wtf/OwnArrayPtr.h: Revert r45911.
(WTF::OwnArrayPtr::operator UnspecifiedBoolType):
* wtf/PassOwnArrayPtr.h:
(WTF::PassOwnArrayPtr::operator UnspecifiedBoolType):
* wtf/PassRefPtr.h:
* wtf/StaticConstructors.h:
* wtf/unicode/qt4/UnicodeQt4.h:
2011-11-12 Patrick Gansterer <paroga@webkit.org>
Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code.
* dfg/DFGCorrectableJumpPoint.cpp:
* dfg/DFGCorrectableJumpPoint.h:
2011-11-12 Patrick Gansterer <paroga@webkit.org>
[CMake] Move list of DFG source files into correct file
https://bugs.webkit.org/show_bug.cgi?id=72212
Reviewed by Daniel Bates.
The DFG files are platform independent. So move them from
the EFL specific file into the general CMakeLists.txt.
* CMakeLists.txt:
* PlatformEfl.cmake:
2011-11-12 Patrick Gansterer <paroga@webkit.org>
Fix "unused variable" warning in JSLock
https://bugs.webkit.org/show_bug.cgi?id=72213
Reviewed by Anders Carlsson.
Use ASSERT_UNUSED() instead of ASSERT() to make sure
that the variable is also used in the release build.
* runtime/JSLock.cpp:
(JSC::JSLock::lock):
(JSC::JSLock::unlock):
2011-11-11 Gavin Barraclough <barraclough@apple.com>
Update iOS compiler version.
Reviewed by David Kilzer.
* Configurations/CompilerVersion.xcconfig:
- Update compiler version.
2011-11-11 Gavin Barraclough <barraclough@apple.com>
Update iOS port's configuration setting, particularly in Platform.h
https://bugs.webkit.org/show_bug.cgi?id=72187
Reviewed by David Kilzer.
* interpreter/Interpreter.h:
- Lower the reentry depth.
* runtime/DatePrototype.cpp:
- iOS also uses CF.
* wtf/FastMalloc.cpp:
(WTF::TCMalloc_PageHeap::IncrementalScavenge):
- Update fastmalloc configuration for iOS.
* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveAndCommit):
- Added flag.
* wtf/Platform.h:
- Update platform configuration for iOS.
2011-11-11 David Kilzer <ddkilzer@apple.com>
Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X
<http://webkit.org/b/72175>
Reviewed by Joseph Pecoraro.
* wtf/Platform.h: Move the definition of the BUILDING_ON_* and
TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined
so that they're only defined on Mac OS X builds. Also include
Availability.h, which is needed on iOS builds.
2011-11-11 Darin Adler <darin@apple.com>
Remove all releaseRef implementations except for RetainPtr
https://bugs.webkit.org/show_bug.cgi?id=71423
Reviewed by Julien Chaffraix.
* API/JSRetainPtr.h: Removed releaseRef.
* wtf/PassRefPtr.h: Removed releaseRef.
2011-11-11 Darin Adler <darin@apple.com>
* JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
If an older Xcode downgrades this file and we have a risk of some kind of
oscillating commit situation, please contact me so I know not to do this again.
2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
Add jsCast to replace static_cast
https://bugs.webkit.org/show_bug.cgi?id=72071
Reviewed by Geoffrey Garen.
Added new jsCast and changed all of the static_cast sites in functions that
are in the MethodTable to use jsCast instead.
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::toStringCallback):
(JSC::JSCallbackFunction::valueOfCallback):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::visitChildren):
* API/JSCallbackObjectFunctions.h:
(JSC::::className):
(JSC::::getOwnPropertySlot):
(JSC::::getOwnPropertyDescriptor):
(JSC::::put):
(JSC::::deleteProperty):
(JSC::::deletePropertyByIndex):
(JSC::::getConstructData):
(JSC::::hasInstance):
(JSC::::getCallData):
(JSC::::getOwnPropertyNames):
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
(JSC::DebuggerActivation::className):
(JSC::DebuggerActivation::getOwnPropertySlot):
(JSC::DebuggerActivation::put):
(JSC::DebuggerActivation::putWithAttributes):
(JSC::DebuggerActivation::deleteProperty):
(JSC::DebuggerActivation::getOwnPropertyNames):
(JSC::DebuggerActivation::getOwnPropertyDescriptor):
(JSC::DebuggerActivation::defineGetter):
(JSC::DebuggerActivation::defineSetter):
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
(JSC::Arguments::getOwnPropertySlotByIndex):
(JSC::Arguments::getOwnPropertySlot):
(JSC::Arguments::getOwnPropertyDescriptor):
(JSC::Arguments::getOwnPropertyNames):
(JSC::Arguments::putByIndex):
(JSC::Arguments::put):
(JSC::Arguments::deletePropertyByIndex):
(JSC::Arguments::deleteProperty):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getOwnPropertySlot):
(JSC::ArrayConstructor::getOwnPropertyDescriptor):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::getOwnPropertySlot):
(JSC::ArrayPrototype::getOwnPropertyDescriptor):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::getOwnPropertySlot):
(JSC::BooleanPrototype::getOwnPropertyDescriptor):
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getOwnPropertySlot):
(JSC::DateConstructor::getOwnPropertyDescriptor):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::getOwnPropertySlot):
(JSC::DatePrototype::getOwnPropertyDescriptor):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::getOwnPropertySlot):
(JSC::ErrorPrototype::getOwnPropertyDescriptor):
* runtime/Executable.cpp:
(JSC::ExecutableBase::clearCode):
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
(JSC::JSActivation::getOwnPropertyNames):
(JSC::JSActivation::getOwnPropertySlot):
(JSC::JSActivation::put):
(JSC::JSActivation::putWithAttributes):
* runtime/JSArray.cpp:
(JSC::JSArray::getOwnPropertySlotByIndex):
(JSC::JSArray::getOwnPropertySlot):
(JSC::JSArray::getOwnPropertyDescriptor):
(JSC::JSArray::put):
(JSC::JSArray::putByIndex):
(JSC::JSArray::deleteProperty):
(JSC::JSArray::deletePropertyByIndex):
(JSC::JSArray::getOwnPropertyNames):
(JSC::JSArray::visitChildren):
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::hasInstance):
(JSC::JSBoundFunction::visitChildren):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::getOwnPropertySlot):
(JSC::JSByteArray::getOwnPropertyDescriptor):
(JSC::JSByteArray::getOwnPropertySlotByIndex):
(JSC::JSByteArray::put):
(JSC::JSByteArray::putByIndex):
(JSC::JSByteArray::getOwnPropertyNames):
* runtime/JSCell.h:
(JSC::JSCell::visitChildren):
(JSC::jsCast):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
(JSC::JSFunction::getCallData):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::getOwnPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::deleteProperty):
(JSC::JSFunction::getConstructData):
* runtime/JSGlobalData.cpp:
(JSC::StackPreservingRecompiler::operator()):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::put):
(JSC::JSGlobalObject::putWithAttributes):
(JSC::JSGlobalObject::defineGetter):
(JSC::JSGlobalObject::defineSetter):
(JSC::JSGlobalObject::visitChildren):
(JSC::JSGlobalObject::getOwnPropertySlot):
(JSC::JSGlobalObject::getOwnPropertyDescriptor):
(JSC::JSGlobalObject::clearRareData):
* runtime/JSGlobalThis.cpp:
(JSC::JSGlobalThis::visitChildren):
* runtime/JSONObject.cpp:
(JSC::JSONObject::getOwnPropertySlot):
(JSC::JSONObject::getOwnPropertyDescriptor):
* runtime/JSObject.cpp:
(JSC::JSObject::finalize):
(JSC::JSObject::visitChildren):
(JSC::JSObject::getOwnPropertySlotByIndex):
(JSC::JSObject::put):
(JSC::JSObject::putByIndex):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::deletePropertyByIndex):
* runtime/JSObject.h:
(JSC::JSObject::getOwnPropertySlot):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
(JSC::JSStaticScopeObject::put):
(JSC::JSStaticScopeObject::putWithAttributes):
(JSC::JSStaticScopeObject::getOwnPropertySlot):
* runtime/JSString.cpp:
(JSC::JSString::visitChildren):
(JSC::JSString::toThisObject):
(JSC::JSString::getOwnPropertySlot):
(JSC::JSString::getOwnPropertySlotByIndex):
* runtime/JSVariableObject.cpp:
(JSC::JSVariableObject::deleteProperty):
(JSC::JSVariableObject::getOwnPropertyNames):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/MathObject.cpp:
(JSC::MathObject::getOwnPropertySlot):
(JSC::MathObject::getOwnPropertyDescriptor):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getOwnPropertySlot):
(JSC::NumberConstructor::getOwnPropertyDescriptor):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::getOwnPropertySlot):
(JSC::NumberPrototype::getOwnPropertyDescriptor):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getOwnPropertySlot):
(JSC::ObjectConstructor::getOwnPropertyDescriptor):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::put):
(JSC::ObjectPrototype::getOwnPropertySlotByIndex):
(JSC::ObjectPrototype::getOwnPropertySlot):
(JSC::ObjectPrototype::getOwnPropertyDescriptor):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getOwnPropertySlot):
(JSC::RegExpConstructor::getOwnPropertyDescriptor):
(JSC::RegExpConstructor::put):
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::getOwnPropertySlot):
(JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
(JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
(JSC::RegExpMatchesArray::put):
(JSC::RegExpMatchesArray::putByIndex):
(JSC::RegExpMatchesArray::deleteProperty):
(JSC::RegExpMatchesArray::deletePropertyByIndex):
(JSC::RegExpMatchesArray::getOwnPropertyNames):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
(JSC::RegExpObject::getOwnPropertySlot):
(JSC::RegExpObject::getOwnPropertyDescriptor):
(JSC::RegExpObject::put):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::getOwnPropertySlot):
(JSC::RegExpPrototype::getOwnPropertyDescriptor):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getOwnPropertySlot):
(JSC::StringConstructor::getOwnPropertyDescriptor):
* runtime/StringObject.cpp:
(JSC::StringObject::getOwnPropertySlot):
(JSC::StringObject::getOwnPropertySlotByIndex):
(JSC::StringObject::getOwnPropertyDescriptor):
(JSC::StringObject::deleteProperty):
(JSC::StringObject::getOwnPropertyNames):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::getOwnPropertySlot):
(JSC::StringPrototype::getOwnPropertyDescriptor):
* runtime/Structure.cpp:
(JSC::Structure::visitChildren):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
2011-11-11 Gavin Barraclough <barraclough@apple.com>
Enable DFG JIT for ARMv7/iOS.
Rubber stamped by Oliver Hunt.
* wtf/Platform.h:
- enable DFG JIT for ARMv7/iOS.
2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=72035
Reviewed by Geoffrey Garen.
De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable.
(JSC::BytecodeGenerator::BytecodeGenerator):
* interpreter/Interpreter.cpp: Ditto.
(JSC::Interpreter::execute):
* runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers.
* runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table.
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers.
(JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table.
(JSC::JSGlobalObject::supportsRichSourceInfo): Ditto.
(JSC::JSGlobalObject::shouldInterruptScript): Ditto.
* runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup.
(JSC::TimeoutChecker::didTimeOut):
2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSGlobalObject::allowsAccessFrom
https://bugs.webkit.org/show_bug.cgi?id=71969
Reviewed by Darin Adler.
* runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to
JSDOMWindowBase and WebScriptObject.
2011-11-11 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r99950.
http://trac.webkit.org/changeset/99950
https://bugs.webkit.org/show_bug.cgi?id=72117
"Landed wrong patch by mistake" (Requested by yurys on
#webkit).
* JavaScriptCore.exp:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
2011-11-11 Patrick Gansterer <paroga@webkit.org>
Unreviewed. Build fix for !ENABLE(JIT) after r99898.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
2011-11-10 Dan Bernstein <mitz@apple.com>
Disabling assertions breaks the debug build
https://bugs.webkit.org/show_bug.cgi?id=72091
Reviewed by Geoff Garen.
* dfg/DFGNode.h: Made hasIdentifier() available when assertions are
disabled. It is used in Graph::dump().
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation
only if assertions are enabled.
* wtf/Deque.h:
(WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED.
* wtf/ThreadRestrictionVerifier.h:
(WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of
a local variable that is only used in an assertion.
2011-11-10 Filip Pizlo <fpizlo@apple.com>
JSString forgets to clear m_fibers when resolving ropes
https://bugs.webkit.org/show_bug.cgi?id=72089
Reviewed by Geoff Garen.
* runtime/JSString.cpp:
(JSC::JSString::resolveRopeSlowCase):
2011-11-09 Filip Pizlo <fpizlo@apple.com>
DFG byte array support sometimes clamps values incorrectly
https://bugs.webkit.org/show_bug.cgi?id=71975
Reviewed by Oliver Hunt.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
2011-11-10 Filip Pizlo <fpizlo@apple.com>
ValueProfile/PredictedType contains dead code, and doesn't recognize functions
https://bugs.webkit.org/show_bug.cgi?id=72065
Reviewed by Gavin Barraclough and Geoff Garen.
Added PredictFunction support, and did some cleaning up along the way.
ValueProfile no longer has statistics machinery, because we never used
it. Rearranged some bits in PredictedType to more easily make room for
one more object type. Changed some debug code to use more consistent
conventions (ByteArray becomes Bytearray so that if we ever have a
"Byte" prediction we don't get confused between a prediction that is
the union of Byte and Array and a prediction that indicates precisely
a ByteArray).
* bytecode/PredictedType.cpp:
(JSC::predictionToString):
(JSC::predictionFromClassInfo):
* bytecode/PredictedType.h:
(JSC::isFunctionPrediction):
* bytecode/ValueProfile.cpp:
* bytecode/ValueProfile.h:
(JSC::ValueProfile::dump):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
2011-11-10 David Kilzer <ddkilzer@apple.com>
<http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
Reviewed by Joseph Pecoraro.
* JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
for installation. Also removed "Versions/A/" from the path
since this is unneeded due the default symlinks present in the
framework.
2011-11-10 Gavin Barraclough <barraclough@apple.com>
Add ARMv7 support to the DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=72061
Reviewed by Geoff Garen.
* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
(JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
(JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
(JSC::DFG::AssemblyHelpers::boxDouble):
(JSC::DFG::AssemblyHelpers::unboxDouble):
- Add CPU(ARM) copies of these functions.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::spill):
- Fix matching of '}' re #if blocks, makes some tools happy.
(JSC::DFG::JITCodeGenerator::setupArguments):
(JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState):
(JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult):
(JSC::DFG::JITCodeGenerator::appendCallSetResult):
- Add CPU(ARM) / 4 argument register copies of these functions.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- Should use callOperation to plant a call to a DFG_OPERATION.
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
- These methods need to plant a relinkable jump; we currently do so
using beginUninterruptedSequence() / endUninterruptedSequence().
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
- Should use callOperation to plant a call to a DFG_OPERATION.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
- This method needs to plant a relinkable jump; we currently do so
using beginUninterruptedSequence() / endUninterruptedSequence().
(JSC::DFG::JITCompiler::compileBody):
- Add abstraction to retrieve the pc after a call.
* dfg/DFGOSRExitCompiler.cpp:
- Fix a bug - CodeLocationLabel needs a data address rather than an
executable one, but can just take a MacroAssemblerCodePtr instead!
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::compileClampDoubleToByte):
- Add FIXME comment to come back to! - bug#72054.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::speculationCheck):
- Add missing method (ooops, required by bug#72047)
* dfg/DFGSpeculativeJIT32_64.cpp:
- Need to wrap fmod on ARMv7.
2011-11-10 Filip Pizlo <fpizlo@apple.com>
DFG should not reparse code that was just parsed
https://bugs.webkit.org/show_bug.cgi?id=71977
Reviewed by Geoff Garen.
The instruction stream of a code block is now kept around until
the next GC. When doing either an optimizing compilation of an
executable, or inlining of an executable, we now try to find the
already preexisting bytecode. If we find it, we don't have to parse.
If we don't find it, we parse as before. Inlining takes the extra
step of caching code blocks, so if the same executable gets inlined
multiple times into the same caller, then we parse it at most once
even if prior to inlining that executable did not have any code
blocks with an instruction stream.
Also fixed a silly bug where the strict mode for various operations
was being determined by looking at the machine code block rather
than the inlinee.
To enable the delete-on-next-GC policy, I introduced the notion
of an ultra weak finalizer, which anyone can register during
tracing. This is thread-safe (for parallel GC) and
stop-the-world-safe (so calls to free() are postponed until the
world is resumed). This required reusing some facilities previously
created for WeakReferenceHarvester, so I created a common utility
class. I also retweaked the handling of WeakReferenceHarvesters,
since they should be executed during stop-the-world since in the
future we may want to allow them to call drain().
2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
elsewhere.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::copyPostParseDataFrom):
(JSC::CodeBlock::copyPostParseDataFromAlternative):
(JSC::CodeBlock::finalizeUnconditionally):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::canProduceCopyWithBytecode):
(JSC::CodeBlock::discardBytecodeLater):
(JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ProgramCodeBlock::ProgramCodeBlock):
(JSC::EvalCodeBlock::EvalCodeBlock):
(JSC::FunctionCodeBlock::FunctionCodeBlock):
(JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
(JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::strictModeFor):
* dfg/DFGByteCodeCache.h: Added.
(JSC::DFG::CodeBlockKey::CodeBlockKey):
(JSC::DFG::CodeBlockKey::operator==):
(JSC::DFG::CodeBlockKey::hash):
(JSC::DFG::CodeBlockKey::executable):
(JSC::DFG::CodeBlockKey::kind):
(JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
(JSC::DFG::CodeBlockKeyHash::hash):
(JSC::DFG::CodeBlockKeyHash::equal):
(JSC::DFG::ByteCodeCache::ByteCodeCache):
(JSC::DFG::ByteCodeCache::~ByteCodeCache):
(JSC::DFG::ByteCodeCache::get):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* heap/Heap.cpp:
(JSC::Heap::finalizeUnconditionally):
(JSC::Heap::markRoots):
(JSC::Heap::collect):
* heap/Heap.h:
* heap/ListableHandler.h: Added.
(JSC::ListableHandler::ListableHandler):
(JSC::ListableHandler::~ListableHandler):
(JSC::ListableHandler::List::List):
(JSC::ListableHandler::List::addNotThreadSafe):
(JSC::ListableHandler::List::addThreadSafe):
(JSC::ListableHandler::List::hasNext):
(JSC::ListableHandler::List::removeNext):
* heap/MarkStack.cpp:
(JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
(JSC::SlotVisitor::harvestWeakReferences):
(JSC::SlotVisitor::finalizeUnconditionally):
* heap/MarkStack.h:
(JSC::MarkStack::addWeakReferenceHarvester):
(JSC::MarkStack::addUnconditionalFinalizer):
* heap/SlotVisitor.h:
* heap/UnconditionalFinalizer.h: Added.
(JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
* heap/WeakReferenceHarvester.h:
(JSC::WeakReferenceHarvester::WeakReferenceHarvester):
(JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::baselineCodeBlockFor):
(JSC::FunctionExecutable::codeBlockWithBytecodeFor):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::FunctionExecutable::profiledCodeBlockFor):
2011-11-10 Gavin Barraclough <barraclough@apple.com>
Add ARMv7 register info for the DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=72050
Reviewed by Geoff Garen.
* dfg/DFGFPRInfo.h:
(JSC::DFG::FPRInfo::toRegister):
(JSC::DFG::FPRInfo::toIndex):
(JSC::DFG::FPRInfo::debugName):
* dfg/DFGGPRInfo.h:
(JSC::DFG::GPRInfo::toRegister):
(JSC::DFG::GPRInfo::toIndex):
(JSC::DFG::GPRInfo::debugName):
2011-11-10 Gavin Barraclough <barraclough@apple.com>
#ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64
https://bugs.webkit.org/show_bug.cgi?id=72047
Reviewed by Geoff Garen.
We currently don't attempt to abstract divide through the macro assembler,
due to these instructions commonly having specific requirements. This means
there is architecture specific code in the JIT - #ifdef it, and provide a
common implementation.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::fmodAsDFGOperation):
(JSC::DFG::SpeculativeJIT::compile):
2011-11-10 Gavin Barraclough <barraclough@apple.com>
Add ENABLE_VALUE_PROFILER support for ARMv7
https://bugs.webkit.org/show_bug.cgi?id=72043
Reviewed by Geoff Garen.
This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code.
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emitSlow_op_mod):
- cleanup location of UNUSED_PARAM
* jit/JITStubs.cpp:
(JSC::ctiTrampoline):
(JSC::ctiVMThrowTrampoline):
(JSC::ctiOpThrowNotCaught):
(JSC::JITThunks::JITThunks):
* jit/JITStubs.h:
- Update JITStackFrame structure & asm code to spill more registers.
* jit/JSInterfaceJIT.h:
- Assign a bucketCounterRegister.
2011-11-10 Gavin Barraclough <barraclough@apple.com>
Fix sampling counters on ARMv7, move add64 functionality to macro assembler
https://bugs.webkit.org/show_bug.cgi?id=72040
Reviewed by Geoff Garen.
The ability to add an integer to a uint64_t in memory is poorly copied in
multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly
designed interface since add32 is not required to set flags (we have no
concept of flags in the macro assembler interface).
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::add64):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::add64):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::add64):
* dfg/DFGAssemblyHelpers.cpp:
* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::emitCount):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitCount):
011-11-10 Ryuan Choi <ryuan.choi@samsung.com>
[CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake
https://bugs.webkit.org/show_bug.cgi?id=56705
Reviewed by Adam Roben.
* CMakeLists.txt:
* PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt.
* PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt.
* shell/CMakeLists.txt:
* shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt.
* shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt.
* wtf/CMakeLists.txt:
* wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt.
* wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt.
2011-11-10 Carlos Garcia Campos <cgarcia@igalia.com>
Unreviewed. Fix make distcheck build.
* GNUmakefile.list.am: Add missing files.
2011-11-09 Michael Saboff <msaboff@apple.com>
Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type
https://bugs.webkit.org/show_bug.cgi?id=71862
Changed LiteralParser to be templatized of character type.
Moved five enums out of class definition to work around a clang compiler defect.
Added lexIdentifier templated method to break out character specific versions.
Added static setParserTokenString templated method to handle setting approriately
sized string pointer.
To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two
flavors of LiteralParser are explicitly instantiated at the end of
LiteralParser.cpp.
Reviewed by Oliver Hunt.
* API/JSValueRef.cpp:
(JSValueMakeFromJSONString):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
(JSC::Interpreter::execute):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/LiteralParser.cpp:
(JSC::isJSONWhiteSpace):
(JSC::::tryJSONPParse):
(JSC::::makeIdentifier):
(JSC::::Lexer::lex):
(JSC::::Lexer::lexIdentifier):
(JSC::::Lexer::next):
(JSC::LChar):
(JSC::UChar):
(JSC::isSafeStringCharacter):
(JSC::::Lexer::lexString):
(JSC::::Lexer::lexNumber):
(JSC::::parse):
* runtime/LiteralParser.h:
(JSC::LiteralParser::LiteralParser):
(JSC::LiteralParser::getErrorMessage):
(JSC::LiteralParser::tryLiteralParse):
(JSC::LiteralParser::Lexer::Lexer):
(JSC::LiteralParser::Lexer::currentToken):
(JSC::LiteralParser::Lexer::getErrorMessage):
* runtime/UString.h:
(JSC::LChar):
(JSC::UChar):
* wtf/text/StringBuilder.cpp:
(WTF::StringBuilder::append):
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::append):
2011-11-09 Filip Pizlo <fpizlo@apple.com>
Multiple CodeBlock should be able to share the same instruction
stream without copying
https://bugs.webkit.org/show_bug.cgi?id=71978
Reviewed by Oliver Hunt.
This refactors CodeBlock::m_instructions to be a Vector boxed in a
ref-counted object, but otherwise does not take advantage of this.
This is performance neutral.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printStructure):
(JSC::CodeBlock::printStructures):
(JSC::CodeBlock::dump):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::shrinkToFit):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::hasInstructions):
(JSC::CodeBlock::numberOfInstructions):
(JSC::CodeBlock::instructions):
* jit/JIT.cpp:
(JSC::JIT::JIT):
2011-11-09 Gavin Barraclough <barraclough@apple.com>
Renovate ARMv7 assembler/macro-assembler
https://bugs.webkit.org/show_bug.cgi?id=71982
Reviewed by Geoff Garen.
ARMv7Assembler:
* add support for strb (byte stores)
* rename the VMOV_CtoS opcodes (there are currently backwards!)
* add support for adc (add with carry)
* add support for vsqrt, vabs
* add support for vmov (between FPRs, and to/from GPR pairs).
* remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures).
* rename vcvt_F64_S32 to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32).
* rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates).
MacroAssemblerARMv7:
* add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32,
* add store8, and store32 imm to base-index.
* fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code).
* Update supportsFloating* flags (all features now supported).
* add moveDouble, storeDouble to absolute address, addDouble to absolute address
* add 3-operand double operations.
* implement sqrtDouble/absDouble
* add branchTruncateDoubleToInt32, implement truncateDoubleToInt32
* move should do nothing if src == dest
* branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed).
* add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address.
2011-11-09 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=71873
Reviewed by Geoff Garen.
Incrementally re-landing these changes, trying to determine what went wrong.
(The whole patch failed tests on the build bot but worked locally.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
2011-11-09 Filip Pizlo <fpizlo@apple.com>
DFG OSR exit code should be lazily generated
https://bugs.webkit.org/show_bug.cgi?id=71744
Reviewed by Gavin Barraclough.
The OSR exit code is now generated the first time it is executed,
rather than right after speculative compilation. Because most OSR
exits are never taken, this should greatly reduce both code size
and compilation time.
This is a 1% win on SunSpider, and a 1% win on V8 when running in
my harness. No change in V8 in V8's harness (due to the long runs,
so compile time is not an issue) and no change in Kraken (again,
long runs of small code so compile time has no measurable effect).
* CMakeListsEfl.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* assembler/AbstractMacroAssembler.h:
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::jump):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::jump):
* assembler/X86Assembler.h:
(JSC::X86Assembler::jmp_m):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::createDFGDataIfNecessary):
(JSC::CodeBlock::appendDFGOSREntryData):
(JSC::CodeBlock::numberOfDFGOSREntries):
(JSC::CodeBlock::dfgOSREntryData):
(JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
(JSC::CodeBlock::appendOSRExit):
(JSC::CodeBlock::appendSpeculationRecovery):
(JSC::CodeBlock::numberOfOSRExits):
(JSC::CodeBlock::numberOfSpeculationRecoveries):
(JSC::CodeBlock::osrExit):
(JSC::CodeBlock::speculationRecovery):
* dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::debugCall):
* dfg/DFGCorrectableJumpPoint.cpp: Added.
(JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
* dfg/DFGCorrectableJumpPoint.h: Added.
(JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
(JSC::DFG::CorrectableJumpPoint::switchToLateJump):
(JSC::DFG::CorrectableJumpPoint::correctInitialJump):
(JSC::DFG::CorrectableJumpPoint::correctLateJump):
(JSC::DFG::CorrectableJumpPoint::initialJump):
(JSC::DFG::CorrectableJumpPoint::lateJump):
(JSC::DFG::CorrectableJumpPoint::correctJump):
(JSC::DFG::CorrectableJumpPoint::getJump):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
* dfg/DFGOSRExit.cpp: Added.
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::dump):
* dfg/DFGOSRExit.h:
* dfg/DFGOSRExitCompiler.cpp: Added.
* dfg/DFGOSRExitCompiler.h:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::speculationCheck):
* dfg/DFGThunks.cpp: Added.
(JSC::DFG::osrExitGenerationThunkGenerator):
* dfg/DFGThunks.h: Added.
* jit/JITCode.h:
(JSC::JITCode::dataAddressAtOffset):
* runtime/JSGlobalData.h:
2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
Fixing build breakage
Unreviewed build fix
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSVariableObject::isDynamicScope
https://bugs.webkit.org/show_bug.cgi?id=71933
Reviewed by Geoffrey Garen.
* runtime/JSActivation.cpp:
* runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope
(JSC::JSActivation::isDynamicScope):
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope
(JSC::JSGlobalObject::isDynamicScope):
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope
(JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType
(JSC::JSStaticScopeObject::isDynamicScope):
* runtime/JSType.h: Added new type for JSStaticScopeObject
* runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the
object's type and calls the corresponding implementation.
(JSC::JSVariableObject::isDynamicScope):
* runtime/JSVariableObject.h:
2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSGlobalObject::hasOwnPropertyForWrite
https://bugs.webkit.org/show_bug.cgi?id=71934
Reviewed by Geoffrey Garen.
* runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it.
2011-11-09 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=71873
Reviewed by Geoff Garen.
Incrementally re-landing these changes, trying to determine what went wrong.
(The whole patch failed tests on the build bot but worked locally.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::absDouble):
* assembler/MacroAssemblerARMv7.h:
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::absDouble):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::absDouble):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::absDouble):
* assembler/MacroAssemblerX86Common.h:
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::absDouble):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/ThunkGenerators.cpp:
(JSC::absThunkGenerator):
2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::getOwnPropertyDescriptor
https://bugs.webkit.org/show_bug.cgi?id=71523
Reviewed by Sam Weinig.
Added getOwnPropertyDescriptor to the MethodTable, changed all of the
virtual versions of getOwnPropertyDescriptor to static ones, and
changed all of the call sites to the corresponding lookup in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getOwnPropertyDescriptor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::getOwnPropertyDescriptor):
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertyDescriptor):
* runtime/Arguments.h:
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getOwnPropertyDescriptor):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::getOwnPropertyDescriptor):
* runtime/ArrayPrototype.h:
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::getOwnPropertyDescriptor):
* runtime/BooleanPrototype.h:
* runtime/ClassInfo.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getOwnPropertyDescriptor):
* runtime/DateConstructor.h:
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::getOwnPropertyDescriptor):
* runtime/DatePrototype.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::getOwnPropertyDescriptor):
* runtime/ErrorPrototype.h:
* runtime/JSArray.cpp:
(JSC::JSArray::getOwnPropertyDescriptor):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::getOwnPropertyDescriptor):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getOwnPropertyDescriptor):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertyDescriptor):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::getOwnPropertyDescriptor):
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::getOwnPropertyDescriptor):
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::JSONObject::getOwnPropertyDescriptor):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::vtableAnchor):
(JSC::JSObject::propertyIsEnumerable):
(JSC::JSObject::getOwnPropertyDescriptor):
(JSC::JSObject::getPropertyDescriptor):
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
* runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a
bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject. There were
no call sites for this version of getOwnPropertyDescriptor in the entire project.
* runtime/JSString.h:
* runtime/Lookup.h:
(JSC::getStaticPropertyDescriptor):
(JSC::getStaticFunctionDescriptor):
(JSC::getStaticValueDescriptor):
* runtime/MathObject.cpp:
(JSC::MathObject::getOwnPropertyDescriptor):
* runtime/MathObject.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getOwnPropertyDescriptor):
* runtime/NumberConstructor.h:
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::getOwnPropertyDescriptor):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getOwnPropertyDescriptor):
(JSC::objectConstructorGetOwnPropertyDescriptor):
* runtime/ObjectConstructor.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::getOwnPropertyDescriptor):
* runtime/ObjectPrototype.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getOwnPropertyDescriptor):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::getOwnPropertyDescriptor):
* runtime/RegExpObject.h:
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::getOwnPropertyDescriptor):
* runtime/RegExpPrototype.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getOwnPropertyDescriptor):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
(JSC::StringObject::getOwnPropertyDescriptor):
* runtime/StringObject.h:
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::getOwnPropertyDescriptor):
* runtime/StringPrototype.h:
2011-11-09 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=71873
Reviewed by Geoff Garen.
Incrementally re-landing these changes, trying to determine what went wrong.
(The whole patch failed tests on the build bot but worked locally.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsFloatingPoint):
(JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
(JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARM::supportsFloatingPointAbs):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsFloatingPoint):
(JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
(JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::supportsFloatingPoint):
(JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
(JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
(JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsFloatingPoint):
(JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
(JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
(JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::supportsFloatingPoint):
(JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
(JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
(JSC::MacroAssemblerX86::supportsFloatingPointAbs):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::supportsFloatingPoint):
(JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
(JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
(JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
* jit/ThunkGenerators.cpp:
(JSC::absThunkGenerator):
2011-11-08 Darin Adler <darin@apple.com>
Add code path in HashTable for emptyValueIsZero that does not require copying the empty value
https://bugs.webkit.org/show_bug.cgi?id=71875
Reviewed by Anders Carlsson.
This is a step along the path of making OwnPtr work as HashMap value types.
* wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here.
Also fixed include style. To include other WTF headers inside WTF, we use "" includes.
I did not change the code to fix style checker complaints.
* wtf/HashTable.h: Added includes as needed and fixed include style.
(WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which
gave it internal linkage for no good reason.
(WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid
construction/destruction problems instead of doing the trick where we construct and destroy
an empty value twice. It's cleaner and simpler and avoids copying the empty value.
(WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the
empty value is zero rather than copying an empty value.
* wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h.
2011-11-09 Gabor Rapcsanyi <rgabor@webkit.org>
Buildfix for 32bit debug mode.
Reviewed by Csaba Osztrogonác.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::dump):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
2011-11-09 Andy Wingo <wingo@igalia.com>
Enable the DFG JIT on X86-64 Linux platforms
https://bugs.webkit.org/show_bug.cgi?id=71373
Reviewed by Csaba Osztrogonác.
* wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
x86-64 GNU/Linux platform.
* CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
2011-11-09 Csaba Osztrogonác <ossy@webkit.org>
Enable the DFG JIT on x86-64 Linux platforms
https://bugs.webkit.org/show_bug.cgi?id=71373
Enable DFG JIT by default on X86 Linux and Mac platforms
https://bugs.webkit.org/show_bug.cgi?id=71686
Buildfix for stricter compilers: -Werror=unused-but-set-variable
Reviewed by Zoltan Herczeg.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-11-09 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r99678.
http://trac.webkit.org/changeset/99678
https://bugs.webkit.org/show_bug.cgi?id=71882
broke the build with -Werror=unused-but-set-variable
(Requested by tronical_ on #webkit).
* CMakeListsEfl.txt:
* wtf/Platform.h:
2011-11-09 Andy Wingo <wingo@igalia.com>
Enable the DFG JIT on X86-64 Linux platforms
https://bugs.webkit.org/show_bug.cgi?id=71373
Reviewed by Filip Pizlo.
* wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
x86-64 GNU/Linux platform.
* CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::defineOwnProperty
https://bugs.webkit.org/show_bug.cgi?id=71429
Reviewed by Geoffrey Garen.
Added defineOwnProperty to the MethodTable, changed all the virtual
implementations of defineOwnProperty to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/Arguments.cpp:
(JSC::Arguments::createStrictModeCallerIfNecessary):
(JSC::Arguments::createStrictModeCalleeIfNecessary):
* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::defineOwnProperty):
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorDefineProperty):
(JSC::defineProperties):
2011-11-09 Simon Hausmann <simon.hausmann@nokia.com>
[Qt] Build system cleanup
https://bugs.webkit.org/show_bug.cgi?id=71815
Reviewed by Kenneth Rohde Christiansen.
* wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf.
2011-11-08 Simon Hausmann <simon.hausmann@nokia.com>
[Qt] Replace use of QApplication with QGuiApplication
https://bugs.webkit.org/show_bug.cgi?id=71794
Reviewed by Andreas Kling.
Add compat headers for use when building with Qt 4: QGuiApplication
is typedef'ed to QApplication.
* wtf/qt/compat/QGuiApplication: Added.
* wtf/qt/compat/qguiapplication.h: Added.
2011-11-08 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r99647.
http://trac.webkit.org/changeset/99647
https://bugs.webkit.org/show_bug.cgi?id=71876
It broke jsc and layout tests on all bot (Requested by
Ossy_night on #webkit).
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsFloatingPoint):
(JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
(JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARM::supportsDoubleBitops):
(JSC::MacroAssemblerARM::andnotDouble):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsFloatingPoint):
(JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
(JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARMv7::supportsDoubleBitops):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::andnotDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPoint):
(JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
(JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
(JSC::MacroAssemblerMIPS::supportsDoubleBitops):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsFloatingPoint):
(JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
(JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
(JSC::MacroAssemblerSH4::supportsDoubleBitops):
(JSC::MacroAssemblerSH4::andnotDouble):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::MacroAssemblerX86):
(JSC::MacroAssemblerX86::supportsFloatingPoint):
(JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
(JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
(JSC::MacroAssemblerX86::supportsDoubleBitops):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::andnotDouble):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::supportsFloatingPoint):
(JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
(JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
(JSC::MacroAssemblerX86_64::supportsDoubleBitops):
* assembler/X86Assembler.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/ThunkGenerators.cpp:
(JSC::absThunkGenerator):
* runtime/JSGlobalData.cpp:
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Better abstract 'abs' operation through the MacroAssembler.
https://bugs.webkit.org/show_bug.cgi?id=71873
Reviewed by Geoff Garen.
Currently the x86 specific instruction sequence to perform a double abs
is duplicated throughout the JITs / thunk generators.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsFloatingPoint):
(JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
(JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARM::supportsFloatingPointAbs):
(JSC::MacroAssemblerARM::absDouble):
- Renamed supportsFloatingPointAbs, make these methods static so that
we can check the JIT's capabilites before we begin compilation.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsFloatingPoint):
(JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
(JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
- Renamed supportsFloatingPointAbs, make these methods static so that
we can check the JIT's capabilites before we begin compilation.
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::absDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPoint):
(JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
(JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
(JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
- Renamed supportsFloatingPointAbs, make these methods static so that
we can check the JIT's capabilites before we begin compilation.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsFloatingPoint):
(JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
(JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
(JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
(JSC::MacroAssemblerSH4::absDouble):
- Renamed supportsFloatingPointAbs, make these methods static so that
we can check the JIT's capabilites before we begin compilation.
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::absDouble):
(JSC::MacroAssemblerX86::supportsFloatingPoint):
(JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
(JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
(JSC::MacroAssemblerX86::supportsFloatingPointAbs):
- Made supports* methods static so that we can check the JIT's
capabilites before we begin compilation. Added absDouble.
* assembler/MacroAssemblerX86Common.h:
- Removed andnotDouble, added s_maskSignBit.
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::absDouble):
(JSC::MacroAssemblerX86_64::supportsFloatingPoint):
(JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
(JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
(JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
- Made supports* methods static so that we can check the JIT's
capabilites before we begin compilation. Added absDouble.
* assembler/X86Assembler.h:
(JSC::X86Assembler::andpd_rr):
(JSC::X86Assembler::andpd_mr):
- Added support for andpd instruction.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
- Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Switched to use doubleAbs, we can now also reuse the operand register for the result.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Switched to use doubleAbs, we can now also reuse the operand register for the result.
* jit/ThunkGenerators.cpp:
- Switched to use doubleAbs.
(JSC::absThunkGenerator):
* runtime/JSGlobalData.cpp:
- Declared MacroAssemblerX86Common::s_maskSignBit here.
This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
to the compile for just one constant.
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Move duplicates of SYMBOL_STRING* macros to the single location
https://bugs.webkit.org/show_bug.cgi?id=71456
Reviewed by Sam Weinig.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
* wtf/InlineASM.h: Added.
- Moved asm related macros.
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Move code to handle 8bit regs from X86Assembler to MacroAssembler
https://bugs.webkit.org/show_bug.cgi?id=71867
Reviewed by Oliver Hunt.
This code is fine, but is in the wrong place really. X86 assembler should
basically just format up exactly the instruction you request - not expand
out to a set of instructions (that is what the macro assembler layer is
for!). For other 8-bit ops, on X86 we don't guard against clients accessing
the XH registers.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::store8):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movb_rm):
- moved some code.
2011-11-08 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix for GTK.
* GNUmakefile.list.am:
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Build fix.
* assembler/X86Assembler.h:
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Errrk, failed to commit this in last change.
* assembler/X86Assembler.h:
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Remove an unused method.
Rubber stamped by Geoff Garen.
* assembler/AbstractMacroAssembler.h:
* assembler/AssemblerBuffer.h:
- removed rewindToLabel.
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
https://bugs.webkit.org/show_bug.cgi?id=71864
Reviewed by Filip Pizlo.
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::offsetOf):
- We use this to return the offsets into the code of the entry points.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
- Move the construction of the speculative JIT outside of
compileBody, such that it is still available to link the
OSR entry points at the point we are linking.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::noticeOSREntry):
- Pass the label of the block & linkbuffer into noticeOSREntry.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::linkOSREntries):
- Moved call to noticeOSREntry until we we linking.
* dfg/DFGSpeculativeJIT.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
- Moved calculation of entries until we we linking.
* jit/JIT.h:
- Removed some members.
2011-11-08 Filip Pizlo <fpizlo@apple.com>
DFG OSR exit code should be generated by a separate compiler, not
related to DFG::JITCompiler
https://bugs.webkit.org/show_bug.cgi?id=71787
Reviewed by Gavin Barraclough.
Moves the exitSpeculativeWithOSR() method from JITCompiler to
OSRExitCompiler::compileExit().
* CMakeListsEfl.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
* dfg/DFGJITCompiler32_64.cpp: Removed.
* dfg/DFGOSRExitCompiler.h: Added.
(JSC::DFG::OSRExitCompiler::OSRExitCompiler):
* dfg/DFGOSRExitCompiler32_64.cpp: Added.
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp: Added.
(JSC::DFG::OSRExitCompiler::compileExit):
* runtime/JSValue.h:
2011-11-08 Filip Pizlo <fpizlo@apple.com>
Basic DFG definitions should be moved out of DFGNode.h
https://bugs.webkit.org/show_bug.cgi?id=71861
Rubber-stamped by Gavin Barraclough.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGCommon.h: Added.
(JSC::DFG::NodeIndexTraits::defaultValue):
* dfg/DFGNode.h:
* dfg/DFGOSRExit.h:
* dfg/DFGRegisterBank.h:
2011-11-08 Michael Saboff <msaboff@apple.com>
Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
https://bugs.webkit.org/show_bug.cgi?id=71761
Templatized Parser based on Lexer<T>. Moved two enums,
SourceElementsMode and FunctionRequirements out of Parser definition
to work around a clang compiler defect.
Cleaned up SourceCode data() to return StringImpl* and eliminated
the recently added stringData() virtual method.
To keep code in Parser.cpp and keep Parser.h small, the two flavors
of Parser are explicitly instantiated at the end of Parser.cpp.
Reviewed by Gavin Barraclough.
* interpreter/Interpreter.cpp:
(JSC::appendSourceToError):
* parser/Lexer.cpp:
(JSC::::setCode):
(JSC::::sourceCode):
* parser/Parser.cpp:
(JSC::::Parser):
(JSC::::~Parser):
(JSC::::parseInner):
(JSC::::didFinishParsing):
(JSC::::allowAutomaticSemicolon):
(JSC::::parseSourceElements):
(JSC::::parseVarDeclaration):
(JSC::::parseConstDeclaration):
(JSC::::parseDoWhileStatement):
(JSC::::parseWhileStatement):
(JSC::::parseVarDeclarationList):
(JSC::::parseConstDeclarationList):
(JSC::::parseForStatement):
(JSC::::parseBreakStatement):
(JSC::::parseContinueStatement):
(JSC::::parseReturnStatement):
(JSC::::parseThrowStatement):
(JSC::::parseWithStatement):
(JSC::::parseSwitchStatement):
(JSC::::parseSwitchClauses):
(JSC::::parseSwitchDefaultClause):
(JSC::::parseTryStatement):
(JSC::::parseDebuggerStatement):
(JSC::::parseBlockStatement):
(JSC::::parseStatement):
(JSC::::parseFormalParameters):
(JSC::::parseFunctionBody):
(JSC::::parseFunctionInfo):
(JSC::::parseFunctionDeclaration):
(JSC::::parseExpressionOrLabelStatement):
(JSC::::parseExpressionStatement):
(JSC::::parseIfStatement):
(JSC::::parseExpression):
(JSC::::parseAssignmentExpression):
(JSC::::parseConditionalExpression):
(JSC::::isBinaryOperator):
(JSC::::parseBinaryExpression):
(JSC::::parseProperty):
(JSC::::parseObjectLiteral):
(JSC::::parseStrictObjectLiteral):
(JSC::::parseArrayLiteral):
(JSC::::parsePrimaryExpression):
(JSC::::parseArguments):
(JSC::::parseMemberExpression):
(JSC::::parseUnaryExpression):
* parser/Parser.h:
(JSC::::parse):
(JSC::parse):
* parser/SourceCode.h:
(JSC::SourceCode::data):
(JSC::SourceCode::subExpression):
* parser/SourceProvider.h:
(JSC::UStringSourceProvider::data):
2011-11-08 Gavin Barraclough <barraclough@apple.com>
Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
https://bugs.webkit.org/show_bug.cgi?id=71855
Reviewed by Filip Pizlo.
The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
This won't work on ARMv7.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::locationOf):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
(JSC::DFG::JITCompiler::addPropertyAccess):
2011-11-08 Gavin Barraclough <barraclough@apple.com>
DFG JIT calculation of OSR entry points is not THUMB2 safe
https://bugs.webkit.org/show_bug.cgi?id=71852
Reviewed by Oliver Hunt.
Executable addresses are tagged with a low bit set to distinguish
between THUMB2 and traditional ARM.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* jit/JITCode.h:
(JSC::JITCode::executableAddressAtOffset):
(JSC::JITCode::start):
(JSC::JITCode::size):
2011-11-08 Michael Saboff <msaboff@apple.com>
JSC::Parser::Parser leaks Lexer member
https://bugs.webkit.org/show_bug.cgi?id=71847
Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
Reviewed by Oliver Hunt.
* parser/Parser.cpp:
(JSC::Parser::Parser):
(JSC::Parser::parseFunctionBody):
* parser/Parser.h:
2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
Enable DFG JIT by default on X86 Linux and Mac platforms
https://bugs.webkit.org/show_bug.cgi?id=71686
Reviewed by Filip Pizlo.
We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
* wtf/Platform.h:
2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
https://bugs.webkit.org/show_bug.cgi?id=71768
Reviewed by Geoffrey Garen.
Also includes a fix to make the newly introduced AssemblyHelpers
friend of JSValue as we need the Tag definitions.
* CMakeListsEfl.txt:
* GNUmakefile.list.am:
* Target.pri:
* runtime/JSValue.h:
2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
Fix gcc 4.4 compilation warnings in DFG 32_64
https://bugs.webkit.org/show_bug.cgi?id=71762
Reviewed by Filip Pizlo.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::registersMatched):
2011-11-07 Filip Pizlo <fpizlo@apple.com>
DFG code base should allow for classes not related to DFG::JITCompiler
to use DFG idioms
https://bugs.webkit.org/show_bug.cgi?id=71746
Reviewed by Gavin Barraclough.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAssemblyHelpers.cpp: Added.
(JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
(JSC::DFG::AssemblyHelpers::emitCount):
(JSC::DFG::AssemblyHelpers::setSamplingFlag):
(JSC::DFG::AssemblyHelpers::clearSamplingFlag):
(JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
(JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
(JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
(JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
(JSC::DFG::AssemblyHelpers::jitAssertIsCell):
* dfg/DFGAssemblyHelpers.h: Added.
* dfg/DFGJITCompiler.cpp:
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::graph):
* dfg/DFGJITCompiler32_64.cpp:
* dfg/DFGOSRExit.h: Added.
(JSC::DFG::SpeculationRecovery::SpeculationRecovery):
(JSC::DFG::SpeculationRecovery::type):
(JSC::DFG::SpeculationRecovery::dest):
(JSC::DFG::SpeculationRecovery::src):
(JSC::DFG::OSRExit::numberOfRecoveries):
(JSC::DFG::OSRExit::valueRecovery):
(JSC::DFG::OSRExit::isArgument):
(JSC::DFG::OSRExit::isVariable):
(JSC::DFG::OSRExit::argumentForIndex):
(JSC::DFG::OSRExit::variableForIndex):
(JSC::DFG::OSRExit::operandForArgument):
(JSC::DFG::OSRExit::operandForIndex):
* dfg/DFGSpeculativeJIT.h:
2011-11-07 Filip Pizlo <fpizlo@apple.com>
Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
but it appears to help on other benchmarks.
Rubber stamped by Oliver Hunt.
* bytecode/ValueProfile.h:
2011-11-07 Ariya Hidayat <ariya@sencha.com>
"use strict" can not contain escape sequences or line continuation
https://bugs.webkit.org/show_bug.cgi?id=71532
Reviewed by Darin Adler.
Store the actual literal length (before the escapes and line
continuation are encoded) while parsing the directive and use it
for the directive comparison.
* parser/Parser.cpp:
(JSC::Parser::parseSourceElements):
(JSC::Parser::parseStatement):
* parser/Parser.h:
2011-11-06 Filip Pizlo <fpizlo@apple.com>
DFG operationCreateThis slow path may get the wrong callee in case of inlining
https://bugs.webkit.org/show_bug.cgi?id=71647
Reviewed by Oliver Hunt.
No new tests because I only saw this manifest itself when I had other bugs
leading to spurious slow path executions.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-11-07 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::putWithAttributes
https://bugs.webkit.org/show_bug.cgi?id=71716
Reviewed by Darin Adler.
Added putWithAttributes to the MethodTable, changed all the virtual
implementations of putWithAttributes to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* API/JSObjectRef.cpp:
(JSObjectSetProperty):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::putWithAttributes):
* debugger/DebuggerActivation.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* runtime/ClassInfo.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::putWithAttributes):
* runtime/JSActivation.h:
* runtime/JSCell.cpp:
(JSC::JSCell::putWithAttributes):
* runtime/JSCell.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::putWithAttributes):
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::putWithAttributes):
(JSC::putDescriptor):
* runtime/JSObject.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::putWithAttributes):
* runtime/JSStaticScopeObject.h:
* runtime/JSVariableObject.cpp:
(JSC::JSVariableObject::putWithAttributes):
* runtime/JSVariableObject.h:
2011-11-07 Dmitry Lomov <dslomov@google.com>
Unreviewed. Release build fix.
* parser/Lexer.cpp:
(JSC::assertCharIsIn8BitRange):
2011-11-07 Filip Pizlo <fpizlo@apple.com>
Switch the value profiler back to 8 buckets, because we suspect that while this
is more expensive it's also more stable.
Rubber stamped by Geoff Garen.
* bytecode/ValueProfile.h:
2011-11-07 Andrew Wason <rectalogic@rectalogic.com>
Uninitialized Heap member var
https://bugs.webkit.org/show_bug.cgi?id=71722
Reviewed by Filip Pizlo.
* heap/Heap.cpp:
(JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
https://bugs.webkit.org/show_bug.cgi?id=71684
Reviewed by Filip Pizlo.
Currently in DFG JIT, we try to reuse the physical register of an
operand for temporary usage if the current use of the operand is the
last use. But sometimes this can be wrong, for example if there are
possible speculation failures and we need to fallback to baseline JIT,
the value of the operand which is supposed to be hold in the physical
register can be modified by register reusing. The fixes the last
inspector failures in layout test on Mac 32-bit if switching on DFG.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
2011-11-07 Ryosuke Niwa <rniwa@webkit.org>
REGRESSION(r99436): Broke Snow Leopard debug build
https://bugs.webkit.org/show_bug.cgi?id=71713
Reviewed by Darin Adler.
Put the assertion in a template and use template specialization
to avoid warning when instantiated with UChar or LChar.
In the long term, we should have traits for unsigned integral types
and use that to specialize template instead of specializing it for UChar and LChar.
* parser/Lexer.cpp:
(JSC::assertCharIsIn8BitRange):
(JSC::::append8):
2011-11-07 ChangSeok Oh <shivamidow@gmail.com>
[EFL] Support requestAnimationFrame API
https://bugs.webkit.org/show_bug.cgi?id=67112
Reviewed by Andreas Kling.
Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
* wtf/Platform.h:
2011-11-07 Michael Saboff <msaboff@apple.com>
Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
https://bugs.webkit.org/show_bug.cgi?id=71331
Change the Lexer class to be a template class based on the character
type of the source. In the process updated the parseIdentifier()
and parseString() methods to create 8 bit strings where possible.
Also added some helper methods for accumulating temporary string
data in the 8 and 16 bit vectors.
Changed the SourceProvider::data() virtual method to return a
StringImpl* instead of a UChar*.
Updated the KeywordLookup generator to create code to match keywords
for both 8 and 16 bit source strings.
Due to a compiler bug (<rdar://problem/10194295>) moved enum
definition outside of Lexer class declaration. Remove second enum
no longer needed.
Reviewed by Darin Adler.
* KeywordLookupGenerator.py:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
* parser/Lexer.cpp:
(JSC::::Lexer):
(JSC::::~Lexer):
(JSC::::getInvalidCharMessage):
(JSC::::currentCharacter):
(JSC::::setCode):
(JSC::::internalShift):
(JSC::::shift):
(JSC::::peek):
(JSC::::getUnicodeCharacter):
(JSC::::shiftLineTerminator):
(JSC::::lastTokenWasRestrKeyword):
(JSC::::record8):
(JSC::::append8):
(JSC::::append16):
(JSC::::record16):
(JSC::::parseIdentifier):
(JSC::::parseIdentifierSlowCase):
(JSC::::parseString):
(JSC::::parseStringSlowCase):
(JSC::::parseHex):
(JSC::::parseOctal):
(JSC::::parseDecimal):
(JSC::::parseNumberAfterDecimalPoint):
(JSC::::parseNumberAfterExponentIndicator):
(JSC::::parseMultilineComment):
(JSC::::nextTokenIsColon):
(JSC::::lex):
(JSC::::scanRegExp):
(JSC::::skipRegExp):
(JSC::::clear):
(JSC::::sourceCode):
* parser/Lexer.h:
(JSC::Lexer::append16):
(JSC::Lexer::currentOffset):
(JSC::Lexer::setOffsetFromCharOffset):
(JSC::::isWhiteSpace):
(JSC::::isLineTerminator):
(JSC::::convertHex):
(JSC::::convertUnicode):
(JSC::::makeIdentifier):
(JSC::::setCodeStart):
(JSC::::makeIdentifierLCharFromUChar):
(JSC::::lexExpectIdentifier):
* parser/Parser.cpp:
(JSC::Parser::Parser):
(JSC::Parser::parseProperty):
(JSC::Parser::parseMemberExpression):
* parser/Parser.h:
(JSC::Parser::next):
(JSC::Parser::nextExpectIdentifier):
* parser/ParserArena.h:
(JSC::IdentifierArena::makeIdentifier):
(JSC::IdentifierArena::makeIdentifierLCharFromUChar):
* parser/SourceCode.h:
(JSC::SourceCode::subExpression):
* parser/SourceProvider.h:
(JSC::UStringSourceProvider::stringData):
* parser/SourceProviderCache.h:
* parser/SyntaxChecker.h:
* runtime/FunctionPrototype.cpp:
(JSC::insertSemicolonIfNeeded):
* runtime/Identifier.cpp:
(JSC::IdentifierTable::add):
(JSC::IdentifierLCharFromUCharTranslator::hash):
(JSC::IdentifierLCharFromUCharTranslator::equal):
(JSC::IdentifierLCharFromUCharTranslator::translate):
(JSC::Identifier::add8):
* runtime/Identifier.h:
(JSC::Identifier::Identifier):
(JSC::Identifier::createLCharFromUChar):
(JSC::Identifier::canUseSingleCharacterString):
(JSC::IdentifierCharBufferTranslator::hash):
(JSC::IdentifierCharBufferTranslator::equal):
(JSC::IdentifierCharBufferTranslator::translate):
(JSC::Identifier::add):
(JSC::Identifier::equal):
(JSC::IdentifierTable::add):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::decode):
(JSC::parseIntOverflow):
(JSC::globalFuncUnescape):
* runtime/JSGlobalObjectFunctions.h:
(JSC::parseIntOverflow):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::tryJSONPParse):
(JSC::LiteralParser::Lexer::lexString):
* wtf/text/StringImpl.h:
2011-11-07 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
[Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
Allows us to not package up the whole Source/JavaScriptCore directory for the
buildbots.
Reviewed-by Simon Hausmann.
* jsc.pro:
2011-11-06 Filip Pizlo <fpizlo@apple.com>
REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
to initializeMainThread, and crashes
https://bugs.webkit.org/show_bug.cgi?id=71643
Reviewed by Sam Weinig.
* jsc.cpp:
(main):
2011-11-06 Sam Weinig <sam@webkit.org>
Add space missing from some class declarations
https://bugs.webkit.org/show_bug.cgi?id=71632
Reviewed by Anders Carlsson.
* assembler/AssemblerBufferWithConstantPool.h:
* bytecode/CodeBlock.h:
* dfg/DFGVariableAccessData.h:
* heap/VTableSpectrum.h:
* jit/ExecutableAllocator.cpp:
* jit/ExecutableAllocatorFixedVMPool.cpp:
* wtf/MetaAllocatorHandle.h:
* wtf/UnionFind.h:
2011-11-06 Sam Weinig <sam@webkit.org>
Allow use of FINAL in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=71630
Reviewed by Anders Carlsson.
* Configurations/Base.xcconfig:
Don't warn about C++11 extensions used in C++98 mode.
2011-11-05 Filip Pizlo <fpizlo@apple.com>
Value profiling should just use two buckets
https://bugs.webkit.org/show_bug.cgi?id=71619
Reviewed by Gavin Barraclough.
Added one more configuration options (like Heuristics::minimumOptimizationDelay),
improved debugging in JIT optimization support, changed the number of buckets
in the value profile from 9 to 2, and wrote a more optimal value profiling path
in the old JIT to take advantage of this. It's still possible to play around with
larger numbers of buckets, and we should probably keep this for a little while
until we convince ourselves that using just two buckets is the right call.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::shouldOptimizeNow):
* bytecode/ValueProfile.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Heuristics.cpp:
(JSC::Heuristics::initializeHeuristics):
* runtime/Heuristics.h:
2011-11-03 Filip Pizlo <fpizlo@apple.com>
JSC should be able to sample itself in a more flexible way than just sampling flags
https://bugs.webkit.org/show_bug.cgi?id=71522
Reviewed by Gavin Barraclough.
Added a construct that looks like SamplingRegion samplingRegion("name").
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/SamplingTool.cpp:
(JSC::SamplingRegion::Locker::Locker):
(JSC::SamplingRegion::Locker::~Locker):
(JSC::SamplingRegion::sample):
(JSC::SamplingRegion::dump):
(JSC::SamplingRegion::dumpInternal):
(JSC::SamplingThread::threadStartFunc):
* bytecode/SamplingTool.h:
(JSC::SamplingRegion::SamplingRegion):
(JSC::SamplingRegion::~SamplingRegion):
(JSC::SamplingRegion::exchangeCurrent):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::generate):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* heap/Heap.cpp:
(JSC::Heap::markRoots):
(JSC::Heap::collect):
* heap/VTableSpectrum.cpp:
(JSC::VTableSpectrum::countVPtr):
(JSC::VTableSpectrum::dump):
* heap/VTableSpectrum.h:
* jsc.cpp:
(main):
(runWithScripts):
* parser/Parser.h:
(JSC::parse):
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* wtf/Atomics.h:
(WTF::weakCompareAndSwap):
* wtf/Platform.h:
* wtf/Spectrum.h: Added.
(WTF::Spectrum::Spectrum):
(WTF::Spectrum::add):
(WTF::Spectrum::get):
(WTF::Spectrum::begin):
(WTF::Spectrum::end):
(WTF::Spectrum::KeyAndCount::KeyAndCount):
(WTF::Spectrum::KeyAndCount::operator<):
(WTF::Spectrum::buildList):
* wtf/wtf.pri:
2011-11-05 Sam Weinig <sam@webkit.org>
Fix windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-11-04 Sam Weinig <sam@webkit.org>
Reduce the number of putWithAttributes
https://bugs.webkit.org/show_bug.cgi?id=71597
Reviewed by Adam Roben.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
Remove exports of removed functions.
* runtime/JSActivation.cpp:
(JSC::JSActivation::putWithAttributes):
Calling the overload without the extra parameters does the same thing.
* runtime/JSObject.cpp:
(JSC::JSObject::putWithAttributes):
* runtime/JSObject.h:
Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
two overloads not virtual, since no one overrides it.
2011-11-04 Pratik Solanki <psolanki@apple.com>
sqrtDouble and andnotDouble should be declared noreturn
https://bugs.webkit.org/show_bug.cgi?id=71592
Reviewed by Sam Weinig.
* assembler/MacroAssemblerARMv7.h:
2011-11-04 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::hasInstance
https://bugs.webkit.org/show_bug.cgi?id=71430
Reviewed by Darin Adler.
Added hasInstance to the MethodTable, changed all the virtual
implementations of hasInstance to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::hasInstance):
* API/JSValueRef.cpp:
(JSValueIsInstanceOfConstructor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ClassInfo.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::hasInstance):
* runtime/JSBoundFunction.h:
* runtime/JSCell.cpp:
(JSC::JSCell::hasInstance):
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::hasInstance):
* runtime/JSObject.h:
2011-11-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
[Qt] Refactor and clean up the qmake build system
The qmake build system has accumulated a bit of cruft and redundancy
over time. There's also a fairly tight coupling between how to build
the various targets, and _what_ to build, making it harder to add new
rules or sources. This patch aims to elevate these issues somewhat.
This is a short-list of the changes:
* The rules for how to build targets are now mostly contained as
prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
allows us to do pre- and post-processing of each project file,
which helps to clean up the actual project files.
* Derived sources are no longer generated as a separate make-step
but is part of each target's project file as a subdir. Makefile
rules are used to ensure that we run make on the derived sources
before running qmake on the actual target makefile. This makes
it easier to keep a proper dependency between derived sources
and the target.
* We use GNU make and the compiler to generate dependencies on
UNIX-based systems running Qt 5. This allows us to lessen the
need to run qmake, which should reduce compile time.
* WebKit2 is now build by default if building with Qt 5. It can
be disabled by passing --no-webkit2 to build-webkit.
The result of these changes are hopefully a cleaner and easier
build system to modify, and faster build times due to no longer
running qmake on every single build. It's also a first step
towards possibly generating the list of sources using another
build system.
https://bugs.webkit.org/show_bug.cgi?id=71222
Reviewed by Simon Hausmann.
* DerivedSources.pri: Added.
* DerivedSources.pro: Removed.
* JavaScriptCore.pro:
* Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
* headers.pri: Removed.
* jsc.pro:
* wtf/wtf.pri:
* yarr/yarr.pri:
2011-11-04 Yuqiang Xian <yuqiang.xian@intel.com>
More code clean-up in DFG 32_64
https://bugs.webkit.org/show_bug.cgi?id=71540
Remove unnecessary code duplications, and fix compilation warnings.
Reviewed by Gavin Barraclough.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::emitCount):
(JSC::DFG::JITCompiler::setSamplingFlag):
(JSC::DFG::JITCompiler::clearSamplingFlag):
(JSC::DFG::JITCompiler::jitAssertIsCell):
* dfg/DFGJITCompiler32_64.cpp:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-11-04 Csaba Osztrogonác <ossy@webkit.org>
De-virtualize JSObject::hasInstance
https://bugs.webkit.org/show_bug.cgi?id=71430
Unreviewed rolling out r99238, because it made a test crash on all platform.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::hasInstance):
* API/JSValueRef.cpp:
(JSValueIsInstanceOfConstructor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ClassInfo.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::hasInstance):
* runtime/JSBoundFunction.h:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::hasInstance):
* runtime/JSObject.h:
2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::getPropertyNames
https://bugs.webkit.org/show_bug.cgi?id=71306
Reviewed by Darin Adler.
Added getPropertyNames to the MethodTable, changed all the virtual
implementations of getPropertyNames to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* API/JSObjectRef.cpp:
(JSObjectCopyPropertyNames):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::getOwnPropertyNames):
* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getPropertyNames):
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::getPropertyNames):
(JSC::JSObject::getOwnPropertyNames):
* runtime/JSObject.h:
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::create):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::print):
* runtime/Structure.cpp:
(JSC::Structure::getPropertyNamesFromStructure):
* runtime/Structure.h:
2011-11-03 Darin Adler <darin@apple.com>
Change remaining callers of releaseRef to call leakRef
https://bugs.webkit.org/show_bug.cgi?id=71422
* wtf/text/AtomicString.cpp:
(WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
2011-11-02 Darin Adler <darin@apple.com>
Change remaining callers of releaseRef to call leakRef
https://bugs.webkit.org/show_bug.cgi?id=71422
* wtf/text/AtomicString.cpp:
(WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::hasInstance
https://bugs.webkit.org/show_bug.cgi?id=71430
Reviewed by Darin Adler.
Added hasInstance to the MethodTable, changed all the virtual
implementations of hasInstance to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::hasInstance):
* API/JSValueRef.cpp:
(JSValueIsInstanceOfConstructor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ClassInfo.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::hasInstance):
* runtime/JSBoundFunction.h:
* runtime/JSCell.cpp:
(JSC::JSCell::hasInstance):
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::hasInstance):
* runtime/JSObject.h:
2011-11-03 Filip Pizlo <fpizlo@apple.com>
JIT-specific code should be able to refer to register types even on JIT-disabled builds
https://bugs.webkit.org/show_bug.cgi?id=71498
Reviewed by Gavin Barraclough.
* assembler/MacroAssembler.h:
(MacroAssembler::MacroAssembler):
2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::className
https://bugs.webkit.org/show_bug.cgi?id=71428
Reviewed by Sam Weinig.
Added className to the MethodTable, changed all the virtual
implementations of className to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::className):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::className):
* debugger/DebuggerActivation.h:
* jsc.cpp:
(GlobalObject::createStructure):
* profiler/Profiler.cpp:
(JSC::Profiler::createCallIdentifier):
* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::className):
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::className):
* runtime/JSObject.h:
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncToString):
* testRegExp.cpp:
(GlobalObject::createStructure):
2011-11-02 Jer Noble <jer.noble@apple.com>
Add Clock class and platform-specific implementations.
https://bugs.webkit.org/show_bug.cgi?id=71341
Reviewed by Sam Weinig.
Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
* wtf/Platform.h:
2011-11-03 Pavel Feldman <pfeldman@chromium.org>
Not reviewed: fixing win build. step2.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-11-03 Pavel Feldman <pfeldman@chromium.org>
Not reviewed: fix windows build, step1
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-11-03 Pavel Feldman <pfeldman@google.com>
Web Inspector: preserve script location for inline handlers.
https://bugs.webkit.org/show_bug.cgi?id=71367
Makes SourceCode factories receive TextPosition instead of the line number;
Stores consistent position values in SourceCode and SourceProvider;
Reviewed by Yury Semikhatsky.
* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
* API/JSObjectRef.cpp:
(JSObjectMakeFunction):
* parser/SourceCode.h:
(JSC::makeSource):
* parser/SourceProvider.h:
(JSC::SourceProvider::SourceProvider):
(JSC::SourceProvider::startPosition):
(JSC::UStringSourceProvider::create):
(JSC::UStringSourceProvider::UStringSourceProvider):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/FunctionConstructor.h:
2011-11-03 Kentaro Hara <haraken@chromium.org>
Fixed wrong implementation of doubleValue % 2^{64}.
https://bugs.webkit.org/show_bug.cgi?id=67980
Reviewed by Hajime Morita.
fast/events/constructors/progress-event-constructor.html was failing
because of the wrong implementation of conversion from an ECMAScript value
to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
In particular, the calculation of doubleValue % 2^{64} was wrong.
This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
* wtf/MathExtras.h:
(doubleToInteger): Implemented the spec correctly.
2011-11-03 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r99089.
http://trac.webkit.org/changeset/99089
https://bugs.webkit.org/show_bug.cgi?id=71448
@plt postfix for math functions cause crash on Linux 32 (the
symbol is defined but it points to NULL) (Requested by
zherczeg on #webkit).
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
* jit/ThunkGenerators.cpp:
2011-11-02 Filip Pizlo <fpizlo@apple.com>
DFG inlining breaks function.arguments[something] if the argument being
retrieved was subjected to DFG's unboxing optimizations
https://bugs.webkit.org/show_bug.cgi?id=71436
Reviewed by Oliver Hunt.
This makes inlined arguments retrieval use some of the same machinery as
OSR to determine where from, and how, to retrieve a value that the DFG
might have somehow squirreled away while the old JIT would put it in its
obvious location, using an obvious format.
To that end, previously DFG-internal notions such as DataFormat,
VirtualRegister, and ValueRecovery are now in bytecode/ since they are
stored as part of InlineCallFrames.
* bytecode/CodeOrigin.h:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::trueCallerFrame):
* interpreter/CallFrame.h:
(JSC::ExecState::inlineCallFrame):
* interpreter/Register.h:
(JSC::Register::asInlineCallFrame):
(JSC::Register::unboxedInt32):
(JSC::Register::unboxedBoolean):
(JSC::Register::unboxedCell):
* runtime/Arguments.h:
(JSC::Arguments::finishCreationAndCopyRegisters):
2011-11-02 Filip Pizlo <fpizlo@apple.com>
ValueRecovery should be moved out of the DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=71439
Reviewed by Oliver Hunt.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/DataFormat.h: Added.
(JSC::dataFormatToString):
(JSC::needDataFormatConversion):
(JSC::isJSFormat):
(JSC::isJSInteger):
(JSC::isJSDouble):
(JSC::isJSCell):
(JSC::isJSBoolean):
* bytecode/ValueRecovery.h: Added.
(JSC::ValueRecovery::ValueRecovery):
(JSC::ValueRecovery::alreadyInRegisterFile):
(JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
(JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
(JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
(JSC::ValueRecovery::inGPR):
(JSC::ValueRecovery::inPair):
(JSC::ValueRecovery::inFPR):
(JSC::ValueRecovery::displacedInRegisterFile):
(JSC::ValueRecovery::constant):
(JSC::ValueRecovery::technique):
(JSC::ValueRecovery::isInRegisters):
(JSC::ValueRecovery::gpr):
(JSC::ValueRecovery::tagGPR):
(JSC::ValueRecovery::payloadGPR):
(JSC::ValueRecovery::fpr):
(JSC::ValueRecovery::virtualRegister):
(JSC::ValueRecovery::dump):
* bytecode/VirtualRegister.h: Added.
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::isJSFormat):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueSource::dump):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGVariableAccessData.h:
2011-11-02 Sam Weinig <sam@webkit.org>
Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
https://bugs.webkit.org/show_bug.cgi?id=71333
Reviewed by Gavin Barraclough.
Tested by fast/dom/getter-on-window-object2.html
* runtime/PropertyDescriptor.cpp:
(JSC::PropertyDescriptor::setDescriptor):
The attributes returned from Structure::get do not include Getter or Setter, so
instead check if the value is a GetterSetter like we do elsewhere. If it is, update
the descriptor's attributes accordingly.
2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
FunctionPtr should accept FASTCALL functions on X86
https://bugs.webkit.org/show_bug.cgi?id=71434
Reviewed by Filip Pizlo.
On X86 we sometimes use FASTCALL convention functions, for example the
cti functions, and we may need the pointers to such functions, e.g.,
in current DFG register file check and arity check, though long term
we may avoid such usage of cti calls in DFG.
* assembler/MacroAssemblerCodeRef.h:
(JSC::FunctionPtr::FunctionPtr):
2011-11-02 Filip Pizlo <fpizlo@apple.com>
Inlined uses of the global object should use the right global object
https://bugs.webkit.org/show_bug.cgi?id=71427
Reviewed by Oliver Hunt.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::globalObjectFor):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
Remove some unnecessary loads/stores in DFG JIT 32_64
https://bugs.webkit.org/show_bug.cgi?id=71090
Reviewed by Filip Pizlo.
In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
be eliminated.
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2011-11-02 Adam Klein <adamk@chromium.org>
Replace usage of StringImpl with String where possible in CharacterData and Text
https://bugs.webkit.org/show_bug.cgi?id=71383
Reviewed by Darin Adler.
* wtf/text/WTFString.h:
(WTF::String::containsOnlyWhitespace): Added new method.
2011-11-02 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::getOwnPropertyNames
https://bugs.webkit.org/show_bug.cgi?id=71307
Reviewed by Darin Adler.
Added getOwnPropertyNames to the MethodTable, changed all the virtual
implementations of getOwnPropertyNames to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getOwnPropertyNames):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::getOwnPropertyNames):
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertyNames):
* runtime/Arguments.h:
* runtime/ClassInfo.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnPropertyNames):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::getOwnPropertyNames):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::getOwnPropertyNames):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getOwnPropertyNames):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertyNames):
* runtime/JSFunction.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::getOwnPropertyNames):
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::getPropertyNames):
(JSC::JSObject::getOwnPropertyNames):
* runtime/JSObject.h:
* runtime/JSVariableObject.cpp:
(JSC::JSVariableObject::~JSVariableObject):
(JSC::JSVariableObject::getOwnPropertyNames):
* runtime/JSVariableObject.h:
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetOwnPropertyNames):
(JSC::objectConstructorKeys):
(JSC::defineProperties):
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::getOwnPropertyNames):
* runtime/StringObject.cpp:
(JSC::StringObject::getOwnPropertyNames):
* runtime/StringObject.h:
* runtime/Structure.h:
2011-11-02 Dean Jackson <dino@apple.com>
Add ENABLE_CSS_SHADERS flag
https://bugs.webkit.org/show_bug.cgi?id=71394
Reviewed by Sam Weinig.
* Configurations/FeatureDefines.xcconfig:
2011-11-02 Alexey Shabalin <a.shabalin@gmail.com>
TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
https://bugs.webkit.org/show_bug.cgi?id=70610
Reviewed by Martin Robinson.
Properly annotate ASM on BSD and Linux x86 systems.
* dfg/DFGOperations.cpp: Add annotation for X86.
* jit/JITStubs.cpp: Ditto.
* jit/ThunkGenerators.cpp: Ditto.
2011-11-02 Xianzhu Wang <wangxianzhu@chromium.org>
Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
https://bugs.webkit.org/show_bug.cgi?id=71347
Reviewed by Geoffrey Garen.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::reallocate):
2011-11-01 Darin Adler <darin@apple.com>
Cut down on malloc/free a bit in the parser arena
https://bugs.webkit.org/show_bug.cgi?id=71343
Reviewed by Oliver Hunt.
* parser/ParserArena.cpp:
(JSC::ParserArena::deallocateObjects): Call the destructors of
the deletable objects before freeing the pools. Don't call
fastFree on the deletable objects any more.
* parser/ParserArena.h:
(JSC::ParserArena::allocateDeletable): Use allocateFreeable
instead of fastMalloc here.
2011-11-01 Sam Weinig <sam@webkit.org>
Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
https://bugs.webkit.org/show_bug.cgi?id=71336
Reviewed by Darin Adler.
* debugger/DebuggerActivation.cpp:
* debugger/DebuggerActivation.h:
Remove overrides of lookupGetter/lookupSetter, which are no longer needed
due to implementing getPropertyDescriptor.
* runtime/JSObject.cpp:
(JSC::JSObject::lookupGetter):
(JSC::JSObject::lookupSetter):
* runtime/JSObject.h:
De-virtualize lookupGetter/lookupSetter, and implement them in terms of
getPropertyDescriptor.
2011-11-01 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::defineSetter
https://bugs.webkit.org/show_bug.cgi?id=71303
Reviewed by Darin Adler.
Added defineSetter to the MethodTable, changed all the virtual
implementations of defineSetter to static ones, and replaced
all call sites with corresponding lookups in the MethodTable.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::defineSetter):
* debugger/DebuggerActivation.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::defineSetter):
* runtime/JSCell.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::defineSetter):
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::defineSetter):
(JSC::putDescriptor):
* runtime/JSObject.h:
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncDefineSetter):
2011-11-01 Filip Pizlo <fpizlo@apple.com>
DFG inlining breaks function.arguments
https://bugs.webkit.org/show_bug.cgi?id=71329
Reviewed by Oliver Hunt.
The DFG was forgetting to store code origin mappings for inlined
call sites. Some of the fast-path optimizations for
CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
was wrong.
I also took the opportunity to decrease code duplication between
DFG64 and DFG32_64, because I didn't feel like writing the same
code twice.
* bytecode/CodeBlock.h:
(JSC::ExecState::isInlineCallFrame):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler32_64.cpp:
* dfg/DFGNode.h:
* interpreter/CallFrame.cpp:
(JSC::CallFrame::trueCallerFrame):
* interpreter/CallFrame.h:
* runtime/Arguments.h:
(JSC::Arguments::getArgumentsData):
2011-11-01 Xianzhu Wang <wangxianzhu@chromium.org>
StringImpl::reallocate() should have a 8-bit version
https://bugs.webkit.org/show_bug.cgi?id=71210
Reviewed by Geoffrey Garen.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::reallocate):
* wtf/text/StringImpl.h:
2011-10-31 Filip Pizlo <fpizlo@apple.com>
The GC should be parallel
https://bugs.webkit.org/show_bug.cgi?id=70995
Reviewed by Geoff Garen.
Added parallel tracing to the GC. This works by having local mark
stacks per thread, and a global shared one. Threads sometimes
donate cells from the mark stack to the global one if the heuristics
tell them that it's affordable to do so. Threads that have depleted
their local mark stacks try to steal some from the shared one.
Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
This is a 23% speed-up on V8-splay when I use 4 marking threads,
leading to a 3.5% speed-up on V8.
It also appears that this reduces GC pause times on real websites by
more than half.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::~Heap):
(JSC::Heap::markRoots):
* heap/Heap.h:
* heap/MarkStack.cpp:
(JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
(JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
(JSC::MarkStackSegmentAllocator::allocate):
(JSC::MarkStackSegmentAllocator::release):
(JSC::MarkStackSegmentAllocator::shrinkReserve):
(JSC::MarkStackArray::MarkStackArray):
(JSC::MarkStackArray::~MarkStackArray):
(JSC::MarkStackArray::expand):
(JSC::MarkStackArray::refill):
(JSC::MarkStackArray::donateSomeCellsTo):
(JSC::MarkStackArray::stealSomeCellsFrom):
(JSC::MarkStackThreadSharedData::markingThreadMain):
(JSC::MarkStackThreadSharedData::markingThreadStartFunc):
(JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
(JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
(JSC::MarkStackThreadSharedData::reset):
(JSC::MarkStack::reset):
(JSC::SlotVisitor::donateSlow):
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::drainFromShared):
(JSC::MarkStack::mergeOpaqueRoots):
(JSC::SlotVisitor::harvestWeakReferences):
* heap/MarkStack.h:
(JSC::MarkStackSegment::data):
(JSC::MarkStackSegment::capacityFromSize):
(JSC::MarkStackSegment::sizeFromCapacity):
(JSC::MarkStackArray::postIncTop):
(JSC::MarkStackArray::preDecTop):
(JSC::MarkStackArray::setTopForFullSegment):
(JSC::MarkStackArray::setTopForEmptySegment):
(JSC::MarkStackArray::top):
(JSC::MarkStackArray::validatePrevious):
(JSC::MarkStack::addWeakReferenceHarvester):
(JSC::MarkStack::mergeOpaqueRootsIfNecessary):
(JSC::MarkStack::mergeOpaqueRootsIfProfitable):
(JSC::MarkStack::MarkStack):
(JSC::MarkStack::addOpaqueRoot):
(JSC::MarkStack::containsOpaqueRoot):
(JSC::MarkStack::opaqueRootCount):
(JSC::MarkStackArray::append):
(JSC::MarkStackArray::canRemoveLast):
(JSC::MarkStackArray::removeLast):
(JSC::MarkStackArray::isEmpty):
(JSC::MarkStackArray::canDonateSomeCells):
(JSC::MarkStackArray::size):
(JSC::ParallelModeEnabler::ParallelModeEnabler):
(JSC::ParallelModeEnabler::~ParallelModeEnabler):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::testAndSetMarked):
* heap/SlotVisitor.h:
(JSC::SlotVisitor::donate):
(JSC::SlotVisitor::donateAndDrain):
(JSC::SlotVisitor::donateKnownParallel):
(JSC::SlotVisitor::SlotVisitor):
* heap/WeakReferenceHarvester.h:
* runtime/Heuristics.cpp:
(JSC::Heuristics::initializeHeuristics):
* runtime/Heuristics.h:
* wtf/Atomics.h:
(WTF::weakCompareAndSwap):
* wtf/Bitmap.h:
(WTF::::Bitmap):
(WTF::::get):
(WTF::::set):
(WTF::::testAndSet):
(WTF::::testAndClear):
(WTF::::concurrentTestAndSet):
(WTF::::concurrentTestAndClear):
(WTF::::clear):
(WTF::::clearAll):
(WTF::::nextPossiblyUnset):
(WTF::::findRunOfZeros):
(WTF::::count):
(WTF::::isEmpty):
(WTF::::isFull):
* wtf/MainThread.h:
(WTF::isMainThreadOrGCThread):
* wtf/Platform.h:
* wtf/ThreadSpecific.h:
(WTF::::isSet):
* wtf/mac/MainThreadMac.mm:
(WTF::initializeGCThreads):
(WTF::initializeMainThreadPlatform):
(WTF::initializeMainThreadToProcessMainThreadPlatform):
(WTF::registerGCThread):
(WTF::isMainThreadOrGCThread):
2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::defaultValue
https://bugs.webkit.org/show_bug.cgi?id=71146
Reviewed by Sam Weinig.
Added defaultValue to the MethodTable. Replaced all virtual versions of
defaultValue with static versions. Replaced all call sites with lookups in the
MethodTable.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/ClassInfo.h:
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::defaultValue):
(JSC::TerminatedExecutionError::defaultValue):
* runtime/ExceptionHelpers.h:
* runtime/JSCell.cpp:
(JSC::JSCell::defaultValue):
* runtime/JSCell.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::defaultValue):
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::getPrimitiveNumber):
(JSC::JSObject::defaultValue):
* runtime/JSObject.h:
(JSC::JSObject::toPrimitive):
2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
Interpreter build fix
Unreviewed build fix
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* runtime/Executable.cpp:
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
2011-10-31 Filip Pizlo <fpizlo@apple.com>
DFG OSR exits should add to value profiles
https://bugs.webkit.org/show_bug.cgi?id=71202
Reviewed by Oliver Hunt.
Value profiles now have an extra special slot not used by the old JIT's
profiling, which is reserved for OSR exits.
The DFG's OSR exit code now knows which register, node index, and value
profiling site was responsible for the (possibly flawed) information that
led to the OSR failure. This is somewhat opportunistic and imperfect;
if there's a lot of control flow between the value profiling site and the
OSR failure point, then this mechanism simply gives up. It also gives up
if the OSR failure is caused by either known deficiencies in the DFG
(like that we always assume that the index in a strict charCodeAt access
is within bounds) or where the OSR failure would be catalogues and
profiled through other means (like slow case counters).
This patch also adds the notion of a JSValueRegs, which is either a
single register in JSVALUE64 or a pair in JSVALUE32_64. We should
probably move the 32_64 DFG towards using this, since it often makes it
easier to share code between 64 and 32_64.
Also fixed a number of pathologies that this uncovered. op_method_check
didn't have a value profiling site on the slow path. GetById should not
always force OSR exit if it never executed in the old JIT; we may be
able to infer its type if it's a array or string length get. Finally,
these changes benefit from a slight tweak to optimization delay
heuristics (profile fullness is now 0.35 instead of 0.25).
3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
and imaging-darkroom.
* bytecode/ValueProfile.cpp:
(JSC::ValueProfile::computeStatistics):
(JSC::ValueProfile::computeUpdatedPrediction):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::ValueProfile):
(JSC::ValueProfile::specFailBucket):
(JSC::ValueProfile::numberOfSamples):
(JSC::ValueProfile::isLive):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfCells):
(JSC::ValueProfile::numberOfObjects):
(JSC::ValueProfile::numberOfFinalObjects):
(JSC::ValueProfile::numberOfStrings):
(JSC::ValueProfile::numberOfArrays):
(JSC::ValueProfile::numberOfBooleans):
(JSC::ValueProfile::dump):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getPrediction):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGPRInfo.h:
(JSC::DFG::JSValueRegs::JSValueRegs):
(JSC::DFG::JSValueRegs::operator!):
(JSC::DFG::JSValueRegs::gpr):
(JSC::DFG::JSValueSource::JSValueSource):
(JSC::DFG::JSValueSource::unboxedCell):
(JSC::DFG::JSValueSource::operator!):
(JSC::DFG::JSValueSource::isAddress):
(JSC::DFG::JSValueSource::offset):
(JSC::DFG::JSValueSource::base):
(JSC::DFG::JSValueSource::gpr):
(JSC::DFG::JSValueSource::asAddress):
(JSC::DFG::JSValueSource::notAddress):
(JSC::DFG::JSValueRegs::tagGPR):
(JSC::DFG::JSValueRegs::payloadGPR):
(JSC::DFG::JSValueSource::tagGPR):
(JSC::DFG::JSValueSource::payloadGPR):
(JSC::DFG::JSValueSource::hasKnownTag):
(JSC::DFG::JSValueSource::tag):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::jsValueRegs):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::valueProfileFor):
* dfg/DFGJITCodeGenerator.h:
(JSC::JSValueOperand::jsValueRegs):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::valueProfileFor):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::speculationCheck):
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitSlow_op_method_check):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitSlow_op_method_check):
* runtime/Heuristics.cpp:
(JSC::Heuristics::initializeHeuristics):
* runtime/JSValue.h:
2011-10-31 Sam Weinig <sam@webkit.org>
Remove need for virtual JSObject::unwrappedObject
https://bugs.webkit.org/show_bug.cgi?id=71034
Reviewed by Geoffrey Garen.
* JavaScriptCore.exp:
Update exports.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
Add JSGlobalThis.cpp.
* runtime/JSGlobalThis.cpp: Added.
(JSC::JSGlobalThis::visitChildren):
(JSC::JSGlobalThis::unwrappedObject):
* runtime/JSGlobalThis.h:
(JSC::JSGlobalThis::createStructure):
Move underlying object from JSDOMWindowShell down to JSGlobalThis
and corresponding visitChildren method.
* runtime/JSObject.cpp:
(JSC::JSObject::unwrappedObject):
Change unwrappedObject from virtual, to just needing an if check.
* runtime/JSObject.h:
(JSC::JSObject::isGlobalThis):
* runtime/JSType.h:
Add isGlobalThis predicate and type.
2011-10-31 Xianzhu Wang <wangxianzhu@chromium.org>
WTF::StringImpl::create(const char*, unsigned) calls itself
https://bugs.webkit.org/show_bug.cgi?id=71206
The original implementation just calls itself, causing infinite recursion.
Cast the first parameter to const LChar* to fix that.
Reviewed by Ryosuke Niwa.
* wtf/text/StringImpl.h:
(WTF::StringImpl::create):
2011-10-31 Andy Wingo <wingo@igalia.com>
Fix DFG JIT compilation on Linux targets.
https://bugs.webkit.org/show_bug.cgi?id=70904
Reviewed by Darin Adler.
* jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
macro.
* dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
simplified definition from jit/JITStubs.cpp.
(FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
Use the macro to access trampoline targets through the PLT on PIC
systems, instead of introducing a text relocation. Otherwise, the
library fails to link.
2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSObject::defineGetter
https://bugs.webkit.org/show_bug.cgi?id=71134
Reviewed by Darin Adler.
Added defineGetter to the MethodTable. Replaced all virtual versions of defineGetter
with static versions. Replaced all call sites with lookups in the MethodTable.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::defineGetter):
* debugger/DebuggerActivation.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::defineGetter):
* runtime/JSCell.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::defineGetter):
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::defineGetter):
(JSC::putDescriptor):
* runtime/JSObject.h:
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncDefineGetter):
2011-10-31 Michael Saboff <msaboff@apple.com>
Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
https://bugs.webkit.org/show_bug.cgi?id=71138
Restructure and movement of Lexer and Parser code.
Moved Lexer and Parser objects out of JSGlobalData.
Added a new ParserTokens class and instance to JSGlobalData that
have JavaScript token related definitions.
Replaced JSGlobalData arguments to Node classes with lineNumber,
as that was the only use of the JSGlobalData.
Combined JSParser and Parser classes into one class,
eliminating JSParser.h and .cpp.
Various supporting #include changes.
These mostly mechanical changes are done in preparation to
making the Lexer and Parser template classes.
Reviewed by Darin Adler.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecompiler/NodesCodegen.cpp:
(JSC::ArrayNode::toArgumentList):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::ASTBuilder):
(JSC::ASTBuilder::createSourceElements):
(JSC::ASTBuilder::createCommaExpr):
(JSC::ASTBuilder::createLogicalNot):
(JSC::ASTBuilder::createUnaryPlus):
(JSC::ASTBuilder::createVoid):
(JSC::ASTBuilder::thisExpr):
(JSC::ASTBuilder::createResolve):
(JSC::ASTBuilder::createObjectLiteral):
(JSC::ASTBuilder::createArray):
(JSC::ASTBuilder::createNumberExpr):
(JSC::ASTBuilder::createString):
(JSC::ASTBuilder::createBoolean):
(JSC::ASTBuilder::createNull):
(JSC::ASTBuilder::createBracketAccess):
(JSC::ASTBuilder::createDotAccess):
(JSC::ASTBuilder::createRegExp):
(JSC::ASTBuilder::createNewExpr):
(JSC::ASTBuilder::createConditionalExpr):
(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createFunctionExpr):
(JSC::ASTBuilder::createFunctionBody):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createArguments):
(JSC::ASTBuilder::createArgumentsList):
(JSC::ASTBuilder::createPropertyList):
(JSC::ASTBuilder::createElementList):
(JSC::ASTBuilder::createFormalParameterList):
(JSC::ASTBuilder::createClause):
(JSC::ASTBuilder::createClauseList):
(JSC::ASTBuilder::createFuncDeclStatement):
(JSC::ASTBuilder::createBlockStatement):
(JSC::ASTBuilder::createExprStatement):
(JSC::ASTBuilder::createIfStatement):
(JSC::ASTBuilder::createForLoop):
(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createEmptyStatement):
(JSC::ASTBuilder::createVarStatement):
(JSC::ASTBuilder::createReturnStatement):
(JSC::ASTBuilder::createBreakStatement):
(JSC::ASTBuilder::createContinueStatement):
(JSC::ASTBuilder::createTryStatement):
(JSC::ASTBuilder::createSwitchStatement):
(JSC::ASTBuilder::createWhileStatement):
(JSC::ASTBuilder::createDoWhileStatement):
(JSC::ASTBuilder::createLabelStatement):
(JSC::ASTBuilder::createWithStatement):
(JSC::ASTBuilder::createThrowStatement):
(JSC::ASTBuilder::createDebugger):
(JSC::ASTBuilder::createConstStatement):
(JSC::ASTBuilder::appendConstDecl):
(JSC::ASTBuilder::combineCommaNodes):
(JSC::ASTBuilder::appendBinaryOperation):
(JSC::ASTBuilder::createAssignment):
(JSC::ASTBuilder::createNumber):
(JSC::ASTBuilder::makeTypeOfNode):
(JSC::ASTBuilder::makeDeleteNode):
(JSC::ASTBuilder::makeNegateNode):
(JSC::ASTBuilder::makeBitwiseNotNode):
(JSC::ASTBuilder::makeMultNode):
(JSC::ASTBuilder::makeDivNode):
(JSC::ASTBuilder::makeModNode):
(JSC::ASTBuilder::makeAddNode):
(JSC::ASTBuilder::makeSubNode):
(JSC::ASTBuilder::makeLeftShiftNode):
(JSC::ASTBuilder::makeRightShiftNode):
(JSC::ASTBuilder::makeURightShiftNode):
(JSC::ASTBuilder::makeBitOrNode):
(JSC::ASTBuilder::makeBitAndNode):
(JSC::ASTBuilder::makeBitXOrNode):
(JSC::ASTBuilder::makeFunctionCallNode):
(JSC::ASTBuilder::makeBinaryNode):
(JSC::ASTBuilder::makeAssignNode):
(JSC::ASTBuilder::makePrefixNode):
(JSC::ASTBuilder::makePostfixNode):
* parser/JSParser.cpp: Removed.
* parser/JSParser.h: Removed.
* parser/Lexer.cpp:
(JSC::Keywords::Keywords):
(JSC::Lexer::Lexer):
(JSC::Lexer::~Lexer):
(JSC::Lexer::setCode):
(JSC::Lexer::parseIdentifier):
* parser/Lexer.h:
(JSC::Keywords::isKeyword):
(JSC::Keywords::getKeyword):
(JSC::Keywords::~Keywords):
(JSC::Lexer::setIsReparsing):
(JSC::Lexer::isReparsing):
(JSC::Lexer::lineNumber):
(JSC::Lexer::setLastLineNumber):
(JSC::Lexer::lastLineNumber):
(JSC::Lexer::prevTerminator):
(JSC::Lexer::sawError):
(JSC::Lexer::getErrorMessage):
(JSC::Lexer::currentOffset):
(JSC::Lexer::setOffset):
(JSC::Lexer::setLineNumber):
(JSC::Lexer::sourceProvider):
(JSC::Lexer::isWhiteSpace):
(JSC::Lexer::isLineTerminator):
(JSC::Lexer::convertHex):
(JSC::Lexer::convertUnicode):
(JSC::Lexer::makeIdentifier):
(JSC::Lexer::lexExpectIdentifier):
* parser/NodeConstructors.h:
(JSC::ParserArenaFreeable::operator new):
(JSC::ParserArenaDeletable::operator new):
(JSC::ParserArenaRefCounted::ParserArenaRefCounted):
(JSC::Node::Node):
(JSC::ExpressionNode::ExpressionNode):
(JSC::StatementNode::StatementNode):
(JSC::NullNode::NullNode):
(JSC::BooleanNode::BooleanNode):
(JSC::NumberNode::NumberNode):
(JSC::StringNode::StringNode):
(JSC::RegExpNode::RegExpNode):
(JSC::ThisNode::ThisNode):
(JSC::ResolveNode::ResolveNode):
(JSC::ElementNode::ElementNode):
(JSC::ArrayNode::ArrayNode):
(JSC::PropertyNode::PropertyNode):
(JSC::PropertyListNode::PropertyListNode):
(JSC::ObjectLiteralNode::ObjectLiteralNode):
(JSC::BracketAccessorNode::BracketAccessorNode):
(JSC::DotAccessorNode::DotAccessorNode):
(JSC::ArgumentListNode::ArgumentListNode):
(JSC::ArgumentsNode::ArgumentsNode):
(JSC::NewExprNode::NewExprNode):
(JSC::EvalFunctionCallNode::EvalFunctionCallNode):
(JSC::FunctionCallValueNode::FunctionCallValueNode):
(JSC::FunctionCallResolveNode::FunctionCallResolveNode):
(JSC::FunctionCallBracketNode::FunctionCallBracketNode):
(JSC::FunctionCallDotNode::FunctionCallDotNode):
(JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
(JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
(JSC::PrePostResolveNode::PrePostResolveNode):
(JSC::PostfixResolveNode::PostfixResolveNode):
(JSC::PostfixBracketNode::PostfixBracketNode):
(JSC::PostfixDotNode::PostfixDotNode):
(JSC::PostfixErrorNode::PostfixErrorNode):
(JSC::DeleteResolveNode::DeleteResolveNode):
(JSC::DeleteBracketNode::DeleteBracketNode):
(JSC::DeleteDotNode::DeleteDotNode):
(JSC::DeleteValueNode::DeleteValueNode):
(JSC::VoidNode::VoidNode):
(JSC::TypeOfResolveNode::TypeOfResolveNode):
(JSC::TypeOfValueNode::TypeOfValueNode):
(JSC::PrefixResolveNode::PrefixResolveNode):
(JSC::PrefixBracketNode::PrefixBracketNode):
(JSC::PrefixDotNode::PrefixDotNode):
(JSC::PrefixErrorNode::PrefixErrorNode):
(JSC::UnaryOpNode::UnaryOpNode):
(JSC::UnaryPlusNode::UnaryPlusNode):
(JSC::NegateNode::NegateNode):
(JSC::BitwiseNotNode::BitwiseNotNode):
(JSC::LogicalNotNode::LogicalNotNode):
(JSC::BinaryOpNode::BinaryOpNode):
(JSC::MultNode::MultNode):
(JSC::DivNode::DivNode):
(JSC::ModNode::ModNode):
(JSC::AddNode::AddNode):
(JSC::SubNode::SubNode):
(JSC::LeftShiftNode::LeftShiftNode):
(JSC::RightShiftNode::RightShiftNode):
(JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
(JSC::LessNode::LessNode):
(JSC::GreaterNode::GreaterNode):
(JSC::LessEqNode::LessEqNode):
(JSC::GreaterEqNode::GreaterEqNode):
(JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
(JSC::InstanceOfNode::InstanceOfNode):
(JSC::InNode::InNode):
(JSC::EqualNode::EqualNode):
(JSC::NotEqualNode::NotEqualNode):
(JSC::StrictEqualNode::StrictEqualNode):
(JSC::NotStrictEqualNode::NotStrictEqualNode):
(JSC::BitAndNode::BitAndNode):
(JSC::BitOrNode::BitOrNode):
(JSC::BitXOrNode::BitXOrNode):
(JSC::LogicalOpNode::LogicalOpNode):
(JSC::ConditionalNode::ConditionalNode):
(JSC::ReadModifyResolveNode::ReadModifyResolveNode):
(JSC::AssignResolveNode::AssignResolveNode):
(JSC::ReadModifyBracketNode::ReadModifyBracketNode):
(JSC::AssignBracketNode::AssignBracketNode):
(JSC::AssignDotNode::AssignDotNode):
(JSC::ReadModifyDotNode::ReadModifyDotNode):
(JSC::AssignErrorNode::AssignErrorNode):
(JSC::CommaNode::CommaNode):
(JSC::ConstStatementNode::ConstStatementNode):
(JSC::SourceElements::SourceElements):
(JSC::EmptyStatementNode::EmptyStatementNode):
(JSC::DebuggerStatementNode::DebuggerStatementNode):
(JSC::ExprStatementNode::ExprStatementNode):
(JSC::VarStatementNode::VarStatementNode):
(JSC::IfNode::IfNode):
(JSC::IfElseNode::IfElseNode):
(JSC::DoWhileNode::DoWhileNode):
(JSC::WhileNode::WhileNode):
(JSC::ForNode::ForNode):
(JSC::ContinueNode::ContinueNode):
(JSC::BreakNode::BreakNode):
(JSC::ReturnNode::ReturnNode):
(JSC::WithNode::WithNode):
(JSC::LabelNode::LabelNode):
(JSC::ThrowNode::ThrowNode):
(JSC::TryNode::TryNode):
(JSC::ParameterNode::ParameterNode):
(JSC::FuncExprNode::FuncExprNode):
(JSC::FuncDeclNode::FuncDeclNode):
(JSC::CaseClauseNode::CaseClauseNode):
(JSC::ClauseListNode::ClauseListNode):
(JSC::CaseBlockNode::CaseBlockNode):
(JSC::SwitchNode::SwitchNode):
(JSC::ConstDeclNode::ConstDeclNode):
(JSC::BlockNode::BlockNode):
(JSC::ForInNode::ForInNode):
* parser/NodeInfo.h:
* parser/Nodes.cpp:
(JSC::StatementNode::setLoc):
(JSC::ScopeNode::ScopeNode):
(JSC::ProgramNode::ProgramNode):
(JSC::ProgramNode::create):
(JSC::EvalNode::EvalNode):
(JSC::EvalNode::create):
(JSC::FunctionBodyNode::FunctionBodyNode):
(JSC::FunctionBodyNode::create):
* parser/Nodes.h:
(JSC::Node::lineNo):
* parser/Parser.cpp:
(JSC::Parser::Parser):
(JSC::Parser::~Parser):
(JSC::Parser::parseInner):
(JSC::Parser::allowAutomaticSemicolon):
(JSC::Parser::parseSourceElements):
(JSC::Parser::parseVarDeclaration):
(JSC::Parser::parseConstDeclaration):
(JSC::Parser::parseDoWhileStatement):
(JSC::Parser::parseWhileStatement):
(JSC::Parser::parseVarDeclarationList):
(JSC::Parser::parseConstDeclarationList):
(JSC::Parser::parseForStatement):
(JSC::Parser::parseBreakStatement):
(JSC::Parser::parseContinueStatement):
(JSC::Parser::parseReturnStatement):
(JSC::Parser::parseThrowStatement):
(JSC::Parser::parseWithStatement):
(JSC::Parser::parseSwitchStatement):
(JSC::Parser::parseSwitchClauses):
(JSC::Parser::parseSwitchDefaultClause):
(JSC::Parser::parseTryStatement):
(JSC::Parser::parseDebuggerStatement):
(JSC::Parser::parseBlockStatement):
(JSC::Parser::parseStatement):
(JSC::Parser::parseFormalParameters):
(JSC::Parser::parseFunctionBody):
(JSC::Parser::parseFunctionInfo):
(JSC::Parser::parseFunctionDeclaration):
(JSC::LabelInfo::LabelInfo):
(JSC::Parser::parseExpressionOrLabelStatement):
(JSC::Parser::parseExpressionStatement):
(JSC::Parser::parseIfStatement):
(JSC::Parser::parseExpression):
(JSC::Parser::parseAssignmentExpression):
(JSC::Parser::parseConditionalExpression):
(JSC::isUnaryOp):
(JSC::Parser::isBinaryOperator):
(JSC::Parser::parseBinaryExpression):
(JSC::Parser::parseProperty):
(JSC::Parser::parseObjectLiteral):
(JSC::Parser::parseStrictObjectLiteral):
(JSC::Parser::parseArrayLiteral):
(JSC::Parser::parsePrimaryExpression):
(JSC::Parser::parseArguments):
(JSC::Parser::parseMemberExpression):
(JSC::Parser::parseUnaryExpression):
* parser/Parser.h:
(JSC::isEvalNode):
(JSC::EvalNode):
(JSC::DepthManager::DepthManager):
(JSC::DepthManager::~DepthManager):
(JSC::ScopeLabelInfo::ScopeLabelInfo):
(JSC::Scope::Scope):
(JSC::Scope::startSwitch):
(JSC::Scope::endSwitch):
(JSC::Scope::startLoop):
(JSC::Scope::endLoop):
(JSC::Scope::inLoop):
(JSC::Scope::breakIsValid):
(JSC::Scope::continueIsValid):
(JSC::Scope::pushLabel):
(JSC::Scope::popLabel):
(JSC::Scope::getLabel):
(JSC::Scope::setIsFunction):
(JSC::Scope::isFunction):
(JSC::Scope::isFunctionBoundary):
(JSC::Scope::declareVariable):
(JSC::Scope::declareWrite):
(JSC::Scope::preventNewDecls):
(JSC::Scope::allowsNewDecls):
(JSC::Scope::declareParameter):
(JSC::Scope::useVariable):
(JSC::Scope::setNeedsFullActivation):
(JSC::Scope::collectFreeVariables):
(JSC::Scope::getUncapturedWrittenVariables):
(JSC::Scope::getCapturedVariables):
(JSC::Scope::setStrictMode):
(JSC::Scope::strictMode):
(JSC::Scope::isValidStrictMode):
(JSC::Scope::shadowsArguments):
(JSC::Scope::copyCapturedVariablesToVector):
(JSC::Scope::saveFunctionInfo):
(JSC::Scope::restoreFunctionInfo):
(JSC::ScopeRef::ScopeRef):
(JSC::ScopeRef::operator->):
(JSC::ScopeRef::index):
(JSC::ScopeRef::hasContainingScope):
(JSC::ScopeRef::containingScope):
(JSC::Parser::AllowInOverride::AllowInOverride):
(JSC::Parser::AllowInOverride::~AllowInOverride):
(JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
(JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
(JSC::Parser::AutoPopScopeRef::setPopped):
(JSC::Parser::currentScope):
(JSC::Parser::pushScope):
(JSC::Parser::popScopeInternal):
(JSC::Parser::popScope):
(JSC::Parser::declareVariable):
(JSC::Parser::declareWrite):
(JSC::Parser::findCachedFunctionInfo):
(JSC::Parser::isFunctionBodyNode):
(JSC::Parser::next):
(JSC::Parser::nextExpectIdentifier):
(JSC::Parser::nextTokenIsColon):
(JSC::Parser::consume):
(JSC::Parser::getToken):
(JSC::Parser::match):
(JSC::Parser::tokenStart):
(JSC::Parser::tokenLine):
(JSC::Parser::tokenEnd):
(JSC::Parser::getTokenName):
(JSC::Parser::updateErrorMessageSpecialCase):
(JSC::Parser::updateErrorMessage):
(JSC::Parser::updateErrorWithNameAndMessage):
(JSC::Parser::startLoop):
(JSC::Parser::endLoop):
(JSC::Parser::startSwitch):
(JSC::Parser::endSwitch):
(JSC::Parser::setStrictMode):
(JSC::Parser::strictMode):
(JSC::Parser::isValidStrictMode):
(JSC::Parser::declareParameter):
(JSC::Parser::breakIsValid):
(JSC::Parser::continueIsValid):
(JSC::Parser::pushLabel):
(JSC::Parser::popLabel):
(JSC::Parser::getLabel):
(JSC::Parser::autoSemiColon):
(JSC::Parser::canRecurse):
(JSC::Parser::lastTokenEnd):
(JSC::Parser::DepthManager::DepthManager):
(JSC::Parser::DepthManager::~DepthManager):
(JSC::Parser::parse):
(JSC::parse):
* parser/ParserTokens.h: Added.
(JSC::JSTokenInfo::JSTokenInfo):
* parser/SourceCode.h:
(JSC::SourceCode::subExpression):
* parser/SourceProviderCacheItem.h:
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::SyntaxChecker):
(JSC::SyntaxChecker::makeFunctionCallNode):
(JSC::SyntaxChecker::createCommaExpr):
(JSC::SyntaxChecker::makeAssignNode):
(JSC::SyntaxChecker::makePrefixNode):
(JSC::SyntaxChecker::makePostfixNode):
(JSC::SyntaxChecker::makeTypeOfNode):
(JSC::SyntaxChecker::makeDeleteNode):
(JSC::SyntaxChecker::makeNegateNode):
(JSC::SyntaxChecker::makeBitwiseNotNode):
(JSC::SyntaxChecker::createLogicalNot):
(JSC::SyntaxChecker::createUnaryPlus):
(JSC::SyntaxChecker::createVoid):
(JSC::SyntaxChecker::thisExpr):
(JSC::SyntaxChecker::createResolve):
(JSC::SyntaxChecker::createObjectLiteral):
(JSC::SyntaxChecker::createArray):
(JSC::SyntaxChecker::createNumberExpr):
(JSC::SyntaxChecker::createString):
(JSC::SyntaxChecker::createBoolean):
(JSC::SyntaxChecker::createNull):
(JSC::SyntaxChecker::createBracketAccess):
(JSC::SyntaxChecker::createDotAccess):
(JSC::SyntaxChecker::createRegExp):
(JSC::SyntaxChecker::createNewExpr):
(JSC::SyntaxChecker::createConditionalExpr):
(JSC::SyntaxChecker::createAssignResolve):
(JSC::SyntaxChecker::createFunctionExpr):
(JSC::SyntaxChecker::createFunctionBody):
(JSC::SyntaxChecker::createArguments):
(JSC::SyntaxChecker::createArgumentsList):
(JSC::SyntaxChecker::createProperty):
(JSC::SyntaxChecker::createPropertyList):
(JSC::SyntaxChecker::createFuncDeclStatement):
(JSC::SyntaxChecker::createBlockStatement):
(JSC::SyntaxChecker::createExprStatement):
(JSC::SyntaxChecker::createIfStatement):
(JSC::SyntaxChecker::createForLoop):
(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createEmptyStatement):
(JSC::SyntaxChecker::createVarStatement):
(JSC::SyntaxChecker::createReturnStatement):
(JSC::SyntaxChecker::createBreakStatement):
(JSC::SyntaxChecker::createContinueStatement):
(JSC::SyntaxChecker::createTryStatement):
(JSC::SyntaxChecker::createSwitchStatement):
(JSC::SyntaxChecker::createWhileStatement):
(JSC::SyntaxChecker::createWithStatement):
(JSC::SyntaxChecker::createDoWhileStatement):
(JSC::SyntaxChecker::createLabelStatement):
(JSC::SyntaxChecker::createThrowStatement):
(JSC::SyntaxChecker::createDebugger):
(JSC::SyntaxChecker::createConstStatement):
(JSC::SyntaxChecker::appendConstDecl):
(JSC::SyntaxChecker::createGetterOrSetterProperty):
(JSC::SyntaxChecker::combineCommaNodes):
(JSC::SyntaxChecker::operatorStackPop):
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::checkSyntax):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::fromGlobalCode):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::tryJSONPParse):
2011-10-31 Filip Pizlo <fpizlo@apple.com>
REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
https://bugs.webkit.org/show_bug.cgi?id=71227
Reviewed by Oliver Hunt.
No new tests, since while I can see exactly where the DFG went wrong on the
site in question from looking at the generated machine code, and while I can
certainly believe that such a scenario would happen, I cannot visualize how
to make it happen reproducibly. It requires an odd combination of double
values getting spilled and then refilled, but then reboxed at just the right
time so that the spilled value is an unboxed double while the in-register
value is a boxed double.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillGPR):
2011-10-30 Filip Pizlo <fpizlo@apple.com>
JSParser::parsePrimaryExpression should have an overflow check
https://bugs.webkit.org/show_bug.cgi?id=71197
Reviewed by Geoff Garen.
* parser/JSParser.cpp:
(JSC::JSParser::parsePrimaryExpression):
2011-10-30 Filip Pizlo <fpizlo@apple.com>
DFG ValueAdd(string, int) should not fail speculation
https://bugs.webkit.org/show_bug.cgi?id=71195
Reviewed by Geoff Garen.
1% speed-up on V8.
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldNotSpeculateInteger):
(JSC::DFG::Node::shouldSpeculateInteger):
2011-10-30 Filip Pizlo <fpizlo@apple.com>
The DFG inliner should not flush the callee
https://bugs.webkit.org/show_bug.cgi?id=71191
Reviewed by Oliver Hunt.
0.6% speed-up on V8.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeOrigin.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::trueCallerFrameSlow):
2011-10-28 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
https://bugs.webkit.org/show_bug.cgi?id=70968
Reviewed by Geoffrey Garen.
* API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
TypeInfo. Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that
needed it because Windows wouldn't build without it.
(JSC::::createStructure):
* API/JSCallbackObject.h:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure.
(JSC::ErrorInstance::createStructure):
* runtime/ErrorPrototype.h: Ditto
(JSC::ErrorPrototype::createStructure):
* runtime/JSActivation.h: Ditto
(JSC::JSActivation::createStructure):
* runtime/JSGlobalObject.h: Ditto
(JSC::JSGlobalObject::createStructure):
* runtime/JSObject.h: De-virtualized functions. They now check the JSType of the object for the corresponding type.
(JSC::JSObject::isGlobalObject):
(JSC::JSObject::isVariableObject):
(JSC::JSObject::isActivationObject):
(JSC::JSObject::isErrorInstance):
* runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
* runtime/JSVariableObject.cpp: Removed virtual function.
* runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
(JSC::JSVariableObject::createStructure):
2011-10-28 Pavel Feldman <pfeldman@google.com>
Reset line numbers for scripts generated with document.write.
https://bugs.webkit.org/show_bug.cgi?id=71099
Reviewed by Yury Semikhatsky.
* wtf/text/TextPosition.h:
(WTF::OrdinalNumber::OrdinalNumber):
2011-10-27 Daniel Bates <dbates@rim.com>
CMake: Add support to optionally install the built JavaScript shell
https://bugs.webkit.org/show_bug.cgi?id=71062
Reviewed by Antonio Gomes.
Generate an installation rule for installing the JavaScript shell in
/bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
is defined.
* shell/CMakeLists.txt:
2011-10-27 Kentaro Hara <haraken@chromium.org>
Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
https://bugs.webkit.org/show_bug.cgi?id=70215
Reviewed by Adam Barth.
Added a method that judges if a given JSValue is empty.
Tests: transforms/svg-vs-css.xhtml
transforms/cssmatrix-2d-interface.xhtml
transforms/cssmatrix-3d-interface.xhtml
* runtime/JSValue.h:
* runtime/JSValueInlineMethods.h:
(JSC::JSValue::isEmpty):
2011-10-27 Michael Saboff <msaboff@apple.com>
ENH: Add 8 bit string support to JSC JIT
https://bugs.webkit.org/show_bug.cgi?id=71073
Changed the JIT String character access generation to create code
to check the character size and load8() or load16() as approriate.
Reviewed by Gavin Barraclough.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::load8):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movzbl_mr):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* jit/JITInlineMethods.h:
(JSC::JIT::emitLoadCharacterString):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::stringGetByValStubGenerator):
* jit/JSInterfaceJIT.h:
(JSC::ThunkHelpers::stringImplFlagsOffset):
(JSC::ThunkHelpers::stringImpl8BitFlag):
* jit/ThunkGenerators.cpp:
(JSC::stringCharLoad):
2011-10-27 Filip Pizlo <fpizlo@apple.com>
If the bytecode generator emits code after the return in the first basic block,
DFG's inliner crashes
https://bugs.webkit.org/show_bug.cgi?id=71071
Reviewed by Gavin Barraclough.
Removed some cruft dealing with parsing failures due to unsupported functionality
(that's never reached anymore due to it being caught in DFGCapabilities). This
allowed me to repurpose the bool return from parseBlock() to mean: true if we
should continue to parse, or false if we've already parsed all live code.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
2011-10-27 Joseph Pecoraro <pecoraro@apple.com>
Reviewed by David Kilzer.
Make FeatureDefines Identical Across OS X Projects
https://bugs.webkit.org/show_bug.cgi?id=71051
* Configurations/FeatureDefines.xcconfig:
2011-10-27 Filip Pizlo <fpizlo@apple.com>
Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
https://bugs.webkit.org/show_bug.cgi?id=71045
Reviewed by Geoff Garen.
Make sure that if a structure is pinned, it also has a property map.
* runtime/Structure.cpp:
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::getterSetterTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):
(JSC::Structure::pin):
(JSC::Structure::copyPropertyTableForPinning):
* runtime/Structure.h:
(JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2011-10-27 Michael Saboff <msaboff@apple.com>
32bit build failure after r98624
https://bugs.webkit.org/show_bug.cgi?id=71064
Disambiguated operator overload with unsigned index (0u).
Reviewed by Sam Weinig.
* runtime/UString.h:
(JSC::operator==):
2011-10-27 Gustavo Noronha Silva <gns@gnome.org>
Fix building on GNU/kFreeBSD
https://bugs.webkit.org/show_bug.cgi?id=71005
Reviewed by Darin Adler.
* config.h:
* wtf/Platform.h:
2011-10-27 Michael Saboff <msaboff@apple.com>
Investigate storing strings in 8-bit buffers when possible
https://bugs.webkit.org/show_bug.cgi?id=66161
Investigate storing strings in 8-bit buffers when possible
https://bugs.webkit.org/show_bug.cgi?id=66161
Added support for 8 bit string data in StringImpl. Changed
(UChar*) m_data to m_data16. Added char* m_data8 as a union
with m_data16. Added UChar* m_copyData16 to the other union
to store a 16 bit copy of an 8 bit string when needed.
Added characters8() and characters16() accessor methods
that assume the caller has checked the underlying string type
via the new is8Bit() method. The characters() method will
return a UChar* of the string, materializing a 16 bit copy if the
string is an 8 bit string. Added two flags, one for 8 bit buffer
and a second for a 16 bit copy for an 8 bit string.
Fixed method name typo (StringHasher::defaultCoverter()).
Over time the goal is to eliminate calls to characters() and
us the character8() and characters16() accessors.
This patch does not include changes that actually create 8 bit
strings. This is the first of at least 8 patches. Subsequent
patches will be submitted for JIT changes, making the JSC lexer,
parser and literal parser, JavaScript string changes and
then changes in webcore to take advantage of the 8 bit strings.
This change is performance neutral for SunSpider and V8 when
run from the command line with "jsc".
Reviewed by Geoffrey Garen.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
* parser/SourceProvider.h:
(JSC::UStringSourceProvider::data):
(JSC::UStringSourceProvider::UStringSourceProvider):
* runtime/Identifier.cpp:
(JSC::IdentifierCStringTranslator::hash):
(JSC::IdentifierCStringTranslator::equal):
(JSC::IdentifierCStringTranslator::translate):
(JSC::Identifier::add):
(JSC::Identifier::toUInt32):
* runtime/Identifier.h:
(JSC::Identifier::equal):
(JSC::operator==):
(JSC::operator!=):
* runtime/JSString.cpp:
(JSC::JSString::resolveRope):
(JSC::JSString::resolveRopeSlowCase):
* runtime/RegExp.cpp:
(JSC::RegExp::match):
* runtime/StringPrototype.cpp:
(JSC::jsSpliceSubstringsWithSeparators):
* runtime/UString.cpp:
(JSC::UString::UString):
(JSC::equalSlowCase):
(JSC::UString::utf8):
* runtime/UString.h:
(JSC::UString::characters):
(JSC::UString::characters8):
(JSC::UString::characters16):
(JSC::UString::is8Bit):
(JSC::UString::operator[]):
(JSC::UString::find):
(JSC::operator==):
* wtf/StringHasher.h:
(WTF::StringHasher::computeHash):
(WTF::StringHasher::defaultConverter):
* wtf/text/AtomicString.cpp:
(WTF::CStringTranslator::hash):
(WTF::CStringTranslator::equal):
(WTF::CStringTranslator::translate):
(WTF::AtomicString::add):
* wtf/text/AtomicString.h:
(WTF::AtomicString::AtomicString):
(WTF::AtomicString::contains):
(WTF::AtomicString::find):
(WTF::AtomicString::add):
(WTF::operator==):
(WTF::operator!=):
(WTF::equalIgnoringCase):
* wtf/text/StringConcatenate.h:
* wtf/text/StringHash.h:
(WTF::StringHash::equal):
(WTF::CaseFoldingHash::hash):
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::~StringImpl):
(WTF::StringImpl::createUninitialized):
(WTF::StringImpl::create):
(WTF::StringImpl::getData16SlowCase):
(WTF::StringImpl::containsOnlyWhitespace):
(WTF::StringImpl::substring):
(WTF::StringImpl::characterStartingAt):
(WTF::StringImpl::lower):
(WTF::StringImpl::upper):
(WTF::StringImpl::fill):
(WTF::StringImpl::foldCase):
(WTF::StringImpl::stripMatchedCharacters):
(WTF::StringImpl::removeCharacters):
(WTF::StringImpl::simplifyMatchedCharactersToSpace):
(WTF::StringImpl::toIntStrict):
(WTF::StringImpl::toUIntStrict):
(WTF::StringImpl::toInt64Strict):
(WTF::StringImpl::toUInt64Strict):
(WTF::StringImpl::toIntPtrStrict):
(WTF::StringImpl::toInt):
(WTF::StringImpl::toUInt):
(WTF::StringImpl::toInt64):
(WTF::StringImpl::toUInt64):
(WTF::StringImpl::toIntPtr):
(WTF::StringImpl::toDouble):
(WTF::StringImpl::toFloat):
(WTF::equal):
(WTF::equalIgnoringCase):
(WTF::StringImpl::find):
(WTF::StringImpl::findIgnoringCase):
(WTF::StringImpl::reverseFind):
(WTF::StringImpl::replace):
(WTF::StringImpl::defaultWritingDirection):
(WTF::StringImpl::adopt):
(WTF::StringImpl::createWithTerminatingNullCharacter):
* wtf/text/StringImpl.h:
(WTF::StringImpl::StringImpl):
(WTF::StringImpl::create):
(WTF::StringImpl::create8):
(WTF::StringImpl::tryCreateUninitialized):
(WTF::StringImpl::flagsOffset):
(WTF::StringImpl::flagIs8Bit):
(WTF::StringImpl::dataOffset):
(WTF::StringImpl::is8Bit):
(WTF::StringImpl::characters8):
(WTF::StringImpl::characters16):
(WTF::StringImpl::characters):
(WTF::StringImpl::has16BitShadow):
(WTF::StringImpl::setHash):
(WTF::StringImpl::hash):
(WTF::StringImpl::copyChars):
(WTF::StringImpl::operator[]):
(WTF::StringImpl::find):
(WTF::StringImpl::findIgnoringCase):
(WTF::equal):
(WTF::equalIgnoringCase):
(WTF::StringImpl::isolatedCopy):
* wtf/text/WTFString.cpp:
(WTF::String::String):
(WTF::String::append):
(WTF::String::format):
(WTF::String::fromUTF8):
(WTF::String::fromUTF8WithLatin1Fallback):
* wtf/text/WTFString.h:
(WTF::String::find):
(WTF::String::findIgnoringCase):
(WTF::String::contains):
(WTF::String::append):
(WTF::String::fromUTF8):
(WTF::String::fromUTF8WithLatin1Fallback):
(WTF::operator==):
(WTF::operator!=):
(WTF::equalIgnoringCase):
* wtf/unicode/Unicode.h:
* yarr/YarrJIT.cpp:
(JSC::Yarr::execute):
* yarr/YarrJIT.h:
(JSC::Yarr::YarrCodeBlock::execute):
* yarr/YarrParser.h:
(JSC::Yarr::Parser::Parser):
2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
Fixing windows build
Unreviewed build fix
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
Add ability to check for presence of static members at compile time
https://bugs.webkit.org/show_bug.cgi?id=70986
Reviewed by Geoffrey Garen.
Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the
HAS_MEMBER_NAMED macro to use that template to check if the specified class
does indeed have a method with that name. This mechanism is not currently
used anywhere, but will be in the future when adding virtual methods from
JSObject to the MethodTable.
* runtime/ClassInfo.h:
2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSCell::toThisObject
https://bugs.webkit.org/show_bug.cgi?id=70958
Reviewed by Geoffrey Garen.
Converted all instances of toThisObject to static functions,
added toThisObject to the MethodTable, and replaced all call sites
with a corresponding lookup in the MethodTable.
* API/JSContextRef.cpp:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/ClassInfo.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::toThisObject):
* runtime/JSActivation.h:
* runtime/JSCell.cpp:
(JSC::JSCell::toThisObject):
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::toThisObject):
* runtime/JSObject.h:
(JSC::JSValue::toThisObject):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::toThisObject):
* runtime/JSStaticScopeObject.h:
* runtime/JSString.cpp:
(JSC::JSString::toThisObject):
* runtime/JSString.h:
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::toThisObject):
* runtime/StrictEvalActivation.h:
2011-10-27 Yuqiang Xian <yuqiang.xian@intel.com>
Fix a small bug in callOperation after r98431
https://bugs.webkit.org/show_bug.cgi?id=70984
Reviewed by Geoffrey Garen.
TrustedImmPtr is not expecting "int" type parameters.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
2011-10-26 Oliver Hunt <oliver@apple.com>
Restore structure-clearing behaviour of allocateCell<>
https://bugs.webkit.org/show_bug.cgi?id=70976
Reviewed by Geoffrey Garen.
This restores the logic that allows the markstack to filter
live objects that have not yet been initialised.
* runtime/JSCell.h:
(JSC::JSCell::clearStructure):
Validation-safe method to clear a cell's structure.
(JSC::allocateCell):
Call the above method.
* runtime/Structure.h:
(JSC::MarkStack::internalAppend):
Don't visit cells that haven't been initialised.
2011-10-26 Filip Pizlo <fpizlo@apple.com>
REGRESSION (r97030): Cannot log in to progressive.com
https://bugs.webkit.org/show_bug.cgi?id=70094
Reviewed by Oliver Hunt.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
2011-10-26 Mark Hahnenberg <mhahnenberg@apple.com>
Remove getOwnPropertySlotVirtual
https://bugs.webkit.org/show_bug.cgi?id=70741
Reviewed by Geoffrey Garen.
Removed all declarations and definitions of getOwnPropertySlotVirtual.
Also replaced all call sites to getOwnPropertyVirtualVirtual with a
corresponding lookup in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getOwnPropertyDescriptor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::getOwnPropertySlot):
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
* runtime/Arguments.h:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
* runtime/ArrayPrototype.h:
* runtime/BooleanPrototype.cpp:
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
* runtime/DateConstructor.h:
* runtime/DatePrototype.cpp:
* runtime/DatePrototype.h:
(JSC::DatePrototype::create):
* runtime/ErrorPrototype.cpp:
* runtime/ErrorPrototype.h:
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::getOwnPropertySlotByIndex):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::getOwnPropertyNames):
(JSC::JSFunction::put):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertySlotByIndex):
(JSC::JSObject::hasOwnProperty):
* runtime/JSObject.h:
(JSC::JSCell::fastGetOwnPropertySlot):
(JSC::JSObject::getPropertySlot):
(JSC::JSValue::get):
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/JSString.cpp:
(JSC::JSString::getOwnPropertySlot):
* runtime/JSString.h:
* runtime/MathObject.cpp:
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NumberConstructor.cpp:
* runtime/NumberConstructor.h:
* runtime/NumberPrototype.cpp:
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectConstructor.h:
* runtime/ObjectPrototype.cpp:
* runtime/ObjectPrototype.h:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::createStructure):
* runtime/RegExpObject.cpp:
* runtime/RegExpObject.h:
* runtime/RegExpPrototype.cpp:
* runtime/RegExpPrototype.h:
* runtime/StringConstructor.cpp:
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
* runtime/StringObject.h:
* runtime/StringPrototype.cpp:
* runtime/StringPrototype.h:
2011-10-26 Alejandro G. Castro <alex@igalia.com>
[GTK] [WK2] Add WebKit2 distcheck support
https://bugs.webkit.org/show_bug.cgi?id=70933
Reviewed by Martin Robinson.
* GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
2011-10-26 Michael Saboff <msaboff@apple.com>
Increase StringImpl Flag Bits for 8 bit Strings
https://bugs.webkit.org/show_bug.cgi?id=70937
Increased the number of bits used for flags in StringImpl
from 6 to 8 bits. This frees up 2 flag bits that will be
used for 8-bit string support. Updated hash methods accordingly.
Changed hash value masking from the low bits to the high
bits.
Reviewed by Darin Adler.
* create_hash_table:
* wtf/StringHasher.h:
(WTF::StringHasher::hash):
* wtf/text/StringImpl.h:
2011-10-26 Dan Bernstein <mitz@apple.com>
Build fix.
Reverted r98488, which caused the scripts’ status messages to be included in the generated
files.
* create_hash_table:
* create_jit_stubs:
2011-10-26 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
Don't print regular output to STDERR when generating hashtables and JIT stubs
Reviewed by Simon Hausmann.
* create_hash_table:
* create_jit_stubs:
2011-10-25 Gavin Barraclough <barraclough@apple.com>
Split DFGJITCodeGenerator::callOperation methods
https://bugs.webkit.org/show_bug.cgi?id=70870
Reviewed by Filip Pizlo.
The DFGJITCodeGenerator currently contains two sets of callOperation methods.
One set works with the JSVALUE64 value representation and passes arguments in
registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
value representation and passes arguments in memory (suitable for use on x86).
By refactoring out the representation and calling convention specific aspects
of the code we can also configure the DFG JIT to operator on platforms that use
the JSVALUE32_64 value representation but pass arguments in registers.
On platforms supported by the JIT, the payload precedes the tag of a value in
argument/result ordering, as such, in order to make the setupResults method
generally applicable to return the results of a function that are returned in
two registers, the ordering of arguments to this function has been reversed -
as is the ordering of augments passed to setupArguments methods, with respect
to the ordering with which they are passed in to callOperation.
This inconsistency will be resolved in a later change when we combine the pairs
of arguments passed into callOperation, such that the function signatures can
be made consistent across the two value representations (the callOperation
methods will be passed a reference to a struct representing the JSValue
temporary, this will consist of two gprs on 32_64 and one on 64).
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::resetCallArguments):
(JSC::DFG::addCallArgument):
- moved, removed tag,payload version of this method.
(JSC::DFG::setupArguments):
(JSC::DFG::setupArgumentsExecState):
(JSC::DFG::setupArgumentsWithExecState):
- Calling convention specific portion of callOperation refactored out into these methods.
(JSC::DFG::callOperation):
- updated these methods to use setupArguments* methods.
(JSC::DFG::setupResults):
- setupResults is now passed payload,tag.
(JSC::DFG::appendCallWithExceptionCheckSetResult):
- Added fpr versions of this function.
(JSC::DFG::appendCallSetResult):
- Added versions of this function without exception check.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
- setupResults is now passed payload,tag.
2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
Remove deletePropertyVirtual
https://bugs.webkit.org/show_bug.cgi?id=70738
Reviewed by Geoffrey Garen.
Removed all declarations and definitions of deletePropertyVirtual.
Also replaced all call sites to deletePropertyVirtual with a
corresponding lookup in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::deletePropertyByIndex):
* API/JSObjectRef.cpp:
(JSObjectDeleteProperty):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::deleteProperty):
* debugger/DebuggerActivation.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Arguments.cpp:
* runtime/Arguments.h:
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::deleteProperty):
(JSC::JSArray::deletePropertyByIndex):
* runtime/JSArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::deleteProperty):
(JSC::JSCell::deletePropertyByIndex):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::deletePropertyByIndex):
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
* runtime/JSVariableObject.cpp:
* runtime/JSVariableObject.h:
* runtime/RegExpMatchesArray.h:
* runtime/StrictEvalActivation.cpp:
* runtime/StrictEvalActivation.h:
* runtime/StringObject.cpp:
* runtime/StringObject.h:
2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
Remove putVirtual
https://bugs.webkit.org/show_bug.cgi?id=70740
Reviewed by Geoffrey Garen.
Removed all declarations and definitions of putVirtual.
Also replaced all call sites to putVirtual with a
corresponding lookup in the MethodTable.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
* API/JSObjectRef.cpp:
(JSObjectSetProperty):
(JSObjectSetPropertyAtIndex):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::put):
* debugger/DebuggerActivation.h:
* dfg/DFGOperations.cpp:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::privateExecute):
* jsc.cpp:
(GlobalObject::finishCreation):
* runtime/Arguments.cpp:
* runtime/Arguments.h:
* runtime/ArrayPrototype.cpp:
(JSC::putProperty):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::putSlowCase):
(JSC::JSArray::push):
(JSC::JSArray::shiftCount):
(JSC::JSArray::unshiftCount):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::put):
(JSC::JSCell::putByIndex):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::putByIndex):
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
(JSC::JSValue::put):
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/ObjectPrototype.cpp:
* runtime/ObjectPrototype.h:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
* runtime/RegExpObject.cpp:
* runtime/RegExpObject.h:
* runtime/StringObject.cpp:
* runtime/StringObject.h:
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncSplit):
2011-10-25 Gavin Barraclough <barraclough@apple.com>
Separate out function linking & exception check data structures.
https://bugs.webkit.org/show_bug.cgi?id=70858
Reviewed by Oliver Hunt.
This will make it easier to refactor the callOperation methods to spilt the value
representation specific handling from the cpu/calling-convention implementation.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::appendCallWithExceptionCheck):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::CallLinkRecord::CallLinkRecord):
(JSC::DFG::CallExceptionRecord::CallExceptionRecord):
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::notifyCall):
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::addExceptionCheck):
(JSC::DFG::JITCompiler::addFastExceptionCheck):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
2011-10-25 Filip Pizlo <fpizlo@apple.com>
Tiered compilation may introduce dangling pointers in constant buffers
https://bugs.webkit.org/show_bug.cgi?id=70854
Reviewed by Oliver Hunt.
Tiered compilation now copies constant buffers, which fixes the regression in
https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
regression relies on a subtle interleaving of optimized compilation and garbage
collection, and cannot be reproduced in a simple test.
This also adds some new debug support, which was used to fix this bug and is
likely to be useful in the future.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::copyDataFrom):
(JSC::CodeBlock::usesOpcode):
* bytecode/CodeBlock.h:
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
Fixing Windows build after r98367
Unreviewed build fix
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-10-25 Yuqiang Xian <yuqiang.xian@intel.com>
Add missing DFG file entries to the make lists for GTK and Qt ports
https://bugs.webkit.org/show_bug.cgi?id=70806
Reviewed by Darin Adler.
* GNUmakefile.list.am:
* JavaScriptCore.pro:
2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
Add getOwnPropertySlot to MethodTable
https://bugs.webkit.org/show_bug.cgi?id=69807
Reviewed by Oliver Hunt.
* JavaScriptCore.exp:
* runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
* runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can
reference it in their MethodTables.
2011-10-25 Oliver Hunt <oliver@apple.com>
Need to support marking of multiple nested codeblocks when compiling
https://bugs.webkit.org/show_bug.cgi?id=70832
Reviewed by Gavin Barraclough.
When inlining a function we end up with multiple codeblocks being
compiled at the same time, so we need to support a list of live
codeblocks.
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::startedCompiling):
(JSC::JSGlobalData::finishedCompiling):
2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
https://bugs.webkit.org/show_bug.cgi?id=70798
Reviewed by Filip Pizlo.
When filling an integer for a known integer node (not speculated), it
should accept DataFormatJSInteger as well.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
2011-10-24 Geoffrey Garen <ggaren@apple.com>
Build fix: removed some cases of threadsafeCopy() that I missed in
my previous patch.
* JavaScriptCore.order:
2011-10-24 Geoffrey Garen <ggaren@apple.com>
Removed SharedUChar and tightened language around its previous uses
https://bugs.webkit.org/show_bug.cgi?id=70698
Reviewed by David Levin.
- Removed SharedUChar because most of its functionality has moved into
other abstraction layers, and we want remaining clients to choose their
abstractions explicitly instead of relying on StringImpl to provide this
behavior implicitly, since we think they can sometimes make more efficient
choices.
- Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
the former names could give the impression that the resulting object was
thread-safe, but actually it's just an isolated copy, which is not
thread-safe by itself, but can be used to implement a thread-safe
algorithm through isolation.
* wtf/CrossThreadRefCounted.h: Removed.
* JavaScriptCore.exp: Export!
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
* wtf/text/StringImpl.h:
(WTF::StringImpl::length): Ditto.
(WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
* wtf/text/WTFString.cpp:
(WTF::String::isolatedCopy):
* wtf/text/WTFString.h: Updated for StringImpl changes.
* API/OpaqueJSString.h:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.order:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/OwnFastMallocPtr.h:
* wtf/RefCounted.h:
* wtf/SizeLimits.cpp:
* wtf/ThreadSafeRefCounted.h:
* wtf/wtf.pri:
* yarr/YarrPattern.h: Updated these files to accomodate removal of
CrossThreadRefCounted.h.
2011-10-24 Oliver Hunt <oliver@apple.com>
Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
https://bugs.webkit.org/show_bug.cgi?id=70689
Reviewed by Filip Pizlo.
While performing codegen we need to make the GlobalData explicitly
aware of the codeblock being compiled, as compilation may trigger GC
and CodeBlock holds GC values, but has not yet been assigned to its
owner executable.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::~BytecodeGenerator):
* bytecompiler/BytecodeGenerator.h:
* heap/AllocationSpace.cpp:
(JSC::AllocationSpace::allocateSlowCase):
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::startedCompiling):
(JSC::JSGlobalData::finishedCompiling):
2011-10-24 Filip Pizlo <fpizlo@apple.com>
Object-or-other branch speculation may corrupt the state for OSR if the child of the
branch is an integer
https://bugs.webkit.org/show_bug.cgi?id=70777
Reviewed by Oliver Hunt.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2011-10-24 Filip Pizlo <fpizlo@apple.com>
op_new_array_buffer is not inlined correctly
https://bugs.webkit.org/show_bug.cgi?id=70770
Reviewed by Oliver Hunt.
Disabled inlining of op_new_array_buffer, for now.
* dfg/DFGCapabilities.h:
(JSC::DFG::canInlineOpcode):
2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
Add boolean speculations to DFG JIT 32_64
https://bugs.webkit.org/show_bug.cgi?id=70706
Reviewed by Filip Pizlo.
Different from the boolean speculations in DFG 64, the boolean
speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
boolean instead of a JSBoolean. This choice is not only for
performance, but also to save a register as we're short of registers on
X86.
To accomplish this we make use of DataFormatBoolean, allow a value to
be represented as a primitive boolean and converted from/to a
JSBoolean.
This patch also fixes SpillOrder in 32_64, which should be different
from 64, and fixes needDataFormatConversion logic in 32_64.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branchTest32):
We don't expect byte test actually as it doesn't work for registers
esp..edi on X86.
* dfg/DFGGenerationInfo.h:
(JSC::DFG::needDataFormatConversion):
(JSC::DFG::GenerationInfo::initBoolean):
(JSC::DFG::GenerationInfo::gpr):
(JSC::DFG::GenerationInfo::fillInteger):
(JSC::DFG::GenerationInfo::fillBoolean):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::checkConsistency):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::use):
(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::spill):
(JSC::DFG::cellResult):
(JSC::DFG::booleanResult):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueSource::dump):
(JSC::DFG::ValueRecovery::dump):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueSource::forPrediction):
(JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
(JSC::DFG::ValueRecovery::inGPR):
(JSC::DFG::ValueRecovery::gpr):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
Fixing Windows build
Unreviewed build fix
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
BitVector isInline check could fail
https://bugs.webkit.org/show_bug.cgi?id=70691
Reviewed by Geoffrey Garen.
Current BitVector uses the highest bit of m_bitsOrPointer to indicate
whether it's an inlined bit set or a pointer to an outOfLine bit set.
This check may fail in case the pointer also has the highest bit set,
which is surely possible on IA32 (Linux).
In this case the check failure can result in unexpected behaviors,
for example if the BitVector is incorrectly determined as having an
inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
modify the memory adjacent to the BitVector object.
This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
or outofline, based on the assumption that the pointer to OutOfLineBits
should be 4 or 8 byte aligned.
We could mark the lowest bit (bit 0) with 1 for inlined bit set,
and bits 1~bitsInPointer are used for bit set/test.
In this case we need do one bit more shift for bit set/test.
* wtf/BitVector.cpp:
(WTF::BitVector::resizeOutOfLine):
* wtf/BitVector.h:
(WTF::BitVector::quickGet):
(WTF::BitVector::quickSet):
(WTF::BitVector::quickClear):
(WTF::BitVector::makeInlineBits):
(WTF::BitVector::isInline):
2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
https://bugs.webkit.org/show_bug.cgi?id=70271
Reviewed by Darin Adler.
Renaming versions of getOwnPropertySlot that use an unsigned as the property
name to "getOwnPropertySlotByIndex" in preparation for adding them to the
MethodTable, which requires unique names for each method.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertySlotVirtual):
(JSC::Arguments::getOwnPropertySlotByIndex):
* runtime/Arguments.h:
* runtime/JSArray.cpp:
(JSC::JSArray::getOwnPropertySlotVirtual):
(JSC::JSArray::getOwnPropertySlotByIndex):
(JSC::JSArray::getOwnPropertySlot):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::getOwnPropertySlotVirtual):
(JSC::JSByteArray::getOwnPropertySlotByIndex):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getOwnPropertySlotVirtual):
(JSC::JSCell::getOwnPropertySlotByIndex):
* runtime/JSCell.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::getOwnPropertySlotVirtual):
(JSC::JSNotAnObject::getOwnPropertySlotByIndex):
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertySlotVirtual):
(JSC::JSObject::getOwnPropertySlotByIndex):
* runtime/JSObject.h:
* runtime/JSString.cpp:
(JSC::JSString::getOwnPropertySlotVirtual):
(JSC::JSString::getOwnPropertySlotByIndex):
* runtime/JSString.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::getOwnPropertySlotVirtual):
(JSC::ObjectPrototype::getOwnPropertySlotByIndex):
* runtime/ObjectPrototype.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
(JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
* runtime/StringObject.cpp:
(JSC::StringObject::getOwnPropertySlotVirtual):
(JSC::StringObject::getOwnPropertySlotByIndex):
* runtime/StringObject.h:
2011-10-24 Patrick Gansterer <paroga@webkit.org>
Interpreter build fix after r98179.
* bytecode/CodeBlock.h:
Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
since it is only used there.
2011-10-23 Geoffrey Garen <ggaren@apple.com>
Fixed a typo Darin spotted.
* wtf/StringHasher.h:
(WTF::StringHasher::hash): Expelliarmus!
2011-10-23 Geoffrey Garen <ggaren@apple.com>
Removed StringImpl::createStrippingNullCharacters
https://bugs.webkit.org/show_bug.cgi?id=70700
Reviewed by David Levin.
It was unused.
* JavaScriptCore.exp:
* wtf/text/StringImpl.cpp:
* wtf/text/StringImpl.h:
2011-10-22 Filip Pizlo <fpizlo@apple.com>
DFG should inline constructors
https://bugs.webkit.org/show_bug.cgi?id=70675
Reviewed by Oliver Hunt.
Adds support for inlining constructors. Also fixes two pathologies
uncovered along the way: CheckMethod claimed that it never returned a
result (causing CheckMethod -> SetLocal -> GetLocal sequences to
result in the GetLocal doing OSR exit), and get_by_id parsing never
checked if it was hot in slow path. Also fiddled with inlining
heuristics; it appears that for now, the more inlining, the happier
V8 is. Finally, a bug was uncovered where a silent spill of a boxed
integer that had previously been spilled unboxed causes the silent
fill to forget to unbox.
This appears to be a 4% speed-up on V8 in their harness, or a 1%
speed-up in my harness. The difference is due to warm-up: in my
harness we see significant amounts of time spent in compilation, but
in V8's harness compilation gets amortizes. Profiling indicates that
we have the potential for a 5% win from basic optimizations like
generating OSR exits lazily and holding onto bytecode longer.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::handleMinMax):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGCapabilities.h:
(JSC::DFG::mightInlineFunctionForConstruct):
(JSC::DFG::canInlineOpcode):
(JSC::DFG::mightInlineFunctionFor):
(JSC::DFG::canInlineFunctionFor):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillGPR):
* runtime/Executable.h:
(JSC::isCall):
(JSC::ExecutableBase::intrinsicFor):
* runtime/Heuristics.cpp:
(JSC::Heuristics::initializeHeuristics):
* runtime/Heuristics.h:
2011-10-23 Noel Gordon <noel.gordon@gmail.com>
[chromium] Remove RopeImpl.{h,cpp} from the gyp projects
https://bugs.webkit.org/show_bug.cgi?id=70703
Reviewed by Kent Tamura.
runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
to these files from the gyp project files.
* JavaScriptCore.gypi:
2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
Add deleteProperty to the MethodTable
https://bugs.webkit.org/show_bug.cgi?id=70162
Reviewed by Sam Weinig.
* JavaScriptCore.exp:
* runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
* runtime/JSFunction.h: Changed JSFunction::deleteProperty to
be protected rather than private for subclasses who don't provide their own
implementation.
2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
Remove getConstructDataVirtual
https://bugs.webkit.org/show_bug.cgi?id=70638
Reviewed by Darin Adler.
Removed all declarations and definitions of getConstructDataVirtual.
Also replaced all call sites to getConstructDataVirtual with a
corresponding lookup in the MethodTable.
* API/JSCallbackConstructor.cpp:
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
* API/JSObjectRef.cpp:
(JSObjectIsConstructor):
(JSObjectCallAsConstructor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* dfg/DFGOperations.cpp:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArrayConstructor.cpp:
* runtime/ArrayConstructor.h:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
* runtime/DateConstructor.h:
* runtime/Error.h:
(JSC::StrictModeTypeErrorFunction::getConstructData):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
* runtime/JSObject.h:
(JSC::getConstructData):
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
* runtime/NumberConstructor.h:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
* runtime/StringConstructor.h:
2011-10-23 Geoffrey Garen <ggaren@apple.com>
Try to fix the SL build.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
away int vs unisgned warning.
2011-10-21 Geoffrey Garen <ggaren@apple.com>
Separated string lifetime bits from character buffer state bits
https://bugs.webkit.org/show_bug.cgi?id=70673
Reviewed by Anders Carlsson.
Moved the static/immortal bit into the bottom bit of the refcount, and
moved all other bits into the high bits of the hash code.
This is the first step toward a new Characters/PassString class, and it
makes ref/deref slightly more efficient.
* create_hash_table:
* wtf/StringHasher.h:
(WTF::StringHasher::hash): Tweaked the string hashing function to leave
the top bits clear, so they can be used as flags.
Fixed some small differences between the PERL copy of this function and
the C++ copy of this function, which could have in theory caused subtle
crashes.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::sharedBuffer):
(WTF::StringImpl::createWithTerminatingNullCharacter):
* wtf/text/StringImpl.h:
(WTF::StringImpl::StringImpl):
(WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
s_didReportExtraCost, since the original name was both self-contradictory
and used as a double-negative.
(WTF::StringImpl::isIdentifier):
(WTF::StringImpl::setIsIdentifier):
(WTF::StringImpl::hasTerminatingNullCharacter):
(WTF::StringImpl::isAtomic):
(WTF::StringImpl::setIsAtomic):
(WTF::StringImpl::setHash):
(WTF::StringImpl::rawHash):
(WTF::StringImpl::hasHash):
(WTF::StringImpl::existingHash):
(WTF::StringImpl::hash):
(WTF::StringImpl::hasOneRef):
(WTF::StringImpl::ref):
(WTF::StringImpl::deref):
(WTF::StringImpl::bufferOwnership):
(WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
bit of the refcount. Now, all lifetime information lives in the refcount
field. Moved the other bits into the hash code field.
2011-10-21 Filip Pizlo <fpizlo@apple.com>
DFG inlining sometimes fails to reset constant references
https://bugs.webkit.org/show_bug.cgi?id=70668
Reviewed by Anders Carlsson.
Reset constant references when we need to (new block created) and not
when we don't (change of inlining depth).
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::prepareToParseBlock):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
2011-10-21 Filip Pizlo <fpizlo@apple.com>
DFG should have inlining
https://bugs.webkit.org/show_bug.cgi?id=69996
Reviewed by Oliver Hunt.
Implements inlining that's hooked into the bytecode parser. Only
works for calls, for now, though nothing fundamentally prevents us
from inlining constructor calls. 2% overall speed-up on all
benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
richards respectively), neutral on Kraken and SunSpider.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::baselineVersion):
(JSC::CodeBlock::setInstructionCount):
(JSC::CodeBlock::likelyToTakeSlowCase):
(JSC::CodeBlock::couldTakeSlowCase):
(JSC::CodeBlock::likelyToTakeSpecialFastCase):
(JSC::CodeBlock::likelyToTakeDeepestSlowCase):
(JSC::CodeBlock::likelyToTakeAnySlowCase):
* bytecode/CodeOrigin.h:
(JSC::CodeOrigin::inlineDepthForCallFrame):
(JSC::CodeOrigin::inlineDepth):
(JSC::CodeOrigin::operator==):
(JSC::CodeOrigin::inlineStack):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::generate):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::beginBasicBlock):
(JSC::DFG::AbstractState::execute):
(JSC::DFG::AbstractState::mergeStateAtTail):
* dfg/DFGBasicBlock.h:
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::BasicBlock::ensureLocals):
(JSC::DFG::UnlinkedBlock::UnlinkedBlock):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::getDirect):
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::setDirect):
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
(JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::linkBlock):
(JSC::DFG::ByteCodeParser::linkBlocks):
(JSC::DFG::ByteCodeParser::handleSuccessor):
(JSC::DFG::ByteCodeParser::determineReachability):
(JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::canHandleOpcodes):
(JSC::DFG::canCompileOpcodes):
(JSC::DFG::canInlineOpcodes):
* dfg/DFGCapabilities.h:
(JSC::DFG::mightCompileEval):
(JSC::DFG::mightCompileProgram):
(JSC::DFG::mightCompileFunctionForCall):
(JSC::DFG::mightCompileFunctionForConstruct):
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForConstruct):
(JSC::DFG::canInlineOpcode):
(JSC::DFG::canInlineOpcodes):
(JSC::DFG::canInlineFunctionForCall):
(JSC::DFG::canInlineFunctionForConstruct):
* dfg/DFGGraph.cpp:
(JSC::DFG::printWhiteSpace):
(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::GetBytecodeBeginForBlock::operator()):
(JSC::DFG::Graph::blockIndexForBytecodeOffset):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::decodedCodeMapFor):
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::debugCall):
(JSC::DFG::JITCompiler::baselineCodeBlockFor):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasVariableAccessData):
(JSC::DFG::Node::shouldGenerate):
* dfg/DFGOperands.h:
(JSC::DFG::Operands::ensureLocals):
(JSC::DFG::Operands::setLocal):
(JSC::DFG::Operands::getLocal):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::trueCallerFrameSlow):
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallSlowCase):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Executable.cpp:
(JSC::FunctionExecutable::baselineCodeBlockFor):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::FunctionExecutable::profiledCodeBlockFor):
(JSC::FunctionExecutable::parameterCount):
* runtime/Heuristics.cpp:
(JSC::Heuristics::initializeHeuristics):
* runtime/Heuristics.h:
* runtime/JSFunction.h:
2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
Add put to the MethodTable
https://bugs.webkit.org/show_bug.cgi?id=70439
Reviewed by Oliver Hunt.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
* runtime/JSFunction.h: Changed access modifier for put to protected since some
subclasses of JSFunction need to reference it in their MethodTables.
2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
Add finalizer to JSObject
https://bugs.webkit.org/show_bug.cgi?id=70336
Reviewed by Darin Adler.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::callDestructor): Skip the call to the destructor
if we're a JSFinalObject, since the finalizer takes care of things.
* runtime/JSCell.h:
(JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with
future changes and the fact that we no longer always call the destructor, making
the information provided less useful.
* runtime/JSObject.cpp:
(JSC::JSObject::finalize): Add finalizer for JSObject.
(JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
property storage, we add a finalizer to ourself.
* runtime/JSObject.h:
2011-10-21 Simon Hausmann <simon.hausmann@nokia.com>
Remove QtScript source code from WebKit.
https://bugs.webkit.org/show_bug.cgi?id=64088
Reviewed by Tor Arne Vestbø.
Removed dead code that isn't developed anymore.
* JavaScriptCore.gypi:
* JavaScriptCore.pri:
* qt/api/QtScript.pro: Removed.
* qt/api/qscriptconverter_p.h: Removed.
* qt/api/qscriptengine.cpp: Removed.
* qt/api/qscriptengine.h: Removed.
* qt/api/qscriptengine_p.cpp: Removed.
* qt/api/qscriptengine_p.h: Removed.
* qt/api/qscriptfunction.cpp: Removed.
* qt/api/qscriptfunction_p.h: Removed.
* qt/api/qscriptoriginalglobalobject_p.h: Removed.
* qt/api/qscriptprogram.cpp: Removed.
* qt/api/qscriptprogram.h: Removed.
* qt/api/qscriptprogram_p.h: Removed.
* qt/api/qscriptstring.cpp: Removed.
* qt/api/qscriptstring.h: Removed.
* qt/api/qscriptstring_p.h: Removed.
* qt/api/qscriptsyntaxcheckresult.cpp: Removed.
* qt/api/qscriptsyntaxcheckresult.h: Removed.
* qt/api/qscriptsyntaxcheckresult_p.h: Removed.
* qt/api/qscriptvalue.cpp: Removed.
* qt/api/qscriptvalue.h: Removed.
* qt/api/qscriptvalue_p.h: Removed.
* qt/api/qscriptvalueiterator.cpp: Removed.
* qt/api/qscriptvalueiterator.h: Removed.
* qt/api/qscriptvalueiterator_p.h: Removed.
* qt/api/qtscriptglobal.h: Removed.
* qt/benchmarks/benchmarks.pri: Removed.
* qt/benchmarks/benchmarks.pro: Removed.
* qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
* qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
* qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
* qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
* qt/tests/qscriptengine/qscriptengine.pro: Removed.
* qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
* qt/tests/qscriptstring/qscriptstring.pro: Removed.
* qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
* qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
* qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
* qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
* qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
* qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
* qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
* qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
* qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
* qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
* qt/tests/tests.pri: Removed.
* qt/tests/tests.pro: Removed.
2011-10-21 Zheng Liu <zheng.z.liu@intel.com>
bytecompiler sometimes generates incorrect bytecode for put_by_id
https://bugs.webkit.org/show_bug.cgi?id=70403
Reviewed by Filip Pizlo.
* bytecompiler/NodesCodegen.cpp:
(JSC::AssignDotNode::emitBytecode):
(JSC::AssignBracketNode::emitBytecode):
2011-10-20 Filip Pizlo <fpizlo@apple.com>
DFG should not try to predict argument types by looking at the values of
argument registers at the time of compilation
https://bugs.webkit.org/show_bug.cgi?id=70578
Reviewed by Oliver Hunt.
* bytecode/CodeBlock.cpp:
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompileFunction):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
* runtime/Executable.cpp:
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::FunctionExecutable::compileForCall):
(JSC::FunctionExecutable::compileForConstruct):
(JSC::FunctionExecutable::compileFor):
(JSC::FunctionExecutable::compileOptimizedFor):
2011-10-20 Filip Pizlo <fpizlo@apple.com>
DFG call optimization handling will fail if the call had been unlinked due
to the callee being optimized
https://bugs.webkit.org/show_bug.cgi?id=70468
Reviewed by Geoff Garen.
If a call had ever been linked, we remember this fact as well as the function
to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
called.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor):
* jit/JIT.cpp:
(JSC::JIT::linkFor):
2011-10-20 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT 32_64 - Fix ByteArray speculation
https://bugs.webkit.org/show_bug.cgi?id=70571
Reviewed by Filip Pizlo.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueSource::forPrediction):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-20 Vincent Scheib <scheib@chromium.org>
MouseLock compile and run time flags.
https://bugs.webkit.org/show_bug.cgi?id=70530
Reviewed by Darin Fisher.
* wtf/Platform.h:
2011-10-20 Mark Hahnenberg <mhahnenberg@apple.com>
Rename static deleteProperty to deletePropertyByIndex
https://bugs.webkit.org/show_bug.cgi?id=70257
Reviewed by Geoffrey Garen.
Renaming versions of deleteProperty that use an unsigned as the property
name to "deletePropertyByIndex" in preparation for adding them to the
MethodTable, which requires unique names for each method.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::deletePropertyVirtual):
(JSC::::deletePropertyByIndex):
* runtime/Arguments.cpp:
(JSC::Arguments::deletePropertyVirtual):
(JSC::Arguments::deletePropertyByIndex):
* runtime/Arguments.h:
* runtime/JSArray.cpp:
(JSC::JSArray::deletePropertyVirtual):
(JSC::JSArray::deletePropertyByIndex):
* runtime/JSArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::deletePropertyVirtual):
(JSC::JSCell::deletePropertyByIndex):
* runtime/JSCell.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::deletePropertyVirtual):
(JSC::JSNotAnObject::deletePropertyByIndex):
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::deletePropertyVirtual):
(JSC::JSObject::deletePropertyByIndex):
* runtime/JSObject.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::deletePropertyVirtual):
(JSC::RegExpMatchesArray::deletePropertyByIndex):
2011-10-20 Filip Pizlo <fpizlo@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=70482
DFG-related stubs in the old JIT should not be built if the DFG is disabled
Reviewed by Zoltan Herczeg.
Aiming for a slight code size/build time reduction if the DFG is not in
play. This should also make further DFG development slightly easier since
the bodies of these JIT stubs can now safely refer to things that are only
declared when the DFG is enabled.
* jit/JITStubs.cpp:
* jit/JITStubs.h:
2011-10-19 Filip Pizlo <fpizlo@apple.com>
DFG ConvertThis emits slow code when the source node is known to be,
but not predicted to be, a final object
https://bugs.webkit.org/show_bug.cgi?id=70466
Reviewed by Oliver Hunt.
Added a new case in ConvertThis compilation.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-19 Filip Pizlo <fpizlo@apple.com>
Optimization triggers in the old JIT may sometimes fire repeatedly even
though there is no optimization to be done
https://bugs.webkit.org/show_bug.cgi?id=70467
Reviewed by Oliver Hunt.
If optimize_from_ret does nothing, it delays the next optimization trigger.
This is performance-neutral.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Heuristics.cpp:
(JSC::Heuristics::initializeHeuristics):
2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
https://bugs.webkit.org/show_bug.cgi?id=70460
Reviewed by Filip Pizlo.
As pointed out by Gavin in bug #70418, when a value is already in memory
we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
This gives 9% improvement on Kraken if without the change in bug #70418,
and 1% if based on the code with bug #70418 change.
Performance is neutral in V8 and SunSpider.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2011-10-19 Gavin Barraclough <barraclough@apple.com>
Poisoning of strict caller,arguments inappropriately poisoning "in"
https://bugs.webkit.org/show_bug.cgi?id=63398
Reviewed by Oliver Hunt.
This fixes the problem by correctly implementing the spec -
the error should actually be being thrown from a standard JS getter/setter.
This implements spec correct behaviour for strict mode JS functions & bound
functions, I'll follow up with a patch to do the same for arguments.
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::finishCreation):
- Add the poisoned caller/arguments properties.
* runtime/JSBoundFunction.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::finishCreation):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::put):
- If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::createThrowTypeError):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::throwTypeErrorGetterSetter):
- Add a ThrowTypeError type, per ES5 13.2.3.
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncThrowTypeError):
* runtime/JSGlobalObjectFunctions.h:
- Implementation of ThrowTypeError.
* runtime/JSObject.cpp:
(JSC::JSObject::initializeGetterSetterProperty):
* runtime/JSObject.h:
- This function adds a new property (must not exist already) that is an initialized getter/setter.
2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT 32_64 - improve double boxing/unboxing
https://bugs.webkit.org/show_bug.cgi?id=70418
Reviewed by Gavin Barraclough.
Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
which tries to exchange data through memory.
On X86 some SSE instructions can help us on such operations with better performance.
This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::lshiftPacked):
(JSC::MacroAssemblerX86Common::rshiftPacked):
(JSC::MacroAssemblerX86Common::orPacked):
(JSC::MacroAssemblerX86Common::moveInt32ToPacked):
(JSC::MacroAssemblerX86Common::movePackedToInt32):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movd_rr):
(JSC::X86Assembler::psllq_i8r):
(JSC::X86Assembler::psrlq_i8r):
(JSC::X86Assembler::por_rr):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::boxDouble):
(JSC::DFG::JITCodeGenerator::unboxDouble):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::boxDouble):
(JSC::DFG::JITCompiler::unboxDouble):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::convertToDouble):
(JSC::DFG::SpeculativeJIT::compile):
2011-10-19 Gyuyoung Kim <gyuyoung.kim@samsung.com>
[EFL] Fix DSO linkage of wtf_efl.
Unreviewed build fix.
Need to add -ldl to jsc_efl (requested by dladdr).
* wtf/CMakeListsEfl.txt:
2011-10-19 Geoffrey Garen <ggaren@apple.com>
Removed StringImplBase, fusing it into StringImpl
https://bugs.webkit.org/show_bug.cgi?id=70443
Reviewed by Gavin Barraclough.
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.order:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/text/StringImpl.h:
(WTF::StringImpl::StringImpl):
(WTF::StringImpl::ref):
(WTF::StringImpl::length):
* wtf/text/StringImplBase.h: Removed.
* wtf/wtf.pri: Removed!
2011-10-19 Mark Hahnenberg <mhahnenberg@apple.com>
Add getConstructData to the MethodTable
https://bugs.webkit.org/show_bug.cgi?id=70163
Reviewed by Geoffrey Garen.
Adding getConstructData to the MethodTable in order to be able to
remove all calls to getConstructDataVirtual soon. Part of the process
of de-virtualizing JSCell.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/ClassInfo.h:
2011-10-18 Oliver Hunt <oliver@apple.com>
Support CanvasPixelArray in the DFG
https://bugs.webkit.org/show_bug.cgi?id=70384
Reviewed by Filip Pizlo.
Add support for the old CanvasPixelArray optimisations to the
DFG. This removes the regression seen in the DFG when using
a CPA.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::store8):
(JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movb_rm):
(JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
* bytecode/PredictedType.cpp:
(JSC::predictionToString):
(JSC::predictionFromClassInfo):
* bytecode/PredictedType.h:
(JSC::isByteArrayPrediction):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::initialize):
(JSC::DFG::AbstractState::execute):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateByteArray):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::compileClampDoubleToByte):
(JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/JSByteArray.h:
(JSC::JSByteArray::offsetOfStorage):
* wtf/ByteArray.cpp:
* wtf/ByteArray.h:
(WTF::ByteArray::offsetOfSize):
(WTF::ByteArray::offsetOfData):
2011-10-18 Geoffrey Garen <ggaren@apple.com>
Some rope cleanup following r97827
https://bugs.webkit.org/show_bug.cgi?id=70398
Reviewed by Oliver Hunt.
9% speedup on date-format-xparb, neutral overall.
- Removed RopeImpl*.
- Removed JSString::m_fiberCount, since this can be deduced from other data.
- Renamed a jsString() variant to jsStringFromArguments for clarity.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.order:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* jit/JITInlineMethods.h:
(JSC::JIT::emitLoadCharacterString):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::stringGetByValStubGenerator):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::loadJSStringArgument):
* jit/ThunkGenerators.cpp:
(JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
of testing m_fiberCount, since m_fiberCount is gone now.
* runtime/JSString.cpp:
(JSC::JSString::RopeBuilder::expand):
(JSC::JSString::visitChildren):
(JSC::JSString::resolveRope):
(JSC::JSString::resolveRopeSlowCase):
(JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::finishCreation):
(JSC::RopeBuilder::offsetOfLength):
(JSC::RopeBuilder::isRope):
(JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
jsString => jsStringFromArguments for clarity.
* runtime/Operations.h:
(JSC::jsStringFromArguments): Renamed.
* runtime/RopeImpl.cpp: Removed.
* runtime/RopeImpl.h: Removed.
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
which is slightly faster.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncConcat): Updated for rename.
* wtf/text/StringImplBase.h:
(WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
StringImpl, since this was only used by RopeImpl, which is now gone.
2011-10-19 Rafael Antognolli <antognolli@profusion.mobi>
[EFL] Fix DSO linkage of jsc_efl.
https://bugs.webkit.org/show_bug.cgi?id=70412
Unreviewed build fix.
Need to add -ldl to jsc_efl (requested by dladdr).
* shell/CMakeListsEfl.txt:
2011-10-18 Geoffrey Garen <ggaren@apple.com>
Rolled out last Windows build fix because it was wrong.
2011-10-18 Geoffrey Garen <ggaren@apple.com>
Rolled out last Windows build fix because it was wrong.
2011-10-18 Geoffrey Garen <ggaren@apple.com>
Try to fix part of the Windows build.
Export!
2011-10-18 Geoffrey Garen <ggaren@apple.com>
Switched ropes from malloc memory to GC memory
https://bugs.webkit.org/show_bug.cgi?id=70364
Reviewed by Gavin Barraclough.
~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
having C++ destructors.
* heap/MarkStack.cpp:
(JSC::visitChildren): Call the JSString visitChildren function now,
since it's no longer a no-op.
* runtime/JSString.cpp:
(JSC::JSString::~JSString): Moved this destructor out of line because
it's called virtually, so there's no value to inlining.
(JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
initializing wrapper around JSString. JSString now represents ropes
directly, rather than relying on an underlying malloc object.
(JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
objects now.
(JSC::JSString::resolveRope):
(JSC::JSString::resolveRopeSlowCase):
(JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
of malloc objects.
(JSC::JSString::replaceCharacter): Removed optimizations for substringing
ropes and replacing subsections of ropes. We want to reimplement versions
of these optimizations in the future, but this patch already has good
performance without them.
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::finishCreation):
(JSC::RopeBuilder::createNull):
(JSC::RopeBuilder::create):
(JSC::RopeBuilder::createHasOtherOwner):
(JSC::jsSingleCharacterString):
(JSC::jsSingleCharacterSubstring):
(JSC::jsNontrivialString):
(JSC::jsString):
(JSC::jsSubstring):
(JSC::jsOwnedString): Lots of mechanical changes here. The two important
things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
malloc objects; (2) I simplified the JSString constructor interface to
only accept PassRefPtr<StringImpl>, instead of variations on that like
UString, reducing refcount churn.
* runtime/JSValue.h:
* runtime/JSValue.cpp:
(JSC::JSValue::toPrimitiveString): Updated this function to return a
JSString instead of a UString, since that's what clients want now.
* runtime/Operations.cpp:
(JSC::jsAddSlowCase):
* runtime/Operations.h:
(JSC::jsString):
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::createEmptyString): Updated for interface changes above.
* runtime/StringConstructor.cpp:
(JSC::constructWithStringConstructor):
* runtime/StringObject.h:
(JSC::StringObject::create): Don't create a new JSString if we already
have a JSString.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncConcat): Updated for interface changes above.
2011-10-18 Gavin Barraclough <barraclough@apple.com>
Errrk, fix partial commit of r97825!
* runtime/DatePrototype.cpp:
(JSC::dateProtoFuncToISOString):
2011-10-18 Gavin Barraclough <barraclough@apple.com>
Date.prototype.toISOString fails to throw exception
https://bugs.webkit.org/show_bug.cgi?id=70394
Reviewed by Sam Weinig.
* runtime/DatePrototype.cpp:
(JSC::dateProtoFuncToISOString):
- Should throw a range error if the internal value is not finite.
2011-10-18 Mark Hahnenberg <mhahnenberg@apple.com>
Rename static put to putByIndex
https://bugs.webkit.org/show_bug.cgi?id=70281
Reviewed by Geoffrey Garen.
Renaming versions of deleteProperty that use an unsigned as the property
name to "deletePropertyByIndex" in preparation for adding them to the
MethodTable, which requires unique names for each method.
* dfg/DFGOperations.cpp:
(JSC::DFG::putByVal):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Arguments.cpp:
(JSC::Arguments::putVirtual):
(JSC::Arguments::putByIndex):
* runtime/Arguments.h:
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncMap):
* runtime/JSArray.cpp:
(JSC::JSArray::put):
(JSC::JSArray::putVirtual):
(JSC::JSArray::putByIndex):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::putVirtual):
(JSC::JSByteArray::putByIndex):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::putVirtual):
(JSC::JSCell::putByIndex):
* runtime/JSCell.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::putVirtual):
(JSC::JSNotAnObject::putByIndex):
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::putVirtual):
(JSC::JSObject::putByIndex):
* runtime/JSObject.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpMatchesArray::fillArrayInstance):
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::putVirtual):
(JSC::RegExpMatchesArray::putByIndex):
2011-10-18 Gavin Barraclough <barraclough@apple.com>
Array.prototype methods missing exception checks
https://bugs.webkit.org/show_bug.cgi?id=70360
Reviewed by Geoff Garen.
Missing exception checks after calls to the static getProperty helper,
these may result in the wrong exception being thrown (or an ASSERT being hit,
as is currently the case running test-262).
No performance impact.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
2011-10-18 Adam Barth <abarth@webkit.org>
Always enable ENABLE(XPATH)
https://bugs.webkit.org/show_bug.cgi?id=70217
Reviewed by Eric Seidel.
* Configurations/FeatureDefines.xcconfig:
2011-10-18 Gavin Barraclough <barraclough@apple.com>
Indexed arguments on the Arguments object should be enumerable.
https://bugs.webkit.org/show_bug.cgi?id=70302
Reviewed by Sam Weinig.
See ECMA-262 5.1 chapter 10.6 step 11b.
This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertyDescriptor):
- The 'enumerable' property should be true for indexed arguments.
(JSC::Arguments::getOwnPropertyNames):
- Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
2011-10-18 Gustavo Noronha Silva <gns@gnome.org>
Fix distcheck.
* GNUmakefile.list.am: fix a typo and add a missing header to the
list.
2011-10-18 Balazs Kelemen <kbalazs@webkit.org>
ParallelJobs: maximum number of threads should be determined dynamically
https://bugs.webkit.org/show_bug.cgi?id=68540
Reviewed by Zoltan Herczeg.
Add logic to determine the number of cores and use this as
the maximum number of threads. The implementation currently
covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
The patch was tested on Linux, Mac and Windows which was enough to
cover all code path. It should work on the rest accoring to the
documentation of those OS's. The hard coded constant is still used
on uncovered OS's which should be fixed in the future.
* wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
argument because clients should always fill it and the 0 default value
was incorrect anyway.
(WTF::ParallelJobs::ParallelJobs):
* wtf/ParallelJobsGeneric.cpp:
(WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
* wtf/ParallelJobsGeneric.h:
(WTF::ParallelEnvironment::ParallelEnvironment):
2011-10-17 Gavin Barraclough <barraclough@apple.com>
Reverted r997709, this caused test failures.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::hasProperty):
(JSC::JSObject::hasOwnProperty):
2011-10-17 Ryosuke Niwa <rniwa@webkit.org>
Rename deregister* to unregister*
https://bugs.webkit.org/show_bug.cgi?id=70272
Reviewed by Darin Adler.
Renamed deregisterWeakMap to unregisterWeakMap.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::unregisterWeakMap):
2011-10-17 Gavin Barraclough <barraclough@apple.com>
Poisoning of strict caller/arguments inappropriately poisoning "in"
https://bugs.webkit.org/show_bug.cgi?id=63398
Reviewed by Sam Weinig.
The problem here is that the has[Own]Property methods get the slot rather than
the descriptor, and getting the slot may cause the property to be eagerly accessed.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- We don't expect hasProperty to ever throw. If it does, it won't get caught
(since it is after the exception check), so ASSERT to guard against this.
* runtime/JSObject.cpp:
(JSC::JSObject::hasProperty):
(JSC::JSObject::hasOwnProperty):
- These methods should not check for the presence of the descriptor; never get the value.
2011-10-17 Gavin Barraclough <barraclough@apple.com>
Exception ordering in String.prototype.replace
https://bugs.webkit.org/show_bug.cgi?id=70290
If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
Reviewed by Oliver Hunt.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncReplace):
2011-10-17 Filip Pizlo <fpizlo@apple.com>
DFG bytecode parser should understand inline stacks
https://bugs.webkit.org/show_bug.cgi?id=70278
Reviewed by Oliver Hunt.
The DFG bytecode parser is now capable of parsing multiple code blocks at
once. This remains turned off since not all inlining functionality is
implemented.
This required making a few changes elsewhere in the system. The bytecode
parser now may do some of the same things that the bytecode generator does,
like allocating constants and identifiers. Basic block linking relies on
bytecode indices, which are only meaningful within the context of one basic
block. This is fine, so long as linking is done eagerly whenever switching
from one code block to another.
* bytecode/CodeOrigin.h:
(JSC::CodeOrigin::CodeOrigin):
* bytecompiler/BytecodeGenerator.h:
* dfg/DFGBasicBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::getThis):
(JSC::DFG::ByteCodeParser::setThis):
(JSC::DFG::ByteCodeParser::currentCodeOrigin):
(JSC::DFG::ByteCodeParser::getPrediction):
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::makeDivSafe):
(JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
(JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
(JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::linkBlock):
(JSC::DFG::ByteCodeParser::linkBlocks):
(JSC::DFG::ByteCodeParser::setupPredecessors):
(JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.h:
(JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
(JSC::DFG::GetBytecodeBeginForBlock::operator()):
(JSC::DFG::Graph::blockIndexForBytecodeOffset):
* dfg/DFGNode.h:
* runtime/Identifier.h:
(JSC::IdentifierMapIndexHashTraits::emptyValue):
* runtime/JSValue.h:
* wtf/StdLibExtras.h:
(WTF::binarySearchWithFunctor):
2011-10-17 Gavin Barraclough <barraclough@apple.com>
Incorrect behavior from String match/search & undefined pattern
https://bugs.webkit.org/show_bug.cgi?id=70286
Reviewed by Sam weinig.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
- In case of undefined, pattern is "".
(JSC::stringProtoFuncSearch):
- In case of undefined, pattern is "".
2011-10-17 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=70207
After deleting __defineSetter__, it is absent but appears in name list
Reviewed by Darin Adler.
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertyNames):
- This should check whether static functions have been reified.
2011-10-17 Geoffrey Garen <ggaren@apple.com>
Mac build fix.
* JavaScriptCore.exp: Export!
2011-10-17 Geoffrey Garen <ggaren@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
2011-10-17 Geoffrey Garen <ggaren@apple.com>
Windows build fix.
* heap/HandleStack.cpp: Added a missing #include.
2011-10-17 Geoffrey Garen <ggaren@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
longer existant symbol.
* heap/MarkStack.cpp:
(JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
2011-10-17 Geoffrey Garen <ggaren@apple.com>
Simplified GC marking logic
https://bugs.webkit.org/show_bug.cgi?id=70258
Reviewed by Filip Pizlo.
No perf. change.
This is a first step toward GC allocating string backing stores, starting
with ropes. It also enables future simplifications and optimizations.
- Replaced some complex mark stack logic with a simple linear stack of
JSCell pointers.
- Replaced logic for short-circuiting marking based on JSType and/or
Structure flags with special cases for object, array, and string.
- Fiddled with inlining for better codegen.
* JavaScriptCore.exp:
* heap/HandleStack.cpp: Build!
* heap/Heap.cpp:
(JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
* heap/HeapRootVisitor.h: Removed unused functions that no longer build.
* heap/MarkStack.cpp:
(JSC::MarkStackArray::MarkStackArray):
(JSC::MarkStackArray::~MarkStackArray):
(JSC::MarkStackArray::expand):
(JSC::MarkStackArray::shrinkAllocation):
(JSC::MarkStack::reset):
(JSC::visitChildren):
(JSC::SlotVisitor::drain):
* heap/MarkStack.h:
(JSC::MarkStack::MarkStack):
(JSC::MarkStack::~MarkStack):
(JSC::MarkStackArray::append):
(JSC::MarkStackArray::removeLast):
(JSC::MarkStackArray::isEmpty):
(JSC::MarkStack::append):
(JSC::MarkStack::appendUnbarrieredPointer):
(JSC::MarkStack::internalAppend): Replaced complex mark set logic with
simple linear stack.
* heap/SlotVisitor.h:
(JSC::SlotVisitor::SlotVisitor): Updated for above changes.
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSArray.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSObject.h: Don't inline visitChildren; it's too big.
* runtime/Structure.h:
(JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
because it prevented strings from owning GC pointers.
* runtime/WriteBarrier.h:
(JSC::MarkStack::appendValues): No need to validate; internalAppend will
do that for us.
2011-10-17 Adam Roben <aroben@apple.com>
Windows build fix after r97536, part 3
* runtime/JSAPIValueWrapper.h:
* runtime/JSObject.h:
Use JS_EXPORTDATA to export the s_info members.
2011-10-17 Adam Roben <aroben@apple.com>
Interpreter build fix after r97564
* runtime/Executable.cpp:
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
there.
2011-10-17 Adam Roben <aroben@apple.com>
Windows build fix after r97536, part 2
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
was at it.
2011-10-17 Adam Roben <aroben@apple.com>
Windows build fix after r97536
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
s_info members, which need to be exported via JS_EXPORTDATA instead.
2011-10-17 Patrick Gansterer <paroga@webkit.org>
Interpreter build fix after r97436, r97506, r97532 and r97537.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
2011-10-16 Adam Barth <abarth@webkit.org>
Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
https://bugs.webkit.org/show_bug.cgi?id=70216
Reviewed by Eric Seidel.
* wtf/Platform.h:
2011-10-16 Noel Gordon <noel.gordon@gmail.com>
[chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
https://bugs.webkit.org/show_bug.cgi?id=70205
Reviewed by James Robinson.
wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
wtf/gtk/ThreadingGtk.cpp was removed in r97269.
* JavaScriptCore.gypi:
2011-10-16 Adam Barth <abarth@webkit.org>
Always enable ENABLE(DOM_STORAGE)
https://bugs.webkit.org/show_bug.cgi?id=70189
Reviewed by Eric Seidel.
* Configurations/FeatureDefines.xcconfig:
2011-10-15 Dan Horák <dan@danny.cz>
The s390 and s390x architectures both use 64-bit double type
that conforms to the IEEE-754 standard.
https://bugs.webkit.org/show_bug.cgi?id=69940
Reviewed by Gavin Barraclough.
* wtf/dtoa/utils.h:
2011-10-14 Filip Pizlo <fpizlo@apple.com>
FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
https://bugs.webkit.org/show_bug.cgi?id=70157
Reviewed by Geoff Garen.
Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
and compileForConstructInternal() to use this method. This required more cleanly
exposing some of CodeBlock's tiering functionality and moving the CompilationKind
enum to Executable.h, as this was the easiest way to make it available to the
declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::copyDataFrom):
(JSC::CodeBlock::copyDataFromAlternative):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::setAlternative):
* bytecompiler/BytecodeGenerator.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::FunctionExecutable::codeBlockFor):
2011-10-15 Laszlo Gombos <laszlo.1.gombos@nokia.com>
[Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
https://bugs.webkit.org/show_bug.cgi?id=69920
Reviewed by Kenneth Rohde Christiansen.
* JavaScriptCore.pri:
* JavaScriptCore.pro:
* heap/MarkStack.h:
(JSC::::shrinkAllocation):
* jit/ExecutableAllocator.cpp:
* jit/ExecutableAllocator.h:
(JSC::ExecutableAllocator::cacheFlush):
* jit/JITStubs.cpp:
* jsc.pro:
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
* runtime/DatePrototype.cpp:
(JSC::formatLocaleDate):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncLastIndexOf):
* runtime/TimeoutChecker.cpp:
(JSC::getCPUTime):
* wtf/Assertions.cpp:
* wtf/Assertions.h:
* wtf/Atomics.h:
* wtf/MathExtras.h:
* wtf/OSAllocator.h:
(WTF::OSAllocator::decommitAndRelease):
* wtf/OSAllocatorSymbian.cpp: Removed.
* wtf/OSRandomSource.cpp:
(WTF::cryptographicallyRandomValuesFromOS):
* wtf/PageAllocation.h:
* wtf/PageAllocatorSymbian.h: Removed.
* wtf/PageBlock.cpp:
* wtf/Platform.h:
* wtf/StackBounds.cpp:
* wtf/wtf.pri:
2011-10-15 Yuqiang Xian <yuqiang.xian@intel.com>
Trivial fix for a missing change in r97512
https://bugs.webkit.org/show_bug.cgi?id=70166
Reviewed by Gavin Barraclough.
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::link):
2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
Rename getOwnPropertySlot to getOwnPropertySlotVirtual
https://bugs.webkit.org/show_bug.cgi?id=69810
Reviewed by Geoffrey Garen.
Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
in preparation for when we add the static getOwnPropertySlot to the MethodTable
in ClassInfo.
Also added a few static getOwnPropertySlot functions where they had been overlooked
before (especially in CodeGeneratorJS.pm).
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getOwnPropertySlotVirtual):
(JSC::::getOwnPropertySlot):
(JSC::::getOwnPropertyDescriptor):
(JSC::::staticFunctionGetter):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::getOwnPropertySlotVirtual):
(JSC::DebuggerActivation::getOwnPropertySlot):
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertySlotVirtual):
(JSC::Arguments::getOwnPropertySlot):
* runtime/Arguments.h:
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getOwnPropertySlotVirtual):
(JSC::ArrayConstructor::getOwnPropertySlot):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::getOwnPropertySlotVirtual):
* runtime/ArrayPrototype.h:
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::getOwnPropertySlotVirtual):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getOwnPropertySlotVirtual):
* runtime/DateConstructor.h:
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::getOwnPropertySlotVirtual):
* runtime/DatePrototype.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::getOwnPropertySlotVirtual):
* runtime/ErrorPrototype.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnPropertySlotVirtual):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::getOwnPropertySlotVirtual):
(JSC::JSArray::getOwnPropertySlot):
* runtime/JSArray.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::getOwnPropertySlotVirtual):
* runtime/JSBoundFunction.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::getOwnPropertySlotVirtual):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getOwnPropertySlotVirtual):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlotVirtual):
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::getOwnPropertyNames):
(JSC::JSFunction::put):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::getOwnPropertySlotVirtual):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::hasOwnPropertyForWrite):
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::getOwnPropertySlotVirtual):
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::Stringifier::Holder::appendNextProperty):
(JSC::JSONObject::getOwnPropertySlotVirtual):
(JSC::Walker::walk):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertySlotVirtual):
(JSC::JSObject::getOwnPropertySlot):
(JSC::JSObject::hasOwnProperty):
* runtime/JSObject.h:
(JSC::JSObject::getOwnPropertySlotVirtual):
(JSC::JSCell::fastGetOwnPropertySlot):
(JSC::JSObject::getPropertySlot):
(JSC::JSValue::get):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
* runtime/JSStaticScopeObject.h:
* runtime/JSString.cpp:
(JSC::JSString::getOwnPropertySlotVirtual):
(JSC::JSString::getOwnPropertySlot):
* runtime/JSString.h:
* runtime/Lookup.h:
(JSC::getStaticPropertySlot):
(JSC::getStaticFunctionSlot):
(JSC::getStaticValueSlot):
* runtime/MathObject.cpp:
(JSC::MathObject::getOwnPropertySlotVirtual):
* runtime/MathObject.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getOwnPropertySlotVirtual):
* runtime/NumberConstructor.h:
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::getOwnPropertySlotVirtual):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getOwnPropertySlotVirtual):
* runtime/ObjectConstructor.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::getOwnPropertySlotVirtual):
* runtime/ObjectPrototype.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getOwnPropertySlotVirtual):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::getOwnPropertySlotVirtual):
* runtime/RegExpObject.h:
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::getOwnPropertySlotVirtual):
* runtime/RegExpPrototype.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getOwnPropertySlotVirtual):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::getOwnPropertySlotVirtual):
* runtime/StringObject.h:
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::getOwnPropertySlotVirtual):
* runtime/StringPrototype.h:
2011-10-14 Gavin Barraclough <baraclough@apple.com>
Most built-in properties are not deletable
https://bugs.webkit.org/show_bug.cgi?id=61014
Reviewed by Filip Pizlo.
Our static hash tables don't allow for deleting properties.
This is the cause of a bunch of expected failures in LayoutTests/sputnik.
This fixes the problem by reifying all static functions immediately prior
to the first deletion. Reification is tracked by a flag on the structure,
so properties will no longer 'bounce-back' on later access.
Theoretically there could probably also be an issue with custom accessor
properties, but we probably do not really require any of these to be
Configurable anyway. I'll follow up with a separate patch to address this.
* runtime/ClassInfo.h:
(JSC::ClassInfo::hasStaticProperties):
- detects static property tables.
* runtime/JSObject.cpp:
(JSC::JSObject::deleteProperty):
- call reifyStaticFunctions before deletion.
(JSC::JSObject::reifyStaticFunctions):
- If the class has static functions, set them up now.
* runtime/JSObject.h:
(JSC::JSObject::staticFunctionsReified):
- returns true if static functions have been reified,
and as such should no longer be added.
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
- If static functions have been reified do not add.
* runtime/Lookup.h:
(JSC::HashTable::ConstIterator::ConstIterator):
(JSC::HashTable::ConstIterator::operator->):
(JSC::HashTable::ConstIterator::operator*):
(JSC::HashTable::ConstIterator::operator!=):
(JSC::HashTable::ConstIterator::operator++):
(JSC::HashTable::ConstIterator::skipInvalidKeys):
(JSC::HashTable::begin):
(JSC::HashTable::end):
(JSC::getStaticPropertySlot):
(JSC::getStaticPropertyDescriptor):
(JSC::getStaticFunctionSlot):
(JSC::getStaticFunctionDescriptor):
- setUpStaticFunctionSlot may not add, returns a bool.
(JSC::lookupPut):
- remove redundant branch.
* runtime/Structure.cpp:
(JSC::Structure::Structure):
- initialize new flag in constructors.
* runtime/Structure.h:
(JSC::Structure::staticFunctionsReified):
(JSC::Structure::setStaticFunctionsReified):
- added flag
2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
Rename virtual put to putVirtual
https://bugs.webkit.org/show_bug.cgi?id=69851
Reviewed by Darin Adler.
Renamed virtual versions of put to putVirtual in prepration for
adding the static put to the MethodTable in ClassInfo since the
compiler gets mad if the virtual and static versions have the same
name.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::putVirtual):
* API/JSObjectRef.cpp:
(JSObjectSetProperty):
(JSObjectSetPropertyAtIndex):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::putVirtual):
(JSC::DebuggerActivation::put):
* debugger/DebuggerActivation.h:
* dfg/DFGOperations.cpp:
(JSC::DFG::putByVal):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jsc.cpp:
(GlobalObject::finishCreation):
* runtime/Arguments.cpp:
(JSC::Arguments::putVirtual):
* runtime/Arguments.h:
* runtime/ArrayPrototype.cpp:
(JSC::putProperty):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
* runtime/JSActivation.cpp:
(JSC::JSActivation::putVirtual):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::putVirtual):
(JSC::JSArray::putSlowCase):
(JSC::JSArray::push):
(JSC::JSArray::shiftCount):
(JSC::JSArray::unshiftCount):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::putVirtual):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::putVirtual):
(JSC::JSCell::put):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::putVirtual):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::putVirtual):
(JSC::JSGlobalObject::putWithAttributes):
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::putVirtual):
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::putVirtual):
(JSC::JSObject::put):
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
(JSC::JSValue::put):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::putVirtual):
* runtime/JSStaticScopeObject.h:
* runtime/Lookup.h:
(JSC::lookupPut):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::putVirtual):
* runtime/ObjectPrototype.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpMatchesArray::fillArrayInstance):
(JSC::RegExpConstructor::putVirtual):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::putVirtual):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::putVirtual):
* runtime/RegExpObject.h:
* runtime/StringObject.cpp:
(JSC::StringObject::putVirtual):
* runtime/StringObject.h:
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncSplit):
2011-10-13 Filip Pizlo <fpizlo@apple.com>
Reflective Arguments retrieval should be hardened for the
possibility of inlining
https://bugs.webkit.org/show_bug.cgi?id=70068
Reviewed by Oliver Hunt.
CodeBlock can now track, as part of its RareData, the virtual inline
stack at callsites. CallFrame walking can now rematerialize "inline"
CallFrames by combining the meta-data in CodeBlock with the information
already in the JS stack. Arguments can now safely retrieve the
arguments from inline CallFrames.
The DFG already had the notion of a "CodeOrigin" in preparation for
inlining. This notion will now be saved into the CodeBlock, if the DFG
had done inlining. So, CodeOrigin has been moved to bytecode/ and has
been changed to behave more like a struct since that is how it's
meant to be used.
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.h:
(JSC::CodeBlock::inlineCallFrames):
(JSC::CodeBlock::codeOrigins):
(JSC::CodeBlock::hasCodeOrigins):
(JSC::CodeBlock::codeOriginForReturn):
* bytecode/CodeOrigin.h: Added.
(JSC::CodeOrigin::CodeOrigin):
(JSC::CodeOrigin::isSet):
(JSC::getCallReturnOffsetForCodeOrigin):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGNode.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::isInlineCallFrame):
(JSC::CallFrame::trueCallerFrame):
* interpreter/CallFrame.h:
(JSC::ExecState::inlineCallFrame):
(JSC::ExecState::setInlineCallFrame):
(JSC::ExecState::isInlineCallFrame):
(JSC::ExecState::trueCallerFrame):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::findFunctionCallFrame):
* interpreter/Register.h:
(JSC::Register::operator=):
(JSC::Register::inlineCallFrame):
* runtime/Arguments.h:
(JSC::Arguments::getArgumentsData):
(JSC::Arguments::finishCreationButDontCopyRegisters):
(JSC::Arguments::finishCreation):
(JSC::Arguments::finishCreationAndCopyRegisters):
* runtime/Executable.h:
(JSC::FunctionExecutable::parameterCount):
2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
Rename virtual deleteProperty to deletePropertyVirtual
https://bugs.webkit.org/show_bug.cgi?id=69884
Reviewed by Darin Adler.
Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for
adding the static deleteProperty to the MethodTable in ClassInfo since the
compiler gets mad if the virtual and static versions have the same name.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::deletePropertyVirtual):
(JSC::::deleteProperty):
* API/JSObjectRef.cpp:
(JSObjectDeleteProperty):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::deletePropertyVirtual):
(JSC::DebuggerActivation::deleteProperty):
* debugger/DebuggerActivation.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Arguments.cpp:
(JSC::Arguments::deletePropertyVirtual):
* runtime/Arguments.h:
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
* runtime/JSActivation.cpp:
(JSC::JSActivation::deletePropertyVirtual):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::deletePropertyVirtual):
(JSC::JSArray::deleteProperty):
* runtime/JSArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::deletePropertyVirtual):
(JSC::JSCell::deleteProperty):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::deletePropertyVirtual):
* runtime/JSFunction.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::deletePropertyVirtual):
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::deletePropertyVirtual):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
* runtime/JSVariableObject.cpp:
(JSC::JSVariableObject::deletePropertyVirtual):
* runtime/JSVariableObject.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::deletePropertyVirtual):
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::deletePropertyVirtual):
* runtime/StrictEvalActivation.h:
* runtime/StringObject.cpp:
(JSC::StringObject::deletePropertyVirtual):
* runtime/StringObject.h:
2011-10-14 Peter Beverloo <peter@chromium.org>
[Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo
https://bugs.webkit.org/show_bug.cgi?id=70028
Reviewed by Adam Barth.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-10-14 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT 32_64 - Performance fix for ResolveGlobal
https://bugs.webkit.org/show_bug.cgi?id=70096
Reviewed by Gavin Barraclough.
Structure check of global object should be a pointer comparison
instead of a tag and payload pair comparison. This fix improves
SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X.
Also two trivial fixes for successful 32-bit build are included.
* dfg/DFGSpeculativeJIT.cpp:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-13 Filip Pizlo <fpizlo@apple.com>
Speculation failures in ValueToInt32 are causing a 2x slow-down
in Kraken/stanford-crypto-pbkdf2
https://bugs.webkit.org/show_bug.cgi?id=70089
Reviewed by Gavin Barraclough.
If we can't truncate to Int32 using machine code, then don't fail
speculation. Just call JSC::toInt32.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
Rename virtual getConstructData to getConstructDataVirtual
https://bugs.webkit.org/show_bug.cgi?id=69872
Reviewed by Geoffrey Garen.
Renamed virtual getConstructData functions to getConstructDataVirtual to
avoid conflicts when we add static getConstructData to the MethodTable.
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::getConstructDataVirtual):
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getConstructDataVirtual):
* API/JSObjectRef.cpp:
(JSObjectIsConstructor):
(JSObjectCallAsConstructor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getConstructDataVirtual):
* runtime/ArrayConstructor.h:
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::getConstructDataVirtual):
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getConstructDataVirtual):
* runtime/DateConstructor.h:
* runtime/Error.h:
(JSC::StrictModeTypeErrorFunction::getConstructDataVirtual):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::getConstructDataVirtual):
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::getConstructDataVirtual):
* runtime/FunctionConstructor.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getConstructDataVirtual):
* runtime/JSCell.h:
(JSC::getConstructData):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getConstructDataVirtual):
* runtime/JSFunction.h:
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::getConstructDataVirtual):
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getConstructDataVirtual):
* runtime/NumberConstructor.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getConstructDataVirtual):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getConstructDataVirtual):
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getConstructDataVirtual):
* runtime/StringConstructor.h:
2011-10-13 Filip Pizlo <fpizlo@apple.com>
Rubber stamped Stephanie Lewis.
DFG_ENABLE() macro was always returning false.
* dfg/DFGNode.h:
2011-10-13 Gavin Barraclough <baraclough@apple.com>
Speculative build fix for !DFG builds.
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
2011-10-13 Oliver Hunt <oliver@apple.com>
Fix performance of ValueToInt32 node when predicting double
https://bugs.webkit.org/show_bug.cgi?id=70063
Reviewed by Filip Pizlo.
Currently we fail to inline double to int conversion when
performing a ValueToInt32 operation on a value we predict
to be a double.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
Apply correct filter for the double prediction path
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
Support double parameters even when value has been spilled.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
Moved old valueToInt32 code to this function, and added
path for double prediction
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Made the two implementations of ValueToInt32 call a single
shared compileValueToInt32 function.
2011-10-13 Chris Marrin <cmarrin@apple.com>
Sync requestAnimationFrame callback to CVDisplayLink on Mac
https://bugs.webkit.org/show_bug.cgi?id=68911
Reviewed by Simon Fraser.
Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations
that use the DisplayRefreshMonitor logic.
* wtf/Platform.h:
2011-10-13 Gavin Barraclough <baraclough@apple.com>
DFG JIT should not be using ENABLE macro to enable features
https://bugs.webkit.org/show_bug.cgi?id=70060
Reviewed by Oliver Hunt.
The ENABLE macro is only intended to be used to detect features that are configured
in Platform.h. Using its to detect settings defined in other headers is an error.
The problem is that the ENABLE macro checks if the value is defined, so will silently
return false if you fail to include the header defining the switch. This is not a problem
if (1) the settings are defined in the same header that defines the macro that tests them,
or (2) the header is included everywhere. In the case of ENABLE settings defined in
Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro.
* bytecode/CodeBlock.cpp:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getPrediction):
(JSC::DFG::ByteCodeParser::makeSafe):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGJITCodeGenerator.cpp:
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::noticeOSREntry):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
* dfg/DFGNode.h:
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::propagateArithNodeFlags):
(JSC::DFG::Propagator::propagateArithNodeFlagsForward):
(JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::propagatePredictionsForward):
(JSC::DFG::Propagator::propagatePredictionsBackward):
(JSC::DFG::Propagator::propagatePredictions):
(JSC::DFG::Propagator::toDouble):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::fixup):
(JSC::DFG::Propagator::startIndexForChildren):
(JSC::DFG::Propagator::endIndexForPureCSE):
(JSC::DFG::Propagator::setReplacement):
(JSC::DFG::Propagator::eliminate):
(JSC::DFG::Propagator::performNodeCSE):
(JSC::DFG::Propagator::localCSE):
(JSC::DFG::Propagator::allocateVirtualRegisters):
(JSC::DFG::Propagator::performBlockCFA):
(JSC::DFG::Propagator::performForwardCFA):
(JSC::DFG::Propagator::globalCFA):
* dfg/DFGScoreBoard.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
2011-10-13 Gavin Barraclough <baraclough@apple.com>
terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell
Rubber stamped by Filip Pizlo
This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualized JSCell::toNumber
https://bugs.webkit.org/show_bug.cgi?id=69858
Reviewed by Sam Weinig.
Removed JSCallbackObject::toNumber because its no longer necessary since
JSObject::toNumber now suffices since we implicitly add valueOf to an object's
prototype whenever a convertToType callback is provided.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber.
* runtime/JSCell.cpp:
(JSC::JSCell::toNumber):
* runtime/JSCell.h:
* runtime/JSObject.h:
* runtime/JSString.h:
Removed JSNotAnObject::toNumber because its result doesn't matter and it implements
defaultValue, therefore JSObject::toNumber can cover its case.
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
2011-10-13 Xianzhu Wang <wangxianzhu@chromium.org>
Use realloc() to expand/shrink StringBuilder buffer
https://bugs.webkit.org/show_bug.cgi?id=69913
Reviewed by Darin Adler.
* wtf/text/StringBuilder.cpp:
(WTF::StringBuilder::reserveCapacity):
(WTF::StringBuilder::reallocateBuffer):
(WTF::StringBuilder::appendUninitialized):
(WTF::StringBuilder::shrinkToFit):
* wtf/text/StringBuilder.h:
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer.
* wtf/text/StringImpl.h:
2011-10-12 Filip Pizlo <fpizlo@apple.com>
If an Arguments object is being used to copy the arguments, then
make this explicit
https://bugs.webkit.org/show_bug.cgi?id=69995
Reviewed by Sam Weinig.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::retrieveArguments):
* runtime/Arguments.h:
(JSC::Arguments::createAndCopyRegisters):
(JSC::Arguments::finishCreationButDontCopyRegisters):
(JSC::Arguments::finishCreation):
(JSC::Arguments::finishCreationAndCopyRegisters):
2011-10-12 Filip Pizlo <fpizlo@apple.com>
DFG CFA does not filter structures aggressively enough.
https://bugs.webkit.org/show_bug.cgi?id=69989
Reviewed by Oliver Hunt.
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::clear):
(JSC::DFG::AbstractValue::makeTop):
(JSC::DFG::AbstractValue::clobberStructures):
(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::merge):
(JSC::DFG::AbstractValue::filter):
(JSC::DFG::AbstractValue::checkConsistency):
2011-10-12 Adam Barth <abarth@webkit.org>
Remove ENABLE(XHTMLMP) and associated code
https://bugs.webkit.org/show_bug.cgi?id=69729
Reviewed by David Levin.
* Configurations/FeatureDefines.xcconfig:
2011-10-12 Gavin Barraclough <baraclough@apple.com>
MacroAssemblerX86 8-bit register ops unsafe on CPU(X86)
https://bugs.webkit.org/show_bug.cgi?id=69978
Reviewed by Filip Pizlo.
Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ).
compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding
a couple of xchg instructions.
branchTest8 with a register argument is also affected. In all cases this is currently used
this is testing a value that is correct to 32 or more bits, so we can simply switch these
to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the
32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction).
This fixes the remaining fast/js failures with the DFG JIT 32_64.
* assembler/MacroAssemblerARMv7.h
- removed branchTest8.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::compare32):
(JSC::MacroAssemblerX86Common::test8):
(JSC::MacroAssemblerX86Common::test32):
(JSC::MacroAssemblerX86Common::set32):
- added set32 helper that is 'h' register safe.
- removed branchTest8.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- switch uses of branchTest8 to branchTest32.
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
- switch uses of branchTest8 to branchTest32.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitBranch):
- switch uses of branchTest8 to branchTest32.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitBranch):
- switch uses of branchTest8 to branchTest32.
2011-10-12 Gavin Barraclough <baraclough@apple.com>
Errrk, revert accidental commit!
* wtf/Platform.h:
2011-10-12 Gavin Barraclough <baraclough@apple.com>
Unreviewed, re-land changes from #69890, #69903.
These were reverted due to bug #69897, but #69903 fixed this problem.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillGPR):
2011-10-12 Filip Pizlo <fpizlo@apple.com>
ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly
https://bugs.webkit.org/show_bug.cgi?id=69906
Reviewed by Gavin Barraclough.
It turns out that the simplest fix is to switch computeUpdatedPredictions()
to using predictionFromValue() combined with mergePrediction(). Doing so
allowed me to kill off weakBuckets and visitWeakReferences(). Hence this
not only fixes a performance bug but kills off a lot of code that I never
liked to begin with.
This appears to be a 1% win on V8.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
* bytecode/PredictedType.cpp:
(JSC::predictionFromValue):
* bytecode/ValueProfile.cpp:
(JSC::ValueProfile::computeStatistics):
(JSC::ValueProfile::computeUpdatedPrediction):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::classInfo):
(JSC::ValueProfile::numberOfSamples):
(JSC::ValueProfile::isLive):
(JSC::ValueProfile::dump):
2011-10-12 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSCell::toString
https://bugs.webkit.org/show_bug.cgi?id=69677
Reviewed by Sam Weinig.
Removed toString from JSCallbackObject, since it is no
longer necessary since we now implicitly add toString and valueOf
functions to object prototypes when a convertToType callback
is provided, which is now the standard way to override toString
and valueOf in the JSC C API.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
Removed toString from InterruptedExecutionError and
TerminatedExecutionError and replaced it with defaultValue,
which JSObject::toString calls. We'll probably have to de-virtualize
defaultValue eventually, but we'll cross that bridge when we
come to it.
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::defaultValue):
(JSC::TerminatedExecutionError::defaultValue):
* runtime/ExceptionHelpers.h:
Removed toString from JSNotAnObject, since its return value doesn't
actually matter and JSObject::toString can cover it.
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
De-virtualized JSCell::toString, JSObject::toString and JSString::toString.
Added handling of all cases for JSCell to JSCell::toString.
* runtime/JSObject.h:
* runtime/JSString.h:
* runtime/JSCell.cpp:
(JSC::JSCell::toString):
* runtime/JSCell.h:
2011-10-12 Oliver Hunt <oliver@apple.com>
Global stringStructure caches its prototype chain, abandoning a web page
https://bugs.webkit.org/show_bug.cgi?id=69952
Reviewed by Filip Pizlo.
When visiting a structure, we don't keep the prototype chain
alive if we're not the structure for an object type.
* runtime/Structure.cpp:
(JSC::Structure::visitChildren):
2011-10-12 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT 32_64 - Fix ArrayPop
https://bugs.webkit.org/show_bug.cgi?id=69918
Reviewed by Filip Pizlo.
The storageLengthGPR is polluted by EmptyValueTag and later used to
index the array, which results in abnormal behaviors in execution.
This fix makes 32_64 DFG pass v8-deltablue and kraken
crypto-sha256-iterative on Linux ia32.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::store32):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movl_i32m):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-12 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
Fix build with GLib 2.31
https://bugs.webkit.org/show_bug.cgi?id=69840
Reviewed by Martin Robinson.
* GNUmakefile.list.am: removed ThreadingGtk.cpp.
* wtf/ThreadingPrimitives.h: remove GTK+-specific definitions.
* wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations.
* wtf/gobject/GOwnPtr.h: ditto.
* wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations.
* wtf/gtk/ThreadingGtk.cpp: Removed.
2011-10-12 Filip Pizlo <fpizlo@apple.com>
Layout tests crashing in DFG JIT code
https://bugs.webkit.org/show_bug.cgi?id=69897
Reviewed by Gavin Barraclough.
Abstract value filtration didn't take into account cases where a structure
set filter, combined with predicted type knowledge, could lead to a stronger
filter for the structure abstract value.
This bug would have been benign in release builds; it would have just meant
that the analysis was less precise and some optimization opportunities would
be missed. I have an ASSERT that is meant to catch such cases, and it was
triggering sporadically in one of the LayoutTests.
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::filter):
2011-10-11 Gavin Barraclough <baraclough@apple.com>
Unreviewed, temporarily reverted r97216 due to bug #69897.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillGPR):
2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
DFG 32_64 - fix silentFillGPR
https://bugs.webkit.org/show_bug.cgi?id=69903
Reviewed by Filip Pizlo.
Fix a small bug in silentFillGPR,
and add the newly introduced DFG file to CMakeListsEfl.
* CMakeListsEfl.txt:
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillGPR):
2011-10-08 Filip Pizlo <fpizlo@apple.com>
DFG does not have flow-sensitive intraprocedural control flow analysis
https://bugs.webkit.org/show_bug.cgi?id=69690
Reviewed by Gavin Barraclough.
Implemented a control flow analysis (CFA). It currently propagates type
proofs only. For example, if all predecessors to a basic block have
checks that variable X is a JSFinalObject with structure 0xabcdef, then
this basic block will now know this fact and will know that it does not
have to emit either JSFinalObject checks or any structure checks since
the structure is precisely known. The CFA takes heap side-effects into
account (though somewhat conservatively), so that if the object pointed
to by variable X could have possibly undergone a structure transition
then this is reflected: the analysis may simply say that X's structure
is unknown.
This also propagates a wealth of other type information which is
currently not being used. For example, we now know when a variable can
only hold doubles. Even if a variable may hold other types at different
points in its live range, we can still prove exactly when it will only
be double.
There's a bunch of stuff that the CFA could do that it still does not
do, like precise handling of PutStructure (i.e. structure transitions),
precise handling of CheckFunction and CheckMethod, etc. So this is
very much intended to be a starting point rather than an end unto
itself.
This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue)
and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate).
Neutral on SunSpider.
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/ActionablePrediction.h: Removed.
* bytecode/PredictedType.cpp:
(JSC::predictionToString):
* bytecode/PredictedType.h:
* dfg/DFGAbstractState.cpp: Added.
(JSC::DFG::AbstractState::AbstractState):
(JSC::DFG::AbstractState::~AbstractState):
(JSC::DFG::AbstractState::beginBasicBlock):
(JSC::DFG::AbstractState::initialize):
(JSC::DFG::AbstractState::endBasicBlock):
(JSC::DFG::AbstractState::reset):
(JSC::DFG::AbstractState::execute):
(JSC::DFG::AbstractState::clobberStructures):
(JSC::DFG::AbstractState::mergeStateAtTail):
(JSC::DFG::AbstractState::merge):
(JSC::DFG::AbstractState::mergeToSuccessors):
(JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
(JSC::DFG::AbstractState::dump):
* dfg/DFGAbstractState.h: Added.
(JSC::DFG::AbstractState::forNode):
(JSC::DFG::AbstractState::isValid):
* dfg/DFGAbstractValue.h: Added.
(JSC::DFG::StructureAbstractValue::StructureAbstractValue):
(JSC::DFG::StructureAbstractValue::clear):
(JSC::DFG::StructureAbstractValue::makeTop):
(JSC::DFG::StructureAbstractValue::top):
(JSC::DFG::StructureAbstractValue::add):
(JSC::DFG::StructureAbstractValue::addAll):
(JSC::DFG::StructureAbstractValue::contains):
(JSC::DFG::StructureAbstractValue::isSubsetOf):
(JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
(JSC::DFG::StructureAbstractValue::isSupersetOf):
(JSC::DFG::StructureAbstractValue::filter):
(JSC::DFG::StructureAbstractValue::isClear):
(JSC::DFG::StructureAbstractValue::isTop):
(JSC::DFG::StructureAbstractValue::size):
(JSC::DFG::StructureAbstractValue::at):
(JSC::DFG::StructureAbstractValue::operator[]):
(JSC::DFG::StructureAbstractValue::last):
(JSC::DFG::StructureAbstractValue::predictionFromStructures):
(JSC::DFG::StructureAbstractValue::operator==):
(JSC::DFG::StructureAbstractValue::dump):
(JSC::DFG::AbstractValue::AbstractValue):
(JSC::DFG::AbstractValue::clear):
(JSC::DFG::AbstractValue::isClear):
(JSC::DFG::AbstractValue::makeTop):
(JSC::DFG::AbstractValue::clobberStructures):
(JSC::DFG::AbstractValue::isTop):
(JSC::DFG::AbstractValue::top):
(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::operator==):
(JSC::DFG::AbstractValue::merge):
(JSC::DFG::AbstractValue::filter):
(JSC::DFG::AbstractValue::validate):
(JSC::DFG::AbstractValue::dump):
* dfg/DFGBasicBlock.h: Added.
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::BasicBlock::getBytecodeBegin):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::setupPredecessors):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::block):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::noticeOSREntry):
* dfg/DFGNode.h:
(JSC::DFG::NodeIndexTraits::defaultValue):
(JSC::DFG::Node::variableAccessData):
(JSC::DFG::Node::takenBytecodeOffsetDuringParsing):
(JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing):
(JSC::DFG::Node::setTakenBlockIndex):
(JSC::DFG::Node::setNotTakenBlockIndex):
(JSC::DFG::Node::takenBlockIndex):
(JSC::DFG::Node::notTakenBlockIndex):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntry.h:
* dfg/DFGOperands.h: Added.
(JSC::DFG::operandIsArgument):
(JSC::DFG::OperandValueTraits::defaultValue):
(JSC::DFG::Operands::Operands):
(JSC::DFG::Operands::numberOfArguments):
(JSC::DFG::Operands::numberOfLocals):
(JSC::DFG::Operands::argument):
(JSC::DFG::Operands::local):
(JSC::DFG::Operands::setLocal):
(JSC::DFG::Operands::setArgumentFirstTime):
(JSC::DFG::Operands::setLocalFirstTime):
(JSC::DFG::Operands::operand):
(JSC::DFG::Operands::setOperand):
(JSC::DFG::Operands::clear):
(JSC::DFG::dumpOperands):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::propagateArithNodeFlags):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::propagatePredictions):
(JSC::DFG::Propagator::performBlockCFA):
(JSC::DFG::Propagator::performForwardCFA):
(JSC::DFG::Propagator::globalCFA):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStructureSet.h:
(JSC::DFG::StructureSet::clear):
(JSC::DFG::StructureSet::predictionFromStructures):
(JSC::DFG::StructureSet::operator==):
(JSC::DFG::StructureSet::dump):
* dfg/DFGVariableAccessData.h: Added.
2011-10-11 Gavin Barraclough <baraclough@apple.com>
DFG JIT 32_64 - Fix silentFillGPR for non-integer constants.
https://bugs.webkit.org/show_bug.cgi?id=69890
Reviewed by Oliver Hunt.
Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillGPR):
2011-10-11 Ryosuke Niwa <rniwa@webkit.org>
GTK build fix attempt after r97197.
* wtf/BitVector.h:
2011-10-11 Oliver Hunt <oliver@apple.com>
Remove unintentional logging.
* heap/Heap.cpp:
2011-10-11 Oliver Hunt <oliver@apple.com>
Tidy up card walking logic
https://bugs.webkit.org/show_bug.cgi?id=69883
Reviewed by Gavin Barraclough.
Special case common cell sizes when walking a block's
cards.
* heap/CardSet.h:
(JSC::::testAndClear):
* heap/Heap.cpp:
(JSC::GCTimer::GCCounter::GCCounter):
(JSC::GCTimer::GCCounter::count):
(JSC::GCTimer::GCCounter::~GCCounter):
(JSC::Heap::markRoots):
* heap/MarkStack.cpp:
(JSC::MarkStack::reset):
* heap/MarkStack.h:
(JSC::MarkStack::visitCount):
(JSC::MarkStack::MarkStack):
(JSC::MarkStack::append):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::gatherDirtyCellsWithSize):
(JSC::MarkedBlock::gatherDirtyCells):
* runtime/Structure.h:
(JSC::MarkStack::internalAppend):
2011-10-11 Filip Pizlo <fpizlo@apple.com>
DFG virtual register allocator should be more aggressive in
reusing temporary slots
https://bugs.webkit.org/show_bug.cgi?id=69868
Reviewed by Oliver Hunt.
1.2% win on V8, neutral elsewhere. The win is probably because it
increases precision of GC conservative scans.
This required making the DFG::ScoreBoard operate over a bitvector
of preserved variables, rather than just a preserved variable
threshold. To do this, I improved the WTF::BitVector class to make
it more user-friendly. It still retains all previous functionality.
Also made changes to PackedIntVector to accomodate those changes.
Finally, this adds more debugging to the virtual register allocator
and to the OSR exit code, as this was necessary to track down bugs
in an earlier version of this patch.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::getLocal):
* dfg/DFGGraph.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::allocateVirtualRegisters):
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::ScoreBoard):
(JSC::DFG::ScoreBoard::~ScoreBoard):
(JSC::DFG::ScoreBoard::allocate):
(JSC::DFG::ScoreBoard::use):
(JSC::DFG::ScoreBoard::highWatermark):
(JSC::DFG::ScoreBoard::dump):
(JSC::DFG::ScoreBoard::max):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueRecovery::dump):
* wtf/BitVector.cpp:
(WTF::BitVector::setSlow):
(WTF::BitVector::resizeOutOfLine):
(WTF::BitVector::dump):
* wtf/BitVector.h:
(WTF::BitVector::BitVector):
(WTF::BitVector::operator=):
(WTF::BitVector::quickGet):
(WTF::BitVector::quickSet):
(WTF::BitVector::quickClear):
(WTF::BitVector::get):
(WTF::BitVector::set):
(WTF::BitVector::clear):
* wtf/PackedIntVector.h:
(WTF::PackedIntVector::get):
(WTF::PackedIntVector::set):
2011-10-11 Gavin Barraclough <baraclough@apple.com>
DFG JIT 32_64 - Switch to cdecl calling convention.
https://bugs.webkit.org/show_bug.cgi?id=69863
Reviewed by Oliver Hunt.
This makes it easier to keep the stack correctly aligned, which is required on OS X.
* assembler/MacroAssemblerCodeRef.h:
(JSC::FunctionPtr::FunctionPtr):
- Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
- Switch calls to poke arguments rather than pushing them.
(JSC::DFG::resetCallArguments):
(JSC::DFG::addCallArgument):
(JSC::DFG::addCallArgumentBoxed):
- Helper functions to stack up call arguments on X86.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
- Don't push, poke!
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::compileBody):
- Don't push, poke!
* dfg/DFGOperations.cpp:
- Switch ReturnAddress wrappers to push return address last, update asm trampolines.
* dfg/DFGOperations.h:
- switch DFG_OPERATION to assert CDECL on STDCALL platforms.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::fmodWithCDecl):
(JSC::DFG::SpeculativeJIT::compile):
- On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL.
2011-10-11 Gavin Barraclough <baraclough@apple.com>
Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t
https://bugs.webkit.org/show_bug.cgi?id=69821
Reviewed by Filip Pizlo.
Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an
intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building.
dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for
JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary
move), so by switching all associated operations to return a size_t we can fix the type
problem on Linux & make it a small tweak that removes an unnecessary instruction.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
- comparisons now return a size_t.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
- Removed Z_DFGOperation_EJ form.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- comparisons now return a size_t.
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
- comparisons now return a size_t.
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
- Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t,
Both need to return values zero extended to fill a register.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
- comparisons now return a size_t.
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compare):
- comparisons now return a size_t.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compare):
- comparisons now return a size_t.
2011-10-11 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
[Qt] Remove all references to QTDIR_build and standalone_package
Qt is now modularized, which means we no longer import WebKit into
the Qt source tree. Instead we use git submodules, and building
QtWebKit as "part of Qt" is really building QtWebKit as from trunk.
To decrease the number of buildsystem configurations we also remove
the standalone_package code-path used when we were providing tarballs
with the derived sources pre-generated.
Reviewed by Simon Hausmann.
* DerivedSources.pro:
* JavaScriptCore.pri:
* JavaScriptCore.pro:
2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
Add missing copyright notice in DFG JIT files
https://bugs.webkit.org/show_bug.cgi?id=69809
Reviewed by Gavin Barraclough.
* dfg/DFGJITCodeGenerator32_64.cpp:
* dfg/DFGJITCompiler32_64.cpp:
* dfg/DFGJITCompilerInlineMethods.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
2011-10-10 Filip Pizlo <fpizlo@apple.com>
DFG JSVALUE64 spill/fill code should not box integers and doubles
https://bugs.webkit.org/show_bug.cgi?id=69782
Reviewed by Oliver Hunt.
Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat.
This required changing all of the places that spill registers (both silently
and not) and filling registers (both silently and on demand). It also required
changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile)
may have the wrong format for the old JIT (unboxed int or double).
This is a slight win on Kraken (0.25%) and neutral elsewhere.
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::spill):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::spill):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueRecovery::displacedInRegisterFile):
(JSC::DFG::ValueRecovery::virtualRegister):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2011-10-10 Gavin Barraclough <baraclough@apple.com>
DFG JIT switch dfgConvert methods to use callOperation
https://bugs.webkit.org/show_bug.cgi?id=69806
Reviewed by Filip Pizlo.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
* dfg/DFGOperations.h:
2011-10-10 Gavin Barraclough <baraclough@apple.com>
Remove some unused methods from the DFG JIT.
Rubber stamped by Oliver Hunt
Thee methods were only used by the non-speculative JIT, and can be removed.
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCodeGenerator32_64.cpp:
* dfg/DFGJITCodeGenerator64.cpp:
- removed:
nonSpeculativeAdd
nonSpeculativeArithSub
nonSpeculativeArithMod
nonSpeculativeCheckHasInstance
nonSpeculativeInstanceOf
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
- removed:
operationArithMod
operationInstanceOf
operationThrowHasInstanceError
2011-10-10 Gavin Barraclough <baraclough@apple.com>
Switch most calls in DFGJITCodeGenerator to use callOperation.
https://bugs.webkit.org/show_bug.cgi?id=69802
Reviewed by Oliver Hunt.
Compares, add, mod are the easy cases.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
2011-10-10 Gavin Barraclough <baraclough@apple.com>
DFG: Switch GetById / PutById to use callOperation
https://bugs.webkit.org/show_bug.cgi?id=69795
Reviewed by Oliver Hunt.
Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::appropriatePutByIdFunction):
2011-10-10 Filip Pizlo <fpizlo@apple.com>
REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
https://bugs.webkit.org/show_bug.cgi?id=69412
Reviewed by Oliver Hunt.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
2011-10-10 Mark Hahnenberg <mhahnenberg@apple.com>
Remove getCallDataVirtual methods
https://bugs.webkit.org/show_bug.cgi?id=69186
Reviewed by Geoffrey Garen.
Removed all getCallDataVirtual methods and replaced their call sites
with an explicit lookup in the MethodTable.
* API/JSCallbackFunction.cpp:
* API/JSCallbackFunction.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
* API/JSObjectRef.cpp:
(JSObjectIsFunction):
(JSObjectCallAsFunction):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArrayConstructor.cpp:
* runtime/ArrayConstructor.h:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
* runtime/DateConstructor.h:
Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
the class definition in JSGlobalObject.cpp.
* runtime/Error.cpp:
(JSC::createTypeErrorFunction):
* runtime/Error.h:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
(JSC::StrictModeTypeErrorFunction::create):
(JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
(JSC::StrictModeTypeErrorFunction::getConstructData):
(JSC::StrictModeTypeErrorFunction::callThrowTypeError):
(JSC::StrictModeTypeErrorFunction::getCallData):
(JSC::StrictModeTypeErrorFunction::createStructure):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:
To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
to declare their own ClassInfo if they don't override getCallData, provided
an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
functionality as of the pure virtual method InternalFunction used to have.
Also made this new implementation protected rather than private for the same reason.
Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
object is being created provides their own implementation of getCallData. This
just makes execution fail earlier in a place where the source of the error is
easy to trace. These ASSERTs are better than putting a null in the MethodTable because
they appear much more intentional to anybody who fails to provide their own
implementation or who tries to explicitly call InternalFunction::getCallData.
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::finishCreation):
(JSC::InternalFunction::getCallData):
* runtime/InternalFunction.h:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
it to be reused rather than creating a new Structure every time we instantiate it.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
* runtime/JSONObject.cpp:
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::toJSON):
(JSC::Stringifier::appendStringifiedValue):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
* runtime/JSObject.h:
(JSC::getCallData):
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
* runtime/NumberConstructor.h:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectConstructor.h:
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC::jsIsObjectType):
(JSC::jsIsFunctionType):
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::functionGetter):
* runtime/RegExpConstructor.cpp:
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
* runtime/StringConstructor.h:
* runtime/Structure.h:
2011-10-10 Gavin Barraclough <barraclough@apple.com>
Switch last calls from DFGSpeculativeJIT to use callOperation.
https://bugs.webkit.org/show_bug.cgi?id=69780
Reviewed by Oliver Hunt.
Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
* wtf/Platform.h:
2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace"
https://bugs.webkit.org/show_bug.cgi?id=69748
Reviewed by Filip Pizlo.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetMethod):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
2011-10-10 Adam Roben <aroben@apple.com>
Build fix
* wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros.
2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT - Bug fix for BranchNull
https://bugs.webkit.org/show_bug.cgi?id=69743
Reviewed by Darin Adler.
This fixes the error in access-binary-trees. All SunSpider cases passed.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
2011-10-07 Gavin Barraclough <barraclough@apple.com>
DFG JIT: callOperation should return the Call.
https://bugs.webkit.org/show_bug.cgi?id=69682
Reviewed by Oliver Hunt.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
(JSC::DFG::appendCallWithExceptionCheckSetResult):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::appendCall):
* wtf/Platform.h:
2011-10-10 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r97045.
http://trac.webkit.org/changeset/97045
https://bugs.webkit.org/show_bug.cgi?id=69746
makes apple bots very crashy :( (Requested by kling on
#webkit).
* config.h:
2011-10-10 Andreas Kling <kling@webkit.org>
Shrink BorderValue.
https://bugs.webkit.org/show_bug.cgi?id=69521
Reviewed by Antti Koivisto.
* config.h: Touch to force full rebuild.
2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
Improve Null or Undefined test in 32_64 DFG
https://bugs.webkit.org/show_bug.cgi?id=69734
Reviewed by Darin Adler.
Currently Null or Undefined value test in 32_64 DFG will check
Null and Undefined tag separately and introduce one more branch.
It can be improved in the way how the baseline JIT is doing - by
relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1".
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT - Bug fix for ConvertThis
https://bugs.webkit.org/show_bug.cgi?id=69721
Reviewed by Darin Adler.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
Remove unused callOperation code of DFG JIT on X86
https://bugs.webkit.org/show_bug.cgi?id=69722
Reviewed by Filip Pizlo.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble
https://bugs.webkit.org/show_bug.cgi?id=69720
Reviewed by Filip Pizlo.
In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by
a FPR and will be used for further optimizations, though we currently
don't fully utilize it. For now when filling a JS value which was
spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat
to DataFormatJS to avoid compilation errors.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillJSValue):
2011-10-09 Filip Pizlo <fpizlo@apple.com>
DFG should not always speculate that a ByVal access has an integer index
https://bugs.webkit.org/show_bug.cgi?id=69716
Reviewed by Oliver Hunt.
1% win on SunSpider, neutral elsewhere.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGNode.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::byValHasIntBase):
(JSC::DFG::Propagator::clobbersWorld):
(JSC::DFG::Propagator::getMethodLoadElimination):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::getPropertyStorageLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
Fix value profiling in 32_64 JIT
https://bugs.webkit.org/show_bug.cgi?id=69717
Reviewed by Filip Pizlo.
Current value profiling for 32_64 JIT is broken and cannot record
correct predicated types, which results in many speculation failures
in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
again and again.
With this fix 32_64 DFG JIT can demonstrate real performance gains.
* bytecode/ValueProfile.cpp:
(JSC::ValueProfile::computeStatistics):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::classInfo):
(JSC::ValueProfile::numberOfSamples):
(JSC::ValueProfile::isLive):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfBooleans):
(JSC::ValueProfile::dump):
Empty value check should be performed on decoded JSValue,
as for 32_64 empty value is not identical to encoded 0.
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
* jit/JITStubCall.h:
(JSC::JITStubCall::callWithValueProfiling):
Record the right profiling result for 32_64.
2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
Remove 32 bit restrictions in DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69711
Reviewed by Filip Pizlo.
op_call/op_construct support was disabled for 32 bit DFG JIT because
there was regression in javascriptcore tests. Now the bugs are fixed
and there should be no regression. This makes 32 bit DFG have the same
capability as 64 bit DFG, and improves the coverage.
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
Add static version of JSCell::getConstructData
https://bugs.webkit.org/show_bug.cgi?id=69673
Reviewed by Geoffrey Garen.
Added static version of getConstructData to all classes that
override it and changed the virtual versions to call the static
versions. This is the first step in de-virtualizing JSCell::getConstructData.
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::getConstructData):
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getConstructData):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getConstructData):
* runtime/ArrayConstructor.h:
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::getConstructData):
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getConstructData):
* runtime/DateConstructor.h:
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::getConstructData):
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::getConstructData):
* runtime/FunctionConstructor.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getConstructData):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getConstructData):
* runtime/JSFunction.h:
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::getConstructData):
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getConstructData):
* runtime/NumberConstructor.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getConstructData):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getConstructData):
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getConstructData):
* runtime/StringConstructor.h:
2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
Add static version of JSCell::getOwnPropertySlot
https://bugs.webkit.org/show_bug.cgi?id=69593
Reviewed by Geoffrey Garen.
Added static version of getOwnPropertySlot to every class that overrides
JSCell::getOwnPropertySlot. The virtual versions now call the static versions.
This is the first step in de-virtualizing JSCell::getOwnPropertySlot.
* JavaScriptCore.exp:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::getOwnPropertySlot):
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertySlot):
* runtime/Arguments.h:
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::getOwnPropertySlot):
* runtime/ArrayPrototype.h:
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::getOwnPropertySlot):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getOwnPropertySlot):
* runtime/DateConstructor.h:
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::getOwnPropertySlot):
* runtime/DatePrototype.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::getOwnPropertySlot):
* runtime/ErrorPrototype.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnPropertySlot):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::getOwnPropertySlot):
* runtime/JSArray.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::getOwnPropertySlot):
* runtime/JSBoundFunction.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::getOwnPropertySlot):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getOwnPropertySlot):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::getOwnPropertySlot):
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::getOwnPropertySlot):
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
(JSC::JSONObject::getOwnPropertySlot):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertySlot):
* runtime/JSObject.h:
(JSC::JSObject::getOwnPropertySlot):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::getOwnPropertySlot):
* runtime/JSStaticScopeObject.h:
* runtime/JSString.cpp:
(JSC::JSString::getOwnPropertySlot):
* runtime/JSString.h:
* runtime/MathObject.cpp:
(JSC::MathObject::getOwnPropertySlot):
* runtime/MathObject.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getOwnPropertySlot):
* runtime/NumberConstructor.h:
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::getOwnPropertySlot):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getOwnPropertySlot):
* runtime/ObjectConstructor.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::getOwnPropertySlot):
* runtime/ObjectPrototype.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getOwnPropertySlot):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::getOwnPropertySlot):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::getOwnPropertySlot):
* runtime/RegExpObject.h:
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::getOwnPropertySlot):
* runtime/RegExpPrototype.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getOwnPropertySlot):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::getOwnPropertySlot):
* runtime/StringObject.h:
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::getOwnPropertySlot):
* runtime/StringPrototype.h:
2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions
https://bugs.webkit.org/show_bug.cgi?id=69699
Reviewed by Filip Pizlo.
It should match SetLocal where only payload is stored for array predictions.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot
https://bugs.webkit.org/show_bug.cgi?id=69702
Reviewed by Filip Pizlo.
There are some errors in generating code for Branch and LogicalNot,
when the operand is predicted as ObjectOrOther.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2011-10-08 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r96996.
http://trac.webkit.org/changeset/96996
https://bugs.webkit.org/show_bug.cgi?id=69697
It broke all tests on the Qt bot (Requested by Ossy_night on
#webkit).
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::getCallDataVirtual):
* API/JSCallbackFunction.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getCallDataVirtual):
* API/JSObjectRef.cpp:
(JSObjectIsFunction):
(JSObjectCallAsFunction):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getCallDataVirtual):
* runtime/ArrayConstructor.h:
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::getCallDataVirtual):
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getCallDataVirtual):
* runtime/DateConstructor.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
(JSC::StrictModeTypeErrorFunction::create):
(JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
(JSC::StrictModeTypeErrorFunction::getConstructData):
(JSC::StrictModeTypeErrorFunction::callThrowTypeError):
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
(JSC::StrictModeTypeErrorFunction::createStructure):
(JSC::createTypeErrorFunction):
* runtime/Error.h:
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::getCallDataVirtual):
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::getCallDataVirtual):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::getCallDataVirtual):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::finishCreation):
* runtime/InternalFunction.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getCallDataVirtual):
* runtime/JSCell.h:
(JSC::getCallData):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getCallDataVirtual):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
* runtime/JSONObject.cpp:
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::toJSON):
(JSC::Stringifier::appendStringifiedValue):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
* runtime/JSObject.h:
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::getCallDataVirtual):
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getCallDataVirtual):
* runtime/NumberConstructor.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getCallDataVirtual):
* runtime/ObjectConstructor.h:
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC::jsIsObjectType):
(JSC::jsIsFunctionType):
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::functionGetter):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getCallDataVirtual):
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getCallDataVirtual):
* runtime/StringConstructor.h:
* runtime/Structure.h:
2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT - only Array predictions can result in unboxed cells in register file
https://bugs.webkit.org/show_bug.cgi?id=69695
Reviewed by Filip Pizlo.
In current DFG JIT, only array predictions can result in unboxed cells
in register file, not for the other cell predictions.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueSource::forPrediction):
2011-10-07 Yuqiang Xian <yuqiang.xian@intel.com>
bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69696
Reviewed by Filip Pizlo.
On 32-bit, we should use TimesEight (8) instead of ScalePtr (4)
to compute the address of a JS array element.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
Add static version of JSCell::deleteProperty
https://bugs.webkit.org/show_bug.cgi?id=69659
Reviewed by Geoffrey Garen.
Added static version of both versions of put to all classes that
override them and changed the virtual versions to call the static
versions. This is the first step in de-virtualizing JSCell::deleteProperty.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::deleteProperty):
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::deleteProperty):
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
(JSC::Arguments::deleteProperty):
* runtime/Arguments.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::deleteProperty):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::deleteProperty):
* runtime/JSArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::deleteProperty):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::deleteProperty):
* runtime/JSFunction.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::deleteProperty):
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::deleteProperty):
* runtime/JSObject.h:
* runtime/JSVariableObject.cpp:
(JSC::JSVariableObject::deleteProperty):
* runtime/JSVariableObject.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::deleteProperty):
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::deleteProperty):
* runtime/StrictEvalActivation.h:
* runtime/StringObject.cpp:
(JSC::StringObject::deleteProperty):
* runtime/StringObject.h:
2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
Remove getCallDataVirtual methods
https://bugs.webkit.org/show_bug.cgi?id=69186
Reviewed by Geoffrey Garen.
Removed all getCallDataVirtual methods and replaced their call sites
with an explicit lookup in the MethodTable.
* API/JSCallbackFunction.cpp:
* API/JSCallbackFunction.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
* API/JSObjectRef.cpp:
(JSObjectIsFunction):
(JSObjectCallAsFunction):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArrayConstructor.cpp:
* runtime/ArrayConstructor.h:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
* runtime/DateConstructor.h:
* runtime/Error.cpp:
(JSC::createTypeErrorFunction):
Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
the class definition in JSGlobalObject.cpp.
* runtime/Error.h:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
(JSC::StrictModeTypeErrorFunction::create):
(JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
(JSC::StrictModeTypeErrorFunction::getConstructData):
(JSC::StrictModeTypeErrorFunction::callThrowTypeError):
(JSC::StrictModeTypeErrorFunction::getCallData):
(JSC::StrictModeTypeErrorFunction::createStructure):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:
To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
to declare their own ClassInfo if they don't override getCallData, provided
an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
functionality as of the pure virtual method InternalFunction used to have.
Also made this new implementation protected rather than private for the same reason.
Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
object is being created provides their own implementation of getCallData. This
just makes execution fail earlier in a place where the source of the error is
easy to trace. These ASSERTs are better than putting a null in the MethodTable because
they appear much more intentional to anybody who fails to provide their own
implementation or who tries to explicitly call InternalFunction::getCallData.
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::finishCreation):
(JSC::InternalFunction::getCallData):
* runtime/InternalFunction.h:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
it to be reused rather than creating a new Structure every time we instantiate it.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
* runtime/JSONObject.cpp:
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::toJSON):
(JSC::Stringifier::appendStringifiedValue):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
* runtime/JSObject.h:
(JSC::getCallData):
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
* runtime/NumberConstructor.h:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectConstructor.h:
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC::jsIsObjectType):
(JSC::jsIsFunctionType):
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::functionGetter):
* runtime/RegExpConstructor.cpp:
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
* runtime/StringConstructor.h:
* runtime/Structure.h:
2011-10-07 Oliver Hunt <oliver@apple.com>
Add missing break statement.
Reviewed by Gavin Barraclough.
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
2011-10-07 Oliver Hunt <oliver@apple.com>
Support some string intrinsics in the DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69678
Reviewed by Gavin Barraclough.
Add support for charAt and charCodeAt intrinsics in the DFG.
* create_hash_table:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGIntrinsic.h:
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
Add static version of JSCell::put
https://bugs.webkit.org/show_bug.cgi?id=69382
Reviewed by Geoffrey Garen.
Added static version of both versions of put to all classes that
override them and changed the virtual versions to call the static
versions.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::put):
* JavaScriptCore.exp:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::put):
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
(JSC::Arguments::put):
* runtime/Arguments.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::put):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::put):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::put):
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
(JSC::JSCell::put):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::put):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::put):
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::put):
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::put):
* runtime/JSObject.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::put):
* runtime/JSStaticScopeObject.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::put):
* runtime/ObjectPrototype.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::put):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::put):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::put):
* runtime/RegExpObject.h:
* runtime/StringObject.cpp:
(JSC::StringObject::put):
* runtime/StringObject.h:
2011-10-07 Gavin Barraclough <barraclough@apple.com>
Refactor DFG to make for use of callOperation
https://bugs.webkit.org/show_bug.cgi?id=69672
Reviewed by Oliver Hunt.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
- Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too).
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
- Switch operationNewObject/operationCreateThis to return Cells,
- Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
- Replace code plating calls to operations to with calls to callOperation.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
- Replace code plating calls to operations to with calls to callOperation.
2011-10-07 Oliver Hunt <oliver@apple.com>
Support string indexing in the DFG
https://bugs.webkit.org/show_bug.cgi?id=69671
Reviewed by Gavin Barraclough.
Emit code to support inline indexing of strings
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
Shared code to perform string indexing.
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Use compileGetByValOnString if we predict that the base object
is a string in GetByVal.
* runtime/JSString.h:
(JSC::JSString::offsetOfFiberCount):
(JSC::JSString::offsetOfValue):
2011-10-07 Filip Pizlo <fpizlo@apple.com>
DFG ConvertThis speculation logic is wrong
https://bugs.webkit.org/show_bug.cgi?id=69663
Reviewed by Oliver Hunt.
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::fixupNode):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-07 Oliver Hunt <oliver@apple.com>
Verify that our call speculation is valid.
Reviewed by Filip Pizlo.
Before specialising an intrinsic we need to verify that
we our speculation is correct.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
2011-10-07 Brent Fulgham <bfulgham@webkit.org>
[WinCairo] Unreviewed build correction for the build bot.
* JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing
Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that
build-jsc can find the target it needs to run the JSC tests.
2011-10-07 Oliver Hunt <oliver@apple.com>
Fix 32-bit build.
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCall):
2011-10-07 Oliver Hunt <oliver@apple.com>
Support direct calls to intrinsic functions
https://bugs.webkit.org/show_bug.cgi?id=69646
Reviewed by Gavin Barraclough.
Add support for optimising non-method_check calls
to intrinsic functions (eg. when Math.abs, etc are
cached in local variables).
* bytecode/CodeBlock.h:
(JSC::getCallLinkInfoBytecodeIndex):
Support searching CallLinkInfos by bytecode index
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
Add support for linked calls in addition to method_check
when searching for intrinsics
* dfg/DFGNode.h:
(JSC::DFG::Node::hasFunctionCheckData):
(JSC::DFG::Node::function):
Add ability to store a JSFunction* in a node - this is safe
as the function will be marked by the codeblock we're compiling
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::checkFunctionElimination):
(JSC::DFG::Propagator::performNodeCSE):
Add support for new CheckFunction node, and implement CSE pass.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Rather trivial implementation of CheckFunction
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCall):
Need to propagate bytecode index for calls now.
2011-10-07 Dominic Cooney <dominicc@chromium.org>
[JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles
https://bugs.webkit.org/show_bug.cgi?id=69599
Reviewed by Sam Weinig.
DFG JIT manipulates MetaAllocatorHandles across threads, eg in
allocating JITCode buffers on a background thread to execute a
proxy autoconfiguration PAC file but garbage collecting it in
response to allocation on the main thread. Disabling
ThreadRestrictionVerification until there is a verification scheme
that understands this handoff.
* wtf/MetaAllocator.cpp:
(WTF::MetaAllocator::allocate):
2011-10-06 Filip Pizlo <fpizlo@apple.com>
DFG should not always speculate that ConvertThis is operating on an object
https://bugs.webkit.org/show_bug.cgi?id=69570
Reviewed by Oliver Hunt.
Mostly neutral, but with a slight regression in Kraken since it increases
coverage in DFG and thus reveals some performance pathologies (which I
prefer to think of as performance opportunities, in a good way).
* bytecode/PredictedType.cpp:
(JSC::predictionToString):
* bytecode/PredictedType.h:
(JSC::isOtherPrediction):
(JSC::mergePredictions):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
Windows build fix
Unreviewed build fix. Weird runtime failures on Windows due to
linking issues caused by the ClassInfo struct in JSByteArray not
being declared with JS_EXPORTDATA.
* runtime/JSByteArray.h:
2011-10-06 Filip Pizlo <fpizlo@apple.com>
Structure does not reset m_previous when pinning the property map
https://bugs.webkit.org/show_bug.cgi?id=69583
Reviewed by Gavin Barraclough.
This is an 0.6% performance improvement in V8, and 0.2% overall.
* runtime/Structure.cpp:
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::getterSetterTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):
(JSC::Structure::pin):
* runtime/Structure.h:
2011-10-06 Anders Carlsson <andersca@apple.com>
When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors
https://bugs.webkit.org/show_bug.cgi?id=69586
Reviewed by Darin Adler.
* Configurations/Base.xcconfig:
Add -Wglobal-constructors and -Wexit-time-destructors when building with clang.
* JavaScriptCore.xcodeproj/project.pbxproj:
When building with clang, we don't need to run the check-for-global-initializers and
check-for-exit-time-destructors anymore.
* jsc.cpp:
(runInteractive):
Move interpreterName into runInteractive.
* wtf/StdLibExtras.h:
When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors
warnings around the variable declaration.
2011-10-06 Anders Carlsson <andersca@apple.com>
Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds
https://bugs.webkit.org/show_bug.cgi?id=69584
Reviewed by Darin Adler.
Add DEFINE_DEBUG_ONLY_GLOBAL macro.
* wtf/StdLibExtras.h:
2011-10-06 Oliver Hunt <oliver@apple.com>
Write barrier shouldn't allocate temporaries inside control flow
https://bugs.webkit.org/show_bug.cgi?id=69582
Reviewed by Gavin Barraclough.
Reorder the code to avoid spill-related badness.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
2011-10-06 Filip Pizlo <fpizlo@apple.com>
DFG::shouldSpeculate methods are too complicated
https://bugs.webkit.org/show_bug.cgi?id=69560
Reviewed by Geoffrey Garen.
Moved shouldSpeculate methods to DFG::Node, and cleaned them up to
just use node predictions.
By itself this would have meant that SpeculativeJIT code would have
had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ().
So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced
all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex).
This is an 0.4% progression overall that shows up in all benchmarks,
for reasons unknown.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::at):
(JSC::DFG::JITCodeGenerator::canReuse):
(JSC::DFG::JITCodeGenerator::isFilled):
(JSC::DFG::JITCodeGenerator::isFilledDouble):
(JSC::DFG::JITCodeGenerator::use):
(JSC::DFG::JITCodeGenerator::silentSpillFPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::detectPeepHoleBranch):
(JSC::DFG::integerResult):
(JSC::DFG::noResult):
(JSC::DFG::cellResult):
(JSC::DFG::jsValueResult):
(JSC::DFG::storageResult):
(JSC::DFG::doubleResult):
(JSC::DFG::initConstantInfo):
(JSC::DFG::appendCallWithExceptionCheck):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateInteger):
(JSC::DFG::Node::shouldSpeculateDouble):
(JSC::DFG::Node::shouldSpeculateNumber):
(JSC::DFG::Node::shouldNotSpeculateInteger):
(JSC::DFG::Node::shouldSpeculateFinalObject):
(JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
(JSC::DFG::Node::shouldSpeculateArray):
(JSC::DFG::Node::shouldSpeculateArrayOrOther):
(JSC::DFG::Node::shouldSpeculateObject):
(JSC::DFG::Node::shouldSpeculateCell):
(JSC::DFG::Node::canSpeculateInteger):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isInteger):
(JSC::DFG::SpeculativeJIT::isKnownArray):
(JSC::DFG::SpeculativeJIT::isKnownString):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::convertToDouble):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
2011-10-06 Gavin Peters <gavinp@chromium.org>
REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1"
https://bugs.webkit.org/show_bug.cgi?id=69556
Reviewed by Adam Roben.
* wtf/Assertions.cpp:
2011-10-06 Filip Pizlo <fpizlo@apple.com>
DFG implementation of UInt32ToNumber is missing a break statement
https://bugs.webkit.org/show_bug.cgi?id=69552
Reviewed by Oliver Hunt.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-06 Gavin Barraclough <barraclough@apple.com>
Unreviewed build fix for DFG JIT 32_64 release builds.
* dfg/DFGJITCompiler.cpp:
* dfg/DFGJITCompiler.h:
* dfg/DFGJITCompiler32_64.cpp:
- Remove three unused methods.
2011-10-06 Gavin Barraclough <barraclough@apple.com>
DFG JIT 32_64 should check type of values being filled by fillSpeculateInt
https://bugs.webkit.org/show_bug.cgi?id=69549
Reviewed by Oliver Hunt.
This breaks sunspider/3d-cube.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
- Speculation check on the tag.
2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
Snow Leopard build fix
Unreviewed build fix
* JavaScriptCore.exp:
2011-10-05 Gavin Barraclough <barraclough@apple.com>
Add explicit JSGlobalThis type.
https://bugs.webkit.org/show_bug.cgi?id=69478
Reviewed by Darin Adler.
JSC supports a split global object, as used by WebCore for the Window. As a stage
of making this visible to JSC, make it so that if the global this value is not the
global object itself, it must be a subclass of JSGlobalThis.
* API/JSCallbackObjectFunctions.h:
(JSC::::finishCreation):
- Don't pass the thisValue to JSGlobalObject::finishCreation.
* JavaScriptCore.xcodeproj/project.pbxproj:
- Added JSGlobalThis.h
* jsc.cpp:
(GlobalObject::finishCreation):
- Don't pass the thisValue to JSGlobalObject::finishCreation.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::finishCreation):
- finishCreation takes a JSGlobalThis, or thisValue is implicit.
* runtime/JSGlobalThis.h: Added.
(JSC::JSGlobalThis::create):
(JSC::JSGlobalThis::JSGlobalThis):
(JSC::JSGlobalThis::finishCreation):
- Thin wrapper on JSNonFinalObject to allow type checking.
* testRegExp.cpp:
(GlobalObject::finishCreation):
- Don't pass the thisValue to JSGlobalObject::finishCreation.
2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
JSC objects need to know their own cell size at runtime.
https://bugs.webkit.org/show_bug.cgi?id=69390
Reviewed by Geoffrey Garen.
Added the cellSize field to ClassInfo and the static calculation of
size of each class to the CREATE_METHOD_TABLE macro, which will be
renamed in a followup patch to make its name match its broader use.
Also added a few ClassInfo structs so that each object that is allocated has its
correct size.
* JavaScriptCore.exp:
* runtime/ClassInfo.h:
Changed JSByteArray s_defaultInfo to s_info so that the template will get the
correct ClassInfo struct from it when it's allocated.
* runtime/JSByteArray.cpp:
* runtime/JSByteArray.h:
* runtime/JSCell.h:
(JSC::allocateCell):
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
* runtime/JSObject.h:
(JSC::JSCell::cellSize):
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/StrictEvalActivation.cpp:
* runtime/StrictEvalActivation.h:
2011-10-06 Gavin Peters <gavinp@chromium.org>
export new stack dumping method
https://bugs.webkit.org/show_bug.cgi?id=69018
The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use
of this function, many builds broke. So here we add the exports, so that the function is usable.
Reviewed by Adam Roben.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-10-06 Csaba Osztrogonác <ossy@webkit.org>
REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS)
https://bugs.webkit.org/show_bug.cgi?id=69413
Reviewed by Darin Adler.
* assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way.
2011-10-05 Filip Pizlo <fpizlo@apple.com>
SpeculativeJIT::isKnownString() is wrong
https://bugs.webkit.org/show_bug.cgi?id=69501
Reviewed by Oliver Hunt.
Removed the wrong case (GetLocal predicted String) and added a case that
works (StrCat).
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isKnownString):
2011-10-05 Ryosuke Niwa <rniwa@webkit.org>
Windows build fix attempt after r96760.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-10-05 Chris Rogers <crogers@google.com>
Define a log2f() function for Windows in wtf/MathExtras.h
https://bugs.webkit.org/show_bug.cgi?id=69491
Reviewed by Darin Adler.
* wtf/MathExtras.h:
(log2f):
2011-10-05 Jer Noble <jer.noble@apple.com>
Enable WEB_AUDIO by default in the WebKit/mac port.
https://bugs.webkit.org/show_bug.cgi?id=68587
Reviewed by Simon Fraser.
* Configurations/FeatureDefines.xcconfig:
* wtf/Platform.h:
2011-10-05 Filip Pizlo <fpizlo@apple.com>
Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots
https://bugs.webkit.org/show_bug.cgi?id=69346
Reviewed by Oliver Hunt.
Removed the assertion, since it was completely wrong for op_post_inc.
Short of having specialized PostInc nodes in the DFG, there is no
robust way of asserting what this assertion was trying to assert while
also supporting op_post_inc.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-05 Geoffrey Garen <ggaren@apple.com>
Added a simpler mechanism for registering one-off finalizers
https://bugs.webkit.org/show_bug.cgi?id=69466
Reviewed by Oliver Hunt.
* heap/Heap.cpp:
(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize):
* heap/Heap.h: New function for adding an arbitrary finalizer for an
arbitrary cell without declaring any special classes or Handles yourself.
* JavaScriptCore.exp: Fix build.
* runtime/Executable.cpp:
(JSC::ExecutableBase::clearCode):
(JSC::ExecutableBase::clearCodeVirtual):
(JSC::EvalExecutable::clearCodeVirtual):
(JSC::ProgramExecutable::clearCodeVirtual):
(JSC::FunctionExecutable::discardCode):
(JSC::FunctionExecutable::clearCodeVirtual):
* runtime/Executable.h:
(JSC::ExecutableBase::finishCreation): Use the new mechanism for eager
finalization of executables.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::clearRareData):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::createRareDataIfNeeded):
(JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager
finalization of weak maps.
2011-10-05 Adam Roben <aroben@apple.com>
Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer
RetainPtr's behavior of allowing the template parameter to be either a pointer type or a
pointed-to type confused us when we implemented hashTableDeletedValue.
Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type
in HashMap/HashSet fails to compile
Reviewed by John Sullivan.
* wtf/RetainPtr.h:
(WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*,
since T might itself be a pointer.
(WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't
seem to be causing a problem.
2011-10-05 Oliver Hunt <oliver@apple.com>
Remove last vestiges of anonymous storage.
Reviewed by Gavin Barraclough.
One anonymous storage function escaped my prior purge of
this feature, this patch removes it.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::finishCreation):
* runtime/JSObject.h:
2011-10-04 Filip Pizlo <fpizlo@apple.com>
DFG should be capable of a broader range of speculations on branch and not
https://bugs.webkit.org/show_bug.cgi?id=69322
Reviewed by Oliver Hunt.
* bytecode/PredictedType.h:
(JSC::isFinalObjectOrOtherPrediction):
(JSC::isArrayOrOtherPrediction):
* dfg/DFGJITCodeGenerator.cpp:
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::JITCodeGenerator):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther):
(JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther):
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitBranch):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
2011-10-05 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r96733.
http://trac.webkit.org/changeset/96733
https://bugs.webkit.org/show_bug.cgi?id=69454
Broke GCC for some reason (Requested by andersca on #webkit).
* wtf/ListHashSet.h:
(WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
(WTF::ListHashSetReverseIterator::get):
(WTF::ListHashSetReverseIterator::operator*):
(WTF::ListHashSetReverseIterator::operator->):
(WTF::ListHashSetReverseIterator::operator++):
(WTF::ListHashSetReverseIterator::operator--):
(WTF::ListHashSetReverseIterator::operator==):
(WTF::ListHashSetReverseIterator::operator!=):
(WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
(WTF::ListHashSetReverseIterator::node):
(WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
(WTF::ListHashSetConstReverseIterator::get):
(WTF::ListHashSetConstReverseIterator::operator*):
(WTF::ListHashSetConstReverseIterator::operator->):
(WTF::ListHashSetConstReverseIterator::operator++):
(WTF::ListHashSetConstReverseIterator::operator--):
(WTF::ListHashSetConstReverseIterator::operator==):
(WTF::ListHashSetConstReverseIterator::operator!=):
(WTF::ListHashSetConstReverseIterator::node):
(WTF::::rbegin):
(WTF::::rend):
(WTF::::makeReverseIterator):
(WTF::::makeConstReverseIterator):
2011-10-04 Oliver Hunt <oliver@apple.com>
Add rudimentary filtering to write barriers
https://bugs.webkit.org/show_bug.cgi?id=69392
Reviewed by Filip Pizlo.
Add approximate filtering for write barriers based on the
target's mark bit. Also add some macros to support dumping
GC phase timings.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::markCellCard):
* heap/Heap.cpp:
(JSC::GCTimer::GCTimerScope::GCTimerScope):
(JSC::GCTimer::GCTimerScope::~GCTimerScope):
(JSC::Heap::markRoots):
(JSC::Heap::collect):
Add phase timing information.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::offsetOfMarks):
(JSC::MarkedBlock::gatherDirtyCells):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitWriteBarrier):
2011-10-05 Anders Carlsson <andersca@apple.com>
Use std::reverse_iterator for ListHashSet reverse iterators
https://bugs.webkit.org/show_bug.cgi?id=69446
Reviewed by Darin Adler.
* wtf/ListHashSet.h:
Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators
and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes.
2011-10-04 Gavin Barraclough <barraclough@apple.com>
Make Object.prototype getter/setter methods match ES5 behaviour
https://bugs.webkit.org/show_bug.cgi?id=69393
Reviewed by Sam Weinig.
The rest of Object.prototype no longer substitute Null/Undefined with the global object,
this is old ES3 behaviour. Remove it here too.
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncDefineGetter):
(JSC::objectProtoFuncDefineSetter):
(JSC::objectProtoFuncLookupGetter):
(JSC::objectProtoFuncLookupSetter):
2011-10-05 Patrick Gansterer <paroga@webkit.org>
Get rid of posixThread in MachineStackMarker::Thread
https://bugs.webkit.org/show_bug.cgi?id=54836
Reviewed by Oliver Hunt.
* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::Thread::Thread):
(JSC::getCurrentPlatformThread):
(JSC::equalThread):
(JSC::MachineThreads::addCurrentThread):
(JSC::MachineThreads::removeCurrentThread):
(JSC::MachineThreads::gatherConservativeRoots):
2011-10-04 Geoffrey Garen <ggaren@apple.com>
Removed JSValue::toJSNumber
https://bugs.webkit.org/show_bug.cgi?id=69399
No perf. change.
toJSNumber() used to provide an implicit fast path for immediate numbers,
but those fast paths are all explicit now, so it's just cruft.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSValue.h:
* runtime/JSValueInlineMethods.h:
2011-10-05 Gavin Peters <gavinp@chromium.org>
REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces
https://bugs.webkit.org/show_bug.cgi?id=69424
Skip an extra frame in WTFReportBacktrace. As well, I now don't count skipped frames in maxFrames,
so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively
31 reported frames.
Reviewed by Adam Roben.
* wtf/Assertions.cpp:
* wtf/Assertions.h:
2011-10-05 Patrick Gansterer <paroga@webkit.org>
Unreviewed WinCE build fix for r96595.
* wtf/Assertions.cpp:
RtlCaptureStackBackTrace() isn't available on WinCE.
2011-10-04 Kent Tamura <tkent@chromium.org>
Introduce feature flags for incomplete input types
https://bugs.webkit.org/show_bug.cgi?id=68971
Reviewed by Hajime Morita.
* Configurations/FeatureDefines.xcconfig:
Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS.
2011-10-04 Geoffrey Garen <ggaren@apple.com>
Build fix.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening.
2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
Add static ClassInfo structs to classes that override JSCell::getCallData
https://bugs.webkit.org/show_bug.cgi?id=69311
Reviewed by Darin Adler.
Added ClassInfo structs to each class that defined its own getCallData
function but did not already have its own ClassInfo struct. This is a
necessary addition for when we switch over to looking up getCallData from
the MethodTable in ClassInfo rather than doing the virtual call (which we
are removing). These new ClassInfo structs are public because we often
use these structs in other areas of the code to uniquely identify JSC classes and
to enforce runtime invariants based on those class identities using ASSERTs.
Also added new createStructure methods to those classes that didn't have
them so that the new ClassInfo structs would be used when creating the Structures
in these classes.
* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
(JSC::BooleanConstructor::createStructure):
getCallData was not marked as static in StrictModeTypeErrorFunction.
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
(JSC::StrictModeTypeErrorFunction::createStructure):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
(JSC::ErrorConstructor::createStructure):
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
(JSC::FunctionConstructor::createStructure):
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:
2011-10-03 Geoffrey Garen <ggaren@apple.com>
Some JSValue cleanup
https://bugs.webkit.org/show_bug.cgi?id=69320
Reviewed by Darin Adler.
No measurable performance change.
Removed some JSValue::get* functions. get* used to be an optimization
when every value operation was a virtual function call: get* would combine
two virtual calls into one. Now, with non-virtual, inlined functions, get*
isn't faster, and may be slightly slower.
Merged getBoolean(bool&) and getBoolean() into asBoolean().
Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
asNumber().
* runtime/JSValue.h:
* runtime/JSValueInlineMethods.h:
(JSC::JSValue::asNumber):
(JSC::JSValue::asBoolean): As promised!
* runtime/NumberPrototype.cpp:
(JSC::toThisNumber):
(JSC::numberProtoFuncToExponential):
(JSC::numberProtoFuncToFixed):
(JSC::numberProtoFuncToPrecision):
(JSC::numberProtoFuncToString):
(JSC::numberProtoFuncToLocaleString):
(JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
by switching to toThisNumber().
* API/JSCallbackObjectFunctions.h:
(JSC::::toNumber):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::valueOfNumberConstant):
(JSC::DFG::Graph::valueOfBooleanConstant):
* dfg/DFGOperations.cpp:
(JSC::DFG::putByVal):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/DateInstance.h:
(JSC::DateInstance::internalNumber):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncBind):
* runtime/JSArray.cpp:
(JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
* runtime/JSCell.cpp:
* runtime/JSCell.h: Nixed getJSNumber().
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncParseInt):
* runtime/JSONObject.cpp:
(JSC::gap):
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::appendStringifiedValue):
* runtime/NumberObject.cpp:
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/Operations.h:
(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqual):
(JSC::jsLess):
(JSC::jsLessEq):
(JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
2011-10-04 Scott Graham <scottmg@chromium.org>
Add GAMEPAD feature flag
https://bugs.webkit.org/show_bug.cgi?id=66859
Reviewed by Darin Fisher.
* Configurations/FeatureDefines.xcconfig:
2011-10-03 Filip Pizlo <fpizlo@apple.com>
JITCodeGenerator should no longer have code that tries too hard
to be both speculative and non-speculative
https://bugs.webkit.org/show_bug.cgi?id=69321
Reviewed by Gavin Barraclough.
Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
This required moving emitBranch() to SpeculativeJIT, since it was
the main user of that field and method. Other than trvial clean-ups
in emitBranch(), the code is unchanged (and still has some disparity
between 64 and 32_64, and still lacks some obvious optimizations).
* dfg/DFGJITCodeGenerator.cpp:
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::JITCodeGenerator):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitBranch):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitBranch):
2011-10-04 David Hyatt <hyatt@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=69372
[CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
Add support for reverse iteration to ListHashSet to support being able to walk them
backwards easily.
Reviewed by Anders Carlsson.
* wtf/ListHashSet.h:
(WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
(WTF::ListHashSetReverseIterator::get):
(WTF::ListHashSetReverseIterator::operator*):
(WTF::ListHashSetReverseIterator::operator->):
(WTF::ListHashSetReverseIterator::operator++):
(WTF::ListHashSetReverseIterator::operator--):
(WTF::ListHashSetReverseIterator::operator==):
(WTF::ListHashSetReverseIterator::operator!=):
(WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
(WTF::ListHashSetReverseIterator::node):
(WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
(WTF::ListHashSetConstReverseIterator::get):
(WTF::ListHashSetConstReverseIterator::operator*):
(WTF::ListHashSetConstReverseIterator::operator->):
(WTF::ListHashSetConstReverseIterator::operator++):
(WTF::ListHashSetConstReverseIterator::operator--):
(WTF::ListHashSetConstReverseIterator::operator==):
(WTF::ListHashSetConstReverseIterator::operator!=):
(WTF::ListHashSetConstReverseIterator::node):
(WTF::::rbegin):
(WTF::::rend):
(WTF::::makeReverseIterator):
(WTF::::makeConstReverseIterator):
(WTF::::makeConstIterator):
2011-10-04 Gavin Peters <gavinp@chromium.org>
fix gtk breakage caused by changeset 96595
https://bugs.webkit.org/show_bug.cgi?id=69371
ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
the pretty printer on gtk, which should fix the build on that platform.
Reviewed by NOBODY, this is a build fix.
* wtf/Assertions.cpp:
2011-10-04 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r96630.
http://trac.webkit.org/changeset/96630
https://bugs.webkit.org/show_bug.cgi?id=69368
Caused assertion failures in validateCell (Requested by
mhahnenberg on #webkit).
* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:
2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
Add static ClassInfo structs to classes that override JSCell::getCallData
https://bugs.webkit.org/show_bug.cgi?id=69311
Reviewed by Darin Adler.
Added ClassInfo structs to each class that defined its own getCallData
function but did not already have its own ClassInfo struct. This is a
necessary addition for when we switch over to looking up getCallData from
the MethodTable in ClassInfo rather than doing the virtual call (which we
are removing). These new ClassInfo structs are public because we often
use these structs in other areas of the code to uniquely identify JSC classes and
to enforce runtime invariants based on those class identities using ASSERTs.
* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
getCallData was not marked as static is StrictModeTypeErrorFunction.
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:
2011-10-04 Ryosuke Niwa <rniwa@webkit.org>
Leopard build fix after r96613.
* wtf/Platform.h:
2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
Implicitly add toString and valueOf to prototype when convertToType callback is provided
https://bugs.webkit.org/show_bug.cgi?id=69156
Reviewed by Geoffrey Garen.
Added callbacks for toString and valueOf which are implicitly added to a client object's
prototype if they provide a convertToType callback when declaring their class through
the JSC API.
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::toStringCallback):
(JSC::JSCallbackFunction::valueOfCallback):
* API/JSCallbackFunction.h:
* API/JSClassRef.cpp:
(OpaqueJSClass::prototype):
* API/tests/testapi.js:
2011-10-03 Jon Lee <jonlee@apple.com>
Extend DOM WheelEvent to differentiate between physical and logical scroll directions
https://bugs.webkit.org/show_bug.cgi?id=68959
<rdar://problem/10036688>
Reviewed by Sam Weinig.
* wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.
2011-10-04 Csaba Osztrogonác <ossy@webkit.org>
MinGW warning fix after r96286.
Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:
#define __stdcall __attribute__((stdcall))
#define STDCALL __stdcall
Reviewed by Tor Arne Vestbø.
* assembler/MacroAssemblerCodeRef.h:
2011-10-04 Gavin Peters <gavinp@chromium.org>
add more stack dumping methods
https://bugs.webkit.org/show_bug.cgi?id=69018
In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
WebKit programmatically retrieve the current stack. This is useful if you need to add more
reporting to field crash report uploads, if you're tracking down an irreproducable bug,
for instance.
Reviewed by Darin Adler.
* wtf/Assertions.cpp:
* wtf/Assertions.h:
2011-10-03 Filip Pizlo <fpizlo@apple.com>
DFG should inline Array.push and Array.pop
https://bugs.webkit.org/show_bug.cgi?id=69314
Reviewed by Geoff Garen.
Fix 32-bit.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-03 Filip Pizlo <fpizlo@apple.com>
DFG should inline Array.push and Array.pop
https://bugs.webkit.org/show_bug.cgi?id=69314
Reviewed by Oliver Hunt.
1% speed-up in V8 due to 6% speed-up in V8-deltablue.
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::storePtr):
* create_hash_table:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGIntrinsic.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::getByValLoadElimination):
(JSC::DFG::Propagator::getMethodLoadElimination):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-03 Filip Pizlo <fpizlo@apple.com>
JSC ASSERT Opening the Web Inspector
https://bugs.webkit.org/show_bug.cgi?id=69293
Reviewed by Oliver Hunt.
If a polymorphic access structure list has a duplicated structure, then
don't crash.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
2011-10-03 Gavin Barraclough <barraclough@apple.com>
On X86, switch bucketCount into a register, timeoutCheck into memory
https://bugs.webkit.org/show_bug.cgi?id=69299
Reviewed by Geoff Garen.
We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
function too frequently (regressing performance). This patch has no perf impact on sunspider.
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::branchAdd32):
(JSC::MacroAssemblerX86::branchSub32):
- Added branchSub32 with AbsoluteAddress.
* jit/JIT.cpp:
(JSC::JIT::emitTimeoutCheck):
- Keep timeout count in memory on X86.
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
- remove X86 specific code, switch bucket count back into a register.
* jit/JITStubs.cpp:
- Stop initializing esi (it is no longer the timeoutCheck!)
* jit/JSInterfaceJIT.h:
- change definition of esi to be the bucketCountRegister.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
- Add timeoutCount as a property to global data (the counter should be per-thread).
2011-10-03 Filip Pizlo <fpizlo@apple.com>
DFG backends don't have access to per-node predictions from the propagator
https://bugs.webkit.org/show_bug.cgi?id=69291
Reviewed by Oliver Hunt.
Nodes now have two notion of predictions: the heap prediction, which is
what came directly from value profiling, and the propagator's predictions,
which arise out of abstract interpretation. Every node has a propagator
prediction, but not every node has a heap prediction; and there is no
guarantee that a node that has both will keep them consistent as the
propagator may have additional information available to it.
This is performance neutral.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::getPrediction):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::getHeapPrediction):
(JSC::DFG::Node::predictHeap):
(JSC::DFG::Node::prediction):
(JSC::DFG::Node::predict):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::setPrediction):
(JSC::DFG::Propagator::mergePrediction):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::isPredictedNumerical):
(JSC::DFG::Propagator::logicalNotIsPure):
(JSC::DFG::Propagator::setReplacement):
2011-10-03 Jer Noble <jer.noble@apple.com>
Unreviewed, rolling out r96526.
http://trac.webkit.org/changeset/96526
https://bugs.webkit.org/show_bug.cgi?id=68587
WEB_AUDIO has numerous 64->32 bit casting warnings, causing
build breakages where -Wall is enabled.
* Configurations/FeatureDefines.xcconfig:
* wtf/Platform.h:
2011-10-03 Gavin Barraclough <barraclough@apple.com>
Unreviewed build fix for DFG JIT 32_64.
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-10-02 Filip Pizlo <fpizlo@apple.com>
DFG should speculate more aggressively on obvious cases on
polymorphic get_by_id
https://bugs.webkit.org/show_bug.cgi?id=69235
Reviewed by Oliver Hunt.
This implements trivial polymorphic get_by_id. It also fixes
problems in the CSE for CheckStructure in the put_by_id
transition case.
Doing this required knowing whether a polymorphic get_by_id stub
was doing a direct access rather than a call of some kind.
Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
scaled mean of all benchmarks.
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
(JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::addStructureSet):
(JSC::DFG::Graph::addStructureTransitionData):
* dfg/DFGNode.h:
(JSC::DFG::StructureTransitionData::StructureTransitionData):
(JSC::DFG::Node::hasStructureTransitionData):
(JSC::DFG::Node::structureTransitionData):
(JSC::DFG::Node::hasStructureSet):
(JSC::DFG::Node::structureSet):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::tryBuildGetByIDProtoList):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStructureSet.h: Added.
(JSC::DFG::StructureSet::StructureSet):
(JSC::DFG::StructureSet::add):
(JSC::DFG::StructureSet::addAll):
(JSC::DFG::StructureSet::remove):
(JSC::DFG::StructureSet::contains):
(JSC::DFG::StructureSet::isSubsetOf):
(JSC::DFG::StructureSet::isSupersetOf):
(JSC::DFG::StructureSet::size):
(JSC::DFG::StructureSet::at):
(JSC::DFG::StructureSet::operator[]):
(JSC::DFG::StructureSet::last):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::getPolymorphicAccessStructureListSlot):
2011-10-03 Jer Noble <jer.noble@apple.com>
Enable WEB_AUDIO by default in the WebKit/mac port.
https://bugs.webkit.org/show_bug.cgi?id=68587
Reviewed by Simon Fraser.
* Configurations/FeatureDefines.xcconfig:
* wtf/Platform.h:
2011-10-03 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK] Fix make distcheck build
https://bugs.webkit.org/show_bug.cgi?id=69243
Reviewed by Martin Robinson.
* GNUmakefile.list.am:
2011-10-03 Pierre Rossi <pierre.rossi@gmail.com>
[Qt] Build fix: Qt::escape is deprecated in Qt5
https://bugs.webkit.org/show_bug.cgi?id=69162
Use QString::toHtmlEscaped in the Qt5 case.
Reviewed by Andreas Kling.
* JavaScriptCore.pri:
* wtf/qt/UtilsQt.h: Added.
(escapeHtml):
* wtf/wtf.pri:
2011-10-03 Balazs Kelemen <kbalazs@webkit.org>
libdispatch based ParallelJobs is not enough parallel
https://bugs.webkit.org/show_bug.cgi?id=66378
Reviewed by Zoltan Herczeg.
Use the appropriate libdispatch API for our use case.
Throw away the hard coded limit of parallel threads
and use dispatch_apply with the default priority normal
queue istead of using our own custom serial queue (which
was a misuse of the API). Enabling PARALLEL_JOBS is now
a 60% win (2.63x as fast) on the methanol benchmark
(https://gitorious.org/methanol) with an SVG centric test set
while the old implementation was almost identical (less than 5% win).
* wtf/ParallelJobsLibdispatch.h:
(WTF::ParallelEnvironment::ParallelEnvironment):
(WTF::ParallelEnvironment::execute):
2011-10-02 Zoltan Herczeg <zherczeg@webkit.org>
[Qt]REGRESSION(r95912): It made sputnik tests flakey
https://bugs.webkit.org/show_bug.cgi?id=68990
Reviewed by Geoffrey Garen.
Changing signed char to int in r96354 solved the
problem. However transitionCount still returns
with a signed char and should be changed to int.
* runtime/Structure.h:
(JSC::Structure::transitionCount):
2011-10-02 Filip Pizlo <fpizlo@apple.com>
DFG misses some obvious opportunities for common subexpression elimination
https://bugs.webkit.org/show_bug.cgi?id=69233
Reviewed by Oliver Hunt.
0.7% speed-up on SunSpider.
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::getByValLoadElimination):
(JSC::DFG::Propagator::getMethodLoadElimination):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::getPropertyStorageLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):
2011-10-02 Gavin Barraclough <barraclough@apple.com>
Bug 67455 - Different regular expression result
Reviewed by Darin Adler.
Fix a regression introduced in r72140. A return was added to the backtracking loop for
backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
This is incorrect. The additional return should only trigger to force an early return if
an error has occured.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::matchParentheses):
- Simplify some nested if else logic.
(JSC::Yarr::Interpreter::backtrackParentheses):
- Simplify some nested if else logic.
- Only return early from backtrackParentheses on success/error, not on failure.
2011-10-01 Geoffrey Garen <ggaren@apple.com>
Removed redundant helper functions for allocating Strong handles
https://bugs.webkit.org/show_bug.cgi?id=69218
Reviewed by Sam Weinig.
* heap/Heap.h:
(JSC::Heap::handleHeap):
* runtime/JSGlobalData.h: Removed these helper functions, since they
just created indirection.
* heap/StrongInlines.h: Added. Broke out a header for inline functions
to resolve circular dependencies created by inlining. I'm told this is
the future for JavaScriptCore.
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
* API/JSCallbackObjectFunctions.h:
(JSC::::init):
* runtime/WeakGCMap.h:
(JSC::WeakGCMap::add):
(JSC::WeakGCMap::set):
* runtime/StructureTransitionTable.h:
(JSC::StructureTransitionTable::setSingleTransition):
* heap/Local.h:
(JSC::::Local):
* heap/Strong.h:
(JSC::::Strong):
(JSC::::set):
* heap/Weak.h:
(JSC::Weak::Weak):
(JSC::Weak::set): Allocate handles directly instead of going through a
chain of forwarding functions.
* bytecompiler/BytecodeGenerator.cpp:
* runtime/JSGlobalData.cpp:
* runtime/LiteralParser.cpp:
* runtime/RegExpCache.cpp: Updated for header changes.
2011-09-30 Filip Pizlo <fpizlo@apple.com>
All of JSC's heuristics should be in one place for easier tuning
https://bugs.webkit.org/show_bug.cgi?id=69201
Reviewed by Oliver Hunt.
This makes it possible to change tiered compilation heuristics in
one place (Heuristics.cpp) without recompiling the whole project.
It also makes it possible to enable setting heuristics using
environment variables. This is off by default. When turned on, it
makes tuning the system much easier.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::shouldOptimizeNow):
* bytecode/CodeBlock.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
* runtime/Heuristics.cpp: Added.
(JSC::Heuristics::parse):
(JSC::Heuristics::setHeuristic):
(JSC::Heuristics::initializeHeuristics):
* runtime/Heuristics.h: Added.
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
2011-10-01 Oliver Hunt <oliver@apple.com>
Support string length in the DFG
https://bugs.webkit.org/show_bug.cgi?id=69215
Reviewed by Geoff Garen.
Adds a GetStringLength node to the DFG so that we can support
string.length inline.
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isKnownString):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/JSString.h:
(JSC::JSString::offsetOfLength):
2011-10-01 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69205
Reviewed by Gavin Barraclough.
If there are unboxed integers and cells in register file (e.g. by SetLocal),
they must be reboxed before exiting from the speculative DFG JIT execution.
This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueSource::dump):
(JSC::DFG::ValueRecovery::dump):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueSource::forPrediction):
(JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
2011-10-01 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r96421.
http://trac.webkit.org/changeset/96421
https://bugs.webkit.org/show_bug.cgi?id=69206
It broke Qt-WK2 build (Requested by ossy on #webkit).
* JavaScriptCore.pri:
* wtf/qt/UtilsQt.h: Removed.
* wtf/wtf.pri:
2011-09-30 Daniel Bates <dbates@webkit.org>
Attempt to fix the Apple Windows and WinCairo Debug builds after
<http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
corresponding function, JSValue::toStrictThisObject(), was removed.
2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
DFG operation results are not set correctly in JSVALUE32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69126
Reviewed by Gavin Barraclough.
The setupResults routine has the bug of reversing the source and destination.
Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::setupTwoStubArgs):
(JSC::DFG::setupResults):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
2011-09-30 Gavin Barraclough <barraclough@apple.com>
Remove toStrictThisObject, toThisString, toThisJSString
https://bugs.webkit.org/show_bug.cgi?id=69203
Rubber stamped by Sam Weinig
These are no longer used.
* JavaScriptCore.exp:
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSObject.cpp:
* runtime/JSObject.h:
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/JSValue.h:
* runtime/StrictEvalActivation.cpp:
* runtime/StrictEvalActivation.h:
2011-09-30 Filip Pizlo <fpizlo@apple.com>
DFG does not speculate aggressively enough on put_by_id
https://bugs.webkit.org/show_bug.cgi?id=69114
Reviewed by Oliver Hunt.
This adds new nodes along with optimizations for those nodes:
GetPropertyStorage: CheckStructure used to do both the structure
check and retrieve the storage pointer. Now CheckStructure just
checks the structure, and GetPropertyStorage retrieves the
storage pointer.
PutStructure: Changes the structure, and has the expected store
to load optimization with CheckStructure.
PutByOffset: Directly sets the value. Has store to load
optimization with GetByOffset.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasStructure):
(JSC::DFG::Node::hasStorageAccessData):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::impureCSE):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::getPropertyStorageLoadElimination):
(JSC::DFG::Propagator::eliminate):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-30 Gavin Barraclough <barraclough@apple.com>
StringRecursionChecker should not work in terms of EncodedJSValue
https://bugs.webkit.org/show_bug.cgi?id=69188
Reviewed by Oliver Hunt.
0 is not the empty value on 32_64.
Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
* runtime/ErrorPrototype.cpp:
(JSC::errorProtoFuncToString):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
* runtime/StringRecursionChecker.cpp:
(JSC::StringRecursionChecker::throwStackOverflowError):
(JSC::StringRecursionChecker::emptyString):
* runtime/StringRecursionChecker.h:
(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::earlyReturnValue):
2011-09-30 Gavin Barraclough <barraclough@apple.com>
DFG JIT, Branch on integer can always be a 32-bit compare.
https://bugs.webkit.org/show_bug.cgi?id=69174
Reviewed by Sam Weinig.
if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
the JSVALUE64 JIT will currently compare all 64bits in the register, but in
these cases the DataFormat is always a JS boxed integer. In these cases we
can just compare the low 32bits anyway - no need to check the tag.
This allows the code to be unified with the JSVALUE32_64 JIT.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-30 Oliver Hunt <oliver@apple.com>
Need a sensible GGC policy
Reviewed by Geoff Garen.
This replaces the existing random collection policy
with a deterministic policy based on nursery size.
* heap/AllocationSpace.cpp:
(JSC::AllocationSpace::allocateSlowCase):
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::markRoots):
(JSC::Heap::collect):
* heap/Heap.h:
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::resetAllocator):
* heap/MarkedSpace.h:
(JSC::MarkedSpace::nurseryWaterMark):
(JSC::MarkedSpace::allocate):
2011-09-30 Filip Pizlo <fpizlo@apple.com>
DFG 32-bit support for op_call and op_construct causes
run-javascriptcore-tests to fail
https://bugs.webkit.org/show_bug.cgi?id=69171
Reviewed by Gavin Barraclough.
This fixes one obvious bug that was causing test failures (no
support for dummy slow case for op_add in 32_64), and disables
op_call and op_construct by default.
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):
2011-09-30 Geoffrey Garen <ggaren@apple.com>
Crash due to out of bounds read/write in MarkedSpace
https://bugs.webkit.org/show_bug.cgi?id=69148
This was a case of being surprised by a poorly aritulcated cell size limit,
plus an incorrect ASSERT guarding the cell size limit.
Reviewed by Oliver Hunt.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive,
since it makes the ranges easier to understand.
Bumped up the max cell size to support the use case in this bug. Since the
atomSize is much bigger than it used to be, there isn't much accounting
cost to handling more size classes.
Switched to FixedArray, to help catch SizeClass indexing bugs in the future.
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::resetAllocator):
(JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges
being inclusive.
2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
[Qt] Build fix: Qt::escape is deprecated in Qt5
https://bugs.webkit.org/show_bug.cgi?id=69162
Use QString::toHtmlEscaped in the Qt5 case.
Reviewed by Andreas Kling.
* JavaScriptCore.pri:
* wtf/qt/UtilsQt.h: Added.
(escapeHtml):
* wtf/wtf.pri:
2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
Fix bug in getHostCallReturnValue of DFG JIT on X86
https://bugs.webkit.org/show_bug.cgi?id=69133
Reviewed by Gavin Barraclough.
We need to insert the additional argument in the stack slot before
return address instead of simply pushing it afterwards.
Also getHostCallReturnValue* should be attributed as stdcall
to make the stack cleaned up by the callee.
* dfg/DFGOperations.cpp:
2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
[Qt] wtf header files are unknown to Qt Creator
https://bugs.webkit.org/show_bug.cgi?id=69158
Adding the HEADERS variable in wtf.pri so that
the header files can be accessed easily.
Reviewed by Andreas Kling.
* wtf/wtf.pri:
2011-09-30 Gavin Barraclough <barraclough@apple.com>
Merge some more of DFGSpeculativeJIT 32_64/64
https://bugs.webkit.org/show_bug.cgi?id=69164
Reviewed by Oliver Hunt.
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCodeGenerator32_64.cpp:
* dfg/DFGJITCodeGenerator64.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileValueAdd):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileValueAdd):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::compile):
2011-09-30 Mark Hahnenberg <mhahnenberg@apple.com>
Add getCallData to MethodTable in ClassInfo
https://bugs.webkit.org/show_bug.cgi?id=69024
Reviewed by Sam Weinig.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
Added the getCallData to the MethodTable in the ClassInfo struct.
* runtime/ClassInfo.h:
2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
Add op_call/op_constructor support to JSVALUE32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69120
Reviewed by Gavin Barraclough.
Improve the coverage of JSVALUE32_64 DFG JIT.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::tagOfCallData):
(JSC::DFG::payloadOfCallData):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
DFG JIT - register not unlocked after usage in ArithDiv
https://bugs.webkit.org/show_bug.cgi?id=69122
Reviewed by Geoffrey Garen.
Some allocated register is not unlocked after the usage in ArithDiv.
Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK".
* dfg/DFGNode.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSCell::toObject
https://bugs.webkit.org/show_bug.cgi?id=68937
Reviewed by Darin Adler.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
De-virtualized JSCell::toObject and changed its implementation to manually check the
cases for JSString and JSObject rather than leaving it up to the virtual method call.
* runtime/JSCell.cpp:
(JSC::JSCell::toObject):
* runtime/JSCell.h:
Removed JSNotAnObject::toObject because the case for JSObject works for it.
Also removed JSObject::toObject because it was essentially the identity function,
which is not necessary since toObject is no longer virtual.
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
* runtime/JSObject.h:
De-virtualized JSObject::toObject and JSString::toObject.
* runtime/JSString.h:
2011-09-29 Gavin Barraclough <barraclough@apple.com>
Start refactoring DFGSpeculativeJIT
https://bugs.webkit.org/show_bug.cgi?id=69112
Reviewed by Oliver Hunt.
Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueSource::dump):
(JSC::DFG::ValueRecovery::dump):
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::dump):
(JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compare):
* dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp.
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compile):
2011-09-29 Gavin Barraclough <barraclough@apple.com>
Refactor out trivially duplicated code in DFGJITCodeGenerator.
https://bugs.webkit.org/show_bug.cgi?id=69109
Reviewed by Oliver Hunt.
Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp
Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code
in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp.
For some function differences are trivial & make more sense to ifdef individually, and some
Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownNotNumber):
(JSC::DFG::JITCodeGenerator::isKnownBoolean):
(JSC::DFG::JITCodeGenerator::writeBarrier):
(JSC::DFG::JITCodeGenerator::dump):
(JSC::DFG::JITCodeGenerator::checkConsistency):
(JSC::DFG::GPRTemporary::GPRTemporary):
(JSC::DFG::FPRTemporary::FPRTemporary):
* dfg/DFGJITCodeGenerator32_64.cpp:
* dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::branchIfNotCell):
* dfg/DFGJITCompilerInlineMethods.h:
2011-09-28 Filip Pizlo <fpizlo@apple.com>
DFG JIT should infer which uses of a variable are not aliased
https://bugs.webkit.org/show_bug.cgi?id=68593
Reviewed by Oliver Hunt.
This separates how a variable is stored (i.e. its virtual register)
from how it's predicted. Each variable now takes a
VariableAccessData as its operand, instead of the virtual register.
The VariableAccessData stores the operand and the prediction. If
multiple uses of a variable are aliased, their VariableAccessDatas
are unified.
This also adds tracking of which argument values are used. It
correctly observes that an argument value is not used, if the
argument is assigned to inside the function before being used.
This also adds tracking of which variables are live at the head of
a basic block, and separates that from a variable being live at the
tail.
Finally, this communicates to both OSR entry and OSR exit code how
a variable is predicted at a particular point in the code, rather
than just communicating how it was predicted in the entire code
block (since with this patch there is no longer the notion of a
variable having just one prediction for a code block).
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/ActionablePrediction.h: Added.
(JSC::actionablePredictionFromPredictedType):
(JSC::valueObeysPrediction):
(JSC::actionablePredictionToString):
(JSC::ActionablePredictions::ActionablePredictions):
(JSC::ActionablePredictions::setArgument):
(JSC::ActionablePredictions::argument):
(JSC::ActionablePredictions::setVariable):
(JSC::ActionablePredictions::variable):
(JSC::ActionablePredictions::argumentUpperBound):
(JSC::ActionablePredictions::variableUpperBound):
(JSC::ActionablePredictions::pack):
(JSC::ActionablePredictions::packVector):
* bytecode/CodeBlock.h:
* bytecode/PredictionTracker.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::newVariableAccessData):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::nameOfVariableAccessData):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(JSC::DFG::operandIsArgument):
(JSC::DFG::VariableRecord::setFirstTime):
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::getPrediction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::noticeOSREntry):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasVariableAccessData):
(JSC::DFG::Node::hasLocal):
(JSC::DFG::Node::variableAccessData):
(JSC::DFG::Node::local):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntry.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueSource::dump):
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueSource::ValueSource):
(JSC::DFG::ValueSource::forPrediction):
(JSC::DFG::ValueSource::isSet):
(JSC::DFG::ValueSource::kind):
(JSC::DFG::ValueSource::nodeIndex):
(JSC::DFG::ValueSource::nodeIndexFromKind):
(JSC::DFG::ValueSource::kindFromNodeIndex):
(JSC::DFG::SpeculativeJIT::isKnownArray):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* wtf/PackedIntVector.h: Added.
(WTF::PackedIntVector::PackedIntVector):
(WTF::PackedIntVector::operator=):
(WTF::PackedIntVector::size):
(WTF::PackedIntVector::ensureSize):
(WTF::PackedIntVector::resize):
(WTF::PackedIntVector::clearAll):
(WTF::PackedIntVector::get):
(WTF::PackedIntVector::set):
(WTF::PackedIntVector::mask):
* wtf/Platform.h:
* wtf/UnionFind.h: Added.
(WTF::UnionFind::UnionFind):
(WTF::UnionFind::find):
(WTF::UnionFind::unify):
2011-09-29 Oliver Hunt <oliver@apple.com>
Build fix.
* heap/AllocationSpace.h:
2011-09-29 Oliver Hunt <oliver@apple.com>
Add logic to collect dirty objects as roots
https://bugs.webkit.org/show_bug.cgi?id=69100
Reviewed by Geoff Garen.
This gives us the ability to walk all the MarkedBlocks in an
AllocationSpace and collect the dirty objects, and then use
them as GC roots.
I also rearranged the order of these instructions because it
makes them smaller on some platforms with some card sizes.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::markCellCard):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::markCellCard):
* heap/AllocationSpace.cpp:
Tidy up the write barrier logic a bit.
(JSC::MarkedBlock::gatherDirtyObjects):
(JSC::TakeIfDirty::returnValue):
(JSC::TakeIfDirty::TakeIfDirty):
(JSC::TakeIfDirty::operator()):
(JSC::AllocationSpace::gatherDirtyObjects):
* heap/AllocationSpace.h:
* heap/CardSet.h:
(JSC::::isCardMarked):
(JSC::::clearCard):
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* heap/Heap.h:
(JSC::Heap::writeBarrier):
* heap/MarkStack.cpp:
(JSC::SlotVisitor::visitChildren):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::setDirtyObject):
(JSC::MarkedBlock::addressOfCardFor):
* heap/SlotVisitor.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitWriteBarrier):
Tidy the write barrier a bit.
2011-09-29 Gavin Barraclough <barraclough@apple.com>
Unreviewed windows build fix.
* assembler/MacroAssemblerCodeRef.h:
* dfg/DFGOperations.h:
2011-09-29 Filip Pizlo <fpizlo@apple.com>
Structure transitions involving many (> 64) properties sometimes cause structure corruption
https://bugs.webkit.org/show_bug.cgi?id=69102
Reviewed by Darin Adler.
Made m_offset an int instead of a signed char. Changed the code to ensure that transitions
don't lead to the dictionary kind being forgotten.
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/Structure.h:
2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69058
Reviewed by Gavin Barraclough.
Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux
* assembler/MacroAssemblerCodeRef.h:
(JSC::FunctionPtr::FunctionPtr):
2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods
https://bugs.webkit.org/show_bug.cgi?id=68839
Reviewed by Geoffrey Garen.
Removed the remaining visitChildrenVirtual methods. This patch completes the process of
de-virtualizing visitChildren.
* API/JSCallbackObject.h:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
* debugger/DebuggerActivation.h:
* runtime/Arguments.cpp:
* runtime/Arguments.h:
* runtime/Executable.cpp:
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
* runtime/GetterSetter.h:
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
* runtime/JSArray.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
* runtime/JSPropertyNameIterator.cpp:
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/JSValue.h:
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeErrorConstructor.h:
* runtime/RegExpObject.cpp:
* runtime/RegExpObject.h:
* runtime/Structure.cpp:
* runtime/Structure.h:
* runtime/StructureChain.cpp:
* runtime/StructureChain.h:
Inlined the method table access and call to the visitChildren function (the only call sites
to visitChildren are here).
* heap/MarkStack.cpp:
(JSC::SlotVisitor::visitChildren):
Changed the field name for the visitChildren function pointer to visitChildren (from
visitChildrenFunctionPtr) to make call sites less verbose.
* runtime/ClassInfo.h:
Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but
overrides visitChildren, so it needs to have its own ClassInfo.
* runtime/JSBoundFunction.cpp:
* runtime/JSBoundFunction.h:
Had to move className up to make sure that the virtual destructor in JSObject wasn't
the first non-inline virtual method in JSObject (as per the comment in the file).
Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
to mitigate the cost of an extra method call.
Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make
call sites more concise. Implementation is inline in JSObject.h.
* runtime/JSObject.h:
(JSC::JSCell::methodTable):
* runtime/JSCell.h:
Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to
appease the vtable gods. It refused to compile if there were no virtual methods in
both of these classes due to the presence of a weak vtable pointer.
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::~JSWrapperObject):
* runtime/JSWrapperObject.h:
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::~ScopeChainNode):
* runtime/ScopeChain.h:
2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69075
Reviewed by Gavin Barraclough.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor
https://bugs.webkit.org/show_bug.cgi?id=69054
Reviewed by Gavin Barraclough.
size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS.
* dfg/DFGNode.h:
2011-09-28 Filip Pizlo <fpizlo@apple.com>
DFG checkArgumentTypes fails to check boolean predictions
https://bugs.webkit.org/show_bug.cgi?id=69059
Reviewed by Gavin Barraclough.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2011-09-28 Gavin Barraclough <barraclough@apple.com>
Build fix pt 2 for r96286.
* assembler/MacroAssemblerCodeRef.h:
2011-09-28 Ryosuke Niwa <rniwa@webkit.org>
Build fix attempt for r96286.
* assembler/MacroAssemblerCodeRef.h:
2011-09-28 Gavin Barraclough <barraclough@apple.com>
DFG JIT Operations on 32_64 should use stdcall calling convention.
https://bugs.webkit.org/show_bug.cgi?id=69046
Reviewed by Sam Weinig.
All calls out are expecting stdcall conventions, but the default on OS X are cdecl.
Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link
directly to std library functions like fmod - leave these calls obeying the default
platform calling convention.
* assembler/MacroAssemblerCodeRef.h:
(JSC::FunctionPtr::FunctionPtr):
- Add implicit constructors for std calls.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
- Make this work non-Mac platforms.
* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* dfg/DFGOperations.h:
- Mark all operations as stdcalls.
2011-09-28 Filip Pizlo <fpizlo@apple.com>
DFG JIT falls back on numerical comparisons when it does not
recognize a prediction
https://bugs.webkit.org/show_bug.cgi?id=68977
Reviewed by Geoffrey Garen.
This fixes both the way comparison implementations are selected. It
also fixes a bug where comparisons other than equality (like < or >)
on objects are compiled as if the comparison was equality.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compare):
2011-09-28 Gavin Barraclough <barraclough@apple.com>
Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64
https://bugs.webkit.org/show_bug.cgi?id=69026
Reviewed by Sam Weinig.
* assembler/X86Assembler.h:
(JSC::X86Assembler::fstpl):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
2011-09-28 Gavin Barraclough <barraclough@apple.com>
Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64
https://bugs.webkit.org/show_bug.cgi?id=69017
Reviewed by Oliver Hunt.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
(JSC::DFG::SpeculativeJIT::compile):
2011-09-28 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64679
Fix bugs in Array.prototype this handling.
Reviewed by Oliver Hunt.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
- These methods should throw if this value is undefined.
2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
Value profiling in baseline JIT for JSVALUE32_64
https://bugs.webkit.org/show_bug.cgi?id=68750
Reviewed by Geoff Garen.
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_mul):
(JSC::JIT::emit_op_div):
* jit/JITCall32_64.cpp:
(JSC::JIT::emit_op_call_put_result):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_resolve):
(JSC::JIT::emit_op_resolve_base):
(JSC::JIT::emit_op_resolve_skip):
(JSC::JIT::emit_op_resolve_global):
(JSC::JIT::emitSlow_op_resolve_global):
(JSC::JIT::emit_op_resolve_with_base):
(JSC::JIT::emit_op_resolve_with_this):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_method_check):
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_get_scoped_var):
(JSC::JIT::emit_op_get_global_var):
* jit/JITStubCall.h:
(JSC::JITStubCall::callWithValueProfiling):
2011-09-28 Yuqiang Xian <yuqiang.xian@intel.com>
Wrong integer checks in JSVALUE32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=68985
Reviewed by Geoffrey Garen.
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2011-09-28 Adam Barth <abarth@webkit.org>
Remove empty directories.
* wtf/brew: Removed.
* wtf/unicode/brew: Removed.
2011-09-27 Filip Pizlo <fpizlo@apple.com>
DFG JIT cannot compile op_new_object, op_new_array,
op_new_array_buffer, or op_new_regexp
https://bugs.webkit.org/show_bug.cgi?id=68580
Reviewed by Oliver Hunt.
This implements all four opcodes, but has op_new_regexp turns off
by default because it unveils some bad speculation logic when
compiling string-validate-input.
With op_new_regexp turned off, this is a 5% win on Kraken and a
0.7% speed-up on V8. Neutral on SunSpider.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasConstantBuffer):
(JSC::DFG::Node::startConstant):
(JSC::DFG::Node::numConstants):
(JSC::DFG::Node::hasRegexpIndex):
(JSC::DFG::Node::regexpIndex):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isKnownArray):
2011-09-27 Filip Pizlo <fpizlo@apple.com>
DFG JIT should speculate more aggressively on reads of array.length
https://bugs.webkit.org/show_bug.cgi?id=68932
Reviewed by Oliver Hunt.
This is a 2% speed-up on Kraken, neutral elsewhere.
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-27 Gavin Barraclough <barraclough@apple.com>
DFG JIT - merge changes between 95905 - 96175
https://bugs.webkit.org/show_bug.cgi?id=68963
Reviewed by Sam Weinig.
Merge missing changes from bug#68677, bug#68784, bug#68785.
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-27 Gavin Barraclough <barraclough@apple.com>
Get JSVALUE32_64 DFG JIT building on OS X.
https://bugs.webkit.org/show_bug.cgi?id=68961
Reviewed by Geoff Garen.
* Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file).
* Forward-declare functions in DFGOperations.cpp
* UNUSED_PARAM for unused arguments
* NO_RETURN for unimplemented function that ASSERT_NOT_REACHED
* Fix argument types handled by OpInfo constructor.
* Use SYMBOL_STRING instead of STRINGIZE for asm symbols.
* Add files to Xcode project.
2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=68755
Reviewed by Gavin Barraclough.
We need to load/store and repatch both tag and payload of a property
for GetById/PutById. Also reorder the loads of tag and payload for
GetByOffset as the result tag GPR could reuse the storage GPR.
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addPropertyAccess):
(JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgRepatchByIdSelfAccess):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-24 Gavin Barraclough <barraclough@apple.com>
Macro assembler branch8 & 16 methods vary in treatment of upper bits
https://bugs.webkit.org/show_bug.cgi?id=68301
Reviewed by Sam Weinig.
Fix for branch16 - remove it!
No performance impact.
* assembler/MacroAssembler.h:
* assembler/MacroAssemblerARM.h:
* assembler/MacroAssemblerARMv7.h:
* assembler/MacroAssemblerMIPS.h:
* assembler/MacroAssemblerSH4.h:
* assembler/MacroAssemblerX86Common.h:
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
Add static version of JSCell::getCallData
https://bugs.webkit.org/show_bug.cgi?id=68741
Reviewed by Darin Adler.
In this patch we just extract the bodies of the virtual getCallData methods
throughout the JSCell inheritance hierarchy out into static methods, which are
now called from the virtual methods. This is an intermediate step in trying to
move the virtual-ness of getCallData into our own method table stored in
ClassInfo. We need to convert the methods to static methods because static methods
can be represented as function pointers rather than pointers to member functions, and
function pointers are smaller and faster to call than pointers to member functions.
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::getCallDataVirtual):
(JSC::JSCallbackFunction::getCallData):
* API/JSCallbackFunction.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::getCallDataVirtual):
(JSC::::getCallData):
* API/JSObjectRef.cpp:
(JSObjectIsFunction):
(JSObjectCallAsFunction):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getCallDataVirtual):
(JSC::ArrayConstructor::getCallData):
* runtime/ArrayConstructor.h:
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::getCallDataVirtual):
(JSC::BooleanConstructor::getCallData):
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::getCallDataVirtual):
(JSC::DateConstructor::getCallData):
* runtime/DateConstructor.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::getCallDataVirtual):
(JSC::ErrorConstructor::getCallData):
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::getCallDataVirtual):
(JSC::FunctionConstructor::getCallData):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::getCallDataVirtual):
(JSC::FunctionPrototype::getCallData):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getCallDataVirtual):
(JSC::JSCell::getCallData):
* runtime/JSCell.h:
(JSC::getCallData):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getCallDataVirtual):
(JSC::JSFunction::getCallData):
* runtime/JSFunction.h:
* runtime/JSONObject.cpp:
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::toJSON):
(JSC::Stringifier::appendStringifiedValue):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::getCallDataVirtual):
(JSC::NativeErrorConstructor::getCallData):
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getCallDataVirtual):
(JSC::NumberConstructor::getCallData):
* runtime/NumberConstructor.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::getCallDataVirtual):
(JSC::ObjectConstructor::getCallData):
* runtime/ObjectConstructor.h:
* runtime/Operations.cpp:
(JSC::jsTypeStringForValue):
(JSC::jsIsObjectType):
(JSC::jsIsFunctionType):
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::functionGetter):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getCallDataVirtual):
(JSC::RegExpConstructor::getCallData):
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::getCallDataVirtual):
(JSC::StringConstructor::getCallData):
* runtime/StringConstructor.h:
2011-09-27 Tim Horton <timothy_horton@apple.com>
Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption
https://bugs.webkit.org/show_bug.cgi?id=68816
<rdar://problem/10186468>
Reviewed by Simon Fraser.
Add ByteArray::clear, which zeros the memory in the ByteArray.
* wtf/ByteArray.h:
(WTF::ByteArray::clear): Added.
2011-09-27 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r96131.
http://trac.webkit.org/changeset/96131
https://bugs.webkit.org/show_bug.cgi?id=68927
It made 18+ tests crash on all platform (Requested by
Ossy_night on #webkit).
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
* interpreter/Interpreter.h:
* jsc.cpp:
(GlobalObject::finishCreation):
* parser/Parser.h:
(JSC::Parser::parse):
* runtime/CommonIdentifiers.h:
* runtime/Error.cpp:
(JSC::addErrorInfo):
* runtime/Error.h:
2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSCell::getPrimitiveNumber
https://bugs.webkit.org/show_bug.cgi?id=68851
Reviewed by Darin Adler.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
Changed JSCell::getPrimitiveNumber to manually handle the dispatch for
JSCells (JSObject and JSString in this case).
* runtime/JSCell.cpp:
(JSC::JSCell::getPrimitiveNumber):
* runtime/JSCell.h:
Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't
matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
can cover the case for JSNotAnObject.
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber
and changed them to be const. Also made JSString::getPrimitiveNumber public
because it needs to be called from JSCell::getPrimitiveNumber and also since it's
no longer virtual, we want people who have a more specific pointer (JSString*
instead of JSCell*) to not have to pay the cost of a virtual method call.
* runtime/JSObject.cpp:
(JSC::JSObject::getPrimitiveNumber):
* runtime/JSObject.h:
* runtime/JSString.cpp:
(JSC::JSString::getPrimitiveNumber):
* runtime/JSString.h:
2011-09-27 Juan Carlos Montemayor Elosua <j.mont@me.com>
Implement Error.stack
https://bugs.webkit.org/show_bug.cgi?id=66994
Reviewed by Oliver Hunt.
This patch utilizes topCallFrame to create a stack trace when
an error is thrown. Users will also be able to use the stack()
command in jsc to get arrays with stack trace information.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::getCallerLine):
(JSC::getSourceURLFromCallFrame):
(JSC::getStackFrameCodeType):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::throwException):
* interpreter/Interpreter.h:
(JSC::StackFrame::toString):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionJSCStack):
* parser/Parser.h:
(JSC::Parser::parse):
* runtime/CommonIdentifiers.h:
* runtime/Error.cpp:
(JSC::addErrorInfo):
* runtime/Error.h:
2011-09-27 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK] Reorganize header files
https://bugs.webkit.org/show_bug.cgi?id=65616
Reviewed by Martin Robinson.
Install header files under $libwebkitgtkincludedir/JavaScriptCore.
* GNUmakefile.am: Use $libwebkitgtkincludedir.
* javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir.
2011-09-26 Geoffrey Garen <ggaren@apple.com>
REGRESSION (r95912): Conservative marking doesn't filter out pointers to
MarkedBlock metadata
https://bugs.webkit.org/show_bug.cgi?id=68860
Reviewed by Oliver Hunt.
Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask
because the mask doesn't produce the actual atom number.
(JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good
enough; we also need to test that a pointer is beyond the metadata section
of a MarkedBlock, to avoid treating random metadata as a JSCell.
2011-09-26 Mark Hahnenberg <mhahnenberg@apple.com>
Make JSCell::toBoolean non-virtual
https://bugs.webkit.org/show_bug.cgi?id=67727
Reviewed by Geoffrey Garen.
JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
before it was simply virtual and would crash if its implementation was called).
Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
explicitly covers all cases of toBoolean, so having a virtual implementation of
JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
* runtime/JSObject.h:
* runtime/JSString.h:
(JSC::JSCell::toBoolean):
(JSC::JSValue::toBoolean):
2011-09-26 Chris Marrin <cmarrin@apple.com>
Enable requestAnimationFrame on Windows
https://bugs.webkit.org/show_bug.cgi?id=68397
Reviewed by Simon Fraser.
Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows
* wtf/Platform.h:
2011-09-26 Noel Gordon <noel.gordon@gmail.com>
[Chromium] Remove DFGAliasTracker.h references from gyp project files
https://bugs.webkit.org/show_bug.cgi?id=68787
Reviewed by Geoffrey Garen.
DFG/DFGAliasTracker.h was removed in r95389. Cleanup (remove) references
to that file from the gyp project files.
* JavaScriptCore.gypi:
2011-09-26 Zoltan Herczeg <zherczeg@webkit.org>
[Qt]REGRESSION(r95865): It made 4 tests crash
https://bugs.webkit.org/show_bug.cgi?id=68780
Reviewed by Oliver Hunt.
emitJumpSlowCaseIfNotJSCell(...) cannot be moved
away since the next load depends on it.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_val):
2011-09-25 Mark Hahnenberg <mhahnenberg@apple.com>
Add custom vtable struct to ClassInfo struct
https://bugs.webkit.org/show_bug.cgi?id=68567
Reviewed by Oliver Hunt.
Declared/defined the MethodTable struct and added it to the ClassInfo struct.
Also defined the CREATE_METHOD_TABLE macro to generate these method tables
succinctly where they need to be defined.
Also added to it the first function to use this macro, visitChildren.
This is part of the process of getting rid of all C++ virtual methods in JSCell.
Eventually all virtual functions in JSCell that can't easily be converted to
non-virtual functions will be put into this custom vtable structure.
* runtime/ClassInfo.h:
Added the CREATE_METHOD_TABLE macro call as the last argument to each of the
ClassInfo structs declared in these classes. This saves us from having to visit
each s_info definition in the future when we add more methods to the MethodTable.
* API/JSCallbackConstructor.cpp:
* API/JSCallbackFunction.cpp:
* API/JSCallbackObject.cpp:
* JavaScriptCore.exp:
* runtime/Arguments.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/BooleanObject.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/DateConstructor.cpp:
* runtime/DateInstance.cpp:
* runtime/DatePrototype.cpp:
* runtime/ErrorInstance.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/ExceptionHelpers.cpp:
* runtime/Executable.cpp:
* runtime/GetterSetter.cpp:
* runtime/InternalFunction.cpp:
* runtime/JSAPIValueWrapper.cpp:
* runtime/JSActivation.cpp:
* runtime/JSArray.cpp:
* runtime/JSByteArray.cpp:
* runtime/JSFunction.cpp:
* runtime/JSGlobalObject.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
* runtime/JSPropertyNameIterator.cpp:
* runtime/JSString.cpp:
* runtime/MathObject.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberObject.cpp:
* runtime/NumberPrototype.cpp:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/RegExp.cpp:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpObject.cpp:
* runtime/RegExpPrototype.cpp:
* runtime/ScopeChain.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringObject.cpp:
* runtime/StringPrototype.cpp:
* runtime/Structure.cpp:
* runtime/StructureChain.cpp:
Had to make visitChildren and visitChildrenVirtual protected instead of private
because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
visitChildren function pointer in their vtable since they don't provide their own
implementation. Same for RegExpObject.
* runtime/JSWrapperObject.h:
* runtime/RegExpObject.h:
2011-09-25 Adam Barth <abarth@webkit.org>
Finish removing PLATFORM(BREWMP) by removing associated code
https://bugs.webkit.org/show_bug.cgi?id=68779
Reviewed by Sam Weinig.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
* wscript:
* wtf/FastMalloc.cpp:
(WTF::fastMallocSize):
* wtf/Vector.h:
* wtf/brew: Removed.
* wtf/brew/MainThreadBrew.cpp: Removed.
* wtf/brew/OwnPtrBrew.cpp: Removed.
* wtf/brew/RefPtrBrew.h: Removed.
* wtf/brew/ShellBrew.h: Removed.
* wtf/brew/StringBrew.cpp: Removed.
* wtf/brew/SystemMallocBrew.h: Removed.
* wtf/unicode/brew: Removed.
* wtf/unicode/brew/UnicodeBrew.cpp: Removed.
* wtf/unicode/brew/UnicodeBrew.h: Removed.
2011-09-25 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not count speculation successes correctly
https://bugs.webkit.org/show_bug.cgi?id=68785
Reviewed by Geoffrey Garen.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
* dfg/DFGOperations.cpp:
2011-09-25 Filip Pizlo <fpizlo@apple.com>
DFG support for op_resolve_global is not enabled
https://bugs.webkit.org/show_bug.cgi?id=68786
Reviewed by Geoffrey Garen.
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
2011-09-25 Filip Pizlo <fpizlo@apple.com>
DFG static prediction code is no longer needed and should be removed
https://bugs.webkit.org/show_bug.cgi?id=68784
Reviewed by Oliver Hunt.
This gets rid of static prediction code, and ensures that we do not
try to compile code where dynamic predictions are not available.
This is accomplished by immediately performing an OSR exit wherever
a value is retrieved for which no predictions exist.
This also adds value profiling for this on functions used for calls.
The heuristics for deciding when to optimize code are also tweaked,
since it is now profitable to optimize sooner. This may need to be
tweaked further, but this patch only makes minimal changes.
This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
overall win on Kraken. It's neutral elsewhere.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::shouldOptimizeNow):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/CodeBlock.h:
* bytecode/PredictedType.cpp:
(JSC::predictionToString):
* bytecode/PredictedType.h:
(JSC::isCellPrediction):
(JSC::isObjectPrediction):
(JSC::isFinalObjectPrediction):
(JSC::isStringPrediction):
(JSC::isArrayPrediction):
(JSC::isInt32Prediction):
(JSC::isDoublePrediction):
(JSC::isNumberPrediction):
(JSC::isBooleanPrediction):
(JSC::mergePredictions):
* bytecode/PredictionTracker.h:
(JSC::PredictionTracker::predictArgument):
(JSC::PredictionTracker::predict):
(JSC::PredictionTracker::predictGlobalVar):
* bytecode/ValueProfile.cpp:
(JSC::ValueProfile::computeUpdatedPrediction):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::getPrediction):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::predictGlobalVar):
(JSC::DFG::Graph::getMethodCheckPrediction):
(JSC::DFG::Graph::getJSConstantPrediction):
(JSC::DFG::Graph::getPrediction):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
(JSC::DFG::JITCodeGenerator::emitBranch):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::getPrediction):
* dfg/DFGNode.h:
(JSC::DFG::Node::valueOfJSConstantNode):
(JSC::DFG::Node::isInt32Constant):
(JSC::DFG::Node::isDoubleConstant):
(JSC::DFG::Node::isNumberConstant):
(JSC::DFG::Node::isBooleanConstant):
(JSC::DFG::Node::predict):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::isPredictedNumerical):
(JSC::DFG::Propagator::logicalNotIsPure):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
(JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
(JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
(JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
(JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
(JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
(JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
(JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
2011-09-25 Filip Pizlo <fpizlo@apple.com>
DFG JIT Construct opcode takes a this argument even though it's
not passed
https://bugs.webkit.org/show_bug.cgi?id=68782
Reviewed by Oliver Hunt.
This is performance-neutral, mostly. It's a slight speed-up on
v8-splay.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addCall):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
2011-09-25 Filip Pizlo <fpizlo@apple.com>
DFG tracking of the value in cachedResultRegister does not handle
op_mov correctly
https://bugs.webkit.org/show_bug.cgi?id=68781
Reviewed by Oliver Hunt.
This takes the simplest approach: it makes the old JIT dumber rather
than making the DFG JIT smarter. This is performance-neutral.
* jit/JIT.h:
(JSC::JIT::canBeOptimized):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_mov):
2011-09-25 Adam Barth <abarth@webkit.org>
Remove PLATFORM(HAIKU) and associated code
https://bugs.webkit.org/show_bug.cgi?id=68774
Reviewed by Sam Weinig.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
* heap/MachineStackMarker.cpp:
* wtf/PageAllocation.h:
* wtf/Platform.h:
* wtf/StackBounds.cpp:
* wtf/haiku: Removed.
* wtf/haiku/MainThreadHaiku.cpp: Removed.
* wtf/haiku/StringHaiku.cpp: Removed.
* wtf/text/WTFString.h:
2011-09-24 Adam Barth <abarth@webkit.org>
Always enable ENABLE(OFFLINE_WEB_APPLICATIONS)
https://bugs.webkit.org/show_bug.cgi?id=68767
Reviewed by Eric Seidel.
* Configurations/FeatureDefines.xcconfig:
2011-09-24 Filip Pizlo <fpizlo@apple.com>
JIT implementation of put_by_val increments m_length instead of setting
it to index+1
https://bugs.webkit.org/show_bug.cgi?id=68766
Reviewed by Geoffrey Garen.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_val):
2011-09-24 Geoffrey Garen <ggaren@apple.com>
More build fixage.
* heap/ConservativeRoots.cpp: Our system of #includes, it is chaos.
2011-09-24 Filip Pizlo <fpizlo@apple.com>
The DFG should not attempt to guess types in the absence of value
profiles
https://bugs.webkit.org/show_bug.cgi?id=68677
Reviewed by Oliver Hunt.
This adds the ForceOSRExit node, which is ignored by the propagator
and virtual register allocator (and hence ensuring that liveness analysis
works correctly), but forces terminateSpeculativeExecution() in the
back-end. This appears to be a slight speed-up on benchmark averages,
with ~5% swings on individual benchmarks, in both directions. But it's
never a regression on any average, and appears to be a ~1% progression
in the SunSpider average.
This also adds a bit better debugging support in the old JIT and in DFG,
as this was necessary to debug the much more frequent OSR transitions
that occur with this change.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::getStrongPrediction):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
* jit/JIT.h:
2011-09-24 Geoffrey Garen <ggaren@apple.com>
Some Windows build fixage.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::sweep):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::isLive): Show the compiler that all control paths
return a value. There, there, compiler. Everything's going to be OK.
* runtime/JSCell.h:
(JSC::JSCell::setVPtr): Oops! Unrename this function.
2011-09-24 Geoffrey Garen <ggaren@apple.com>
Allocate new objects unmarked
https://bugs.webkit.org/show_bug.cgi?id=68764
Reviewed by Oliver Hunt.
This is a pre-requisite to using the mark bit to determine object age.
~2% v8 speedup, mostly due to a 12% v8-splay speedup.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::isLive):
(JSC::MarkedBlock::isLiveCell): These two functions are the reason for
this patch. They can now determine object liveness without relying on
newly allocated objects having their mark bits set. Each MarkedBlock
now has a state variable that tells us how to determine whether its
cells are live. (This new state variable supercedes the old one about
destructor state. The rest of this patch is just refactoring to support
the invariants of this new state variable without introducing a
performance regression.)
(JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
state when a block becomes fully allocated.
(JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
this function because, logically, clearing all mark bits is the first
step in saying "mark bits now exactly reflect object liveness".
(JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
that this function only tells you about the mark bits, so it's only
meaningful if you've put the mark bits into a meaningful state before
calling it.
(JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
instead of testing mark bits, since mark bits are not always the right
way to find out if an object is live anymore. (New objects are live, but
not marked.)
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::recycle):
(JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
initialization when recycling an old block -- into the MarkedBlock
constructor, for simplicity.
(JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
a zapped cell before running a destructor, and always zap after
running a destructor. This does not seem to be expensive, and the
alternative just creates a too-confusing matrix of possible cell states
((zombie undestructed cell + zombie destructed cell + zapped destructed
cell) * 5! permutations for progressing through block states = "Oh my!").
(JSC::MarkedBlock::specializedSweep):
(JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
optimization to use template specialization to constant fold lots of
branches and elide certain operations entirely during a sweep. Merged
four or five functions that were logically about sweeping into this one
function pair, so there's only one way to do things now, it's
automatically correct, and it's always fast.
(JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
about exactly what it does, and to honor the new block state system.
* heap/AllocationSpace.cpp:
(JSC::AllocationSpace::allocateBlock): Updated for rename.
(JSC::AllocationSpace::freeBlocks): Updated for changed interface.
(JSC::TakeIfUnmarked::TakeIfUnmarked):
(JSC::TakeIfUnmarked::operator()):
(JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
to clarify that this functor only tests the mark bits, so it's only
valid if you've put the mark bits into a meaningful state before
calling it.
(JSC::AllocationSpace::shrink): Updated for rename.
* heap/AllocationSpace.h:
(JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
little more specific about what we're making canonical.
(JSC::AllocationSpace::forEachCell): Updated for rename.
(JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
liveness data before iterating blocks -- clients that want iterated
blocks to have valid cell lieveness data should make this call for
themselves. (And not all clients want it.)
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
obsolete comment.
* heap/Heap.cpp:
(JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
because clearMarks() now does that implicitly.
(JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
tear-down tests cell liveness when running destructors.
(JSC::Heap::markRoots):
(JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
and into collect, since it strictly depends on root marking, and does
not contribute to root marking.
(JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
specific about what we're making canonical.
* heap/Heap.h:
(JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
data before iterating protected cells, since we know they're all live,
and don't need to test for it.
* heap/Local.h:
(JSC::::set): Can't make the same ASSERT we used to because we just don't
have the mark bits for it anymore. Perhaps we can bring this ASSERT back
in a weaker form in the future.
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::addBlock):
(JSC::MarkedSpace::removeBlock): Updated for interface change.
(JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
specific about what we're making canonical.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::SizeClass::SizeClass):
(JSC::MarkedSpace::SizeClass::resetAllocator):
(JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
functionality a bit. We now track only one block -- "currentBlock" --
and rely on its internal state to know whether it has more cells to
allocate.
* heap/Weak.h:
(JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
have the mark bits for it anymore. Perhaps we can bring this ASSERT back
in a weaker form in the future.
* runtime/JSCell.h:
(JSC::JSCell::vptr):
(JSC::JSCell::zap):
(JSC::JSCell::isZapped):
(JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
In the future, exactly how a JSCell zaps itself will change, as the
internal representation of JSCell changes.
2011-09-24 Filip Pizlo <fpizlo@apple.com>
DFG JIT should not eagerly initialize integer tags in the register file
https://bugs.webkit.org/show_bug.cgi?id=68763
Reviewed by Oliver Hunt.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueRecovery::dump):
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
(JSC::DFG::OSRExit::operandForArgument):
(JSC::DFG::OSRExit::operandForIndex):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2011-09-23 Yuqiang Xian <yuqiang.xian@intel.com>
Add JSVALUE32_64 support to DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=67460
Reviewed by Gavin Barraclough.
This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
It's tested on IA32 Linux EFL port currently. It still cannot run
all the test cases and benchmarks so should be turned off now.
The major work includes:
1) dealing with JSVALUE32_64 data format in DFG JIT;
2) bindings between 64-bit JS Value and 32-bit registers;
3) handling of function calls. Currently for DFG operation function
calls we follow the X86 cdecl calling convention on Linux, and the
implementation is in a naive way by pushing the arguments into stack
one by one.
The known issues include:
1) some code duplicates unnecessarily, especially in Speculative JIT
code generation, where most of the operations on SpeculataInteger /
SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
is needed in the future;
2) lack of op_call and op_construct support, comparing to current
JSVALUE64 DFG;
3) currently integer speculations assume to be StrictInt32;
4) lack of JSBoolean speculations;
5) boxing and unboxing doubles could be improved;
6) DFG X86 register description is different with the baseline JIT,
the timeoutCheckRegister is used for general purpose usage;
7) calls to runtime functions with primitive double parameters (e.g.
fmod) don't work. Support needs to be added to the assembler to
implement the mechanism of passing double parameters for X86 cdecl
convention.
And there should be many other hidden bugs which should be exposed and
resolved in later debugging process.
* CMakeListsEfl.txt:
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::loadDouble):
(JSC::MacroAssemblerX86::storeDouble):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movsd_rm):
* bytecode/StructureStubInfo.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGFPRInfo.h:
(JSC::DFG::FPRInfo::debugName):
* dfg/DFGGPRInfo.h:
(JSC::DFG::GPRInfo::toRegister):
(JSC::DFG::GPRInfo::toIndex):
(JSC::DFG::GPRInfo::debugName):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::needDataFormatConversion):
(JSC::DFG::GenerationInfo::initJSValue):
(JSC::DFG::GenerationInfo::initDouble):
(JSC::DFG::GenerationInfo::gpr):
(JSC::DFG::GenerationInfo::tagGPR):
(JSC::DFG::GenerationInfo::payloadGPR):
(JSC::DFG::GenerationInfo::fpr):
(JSC::DFG::GenerationInfo::fillJSValue):
(JSC::DFG::GenerationInfo::fillCell):
(JSC::DFG::GenerationInfo::fillDouble):
* dfg/DFGJITCodeGenerator.cpp:
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::allocate):
(JSC::DFG::JITCodeGenerator::use):
(JSC::DFG::JITCodeGenerator::registersMatched):
(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
(JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
(JSC::DFG::JITCodeGenerator::boxDouble):
(JSC::DFG::JITCodeGenerator::unboxDouble):
(JSC::DFG::JITCodeGenerator::spill):
(JSC::DFG::addressOfDoubleConstant):
(JSC::DFG::integerResult):
(JSC::DFG::jsValueResult):
(JSC::DFG::setupResults):
(JSC::DFG::callOperation):
(JSC::JSValueOperand::JSValueOperand):
(JSC::JSValueOperand::~JSValueOperand):
(JSC::JSValueOperand::isDouble):
(JSC::JSValueOperand::fill):
(JSC::JSValueOperand::tagGPR):
(JSC::JSValueOperand::payloadGPR):
(JSC::JSValueOperand::fpr):
(JSC::GPRTemporary::~GPRTemporary):
(JSC::GPRTemporary::gpr):
(JSC::GPRResult2::GPRResult2):
* dfg/DFGJITCodeGenerator32_64.cpp: Added.
(JSC::DFG::JITCodeGenerator::clearGenerationInfo):
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::fillStorage):
(JSC::DFG::JITCodeGenerator::useChildren):
(JSC::DFG::JITCodeGenerator::isStrictInt32):
(JSC::DFG::JITCodeGenerator::isKnownInteger):
(JSC::DFG::JITCodeGenerator::isKnownNumeric):
(JSC::DFG::JITCodeGenerator::isKnownCell):
(JSC::DFG::JITCodeGenerator::isKnownNotInteger):
(JSC::DFG::JITCodeGenerator::isKnownNotNumber):
(JSC::DFG::JITCodeGenerator::isKnownBoolean):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
(JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::writeBarrier):
(JSC::DFG::JITCodeGenerator::cachedPutById):
(JSC::DFG::JITCodeGenerator::cachedGetMethod):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
(JSC::DFG::JITCodeGenerator::emitBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
(JSC::DFG::JITCodeGenerator::emitCall):
(JSC::DFG::JITCodeGenerator::speculationCheck):
(JSC::DFG::dataFormatString):
(JSC::DFG::JITCodeGenerator::dump):
(JSC::DFG::JITCodeGenerator::checkConsistency):
(JSC::DFG::GPRTemporary::GPRTemporary):
(JSC::DFG::FPRTemporary::FPRTemporary):
* dfg/DFGJITCompiler.cpp:
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::tagForGlobalVar):
(JSC::DFG::JITCompiler::payloadForGlobalVar):
(JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
(JSC::DFG::JITCompiler::addressOfDoubleConstant):
(JSC::DFG::JITCompiler::boxDouble):
(JSC::DFG::JITCompiler::unboxDouble):
(JSC::DFG::JITCompiler::addPropertyAccess):
(JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
* dfg/DFGJITCompiler32_64.cpp: Added.
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::fillInt32ToInteger):
(JSC::DFG::JITCompiler::fillToJS):
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::jitAssertIsInt32):
(JSC::DFG::JITCompiler::jitAssertIsJSInt32):
(JSC::DFG::JITCompiler::jitAssertIsJSNumber):
(JSC::DFG::JITCompiler::jitAssertIsJSDouble):
(JSC::DFG::JITCompiler::jitAssertIsCell):
(JSC::DFG::JITCompiler::emitCount):
(JSC::DFG::JITCompiler::setSamplingFlag):
(JSC::DFG::JITCompiler::clearSamplingFlag):
* dfg/DFGJITCompilerInlineMethods.h: Added.
(JSC::DFG::JITCompiler::emitLoadTag):
(JSC::DFG::JITCompiler::emitLoadPayload):
(JSC::DFG::JITCompiler::emitLoad):
(JSC::DFG::JITCompiler::emitLoad2):
(JSC::DFG::JITCompiler::emitLoadDouble):
(JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
(JSC::DFG::JITCompiler::emitStore):
(JSC::DFG::JITCompiler::emitStoreInt32):
(JSC::DFG::JITCompiler::emitStoreCell):
(JSC::DFG::JITCompiler::emitStoreBool):
(JSC::DFG::JITCompiler::emitStoreDouble):
* dfg/DFGNode.h:
* dfg/DFGOperations.cpp:
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::tryCachePutByID):
* dfg/DFGSpeculativeJIT.cpp:
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueRecovery::inGPR):
(JSC::DFG::ValueRecovery::inPair):
(JSC::DFG::ValueRecovery::tagGPR):
(JSC::DFG::ValueRecovery::payloadGPR):
* dfg/DFGSpeculativeJIT32_64.cpp: Added.
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::ValueSource::dump):
(JSC::DFG::ValueRecovery::dump):
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::dump):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt):
(JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
(JSC::DFG::SpeculativeJIT::convertToDouble):
(JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileMovHint):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::initializeVariableTypes):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* runtime/JSValue.h:
2011-09-23 Filip Pizlo <fpizlo@apple.com>
wtf/BitVector.h has a variety of bugs which manifest when the
vector grows beyond 63 bits
https://bugs.webkit.org/show_bug.cgi?id=68746
Reviewed by Oliver Hunt.
Out-of-lined slow path code in BitVector so that not every user
of CodeBlock ends up having to compile it. Fixed a variety of
index computation and size computation bugs.
I have not seen these issues manifest themselves, but they are
blocking a patch that uses BitVector more aggressively.
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/BitVector.cpp: Added.
(BitVector::BitVector):
(BitVector::operator=):
(BitVector::resize):
(BitVector::clearAll):
(BitVector::OutOfLineBits::create):
(BitVector::OutOfLineBits::destroy):
(BitVector::resizeOutOfLine):
* wtf/BitVector.h:
(WTF::BitVector::ensureSize):
(WTF::BitVector::get):
(WTF::BitVector::set):
(WTF::BitVector::clear):
(WTF::BitVector::byteCount):
(WTF::BitVector::OutOfLineBits::numWords):
(WTF::BitVector::OutOfLineBits::bits):
(WTF::BitVector::outOfLineBits):
* wtf/CMakeLists.txt:
* wtf/wtf.pri:
2011-09-23 Adam Klein <adamk@chromium.org>
Add ENABLE_MUTATION_OBSERVERS feature flag
https://bugs.webkit.org/show_bug.cgi?id=68732
Reviewed by Ojan Vafai.
This flag will guard an implementation of the "Mutation Observers" proposed in
http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
* Configurations/FeatureDefines.xcconfig:
2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
De-virtualize JSCell::getJSNumber
https://bugs.webkit.org/show_bug.cgi?id=68651
Reviewed by Oliver Hunt.
Added a new JSType to check whether or not something is a
NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not
currently a better way to determine whether something is indeed a NumberObject.
Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo
for whether the object is a NumberObject or not. This patch is part of
the larger process of de-virtualizing JSCell.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
(JSC::JSCell::getJSNumber):
* runtime/JSCell.h:
(JSC::JSValue::getJSNumber):
* runtime/JSType.h:
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::isNumberObject):
* runtime/JSValue.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::getJSNumber):
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::createStructure):
2011-09-23 Filip Pizlo <fpizlo@apple.com>
Resolve opcodes should have value profiling.
https://bugs.webkit.org/show_bug.cgi?id=68723
Reviewed by Oliver Hunt.
This adds value profiling to all forms of op_resolve in the
old JIT, and patches that information into the DFG along with
performing the appropriate type propagation.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasIdentifier):
(JSC::DFG::Node::resolveGlobalDataIndex):
(JSC::DFG::Node::hasPrediction):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_resolve):
(JSC::JIT::emit_op_resolve_base):
(JSC::JIT::emit_op_resolve_skip):
(JSC::JIT::emit_op_resolve_global):
(JSC::JIT::emitSlow_op_resolve_global):
(JSC::JIT::emit_op_resolve_with_base):
(JSC::JIT::emit_op_resolve_with_this):
(JSC::JIT::emitSlow_op_resolve_global_dynamic):
* jit/JITStubCall.h:
(JSC::JITStubCall::callWithValueProfiling):
2011-09-23 Oliver Hunt <oliver@apple.com>
Fix windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-09-23 Gavin Barraclough <barraclough@apple.com>
Strict mode does not work in non-trivial nested functions.
https://bugs.webkit.org/show_bug.cgi?id=68740
Reviewed by Oliver Hunt.
Function-info caching does not preserve all state that it should.
* parser/JSParser.cpp:
(JSC::JSParser::Scope::saveFunctionInfo):
(JSC::JSParser::Scope::restoreFunctionInfo):
(JSC::JSParser::parseFunctionInfo):
* parser/SourceProviderCacheItem.h:
2011-09-23 Filip Pizlo <fpizlo@apple.com>
ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED
https://bugs.webkit.org/show_bug.cgi?id=68724
Reviewed by Oliver Hunt.
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
2011-09-23 Oliver Hunt <oliver@apple.com>
Build fix.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-09-23 Filip Pizlo <fpizlo@apple.com>
DFG implementation of PutScopedVar corrupts register allocation
https://bugs.webkit.org/show_bug.cgi?id=68735
Reviewed by Oliver Hunt.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-23 Oliver Hunt <oliver@apple.com>
Make write barriers actually do something when enabled
https://bugs.webkit.org/show_bug.cgi?id=68717
Reviewed by Geoffrey Garen.
Add a basic card marking style write barrier to JSC (currently
turned off). This requires two scratch registers in the JIT
so there was some register re-arranging to satisfy that requirement.
Happily this produced a minor perf bump in sunspider (~0.5%).
Turning the barriers on causes an overall regression of around 1.5%
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::store8):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movb_i8m):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownNotCell):
(JSC::DFG::JITCodeGenerator::writeBarrier):
(JSC::DFG::JITCodeGenerator::markCellCard):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCachePutByID):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* heap/CardSet.h: Added.
(JSC::CardSet::CardSet):
(JSC::::cardForAtom):
(JSC::::cardMarkedForAtom):
(JSC::::markCardForAtom):
* heap/Heap.cpp:
* heap/Heap.h:
(JSC::Heap::addressOfCardFor):
(JSC::Heap::writeBarrierFastCase):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::setDirtyObject):
(JSC::MarkedBlock::addressOfCardFor):
(JSC::MarkedBlock::offsetOfCards):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var):
(JSC::JIT::emitWriteBarrier):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var):
2011-09-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
https://bugs.webkit.org/show_bug.cgi?id=68077
SH4 assemblers doesn't refer to executable memory handle.
Reviewed by Gavin Barraclough.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branch8):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::executableCopy):
2011-09-23 Oliver Hunt <oliver@apple.com>
PutScopedVar nodes should report that it has a var number
https://bugs.webkit.org/show_bug.cgi?id=68721
Reviewed by Anders Carlsson.
Another assertion fix.
* dfg/DFGNode.h:
(JSC::DFG::Node::hasVarNumber):
2011-09-23 Oliver Hunt <oliver@apple.com>
Add a bunch of unhandled node types to the propagator
https://bugs.webkit.org/show_bug.cgi?id=68716
Reviewed by Darin Adler.
Remove the ASSERT_NOT_REACHED() default for debug builds in the
prediction propagator, this way unhandled nodes will just cause
compile time failures rather than failing at some point in the
future.
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
Add static version of JSCell::visitChildren
https://bugs.webkit.org/show_bug.cgi?id=68404
Reviewed by Darin Adler.
In this patch we just extract the bodies of the virtual visitChildren methods
throughout the JSCell inheritance hierarchy out into static methods, which are
now called from the virtual methods. This is an intermediate step in trying to
move the virtual-ness of visitChildren into our own custom vtable stored in
ClassInfo. We need to convert the methods to static methods in order to be
able to more easily store and refer to them in our custom vtable since normal
member methods store some implicit information in their types, making it
impossible to store them generically in ClassInfo.
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::visitChildrenVirtual):
(JSC::JSCallbackObject::visitChildren):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildrenVirtual):
(JSC::DebuggerActivation::visitChildren):
* debugger/DebuggerActivation.h:
* heap/MarkStack.cpp:
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::drain):
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildrenVirtual):
(JSC::Arguments::visitChildren):
* runtime/Arguments.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildrenVirtual):
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildrenVirtual):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildrenVirtual):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildrenVirtual):
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildrenVirtual):
(JSC::JSActivation::visitChildren):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildrenVirtual):
(JSC::JSArray::visitChildren):
* runtime/JSArray.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::visitChildrenVirtual):
(JSC::JSBoundFunction::visitChildren):
* runtime/JSBoundFunction.h:
* runtime/JSCell.h:
(JSC::JSCell::visitChildrenVirtual):
(JSC::JSCell::visitChildren):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildrenVirtual):
(JSC::JSFunction::visitChildren):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildrenVirtual):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildrenVirtual):
(JSC::JSObject::visitChildren):
* runtime/JSObject.h:
(JSC::JSObject::visitChildrenDirect):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildrenVirtual):
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildrenVirtual):
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSStaticScopeObject.h:
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildrenVirtual):
(JSC::JSWrapperObject::visitChildren):
* runtime/JSWrapperObject.h:
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildrenVirtual):
(JSC::NativeErrorConstructor::visitChildren):
* runtime/NativeErrorConstructor.h:
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildrenVirtual):
(JSC::RegExpObject::visitChildren):
* runtime/RegExpObject.h:
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildrenVirtual):
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
* runtime/Structure.cpp:
(JSC::Structure::visitChildrenVirtual):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildrenVirtual):
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
2011-09-23 Oliver Hunt <oliver@apple.com>
Node propagation doesn't handle PutScopedVar
https://bugs.webkit.org/show_bug.cgi?id=68713
Reviewed by Sam Weinig.
This was causing assertion failures.
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
2011-09-23 Anders Carlsson <andersca@apple.com>
Make sure to define OVERRIDE and FINAL for older builds of clang.
* wtf/Compiler.h:
2011-09-23 Gavin Barraclough <barraclough@apple.com>
Implement op_resolve_global in the DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=68704
Reviewed by Oliver Hunt.
This is performance neutral, but increases coverage.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasIdentifier):
(JSC::DFG::Node::resolveInfoIndex):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-23 Mark Rowe <mrowe@apple.com>
Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h.
* wtf/Platform.h:
2011-09-22 Anders Carlsson <andersca@apple.com>
We should add support for OVERRIDE and FINAL annotations
https://bugs.webkit.org/show_bug.cgi?id=68654
Reviewed by David Hyatt.
Add OVERRIDE and FINAL macros for compilers that support them.
* wtf/Compiler.h:
2011-09-22 Filip Pizlo <fpizlo@apple.com>
GetScopedVar should have value profiling
https://bugs.webkit.org/show_bug.cgi?id=68676
Reviewed by Oliver Hunt.
Added GetScopedVar value profiling and predictin propagation.
Added GetScopeChain to CSE.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasPrediction):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::getScopeChainLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_scoped_var):
2011-09-22 Filip Pizlo <fpizlo@apple.com>
PPC build fix, part 3.
* runtime/Executable.cpp:
(JSC::FunctionExecutable::compileForConstructInternal):
2011-09-22 Filip Pizlo <fpizlo@apple.com>
Another PPC build fix.
* runtime/Executable.cpp:
* runtime/Executable.h:
2011-09-22 Dean Jackson <dino@apple.com>
Add ENABLE_CSS_FILTERS
https://bugs.webkit.org/show_bug.cgi?id=68652
Reviewed by Simon Fraser.
* Configurations/FeatureDefines.xcconfig:
2011-09-22 Gavin Barraclough <barraclough@apple.com>
Incorrect this value passed to callbacks.
https://bugs.webkit.org/show_bug.cgi?id=68668
Reviewed by Oliver Hunt.
From Array/String prototype function. Should be undefined, but
global object is passed instead (this is visible for strict callbacks).
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
* runtime/JSArray.cpp:
(JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
(JSC::JSArray::sort):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncReplace):
2011-09-22 Gavin Barraclough <barraclough@apple.com>
Function.prototype.bind.length shoudl be 1.
Rubber stamped by Olier Hunt.
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
2011-09-22 Filip Pizlo <fpizlo@apple.com>
PPC build fix.
* bytecode/CodeBlock.h:
2011-09-22 Gavin Barraclough <barraclough@apple.com>
Windows build fix pt. 2
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-09-22 Gavin Barraclough <barraclough@apple.com>
Windows build fix pt. 1
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-09-21 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not support to_primitive or strcat
https://bugs.webkit.org/show_bug.cgi?id=68582
Reviewed by Darin Adler.
This adds functional support for to_primitive and strcat. It focuses
on minimizing the amount of code emitted on to_primitive (if we know
that it is a primitive or can speculate cheaply, then we omit the
slow path) and on keeping the implementation of strcat simple while
leveraging whatever optimizations we have already. In particular,
unlike the Call and Construct nodes which require extending the size
of the DFG's callee registers, StrCat takes advantage of the fact
that no JS code can run while StrCat is in progress and uses a
scratch buffer, rather than the register file, to store the list of
values to concatenate. This was done mainly to keep the code simple,
but there are probably other benefits to keeping call frame sizes
down. Essentially, this patch ensures that the presence of an
op_strcat does not mess up any other optimizations we might do while
ensuring that if you do execute it, it'll work about as well as you'd
expect.
When combined with the previous patch for integer division, this is a
14% speed-up on Kraken. Without it, it would have been a 2% loss.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::callOperation):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGNode.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::scratchBufferForSize):
2011-09-22 Filip Pizlo <fpizlo@apple.com>
DFG JIT should support integer division
https://bugs.webkit.org/show_bug.cgi?id=68597
Reviewed by Darin Adler.
This adds support for ArithDiv speculating integer, and speculating
that the result is integer (i.e. remainder = 0).
This is a 4% win on Kraken and a 1% loss on V8.
* bytecode/CodeBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::makeDivSafe):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasArithNodeFlags):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateArithNodeFlags):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_div):
2011-09-22 Oliver Hunt <oliver@apple.com>
Implement put_scoped_var in the DFG jit
https://bugs.webkit.org/show_bug.cgi?id=68653
Reviewed by Gavin Barraclough.
Naive implementation of put_scoped_var. Same story as the
get_scoped_var implementation, although I've hoisted scope
object acquisition into a separate dfg node. Ideally in the
future we would reuse the resolved scope chain object, but
for now we don't.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasScopeChainDepth):
(JSC::DFG::Node::scopeChainDepth):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-22 Gavin Barraclough <barraclough@apple.com>
Implement Function.prototype.bind
https://bugs.webkit.org/show_bug.cgi?id=26382
Reviewed by Sam Weinig.
This patch provides a basic functional implementation
for Function.bind. It should (hopefully!) be fully
functionally correct, and the bound functions can be
called to quickly (since they are a subclass of
JSFunction, not InternalFunction), but we'll probably
want to follow up with some optimization work to keep
bound calls in JIT code.
* JavaScriptCore.JSVALUE32_64only.exp:
* JavaScriptCore.JSVALUE64only.exp:
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/JITStubs.h:
* jsc.cpp:
(GlobalObject::addFunction):
* runtime/CommonIdentifiers.h:
* runtime/ConstructData.h:
* runtime/Executable.h:
(JSC::NativeExecutable::NativeExecutable):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
(JSC::functionProtoFuncBind):
* runtime/FunctionPrototype.h:
* runtime/JSBoundFunction.cpp: Added.
(JSC::boundFunctionCall):
(JSC::boundFunctionConstruct):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::hasInstance):
(JSC::JSBoundFunction::getOwnPropertySlot):
(JSC::JSBoundFunction::getOwnPropertyDescriptor):
(JSC::JSBoundFunction::JSBoundFunction):
(JSC::JSBoundFunction::finishCreation):
* runtime/JSBoundFunction.h: Added.
(JSC::JSBoundFunction::targetFunction):
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):
* runtime/JSFunction.cpp:
(JSC::JSFunction::create):
(JSC::JSFunction::finishCreation):
(JSC::createDescriptorForThrowingProperty):
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSFunction.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::getHostFunction):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::boundFunctionStructure):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
2011-09-22 Oliver Hunt <oliver@apple.com>
Implement get_scoped_var in the DFG
https://bugs.webkit.org/show_bug.cgi?id=68640
Reviewed by Gavin Barraclough.
Naive implementation of get_scoped_var in the DFG. Essentially this
is the bare minimum required to get correct behaviour, so there's no
load/store coalescing or type profiling involved, even though these
would be wins. No impact on SunSpider or V8.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasVarNumber):
(JSC::DFG::Node::hasScopeChainDepth):
(JSC::DFG::Node::scopeChainDepth):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-22 Adam Roben <aroben@apple.com>
Remove FindSafari from all our .sln files
It isn't used anymore, so there's no point in building it.
Part of <http://webkit.org/b/68628> Remove FindSafari
Reviewed by Steve Falkenburg.
* JavaScriptCore.vcproj/JavaScriptCore.sln:
2011-09-22 Filip Pizlo <fpizlo@apple.com>
32-bit call code clobbers the function cell tag
https://bugs.webkit.org/show_bug.cgi?id=68606
Reviewed by Csaba Osztrogonác.
This is a minimalistic fix: it simply emits code to restore the
cell tag on the slow path, if we know that we failed due to
emitCallIfNotType.
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallVarargsSlowCase):
(JSC::JIT::compileOpCallSlowCase):
2011-09-21 Gavin Barraclough <barraclough@apple.com>
Add missing addPtr->add32 mapping for X86.
Rubber stamped by Sam Weinig.
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::addPtr):
2011-09-21 Gavin Barraclough <barraclough@apple.com>
Add missing addDouble for AbsoluteAddress to X86
Rubber stamped by Geoff Garen.
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::addDouble):
* assembler/X86Assembler.h:
(JSC::X86Assembler::addsd_mr):
(JSC::X86Assembler::cvtsi2sd_rr):
(JSC::X86Assembler::cvtsi2sd_mr):
2011-09-21 Gavin Barraclough <barraclough@apple.com>
Build fix following fix for bug #68586.
* jit/JIT.cpp:
* jit/JITInlineMethods.h:
2011-09-21 Filip Pizlo <fpizlo@apple.com>
DFG JIT should be able to compile op_throw
https://bugs.webkit.org/show_bug.cgi?id=68571
Reviewed by Geoffrey Garen.
This compiles op_throw in the simplest way possible: it's an OSR
point back to the old JIT. This is a good step towards increasing
coverage, particularly on Kraken, but it's neutral because the
same functions that do throw also use some other unsupported
opcodes.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-21 Filip Pizlo <fpizlo@apple.com>
DFG should support continuous optimization
https://bugs.webkit.org/show_bug.cgi?id=68329
Reviewed by Geoffrey Garen.
This adds the ability to reoptimize a code block if speculation
failures happen frequently. 6% speed-up on Kraken, 1% slow-down
on V8, neutral on SunSpider.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::ProgramCodeBlock::jettison):
(JSC::EvalCodeBlock::jettison):
(JSC::FunctionCodeBlock::jettison):
(JSC::CodeBlock::shouldOptimizeNow):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/CodeBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getStrongPrediction):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::noticeOSREntry):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntry.h:
(JSC::DFG::getOSREntryDataBytecodeIndex):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::ConservativeRoots):
(JSC::ConservativeRoots::~ConservativeRoots):
(JSC::DummyMarkHook::mark):
(JSC::ConservativeRoots::genericAddPointer):
(JSC::ConservativeRoots::genericAddSpan):
(JSC::ConservativeRoots::add):
* heap/ConservativeRoots.h:
* heap/Heap.cpp:
(JSC::Heap::addJettisonCodeBlock):
(JSC::Heap::markRoots):
* heap/Heap.h:
* heap/JettisonedCodeBlocks.cpp: Added.
(JSC::JettisonedCodeBlocks::JettisonedCodeBlocks):
(JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks):
(JSC::JettisonedCodeBlocks::addCodeBlock):
(JSC::JettisonedCodeBlocks::clearMarks):
(JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks):
(JSC::JettisonedCodeBlocks::traceCodeBlocks):
* heap/JettisonedCodeBlocks.h: Added.
(JSC::JettisonedCodeBlocks::mark):
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::gatherConservativeRoots):
* interpreter/RegisterFile.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Executable.cpp:
(JSC::jettisonCodeBlock):
(JSC::EvalExecutable::jettisonOptimizedCode):
(JSC::ProgramExecutable::jettisonOptimizedCode):
(JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
(JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
* runtime/Executable.h:
(JSC::FunctionExecutable::jettisonOptimizedCodeFor):
* wtf/BitVector.h: Added.
(WTF::BitVector::BitVector):
(WTF::BitVector::~BitVector):
(WTF::BitVector::operator=):
(WTF::BitVector::size):
(WTF::BitVector::ensureSize):
(WTF::BitVector::resize):
(WTF::BitVector::clearAll):
(WTF::BitVector::get):
(WTF::BitVector::set):
(WTF::BitVector::clear):
(WTF::BitVector::bitsInPointer):
(WTF::BitVector::maxInlineBits):
(WTF::BitVector::byteCount):
(WTF::BitVector::makeInlineBits):
(WTF::BitVector::OutOfLineBits::numBits):
(WTF::BitVector::OutOfLineBits::numWords):
(WTF::BitVector::OutOfLineBits::bits):
(WTF::BitVector::OutOfLineBits::create):
(WTF::BitVector::OutOfLineBits::destroy):
(WTF::BitVector::OutOfLineBits::OutOfLineBits):
(WTF::BitVector::isInline):
(WTF::BitVector::outOfLineBits):
(WTF::BitVector::resizeOutOfLine):
(WTF::BitVector::bits):
2011-09-21 Gavin Barraclough <barraclough@apple.com>
Add X86 GPRInfo for DFG JIT.
https://bugs.webkit.org/show_bug.cgi?id=68586
Reviewed by Geoff Garen.
* dfg/DFGGPRInfo.h:
(JSC::DFG::GPRInfo::toRegister):
(JSC::DFG::GPRInfo::toIndex):
(JSC::DFG::GPRInfo::debugName):
2011-09-21 Gavin Barraclough <barraclough@apple.com>
Should support value profiling on CPU(X86)
https://bugs.webkit.org/show_bug.cgi?id=68575
Reviewed by Sam Weinig.
Fix verbose profiling in ToT (SlowCaseProfile had been
partially renamed to RareCaseProfile), add in-memory
bucket counter for CPU(X86), move JIT::m_canBeOptimized
out of the DFG_JIT ifdef.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resetRareCaseProfiles):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/CodeBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::makeSafe):
* jit/JIT.cpp:
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
2011-09-21 Filip Pizlo <fpizlo@apple.com>
DFG does not support compiling functions as constructors
https://bugs.webkit.org/show_bug.cgi?id=68500
Reviewed by Oliver Hunt.
This adds support for compiling constructors to the DFG. It's a
1% speed-up on V8, mostly due to a 6% speed-up on early-boyer.
It's also a 13% win on access-binary-trees, but it's neutral in
the SunSpider and Kraken averages.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::mightCompileFunctionForConstruct):
(JSC::DFG::canCompileOpcode):
* dfg/DFGNode.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/Executable.cpp:
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::FunctionExecutable::compileForConstruct):
(JSC::FunctionExecutable::compileFor):
(JSC::FunctionExecutable::compileOptimizedFor):
2011-09-21 Gavin Barraclough <barraclough@apple.com>
Replace jsFunctionVPtr compares with a type check on the Structure.
https://bugs.webkit.org/show_bug.cgi?id=68557
Reviewed by Oliver Hunt.
This will permit calls to still optimize to subclasses of JSFunction
that have the correct type (but a different C++ vptr).
This patch stops passing the globalData into numerous functions.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::isFunctionConstant):
(JSC::DFG::Graph::valueOfFunctionConstant):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::isFunctionConstant):
(JSC::DFG::JITCompiler::valueOfFunctionConstant):
* dfg/DFGOperations.cpp:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITInlineMethods.h:
(JSC::JIT::emitJumpIfNotType):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Executable.h:
(JSC::isHostFunction):
* runtime/JSFunction.h:
(JSC::JSFunction::createStructure):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::putWithAttributes):
* runtime/JSObject.h:
(JSC::getJSFunction):
(JSC::JSObject::putDirect):
(JSC::JSObject::putDirectWithoutTransition):
* runtime/JSType.h:
2011-09-21 Geoffrey Garen <ggaren@apple.com>
Removed WTFTHREADDATA_MULTITHREADED, making it always true
https://bugs.webkit.org/show_bug.cgi?id=68549
Reviewed by Darin Adler.
Another part of making threads exist in WebKit.
* wtf/WTFThreadData.cpp:
* wtf/WTFThreadData.h:
(WTF::wtfThreadData):
2011-09-21 Dan Bernstein <mitz@apple.com>
JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes
https://bugs.webkit.org/show_bug.cgi?id=68451
Reviewed by Darin Adler.
* JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes
check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS".
2011-09-20 Gavin Barraclough <barraclough@apple.com>
MacroAssembler fixes.
https://bugs.webkit.org/show_bug.cgi?id=68494
Reviewed by Sam Weinig.
Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::orPtr):
(JSC::MacroAssembler::loadPtr):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::or32):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::or32):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::or32):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::or32):
(JSC::MacroAssemblerSH4::load32):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::load32):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::load32):
2011-09-20 Geoffrey Garen <ggaren@apple.com>
Some Heap cleanup.
Reviewed by Beth Dakin.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath()
because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock()
since there is only one now.
* heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused.
Updated mark bit overhead calculation. Deployed atomsPerBlock in one
place where we were recalculating it.
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::addBlock): Updated for rename.
2011-09-20 Filip Pizlo <fpizlo@apple.com>
DFG JIT always speculates integer on modulo
https://bugs.webkit.org/show_bug.cgi?id=68485
Reviewed by Oliver Hunt.
Added support for double modulo, which is a call to fmod().
Also added support for recording the old JIT's statistics
on op_mod and propagating them along the graph. Finally,
fixed a goof in the ArithNodeFlags propagation logic that
was made obvious when I started testing ArithMod.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasArithNodeFlags):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateArithNodeFlags):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-20 ChangSeok Oh <shivamidow@gmail.com>
[GTK] requestAnimationFrame support for gtk port
https://bugs.webkit.org/show_bug.cgi?id=66280
Reviewed by Martin Robinson.
Let GTK port use REQUEST_ANIMATION_FRAME_TIMER.
* wtf/Platform.h:
2011-09-20 Filip Pizlo <fpizlo@apple.com>
DFG JIT performs too many negative zero checks, and too many
overflow checks
https://bugs.webkit.org/show_bug.cgi?id=68430
Reviewed by Oliver Hunt.
This adds comprehensive support for deciding how to perform an
arithmetic operations based on a combination of overflow profiling,
negative zero profiling, value profiling, and a static analysis of
how the results of these operations get used.
This is a 72% speed-up on stanford-crypto-sha256-iterative, and a
2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8
geomean, and neutral on SunSpider. It's also an 8.5% speed-up on
V8-crypto, because apparenty everything we do speeds up crypto.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::toInt32):
(JSC::DFG::ByteCodeParser::toNumber):
(JSC::DFG::ByteCodeParser::isSmallInt32Constant):
(JSC::DFG::ByteCodeParser::valueOfInt32Constant):
(JSC::DFG::ByteCodeParser::weaklyPredictInt32):
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::handleMinMax):
(JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
* dfg/DFGNode.h:
(JSC::DFG::nodeUsedAsNumber):
(JSC::DFG::nodeCanTruncateInteger):
(JSC::DFG::nodeCanIgnoreNegativeZero):
(JSC::DFG::nodeCanSpeculateInteger):
(JSC::DFG::arithNodeFlagsAsString):
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasArithNodeFlags):
(JSC::DFG::Node::rawArithNodeFlags):
(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::arithNodeFlagsForCompare):
(JSC::DFG::Node::setArithNodeFlag):
(JSC::DFG::Node::mergeArithNodeFlags):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::isNotNegZero):
(JSC::DFG::Propagator::isNotZero):
(JSC::DFG::Propagator::propagateArithNodeFlags):
(JSC::DFG::Propagator::propagateArithNodeFlagsForward):
(JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::propagatePredictionsForward):
(JSC::DFG::Propagator::propagatePredictionsBackward):
(JSC::DFG::Propagator::toDouble):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::fixup):
(JSC::DFG::Propagator::startIndexForChildren):
(JSC::DFG::Propagator::endIndexForPureCSE):
(JSC::DFG::Propagator::pureCSE):
(JSC::DFG::Propagator::clobbersWorld):
(JSC::DFG::Propagator::setReplacement):
(JSC::DFG::Propagator::performNodeCSE):
(JSC::DFG::Propagator::localCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2011-09-19 Oliver Hunt <oliver@apple.com>
Refactor Heap allocation logic into separate AllocationSpace class
https://bugs.webkit.org/show_bug.cgi?id=68409
Reviewed by Gavin Barraclough.
This patch hoists direct manipulation of the MarkedSpace and related
data out of Heap and into a separate class. This will allow us to
have multiple allocation spaces in future, so easing the way towards
having GC'd backing stores for objects.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/Debugger.cpp:
(JSC::Debugger::recompileAllJSFunctions):
* heap/AllocationSpace.cpp: Added.
(JSC::AllocationSpace::tryAllocate):
(JSC::AllocationSpace::allocateSlowCase):
(JSC::AllocationSpace::allocateBlock):
(JSC::AllocationSpace::freeBlocks):
(JSC::TakeIfEmpty::TakeIfEmpty):
(JSC::TakeIfEmpty::operator()):
(JSC::TakeIfEmpty::returnValue):
(JSC::AllocationSpace::shrink):
* heap/AllocationSpace.h: Added.
(JSC::AllocationSpace::AllocationSpace):
(JSC::AllocationSpace::blocks):
(JSC::AllocationSpace::sizeClassFor):
(JSC::AllocationSpace::setHighWaterMark):
(JSC::AllocationSpace::highWaterMark):
(JSC::AllocationSpace::canonicalizeBlocks):
(JSC::AllocationSpace::resetAllocator):
(JSC::AllocationSpace::forEachCell):
(JSC::AllocationSpace::forEachBlock):
(JSC::AllocationSpace::allocate):
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::reportExtraMemoryCostSlowCase):
(JSC::Heap::getConservativeRegisterRoots):
(JSC::Heap::markRoots):
(JSC::Heap::clearMarks):
(JSC::Heap::sweep):
(JSC::Heap::objectCount):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::globalObjectCount):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::collect):
(JSC::Heap::canonicalizeBlocks):
(JSC::Heap::resetAllocator):
(JSC::Heap::freeBlocks):
(JSC::Heap::shrink):
* heap/Heap.h:
(JSC::Heap::objectSpace):
(JSC::Heap::sizeClassForObject):
(JSC::Heap::allocate):
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateBasicJSObject):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::recompileAllJSFunctions):
(JSC::JSGlobalData::releaseExecutableMemory):
2011-09-19 Geoffrey Garen <ggaren@apple.com>
Removed BREWMP* platform #ifdefs
https://bugs.webkit.org/show_bug.cgi?id=68425
BREWMP* has no maintainer, and this is dead code.
Reviewed by Darin Adler.
* heap/MarkStack.h:
(JSC::::shrinkAllocation):
* jit/ExecutableAllocator.h:
(JSC::ExecutableAllocator::cacheFlush):
* runtime/TimeoutChecker.cpp:
(JSC::getCPUTime):
* wtf/Assertions.cpp:
* wtf/Assertions.h:
* wtf/CurrentTime.cpp:
* wtf/DateMath.cpp:
(WTF::calculateUTCOffset):
* wtf/FastMalloc.cpp:
(WTF::fastMalloc):
(WTF::fastCalloc):
(WTF::fastMallocSize):
* wtf/FastMalloc.h:
* wtf/MainThread.cpp:
* wtf/MathExtras.h:
* wtf/OwnPtrCommon.h:
* wtf/Platform.h:
* wtf/RandomNumber.cpp:
(WTF::randomNumber):
* wtf/RandomNumberSeed.h:
(WTF::initializeRandomNumberGenerator):
* wtf/text/WTFString.h:
* wtf/unicode/Unicode.h:
2011-09-20 Adam Roben <aroben@apple.com>
Windows build fix after r95523
* wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined.
2011-09-18 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not speculate aggressively enough on GetById
https://bugs.webkit.org/show_bug.cgi?id=68320
Reviewed by Oliver Hunt.
This adds the ability to access properties directly, by offset.
This optimization kicks in when at the time of DFG compilation,
it appears that the given get_by_id is self-cached by the old JIT.
Two new opcodes get introduced: CheckStructure and GetByOffset.
CheckStructure performs a speculation check on the object's
structure, and returns the storage pointer. GetByOffset performs
a direct read of the field from the storage pointer. Both
CheckStructure and GetByOffset can be CSE'd, so that we can
eliminate redundant structure checks, and redundant reads of the
same field.
This is a 4% speed-up on V8, a 2% slow-down on Kraken, and
neutral on SunSpider.
* bytecode/PredictedType.cpp:
(JSC::predictionFromClassInfo):
(JSC::predictionFromStructure):
(JSC::predictionFromCell):
* bytecode/PredictedType.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::dataFormatToString):
(JSC::DFG::needDataFormatConversion):
(JSC::DFG::GenerationInfo::initStorage):
(JSC::DFG::GenerationInfo::spill):
(JSC::DFG::GenerationInfo::fillStorage):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::getPrediction):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::fillStorage):
(JSC::DFG::GPRTemporary::GPRTemporary):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::spill):
(JSC::DFG::JITCodeGenerator::storageResult):
(JSC::DFG::StorageOperand::StorageOperand):
(JSC::DFG::StorageOperand::~StorageOperand):
(JSC::DFG::StorageOperand::index):
(JSC::DFG::StorageOperand::gpr):
(JSC::DFG::StorageOperand::use):
* dfg/DFGNode.h:
(JSC::DFG::OpInfo::OpInfo):
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasPrediction):
(JSC::DFG::Node::hasStructure):
(JSC::DFG::Node::structure):
(JSC::DFG::Node::hasStorageAccessData):
(JSC::DFG::Node::storageAccessDataIndex):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::globalVarLoadElimination):
(JSC::DFG::Propagator::getMethodLoadElimination):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
* wtf/StdLibExtras.h:
(WTF::safeCast):
2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
Remove toPrimitive from JSCell
https://bugs.webkit.org/show_bug.cgi?id=67875
Reviewed by Darin Adler.
Part of the refactoring process to un-virtualize JSCell. We move
all of the implicit functionality provided by the virtual toPrimitive method
in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
also de-virtualizing JSCell::toPrimitive.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
(JSC::JSCell::toPrimitive):
* runtime/JSCell.h:
We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
JSObject. This pushes the virtual method further down, enabling us to get rid
of the virtual call in JSCell. Eventually we'll probably have to deal with this
again, but we'll cross that bridge when we come to it.
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::defaultValue):
* runtime/JSNotAnObject.h:
* runtime/JSObject.h:
* runtime/JSString.h:
2011-09-19 Geoffrey Garen <ggaren@apple.com>
Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs
https://bugs.webkit.org/show_bug.cgi?id=68424
As discussed on webkit-dev. All ports build with threads enabled in JSC now.
This may break WinCE and other ports that have not built and tested with
this configuration. I've filed bugs for port maintainers. It's time for
WebKit to move forward.
Reviewed by Mark Rowe.
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::~Heap):
(JSC::Heap::destroy):
(JSC::Heap::blockFreeingThreadMain):
(JSC::Heap::allocateBlock):
(JSC::Heap::freeBlocks):
(JSC::Heap::releaseFreeBlocks):
* heap/Heap.h:
* wtf/Platform.h:
2011-09-19 Geoffrey Garen <ggaren@apple.com>
Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs
https://bugs.webkit.org/show_bug.cgi?id=68423
As discussed on webkit-dev. All ports build with threads enabled in WTF now.
This may break WinCE and other ports that have not built and tested with
this configuration. I've filed bugs for port maintainers. It's time for
WebKit to move forward.
Reviewed by Mark Rowe.
* wtf/CryptographicallyRandomNumber.cpp:
(WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
(WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
* wtf/FastMalloc.cpp:
* wtf/Platform.h:
* wtf/RandomNumber.cpp:
(WTF::randomNumber):
* wtf/RefCountedLeakCounter.cpp:
(WTF::RefCountedLeakCounter::increment):
(WTF::RefCountedLeakCounter::decrement):
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading):
* wtf/ThreadingWin.cpp:
(WTF::initializeThreading):
* wtf/dtoa.cpp:
(WTF::pow5mult):
* wtf/gtk/ThreadingGtk.cpp:
(WTF::initializeThreading):
* wtf/qt/ThreadingQt.cpp:
(WTF::initializeThreading):
2011-09-19 Geoffrey Garen <ggaren@apple.com>
Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs.
https://bugs.webkit.org/show_bug.cgi?id=68422
As discussed on webkit-dev. All ports build with threads enabled in JSC now.
This may break WinCE and other ports that have not built and tested with
this configuration. I've filed bugs for port maintainers. It's time for
WebKit to move forward.
Reviewed by Sam Weinig.
* API/APIShims.h:
(JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
* API/JSContextRef.cpp:
* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::MachineThreads):
(JSC::MachineThreads::~MachineThreads):
(JSC::MachineThreads::gatherConservativeRoots):
* heap/MachineStackMarker.h:
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
(JSC::initializeThreading):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::sharedInstance):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::makeUsableFromMultipleThreads):
* runtime/JSLock.cpp:
* runtime/Structure.cpp:
* wtf/Platform.h:
2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r95493 and r95496.
http://trac.webkit.org/changeset/95493
http://trac.webkit.org/changeset/95496
https://bugs.webkit.org/show_bug.cgi?id=68418
Broke Windows build (Requested by rniwa on #webkit).
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/Debugger.cpp:
(JSC::Debugger::recompileAllJSFunctions):
* heap/AllocationSpace.cpp: Removed.
* heap/AllocationSpace.h: Removed.
* heap/Heap.cpp:
(JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
(JSC::CountFunctor::TakeIfEmpty::operator()):
(JSC::CountFunctor::TakeIfEmpty::returnValue):
(JSC::Heap::Heap):
(JSC::Heap::reportExtraMemoryCostSlowCase):
(JSC::Heap::tryAllocate):
(JSC::Heap::allocateSlowCase):
(JSC::Heap::getConservativeRegisterRoots):
(JSC::Heap::markRoots):
(JSC::Heap::clearMarks):
(JSC::Heap::sweep):
(JSC::Heap::objectCount):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::globalObjectCount):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::collect):
(JSC::Heap::canonicalizeBlocks):
(JSC::Heap::resetAllocator):
(JSC::Heap::allocateBlock):
(JSC::Heap::freeBlocks):
(JSC::Heap::shrink):
* heap/Heap.h:
(JSC::Heap::markedSpace):
(JSC::Heap::forEachCell):
(JSC::Heap::forEachBlock):
(JSC::Heap::sizeClassFor):
(JSC::Heap::allocate):
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateBasicJSObject):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::recompileAllJSFunctions):
(JSC::JSGlobalData::releaseExecutableMemory):
2011-09-19 Gavin Barraclough <barraclough@apple.com>
Errrk, missed stylebot comments in last commit.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncSplit):
2011-09-19 Gavin Barraclough <barraclough@apple.com>
String#split is buggy
https://bugs.webkit.org/show_bug.cgi?id=68348
Reviewed by Sam Weinig.
* runtime/StringPrototype.cpp:
(JSC::jsStringWithReuse):
- added helper function to reuse original JSString value.
(JSC::stringProtoFuncSplit):
- Rewritten from the spec.
* tests/mozilla/ecma/String/15.5.4.8-2.js:
(getTestCases):
- This test is not ES5 compliant.
2011-09-19 Geoffrey Garen <ggaren@apple.com>
Removed lots of friend declarations from JSCell, so we can more
effectively make use of private and protected.
Reviewed by Sam Weinig.
* runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of
confusion for not much safety.
(JSC::JSCell::operator new): Made this public because it is used by a
few clients, and not really dangerous.
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::defineGetter):
(JSC::JSObject::defineSetter):
(JSC::JSObject::getPropertySpecificValue):
(JSC::JSObject::getOwnPropertyNames):
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::removeDirect):
(JSC::JSObject::createInheritorID):
(JSC::JSObject::allocatePropertyStorage):
(JSC::JSObject::getOwnPropertyDescriptor):
* runtime/JSObject.h:
(JSC::JSObject::getDirect):
(JSC::JSObject::getDirectLocation):
(JSC::JSObject::hasCustomProperties):
(JSC::JSObject::hasGetterSetterProperties):
(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensible):
(JSC::JSObject::flattenDictionaryObject):
(JSC::JSObject::finishCreation):
(JSC::JSObject::prototype):
(JSC::JSObject::setPrototype):
(JSC::JSObject::inlineGetOwnPropertySlot):
(JSC::JSCell::fastGetOwnProperty):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::transitionTo):
(JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to
structure() / setStructure(), so we don't have to be a friend of JSCell.
* runtime/Structure.h:
(JSC::JSCell::setStructure): Added, to avoid direct access by JSObject
to JSCell::m_structure.
2011-09-19 Adam Barth <abarth@webkit.org>
Always enable ENABLE(EVENTSOURCE)
https://bugs.webkit.org/show_bug.cgi?id=68414
Reviewed by Eric Seidel.
* Configurations/FeatureDefines.xcconfig:
2011-09-19 Eli Fidler <efidler@rim.com>
Enable JSC_MULTIPLE_THREADS for OS(QNX).
https://bugs.webkit.org/show_bug.cgi?id=68047
Reviewed by Daniel Bates.
SA_RESTART was required for SIGUSR2-based debugging, but is not
present on QNX. This debugging doesn't seem critical to
JSC_MULTIPLE_THREADS, so allow it to proceed.
* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::Thread::Thread):
(JSC::getPlatformThreadRegisters):
(JSC::otherThreadStackPointer):
(JSC::freePlatformThreadRegisters):
* wtf/Platform.h: enable PTHREADS for OS(QNX)
2011-09-19 Oliver Hunt <oliver@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-09-19 Oliver Hunt <oliver@apple.com>
Refactor Heap allocation logic into separate AllocationSpace class
https://bugs.webkit.org/show_bug.cgi?id=68409
Reviewed by Gavin Barraclough.
This patch hoists direct manipulation of the MarkedSpace and related
data out of Heap and into a separate class. This will allow us to
have multiple allocation spaces in future, so easing the way towards
having GC'd backing stores for objects.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/Debugger.cpp:
(JSC::Debugger::recompileAllJSFunctions):
* heap/AllocationSpace.cpp: Added.
(JSC::AllocationSpace::tryAllocate):
(JSC::AllocationSpace::allocateSlowCase):
(JSC::AllocationSpace::allocateBlock):
(JSC::AllocationSpace::freeBlocks):
(JSC::TakeIfEmpty::TakeIfEmpty):
(JSC::TakeIfEmpty::operator()):
(JSC::TakeIfEmpty::returnValue):
(JSC::AllocationSpace::shrink):
* heap/AllocationSpace.h: Added.
(JSC::AllocationSpace::AllocationSpace):
(JSC::AllocationSpace::blocks):
(JSC::AllocationSpace::sizeClassFor):
(JSC::AllocationSpace::setHighWaterMark):
(JSC::AllocationSpace::highWaterMark):
(JSC::AllocationSpace::canonicalizeBlocks):
(JSC::AllocationSpace::resetAllocator):
(JSC::AllocationSpace::forEachCell):
(JSC::AllocationSpace::forEachBlock):
(JSC::AllocationSpace::allocate):
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::reportExtraMemoryCostSlowCase):
(JSC::Heap::getConservativeRegisterRoots):
(JSC::Heap::markRoots):
(JSC::Heap::clearMarks):
(JSC::Heap::sweep):
(JSC::Heap::objectCount):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::globalObjectCount):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::collect):
(JSC::Heap::canonicalizeBlocks):
(JSC::Heap::resetAllocator):
(JSC::Heap::freeBlocks):
(JSC::Heap::shrink):
* heap/Heap.h:
(JSC::Heap::objectSpace):
(JSC::Heap::sizeClassForObject):
(JSC::Heap::allocate):
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateBasicJSObject):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::recompileAllJSFunctions):
(JSC::JSGlobalData::releaseExecutableMemory):
2011-09-19 Adam Roben <aroben@apple.com>
Windows build fix after r95310
* JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added
include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found.
2011-09-19 Filip Pizlo <fpizlo@apple.com>
DFG speculation failures should act as additional value profiles
https://bugs.webkit.org/show_bug.cgi?id=68335
Reviewed by Oliver Hunt.
This adds slow-case counters to the old JIT. It also ensures that
negative zero in multiply is handled carefully. The old JIT
previously took slow path if the result of a multiply was zero,
which, without any changes, would cause the DFG to think that
every such multiply produced a double result.
This also fixes a bug in the old JIT's handling of decrements. It
would take the slow path if the result was zero, but not if it
underflowed.
By itself, this would be a 1% slow-down on V8 and Kraken. But then
I wrote optimizations in the DFG that take advantage of this new
information. It's no longer the case that every multiply needs to
do a check for negative zero; it only happens if the negative
zero is ignored.
This results in a 12% speed-up on v8-crypto, for a 1.4% geomean
speed-up in V8. It's mostly neutral on Kraken. I can see an
0.5% slow-down and it appears to be significant.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resetRareCaseProfiles):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/CodeBlock.h:
* bytecode/ValueProfile.h:
(JSC::RareCaseProfile::RareCaseProfile):
(JSC::getRareCaseProfileBytecodeOffset):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::toInt32):
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::GPRTemporary::GPRTemporary):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::clobbersWorld):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* jit/JIT.cpp:
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
(JSC::JIT::linkDummySlowCase):
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_post_dec):
(JSC::JIT::emit_op_pre_dec):
(JSC::JIT::compileBinaryArithOp):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):
* jit/JITInlineMethods.h:
(JSC::JIT::addSlowCase):
2011-09-19 Adam Roben <aroben@apple.com>
Windows build fix after r94575
* JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp
now builds just before FindSafari.
2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r95466.
http://trac.webkit.org/changeset/95466
https://bugs.webkit.org/show_bug.cgi?id=68389
Incorrect version of the patch. (Requested by mhahnenberg on
#webkit).
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
(JSC::JSCell::toPrimitive):
* runtime/JSCell.h:
(JSC::JSCell::JSValue::toPrimitive):
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::toPrimitive):
* runtime/JSNotAnObject.h:
* runtime/JSObject.h:
* runtime/JSString.h:
2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
Remove toPrimitive from JSCell
https://bugs.webkit.org/show_bug.cgi?id=67875
Reviewed by Geoffrey Garen.
Part of the refactoring process to un-virtualize JSCell. We move
all of the implicit functionality provided by the virtual toPrimitive method
in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
also de-virtualizing JSCell::toPrimitive.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
(JSC::JSCell::toPrimitive):
* runtime/JSCell.h:
We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
JSObject. This pushes the virtual method further down, enabling us to get rid
of the virtual call in JSCell. Eventually we'll probably have to deal with this
again, but we'll cross that bridge when we come to it.
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::defaultValue):
* runtime/JSNotAnObject.h:
* runtime/JSObject.h:
* runtime/JSString.h:
(JSC::JSValue::toPrimitive):
2011-09-19 Oliver Hunt <oliver@apple.com>
Build fix.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::compileGetDirectOffset):
2011-09-19 Oliver Hunt <oliver@apple.com>
Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp}
https://bugs.webkit.org/show_bug.cgi?id=68376
Reviewed by Gavin Barraclough.
Renamed the the MarkedSpace files to match new name, and
updated the relevant references.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.h:
* heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp.
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::addBlock):
(JSC::MarkedSpace::removeBlock):
(JSC::MarkedSpace::resetAllocator):
(JSC::MarkedSpace::canonicalizeBlocks):
* heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h.
(JSC::MarkedSpace::waterMark):
(JSC::MarkedSpace::highWaterMark):
(JSC::MarkedSpace::setHighWaterMark):
(JSC::MarkedSpace::sizeClassFor):
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::SizeClass::SizeClass):
(JSC::MarkedSpace::SizeClass::resetAllocator):
(JSC::MarkedSpace::SizeClass::canonicalizeBlock):
* runtime/JSCell.h:
2011-09-19 Oliver Hunt <oliver@apple.com>
Rename NewSpace to MarkedSpace
https://bugs.webkit.org/show_bug.cgi?id=68375
Reviewed by Gavin Barraclough.
Rename NewSpace to a more accurate name, and update all uses.
This patch doesn't rename the files themselves as that will
just make the patch appear bigger than it is.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* heap/Heap.cpp:
(JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
(JSC::CountFunctor::TakeIfEmpty::operator()):
(JSC::Heap::Heap):
(JSC::Heap::reportExtraMemoryCostSlowCase):
(JSC::Heap::tryAllocate):
(JSC::Heap::allocateSlowCase):
(JSC::Heap::collect):
(JSC::Heap::canonicalizeBlocks):
(JSC::Heap::resetAllocator):
(JSC::Heap::isValidAllocation):
(JSC::Heap::shrink):
* heap/Heap.h:
(JSC::Heap::markedSpace):
(JSC::Heap::sizeClassFor):
(JSC::Heap::allocate):
* heap/NewSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::addBlock):
(JSC::MarkedSpace::removeBlock):
(JSC::MarkedSpace::resetAllocator):
(JSC::MarkedSpace::canonicalizeBlocks):
* heap/NewSpace.h:
(JSC::MarkedSpace::waterMark):
(JSC::MarkedSpace::highWaterMark):
(JSC::MarkedSpace::setHighWaterMark):
(JSC::MarkedSpace::sizeClassFor):
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::SizeClass::SizeClass):
(JSC::MarkedSpace::SizeClass::resetAllocator):
(JSC::MarkedSpace::SizeClass::canonicalizeBlock):
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateBasicJSObject):
2011-09-19 Peter Rybin <peter.rybin@gmail.com>
TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes
https://bugs.webkit.org/show_bug.cgi?id=63541
Reviewed by Adam Barth.
* parser/SourceProvider.h:
(JSC::SourceProvider::startPosition):
* wtf/text/TextPosition.h:
(WTF::OrdinalNumber::fromZeroBasedInt):
(WTF::OrdinalNumber::fromOneBasedInt):
(WTF::OrdinalNumber::OrdinalNumber):
(WTF::OrdinalNumber::zeroBasedInt):
(WTF::OrdinalNumber::oneBasedInt):
(WTF::OrdinalNumber::operator==):
(WTF::OrdinalNumber::operator!=):
(WTF::OrdinalNumber::first):
(WTF::OrdinalNumber::beforeFirst):
(WTF::TextPosition::TextPosition):
(WTF::TextPosition::minimumPosition):
(WTF::TextPosition::belowRangePosition):
2011-09-19 Dan Bernstein <mitz@apple.com>
JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes
https://bugs.webkit.org/show_bug.cgi?id=68323
Reviewed by Sam Weinig.
Renamed WTFMainThreadCaller to JSWTFMainThreadCaller.
* wtf/mac/MainThreadMac.mm:
(WTF::initializeMainThreadPlatform):
(WTF::initializeMainThreadToProcessMainThreadPlatform):
2011-09-19 Oliver Hunt <oliver@apple.com>
Remove direct property slot pointers from the instruction stream
https://bugs.webkit.org/show_bug.cgi?id=68373
Reviewed by Gavin Barraclough.
Use an indirect load to access prototype properties rather than directly
storing the property address in the instruction stream. This should allow
further optimisations in future, and also provides a 0.5% win to sunspider.
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::compileGetDirectOffset):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::compileGetDirectOffset):
* runtime/JSObject.h:
(JSC::JSObject::addressOfPropertyStorage):
2011-09-19 Oliver Hunt <oliver@apple.com>
Remove bump allocator
https://bugs.webkit.org/show_bug.cgi?id=68370
Reviewed by Sam Weinig.
Can't do anything with this allocator currently, and it's
increasing the complexity of the GC code. Slight progression
on SunSpider, slight regression (undoing the original progression)
in V8.
* heap/Heap.cpp:
(JSC::Heap::collect):
* heap/Heap.h:
* heap/NewSpace.cpp:
(JSC::NewSpace::NewSpace):
* heap/NewSpace.h:
(JSC::NewSpace::allocate):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSC::JSObject::~JSObject):
(JSC::JSObject::visitChildrenDirect):
* runtime/StorageBarrier.h:
(JSC::StorageBarrier::set):
2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK] Fix distcheck build
https://bugs.webkit.org/show_bug.cgi?id=68346
Reviewed by Philippe Normand.
* GNUmakefile.list.am:
2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK] Fix distcheck build
https://bugs.webkit.org/show_bug.cgi?id=68241
Reviewed by Martin Robinson.
* GNUmakefile.list.am:
2011-09-18 Dan Bernstein <mitz@apple.com>
Removed ProfilerServer.
Reviewed by Mark Rowe.
* JavaScriptCore.gypi:
* JavaScriptCore.xcodeproj/project.pbxproj:
* profiler/ProfilerServer.h: Removed.
* profiler/ProfilerServer.mm: Removed.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* wscript:
2011-09-17 Filip Pizlo <fpizlo@apple.com>
DFG JIT should inline Math.min, Math.max, and Math.sqrt
https://bugs.webkit.org/show_bug.cgi?id=68318
Reviewed by Gavin Barraclough.
Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for
a function to have an intrinsic but not a thunk generator. This is
a 7% speed-up on access-nbody, and neutral elsewhere, mainly because
we're still not DFG compiling the bulk of the hot code in Kraken audio
benchmarks.
* create_hash_table:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleMinMax):
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGIntrinsic.h:
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
2011-09-18 Nico Weber <thakis@chromium.org>
Remove two files from JavaScriptCore.gypi that were removed in r95240
https://bugs.webkit.org/show_bug.cgi?id=68327
Unreviewed, build warning fix.
* JavaScriptCore.gypi:
2011-09-17 Oliver Hunt <oliver@apple.com>
Remove special case handling of inline storage from the JIT
https://bugs.webkit.org/show_bug.cgi?id=68319
Reviewed by Gavin Barraclough.
Simplify logic used for reading and writing to property storage
by removing the special cases for inline storage. This has no
perf impact.
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryBuildGetByIDList):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::compilePutDirectOffset):
(JSC::JIT::compileGetDirectOffset):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompileGetByIdSelfList):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::compilePutDirectOffset):
(JSC::JIT::compileGetDirectOffset):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompileGetByIdSelfList):
2011-09-17 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not have full block-local CSE
https://bugs.webkit.org/show_bug.cgi?id=68316
Reviewed by Oliver Hunt.
This adds block-local CSE to the DFG. CSE runs in the propagator just after
type propagation. It is part of the propagator itself because it needs to
use the propagator's internal data structures to determine which operations
may have side effects. Because it changes the live-ranges of nodes, the
virtual register allocator had to be moved into the propagator so that it
runs after CSE. To ensure that the back-end knows to keep the inputs to
any eliminated node alive for OSR, a new node type, Phantom, was introduced.
It is a no-op but prolonges the live-range of its inputs.
This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on
Kraken.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAliasTracker.h: Removed.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::MethodCheckData::operator==):
(JSC::DFG::MethodCheckData::operator!=):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasVirtualRegister):
(JSC::DFG::Node::setRefCount):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::canonicalize):
(JSC::DFG::Propagator::computeStartIndex):
(JSC::DFG::Propagator::startIndex):
(JSC::DFG::Propagator::pureCSE):
(JSC::DFG::Propagator::globalVarLoadElimination):
(JSC::DFG::Propagator::getByValLoadElimination):
(JSC::DFG::Propagator::getMethodLoadElimination):
(JSC::DFG::Propagator::performSubstitution):
(JSC::DFG::Propagator::setReplacement):
(JSC::DFG::Propagator::performNodeCSE):
(JSC::DFG::Propagator::performBlockCSE):
(JSC::DFG::Propagator::localCSE):
(JSC::DFG::Propagator::allocateVirtualRegisters):
(JSC::DFG::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-16 Filip Pizlo <fpizlo@apple.com>
method_check should repatch itself if it finds that the new structure(s)
are the result of transitions from the old structure(s)
https://bugs.webkit.org/show_bug.cgi?id=68294
Reviewed by Gavin Barraclough.
Previously a patched method_check would slow-path to get_by_id. Now it
slow-paths to method_check_update, which attempts to correct the
method_check due to structure transitions before bailing to get_by_id.
This is a 1-2% speed-up on some benchmarks and is not a slow-down
anywhere, leading to a 0.6% speed-up on the Kraken geomean.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::patchMethodCallProto):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
* runtime/Structure.h:
(JSC::Structure::transitivelyTransitionedFrom):
2011-09-16 Ryosuke Niwa <rniwa@webkit.org>
Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests).
* wtf/Platform.h:
2011-09-16 Sam Weinig <sam@webkit.org>
Rename APIValueWrapper type to APIValueWrapperType for consistency
https://bugs.webkit.org/show_bug.cgi?id=68306
Reviewed by Anders Carlsson.
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
Update name.
* runtime/JSType.h:
Update name and un-indent.
* runtime/Structure.h:
(JSC::JSCell::isAPIValueWrapper):
Update name.
2011-09-16 Sam Weinig <sam@webkit.org>
Remove unused isStrictModeFunction function
https://bugs.webkit.org/show_bug.cgi?id=68305
Reviewed by Anders Carlsson.
* runtime/JSObject.h:
(JSC::JSObject::isStrictModeFunction):
2011-09-16 Sam Weinig <sam@webkit.org>
Cleanup JSTypeInfo a bit
https://bugs.webkit.org/show_bug.cgi?id=68289
Reviewed by Anders Carlsson.
* dfg/DFGOperations.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
Replace direct access to flags() with predicate.
* runtime/JSObject.h:
(JSC::JSFinalObject::createStructure):
Pass FinalObjectType instead of using special IsJSFinalObject.
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::TypeInfo):
Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set.
(JSC::TypeInfo::isFinalObject):
Added.
(JSC::TypeInfo::masqueradesAsUndefined):
(JSC::TypeInfo::implementsHasInstance):
(JSC::TypeInfo::isEnvironmentRecord):
(JSC::TypeInfo::overridesHasInstance):
(JSC::TypeInfo::implementsDefaultHasInstance):
(JSC::TypeInfo::overridesGetOwnPropertySlot):
(JSC::TypeInfo::overridesVisitChildren):
(JSC::TypeInfo::overridesGetPropertyNames):
(JSC::TypeInfo::prohibitsPropertyCaching):
(JSC::TypeInfo::isSetOnFlags1):
(JSC::TypeInfo::isSetOnFlags2):
Replace direct bit twiddling with helper functions.
* runtime/Structure.cpp:
(JSC::Structure::Structure):
Use new isFinalObject() predicate.
2011-09-16 Gavin Barraclough <barraclough@apple.com>
Unsigned bit shift fails under certain conditions in 32 bit builds
https://bugs.webkit.org/show_bug.cgi?id=68166
Reviewed by Geoff Garen.
The major bug here is that the slow case (which handles shifts of
doubles) doesn't check for negative results from an unsigned shift
(which should be unsigned, and as such can't be represented by a
signed integer immediate). The implementation is also flawed for
shifts by negative shift amounts (treats as shift by zero).
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emitRightShift):
(JSC::JIT::emitRightShiftSlowCase):
2011-09-16 Geoffrey Garen <ggaren@apple.com>
Removed undetectable style.filter.
Reviewed by Sam Weinig.
This feature was added in http://trac.webkit.org/changeset/15557 to
support housingmaps.com. But housingmaps.com no longer needs this hack,
we don't know of other websites that need it, and we don't know of
any other browsers that have implemented this feature.
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/JSTypeInfo.h:
* runtime/StringObjectThatMasqueradesAsUndefined.h: Removed.
2011-09-15 Sam Weinig <sam@webkit.org>
Prepare JSTypes for more Object subtypes
https://bugs.webkit.org/show_bug.cgi?id=68200
Reviewed by Gavin Barraclough.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::branchIfNotObject):
* jit/JITInlineMethods.h:
(JSC::JIT::emitJumpIfNotObject):
* runtime/JSGlobalObject.h:
(JSC::Structure::prototypeForLookup):
* runtime/JSObject.h:
(JSC::JSObject::finishCreation):
* runtime/JSType.h:
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::type):
(JSC::TypeInfo::isObject):
(JSC::TypeInfo::isFinal):
(JSC::TypeInfo::prohibitsPropertyCaching):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::finishCreation):
* runtime/Operations.cpp:
(JSC::jsIsObjectType):
* runtime/Structure.cpp:
(JSC::Structure::addPropertyTransitionToExistingStructure):
(JSC::Structure::addPropertyTransition):
* runtime/Structure.h:
(JSC::Structure::isObject):
(JSC::JSCell::isObject):
2011-09-16 Geoffrey Garen <ggaren@apple.com>
Rolled back in r95201 with test failure fixed.
I missed two cases of jumpSlowToHot in rshift -- these cases need to be
sure to initialize regT1 to the int tag, since it will otherwise hold
the top 32 bits of a double.
* jit/JIT.h:
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_lshift):
(JSC::JIT::emitRightShift):
(JSC::JIT::emitRightShiftSlowCase):
(JSC::JIT::emit_op_bitand):
(JSC::JIT::emit_op_bitor):
(JSC::JIT::emit_op_bitxor):
(JSC::JIT::emit_op_bitnot):
(JSC::JIT::emit_op_post_inc):
(JSC::JIT::emit_op_post_dec):
(JSC::JIT::emit_op_pre_inc):
(JSC::JIT::emit_op_pre_dec):
* jit/JITInlineMethods.h:
(JSC::JIT::emitStoreAndMapInt32):
2011-09-16 Filip Pizlo <fpizlo@apple.com>
Unreviewed Windows build fix after 95318.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-09-16 Adam Roben <aroben@apple.com>
Windows build fix after r95310
* JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the
include path so DFGIntrinsic.h can be found.
2011-09-16 Gavin Barraclough <barraclough@apple.com>
Rationalize JSObject::putDirect* methods
https://bugs.webkit.org/show_bug.cgi?id=68274
Reviewed by Sam Weinig.
Delete the *Function variants. These are overall inefficient,
in the way they get the name back from the function rather
than just passing it in.
* JavaScriptCore.exp:
* jsc.cpp:
(GlobalObject::finishCreation):
(GlobalObject::addFunction):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::putWithAttributes):
(JSC::JSObject::defineGetter):
(JSC::JSObject::defineSetter):
* runtime/JSObject.h:
(JSC::JSObject::putDirect):
(JSC::JSObject::putDirectWithoutTransition):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
(JSC::lookupPut):
2011-09-16 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix for Windows.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2011-09-16 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix for non-DFG builds.
* runtime/Executable.h:
(JSC::NativeExecutable::finishCreation):
2011-09-16 Filip Pizlo <fpizlo@apple.com>
DFG JIT should inline Math.abs
https://bugs.webkit.org/show_bug.cgi?id=68227
Reviewed by Oliver Hunt.
This adds the ability to track intrinsic functions throughout the
host function infrastructure, so that the DFG can easily query
whether or not a call's target is intrinsic, and if so, which
intrinsic it is.
On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs)
is transformed into ValueToNumber<-ArithAbs nodes. These nodes
then get optimized using the usual tricks.
Also had to make a completely unrelated change to
DateInstanceCache.h in order to fix a preexisting alphabetical
sorting problem in JSGlobalData.h
This results in a big win in imaging-gaussian-blur: 61% faster
than before. The net win on Kraken is around 13%.
* JavaScriptCore.xcodeproj/project.pbxproj:
* create_hash_table:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::isFunctionConstant):
(JSC::DFG::Graph::valueOfFunctionConstant):
* dfg/DFGIntrinsic.h: Added.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::isFunctionConstant):
(JSC::DFG::JITCodeGenerator::valueOfFunctionConstant):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::isFunctionConstant):
(JSC::DFG::JITCompiler::valueOfFunctionConstant):
* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/JITStubs.h:
* runtime/DateInstanceCache.h:
* runtime/Executable.cpp:
(JSC::ExecutableBase::intrinsic):
(JSC::NativeExecutable::intrinsic):
* runtime/Executable.h:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::finishCreation):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::getHostFunction):
* runtime/JSGlobalData.h:
* runtime/Lookup.cpp:
(JSC::HashTable::createTable):
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
(JSC::HashEntry::initialize):
(JSC::HashEntry::intrinsic):
2011-09-16 Filip Pizlo <fpizlo@apple.com>
REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences
using Domino's online ordering
https://bugs.webkit.org/show_bug.cgi?id=68220
Reviewed by Oliver Hunt.
Weak handle processing can result in new objects being marked, which
results in new WeakReferencesHarvesters being added. But weak
reference harvesters are only processed before weak handle processing,
so there's the risk that a weak reference harvester will persist
until the next collection, by which time it may have been deleted.
* heap/Heap.cpp:
(JSC::Heap::markRoots):
2011-09-16 Csaba Osztrogonác <ossy@webkit.org>
REGRESSION(r95201): It made two tests fail
https://bugs.webkit.org/show_bug.cgi?id=68230
Unreviewed rolling out r95201.
* jit/JIT.h:
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_lshift):
(JSC::JIT::emitRightShift):
(JSC::JIT::emit_op_bitand):
(JSC::JIT::emit_op_bitor):
(JSC::JIT::emit_op_bitxor):
(JSC::JIT::emit_op_bitnot):
(JSC::JIT::emit_op_post_inc):
(JSC::JIT::emit_op_post_dec):
(JSC::JIT::emit_op_pre_inc):
(JSC::JIT::emit_op_pre_dec):
* jit/JITInlineMethods.h:
2011-09-15 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not optimize method_check
https://bugs.webkit.org/show_bug.cgi?id=68215
Reviewed by Oliver Hunt.
MethodCallLinkInfo and StructureStubInfo are now searchable by
bytecodeIndex, so that DFG::ByteCodeParser can use that information
to determine how to optimize GetMethod.
A new node op has been added to DFG: CheckMethod. This is a variant
of GetMethod that has been optimized for the case that GetMethod
always takes the fast path. CheckMethod results in only a very
small amount of code (two loads and two branches in the worst case,
one load and one branch in the best case). CheckMethod behaves as
if it were a constant.
Introduced the notion that a DFG node that is not JSConstant
behaves as a constant. CheckMethod uses this functionality.
This is a 3% speed-up on Kraken, and a small speed-up on V8.
Appears to be neutral on SunSpider.
* bytecode/CodeBlock.h:
(JSC::getStructureStubInfoBytecodeIndex):
(JSC::getMethodCallLinkInfoBytecodeIndex):
* bytecode/PredictedType.cpp:
(JSC::predictionFromCell):
(JSC::predictionFromValue):
* bytecode/PredictedType.h:
* bytecode/StructureStubInfo.h:
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::recordGetMethod):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::getMethodCheckPrediction):
(JSC::DFG::Graph::getPrediction):
(JSC::DFG::Graph::isConstant):
(JSC::DFG::Graph::isJSConstant):
(JSC::DFG::Graph::valueOfJSConstant):
(JSC::DFG::Graph::valueOfInt32Constant):
(JSC::DFG::Graph::valueOfNumberConstant):
(JSC::DFG::Graph::valueOfBooleanConstant):
(JSC::DFG::Graph::valueOfJSConstantNode):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::isKnownNotInteger):
(JSC::DFG::JITCodeGenerator::isKnownNotNumber):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentSpillFPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::fillInt32ToInteger):
(JSC::DFG::JITCompiler::fillToJS):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasConstant):
(JSC::DFG::Node::hasIdentifier):
(JSC::DFG::Node::hasMethodCheckData):
(JSC::DFG::Node::methodCheckDataIndex):
(JSC::DFG::Node::valueOfJSConstant):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
(JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_method_check):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_method_check):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::structureAddress):
2011-09-15 Adam Barth <abarth@webkit.org>
Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE)
https://bugs.webkit.org/show_bug.cgi?id=68205
Reviewed by Eric Seidel.
* Configurations/FeatureDefines.xcconfig:
* wtf/Platform.h:
2011-09-15 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (7/7)
https://bugs.webkit.org/show_bug.cgi?id=68122
Reviewed by Geoffrey Garen.
Completed the seventh and final level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.
JSCallbackObject was missed in previous patches due to the fact that
it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so
this is just a bit of retroactive cleanup.
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::create):
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
2011-09-15 Filip Pizlo <fpizlo@apple.com>
The DFG non-speculative JIT is no longer used and should be removed.
https://bugs.webkit.org/show_bug.cgi?id=68177
Reviewed by Geoffrey Garen.
This removes the non-speculative JIT and everything that relied on it,
including the ability to turn on DFG but not tiered compilation the,
ability to perform speculation failure into non-speculative JIT code,
and the ability to statically terminate speculation.
* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitLoopHint):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::getStrongPrediction):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGGenerationInfo.h:
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGJITCodeGenerator.cpp:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::compileBody):
* dfg/DFGJITCompiler.h:
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp: Removed.
* dfg/DFGNonSpeculativeJIT.h: Removed.
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGPropagator.cpp:
* dfg/DFGPropagator.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::osrExits):
(JSC::DFG::SpeculativeJIT::speculationRecovery):
(JSC::DFG::SpeculativeJIT::speculationCheck):
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompile):
* jit/JIT.h:
* jit/JITCode.h:
(JSC::JITCode::bottomTierJIT):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h:
* wtf/Platform.h:
2011-09-15 Eric Seidel <eric@webkit.org>
Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default
https://bugs.webkit.org/show_bug.cgi?id=68182
Reviewed by Adam Barth.
* Configurations/FeatureDefines.xcconfig:
2011-09-15 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT sometimes asserts that a value is not a number
even when it doesn't know anything about the number
https://bugs.webkit.org/show_bug.cgi?id=68189
Reviewed by Oliver Hunt.
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::isUnknownJS):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownNotNumber):
2011-09-15 Filip Pizlo <fpizlo@apple.com>
All of the functionality in the non-speculative JIT should be
available to the speculative JIT via helper methods
https://bugs.webkit.org/show_bug.cgi?id=68186
Reviewed by Oliver Hunt.
Stole all of the goodness from NonSpeculativeJIT and placed it
in JITCodeGenerator. Left all of the badness (i.e. subtle code
duplication with SpeculativeJIT, etc). This is in preparation
for removing the NonSpeculativeJIT entirely, but having its
goodness available for reuse in the SpeculativeJIT if necessary.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
(JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
(JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
(JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::nonSpeculativeAdd):
(JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r95167.
http://trac.webkit.org/changeset/95167
https://bugs.webkit.org/show_bug.cgi?id=68191
Patch needs further work. (Requested by mhahnenberg on
#webkit).
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
(JSC::JSCell::toBoolean):
* runtime/JSCell.h:
(JSC::JSCell::JSValue::toBoolean):
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::toBoolean):
* runtime/JSNotAnObject.h:
* runtime/JSObject.h:
* runtime/JSString.h:
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::toBoolean):
2011-09-15 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix for platforms that expect a linkable symbol
for primitive static const's.
* bytecode/CodeBlock.h:
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
2011-09-15 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix for assertion on existence of alternative
CodeBlock.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
2011-09-14 Filip Pizlo <fpizlo@apple.com>
Value profiles collect no information for global variables
https://bugs.webkit.org/show_bug.cgi?id=68143
Reviewed by Geoffrey Garen.
17% speed-up on string-fasta. Neutral elsewhere.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getStrongPrediction):
(JSC::DFG::ByteCodeParser::stronglyPredict):
(JSC::DFG::ByteCodeParser::parseBlock):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_global_var):
2011-09-15 Eric Seidel <eric@webkit.org>
Remove ENABLE_SVG_ANIMATION as all major ports have it on by default
https://bugs.webkit.org/show_bug.cgi?id=68022
Reviewed by Ryosuke Niwa.
* Configurations/FeatureDefines.xcconfig:
2011-09-15 Gavin Barraclough <barraclough@apple.com>
Ooops, revert accidentally commited unreviewed changes.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jtrue):
* jit/JSInterfaceJIT.h:
* runtime/JSValue.h:
2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r95163.
http://trac.webkit.org/changeset/95163
https://bugs.webkit.org/show_bug.cgi?id=68180
[Qt] The QT_GCC_X variables were removed in Qt5 by accident.
(Requested by darktears on #webkit).
* JavaScriptCore.pro:
2011-09-15 Gavin Barraclough <barraclough@apple.com>
Windows build fix p1.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jtrue):
* jit/JSInterfaceJIT.h:
* runtime/JSValue.h:
2011-09-14 Filip Pizlo <fpizlo@apple.com>
Tiered compilation should be enabled by default on platforms
that support the DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=68136
Reviewed by Sam Weinig.
Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on
Kraken. Large progressions on some benchmarks, including
3x on imaging-desaturate.
* wtf/Platform.h:
2011-09-15 Gavin Barraclough <barraclough@apple.com>
devirtualize preventExtensions
https://bugs.webkit.org/show_bug.cgi?id=68176
Reviewed by Oliver Hunt.
This is virtual due to problems in JSFunction putting the prototype
property, but we can fix this problem a different way, just setting
the checkReadOnly flag to false in the put.
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSFunction.h:
* runtime/JSObject.h:
2011-09-15 Geoffrey Garen <ggaren@apple.com>
Value chaining for JSValue32_64 bitops.
Reviewed by Sam Weinig.
SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto).
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores
that can chain their results, which is the common case.
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_lshift):
(JSC::JIT::emitRightShift):
(JSC::JIT::emit_op_bitand):
(JSC::JIT::emit_op_bitor):
(JSC::JIT::emit_op_bitxor):
(JSC::JIT::emit_op_bitnot):
(JSC::JIT::emit_op_pre_inc):
(JSC::JIT::emit_op_pre_dec): Deployed new function.
(JSC::JIT::emit_op_post_inc):
(JSC::JIT::emit_op_post_dec): Had to reorder these functions so they
computed their result values last, to make them elligible for chaining.
2011-09-15 Adam Roben <aroben@apple.com>
Clang build fix after r95172
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
(JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
Added parentheses to make precendence clear.
2011-09-14 Filip Pizlo <fpizlo@apple.com>
DFG does not speculate aggressively enough on comparisons
https://bugs.webkit.org/show_bug.cgi?id=68138
Reviewed by Oliver Hunt.
This is a 75% speed-up on Kraken/ai-astar. It's a 1% win on
V8 and an 8.5% win on Kraken. Neutral on SunSpider.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compare):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
(JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
(JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
(JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
2011-09-14 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not leverage integer speculations on branches
https://bugs.webkit.org/show_bug.cgi?id=68140
Reviewed by Oliver Hunt.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isStrictInt32):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-14 Gavin Barraclough <barraclough@apple.com>
[n]stricteq code is bogus in JSValue32_64 JIT
https://bugs.webkit.org/show_bug.cgi?id=68141
Reviewed by Sam Weinig.
The code tries to check for both ints or cells, but this check also
catches cases where values that are undefined, null, etc (probably
was incorrectly assuming cell was the 2nd highest tag?).
Also, there is no need not to handle int on the fast path.
stricteq is just a case of comparing the payloads, if we:
* handle cases of differing tags on a slow path
* handle doubles a slow path
* handle both-are-string on a slow path
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emitSlow_op_stricteq):
(JSC::JIT::emitSlow_op_nstricteq):
2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
Make JSCell::toBoolean non-virtual
https://bugs.webkit.org/show_bug.cgi?id=67727
Reviewed by Sam Weinig.
JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
before it was simply virtual and would crash if its implementation was called).
Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
explicitly covers all cases of toBoolean, so having a virtual implementation of
JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSNotAnObject.cpp:
* runtime/JSNotAnObject.h:
* runtime/JSObject.h:
* runtime/JSString.h:
(JSC::JSCell::toBoolean):
(JSC::JSValue::toBoolean):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
2011-09-14 Alexis Menard <alexis.menard@openbossa.org>
[Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore.
https://bugs.webkit.org/show_bug.cgi?id=68114
Reviewed by Kenneth Rohde Christiansen.
Use the new GCC_X variables defined in WebKit.pri to replace
the usage of QT_GCC_X.
* JavaScriptCore.pro:
2011-09-14 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r95145.
http://trac.webkit.org/changeset/95145
https://bugs.webkit.org/show_bug.cgi?id=68139
The GTK+ build is working now, so revert this trial build fix.
(Requested by mrobinson on #webkit).
* GNUmakefile.list.am:
2011-09-14 Patrick Gansterer <paroga@webkit.org>
Port MachineStackMarker to Windows ARM and MIPS
https://bugs.webkit.org/show_bug.cgi?id=68068
Reviewed by Geoffrey Garen.
Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS).
Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for
CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for
CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS).
* heap/MachineStackMarker.cpp:
(JSC::getPlatformThreadRegisters):
(JSC::otherThreadStackPointer):
2011-09-12 Filip Pizlo <fpizlo@apple.com>
DFG JIT always speculates that ValueAdd is a numeric addition
https://bugs.webkit.org/show_bug.cgi?id=67956
Reviewed by Geoffrey Garen.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownNotNumber):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
2011-09-14 Anders Carlsson <andersca@apple.com>
Stop building BinarySemaphore to see if that's what's breaking the GTK+ build.
* GNUmakefile.list.am:
2011-09-14 Anders Carlsson <andersca@apple.com>
This is getting old. Yet another build fix attempt.
* JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
2011-09-14 Anders Carlsson <andersca@apple.com>
Yet another build fix attempt.
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2011-09-14 Anders Carlsson <andersca@apple.com>
How I &quot;love&quot; Visual Studio...
Try to fix build again.
* JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
2011-09-14 Anders Carlsson <andersca@apple.com>
Try to fix Windows build.
* JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
2011-09-14 Anders Carlsson <andersca@apple.com>
Add BinarySemaphore class from WebKit2 to WTF
https://bugs.webkit.org/show_bug.cgi?id=68132
Reviewed by Sam Weinig.
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
Update build systems.
* wtf/threads: Added.
* wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp.
* wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h.
* wtf/threads/win: Added.
* wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp.
2011-09-14 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix for Interpreter.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
2011-09-14 Anders Carlsson <andersca@apple.com>
Add wtf/threads and wtf/threads/win, so we can be sure that the EWS
bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132
Rubber-stamped by Sam Weinig.
* wtf/threads: Added.
* wtf/threads/win: Added.
2011-09-14 Filip Pizlo <fpizlo@apple.com>
DFG JIT should not speculate integer if the value is always going to be
used as a double anyway
https://bugs.webkit.org/show_bug.cgi?id=68127
Reviewed by Oliver Hunt.
Added a ValueToDouble node, which is a variant of ValueToNumber that
hints that it will only be used as a double and never as an integer.
Thus, it turns off integer speculation even if the value profiler
told us that the value source is an int. The logic for converting a
ValueToNumber into a ValueToDouble is found in Propagator.
This appears to be a 22% speed-up in imaging-darkroom.
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::toDouble):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::fixup):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2011-09-14 Filip Pizlo <fpizlo@apple.com>
Tiered compilation heuristics do not account for value profile fullness
https://bugs.webkit.org/show_bug.cgi?id=68116
Reviewed by Oliver Hunt.
Tiered compilation avoids invoking the DFG JIT if it finds that value
profiles contain insufficient information. Instead, it produces a
prediction from the current value profile, and then clears the value
profile. This allows the value profile to heat up from scratch for
some number of additional executions. The new profiles will then be
merged with the previous prediction. Once the amount of information
in predictions is enough according to heuristics in CodeBlock.cpp,
DFG optimization is allowed to proceed.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::visitWeakReferences):
(JSC::CodeBlock::shouldOptimizeNow):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/CodeBlock.h:
* bytecode/PredictedType.cpp:
(JSC::predictionToString):
* bytecode/PredictedType.h:
* bytecode/ValueProfile.cpp: Added.
(JSC::ValueProfile::computeStatistics):
(JSC::ValueProfile::computeUpdatedPrediction):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::ValueProfile):
(JSC::ValueProfile::classInfo):
(JSC::ValueProfile::numberOfSamples):
(JSC::ValueProfile::totalNumberOfSamples):
(JSC::ValueProfile::isLive):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfBooleans):
(JSC::ValueProfile::dump):
(JSC::getValueProfileBytecodeOffset):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::stronglyPredict):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
2011-09-14 Filip Pizlo <fpizlo@apple.com>
DFG should not speculate that the child of LogicalNot is a boolean if
predictions tell us otherwise
https://bugs.webkit.org/show_bug.cgi?id=68118
Reviewed by Geoffrey Garen.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-09-14 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix. Turn off tiered compilation.
* wtf/Platform.h:
2011-09-13 Filip Pizlo <fpizlo@apple.com>
Prediction tracking is not precise enough
https://bugs.webkit.org/show_bug.cgi?id=67993
Reviewed by Oliver Hunt.
Added a richer set of type predictions, including JSFinalObject, JSString,
object that is not a JSFinalObject or JSArray (ObjectOther), some object
but we don't or care know what kind (SomeObject), definitely an object,
cell that is not an object or JSString, an value that is none of the above
(so either Undefined or Null). Made the propagator and value profiler work
with the new types.
Performance is neutral, because the DFG JIT does not take advantage of this
new knowledge yet.
In the process of writing predictionToString() (which is now considerably
more complex) I decided to finally add a BoundsCheckedPointer, which
should come in handy in other places, like at least the OSR scratch buffer
and the CompactJITCodeMap. It's great for cases where you want to
do pointer arithmetic, you want to have assertions about the
pointer not going out of bounds, but you don't want to write those
assertions yourself.
This also required refactoring inherits(), since the ValueProfiler may
want to do the equivalent of inherits() but given two ClassInfo's.
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/PredictedType.cpp: Added.
(JSC::predictionToString):
(JSC::makePrediction):
(JSC::predictionFromValue):
* bytecode/PredictedType.h:
(JSC::isCellPrediction):
(JSC::isObjectPrediction):
(JSC::isFinalObjectPrediction):
(JSC::isStringPrediction):
(JSC::mergePredictions):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::numberOfObjects):
(JSC::ValueProfile::numberOfFinalObjects):
(JSC::ValueProfile::numberOfStrings):
(JSC::ValueProfile::probabilityOfObject):
(JSC::ValueProfile::probabilityOfFinalObject):
(JSC::ValueProfile::probabilityOfString):
(JSC::ValueProfile::dump):
(JSC::ValueProfile::Statistics::Statistics):
(JSC::ValueProfile::computeStatistics):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::stronglyPredict):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGNode.h:
(JSC::DFG::Node::predict):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNode):
* runtime/ClassInfo.h:
(JSC::ClassInfo::isSubClassOf):
* runtime/JSObject.h:
(JSC::JSCell::inherits):
* wtf/BoundsCheckedPointer.h: Added.
(WTF::BoundsCheckedPointer::BoundsCheckedPointer):
(WTF::BoundsCheckedPointer::operator=):
(WTF::BoundsCheckedPointer::operator+=):
(WTF::BoundsCheckedPointer::operator-=):
(WTF::BoundsCheckedPointer::operator+):
(WTF::BoundsCheckedPointer::operator-):
(WTF::BoundsCheckedPointer::operator++):
(WTF::BoundsCheckedPointer::operator--):
(WTF::BoundsCheckedPointer::operator<):
(WTF::BoundsCheckedPointer::operator<=):
(WTF::BoundsCheckedPointer::operator>):
(WTF::BoundsCheckedPointer::operator>=):
(WTF::BoundsCheckedPointer::operator==):
(WTF::BoundsCheckedPointer::operator!=):
(WTF::BoundsCheckedPointer::operator!):
(WTF::BoundsCheckedPointer::get):
(WTF::BoundsCheckedPointer::operator*):
(WTF::BoundsCheckedPointer::operator[]):
(WTF::BoundsCheckedPointer::strcat):
(WTF::BoundsCheckedPointer::validate):
* wtf/CMakeLists.txt:
2011-09-14 Csaba Osztrogonác <ossy@webkit.org>
[Qt] Win32 builds with threads turned off
https://bugs.webkit.org/show_bug.cgi?id=67864
Reviewed by Geoffrey Garen.
* JavaScriptCore.pri: Link pthread library on Windows platform.
* wtf/Platform.h: Enable multiple threads.
2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (6/7)
https://bugs.webkit.org/show_bug.cgi?id=67692
Reviewed by Geoffrey Garen.
Completed the sixth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.
This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the fifth level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one. Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::JSCallbackFunction):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::create):
* jsc.cpp:
(GlobalObject::create):
(GlobalObject::GlobalObject):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::create):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
* runtime/BooleanConstructor.h:
(JSC::BooleanConstructor::create):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::create):
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
* runtime/DateConstructor.h:
(JSC::DateConstructor::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
* runtime/DatePrototype.h:
(JSC::DatePrototype::create):
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
(JSC::StrictModeTypeErrorFunction::create):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
* runtime/ErrorConstructor.h:
(JSC::ErrorConstructor::create):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
* runtime/FunctionConstructor.h:
(JSC::FunctionConstructor::create):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::create):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::finishCreation):
* runtime/NativeErrorPrototype.h:
(JSC::NativeErrorPrototype::create):
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::create):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::create):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::create):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::create):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::create):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
* runtime/StringConstructor.h:
(JSC::StringConstructor::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::create):
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
(JSC::StringPrototype::create):
2011-09-13 Eric Seidel <eric@webkit.org>
Remove ENABLE_SVG_USE as <use> is required by HTML5
https://bugs.webkit.org/show_bug.cgi?id=68019
Reviewed by Ryosuke Niwa.
* Configurations/FeatureDefines.xcconfig:
2011-09-14 Iain Merrick <husky@google.com>
HashTraits.h should include template specialization for WTF::String
https://bugs.webkit.org/show_bug.cgi?id=67851
Ensure that the template specialization for HashTraits<String> is always
picked up. (Previously it was possible to include HashSet and String but
not the correct HashTraits, so you would get an inefficient template
instantiation.)
Reviewed by Darin Adler.
* wtf/HashTraits.h:
* wtf/text/StringHash.h:
2011-09-13 Filip Pizlo <fpizlo@apple.com>
SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should
return false if either node can be double
https://bugs.webkit.org/show_bug.cgi?id=67985
Reviewed by Geoffrey Garen.
This is a 17% speed-up on 3d-cube.
This required allowing us to check if a constant is double but not
integer, and making the shouldSpeculateInteger() check test for
any hints of doubly-ness in its operands. This also required
changing some terminology: previously "isDouble" often meant
"isDouble or isInt32". Now "isDouble" means exactly what the name
suggests, and "isNumber" means "isDouble or isInt32".
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::toNumber):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::isJSFormat):
(JSC::DFG::isJSInteger):
(JSC::DFG::isJSDouble):
(JSC::DFG::isJSCell):
(JSC::DFG::isJSBoolean):
(JSC::DFG::GenerationInfo::isJSFormat):
(JSC::DFG::GenerationInfo::isJSInteger):
(JSC::DFG::GenerationInfo::isJSDouble):
(JSC::DFG::GenerationInfo::isJSCell):
(JSC::DFG::GenerationInfo::isJSBoolean):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::isNumberConstant):
(JSC::DFG::Graph::valueOfNumberConstant):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::isKnownInteger):
(JSC::DFG::JITCodeGenerator::isKnownNumeric):
(JSC::DFG::JITCodeGenerator::isKnownCell):
(JSC::DFG::JITCodeGenerator::isKnownNotInteger):
(JSC::DFG::JITCodeGenerator::isKnownBoolean):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::isNumberConstant):
(JSC::DFG::JITCodeGenerator::valueOfNumberConstant):
(JSC::DFG::JITCodeGenerator::initConstantInfo):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::fillToJS):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::isNumberConstant):
(JSC::DFG::JITCompiler::valueOfNumberConstant):
* dfg/DFGNode.h:
(JSC::DFG::Node::isDoubleConstant):
(JSC::DFG::Node::isNumberConstant):
(JSC::DFG::Node::valueOfNumberConstant):
(JSC::DFG::Node::hasNumberResult):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isInteger):
(JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
(JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
(JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2011-09-13 Anders Carlsson <andersca@apple.com>
Disable C++ exceptions when building with clang
https://bugs.webkit.org/show_bug.cgi?id=68031
<rdar://problem/9556880>
Reviewed by Mark Rowe.
* Configurations/Base.xcconfig:
2011-09-13 Eric Seidel <eric@webkit.org>
Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5
https://bugs.webkit.org/show_bug.cgi?id=68018
Reviewed by Ryosuke Niwa.
* Configurations/FeatureDefines.xcconfig:
2011-09-13 Sam Weinig <sam@webkit.org>
Object.getPrototypeOf should use JSValue::get()
https://bugs.webkit.org/show_bug.cgi?id=67973
Reviewed by Darin Adler.
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetPrototypeOf):
Pipe through JSValue::get() to allow overrides.
2011-09-12 Filip Pizlo <fpizlo@apple.com>
JavaScriptCore does not have baseline->speculative OSR
https://bugs.webkit.org/show_bug.cgi?id=67920
Reviewed by Oliver Hunt.
This adds the ability to on-stack-replace (OSR) from code that is
running hot in the old JIT to code compiled by the new JIT. This
ensures that long-running loops benefit from DFG optimization.
It also ensures that if code experiences a speculation failure
in DFG code, it has an opportunity to reenter the DFG once every
1,000 loop iterations or so.
This results in a 2.88x speed-up on Kraken/imaging-desaturate,
and is a pure win on the main three benchmark suites (SunSpider,
V8, Kraken), when tiered compilation is enabled.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::CodeBlock):
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::compileOptimized):
* bytecode/CodeBlock.h:
* bytecode/Opcode.h:
* bytecode/PredictedType.h: Added.
(JSC::isCellPrediction):
(JSC::isArrayPrediction):
(JSC::isInt32Prediction):
(JSC::isDoublePrediction):
(JSC::isNumberPrediction):
(JSC::isBooleanPrediction):
(JSC::isStrongPrediction):
(JSC::predictionToString):
(JSC::mergePredictions):
(JSC::mergePrediction):
(JSC::makePrediction):
* bytecode/PredictionTracker.h: Added.
(JSC::operandIsArgument):
(JSC::PredictionSlot::PredictionSlot):
(JSC::PredictionTracker::PredictionTracker):
(JSC::PredictionTracker::initializeSimilarTo):
(JSC::PredictionTracker::copyLocalsFrom):
(JSC::PredictionTracker::numberOfArguments):
(JSC::PredictionTracker::numberOfVariables):
(JSC::PredictionTracker::argumentIndexForOperand):
(JSC::PredictionTracker::predictArgument):
(JSC::PredictionTracker::predict):
(JSC::PredictionTracker::predictGlobalVar):
(JSC::PredictionTracker::getArgumentPrediction):
(JSC::PredictionTracker::getPrediction):
(JSC::PredictionTracker::getGlobalVarPrediction):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitLoopHint):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::DoWhileNode::emitBytecode):
(JSC::WhileNode::emitBytecode):
(JSC::ForNode::emitBytecode):
(JSC::ForInNode::emitBytecode):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::getPrediction):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::noticeOSREntry):
* dfg/DFGNode.h:
* dfg/DFGOSREntry.cpp: Added.
(JSC::DFG::predictionIsValid):
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntry.h: Added.
(JSC::DFG::prepareOSREntry):
* dfg/DFGPredictionTracker.h: Removed.
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::mergeUse):
(JSC::DFG::Propagator::mergePrediction):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/CompactJITCodeMap.h:
(JSC::CompactJITCodeMap::numberOfEntries):
(JSC::CompactJITCodeMap::decode):
(JSC::CompactJITCodeMap::Decoder::Decoder):
(JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining):
(JSC::CompactJITCodeMap::Decoder::read):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
(JSC::JIT::emitTimeoutCheck):
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
(JSC::JIT::emit_op_loop_hint):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
2011-09-12 Sam Weinig <sam@webkit.org>
Don't allow setting __proto__ to be a getter or setter
https://bugs.webkit.org/show_bug.cgi?id=67982
Reviewed by Gavin Barraclough.
* runtime/JSObject.cpp:
(JSC::JSObject::defineGetter):
(JSC::JSObject::defineSetter):
Disallow setting a getter or setter on __proto__.
2011-09-12 James Robinson <jamesr@chromium.org>
Unreviewed build fix for chromium.
Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which
is currently only compiled in by ports that use JavaScriptCore. This code is currently unreachable in builds so
no change in functionality.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::CharAccess::CharAccess):
2011-09-09 Filip Pizlo <fpizlo@apple.com>
JavaScriptCore does not have speculative->baseline OSR
https://bugs.webkit.org/show_bug.cgi?id=67826
Reviewed by Oliver Hunt.
This adds the ability to bail out of DFG speculative JIT execution by
performing an on-stack replacement (OSR) that results in the control
flow going to the equivalent code generated by the old JIT.
This required a number of new features, as well as taking advantage of
some features that happened to already be present:
We already had a policy of storing the bytecode index for which a DFG
node was generated inside the DFG::Node class. This was previously
called exceptionInfo. It's now renamed to codeOrigin to reflect that
it's used for more than just excpetions. OSR uses this to figure out
which bytecode index to use to look up the machine code location in
the code generated by the old JIT that we should be jumping to.
CodeBlock now stores a mapping between bytecode indices and machine
code offsets for code generated by the old JIT. This is implemented
by CompactJITCodeMap, which tries to compress this data a bit. The
OSR compiler decodes this and uses it to find the machine code
locations it should be jumping to.
We already had a mechanism that emitted SetLocal nodes in the DFG graph
that told us the time at which the old JIT would have stored something
into its register file, and the DFG::Node that corresponds to the value
that it would have stored. These SetLocal's were mostly dead-code-
eliminated, but our DCE leaves the nodes intact except for making them
have 0 as the ref count. This allows the OSR compiler to construct a
mapping between the state as it would have been seen by the old JIT
and the state as the DFG JIT sees it. The OSR compiler uses this to
generate code that reshapes the call frame so that it is like what the
old JIT would expect.
Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION)
we no longer emit the non-speculative path.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::currentCodeOrigin):
(JSC::DFG::ByteCodeParser::addToGraph):
* dfg/DFGGPRInfo.h:
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::alive):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::CallRecord::CallRecord):
(JSC::DFG::JITCompiler::notifyCall):
(JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
(JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
(JSC::DFG::JITCompiler::addJSCall):
(JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
* dfg/DFGNode.h:
(JSC::DFG::CodeOrigin::CodeOrigin):
(JSC::DFG::CodeOrigin::isSet):
(JSC::DFG::CodeOrigin::bytecodeIndex):
(JSC::DFG::Node::Node):
(JSC::DFG::Node::child1Unchecked):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueSource::dump):
(JSC::DFG::ValueRecovery::dump):
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileMovHint):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueSource::ValueSource):
(JSC::DFG::ValueSource::isSet):
(JSC::DFG::ValueSource::nodeIndex):
(JSC::DFG::ValueRecovery::ValueRecovery):
(JSC::DFG::ValueRecovery::alreadyInRegisterFile):
(JSC::DFG::ValueRecovery::inGPR):
(JSC::DFG::ValueRecovery::inFPR):
(JSC::DFG::ValueRecovery::displacedInRegisterFile):
(JSC::DFG::ValueRecovery::constant):
(JSC::DFG::ValueRecovery::technique):
(JSC::DFG::ValueRecovery::gpr):
(JSC::DFG::ValueRecovery::fpr):
(JSC::DFG::ValueRecovery::virtualRegister):
(JSC::DFG::OSRExit::numberOfRecoveries):
(JSC::DFG::OSRExit::valueRecovery):
(JSC::DFG::OSRExit::isArgument):
(JSC::DFG::OSRExit::argumentForIndex):
(JSC::DFG::OSRExit::variableForIndex):
(JSC::DFG::OSRExit::operandForIndex):
(JSC::DFG::SpeculativeJIT::osrExits):
(JSC::DFG::SpeculativeJIT::speculationCheck):
(JSC::DFG::SpeculativeJIT::valueSourceForOperand):
(JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
(JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
(JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* jit/CompactJITCodeMap.h: Added.
(JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset):
(JSC::BytecodeAndMachineOffset::getBytecodeIndex):
(JSC::BytecodeAndMachineOffset::getMachineCodeOffset):
(JSC::CompactJITCodeMap::~CompactJITCodeMap):
(JSC::CompactJITCodeMap::decode):
(JSC::CompactJITCodeMap::CompactJITCodeMap):
(JSC::CompactJITCodeMap::at):
(JSC::CompactJITCodeMap::decodeNumber):
(JSC::CompactJITCodeMap::Encoder::Encoder):
(JSC::CompactJITCodeMap::Encoder::~Encoder):
(JSC::CompactJITCodeMap::Encoder::append):
(JSC::CompactJITCodeMap::Encoder::finish):
(JSC::CompactJITCodeMap::Encoder::appendByte):
(JSC::CompactJITCodeMap::Encoder::encodeNumber):
(JSC::CompactJITCodeMap::Encoder::ensureCapacityFor):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompile):
* jit/JIT.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::osrScratchBufferForSize):
* runtime/JSValue.cpp:
(JSC::JSValue::description):
2011-09-12 Geoffrey Garen <ggaren@apple.com>
Re-enabled ENABLE(LAZY_BLOCK_FREEING).
Reviewed by Stephanie Lewis.
I accidentally disabled this in r94890, causing a big performance regression.
* wtf/Platform.h:
2011-09-12 Michael Saboff <msaboff@apple.com>
Broken Build for ARM - lshift32() needs TrustedImm32 arg
https://bugs.webkit.org/show_bug.cgi?id=67965
Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1);
Reviewed by Anders Carlsson.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::branch16):
2011-09-12 Michael Saboff <msaboff@apple.com>
Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h
https://bugs.webkit.org/show_bug.cgi?id=67961
Added missing semicolon.
Reviewed by Ryosuke Niwa.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::branch16):
2011-09-12 Michael Saboff <msaboff@apple.com>
Update RegExp and related classes to use 8 bit strings when available
https://bugs.webkit.org/show_bug.cgi?id=67337
Modified both the Yarr interpreter and JIT to handle 8 bit subject strings.
The code paths are triggered by the UString::is8bit() method which currently
returns false. Implemented JIT changes for all current architectures.
Tested X86_64 and ARM v7.
This includes some code that will likely change as we complete the
8 bit string changes. This includes the way the raw buffer pointers
are accessed as well as replacing the CharAccess class with a
string interator returned from UString.
Fixed build breakage in testRegExp.cpp due to globalObject construction
changes.
Reviewed by Gavin Barraclough.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* testRegExp.cpp:
(GlobalObject::finishCreation):
(GlobalObject::GlobalObject):
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::baseIndexTransfer32):
* assembler/ARMAssembler.h:
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::ubfx):
(JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::load8):
(JSC::MacroAssemblerARM::branch8):
(JSC::MacroAssemblerARM::branch16):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::load8):
(JSC::MacroAssemblerARMv7::branch16):
(JSC::MacroAssemblerARMv7::branch8):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::load8):
(JSC::MacroAssemblerMIPS::branch8):
(JSC::MacroAssemblerMIPS::branch16):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::load8):
(JSC::MacroAssemblerSH4::branch8):
(JSC::MacroAssemblerSH4::branch16):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::load8):
(JSC::MacroAssemblerX86Common::branch16):
(JSC::MacroAssemblerX86Common::branch8):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::extub):
(JSC::SH4Assembler::printInstr):
* assembler/X86Assembler.h:
(JSC::X86Assembler::cmpw_ir):
(JSC::X86Assembler::movzbl_mr):
* runtime/RegExp.cpp:
(JSC::RegExp::compile):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::match):
(JSC::RegExp::matchCompareWithInterpreter):
* runtime/RegExp.h:
* runtime/UString.h:
(JSC::UString::is8Bit):
* yarr/Yarr.h:
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::CharAccess::CharAccess):
(JSC::Yarr::Interpreter::CharAccess::~CharAccess):
(JSC::Yarr::Interpreter::CharAccess::operator[]):
(JSC::Yarr::Interpreter::InputStream::InputStream):
(JSC::Yarr::Interpreter::Interpreter):
(JSC::Yarr::interpret):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
(JSC::Yarr::YarrGenerator::readCharacter):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
(JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
(JSC::Yarr::YarrGenerator::YarrGenerator):
(JSC::Yarr::YarrGenerator::compile):
(JSC::Yarr::jitCompile):
(JSC::Yarr::execute):
* yarr/YarrJIT.h:
(JSC::Yarr::YarrCodeBlock::has8BitCode):
(JSC::Yarr::YarrCodeBlock::has16BitCode):
(JSC::Yarr::YarrCodeBlock::set8BitCode):
(JSC::Yarr::YarrCodeBlock::set16BitCode):
(JSC::Yarr::YarrCodeBlock::execute):
* yarr/YarrParser.h:
(JSC::Yarr::Parser::Parser):
2011-09-12 Andras Becsi <andras.becsi@nokia.com>
[Qt] Build fails after r94920 with strict compiler
https://bugs.webkit.org/show_bug.cgi?id=67928
Reviewed by Csaba Osztrogonác.
* wtf/RedBlackTree.h:
(WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot.
2011-09-12 Patrick Gansterer <paroga@webkit.org>
Unreviewed build fix after r94871.
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* wtf/FastMalloc.cpp:
* wtf/RefCountedLeakCounter.h:
2011-09-11 Filip Pizlo <fpizlo@apple.com>
DFGNode.h has macros that indicate the enabling of a feature, but
they do not use the ENABLE() idiom.
https://bugs.webkit.org/show_bug.cgi?id=67907
Reviewed by Oliver Hunt.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::stronglyPredict):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGJITCodeGenerator.cpp:
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillInt32ToInteger):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::propagateForward):
(JSC::DFG::Propagator::propagateBackward):
(JSC::DFG::propagate):
* dfg/DFGScoreBoard.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
2011-09-11 Fumitoshi Ukai <ukai@chromium.org>
Unreviewed build fix for chromium/mac & clang.
Fix the macro redefinition error by r94927, because chromium set
ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
it is not PLATFORM(QT).
../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
#define ENABLE_JSC_MULTIPLE_THREADS 1
<command line>:43:9: note: previous definition is here
#define ENABLE_JSC_MULTIPLE_THREADS 0
1 error generated.
* wtf/Platform.h:
2011-09-11 Sam Weinig <sam@webkit.org>
Remove JSCell::isPropertyNameIterator(), it is unused
https://bugs.webkit.org/show_bug.cgi?id=67911
Reviewed by Oliver Hunt.
* runtime/JSCell.h:
* runtime/JSPropertyNameIterator.h:
2011-09-11 Sam Weinig <sam@webkit.org>
De-virtualize JSCell::isAPIValueWrapper
https://bugs.webkit.org/show_bug.cgi?id=67909
Reviewed by Oliver Hunt.
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
Set the correct type on structure creation.
* runtime/JSCell.h:
Remove virtual keyword and default implementation.
* runtime/JSType.h:
Add type for APIValueWrapper. It must come after CompoundType since
the APIValueWrapper has children in need of marking.
* runtime/Structure.h:
(JSC::JSCell::isAPIValueWrapper):
Implement predicate using type info.
2011-09-10 Sam Weinig <sam@webkit.org>
De-virtualize JSCell::isGetterSetter, type information is available for it
https://bugs.webkit.org/show_bug.cgi?id=67902
Reviewed by Dan Bernstein.
* runtime/GetterSetter.cpp:
* runtime/GetterSetter.h:
Remove override of isGetterSetter.
* runtime/JSCell.cpp:
* runtime/JSCell.h:
De-virtualize and remove silly base implementation.
* runtime/Structure.h:
(JSC::JSCell::isGetterSetter):
Use type info to determine getter-setter-hood.
2011-09-09 Oliver Hunt <oliver@apple.com>
Remove support for anonymous storage from jsobjects
https://bugs.webkit.org/show_bug.cgi?id=67881
Reviewed by Sam Weinig.
Remove all use of anonymous slots, essentially a mechanical change
in JavaScriptCore
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::createStructure):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::createStructure):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::createStructure):
* JavaScriptCore.exp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::createStructure):
* heap/MarkStack.cpp:
(JSC::MarkStack::validateValue):
* heap/MarkStack.h:
* runtime/Arguments.h:
(JSC::Arguments::createStructure):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::createStructure):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/BooleanObject.h:
(JSC::BooleanObject::createStructure):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::createStructure):
* runtime/DateConstructor.h:
(JSC::DateConstructor::createStructure):
* runtime/DateInstance.h:
(JSC::DateInstance::createStructure):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
* runtime/DatePrototype.h:
(JSC::DatePrototype::createStructure):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::createStructure):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::finishCreation):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::createStructure):
* runtime/ExceptionHelpers.h:
(JSC::InterruptedExecutionError::createStructure):
(JSC::TerminatedExecutionError::createStructure):
* runtime/Executable.h:
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::createStructure):
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/InternalFunction.h:
(JSC::InternalFunction::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSActivation.h:
(JSC::JSActivation::createStructure):
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::createStructure):
* runtime/JSCell.h:
* runtime/JSFunction.h:
(JSC::JSFunction::createStructure):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::finishCreation):
(JSC::JSGlobalObject::createStructure):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::createStructure):
* runtime/JSONObject.h:
(JSC::JSONObject::createStructure):
* runtime/JSObject.h:
(JSC::JSObject::createStructure):
(JSC::JSNonFinalObject::createStructure):
(JSC::JSFinalObject::createStructure):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::create):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::createStructure):
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::createStructure):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::createStructure):
* runtime/MathObject.h:
(JSC::MathObject::createStructure):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::createStructure):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::createStructure):
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::createStructure):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::createStructure):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::finishCreation):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::createStructure):
* runtime/RegExp.h:
(JSC::RegExp::createStructure):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::createStructure):
* runtime/RegExpObject.h:
(JSC::RegExpObject::createStructure):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::createStructure):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::createStructure):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::createStructure):
* runtime/StringConstructor.h:
(JSC::StringConstructor::createStructure):
* runtime/StringObject.h:
(JSC::StringObject::createStructure):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
(JSC::StringPrototype::createStructure):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::materializePropertyMap):
(JSC::Structure::addPropertyTransitionToExistingStructure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::removePropertyTransition):
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::getterSetterTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):
(JSC::Structure::get):
(JSC::Structure::putSpecificValue):
(JSC::Structure::remove):
(JSC::Structure::checkConsistency):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::propertyStorageSize):
(JSC::Structure::get):
* runtime/StructureChain.h:
(JSC::StructureChain::createStructure):
2011-09-11 Jarred Nicholls <jarred@sencha.com>
[Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
https://bugs.webkit.org/show_bug.cgi?id=67864
Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
Reviewed by Csaba Osztrogonác.
* wtf/Platform.h:
2011-09-11 Filip Pizlo <fpizlo@apple.com>
ARM and MIPS assemblers still refer to executable pools.
https://bugs.webkit.org/show_bug.cgi?id=67903
Reviewed by Csaba Osztrogonác.
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::executableCopy):
* assembler/ARMAssembler.h:
* assembler/AssemblerBufferWithConstantPool.h:
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::executableCopy):
2011-09-08 Filip Pizlo <fpizlo@apple.com>
The executable allocator makes it difficult to free individual
chunks of executable memory
https://bugs.webkit.org/show_bug.cgi?id=66363
Reviewed by Oliver Hunt.
Introduced a best-fit, balanced-tree based allocator. The allocator
required a balanced tree that does not allocate memory and that
permits the removal of individual nodes directly (as opposed to by
key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
Changed all references to executable code to use a reference counted
handle.
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::executableCopy):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::finalizeCode):
(JSC::LinkBuffer::linkCode):
* assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
(JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
(JSC::MacroAssemblerCodeRef::executableMemory):
(JSC::MacroAssemblerCodeRef::code):
(JSC::MacroAssemblerCodeRef::size):
(JSC::MacroAssemblerCodeRef::operator!):
* assembler/X86Assembler.h:
(JSC::X86Assembler::executableCopy):
(JSC::X86Assembler::X86InstructionFormatter::executableCopy):
* bytecode/CodeBlock.h:
* bytecode/Instruction.h:
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::tryBuildGetByIDProtoList):
(JSC::DFG::tryCachePutByID):
* jit/ExecutableAllocator.cpp:
(JSC::ExecutableAllocator::initializeAllocator):
(JSC::ExecutableAllocator::ExecutableAllocator):
(JSC::ExecutableAllocator::allocate):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::dumpProfile):
* jit/ExecutableAllocator.h:
(JSC::ExecutableAllocator::dumpProfile):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::ExecutableAllocator::initializeAllocator):
(JSC::ExecutableAllocator::ExecutableAllocator):
(JSC::ExecutableAllocator::isValid):
(JSC::ExecutableAllocator::underMemoryPressure):
(JSC::ExecutableAllocator::allocate):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::dumpProfile):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::JIT::compileCTIMachineTrampolines):
(JSC::JIT::compileCTINativeCall):
* jit/JITCode.h:
(JSC::JITCode::operator !):
(JSC::JITCode::addressForCall):
(JSC::JITCode::offsetOf):
(JSC::JITCode::execute):
(JSC::JITCode::start):
(JSC::JITCode::size):
(JSC::JITCode::getExecutableMemory):
(JSC::JITCode::HostFunction):
(JSC::JITCode::JITCode):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITStubs.cpp:
(JSC::JITThunks::JITThunks):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::getPolymorphicAccessStructureListSlot):
(JSC::JITThunks::ctiStub):
(JSC::JITThunks::hostFunctionStub):
* jit/JITStubs.h:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::finalize):
* jit/ThunkGenerators.cpp:
(JSC::charCodeAtThunkGenerator):
(JSC::charAtThunkGenerator):
(JSC::fromCharCodeThunkGenerator):
(JSC::sqrtThunkGenerator):
(JSC::floorThunkGenerator):
(JSC::ceilThunkGenerator):
(JSC::roundThunkGenerator):
(JSC::expThunkGenerator):
(JSC::logThunkGenerator):
(JSC::absThunkGenerator):
(JSC::powThunkGenerator):
* jit/ThunkGenerators.h:
* runtime/Executable.h:
(JSC::NativeExecutable::create):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::dumpSampleData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::getCTIStub):
* wtf/CMakeLists.txt:
* wtf/MetaAllocator.cpp: Added.
(WTF::MetaAllocatorHandle::MetaAllocatorHandle):
(WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
(WTF::MetaAllocatorHandle::shrink):
(WTF::MetaAllocator::MetaAllocator):
(WTF::MetaAllocator::allocate):
(WTF::MetaAllocator::currentStatistics):
(WTF::MetaAllocator::findAndRemoveFreeSpace):
(WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
(WTF::MetaAllocator::addFreshFreeSpace):
(WTF::MetaAllocator::debugFreeSpaceSize):
(WTF::MetaAllocator::addFreeSpace):
(WTF::MetaAllocator::incrementPageOccupancy):
(WTF::MetaAllocator::decrementPageOccupancy):
(WTF::MetaAllocator::roundUp):
(WTF::MetaAllocator::allocFreeSpaceNode):
(WTF::MetaAllocator::freeFreeSpaceNode):
(WTF::MetaAllocator::dumpProfile):
* wtf/MetaAllocator.h: Added.
(WTF::MetaAllocator::bytesAllocated):
(WTF::MetaAllocator::bytesReserved):
(WTF::MetaAllocator::bytesCommitted):
(WTF::MetaAllocator::dumpProfile):
(WTF::MetaAllocator::~MetaAllocator):
* wtf/MetaAllocatorHandle.h: Added.
* wtf/RedBlackTree.h: Added.
(WTF::RedBlackTree::Node::Node):
(WTF::RedBlackTree::Node::successor):
(WTF::RedBlackTree::Node::predecessor):
(WTF::RedBlackTree::Node::reset):
(WTF::RedBlackTree::Node::parent):
(WTF::RedBlackTree::Node::setParent):
(WTF::RedBlackTree::Node::left):
(WTF::RedBlackTree::Node::setLeft):
(WTF::RedBlackTree::Node::right):
(WTF::RedBlackTree::Node::setRight):
(WTF::RedBlackTree::Node::color):
(WTF::RedBlackTree::Node::setColor):
(WTF::RedBlackTree::RedBlackTree):
(WTF::RedBlackTree::insert):
(WTF::RedBlackTree::remove):
(WTF::RedBlackTree::findExact):
(WTF::RedBlackTree::findLeastGreaterThanOrEqual):
(WTF::RedBlackTree::findGreatestLessThanOrEqual):
(WTF::RedBlackTree::first):
(WTF::RedBlackTree::last):
(WTF::RedBlackTree::size):
(WTF::RedBlackTree::isEmpty):
(WTF::RedBlackTree::treeMinimum):
(WTF::RedBlackTree::treeMaximum):
(WTF::RedBlackTree::treeInsert):
(WTF::RedBlackTree::leftRotate):
(WTF::RedBlackTree::rightRotate):
(WTF::RedBlackTree::removeFixup):
* wtf/wtf.pri:
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::compile):
* yarr/YarrJIT.h:
(JSC::Yarr::YarrCodeBlock::execute):
(JSC::Yarr::YarrCodeBlock::getAddr):
2011-09-10 Sam Weinig <sam@webkit.org>
Remove JSC::isZombie() function, it did nothing and was called by no-one.
https://bugs.webkit.org/show_bug.cgi?id=67901
Reviewed by Andy Estes.
* JavaScriptCore.exp:
* runtime/JSCell.cpp:
* runtime/JSValue.h:
2011-09-10 Sam Weinig <sam@webkit.org>
Add isInterruptedExecutionException and isTerminatedExecutionException predicates
https://bugs.webkit.org/show_bug.cgi?id=67892
Reviewed by Andy "First Time Reviewer" Estes.
* JavaScriptCore.exp:
Add symbols.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
Use new predicates.
* runtime/ExceptionHelpers.cpp:
(JSC::createInterruptedExecutionException):
(JSC::isInterruptedExecutionException):
(JSC::createTerminatedExecutionException):
(JSC::isTerminatedExecutionException):
* runtime/ExceptionHelpers.h:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
Add predicates.
2011-09-10 Filip Pizlo <fpizlo@apple.com>
DFG JIT completely undoes speculative compilation even in the case of
a partial static speculation failure
https://bugs.webkit.org/show_bug.cgi?id=67798
Reviewed by Geoffrey Garen.
This is a regression with static speculation, so it is turned off by
default. But it is a necessary prerequisite for further work on
dynamic speculation.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::clearGenerationInfo):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
2011-09-09 Chris Marrin <cmarrin@apple.com>
requestAnimationFrame doesn't throttle on Mac
https://bugs.webkit.org/show_bug.cgi?id=67171
Reviewed by Simon Fraser.
Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
Currently only enabled for PLATFORM(MAC)
* wtf/Platform.h:
2011-09-09 Geoffrey Garen <ggaren@apple.com>
Reviewed by Dan Bernstein.
Removed ENABLE(SINGLE_THREADED) support, since it is always false
https://bugs.webkit.org/show_bug.cgi?id=67862
Next step toward making the baseline platform assumption that threads exist.
* wtf/wtf.pri:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
ThreadingNone.cpp, which was only compiled in single-threaded mode.
* wtf/Platform.h:
* wtf/ThreadSpecific.h:
(WTF::::destroy):
* wtf/qt/ThreadingQt.cpp: Removed now-dead code.
* wtf/ThreadingNone.cpp: Removed.
2011-09-09 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (5/7)
https://bugs.webkit.org/show_bug.cgi?id=67420
Reviewed by Geoffrey Garen.
Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.
This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one. Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::create):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::JSCallbackFunction):
(JSC::JSCallbackFunction::finishCreation):
* API/JSCallbackFunction.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
(JSC::::finishCreation):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::create):
* jsc.cpp:
(GlobalObject::finishCreation):
(GlobalObject::GlobalObject):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
(JSC::ArrayConstructor::finishCreation):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::create):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
(JSC::BooleanConstructor::finishCreation):
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/BooleanObject.h:
(JSC::BooleanObject::create):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
(JSC::BooleanPrototype::finishCreation):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
(JSC::DateConstructor::finishCreation):
* runtime/DateConstructor.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
* runtime/DateInstance.h:
(JSC::DateInstance::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
(JSC::DatePrototype::finishCreation):
* runtime/DatePrototype.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
(JSC::ErrorConstructor::finishCreation):
* runtime/ErrorConstructor.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
(JSC::FunctionConstructor::finishCreation):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
(JSC::FunctionPrototype::finishCreation):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSString.cpp:
(JSC::StringObject::create):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::finishCreation):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::finishCreation):
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
(JSC::NumberConstructor::finishCreation):
* runtime/NumberConstructor.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
* runtime/NumberObject.h:
(JSC::NumberObject::create):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
(JSC::NumberPrototype::finishCreation):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
(JSC::ObjectConstructor::finishCreation):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
(JSC::RegExpConstructor::finishCreation):
(JSC::RegExpMatchesArray::RegExpMatchesArray):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::create):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
(JSC::StringConstructor::finishCreation):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
(JSC::StringPrototype::finishCreation):
* runtime/StringPrototype.h:
2011-09-09 Geoffrey Garen <ggaren@apple.com>
Build fix: Guard against double-#define for something already #defined
by the build system.
* wtf/Platform.h:
2011-09-09 Geoffrey Garen <ggaren@apple.com>
Reviewed by Dan Bernstein.
Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
!ENABLE_WTF_MULTIPLE_THREADS
https://bugs.webkit.org/show_bug.cgi?id=67860
First step toward making the baseline platform assumption that threads
exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
or !ENABLE_WTF_MULTIPLE_THREADS.
* wtf/Platform.h:
2011-09-09 Laszlo Gombos <laszlo.1.gombos@nokia.com>
[Qt] Remove common.pri
https://bugs.webkit.org/show_bug.cgi?id=67814
Reviewed by Andreas Kling.
* JavaScriptCore.pri:
2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
REGRESSION(r94811): Assertion failure in 2 worker tests
https://bugs.webkit.org/show_bug.cgi?id=67829
Reviewed by Sam Weinig.
Fixing a couple tests that were broken due to the wrong values being
set in the parent class pointers in the ClassInfo structs for
TerminatedExecutionError and InterruptedExecutionError.
* runtime/ExceptionHelpers.cpp:
2011-09-08 Oliver Hunt <oliver@apple.com>
Use bump allocator for initial property storage
https://bugs.webkit.org/show_bug.cgi?id=67494
Reviewed by Geoffrey Garen.
Use a bump allocator for initial allocation of property storage,
and promote to fastMalloc memory only if it survives a GC pass.
Comes out as a 1% win on v8, and is a useful step on the way to
GC allocation of all property storage.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp:
(JSC::Heap::collect):
* heap/Heap.h:
(JSC::Heap::allocatePropertyStorage):
(JSC::Heap::inPropertyStorageNursery):
* heap/MarkedBlock.h:
* heap/NewSpace.cpp:
(JSC::NewSpace::NewSpace):
* heap/NewSpace.h:
(JSC::NewSpace::resetPropertyStorageNursery):
(JSC::NewSpace::allocatePropertyStorage):
(JSC::NewSpace::inPropertyStorageNursery):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSC::JSObject::isUsingInlineStorage):
(JSC::JSObject::JSObject):
(JSC::JSObject::propertyStorage):
(JSC::JSObject::~JSObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::transitionTo):
(JSC::JSObject::visitChildrenDirect):
* runtime/StorageBarrier.h: Added.
(JSC::StorageBarrier::StorageBarrier):
(JSC::StorageBarrier::set):
(JSC::StorageBarrier::operator->):
(JSC::StorageBarrier::operator*):
(JSC::StorageBarrier::operator[]):
(JSC::StorageBarrier::get):
2011-09-08 Sam Weinig <sam@webkit.org>
Remove the Completion object from JSC, I have never liked it
https://bugs.webkit.org/show_bug.cgi?id=67755
Reviewed by Gavin Barraclough.
- Removes the Completion object and replaces its use with out parameter exceptions.
- Remove ComplType and virtual exceptionType() function on JSObject. Replace with
ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
* jsc.cpp:
(functionLoad):
(functionCheckSyntax):
(runWithScripts):
(runInteractive):
* runtime/Completion.cpp:
(JSC::checkSyntax):
(JSC::evaluate):
* runtime/Completion.h:
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::toString):
(JSC::TerminatedExecutionError::toString):
(JSC::createInterruptedExecutionException):
* runtime/ExceptionHelpers.h:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::InterruptedExecutionError::create):
(JSC::InterruptedExecutionError::createStructure):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
(JSC::TerminatedExecutionError::create):
(JSC::TerminatedExecutionError::createStructure):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSObject.h:
2011-09-08 Ryosuke Niwa <rniwa@webkit.org>
Build fix.
* dfg/DFGCapabilities.cpp:
2011-09-08 Filip Pizlo <fpizlo@apple.com>
Value profling and execution count profiling is performed even for
code that cannot be optimized
https://bugs.webkit.org/show_bug.cgi?id=67694
Reviewed by Gavin Barraclough.
This is a 2% speed-up on V8 when tiered compilation is enabled.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::ProgramCodeBlock::canCompileWithDFG):
(JSC::EvalCodeBlock::canCompileWithDFG):
(JSC::FunctionCodeBlock::canCompileWithDFG):
* bytecode/CodeBlock.h:
* dfg/DFGCapabilities.cpp: Added.
(JSC::DFG::canCompileOpcodes):
* dfg/DFGCapabilities.h: Added.
(JSC::DFG::mightCompileEval):
(JSC::DFG::mightCompileProgram):
(JSC::DFG::mightCompileFunctionForCall):
(JSC::DFG::mightCompileFunctionForConstruct):
(JSC::DFG::canCompileOpcode):
(JSC::DFG::canCompileEval):
(JSC::DFG::canCompileProgram):
(JSC::DFG::canCompileFunctionForCall):
(JSC::DFG::canCompileFunctionForConstruct):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::JIT::shouldEmitProfiling):
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
2011-09-08 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
https://bugs.webkit.org/show_bug.cgi?id=67840
Reviewed by Gavin Barraclough.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::initializeVariableTypes):
2011-09-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
https://bugs.webkit.org/show_bug.cgi?id=67771
Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
and patchOffsetGetByIdSlowCaseCall
and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
Reviewed by Gavin Barraclough.
* jit/JIT.h:
* wtf/dtoa/utils.h:
2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
Remove getUInt32 from JSCell
https://bugs.webkit.org/show_bug.cgi?id=67691
Reviewed by Oliver Hunt.
We don't use JSCell::getUInt32 anymore, so it has been removed.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
2011-09-07 Filip Pizlo <fpizlo@apple.com>
PPC build fix.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
2011-09-07 Oliver Hunt <oliver@apple.com>
Release mode build fix.
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::create):
2011-09-06 Oliver Hunt <oliver@apple.com>
Remove JSObjectWithGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=67689
Reviewed by Geoff Garen.
Remove JSObjectWithGlobalObject, and update code to stop using anonymous
storage to access the global object that a JSObject comes from. Largely
mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
(JSC::JSCallbackConstructor::finishCreation):
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.cpp:
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::create):
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
(JSC::::finishCreation):
(JSC::::staticFunctionGetter):
* API/JSClassRef.cpp:
(OpaqueJSClass::prototype):
* API/JSObjectRef.cpp:
(JSObjectMake):
(JSObjectGetPrivate):
(JSObjectSetPrivate):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):
* API/JSValueRef.cpp:
(JSValueIsObjectOfClass):
* API/JSWeakObjectMapRefPrivate.cpp:
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgRepatchGetMethodFast):
(JSC::DFG::tryCacheGetMethod):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateJSFunction):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::patchMethodCallProto):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/DatePrototype.cpp:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
(JSC::InternalFunction::finishCreation):
* runtime/InternalFunction.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::finishCreation):
* runtime/JSFunction.h:
(JSC::JSFunction::create):
(JSC::JSFunction::createStructure):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
(JSC::JSONObject::finishCreation):
* runtime/JSONObject.h:
* runtime/JSObject.h:
(JSC::JSObject::globalObject):
* runtime/JSObjectWithGlobalObject.cpp: Removed.
* runtime/JSObjectWithGlobalObject.h: Removed.
* runtime/JSValue.cpp:
(JSC::JSValue::isValidCallee):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
(JSC::MathObject::finishCreation):
* runtime/MathObject.h:
* runtime/NumberPrototype.cpp:
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
(JSC::RegExpObject::finishCreation):
* runtime/RegExpObject.h:
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::globalObject):
2011-09-07 Gavin Barraclough <barraclough@apple.com>
Refactor JIT checks for ObjectType into helper functions.
Rubber stamped by Sam Weinig.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::branchIfNotObject):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.h:
* jit/JITCall32_64.cpp:
(JSC::JIT::emit_op_ret_object_or_this):
* jit/JITInlineMethods.h:
(JSC::JIT::emitJumpIfNotObject):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emit_op_ret_object_or_this):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_create_this):
2011-09-07 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r94627 and r94632.
http://trac.webkit.org/changeset/94627
http://trac.webkit.org/changeset/94632
https://bugs.webkit.org/show_bug.cgi?id=67698
It broke tests on GTK and Qt (Requested by Ossy on #webkit).
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::create):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::JSCallbackFunction):
* API/JSCallbackFunction.h:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::create):
* debugger/DebuggerActivation.h:
* jsc.cpp:
(GlobalObject::constructorBody):
(GlobalObject::GlobalObject):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::create):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/BooleanObject.h:
(JSC::BooleanObject::create):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
* runtime/DateConstructor.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
* runtime/DateInstance.h:
(JSC::DateInstance::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
* runtime/DatePrototype.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
* runtime/ErrorConstructor.h:
(JSC::ErrorConstructor::create):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSString.cpp:
(JSC::StringObject::create):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::constructorBody):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::constructorBody):
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
* runtime/NumberConstructor.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
* runtime/NumberObject.h:
(JSC::NumberObject::create):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
(JSC::RegExpMatchesArray::RegExpMatchesArray):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::create):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
2011-09-06 Xianzhu Wang <wangxianzhu@chromium.org>
Replace usages of Vector<UChar> with existing StringBuilder
https://bugs.webkit.org/show_bug.cgi?id=67079
Reviewed by Gavin Barraclough.
This is part of work to support 8-bit string buffers.
Adds StringBuilder::characters() because the original Vector<UChar>::data()
is widely used.
Sets the minimum size of buffer to 16 to prevent possible performance
regression. Further performance investigation should be done in
https://bugs.webkit.org/show_bug.cgi?id=67084.
* wtf/Forward.h:
* wtf/text/StringBuilder.cpp:
(WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::operator[]):
(WTF::StringBuilder::characters): Added.
2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
Fix broken snow leopard build
https://bugs.webkit.org/show_bug.cgi?id=67693
Reviewed by Daniel Bates.
Removed unnecessary symbol export.
* JavaScriptCore.exp:
2011-09-06 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not optimize booleans
https://bugs.webkit.org/show_bug.cgi?id=67670
Reviewed by Gavin Barraclough.
This adds boolean value profiling, boolean prediction in the DFG,
boolean forward flow propagation in the DFGPropagator, boolean
data format in DFG generation info, and comprehensive optimizations
based on both boolean prediction and boolean generation info.
This is brings the speed-up on v8-richards to 12%, and gives slight
speed-ups elsewhere as well.
Making this work right required navigating some subtleties in
value profiling. Some functions get compiled with insufficient
information because some important path of the function never
executed. In these cases, we wish to fall back on static
speculation. But to do so, we need to ensure that predictions that
are inherent in the code (like that GetById almost certainly takes
a cell operand) are reflected in predictions that we make in
DFGPropagator. Thus, DFGPropagator now does both backward and
forward flow, using a both forward and backward fixpoint.
The backward flow in DFGPropagator is a separate static analysis,
and needs to keep a set of backward flow abstract values for
variables, arguments, and globals. To make this easy, this patch
factors out DFGGraph's prediction tracking capability into
DFGPredictionTracker, which now gets used by both DFGGraph (for
forward flow predictions) and DFGPropagator (for backward flow
predictions). Backward flow predictions eventually get merged
into forward flow ones, but the two are not equivalent: a forward
flow prediction is a superset of the backward flow prediction.
Debugging these prediction issues required a better understanding
of where we fail speculation, and what our value predictions look
like. This patch also adds optional verbose speculation failure
(so an informative printf fires whenever speculation failure occurs)
and slight improvements to the verbosity in other places.
* bytecode/ValueProfile.h:
(JSC::ValueProfile::numberOfBooleans):
(JSC::ValueProfile::probabilityOfBoolean):
(JSC::ValueProfile::dump):
(JSC::ValueProfile::computeStatistics):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::stronglyPredict):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::dataFormatToString):
(JSC::DFG::needDataFormatConversion):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::predictions):
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::predictGlobalVar):
(JSC::DFG::Graph::getPrediction):
(JSC::DFG::Graph::getGlobalVarPrediction):
(JSC::DFG::Graph::isBooleanConstant):
(JSC::DFG::Graph::valueOfBooleanConstant):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::isKnownNotInteger):
(JSC::DFG::JITCodeGenerator::isKnownBoolean):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::emitBranch):
(JSC::DFG::JITCodeGenerator::speculationCheck):
(JSC::DFG::GPRTemporary::GPRTemporary):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::isBooleanConstant):
(JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::debugCall):
(JSC::DFG::JITCompiler::isBooleanConstant):
(JSC::DFG::JITCompiler::valueOfBooleanConstant):
* dfg/DFGNode.h:
(JSC::DFG::isBooleanPrediction):
(JSC::DFG::predictionToString):
(JSC::DFG::mergePredictions):
(JSC::DFG::makePrediction):
(JSC::DFG::Node::isBooleanConstant):
(JSC::DFG::Node::valueOfBooleanConstant):
(JSC::DFG::Node::hasBooleanResult):
(JSC::DFG::Node::hasNumericResult):
(JSC::DFG::Node::predict):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionTracker.h: Added.
(JSC::DFG::operandIsArgument):
(JSC::DFG::PredictionSlot::PredictionSlot):
(JSC::DFG::PredictionTracker::PredictionTracker):
(JSC::DFG::PredictionTracker::initializeSimilarTo):
(JSC::DFG::PredictionTracker::numberOfArguments):
(JSC::DFG::PredictionTracker::numberOfVariables):
(JSC::DFG::PredictionTracker::argumentIndexForOperand):
(JSC::DFG::PredictionTracker::predictArgument):
(JSC::DFG::PredictionTracker::predict):
(JSC::DFG::PredictionTracker::predictGlobalVar):
(JSC::DFG::PredictionTracker::getArgumentPrediction):
(JSC::DFG::PredictionTracker::getPrediction):
(JSC::DFG::PredictionTracker::getGlobalVarPrediction):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::setPrediction):
(JSC::DFG::Propagator::mergeUse):
(JSC::DFG::Propagator::mergePrediction):
(JSC::DFG::Propagator::propagateNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
(JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
(JSC::DFG::SpeculateBooleanOperand::index):
(JSC::DFG::SpeculateBooleanOperand::gpr):
(JSC::DFG::SpeculateBooleanOperand::use):
* runtime/JSGlobalData.h:
* runtime/JSValue.cpp:
(JSC::JSValue::description):
2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (5/7)
https://bugs.webkit.org/show_bug.cgi?id=67420
Reviewed by Geoffrey Garen.
Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.
This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one. Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::create):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::JSCallbackFunction):
(JSC::JSCallbackFunction::finishCreation):
* API/JSCallbackFunction.h:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::create):
* jsc.cpp:
(GlobalObject::finishCreation):
(GlobalObject::GlobalObject):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
(JSC::ArrayConstructor::finishCreation):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::create):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
(JSC::BooleanConstructor::finishCreation):
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/BooleanObject.h:
(JSC::BooleanObject::create):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
(JSC::BooleanPrototype::finishCreation):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
(JSC::DateConstructor::finishCreation):
* runtime/DateConstructor.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
* runtime/DateInstance.h:
(JSC::DateInstance::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
(JSC::DatePrototype::finishCreation):
* runtime/DatePrototype.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
(JSC::ErrorConstructor::finishCreation):
* runtime/ErrorConstructor.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
(JSC::FunctionConstructor::finishCreation):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
(JSC::FunctionPrototype::finishCreation):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSString.cpp:
(JSC::StringObject::create):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::finishCreation):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::finishCreation):
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
(JSC::NumberConstructor::finishCreation):
* runtime/NumberConstructor.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
* runtime/NumberObject.h:
(JSC::NumberObject::create):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
(JSC::NumberPrototype::finishCreation):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
(JSC::ObjectConstructor::finishCreation):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
(JSC::RegExpConstructor::finishCreation):
(JSC::RegExpMatchesArray::RegExpMatchesArray):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::create):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
(JSC::StringConstructor::finishCreation):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
(JSC::StringPrototype::finishCreation):
* runtime/StringPrototype.h:
2011-09-06 Filip Pizlo <fpizlo@apple.com>
Accessibility tests crashing in BasicRawSentinelNode code
https://bugs.webkit.org/show_bug.cgi?id=67682
Reviewed by Geoffrey Garen.
A CodeBlock should ensure that no other CodeBlocks have references to it after
it is destroyed.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
2011-09-06 Yong Li <yoli@rim.com>
https://bugs.webkit.org/show_bug.cgi?id=67486
This reverts r65993 which gives wrong results for rshift
in some corner cases (see the test).
Reviewed by Gavin Barraclough.
New test: fast/js/floating-point-truncate-rshift.html
* assembler/ARMAssembler.h:
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
(JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
2011-09-06 Filip Pizlo <fpizlo@apple.com>
Unreviewed build fix for r94559.
Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
new out-of-line JIT-specific method definitions with !ENABLE(JIT).
* bytecode/CodeBlock.cpp:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
Fix broken PPC build due to new dtoa library
https://bugs.webkit.org/show_bug.cgi?id=67654
Reviewed by Dan Bernstein.
Added condition for PPC in the new dtoa compatibility check so that
building won't fail.
* wtf/dtoa/utils.h:
2011-09-05 Oliver Hunt <oliver@apple.com>
An object's structure should reference the global object responsible for its creation
https://bugs.webkit.org/show_bug.cgi?id=67624
Reviewed by Gavin Barraclough.
Add a reference to a GlobalObject to Structure, and update all calls to
Structure::create() to pass the global object that is the origin for that
structure. For objects where the appropriate global object isn't available
at construction time (global object prototypes, etc), or objects that
logically don't have a global object (strings, etc) we just pass null.
This change is largely mechanical (passing a new globalObject parameter
around).
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::createStructure):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::createStructure):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::createStructure):
* API/JSContextRef.cpp:
* JavaScriptCore.exp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::createStructure):
* runtime/Arguments.h:
(JSC::Arguments::createStructure):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::createStructure):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/BooleanObject.h:
(JSC::BooleanObject::createStructure):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::createStructure):
* runtime/DateConstructor.h:
(JSC::DateConstructor::createStructure):
* runtime/DateInstance.h:
(JSC::DateInstance::createStructure):
* runtime/DatePrototype.h:
(JSC::DatePrototype::createStructure):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::createStructure):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::createStructure):
* runtime/Executable.h:
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::createStructure):
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/InternalFunction.h:
(JSC::InternalFunction::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSActivation.h:
(JSC::JSActivation::createStructure):
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::createStructure):
* runtime/JSByteArray.h:
* runtime/JSFunction.h:
(JSC::JSFunction::createStructure):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::finishCreation):
(JSC::JSGlobalObject::createStructure):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::createStructure):
* runtime/JSONObject.h:
(JSC::JSONObject::createStructure):
* runtime/JSObject.cpp:
(JSC::JSObject::createInheritorID):
* runtime/JSObject.h:
(JSC::JSObject::createStructure):
(JSC::JSNonFinalObject::createStructure):
(JSC::JSFinalObject::createStructure):
(JSC::createEmptyObjectStructure):
* runtime/JSObjectWithGlobalObject.h:
(JSC::JSObjectWithGlobalObject::createStructure):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::createStructure):
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::createStructure):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::createStructure):
* runtime/MathObject.h:
(JSC::MathObject::createStructure):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::createStructure):
(JSC::NativeErrorConstructor::constructorBody):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::createStructure):
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::createStructure):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::createStructure):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::createStructure):
* runtime/RegExp.h:
(JSC::RegExp::createStructure):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::createStructure):
* runtime/RegExpObject.h:
(JSC::RegExpObject::createStructure):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::createStructure):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::createStructure):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::createStructure):
* runtime/StringConstructor.h:
(JSC::StringConstructor::createStructure):
* runtime/StringObject.h:
(JSC::StringObject::createStructure):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::create):
(JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
* runtime/StringPrototype.h:
(JSC::StringPrototype::createStructure):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::globalObject):
(JSC::Structure::setGlobalObject):
* runtime/StructureChain.h:
(JSC::StructureChain::createStructure):
2011-09-06 Michael Saboff <msaboff@apple.com>
Add windows changes for JSC:RegExp functional tests
https://bugs.webkit.org/show_bug.cgi?id=67521
Windows build changes for regular expression functional test.
Rubber-stamped by Gavin Barraclough.
* JavaScriptCore.vcproj/JavaScriptCore.sln:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/testRegExp: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
2011-09-06 Filip Pizlo <fpizlo@apple.com>
JavaScriptCore does not have tiered compilation
https://bugs.webkit.org/show_bug.cgi?id=67176
Reviewed by Gavin Barraclough.
This adds the ability to have multiple CodeBlocks associated with
a particular role in an Executable. These are stored in
descending order of compiler tier. CodeBlocks are optimized when
a counter (m_executeCounter) that is incremented in loops and
epilogues becomes positive. Optimizing means that all calls to
the old CodeBlock are unlinked.
The DFG can now pull in predictions from ValueProfiles, and
propagate them along the graph. To support the new phase while
maintaing some level of abstraction, a DFGDriver was introduced
that encapsulates how to run the DFG compiler.
This is turned off by default because it's not yet a performance
win on all benchmarks. It speeds up crypto and richards by
10% and 6% respectively, but still does not do as good of a job
as it could. Notably, the DFG backend has not changed, and
is largely oblivious to the new information being made available
to it.
When turned off (the default), this patch is performance neutral.
* CMakeLists.txt:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::branchAdd32):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::branchAdd32):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CallLinkInfo::unlink):
(JSC::CodeBlock::unlinkCalls):
(JSC::CodeBlock::unlinkIncomingCalls):
(JSC::CodeBlock::clearEvalCache):
(JSC::replaceExistingEntries):
(JSC::CodeBlock::copyDataFromAlternative):
(JSC::ProgramCodeBlock::replacement):
(JSC::EvalCodeBlock::replacement):
(JSC::FunctionCodeBlock::replacement):
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::compileOptimized):
* bytecode/CodeBlock.h:
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ProgramCodeBlock::ProgramCodeBlock):
(JSC::EvalCodeBlock::EvalCodeBlock):
(JSC::FunctionCodeBlock::FunctionCodeBlock):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::dump):
(JSC::ValueProfile::computeStatistics):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* bytecompiler/BytecodeGenerator.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::dynamicallyPredict):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::parse):
* dfg/DFGDriver.cpp: Added.
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGDriver.h: Added.
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::predictGlobalVar):
(JSC::DFG::Graph::isConstant):
(JSC::DFG::Graph::isJSConstant):
(JSC::DFG::Graph::isInt32Constant):
(JSC::DFG::Graph::isDoubleConstant):
(JSC::DFG::Graph::valueOfJSConstant):
(JSC::DFG::Graph::valueOfInt32Constant):
(JSC::DFG::Graph::valueOfDoubleConstant):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::isConstant):
(JSC::DFG::JITCompiler::isJSConstant):
(JSC::DFG::JITCompiler::isInt32Constant):
(JSC::DFG::JITCompiler::isDoubleConstant):
(JSC::DFG::JITCompiler::valueOfJSConstant):
(JSC::DFG::JITCompiler::valueOfInt32Constant):
(JSC::DFG::JITCompiler::valueOfDoubleConstant):
* dfg/DFGNode.h:
(JSC::DFG::isCellPrediction):
(JSC::DFG::isNumberPrediction):
(JSC::DFG::predictionToString):
(JSC::DFG::mergePrediction):
(JSC::DFG::makePrediction):
(JSC::DFG::Node::valueOfJSConstant):
(JSC::DFG::Node::isInt32Constant):
(JSC::DFG::Node::isDoubleConstant):
(JSC::DFG::Node::valueOfInt32Constant):
(JSC::DFG::Node::valueOfDoubleConstant):
(JSC::DFG::Node::predict):
* dfg/DFGPropagation.cpp: Added.
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::setPrediction):
(JSC::DFG::Propagator::mergePrediction):
(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::propagateForward):
(JSC::DFG::Propagator::propagateBackward):
(JSC::DFG::propagate):
* dfg/DFGPropagation.h: Added.
(JSC::DFG::propagate):
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor):
* heap/HandleHeap.h:
(JSC::HandleHeap::Node::Node):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
(JSC::JIT::emitTimeoutCheck):
(JSC::JIT::privateCompile):
(JSC::JIT::linkFor):
* jit/JIT.h:
(JSC::JIT::emitOptimizationCheck):
* jit/JITCall32_64.cpp:
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_ret_object_or_this):
* jit/JITCode.h:
(JSC::JITCode::JITCode):
(JSC::JITCode::bottomTierJIT):
(JSC::JITCode::topTierJIT):
(JSC::JITCode::nextTierJIT):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_ret_object_or_this):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileOptimized):
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileOptimized):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::EvalExecutable::compile):
(JSC::ProgramExecutable::compile):
(JSC::FunctionExecutable::compileForCall):
(JSC::FunctionExecutable::compileForConstruct):
(JSC::FunctionExecutable::compileOptimizedFor):
* wtf/Platform.h:
* wtf/SentinelLinkedList.h:
(WTF::BasicRawSentinelNode::BasicRawSentinelNode):
(WTF::BasicRawSentinelNode::setPrev):
(WTF::BasicRawSentinelNode::setNext):
(WTF::BasicRawSentinelNode::prev):
(WTF::BasicRawSentinelNode::next):
(WTF::BasicRawSentinelNode::isOnList):
(WTF::::remove):
(WTF::::SentinelLinkedList):
(WTF::::begin):
(WTF::::end):
(WTF::::push):
2011-09-05 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r94445 and r94448.
http://trac.webkit.org/changeset/94445
http://trac.webkit.org/changeset/94448
https://bugs.webkit.org/show_bug.cgi?id=67595
It broke everything (Requested by ossy on #webkit).
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* heap/Heap.cpp:
(JSC::Heap::collect):
* heap/Heap.h:
* heap/NewSpace.cpp:
(JSC::NewSpace::NewSpace):
* heap/NewSpace.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSC::JSObject::~JSObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::transitionTo):
(JSC::JSObject::visitChildrenDirect):
2011-09-05 Patrick Gansterer <paroga@webkit.org>
Unreviewed build fix for r94452.
Add config.h as the first header to the cc files as required by the coding style.
Reuse macros from Assertions.h instead of adding addional #ifdefs.
* wtf/dtoa/bignum-dtoa.cc:
* wtf/dtoa/bignum.cc:
* wtf/dtoa/cached-powers.cc:
* wtf/dtoa/diy-fp.cc:
* wtf/dtoa/double-conversion.cc:
* wtf/dtoa/fast-dtoa.cc:
* wtf/dtoa/fixed-dtoa.cc:
* wtf/dtoa/strtod.cc:
* wtf/dtoa/utils.h:
2011-09-05 Andras Becsi <andras.becsi@nokia.com>
[Qt][WK2] Fix the build
Rubber-stamped by Csaba Osztrogonác.
* wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
The variable fractional_part is only set but never used.
2011-09-04 Mark Hahnenberg <mhahnenberg@apple.com>
REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
https://bugs.webkit.org/show_bug.cgi?id=67562
Reviewed by Darin Adler.
Fixing the build (again which was broken by the dtoa patch. Needed
to make sure WTF::double_conversion::initialize() is called for Qt
as well as adding a check for WinCE in dtoa/utils.h
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* wtf/dtoa/cached-powers.cc:
* wtf/dtoa/utils.h:
2011-09-03 Filip Pizlo <fpizlo@apple.com>
ThunkGenerators does not convert positive double zero into integer zero
https://bugs.webkit.org/show_bug.cgi?id=67553
Reviewed by Gavin Barraclough.
This is an 0.5% speed-up on V8 and neutral elsewhere.
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::returnDouble):
2011-09-03 Kevin Ollivier <kevino@theolliviers.com>
[wx] Unreviewed build fix. Add wtf/dtoa directory to build.
* wscript:
2011-09-03 Filip Pizlo <fpizlo@apple.com>
DFG variable predictions only work for local variables, not temporaries
https://bugs.webkit.org/show_bug.cgi?id=67554
Reviewed by Gavin Barraclough.
This appears to be a slight speed-up in Kraken (0.3% but significant)
and neutral elsewhere.
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
2011-09-02 Filip Pizlo <fpizlo@apple.com>
DFG JIT speculation failure does recovery of additions in reverse and
doesn't rebox
https://bugs.webkit.org/show_bug.cgi?id=67551
Reviewed by Sam Weinig.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2011-09-02 Filip Pizlo <fpizlo@apple.com>
ValueProfile does not make it safe to introspect cell values
after garbage collection
https://bugs.webkit.org/show_bug.cgi?id=67354
Reviewed by Gavin Barraclough.
ValueProfile buckets are now weak references, implemented using a
light-weight weak reference mechanism that this patch also adds (the
WeakReferenceHarvester). If a cell stored in a ValueProfile bucket
is not marked, then the bucket is transformed into a Structure
pointer. If the Structure is not marked either, then it is turned
into a ClassInfo pointer.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::visitWeakReferences):
* bytecode/CodeBlock.h:
* bytecode/ValueProfile.h:
(JSC::ValueProfile::ValueProfile):
(JSC::ValueProfile::classInfo):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfCells):
(JSC::ValueProfile::numberOfArrays):
(JSC::ValueProfile::probabilityOfArray):
(JSC::ValueProfile::WeakBucket::WeakBucket):
(JSC::ValueProfile::WeakBucket::operator!):
(JSC::ValueProfile::WeakBucket::isEmpty):
(JSC::ValueProfile::WeakBucket::isClassInfo):
(JSC::ValueProfile::WeakBucket::isStructure):
(JSC::ValueProfile::WeakBucket::asStructure):
(JSC::ValueProfile::WeakBucket::asClassInfo):
(JSC::ValueProfile::WeakBucket::getClassInfo):
* heap/Heap.cpp:
(JSC::Heap::harvestWeakReferences):
(JSC::Heap::markRoots):
* heap/Heap.h:
* heap/MarkStack.cpp:
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::harvestWeakReferences):
* heap/MarkStack.h:
(JSC::MarkStack::addWeakReferenceHarvester):
(JSC::MarkStack::MarkStack):
(JSC::MarkStack::appendUnbarrieredPointer):
* heap/SlotVisitor.h:
* heap/WeakReferenceHarvester.h: Added.
(JSC::WeakReferenceHarvester::WeakReferenceHarvester):
(JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
2011-09-02 Michael Saboff <msaboff@apple.com>
Replace local implementation of string equals() methods with UString versions
https://bugs.webkit.org/show_bug.cgi?id=67342
In preparation to allowing StringImpl to be backed by 8 bit
characters when appropriate, we need to eliminate or change the
usage of StringImpl::characters(). Change the uses of characters()
that are used to implement redundant equals() methods.
Reviewed by Gavin Barraclough.
* runtime/Identifier.cpp:
(JSC::Identifier::equal):
* runtime/Identifier.h:
(JSC::Identifier::equal):
* wtf/text/AtomicString.cpp:
(WTF::CStringTranslator::equal): Moved an optimized method to here.
(WTF::operator==):
* wtf/text/StringImpl.cpp:
(WTF::equal):
* wtf/text/StringImpl.h:
2011-09-02 Michael Saboff <msaboff@apple.com>
Add JSC:RegExp functional tests
https://bugs.webkit.org/show_bug.cgi?id=67339
Added new test driver program (testRegExp) and corresponding data file
along with build scripts changes.
Reviewed by Gavin Barraclough.
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* testRegExp.cpp: Added.
(Options::Options):
(StopWatch::start):
(StopWatch::stop):
(StopWatch::getElapsedMS):
(RegExpTest::RegExpTest):
(GlobalObject::create):
(GlobalObject::className):
(GlobalObject::GlobalObject):
(main):
(cleanupGlobalData):
(testOneRegExp):
(scanString):
(parseRegExpLine):
(parseTestLine):
(runFromFiles):
(printUsageStatement):
(parseArguments):
(realMain):
* tests/regexp: Added.
* tests/regexp/RegExpTest.data: Added.
2011-09-02 Michael Saboff <msaboff@apple.com>
Add JSC:RegExp functional test data generator
https://bugs.webkit.org/show_bug.cgi?id=67519
Add a data generator for regular expressions. To enable, change the
#undef REGEXP_FUNC_TEST_DATA_GEN to #define. Then compile and use
regular expressions. The resulting data will be in /tmp/RegExpTestsData.
Reviewed by Gavin Barraclough.
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExpFunctionalTestCollector::get):
(JSC::RegExpFunctionalTestCollector::outputOneTest):
(JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
(JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
(JSC::RegExpFunctionalTestCollector::outputEscapedUString):
(JSC::RegExp::~RegExp):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::matchCompareWithInterpreter):
2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
Fix the broken build due to dtoa patch
https://bugs.webkit.org/show_bug.cgi?id=67534
Reviewed by Oliver Hunt.
Fixing the build.
* GNUmakefile.list.am:
* wtf/dtoa/bignum.cc:
* wtf/dtoa/fast-dtoa.cc:
* wtf/dtoa/utils.h:
2011-09-02 Oliver Hunt <oliver@apple.com>
Remove OldSpace classes
https://bugs.webkit.org/show_bug.cgi?id=67533
Reviewed by Gavin Barraclough.
Remove the unused OldSpace classes
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp:
(JSC::Heap::writeBarrierSlowCase):
* heap/MarkedBlock.h:
* heap/OldSpace.cpp: Removed.
* heap/OldSpace.h: Removed.
2011-09-02 James Robinson <jamesr@chromium.org>
Compile fix for mac build.
* wtf/CheckedArithmetic.h:
(WTF::operator+):
(WTF::operator-):
(WTF::operator*):
2011-08-30 Matthew Delaney <mdelaney@apple.com>
Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
https://bugs.webkit.org/show_bug.cgi?id=65352
Reviewed by Simon Fraser.
New test: fast/canvas/canvas-getImageData-large-crash.html
This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
calls that specify widths and heights that end up overflowing the ints that we store those values in
as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
is just to add a new helper method described below.
* wtf/MathExtras.h:
(isWithinIntRange): Reports if a float's value is within the range expressible by an int.
2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
Incorporate newer, faster dtoa library
https://bugs.webkit.org/show_bug.cgi?id=66346
Reviewed by Oliver Hunt.
Added new dtoa library at http://code.google.com/p/double-conversion/.
Replaced old call to dtoa. The new library is much faster than the old one.
We still use the old dtoa for some stuff in WebCore as well as the old strtod,
but we can phase these out eventually as well.
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/InitializeThreading.cpp:
* runtime/NumberPrototype.cpp:
(JSC::numberProtoFuncToExponential):
(JSC::numberProtoFuncToFixed):
(JSC::numberProtoFuncToPrecision):
* runtime/UString.cpp:
(JSC::UString::number):
* wtf/CMakeLists.txt:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading):
* wtf/ThreadingWin.cpp:
(WTF::initializeThreading):
* wtf/dtoa.cpp:
(WTF::dtoa):
* wtf/dtoa.h:
* wtf/dtoa/COPYING: Added.
* wtf/dtoa/LICENSE: Added.
* wtf/dtoa/README: Added.
* wtf/dtoa/bignum-dtoa.cc: Added.
* wtf/dtoa/bignum-dtoa.h: Added.
* wtf/dtoa/bignum.cc: Added.
* wtf/dtoa/bignum.h: Added.
(WTF::double_conversion::Bignum::Times10):
(WTF::double_conversion::Bignum::Equal):
(WTF::double_conversion::Bignum::LessEqual):
(WTF::double_conversion::Bignum::Less):
(WTF::double_conversion::Bignum::PlusEqual):
(WTF::double_conversion::Bignum::PlusLessEqual):
(WTF::double_conversion::Bignum::PlusLess):
(WTF::double_conversion::Bignum::EnsureCapacity):
(WTF::double_conversion::Bignum::BigitLength):
* wtf/dtoa/cached-powers.cc: Added.
* wtf/dtoa/cached-powers.h: Added.
* wtf/dtoa/diy-fp.cc: Added.
* wtf/dtoa/diy-fp.h: Added.
(WTF::double_conversion::DiyFp::DiyFp):
(WTF::double_conversion::DiyFp::Subtract):
(WTF::double_conversion::DiyFp::Minus):
(WTF::double_conversion::DiyFp::Times):
(WTF::double_conversion::DiyFp::Normalize):
(WTF::double_conversion::DiyFp::f):
(WTF::double_conversion::DiyFp::e):
(WTF::double_conversion::DiyFp::set_f):
(WTF::double_conversion::DiyFp::set_e):
* wtf/dtoa/double-conversion.cc: Added.
* wtf/dtoa/double-conversion.h: Added.
(WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
(WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
* wtf/dtoa/double.h: Added.
(WTF::double_conversion::double_to_uint64):
(WTF::double_conversion::uint64_to_double):
(WTF::double_conversion::Double::Double):
(WTF::double_conversion::Double::AsDiyFp):
(WTF::double_conversion::Double::AsNormalizedDiyFp):
(WTF::double_conversion::Double::AsUint64):
(WTF::double_conversion::Double::NextDouble):
(WTF::double_conversion::Double::Exponent):
(WTF::double_conversion::Double::Significand):
(WTF::double_conversion::Double::IsDenormal):
(WTF::double_conversion::Double::IsSpecial):
(WTF::double_conversion::Double::IsNan):
(WTF::double_conversion::Double::IsInfinite):
(WTF::double_conversion::Double::Sign):
(WTF::double_conversion::Double::UpperBoundary):
(WTF::double_conversion::Double::NormalizedBoundaries):
(WTF::double_conversion::Double::value):
(WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
(WTF::double_conversion::Double::Infinity):
(WTF::double_conversion::Double::NaN):
(WTF::double_conversion::Double::DiyFpToUint64):
* wtf/dtoa/fast-dtoa.cc: Added.
* wtf/dtoa/fast-dtoa.h: Added.
* wtf/dtoa/fixed-dtoa.cc: Added.
* wtf/dtoa/fixed-dtoa.h: Added.
* wtf/dtoa/strtod.cc: Added.
* wtf/dtoa/strtod.h: Added.
* wtf/dtoa/utils.h: Added.
(WTF::double_conversion::Max):
(WTF::double_conversion::Min):
(WTF::double_conversion::StrLength):
(WTF::double_conversion::Vector::Vector):
(WTF::double_conversion::Vector::SubVector):
(WTF::double_conversion::Vector::length):
(WTF::double_conversion::Vector::is_empty):
(WTF::double_conversion::Vector::start):
(WTF::double_conversion::Vector::operator[]):
(WTF::double_conversion::Vector::first):
(WTF::double_conversion::Vector::last):
(WTF::double_conversion::StringBuilder::StringBuilder):
(WTF::double_conversion::StringBuilder::~StringBuilder):
(WTF::double_conversion::StringBuilder::size):
(WTF::double_conversion::StringBuilder::position):
(WTF::double_conversion::StringBuilder::Reset):
(WTF::double_conversion::StringBuilder::AddCharacter):
(WTF::double_conversion::StringBuilder::AddString):
(WTF::double_conversion::StringBuilder::AddSubstring):
(WTF::double_conversion::StringBuilder::AddPadding):
(WTF::double_conversion::StringBuilder::Finalize):
(WTF::double_conversion::StringBuilder::is_finalized):
(WTF::double_conversion::BitCast):
* wtf/wtf.pri:
2011-09-02 Filip Pizlo <fpizlo@apple.com>
DFG graph has no way of distinguishing or reconciling between static
and dynamic predictions
https://bugs.webkit.org/show_bug.cgi?id=67343
Reviewed by Gavin Barraclough.
PredictedType now stores the source of the prediction. Merging predictions,
which was previously done with a bitwise or, is now done via the
mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
functions, which correctly handle combinations of static and dynamic.
This is performance-neutral, since all predictions are currently static and
so the code has no visible effects.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::staticallyPredictArray):
(JSC::DFG::ByteCodeParser::staticallyPredictInt32):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::predictGlobalVar):
* dfg/DFGNode.h:
(JSC::DFG::isArrayPrediction):
(JSC::DFG::isInt32Prediction):
(JSC::DFG::isDoublePrediction):
(JSC::DFG::isDynamicPrediction):
(JSC::DFG::mergePredictions):
(JSC::DFG::mergePrediction):
(JSC::DFG::makePrediction):
(JSC::DFG::Node::predict):
2011-09-02 Oliver Hunt <oliver@apple.com>
Fix 32bit build.
* heap/NewSpace.h:
(JSC::NewSpace::allocatePropertyStorage):
(JSC::NewSpace::inPropertyStorageNursery):
2011-09-02 Oliver Hunt <oliver@apple.com>
Use bump allocator for initial property storage
https://bugs.webkit.org/show_bug.cgi?id=67494
Reviewed by Gavin Barraclough.
Switch to a bump allocator for the initial out of line
property storage. This gives us slightly faster allocation
for short lived objects that need out of line storage at
the cost of an additional memcpy when the object survives
a GC pass.
No performance impact.
* JavaScriptCore.exp:
* heap/Heap.cpp:
(JSC::Heap::collect):
* heap/Heap.h:
(JSC::Heap::allocatePropertyStorage):
(JSC::Heap::inPropertyStorageNursary):
* heap/NewSpace.cpp:
(JSC::NewSpace::NewSpace):
* heap/NewSpace.h:
(JSC::NewSpace::resetPropertyStorageNursary):
(JSC::NewSpace::allocatePropertyStorage):
(JSC::NewSpace::inPropertyStorageNursary):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSC::JSObject::~JSObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::transitionTo):
(JSC::JSObject::visitChildrenDirect):
2011-09-01 Mark Rowe <mrowe@apple.com>
Fix the build.
* JavaScriptCore.JSVALUE32_64only.exp:
* JavaScriptCore.JSVALUE64only.exp:
* JavaScriptCore.exp:
2011-09-01 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (4/7)
https://bugs.webkit.org/show_bug.cgi?id=67174
Reviewed by Oliver Hunt.
Completed the fourth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.
This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one. Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
(JSC::JSCallbackConstructor::finishCreation):
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::create):
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
(JSC::::finishCreation):
* JavaScriptCore.JSVALUE64only.exp:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::DebuggerActivation):
(JSC::DebuggerActivation::create):
* debugger/DebuggerActivation.h:
* runtime/Arguments.h:
(JSC::Arguments::create):
(JSC::Arguments::createNoParameters):
(JSC::Arguments::Arguments):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
(JSC::ArrayPrototype::finishCreation):
* runtime/ArrayPrototype.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
(JSC::BooleanObject::finishCreation):
* runtime/BooleanObject.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
(JSC::DateInstance::finishCreation):
* runtime/DateInstance.h:
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::create):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
(JSC::ErrorPrototype::finishCreation):
* runtime/ErrorPrototype.h:
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::InterruptedExecutionError::create):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
(JSC::TerminatedExecutionError::create):
* runtime/Executable.cpp:
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):
* runtime/Executable.h:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::NativeExecutable):
(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::create):
(JSC::FunctionExecutable::create):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
(JSC::InternalFunction::finishCreation):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
(JSC::JSActivation::finishCreation):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
* runtime/JSArray.h:
(JSC::JSArray::create):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::JSByteArray):
* runtime/JSByteArray.h:
(JSC::JSByteArray::create):
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::finishCreation):
* runtime/JSFunction.h:
(JSC::JSFunction::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::finishCreation):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::JSNotAnObject):
(JSC::JSNotAnObject::create):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
(JSC::JSONObject::finishCreation):
* runtime/JSONObject.h:
* runtime/JSObjectWithGlobalObject.cpp:
(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
* runtime/JSObjectWithGlobalObject.h:
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::finishCreation):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::JSVariableObject):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::JSWrapperObject):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
(JSC::MathObject::finishCreation):
* runtime/MathObject.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
(JSC::NumberObject::finishCreation):
* runtime/NumberObject.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::create):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpMatchesArray::RegExpMatchesArray):
(JSC::RegExpMatchesArray::finishCreation):
* runtime/RegExpMatchesArray.h:
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
(JSC::RegExpObject::finishCreation):
* runtime/RegExpObject.h:
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::StrictEvalActivation):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::create):
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
(JSC::StringObject::finishCreation):
* runtime/StringObject.h:
2011-09-01 Daniel Bates <dbates@rim.com>
QNX GCC distribution doesn't support vasprintf()
https://bugs.webkit.org/show_bug.cgi?id=67423
Reviewed by Antonio Gomes.
* wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
2011-09-01 Michael Saboff <msaboff@apple.com>
Remove simple usage of UString::characters() from JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=67340
In preparation to allowing StringImpl to be backed by 8 bit
characters when appropriate, we need to eliminate or change the
usage of StringImpl::characters(). Most of the changes below
change s->characters()[0] to s[0].
Reviewed by Geoffrey Garen.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::keyForCharacterSwitch):
* bytecompiler/NodesCodegen.cpp:
(JSC::processClauseList):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Identifier.cpp:
(JSC::Identifier::addSlowCase):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::jsToNumber):
(JSC::parseFloat):
* runtime/JSString.cpp:
(JSC::JSString::substringFromRope):
* runtime/JSString.h:
(JSC::jsSingleCharacterSubstring):
(JSC::jsString):
(JSC::jsSubstring):
(JSC::jsOwnedString):
* runtime/RegExp.cpp:
(JSC::regExpFlags):
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::operator[]):
2011-09-01 Ada Chan <adachan@apple.com>
Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
Reviewed by Darin Adler.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-09-01 Hao Zheng <zhenghao@chromium.org>
Define PTHREAD_KEYS_MAX to fix Android port build.
https://bugs.webkit.org/show_bug.cgi?id=67362
Reviewed by Adam Barth.
PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
* wtf/ThreadIdentifierDataPthreads.cpp:
2011-08-31 Oliver Hunt <oliver@apple.com>
Fix build.
* wtf/CheckedArithmetic.h:
(WTF::Checked::Checked):
(WTF::Checked::operator=):
2011-08-31 Oliver Hunt <oliver@apple.com>
fast/regex/overflow.html asserts in debug builds
https://bugs.webkit.org/show_bug.cgi?id=67326
Reviewed by Gavin Barraclough.
The deliberate overflows in these expressions don't interact nicely
with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
intermediate calculations.
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
2011-08-31 Jeff Miller <jeffm@apple.com>
REGRESSION(92210): AVFoundation media engine is disabled on OS X
https://bugs.webkit.org/show_bug.cgi?id=67316
Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
changes that were made in r92210.
Reviewed by Darin Adler.
* wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
2011-08-31 Peter Beverloo <peter@chromium.org>
Add Android's platform specification and the right atomic functions.
https://bugs.webkit.org/show_bug.cgi?id=66687
Reviewed by Adam Barth.
* wtf/Atomics.h:
(WTF::atomicIncrement):
(WTF::atomicDecrement):
* wtf/Platform.h:
2011-08-30 Oliver Hunt <oliver@apple.com>
Add support for checked arithmetic
https://bugs.webkit.org/show_bug.cgi?id=67095
Reviewed by Sam Weinig.
Add a checked arithmetic class Checked<T> that provides overflow-safe
arithmetic over all integral types. Checked<T> supports addition, subtraction
and multiplication, along with "bool" conversions and equality operators.
Checked<> can be used in either CRASH() on overflow or delayed failure modes,
although the default is to CRASH().
To ensure the code is actually in use (rather than checking in dead code) I've
made a couple of properties in YARR use Checked<int> and Checked<unsigned>
instead of raw value arithmetic. This has resulted in a moderate set of changes,
to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
to unsigned for some uses of sizeof, as Checked<> currently does not support
mixed signed-ness of types wider that 32 bits.
Happily the increased type safety of Checked<> means that it's not possible to
accidentally assign away precision, nor accidentally call integer overload of
a function instead of the bool version.
No measurable regression in performance, and SunSpider claims this patch to be
a progression of 0.3%.
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CheckedArithmetic.h: Added.
(WTF::CrashOnOverflow::overflowed):
(WTF::CrashOnOverflow::clearOverflow):
(WTF::CrashOnOverflow::hasOverflowed):
(WTF::RecordOverflow::RecordOverflow):
(WTF::RecordOverflow::overflowed):
(WTF::RecordOverflow::clearOverflow):
(WTF::RecordOverflow::hasOverflowed):
(WTF::isInBounds):
(WTF::safeAdd):
(WTF::safeSub):
(WTF::safeMultiply):
(WTF::safeEquals):
(WTF::workAroundClangBug):
(WTF::Checked::Checked):
(WTF::Checked::operator=):
(WTF::Checked::operator++):
(WTF::Checked::operator--):
(WTF::Checked::operator!):
(WTF::Checked::operator UnspecifiedBoolType*):
(WTF::Checked::get):
(WTF::Checked::operator+=):
(WTF::Checked::operator-=):
(WTF::Checked::operator*=):
(WTF::Checked::operator==):
(WTF::Checked::operator!=):
(WTF::operator+):
(WTF::operator-):
(WTF::operator*):
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::ByteCompiler::atomPatternCharacter):
(JSC::Yarr::ByteCompiler::atomCharacterClass):
(JSC::Yarr::ByteCompiler::atomBackReference):
(JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
* yarr/YarrInterpreter.h:
(JSC::Yarr::ByteTerm::ByteTerm):
(JSC::Yarr::ByteTerm::CheckInput):
(JSC::Yarr::ByteTerm::UncheckInput):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generateAssertionEOL):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
(JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
* yarr/YarrPattern.h:
2011-08-31 Andrei Popescu <andreip@google.com>
Investigate current uses of OS(ANDROID)
https://bugs.webkit.org/show_bug.cgi?id=66761
Unreviewed, build fix for ARM platforms.
* wtf/Platform.h:
2011-08-31 Andrei Popescu <andreip@google.com>
Investigate current uses of OS(ANDROID)
https://bugs.webkit.org/show_bug.cgi?id=66761
Reviewed by Darin Adler.
Remove the last legacy Android code.
No new tests needed as the code wasn't tested in the first place.
* wtf/Atomics.h:
* wtf/Platform.h:
* wtf/ThreadingPthreads.cpp:
(WTF::createThreadInternal):
2011-08-30 Aaron Colwell <acolwell@chromium.org>
Add MediaSource API to HTMLMediaElement
https://bugs.webkit.org/show_bug.cgi?id=64731
Reviewed by Eric Carlson.
* Configurations/FeatureDefines.xcconfig:
2011-08-30 Oliver Hunt <oliver@apple.com>
TypedArrays don't ensure that denormalised values are normalised
https://bugs.webkit.org/show_bug.cgi?id=67178
Reviewed by Gavin Barraclough.
Add a couple of assertions to jsNumber() to ensure that
we block signaling NaNs
* runtime/JSValue.h:
(JSC::jsDoubleNumber):
(JSC::jsNumber):
2011-08-30 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
[Qt] Do not unconditionally use pkg-config in .pro files
https://bugs.webkit.org/show_bug.cgi?id=67055
Reviewed by Andreas Kling.
Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
Using the first pkg-config in PATH is prone to errors when cross
compiling inside the Qt repository (using Qt's build-system).
This patch protect calls for pkg-config with
!contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
QT_CONFIG by Qt's 'configure' when cross-compiling on systems
without pkg-config.
The respective change in Qt's configure has been submited already.
No new tests as this is just a build change.
* wtf/wtf.pri: protect pkg-config calls
2011-08-29 Daniel Bates <dbates@webkit.org>
Add HAVE(VASPRINTF) macro to test for vasprintf() support
https://bugs.webkit.org/show_bug.cgi?id=67156
Reviewed by Darin Adler.
Encapsulate testing of vasprintf() support in a HAVE macro
instead of hardcoding the list of supported/unsupported
compilers at the call site.
* wtf/Platform.h:
2011-08-29 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (3/7)
https://bugs.webkit.org/show_bug.cgi?id=67064
Reviewed by Darin Adler.
Completed the third level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.
This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one. Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::DebuggerActivation):
(JSC::DebuggerActivation::finishCreation):
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::create):
* runtime/Arguments.h:
(JSC::Arguments::create):
(JSC::Arguments::createNoParameters):
(JSC::Arguments::Arguments):
(JSC::Arguments::finishCreation):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::finishCreation):
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
* runtime/Executable.cpp:
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):
Moved the assignment of m_firstLine and m_lastLine into the
FunctionExecutable::finishCreation() method in Executable.h
* runtime/Executable.h:
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::create):
(JSC::FunctionExecutable::create):
(JSC::FunctionExecutable::finishCreation):
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
(JSC::JSArray::finishCreation):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::JSByteArray):
* runtime/JSByteArray.h:
(JSC::JSByteArray::finishCreation):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::JSNotAnObject):
* runtime/JSObject.h:
(JSC::JSNonFinalObject::JSNonFinalObject):
* runtime/JSObjectWithGlobalObject.cpp:
(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
(JSC::JSObjectWithGlobalObject::finishCreation):
* runtime/JSObjectWithGlobalObject.h:
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::JSVariableObject):
(JSC::JSVariableObject::finishCreation):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::JSWrapperObject):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
(JSC::ObjectPrototype::finishCreation):
* runtime/ObjectPrototype.h:
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::StrictEvalActivation):
2011-08-29 Andreas Kling <kling@webkit.org>
Unreviewed build fix after r93990.
* wtf/HashTable.h:
2011-08-29 Andreas Kling <kling@webkit.org>
Viewing a post on reddit.com wastes a lot of memory on event listeners.
https://bugs.webkit.org/show_bug.cgi?id=67133
Reviewed by Darin Adler.
Add a minimum table size to the HashTraits, instead of having it hard coded.
The default value remains at 64, but can now be specialized.
* runtime/StructureTransitionTable.h:
* wtf/HashTable.h:
(WTF::HashTable::shouldShrink):
(WTF::::expand):
(WTF::::checkTableConsistencyExceptSize):
* wtf/HashTraits.h:
2011-08-28 Jonathan Liu <net147@gmail.com>
Fix build error when compiling with MinGW-w64 by disabling JIT
on Windows 64-bit
https://bugs.webkit.org/show_bug.cgi?id=61235
Reviewed by Gavin Barraclough.
The fixed mmap executable allocator for JIT on x86_64 requires
sys/mman.h which is not available on Windows.
* wtf/Platform.h:
2011-08-27 Filip Pizlo <fpizlo@apple.com>
JSC::Executable is inconsistent about using weak handle finalizers
and destructors for releasing memory
https://bugs.webkit.org/show_bug.cgi?id=67072
Reviewed by Darin Adler.
Moved more of the destruction of Executable state into the finalizer,
which also resulted in an opportunity to mostly combine this with
discardCode(). This also means that the finalizer is now enabled even
when the JIT is turned off. This is performance neutral on SunSpider,
V8, and Kraken.
* runtime/Executable.cpp:
(JSC::ExecutableBase::clearCode):
(JSC::ExecutableFinalizer::finalize):
(JSC::EvalExecutable::clearCode):
(JSC::ProgramExecutable::clearCode):
(JSC::FunctionExecutable::discardCode):
(JSC::FunctionExecutable::clearCode):
* runtime/Executable.h:
(JSC::ExecutableBase::finishCreation):
2011-08-26 Gavin Barraclough <barraclough@apple.com>
DFG JIT - ArithMod may clobber operands.
https://bugs.webkit.org/show_bug.cgi?id=67085
Reviewed by Sam Weinig.
unboxDouble must be called on a temporary.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::boxDouble):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2011-08-26 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (2/7)
https://bugs.webkit.org/show_bug.cgi?id=66957
Reviewed by Darin Adler.
Completed the second level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.
* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::create):
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::finishCreation):
(JSC::NativeExecutable::NativeExecutable):
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::ScriptExecutable::finishCreation):
* runtime/GetterSetter.h:
(JSC::GetterSetter::GetterSetter):
(JSC::GetterSetter::create):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::create):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSObject.h:
(JSC::JSNonFinalObject::JSNonFinalObject):
(JSC::JSNonFinalObject::finishCreation):
(JSC::JSFinalObject::create):
(JSC::JSFinalObject::finishCreation):
(JSC::JSFinalObject::JSFinalObject):
(JSC::JSObject::JSObject):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::JSPropertyNameIterator):
(JSC::JSPropertyNameIterator::create):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::create):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::createWithoutCaching):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
(JSC::ScopeChainNode::create):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::finishCreation):
(JSC::Structure::createStructure):
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
2011-08-26 Filip Pizlo <fpizlo@apple.com>
The GC does not have a facility for profiling the kinds of objects
that occupy the heap
https://bugs.webkit.org/show_bug.cgi?id=66849
Reviewed by Geoffrey Garen.
Destructor calls and object scans are now optionally counted, per
vtable. When the heap is destroyed and profiling is enabled, the
counts are dumped, with care taken to print the names of classes
(modulo C++ mangling) sorted in descending commonality.
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp:
(JSC::Heap::destroy):
* heap/Heap.h:
* heap/MarkStack.cpp:
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::drain):
* heap/MarkStack.h:
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::callDestructor):
* heap/MarkedBlock.h:
* heap/VTableSpectrum.cpp: Added.
(JSC::VTableSpectrum::VTableSpectrum):
(JSC::VTableSpectrum::~VTableSpectrum):
(JSC::VTableSpectrum::countVPtr):
(JSC::VTableSpectrum::count):
(JSC::VTableAndCount::VTableAndCount):
(JSC::VTableAndCount::operator<):
(JSC::VTableSpectrum::dump):
* heap/VTableSpectrum.h: Added.
* wtf/Platform.h:
2011-08-26 Juan C. Montemayor <jmont@apple.com>
Update topCallFrame when calling host functions in the JIT
https://bugs.webkit.org/show_bug.cgi?id=67010
Reviewed by Oliver Hunt.
The topCallFrame is not being updated when a host function is
called by the JIT. This causes problems when trying to create a
stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
2011-08-26 Alexey Proskuryakov <ap@apple.com>
Get rid of frame life support timer
https://bugs.webkit.org/show_bug.cgi?id=66874
Reviewed by Geoff Garen.
* runtime/JSGlobalObject.h:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
2011-08-26 Chao-ying Fu <fu@mips.com>
Fix MIPS patchOffsetGetByIdSlowCaseCall
https://bugs.webkit.org/show_bug.cgi?id=67046
Reviewed by Gavin Barraclough.
* jit/JIT.h:
2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
Fixing broken build due to unused variables in release mode
https://bugs.webkit.org/show_bug.cgi?id=67004
Unreviewed, release build fix.
Fixing broken build due to unused variables in ASSERTs in release build.
* runtime/JSObject.h:
(JSC::JSObject::finishCreation):
* runtime/JSString.h:
(JSC::RopeBuilder::finishCreation):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::finishCreation):
2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
Unzip initialization lists and constructors in JSCell hierarchy (1/7)
https://bugs.webkit.org/show_bug.cgi?id=66827
Reviewed by Geoffrey Garen.
Added finishCreation() methods to all immediately subclasses of JSCell with
non-empty constructors. Part of a larger refactoring to "unzip" initialization
lists and constructor bodies. Also renamed JSCell's constructorBody() method
to finishCreation().
* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::constructorBody):
* runtime/GetterSetter.h:
(JSC::GetterSetter::GetterSetter):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::constructorBody):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::JSCell):
(JSC::JSCell::JSCell::constructorBody):
* runtime/JSObject.h:
(JSC::JSObject::constructorBody):
(JSC::JSObject::JSObject):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::constructorBody):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::constructorBody):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::constructorBody):
* runtime/RegExp.h:
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
(JSC::ScopeChainNode::constructorBody):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
(JSC::StructureChain::constructorBody):
2011-08-25 Gabor Loki <loki@webkit.org>
REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
https://bugs.webkit.org/show_bug.cgi?id=66956
Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
Reviewed by Oliver Hunt.
* jit/JIT.h:
2011-08-24 Juan C. Montemayor <jmont@apple.com>
Keep track of topCallFrame for Stack traces
https://bugs.webkit.org/show_bug.cgi?id=66571
Reviewed by Geoffrey Garen.
This patch adds a TopCallFrame to JSC in order to have that information
when an error is thrown to create a stack trace. The TopCallFrame is
updated throughout select points in the Interpreter and the JSC.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::unwindCallFrame):
(JSC::Interpreter::throwException):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::privateExecute):
* interpreter/Interpreter.h:
(JSC::TopCallFrameSetter::TopCallFrameSetter):
(JSC::TopCallFrameSetter::~TopCallFrameSetter):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::updateTopCallFrame):
* jit/JITStubCall.h:
(JSC::JITStubCall::call):
* jit/JITStubs.cpp:
(JSC::throwExceptionFromOpCall):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::arityCheckFor):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
2011-08-24 Filip Pizlo <fpizlo@apple.com>
ErrorInstance::create sometimes has two heap object constructions
in flight at once
https://bugs.webkit.org/show_bug.cgi?id=66845
Reviewed by Darin Adler.
The fix is simple since there is already a second create() method
that takes a UString.
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::create):
2011-08-24 Filip Pizlo <fpizlo@apple.com>
There is no facility for profiling how the write barrier is used
https://bugs.webkit.org/show_bug.cgi?id=66747
Reviewed by Geoffrey Garen.
Added facilities for the JIT to specify the kind of write barrier
being executed. Added code for profiling the number of each kind
of barrier encountered.
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::emitCount):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::emitCount):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCachePutByID):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* heap/Heap.h:
(JSC::Heap::writeBarrier):
* heap/WriteBarrierSupport.cpp: Added.
(JSC::WriteBarrierCounters::initialize):
* heap/WriteBarrierSupport.h: Added.
(JSC::WriteBarrierCounters::WriteBarrierCounters):
(JSC::WriteBarrierCounters::jitCounterFor):
(JSC::WriteBarrierCounters::countWriteBarrier):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var):
(JSC::JIT::emitWriteBarrier):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var):
(JSC::JIT::emitWriteBarrier):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
2011-08-23 Mark Hahnenberg <mhahnenberg@apple.com>
Add checks to ensure allocation does not take place during initialization of GC-managed objects
https://bugs.webkit.org/show_bug.cgi?id=65288
Reviewed by Darin Adler.
Adding the new validation functionality. In its current state, it will performs checks,
but they don't fail unless you do allocation in the arguments to the parent constructor in the
initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
allowed in constructor bodies while other refactoring efforts continue.
* runtime/JSCell.h:
(JSC::JSCell::JSCell::constructorBody):
(JSC::JSCell::JSCell::JSCell):
(JSC::JSCell::allocateCell):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::isInitializingObject):
(JSC::JSGlobalData::setInitializingObject):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::create):
2011-08-23 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=55347
"name" and "message" enumerable on *Error.prototype
Reviewed by Sam Weinig.
The default value of a NativeErrorPrototype's message
property is "", not the name of the error.
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::create):
(JSC::NativeErrorConstructor::constructorBody):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::constructorBody):
* runtime/NativeErrorPrototype.h:
(JSC::NativeErrorPrototype::create):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
(JSC::StringPrototype::create):
2011-08-23 Steve Block <steveblock@google.com>
Remove last occurrences of PLATFORM(ANDROID)
https://bugs.webkit.org/show_bug.cgi?id=66763
Reviewed by Tony Gentilcore.
* wtf/Platform.h:
2011-08-23 Steve Block <steveblock@google.com>
Remove all mention of removed Android files from build scripts
https://bugs.webkit.org/show_bug.cgi?id=66755
Reviewed by Tony Gentilcore.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
2011-08-23 Adam Barth <abarth@webkit.org>
Remove WebCore/editing/android and other Android-specific directories
https://bugs.webkit.org/show_bug.cgi?id=66739
Reviewed by Steve Block.
Now that Android shares more code with Chromium, we don't need these
Android-specific files.
* wtf/android: Removed.
* wtf/android/AndroidThreading.h: Removed.
* wtf/android/MainThreadAndroid.cpp: Removed.
2011-08-23 Ilya Tikhonovsky <loislo@chromium.org>
Unreviewed build fix for compile error on Windows for r93560.
* runtime/SamplingCounter.h:
2011-08-22 Filip Pizlo <fpizlo@apple.com>
Sampling counter support is in the bytecode directory
https://bugs.webkit.org/show_bug.cgi?id=66724
Reviewed by Darin Adler.
Moved SamplingCounter to a separate header in runtime/.
* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/SamplingTool.cpp:
* bytecode/SamplingTool.h:
* runtime/SamplingCounter.cpp: Added.
(JSC::AbstractSamplingCounter::dump):
* runtime/SamplingCounter.h: Added.
(JSC::AbstractSamplingCounter::count):
(JSC::AbstractSamplingCounter::addressOfCounter):
(JSC::AbstractSamplingCounter::init):
(JSC::SamplingCounter::SamplingCounter):
(JSC::GlobalSamplingCounter::name):
(JSC::DeletableSamplingCounter::DeletableSamplingCounter):
(JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
2011-08-21 Martin Robinson <mrobinson@igalia.com>
Fix 'make dist' for WebKitGTK+.
* GNUmakefile.list.am: Add a missing header to the sources list.
2011-08-20 Filip Pizlo <fpizlo@apple.com>
JavaScriptCore bytecompiler does not compute scope depth correctly
in the case of constant declarations
https://bugs.webkit.org/show_bug.cgi?id=66572
Reviewed by Oliver Hunt.
Changed the handling of const to add the dynamic scope depth.
* bytecompiler/NodesCodegen.cpp:
(JSC::ConstDeclNode::emitCodeSingle):
2011-08-19 Daniel Bates <dbates@webkit.org>
Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
https://bugs.webkit.org/show_bug.cgi?id=66617
Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
But we cause a compile error if the platform doesn't support SA_RESTART regardless of
whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
Reviewed by Antonio Gomes.
* heap/MachineStackMarker.cpp:
2011-08-19 Filip Pizlo <fpizlo@apple.com>
The JSC JIT currently has no facility to profile and report
the types of values
https://bugs.webkit.org/show_bug.cgi?id=65901
Reviewed by Gavin Barraclough.
Added the ability to profile the values seen at function calls (both
arguments and results) and heap loads. This is done with emphasis
on performance. A value profiling site consists of: add, and,
move, and store; no branching is necessary. Each value profiling
site (called a ValueProfile) has a ring buffer of 8 recently-seen
values. ValueProfiles are stored in the CodeBlock; there will be
one for each argument (excluding this) and each heap load or callsite.
Each time a value profiling site executes, it stores the value into
a pseudo-random element in the ValueProfile buffer. The point is
that for frequently executed code, we will have 8 somewhat recent
values in the buffer and will be able to not only figure out what
type it is, but also to be able to reason about the actual values
if we wish to do so.
This feature is currently disabled by default. When enabled, it
results in a 3.7% slow-down on SunSpider.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addValueProfile):
(JSC::CodeBlock::numberOfValueProfiles):
(JSC::CodeBlock::valueProfile):
(JSC::CodeBlock::valueProfileForBytecodeOffset):
* bytecode/ValueProfile.h: Added.
(JSC::ValueProfile::ValueProfile):
(JSC::ValueProfile::numberOfSamples):
(JSC::ValueProfile::computeProbability):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfCells):
(JSC::ValueProfile::probabilityOfInt32):
(JSC::ValueProfile::probabilityOfDouble):
(JSC::ValueProfile::probabilityOfCell):
(JSC::getValueProfileBytecodeOffset):
* jit/JIT.cpp:
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::JIT::emitValueProfilingSite):
* jit/JITCall.cpp:
(JSC::JIT::emit_op_call_put_result):
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_method_check):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
* jit/JSInterfaceJIT.h:
* wtf/Platform.h:
* wtf/StdLibExtras.h:
(WTF::binarySearch):
(WTF::genericBinarySearch):
2011-08-19 Daniel Bates <dbates@webkit.org>
Don't include DisallowCType.h when building on QNX
https://bugs.webkit.org/show_bug.cgi?id=66616
Reviewed by Antonio Gomes.
* config.h:
2011-08-19 Daniel Bates <dbates@webkit.org>
Implement ExecutableAllocator::cacheFlush() for QNX
https://bugs.webkit.org/show_bug.cgi?id=66611
Reviewed by Antonio Gomes.
* jit/ExecutableAllocator.h:
(JSC::ExecutableAllocator::cacheFlush):
2011-08-19 Daniel Bates <dbates@webkit.org>
Implement WTF::atomic{Increment, Decrement}() for QNX
https://bugs.webkit.org/show_bug.cgi?id=66605
Reviewed by Darin Adler.
* wtf/Atomics.h:
(WTF::atomicIncrement):
(WTF::atomicDecrement):
2011-08-19 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=66590
Re-name scrollbar painter types
Reviewed by Sam Weinig.
WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer
applies.
* wtf/Platform.h:
2011-08-18 Mark Hahnenberg <mhahnenberg@apple.com>
Move allocation in constructors into separate constructorBody() methods
https://bugs.webkit.org/show_bug.cgi?id=66265
Reviewed by Oliver Hunt.
Refactoring to put all allocations that need to be done after the object's
initialization list has executed but before the object is ready for use
into a separate constructorBody() method. This method is still called by the constructor,
so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* jsc.cpp:
(GlobalObject::constructorBody):
(GlobalObject::GlobalObject):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::constructorBody):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
(JSC::ErrorPrototype::constructorBody):
* runtime/ErrorPrototype.h:
* runtime/Executable.cpp:
(JSC::FunctionExecutable::FunctionExecutable):
* runtime/Executable.h:
(JSC::FunctionExecutable::constructorBody):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
(JSC::InternalFunction::constructorBody):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::JSByteArray):
* runtime/JSByteArray.h:
(JSC::JSByteArray::constructorBody):
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::constructorBody):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::constructorBody):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::JSPropertyNameIterator):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::constructorBody):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::constructorBody):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::constructorBody):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::constructorBody):
* runtime/NativeErrorPrototype.h:
* runtime/StringObject.cpp:
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::create):
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
(JSC::StringPrototype::create):
2011-08-10 Filip Pizlo <fpizlo@apple.com>
DFG non-speculative JIT does not inline the double case of ValueAdd
https://bugs.webkit.org/show_bug.cgi?id=66025
Reviewed by Gavin Barraclough.
This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
stanford-crypto-sha256-iterative). It looks like it might have
a speed-up in SunSpider (though not statistically significant or
particularly reproducible) and a slight slow-down in V8 (0.14%,
not statistically significant). It does slow down v8-crypto by
1.5%.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownInteger):
(JSC::DFG::JITCodeGenerator::isKnownNumeric):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
* dfg/DFGOperations.cpp:
2011-08-18 Filip Pizlo <fpizlo@apple.com>
[jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
https://bugs.webkit.org/show_bug.cgi?id=66426
Reviewed by Oliver Hunt.
Changed the branchTestPtr to branchTest32.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-08-17 Thouraya ANDOLSI <thouraya.andolsi@st.com>
https://bugs.webkit.org/show_bug.cgi?id=66379
implements load32WithCompactAddressOffsetPatch function
and fixes store32 and moveWithPatch functions for SH4 platforms.
Reviewed by Gavin Barraclough.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::rshift32):
(JSC::MacroAssemblerSH4::store32):
(JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
(JSC::MacroAssemblerSH4::moveWithPatch):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::movlMemRegCompact):
(JSC::SH4Assembler::readPointer):
(JSC::SH4Assembler::repatchCompact):
* jit/JIT.h:
2011-08-17 Filip Pizlo <fpizlo@apple.com>
JSC verbose debugging output sometimes doesn't work as expected.
https://bugs.webkit.org/show_bug.cgi?id=66107
Reviewed by Gavin Barraclough.
Hardened the CodeBlock::dump() code so that it no longer crashes. Improved
the DFG verbose code so that it prints slightly more useful information.
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::debugSize):
* bytecode/CodeBlock.cpp:
(JSC::valueToSourceString):
(JSC::CodeBlock::dump):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::numberOfRegExps):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
2011-08-16 Michael Saboff <msaboff@apple.com>
Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
https://bugs.webkit.org/show_bug.cgi?id=66351
JIT::privateCompilePutByIdTransition expects that regT0 and regT1
have the basePayload and baseTag respectively. In some cases,
we may get to this generated code with one or both of these
registers trash. One know case is that regT0 on ARM may be
trashed as regT0 (r0) is also arg0 and can be overrun with sp due
to calls to JIT::restoreReturnAddress(). This patch uses the
values on the stack. A longer term solution is to work out all
cases so that the register entry assumptions can assured.
While fixing this, also determined that the additional stack offset
of sizeof(void*) is not needed for ARM.
Reviewed by Gavin Barraclough.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
2011-08-15 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=66263
DFG JIT does not always zero extend boolean result of DFG operations
Reviewed by Sam Weinig.
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
- Change bool return values to a 64-bit type.
2011-08-15 Gavin Barraclough <barraclough@apple.com>
Crash accessing static property on sealed object
https://bugs.webkit.org/show_bug.cgi?id=66242
Reviewed by Sam Weinig.
* runtime/JSObject.h:
(JSC::JSObject::putDirectInternal):
- should only check isExtensible if checkReadOnly.
2011-08-15 Sam Weinig <sam@webkit.org>
Fix release build when building with Clang.
Reviewed by Anders Carlsson.
* runtime/Identifier.cpp:
(JSC::Identifier::checkCurrentIdentifierTable):
Add NO_RETURN_DUE_TO_CRASH.
2011-08-15 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
Reviewed by Nikolas Zimmermann.
Speed up SVGSMILElement::findInstanceTime.
https://bugs.webkit.org/show_bug.cgi?id=61025
Add a new parameter to StdlibExtras.h::binarySerarch function
to also handle cases when the array does not contain the key value.
This is needed for an svg function.
* wtf/StdLibExtras.h:
(WTF::binarySearch):
2011-08-13 Sam Weinig <sam@webkit.org>
Add back 0xbbadbeef to CRASH to allow for old habits
https://bugs.webkit.org/show_bug.cgi?id=66190
Reviewed by David Kilzer.
* wtf/Assertions.h:
Add back the assignment to the memory address 0xbbadbeef in the CRASH
macro, as it does not cause issue in the clang static analyzer and many
people use its presence in crash reports to easily identify ASSERTs.
2011-08-13 Sam Weinig <sam@webkit.org>
Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=66182
Reviewed by Dan Bernstein.
Fixes 10 warnings in JavaScriptCore and 2 in testapi.
* API/tests/testapi.c:
(main):
Remove dead variables.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
Initialize hasPrinted and silence an unused warning by casting to void (Ok here
since it is debug code and I want to keep it clear that if other cases are added,
the hasPrinted flag would be needed).
* wtf/dtoa.cpp:
(WTF::d2b):
The variable "de" in the else block is always zero, so there is no reason to
use it.
2011-08-12 Sam Weinig <sam@webkit.org>
Use __builtin_trap() for CRASH when building with clang
https://bugs.webkit.org/show_bug.cgi?id=66152
Reviewed by Anders Carlsson.
* wtf/Assertions.h:
Add Clang specific CRASH macro that calls __builtin_trap() instead
of silly techniques to crash. This allows the static analyzer to understand
that we are intentionally crashing. As a result, we need to mark some functions
as not returning.
Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
* wtf/Compiler.h:
Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
* wtf/FastMalloc.cpp:
(WTF::Internal::fastMallocMatchFailed):
Add NO_RETURN_DUE_TO_CRASH.
* yarr/YarrParser.h:
(JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
(JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
Add NO_RETURN_DUE_TO_ASSERT.
2011-08-12 Filip Pizlo <fpizlo@apple.com>
DFG JIT has inconsistent use of boxDouble and unboxDouble,
inconsistent use of assertions regarding doubles, and those
assertions are not turned on in debug builds
https://bugs.webkit.org/show_bug.cgi?id=66160
Reviewed by Gavin Barraclough.
JIT assertions are now turned on in debug builds. JIT
assertions are now used for boxing and unboxing doubles, and boxing
and unboxing no longer involves code duplication.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::boxDouble):
(JSC::DFG::JITCodeGenerator::unboxDouble):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::GeneralizedRegister::moveTo):
(JSC::DFG::GeneralizedRegister::swapWith):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::boxDouble):
(JSC::DFG::JITCompiler::unboxDouble):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::convertToDouble):
2011-08-12 Mark Rowe <mrowe@apple.com>
Be more forward-looking in the choice of compiler.
Rubber-stamped by Jon Honeycutt.
* Configurations/CompilerVersion.xcconfig:
2011-08-12 Kalev Lember <kalevlember@gmail.com>
[GTK] Fix non-pthreads build after r91906.
https://bugs.webkit.org/show_bug.cgi?id=66151
Reviewed by David Levin.
r91906 broke the non-pthreads GTK+ build by including a header which
doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
* wtf/gtk/ThreadingGtk.cpp:
2011-08-12 Mark Rowe <mrowe@apple.com>
Update some configuration settings that were missed back in r92432.
* Configurations/CompilerVersion.xcconfig:
2011-08-12 Filip Pizlo <fpizlo@apple.com>
REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
Matrix3D.invert)
https://bugs.webkit.org/show_bug.cgi?id=66038
Reviewed by Gavin Barraclough.
Simplest and lowest-impact fix for the case where the spilled format
of a DFG node differs from the register format: if the format is
converted then indicate that the spilled value is no longer valid
("kill the spill").
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::killSpilled):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2011-08-12 Sam Weinig <sam@webkit.org>
Move compiler specific macros to their own header
https://bugs.webkit.org/show_bug.cgi?id=66119
Reviewed by Anders Carlsson.
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
Add Compiler.h
* wtf/AlwaysInline.h:
Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
Compiler.h. We can remove this file in a later commit.
* wtf/Compiler.h: Added.
Put all compiler specific checks and features in this file.
* wtf/Platform.h:
Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
to Compiler.h. Include Compiler.h since it is necessary.
2011-08-11 Filip Pizlo <fpizlo@apple.com>
DFG JIT-specific structure stub info code offset fields are signed
8-bit, but it is possible for the offsets to be greater than 127
https://bugs.webkit.org/show_bug.cgi?id=66122
Reviewed by Gavin Barraclough.
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
2011-08-11 Filip Pizlo <fpizlo@apple.com>
DFG JIT speculation failure code sometimes picks the wrong register
as a scratch register.
https://bugs.webkit.org/show_bug.cgi?id=66104
Reviewed by Gavin Barraclough.
Hardened the code with more assertions and fixed the bug. Now a
spilled register is only used for scratch if it also isn't being
used for shuffling.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2011-08-11 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r92880.
http://trac.webkit.org/changeset/92880
https://bugs.webkit.org/show_bug.cgi?id=66123
Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
* wtf/PassRefPtr.h:
2011-08-11 Mark Rowe <mrowe@apple.com>
Don't conditionalize the use of -fomit-frame-pointer on compiler version as
all of our supported compilers are now new enough to have the same, sane behavior.
Rubber-stamped by Sam Weinig.
* Configurations/JavaScriptCore.xcconfig:
2011-08-11 Filip Pizlo <fpizlo@apple.com>
DFG JIT verbose mode does not report the generated types of nodes
https://bugs.webkit.org/show_bug.cgi?id=65830
Reviewed by Sam Weinig.
Added code that prints the type selected for each node's result.
* dfg/DFGGenerationInfo.h:
(JSC::DFG::dataFormatToString):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-08-11 James Robinson <jamesr@chromium.org>
nullptr can't be used for PassRefPtr
https://bugs.webkit.org/show_bug.cgi?id=66024
Reviewed by Anders Carlsson.
* wtf/PassRefPtr.h:
(WTF::PassRefPtr::PassRefPtr):
2011-08-11 Daniel Bates <dbates@rim.com>
Removed unused variable in StackBounds::initialize() to resolve
compiler warning when building on QNX.
https://bugs.webkit.org/show_bug.cgi?id=66072
Reviewed by Antonio Gomes.
* wtf/StackBounds.cpp:
(WTF::StackBounds::initialize):
2011-08-11 Devdatta Deshpande <pwjd73@motorola.com>
Implementation of monotonically increasing clock on GTK
https://bugs.webkit.org/show_bug.cgi?id=62175
Reviewed by Martin Robinson.
* wtf/CurrentTime.cpp:
(WTF::monotonicallyIncreasingTime):
The default implementation of monotonicallyIncreasingTime only
guarantees the result to be non-decreasing.
If the system time is changed to past then default implementation will
still fail and WebCore timers will not fire.
2011-08-10 Geoffrey Garen <ggaren@apple.com>
Removed some incorrect code that was dead.
Reviewed by Oliver Hunt.
clearSingleTransition() wasn't resetting m_data. Luckily,
no one cares, because its caller was unused. Removed both.
* runtime/Structure.cpp:
* runtime/StructureTransitionTable.h:
(JSC::StructureTransitionTable::~StructureTransitionTable):
2011-08-10 Filip Pizlo <fpizlo@apple.com>
REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
https://bugs.webkit.org/show_bug.cgi?id=66010
Reviewed by Oliver Hunt.
Made sure that Construct calls use() on the this argument.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
2011-08-10 Mark Hahnenberg <mhahnenberg@apple.com>
JSC should always throw when function arg list is too long
https://bugs.webkit.org/show_bug.cgi?id=65869
Reviewed by Oliver Hunt.
Changed the behavior of the interpreter and JIT to throw an exception
when too many arguments are passed rather than truncating the list. Added
a new method to create a "Too many arguments." exception used by this
new functionality.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ExceptionHelpers.cpp:
(JSC::createTooManyParamsError):
* runtime/ExceptionHelpers.h:
2011-08-10 Oliver Hunt <oliver@apple.com>
Make GC checks more aggressive in release builds
https://bugs.webkit.org/show_bug.cgi?id=66001
Reviewed by Gavin Barraclough.
* heap/HandleHeap.cpp:
(JSC::HandleHeap::visitStrongHandles):
(JSC::HandleHeap::visitWeakHandles):
(JSC::HandleHeap::finalizeWeakHandles):
(JSC::HandleHeap::writeBarrier):
(JSC::HandleHeap::isLiveNode):
(JSC::HandleHeap::isValidWeakNode):
Increase handle heap validation logic, and make some of
the crashes trigger in release builds as well as debug.
* heap/HandleHeap.h:
(JSC::HandleHeap::allocate):
(JSC::HandleHeap::makeWeak):
Ditto
* runtime/JSGlobalData.cpp:
(WTF::Recompiler::operator()):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
Fix GC bugs found while testing this patch
2011-08-10 Oliver Hunt <oliver@apple.com>
JSEvaluteScript does not return the correct object when given JSONP data
https://bugs.webkit.org/show_bug.cgi?id=66003
Reviewed by Gavin Barraclough.
Make sure we propagate the result of the function call rather than the
argument.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
2011-08-10 Filip Pizlo <fpizlo@apple.com>
DFG JIT heap prediction causes regressions when combined with
aggressive integer prediction
https://bugs.webkit.org/show_bug.cgi?id=65954
Reviewed by Gavin Barraclough.
Disabled heap prediction, but did not remove the capability.
This improves V8 crypto performance by 20%.
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
2011-08-09 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not speculative integers as aggressively as it should
https://bugs.webkit.org/show_bug.cgi?id=65949
Reviewed by Gavin Barraclough.
Added a tree walk to propagate integer predictions through arithmetic
expressions.
This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
translates to a 19% speed-up on Kraken overall. It's neutral on
other benchmarks.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::predictInt32):
2011-08-09 Filip Pizlo <fpizlo@apple.com>
DFG JIT has no way of propagating predictions to loads and calls
https://bugs.webkit.org/show_bug.cgi?id=65883
Reviewed by Gavin Barraclough.
This introduces the capability to store predictions on graph
nodes. To save space while being somewhat consistent, the
prediction is always stored in the second OpInfo slot (since
a GetById will use the first one for the identifier). This
change is a natural extension of r92593 (global variable
prediction).
This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
win on V8 in the geometric mean. It is neutral on SunSpider
and Kraken. Interestingly, on V8 it regresses crypto by 3%
while progressing deltablue and richards by 2.6% and 4.3%,
respectively.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addToGraph):
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::getPrediction):
* dfg/DFGNode.h:
(JSC::DFG::isCellPrediction):
(JSC::DFG::isArrayPrediction):
(JSC::DFG::isInt32Prediction):
(JSC::DFG::isDoublePrediction):
(JSC::DFG::isNumberPrediction):
(JSC::DFG::predictionToString):
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasPrediction):
(JSC::DFG::Node::getPrediction):
(JSC::DFG::Node::predict):
2011-08-09 Filip Pizlo <fpizlo@apple.com>
DFG JIT passes the this argument to constructors even though
it's not necessary
https://bugs.webkit.org/show_bug.cgi?id=65943
Reviewed by Gavin Barraclough.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
2011-08-09 Chao-ying Fu <fu@mips.com>
Fix one MIPS instruction to call JITStubThunked_##op
https://bugs.webkit.org/show_bug.cgi?id=65942
Reviewed by Gavin Barraclough.
Changed "bal" to "jalr" for a possible processor mode change from
MIPS32 to MIPS16.
* jit/JITStubs.cpp:
2011-08-09 Filip Pizlo <fpizlo@apple.com>
DFG JIT failure loading web site
https://bugs.webkit.org/show_bug.cgi?id=65930
Reviewed by Oliver Hunt.
Put the use() call after the fpr()/gpr() calls, since doing otherwise
breaks the register allocator.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
2011-08-09 Mark Hahnenberg <mhahnenberg@apple.com>
Add ParentClass typedef in all JSC classes
https://bugs.webkit.org/show_bug.cgi?id=65731
Reviewed by Oliver Hunt.
Just added the Base typedefs in all the classes that are a subclass of JSCell
to point at their parent classes. This is a change to support future changes to the way
constructors and destructors are implemented in JS objects, among other things.
* API/JSCallbackConstructor.h:
* API/JSCallbackFunction.h:
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::createStructure):
(JSC::JSCallbackObject::visitChildren):
* API/JSCallbackObjectFunctions.h:
(JSC::::asCallbackObject):
(JSC::::JSCallbackObject):
(JSC::::init):
(JSC::::className):
(JSC::::getOwnPropertySlot):
(JSC::::getOwnPropertyDescriptor):
(JSC::::put):
(JSC::::deleteProperty):
(JSC::::getConstructData):
(JSC::::construct):
(JSC::::hasInstance):
(JSC::::getCallData):
(JSC::::call):
(JSC::::getOwnPropertyNames):
(JSC::::toNumber):
(JSC::::toString):
(JSC::::setPrivate):
(JSC::::getPrivate):
(JSC::::inherits):
(JSC::::getStaticValue):
(JSC::::staticFunctionGetter):
(JSC::::callbackGetter):
* debugger/DebuggerActivation.h:
* jsc.cpp:
* runtime/Arguments.h:
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.h:
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.h:
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.h:
* runtime/DateInstance.h:
* runtime/DatePrototype.h:
* runtime/Error.cpp:
* runtime/ErrorConstructor.h:
* runtime/ErrorInstance.h:
* runtime/ErrorPrototype.h:
* runtime/ExceptionHelpers.cpp:
* runtime/Executable.h:
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.h:
* runtime/GetterSetter.h:
* runtime/InternalFunction.h:
* runtime/JSAPIValueWrapper.h:
* runtime/JSActivation.h:
* runtime/JSArray.h:
* runtime/JSFunction.h:
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.h:
* runtime/JSONObject.h:
* runtime/JSObject.h:
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.h:
* runtime/JSString.h:
* runtime/JSVariableObject.h:
* runtime/JSWrapperObject.h:
* runtime/MathObject.h:
* runtime/NativeErrorConstructor.h:
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.h:
* runtime/NumberObject.h:
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.h:
* runtime/ObjectPrototype.h:
* runtime/RegExp.h:
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.h:
* runtime/ScopeChain.h:
* runtime/StrictEvalActivation.h:
* runtime/StringConstructor.h:
* runtime/StringObject.h:
* runtime/StringObjectThatMasqueradesAsUndefined.h:
* runtime/StringPrototype.h:
* runtime/Structure.h:
* runtime/StructureChain.h:
2011-08-08 Oliver Hunt <oliver@apple.com>
Using mprotect to create guard pages breaks our use of madvise to release executable memory
https://bugs.webkit.org/show_bug.cgi?id=65870
Reviewed by Gavin Barraclough.
Use mmap rather than mprotect to clear guard page permissions.
* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveAndCommit):
2011-08-08 Oliver Hunt <oliver@apple.com>
Non-extensibility does not prevent mutating [[Prototype]]
https://bugs.webkit.org/show_bug.cgi?id=65832
Reviewed by Gavin Barraclough.
Disallow mutation of __proto__ on objects that are not extensible.
* runtime/JSObject.cpp:
(JSC::JSObject::put):
2011-08-08 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not track speculation decisions for global variables
https://bugs.webkit.org/show_bug.cgi?id=65825
Reviewed by Gavin Barraclough.
Added the capability to track predictions for global variables, and
ensured that code can abstract over the source of prediction (local
versus global variable) wherever it is appropriate to do so. Also
cleaned up the code in SpeculativeJIT that decides how to speculate
based on recorded predictions (for example instead of using isInteger,
which makes sense for local predictions where the GetLocal would
return an integer value, we now tend to use shouldSpeculateInteger,
which checks if the value is either already an integer or should be
speculated to be an integer).
This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
win on controlflow-recursive. It's also a 4.8% win on v8-crypto.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::predictArray):
(JSC::DFG::ByteCodeParser::predictInt32):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predictGlobalVar):
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::getGlobalVarPrediction):
(JSC::DFG::Graph::getPrediction):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
(JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
2011-08-07 Martin Robinson <mrobinson@igalia.com>
Distribution fix for GTK+.
* GNUmakefile.list.am: Strip removed files from the source list.
2011-08-06 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=65821
Don't form identifiers the first time a string is used as a property name.
Reviewed by Oliver Hunt.
This is a 1% win on SunSpider.
* dfg/DFGOperations.cpp:
- Use fastGetOwnProperty.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- Use fastGetOwnProperty.
* runtime/JSCell.h:
* runtime/JSObject.h:
(JSC::JSCell::fastGetOwnProperty):
- Fast call to get a property without creating an identifier the first time.
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::find):
(JSC::PropertyTable::findWithString):
- Add interface to look up by either strinsg or identifiers.
* runtime/Structure.h:
(JSC::Structure::get):
- Add a get() call that takes a UString, not an Identifier.
* wtf/text/StringImpl.h:
(WTF::StringImpl::hasHash):
- Add a call to check if the has has been set (to detect the first use as a property name).
2011-08-06 Aron Rosenberg <arosenberg@logitech.com>
Reviewed by Benjamin Poulain.
[Qt] Fix build with Intel compiler on Windows
https://bugs.webkit.org/show_bug.cgi?id=65088
Intel compiler needs .lib suffixes instead of .a
Intel compiler doesn't support nullptr
Intel compiler supports unsized arrays
* JavaScriptCore.pri:
* jsc.cpp:
* wtf/ByteArray.h:
* wtf/NullPtr.h:
2011-08-05 Gavin Barraclough <barraclough@apple.com>
String replace with the empty string means string removal
https://bugs.webkit.org/show_bug.cgi?id=65799
Reviewed by Sam Weinig.
Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
* runtime/StringPrototype.cpp:
(JSC::jsSpliceSubstrings):
(JSC::stringProtoFuncReplace):
2011-08-05 Noel Gordon <noel.gordon@gmail.com>
[Chromium] Remove JSZombie references from gyp project files.
https://bugs.webkit.org/show_bug.cgi?id=65798
JSC runtime/JSZombie.{cpp,h} were removed in r92046. Remove references to these
file names from the gyp projects.
Reviewed by Darin Adler.
* JavaScriptCore.gypi: zombies be gone.
2011-08-05 Mark Rowe <mrowe@apple.com>
<http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
is tied to a particular dispatch queue
A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
to ensure that all operations are performed on the given dispatch queue.
Reviewed by Anders Carlsson.
* wtf/RefCounted.h:
(WTF::RefCountedBase::setDispatchQueueForVerifier):
* wtf/ThreadRestrictionVerifier.h:
(WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
(WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
(WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
(WTF::ThreadRestrictionVerifier::setShared):
(WTF::ThreadRestrictionVerifier::isSafeToUse):
2011-08-05 Oliver Hunt <oliver@apple.com>
Inline allocation of function objects
https://bugs.webkit.org/show_bug.cgi?id=65779
Reviewed by Gavin Barraclough.
Inline allocation and initilisation of function objects
in generated code. This ended up being a 60-70% improvement
in function allocation performance. This improvement shows
up as a ~2% improvement in 32bit sunspider and V8, but is a
wash on 64-bit.
We currently don't inline the allocation of named function
expressions, as that requires being able to gc allocate a
variable object.
* jit/JIT.cpp:
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
(JSC::JIT::emitStoreCell):
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateBasicJSObject):
(JSC::JIT::emitAllocateJSFinalObject):
(JSC::JIT::emitAllocateJSFunction):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_func):
(JSC::JIT::emitSlow_op_new_func):
(JSC::JIT::emit_op_new_func_exp):
(JSC::JIT::emitSlow_op_new_func_exp):
* jit/JITOpcodes32_64.cpp:
Removed duplicate implementation of op_new_func and op_new_func_exp
* runtime/JSFunction.h:
(JSC::JSFunction::offsetOfScopeChain):
(JSC::JSFunction::offsetOfExecutable):
2011-08-04 David Levin <levin@chromium.org>
CStringBuffer should have thread safety checks turned on.
https://bugs.webkit.org/show_bug.cgi?id=58093
Reviewed by Dmitry Titov.
* wtf/text/CString.h:
(WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
turned this off for Chromium.
2011-08-04 Mark Rowe <mrowe@apple.com>
Future-proof Xcode configuration settings.
* Configurations/Base.xcconfig:
* Configurations/DebugRelease.xcconfig:
* Configurations/JavaScriptCore.xcconfig:
* Configurations/Version.xcconfig:
2011-08-04 Mark Hahnenberg <mhahnenberg@apple.com>
Interpreter can potentially GC in the middle of initializing a structure chain
https://bugs.webkit.org/show_bug.cgi?id=65638
Reviewed by Oliver Hunt.
Moved the allocation of a prototype StructureChain before the initialization of
the structure chain within the interpreter that was causing intermittent GC crashes.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::tryCachePutByID):
* wtf/Platform.h:
2011-08-04 Filip Pizlo <fpizlo@apple.com>
Eval handling attempts literal parsing even when the eval
string is in the cache
https://bugs.webkit.org/show_bug.cgi?id=65675
Reviewed by Oliver Hunt.
This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
in SunSpider. It's neutral on V8.
* bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::getSlow):
(JSC::EvalCodeCache::get):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
2011-08-03 Mark Rowe <mrowe@apple.com>
Bring some order to FeatureDefines.xcconfig to make it easier to follow.
Reviewed by Sam Weinig.
* Configurations/FeatureDefines.xcconfig:
2011-08-03 Mark Rowe <mrowe@apple.com>
Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
Reviewed by Dave Kilzer.
* Configurations/FeatureDefines.xcconfig:
2011-08-03 Filip Pizlo <fpizlo@apple.com>
JSC GC heap size improvement breaks build on some platforms due to
unused parameter
https://bugs.webkit.org/show_bug.cgi?id=65641
Reviewed by Darin Adler.
Fix build on non-x86 platforms, by ensuring that the relevant
parameter always appears to be used even when it isn't.
* heap/Heap.cpp:
2011-08-03 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK] Reorganize pkg-config files
https://bugs.webkit.org/show_bug.cgi?id=65548
Reviewed by Martin Robinson.
* GNUmakefile.am:
* javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
2011-08-01 David Levin <levin@chromium.org>
Add asserts to RefCounted to make sure ref/deref happens on the right thread.
https://bugs.webkit.org/show_bug.cgi?id=31639
Reviewed by Dmitry Titov.
* GNUmakefile.list.am: Added new files to the build.
* JavaScriptCore.gypi: Ditto.
* JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
* JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
* jit/ExecutableAllocator.h:
(JSC::ExecutablePool::ExecutablePool): Turned off checks for this
due to not being able to figure out what was guarding it (bug 58091).
* parser/SourceProvider.h:
(JSC::SourceProvider::SourceProvider): Ditto.
* wtf/CMakeLists.txt: Added new files to the build.
* wtf/ThreadRestrictionVerifier.h: Added.
Everything is done in the header to avoid the issue with exports
that are only useful in debug but still needing to export them.
* wtf/RefCounted.h:
(WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
and filed bug 58171 about making it stricter.
(WTF::RefCountedBase::hasOneRef): Ditto.
(WTF::RefCountedBase::refCount): Ditto.
(WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
(WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
Filed bug 58174 to remove this method.
(WTF::RefCountedBase::derefBase):
* wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
* wtf/text/CString.h:
(WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
done in Chromium (bug 58093).
2011-08-02 Filip Pizlo <fpizlo@apple.com>
JSC GC may not be able to reuse partially-free blocks after a
full collection
https://bugs.webkit.org/show_bug.cgi?id=65585
Reviewed by Darin Adler.
This fixes the linked list management bug. This fix is performance
neutral on SunSpider.
* heap/NewSpace.cpp:
(JSC::NewSpace::removeBlock):
2011-07-30 Oliver Hunt <oliver@apple.com>
Simplify JSFunction creation for functions written in JS
https://bugs.webkit.org/show_bug.cgi?id=65422
Reviewed by Gavin Barraclough.
Remove hash lookups used to write name property and transition
function structure by caching the resultant structure and property
offset in JSGlobalObject. This doesn't impact performance, but
we can use this change to make other improvements later.
* runtime/Executable.cpp:
(JSC::FunctionExecutable::FunctionExecutable):
* runtime/Executable.h:
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::FunctionExecutable::jsName):
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::namedFunctionStructure):
(JSC::JSGlobalObject::functionNameOffset):
2011-08-02 Filip Pizlo <fpizlo@apple.com>
JSC GC uses dummy cells to avoid having to remember which cells
it has already destroyed
https://bugs.webkit.org/show_bug.cgi?id=65556
Reviewed by Oliver Hunt.
This gets rid of dummy cells, and ensures that it's not necessary
to invoke a destructor on cells that have already been swept. In
the common case, a block knows that either all of its free cells
still need to have destructors called, or none of them do, which
minimizes the amount of branching that needs to happen per cell
when performing a sweep.
This is performance neutral on SunSpider and V8. It is meant as
a stepping stone to simplify the implementation of more
sophisticated sweeping algorithms.
* heap/Heap.cpp:
(JSC::CountFunctor::ClearMarks::operator()):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::initForCellSize):
(JSC::MarkedBlock::callDestructor):
(JSC::MarkedBlock::specializedReset):
(JSC::MarkedBlock::reset):
(JSC::MarkedBlock::specializedSweep):
(JSC::MarkedBlock::sweep):
(JSC::MarkedBlock::produceFreeList):
(JSC::MarkedBlock::lazySweep):
(JSC::MarkedBlock::blessNewBlockForFastPath):
(JSC::MarkedBlock::blessNewBlockForSlowPath):
(JSC::MarkedBlock::canonicalizeBlock):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::FreeCell::setNoObject):
(JSC::MarkedBlock::setDestructorState):
(JSC::MarkedBlock::destructorState):
(JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
* runtime/JSCell.cpp:
* runtime/JSCell.h:
(JSC::JSCell::JSCell::JSCell):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::clearBuiltinStructures):
* runtime/JSGlobalData.h:
* runtime/Structure.h:
2011-08-01 Michael Saboff <msaboff@apple.com>
Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
https://bugs.webkit.org/show_bug.cgi?id=65502
Reviewed by Anders Carlsson.
With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
added an assert to the return code of madvise to catch any regressions.
* wtf/TCSystemAlloc.cpp:
(TCMalloc_SystemRelease):
2011-08-02 Anders Carlsson <andersca@apple.com>
Fix Windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-08-02 Anders Carlsson <andersca@apple.com>
Fix a Windows build error.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-08-02 Filip Pizlo <fpizlo@apple.com>
JSC GC is far too conservative about growing the heap size, particularly
on desktop platforms
https://bugs.webkit.org/show_bug.cgi?id=65438
Reviewed by Oliver Hunt.
The minimum heap size is now 16MB instead of 512KB, provided all of the
following are true:
a) ENABLE(LARGE_HEAP) is set, which currently only happens on
x86 targets, but could reasonably happen on any platform that is
known to have a decent amount of RAM.
b) JSGlobalData is initialized with HeapSize = LargeHeap, which
currently only happens when it's the JSDOMWindowBase in WebCore or
in the jsc command-line tool.
This is a 4.1% speed-up on SunSpider.
* JavaScriptCore.exp:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::collect):
* heap/Heap.h:
* jsc.cpp:
(main):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::createContextGroup):
(JSC::JSGlobalData::create):
(JSC::JSGlobalData::createLeaked):
(JSC::JSGlobalData::sharedInstance):
* runtime/JSGlobalData.h:
* wtf/Platform.h:
2011-08-02 Filip Pizlo <fpizlo@apple.com>
JSC does a GC even when the heap still has free pages
https://bugs.webkit.org/show_bug.cgi?id=65445
Reviewed by Oliver Hunt.
If the high watermark is not reached, then we allocate new blocks as
before. If the current watermark does reach (or exceed) the high
watermark, then we check if there is a block on the free block pool.
If there is, we simply allocation from it. If there isn't, we
invoke a collectin as before. This effectively couples the elastic
scavenging to the collector's decision function. That is, if an
application rapidly varies its heap usage (sometimes using more and
sometimes less) then the collector will not thrash as it used to.
But if heap usage drops and stays low then the scavenger thread and
the GC will eventually reach a kind of consensus: the GC will set
the watermark low because of low heap usage, and the scavenger thread
will steadily eliminate pages from the free page pool, until the size
of the free pool is below the high watermark.
On command-line, this is neutral on SunSpider and Kraken and a 3% win
on V8. In browser, this is a 1% win on V8 and neutral on the other
two.
* heap/Heap.cpp:
(JSC::Heap::allocateSlowCase):
(JSC::Heap::allocateBlock):
* heap/Heap.h:
2011-08-02 Jeff Miller <jeffm@apple.com>
Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
https://bugs.webkit.org/show_bug.cgi?id=65552
Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
Reviewed by Adam Roben.
* wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
2011-08-01 Jean-luc Brouillet <jeanluc@chromium.org>
Removing old source files in gyp files that slow build
https://bugs.webkit.org/show_bug.cgi?id=65503
Reviewed by Adam Barth.
A number of stale files are listed in the gyp files. These slow the
build on Visual Studio 2010. Removing them.
* JavaScriptCore.gypi:
2011-07-14 David Levin <levin@chromium.org>
currentThread is too slow!
https://bugs.webkit.org/show_bug.cgi?id=64577
Reviewed by Darin Adler and Dmitry Titov.
The problem is that currentThread results in a pthread_once call which always takes a lock.
With this change, currentThread is 10% faster than isMainThread in release mode and only
5% slower than isMainThread in debug.
* wtf/ThreadIdentifierDataPthreads.cpp:
(WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
which is no longer needed because this is called from initializeThreading().
(WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
intialization of the pthread key should already be done.
(WTF::ThreadIdentifierData::initialize): Ditto.
* wtf/ThreadIdentifierDataPthreads.h:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading): Acquire the pthread key here.
2011-08-01 Filip Pizlo <fpizlo@apple.com>
DFG JIT sometimes creates speculation check data structures that have
invalid information about the format of a register
https://bugs.webkit.org/show_bug.cgi?id=65490
Reviewed by Gavin Barraclough.
The code now makes sure to (1) always have correct and up-to-date
information about register format at the time that a speculation
check is emitted, (2) assert that speculation data is correct
inside the speculation check implementation, and (3) avoid creating
speculation data altogether if compilation has already failed, since
at that point the format data is almost guaranteed to be bogus.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::EntryLocation::EntryLocation):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculationCheck::SpeculationCheck):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::speculationCheck):
2011-08-01 Filip Pizlo <fpizlo@apple.com>
REGRESSION(r92092): Build fails on 64 bit
https://bugs.webkit.org/show_bug.cgi?id=65458
Reviewed by Oliver Hunt.
The build was broken because some compilers were smart enough to see
an array index out of bounds due to the decision fuction for when to
go from precise size classes to imprecise size classes being broken:
it would assume that sizes in the range 97..128 belonged to a precise
size class when in fact they belonged to an imprecise one.
In fact, the code would have run correctly, by way of a fluke, because
though the 4th precise size class (for 97..128) didn't exist, the next
array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
its first entry would have been a size class that is appropriate for
allocations in the range 97..128. However, this relies on specific
ordering of fields in NewSpace, so it's still a bug.
This fixes the bug by ensuring that allocations larger than 96 use
the imprecise size classes.
* heap/NewSpace.h:
(JSC::NewSpace::sizeClassFor):
2011-07-31 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64679
Fix bugs in Array.prototype this handling.
Unreviewed - rolling out r91290.
Looks like the wild wild web isn't ready for this yet.
This change broke http://slides.html5rocks.com/#landing-slide.
Interestingly, this might only be due to our lack of bind support -
it looks like this site is calling Array.prototype.slice as a part
of its bind implementation.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
2011-07-31 Filip Pizlo <fpizlo@apple.com>
JSC GC lays out size classes under wrong assumptions about expected
object size.
https://bugs.webkit.org/show_bug.cgi?id=65437
Reviewed by Oliver Hunt.
Changed the atom size - which is both the smallest allocation size and
the smallest possible stepping unit for size class spacing - from
8 bytes to 4 pointer-size words. This is a 1% win on SunSpider.
* heap/MarkedBlock.h:
2011-07-31 Filip Pizlo <fpizlo@apple.com>
DFG non-speculative JIT does not optimize PutByVal
https://bugs.webkit.org/show_bug.cgi?id=65424
Reviewed by Gavin Barraclough.
Added code to emit PutByVal inline fast path.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
2011-07-31 Filip Pizlo <fpizlo@apple.com>
The JSC garbage collector returns memory to the operating system too
eagerly.
https://bugs.webkit.org/show_bug.cgi?id=65382
Reviewed by Oliver Hunt.
This introduces a memory reuse model similar to the one in FastMalloc.
A periodic scavenger thread runs in the background and returns half the
free memory to the OS on each timer fire. New block allocations first
attempt to get the memory from the collector's internal pool, reverting
to OS allocation only when this pool is empty.
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::~Heap):
(JSC::Heap::destroy):
(JSC::Heap::waitForRelativeTimeWhileHoldingLock):
(JSC::Heap::waitForRelativeTime):
(JSC::Heap::blockFreeingThreadStartFunc):
(JSC::Heap::blockFreeingThreadMain):
(JSC::Heap::allocateBlock):
(JSC::Heap::freeBlocks):
(JSC::Heap::releaseFreeBlocks):
* heap/Heap.h:
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::destroy):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::initForCellSize):
(JSC::MarkedBlock::reset):
* heap/MarkedBlock.h:
* wtf/Platform.h:
2011-07-30 Filip Pizlo <fpizlo@apple.com>
DFG JIT speculation failure pass sometimes forgets to emit code to
move certain registers.
https://bugs.webkit.org/show_bug.cgi?id=65421
Reviewed by Oliver Hunt.
Restructured the offending loops (for gprs and fprs). It's once again
possible to use spreadsheets on docs.google.com.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2011-07-30 Patrick Gansterer <paroga@webkit.org>
Remove inclusion of MainThread.h from Threading.h
https://bugs.webkit.org/show_bug.cgi?id=65081
Reviewed by Darin Adler.
Add missing and remove unneeded include statements for MainThread.
* wtf/CryptographicallyRandomNumber.cpp:
* wtf/Threading.h:
* wtf/ThreadingPthreads.cpp:
* wtf/text/StringStatics.cpp:
2011-07-30 Oliver Hunt <oliver@apple.com>
Reduce the size of JSGlobalObject slightly
https://bugs.webkit.org/show_bug.cgi?id=65417
Reviewed by Dan Bernstein.
Push a few members that either aren't commonly used,
or aren't frequently accessed into a separate struct.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
(JSC::JSGlobalObject::createRareDataIfNeeded):
(JSC::JSGlobalObject::setProfileGroup):
(JSC::JSGlobalObject::profileGroup):
(JSC::JSGlobalObject::registerWeakMap):
(JSC::JSGlobalObject::deregisterWeakMap):
2011-07-30 Balazs Kelemen <kbalazs@webkit.org>
MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
https://bugs.webkit.org/show_bug.cgi?id=65263
Reviewed by Dmitry Titov.
* wtf/Deque.h:
(WTF::::operator): Don't check the validity of an iterator
that will be reassigned right now.
* wtf/MessageQueue.h:
(WTF::::removeIf): Revert r51198 as I beleave this is the better
solution for the problem that was solved by that.
2011-07-29 Filip Pizlo <fpizlo@apple.com>
JSC GC zombie support no longer works, and is likely no longer needed.
https://bugs.webkit.org/show_bug.cgi?id=65404
Reviewed by Darin Adler.
This removes zombies, because they no longer work, are not tested, are
probably not needed, and are getting in the way of GC optimization
work.
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Handle.h:
(JSC::HandleConverter::operator->):
(JSC::HandleConverter::operator*):
* heap/HandleHeap.cpp:
(JSC::HandleHeap::isValidWeakNode):
* heap/Heap.cpp:
(JSC::Heap::destroy):
(JSC::Heap::collect):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::sweep):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::clearMarks):
* interpreter/Register.h:
(JSC::Register::Register):
(JSC::Register::operator=):
* runtime/ArgList.h:
(JSC::MarkedArgumentBuffer::append):
(JSC::ArgList::ArgList):
* runtime/JSCell.cpp:
(JSC::isZombie):
* runtime/JSCell.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::clearBuiltinStructures):
* runtime/JSGlobalData.h:
* runtime/JSValue.h:
* runtime/JSValueInlineMethods.h:
(JSC::JSValue::JSValue):
* runtime/JSZombie.cpp: Removed.
* runtime/JSZombie.h: Removed.
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::setEarlyValue):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
* wtf/Platform.h:
2011-07-29 Filip Pizlo <fpizlo@apple.com>
DFG JIT verbose mode provides no details about predictions
https://bugs.webkit.org/show_bug.cgi?id=65389
Reviewed by Darin Adler.
Added a print-out of the predictions to the IR dump, with names as follows:
"p-bottom" = the parser made no predictions
"p-int32" = the parser predicted int32
... (same for array, cell, double, number)
"p-top" = the parser made conflicting predictions which will be ignored.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::predictionToString):
2011-07-29 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not have any way of undoing double speculation.
https://bugs.webkit.org/show_bug.cgi?id=65334
Reviewed by Gavin Barraclough.
This adds code to do a branchConvertDoubleToInt on specualtion failure.
This is performance-neutral on most benchmarks but does result in
a slight improvement in Kraken.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::GeneralizedRegister::moveTo):
(JSC::DFG::GeneralizedRegister::swapWith):
(JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
(JSC::DFG::ShuffledRegister::handleCyclingPermutation):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2011-07-29 Filip Pizlo <fpizlo@apple.com>
Crash when opening docs.google.com
https://bugs.webkit.org/show_bug.cgi?id=65327
Reviewed by Gavin Barraclough.
The speculative JIT was only checking whether a value is an array when
we had already checked that it was, rather then when we hadn't.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-28 Oliver Hunt <oliver@apple.com>
*_list instructions are only used in one place, where the code is wrong.
https://bugs.webkit.org/show_bug.cgi?id=65348
Reviewed by Darin Adler.
Simply remove the instructions and all users. Speeds up the interpreter
slightly due to code motion, but otherwise has no effect (because none
of the _list instructions are ever used).
* bytecode/CodeBlock.cpp:
(JSC::isPropertyAccess):
(JSC::CodeBlock::dump):
(JSC::CodeBlock::visitStructures):
* bytecode/Instruction.h:
* bytecode/Opcode.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
2011-07-28 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=65325
Performance tweak to parseInt
Reviewed by Oliver Hunt.
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncParseInt):
- This change may an existing optimization redundant,
cleanup from Darin's comments, plus fix existing bugs.
2011-07-28 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=65325
Performance tweak to parseInt
Reviewed by Oliver Hunt.
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncParseInt):
- parseInt applied to small positive numbers = floor.
2011-07-28 Dan Bernstein <mitz@apple.com>
Build fix.
* runtime/Executable.cpp:
(JSC::FunctionExecutable::compileForCallInternal):
2011-07-28 Kent Tamura <tkent@chromium.org>
Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
https://bugs.webkit.org/show_bug.cgi?id=65300
Reviewed by Darin Adler.
r91837 had performance regression of StringImpl::stripWhiteSpace()
and simplifyWhiteSpace(). This changes the code so that compilers
generates code equivalent to r91836 or piror.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::stripMatchedCharacters):
A template member function for stripWhiteSpace(). This function takes a functor.
(WTF::UCharPredicate):
A functor for generic predicate for single UChar argument.
(WTF::SpaceOrNewlinePredicate):
A special functor for isSpaceOrNewline().
(WTF::StringImpl::stripWhiteSpace):
Use stripmatchedCharacters().
(WTF::StringImpl::simplifyMatchedCharactersToSpace):
A template member function for simplifyWhiteSpace().
(WTF::StringImpl::simplifyWhiteSpace):
Use simplifyMatchedCharactersToSpace().
* wtf/text/StringImpl.h:
2011-07-27 Dmitry Lomov <dslomov@google.com>
[chromium] Turn on WTF_MULTIPLE_THREADS.
https://bugs.webkit.org/show_bug.cgi?id=61017
The patch turns on WTF_MULTIPLE_THREADS in chromium and
pushes some relevant initializations from JSC::initializeThreading
to WTF::initializeThreading.
Reviewed by David Levin.
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* wtf/FastMalloc.cpp:
(WTF::isForbidden):
(WTF::fastMallocForbid):
(WTF::fastMallocAllow):
* wtf/Platform.h:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading):
* wtf/ThreadingWin.cpp:
(WTF::initializeThreading):
* wtf/gtk/ThreadingGtk.cpp:
(WTF::initializeThreading):
* wtf/qt/ThreadingQt.cpp:
(WTF::initializeThreading):
2011-07-27 Mark Hahnenberg <mhahnenberg@apple.com>
Remove operator new from JSCell
https://bugs.webkit.org/show_bug.cgi?id=64999
Reviewed by Oliver Hunt.
Removed the implementation of operator new in JSCell, so any further uses
will not successfully link. Also removed any remaining uses of operator new.
* API/JSContextRef.cpp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::create):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::createExceptionScope):
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSCell.h:
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::create):
2011-07-27 Filip Pizlo <fpizlo@apple.com>
DFG graph has no notion of double prediction.
https://bugs.webkit.org/show_bug.cgi?id=65234
Reviewed by Gavin Barraclough.
Added the notion of PredictDouble, and PredictNumber, which is the least
upper bound of PredictInt32 and PredictDouble. Least upper bound is
defined as the bitwise-or of two predictions. Bottom is defined as 0,
and Top is defined as all bits being set. Added the ability to explicitly
distinguish between a node having had a prediction associated with it,
and that prediction still being valid (i.e. no conflicting predictions
have also been added). Used this to guard the speculative JIT from
speculating Int32 in cases where the graph knows that the value is
double, which currently only happens for GetLocal nodes on arguments
which were double at compile-time.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(JSC::DFG::isCellPrediction):
(JSC::DFG::isArrayPrediction):
(JSC::DFG::isInt32Prediction):
(JSC::DFG::isDoublePrediction):
(JSC::DFG::isNumberPrediction):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::initializeVariableTypes):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
2011-07-27 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=65294
DFG JIT - may speculate based on wrong arguments.
Reviewed by Oliver Hunt
In the case of a DFG compiled function calling to and compiling a second function that
also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
we call compileFor passing the caller functions exec state, rather than the callee's.
This may lead to mis-optimization, since the DFG compiler will example the exec state's
arguments on the assumption that these will be passed to the callee - it is wanting the
callee exec state, not the caller's exec state.
Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
function is compiled, & the structure of the calls in the Interpreter::execute methods.
Only fix for compilation from the JIT, in other calls don't speculate based on arguments
for now.
* dfg/DFGOperations.cpp:
* runtime/Executable.cpp:
(JSC::tryDFGCompile):
(JSC::tryDFGCompileFunction):
(JSC::FunctionExecutable::compileForCallInternal):
* runtime/Executable.h:
(JSC::FunctionExecutable::compileForCall):
(JSC::FunctionExecutable::compileFor):
2011-07-27 Oliver Hunt <oliver@apple.com>
Handle callback oriented JSONP
https://bugs.webkit.org/show_bug.cgi?id=65271
Reviewed by Gavin Barraclough.
Handle the callback oriented versions of JSONP. The Literal parser
now handles <Identifier> (. <Identifier>)* (jsonData).
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::tryJSONPParse):
(JSC::LiteralParser::Lexer::lex):
* runtime/LiteralParser.h:
2011-07-27 Stephanie Lewis <slewis@apple.com>
Revert http://trac.webkit.org/changeset/90415.
Caused a 5% sunspider regression in-browser.
Unreviewed rollout.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* heap/Heap.cpp:
(JSC::Heap::collectAllGarbage):
* heap/MarkStack.h:
(JSC::MarkStack::MarkStack):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::releaseExecutableMemory):
* runtime/RegExp.cpp:
(JSC::RegExp::compile):
(JSC::RegExp::invalidateCode):
* runtime/RegExp.h:
2011-07-27 Shinya Kawanaka <shinyak@google.com>
Added an interface to take IsWhiteSpaceFunctionPtr.
https://bugs.webkit.org/show_bug.cgi?id=57746
Reviewed by Kent Tamura.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::stripWhiteSpace):
Added an interface to take IsWhiteSpaceFunctionPtr.
(WTF::StringImpl::simplifyWhiteSpace): ditto.
* wtf/text/StringImpl.h:
* wtf/text/WTFString.cpp:
(WTF::String::stripWhiteSpace): ditto.
(WTF::String::simplifyWhiteSpace): ditto.
* wtf/text/WTFString.h:
2011-07-27 Filip Pizlo <fpizlo@apple.com>
DFG JIT speculation failure code performs incorrect conversions in
the case where two registers need to be swapped.
https://bugs.webkit.org/show_bug.cgi?id=65233
Reviewed by Gavin Barraclough.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::GeneralizedRegister::swapWith):
2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
reduce and reduceRight bind callback's this to null rather than undefined
https://bugs.webkit.org/show_bug.cgi?id=62264
Reviewed by Oliver Hunt.
Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
when calling the callback function without an argument for this, which means it should
be undefined according to ES 15.4.4.21 and 15.4.4.22.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
2011-07-26 Filip Pizlo <fpizlo@apple.com>
JSC command-line tool does not come with any facility for
measuring time precisely.
https://bugs.webkit.org/show_bug.cgi?id=65223
Reviewed by Gavin Barraclough.
Exposed WTF::currentTime() as currentTimePrecise().
* jsc.cpp:
(GlobalObject::GlobalObject):
(functionPreciseTime):
2011-07-26 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT never emits inline double comparisons, even when it
would be obvious more efficient to do so.
https://bugs.webkit.org/show_bug.cgi?id=65212
Reviewed by Gavin Barraclough.
This handles the obvious case of inlining double comparisons: it only addresses
the speculative JIT, and only for fused compare/branch sequences. But it does
handle the case where both operands are double (and there is no slow path),
or where one operand is double and the other is unknown type (in which case it
attempts to unbox the double, otherwise taking slow path). This is an 0.8%
speed-up on SunSpider.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::convertToDouble):
(JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
(JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2011-07-26 Filip Pizlo <fpizlo@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64969
DFG JIT generates inefficient code for speculation failures.
Reviewed by Gavin Barraclough.
This implements a speculation failure strategy where (1) values spilled on
non-speculative but not spilled on speculative are spilled, (2) values that
are in registers on both paths are rearranged without ever touching memory,
and (3) values spilled on speculative but not spilled on non-speculative are
filled.
The register shuffling is the most interesting part of this patch. It
constructs a permutation graph for registers. Each node represents a
register, and each directed edge corresponds to the register's value having
to be moved to a different register as part of the shuffling. This is a
directed graph where each node may only have 0 or 1 incoming edges, and
0 or 1 outgoing edges. The algorithm then first finds maximal non-cyclic
subgraphs where all nodes in the subgraph are reachable from a start node.
Such subgraphs always resemble linked lists, and correspond to simply
moving the value in the second-to-last register into the last register, and
then moving the value in the third-to-last register into the second-to-last
register, and so on. Once these subgraphs are taken care of, the remaining
subgraphs are cycles, and are handled using either (a) conversion or no-op
if the cycle involves one node, (b) swap if it involves two nodes, or (c)
a cyclic shuffle involving a scratch register if there are three or more
nodes.
* dfg/DFGGenerationInfo.h:
(JSC::DFG::needDataFormatConversion):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::GeneralizedRegister::GeneralizedRegister):
(JSC::DFG::GeneralizedRegister::createGPR):
(JSC::DFG::GeneralizedRegister::createFPR):
(JSC::DFG::GeneralizedRegister::dump):
(JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
(JSC::DFG::GeneralizedRegister::findInEntryLocation):
(JSC::DFG::GeneralizedRegister::previousDataFormat):
(JSC::DFG::GeneralizedRegister::nextDataFormat):
(JSC::DFG::GeneralizedRegister::convert):
(JSC::DFG::GeneralizedRegister::moveTo):
(JSC::DFG::GeneralizedRegister::swapWith):
(JSC::DFG::ShuffledRegister::ShuffledRegister):
(JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
(JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
(JSC::DFG::ShuffledRegister::handleCyclingPermutation):
(JSC::DFG::ShuffledRegister::lookup):
(JSC::DFG::lookupForRegister):
(JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
(JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
(JSC::DFG::NodeToRegisterMap::set):
(JSC::DFG::NodeToRegisterMap::end):
(JSC::DFG::NodeToRegisterMap::find):
(JSC::DFG::NodeToRegisterMap::clear):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
(JSC::DFG::JITCompiler::linkSpeculationChecks):
* dfg/DFGJITCompiler.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::EntryLocation::EntryLocation):
* dfg/DFGNonSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculationCheck::SpeculationCheck):
* dfg/DFGSpeculativeJIT.h:
2011-07-26 Oliver Hunt <oliver@apple.com>
Buffer overflow creating error messages for JSON.parse
https://bugs.webkit.org/show_bug.cgi?id=65211
Reviewed by Darin Adler.
Parse string length to the UString constructor.
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::parse):
2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
Refactor automatically generated JS DOM bindings to replace operator new with static create methods
https://bugs.webkit.org/show_bug.cgi?id=64732
Reviewed by Oliver Hunt.
Replacing the public constructors in the automatically generated JS DOM bindings with static
create methods. JSByteArray is used by several of these bindings in WebCore.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::create):
* runtime/JSByteArray.h:
2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
Unreviewed build fix for Qt/Linux.
On platforms with no glib and gstreamer we should not build javascriptcore
with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
* wtf/wtf.pri:
2011-07-26 Juan C. Montemayor <jmont@apple.com>
JSON errors should be informative
https://bugs.webkit.org/show_bug.cgi?id=63339
Added error messages to the JSON Parser.
Reviewed by Oliver Hunt.
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::Lexer::lex):
(JSC::LiteralParser::Lexer::lexString):
(JSC::LiteralParser::Lexer::lexNumber):
(JSC::LiteralParser::parse):
* runtime/LiteralParser.h:
(JSC::LiteralParser::getErrorMessage):
(JSC::LiteralParser::Lexer::sawError):
(JSC::LiteralParser::Lexer::getErrorMessage):
2011-07-26 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r91746.
http://trac.webkit.org/changeset/91746
https://bugs.webkit.org/show_bug.cgi?id=65180
It broke SL build (Requested by Ossy on #webkit).
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::stripWhiteSpace):
(WTF::StringImpl::simplifyWhiteSpace):
* wtf/text/StringImpl.h:
* wtf/text/WTFString.cpp:
* wtf/text/WTFString.h:
2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
Reviewed by Andreas Kling.
[Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
https://bugs.webkit.org/show_bug.cgi?id=63472
Enable the bits needed for GStreamer only when QtMultimedia is not used.
* wtf/wtf.pri:
2011-07-26 Shinya Kawanaka <shinyak@google.com>
Added an interface to take IsWhiteSpaceFunctionPtr.
https://bugs.webkit.org/show_bug.cgi?id=57746
Reviewed by Kent Tamura.
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::stripWhiteSpace):
Added an interface to take IsWhiteSpaceFunctionPtr.
(WTF::StringImpl::simplifyWhiteSpace): ditto.
* wtf/text/StringImpl.h:
* wtf/text/WTFString.cpp:
(WTF::String::stripWhiteSpace): ditto.
(WTF::String::simplifyWhiteSpace): ditto.
* wtf/text/WTFString.h:
2011-07-25 Filip Pizlo <fpizlo@apple.com>
DFG non-speculative JIT emits inefficient code for arithmetic
involving two registers
https://bugs.webkit.org/show_bug.cgi?id=65160
Reviewed by Gavin Barraclough.
The non-speculative JIT now emits inline code for double arithmetic, but
still attempts integer arithmetic first. This is a speed-up on SunSpider
(albeit a small one), and a large speed-up on Kraken.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
[EFL] Build break with --debug after r89153.
https://bugs.webkit.org/show_bug.cgi?id=65150
Unreviewed build fix.
* wtf/CMakeListsEfl.txt: Add missing libraries.
2011-07-25 Filip Pizlo <fpizlo@apple.com>
DFG non-speculative JIT emits obviously inefficient code for arithmetic
where one operand is a constant.
https://bugs.webkit.org/show_bug.cgi?id=65146
Reviewed by Gavin Barraclough.
Changed the code to emit double arithmetic inline.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
2011-07-25 Filip Pizlo <fpizlo@apple.com>
DFG JIT bytecode parser misuses pointers into objects allocated as part of a
WTF::Vector.
https://bugs.webkit.org/show_bug.cgi?id=65128
Reviewed by Gavin Barraclough.
The bytecode parser code seems to be right to have a DFGNode& phiNode reference
into the graph, since this makes the code greatly more readable. This patch
thus makes the minimal change necessary to make the code right: it uses a
pointer (to disambiguate between reloading the pointer and performing a
copy from one location of the vector to another) and reloads it after the
calls to addToGraph().
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::processPhiStack):
2011-07-25 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r91686.
http://trac.webkit.org/changeset/91686
https://bugs.webkit.org/show_bug.cgi?id=65144
1.5% regression in JSC (Requested by jmontemayor on #webkit).
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::Lexer::lex):
(JSC::LiteralParser::Lexer::lexString):
(JSC::LiteralParser::Lexer::lexNumber):
(JSC::LiteralParser::parse):
* runtime/LiteralParser.h:
2011-07-25 Jon Lee <jonlee@apple.com>
Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
https://bugs.webkit.org/show_bug.cgi?id=65132
<rdar://problem/9836297>
Reviewed by Oliver Hunt.
Make sure the JIT is available to use before running the following calls:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
2011-07-25 Juan C. Montemayor <jmont@apple.com>
JSON errors should be informative
https://bugs.webkit.org/show_bug.cgi?id=63339
Added error messages to the JSON Parser.
Reviewed by Oliver Hunt.
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::Lexer::lex):
(JSC::LiteralParser::Lexer::lexString):
(JSC::LiteralParser::Lexer::lexNumber):
(JSC::LiteralParser::parse):
* runtime/LiteralParser.h:
(JSC::LiteralParser::getErrorMessage):
(JSC::LiteralParser::Lexer::sawError):
(JSC::LiteralParser::Lexer::getErrorMessage):
2011-07-25 Filip Pizlo <fpizlo@apple.com>
X86-64 assembler emits three instructions instead of two for certain
loads and stores.
https://bugs.webkit.org/show_bug.cgi?id=65095
Reviewed by Gavin Barraclough.
Simply made these four methods in the assembler use the scratch register,
which they were previously avoiding. It still optimizes for the case where
an absolute address memory accesses is using EAX. This results in a slight
performance improvement.
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::load32):
(JSC::MacroAssemblerX86_64::store32):
(JSC::MacroAssemblerX86_64::loadPtr):
(JSC::MacroAssemblerX86_64::storePtr):
2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
[EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
https://bugs.webkit.org/show_bug.cgi?id=64354
Use ecore_time_unix_get which returns unix time as double type for currentTime
and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
Reviewed by Kent Tamura.
* wtf/CurrentTime.cpp:
(WTF::currentTime):
(WTF::monotonicallyIncreasingTime):
2011-07-22 Sommer Panage <panage@apple.com>
Reviewed by Oliver Hunt.
export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
https://bugs.webkit.org/show_bug.cgi?id=64981
UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
Currently, the C API does not provide the tools to do this. However, the private API
does expose the necessary functionality to get a backtrace
(via Interpreter::retrieveLastCaller). We recognize this information may result in
failure in the cases of programs run by 'eval', stack frames beneath host function
call frames, and in programs run from other programs. Thus, we propose exporting our
JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
we need while not advertising an API that isn't really ready for full use.
* API/JSContextRef.cpp:
* API/JSContextRefPrivate.h:
* JavaScriptCore.exp:
2011-07-22 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=65051
DFG JIT - Enable by default for mac platform on x86-64.
Rubber Stamped by Geoff Garen.
This is now a performance progression.
* wtf/Platform.h:
- Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
2011-07-22 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=65047
DFG JIT - Add support for op_resolve/op_resolve_base
Reviewed by Sam Weinig.
These are necessary for any significant eval code coverage
(and as such increase LayoutTest coverage).
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::recordResolve):
- Conservatively blow aliasing optimizations for now.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
- Add support for op_resolve/op_resolve_base.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::callOperation):
- Add call with exec, identifer aguments.
* dfg/DFGNode.h:
- Add new node types.
(JSC::DFG::Node::hasIdentifier):
- Resolve nodes have identifiers, too!
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
- Add generation for new Nodes.
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
- Added new operations.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Add generation for new Nodes.
2011-07-22 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=65036
Messing with the register allocation within flow control = badness.
Reviewed by Sam Weinig.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
- Fix register allocation.
2011-07-22 Mark Hahnenberg <mhahnenberg@apple.com>
Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
https://bugs.webkit.org/show_bug.cgi?id=63986
Reviewed by Geoffrey Garen.
Changed the implementation of Date.prototype.toISOString() to use the extended year
format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
* runtime/DatePrototype.cpp:
(JSC::dateProtoFuncToISOString):
2011-07-21 Gavin Barraclough <barraclough@apple.com>
Windows build fix
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-07-21 Ryosuke Niwa <rniwa@webkit.org>
Build fix after r91555.
* JavaScriptCore.exp:
2011-07-21 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=19271
eliminate PIC branches by changing NaN handling in JSValue::toNumber
Reviewed by Sam Weinig.
Moving the non-numeric cases out of line seems to be a consistent
win on SunSpider for me, to the order of about 0.5%.
* runtime/JSCell.h:
(JSC::JSCell::JSValue::toNumber):
- Changed to only handle values that are already numbers, moce non-numeric cases out of line.
* runtime/JSValue.cpp:
(JSC::JSValue::toNumberSlowCase):
- Added toNumberSlowCase, handling non-numeric cases.
* runtime/JSValue.h:
- Add declaration of toNumberSlowCase.
2011-07-21 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64875
Use of `yield` keyword is broken
Reviewed by Sam Weinig.
* parser/Lexer.cpp:
(JSC::Lexer::parseIdentifier):
- The bug here is that a successful match of a RESERVED_IF_STRICT token from
parseKeyword is being nullified back to IDENT. The problem is that in the
case of IDENT matches parseKeyword should not move the lexer's input
position, but in the case of RESERVED_IF_STRICT it has done so.
2011-07-21 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64900
Function.prototype.apply should accept an array-like object as its second argument
Reviewed by Sam Weinig.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncApply):
- Remove the type error if object is not an array.
2011-07-21 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64964
DFG JIT - Enable support for eval code
Reviewed by Sam Weinig.
This is basically the same as program code, to the JIT!
* bytecode/Opcode.cpp:
* bytecode/Opcode.h:
- Enable opcodeNames in !NDEBUG builds.
* dfg/DFGOperations.cpp:
- Fix a bug exposed by eval support, throw correct type error for new.
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
- Enable DFG JIT for eval code.
2011-07-20 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r91380.
http://trac.webkit.org/changeset/91380
https://bugs.webkit.org/show_bug.cgi?id=64924
Caused assertion failures in Chromium's IndexedDB tests
(Requested by rniwa on #webkit).
* wtf/ThreadIdentifierDataPthreads.cpp:
(WTF::ThreadIdentifierData::identifier):
(WTF::ThreadIdentifierData::initialize):
(WTF::ThreadIdentifierData::initializeKeyOnceHelper):
(WTF::ThreadIdentifierData::initializeKeyOnce):
* wtf/ThreadIdentifierDataPthreads.h:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading):
2011-07-20 Filip Pizlo <fpizlo@apple.com>
DFG non-speculative JIT does not use() the aliased GetByVal,
resulting in bloated use counts.
https://bugs.webkit.org/show_bug.cgi?id=64911
Reviewed by Gavin Barraclough.
Inserted a call to use() for the aliased GetByVal.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
2011-07-20 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64909
DFG JIT - Missing ToInt32 conversions for double constants.
Reviewed by Sam Weinig.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::toInt32):
- We cannot trivially omit ToInt32 conversions on double constants.
2011-07-20 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT sometimes claims to use compare operands twice, leading to
use count corruption.
https://bugs.webkit.org/show_bug.cgi?id=64903
Reviewed by Gavin Barraclough.
Move the calls to use() in SpeculativeJIT::compare() so that they only happen
if the JITCodeGenerator's helper method (which also calls use()) is not called.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compare):
2011-07-20 Oliver Hunt <oliver@apple.com>
Don't throw away code when JSGarbageCollect API is called
https://bugs.webkit.org/show_bug.cgi?id=64894
Reviewed by Sam Weinig.
Just call collectAllGarbage. That will clean up all unneeded
code without causing any pathological recompilation problems.
* API/JSBase.cpp:
(JSGarbageCollect):
2011-07-20 Oliver Hunt <oliver@apple.com>
Codeblock doesn't visit cached structures in global resolve instructions
https://bugs.webkit.org/show_bug.cgi?id=64889
Reviewed by Sam Weinig.
Visit the global resolve instructions. This fixes a couple
of random crashes seen in the jquery tests when using the
interpreter.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
2011-07-20 James Robinson <jamesr@chromium.org>
Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
https://bugs.webkit.org/show_bug.cgi?id=64841
Reviewed by Mark Rowe.
http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
monotonic clock instead of WTF::currentTime(). This broke many plugin tests on WebKit2 for reasons that are
unclear. This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
* wtf/ThreadingPthreads.cpp:
(WTF::ThreadCondition::timedWait):
* wtf/ThreadingWin.cpp:
(WTF::absoluteTimeToWaitTimeoutInterval):
* wtf/gtk/ThreadingGtk.cpp:
(WTF::ThreadCondition::timedWait):
* wtf/qt/ThreadingQt.cpp:
(WTF::ThreadCondition::timedWait):
2011-07-14 David Levin <levin@chromium.org>
currentThread is too slow!
https://bugs.webkit.org/show_bug.cgi?id=64577
Reviewed by Darin Adler and Dmitry Titov.
The problem is that currentThread results in a pthread_once call which always takes a lock.
With this change, currentThread is 10% faster than isMainThread in release mode and only
5% slower than isMainThread in debug.
* wtf/ThreadIdentifierDataPthreads.cpp:
(WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
which is no longer needed because this is called from initializeThreading().
(WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
intialization of the pthread key should already be done.
(WTF::ThreadIdentifierData::initialize): Ditto.
* wtf/ThreadIdentifierDataPthreads.h:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading): Acquire the pthread key here.
2011-07-20 Mark Rowe <mrowe@apple.com>
Fix the 32-bit build.
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncToString):
2011-07-19 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64678
Fix bugs in Object.prototype this handling.
Reviewed by Darin Adler.
Fix ES5.1 correctness issues identified by Mads Ager.
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncToString):
- ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
2011-07-19 Mark Hahnenberg <mhahnenberg@apple.com>
[JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
https://bugs.webkit.org/show_bug.cgi?id=63918
Reviewed by Darin Adler.
When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
method due to additional string copying within several of the constructors when dealing with
UStrings. This has been added to the UString version of the appendStringInConstruct method
within the JSString class.
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::appendStringInConstruct):
2011-07-19 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64679
Fix bugs in Array.prototype this handling.
Reviewed by Oliver Hunt.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
- These methods should throw if this value is undefined.
2011-07-19 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64677
Fix bugs in String.prototype this handling.
Reviewed by Oliver Hunt.
undefined/null this values should throw TypeErrors, not convert to
the global object, and primitive values should not be converted via
object types.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncLastIndexOf):
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):
(JSC::stringProtoFuncLocaleCompare):
(JSC::stringProtoFuncBig):
(JSC::stringProtoFuncSmall):
(JSC::stringProtoFuncBlink):
(JSC::stringProtoFuncBold):
(JSC::stringProtoFuncFixed):
(JSC::stringProtoFuncItalics):
(JSC::stringProtoFuncStrike):
(JSC::stringProtoFuncSub):
(JSC::stringProtoFuncSup):
(JSC::stringProtoFuncFontcolor):
(JSC::stringProtoFuncFontsize):
(JSC::stringProtoFuncAnchor):
(JSC::stringProtoFuncLink):
(JSC::trimString):
- These methods should throw if this value is undefined,
convert ToString directly, not via ToObject.
2011-07-19 Filip Pizlo <fpizlo@apple.com>
DFG JIT sometimes emits spill code even when the respective values
are never needed.
https://bugs.webkit.org/show_bug.cgi?id=64774
Reviewed by Gavin Barraclough.
The main high-level change is that it is now easier to call use() on a
virtual register. JSValueOperand and its other-typed relatives now have
a handy use() method, and jsValueResult() and friends now make it easier to
pass UseChildrenCalledExplicitly.
The rest of this patch hoists the call to use() as high as possible for
all of those cases where either flushRegisters() or silentSpillAllRegisters()
may be called.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedGetMethod):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
(JSC::DFG::JITCodeGenerator::emitBranch):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::use):
(JSC::DFG::JITCodeGenerator::integerResult):
(JSC::DFG::JITCodeGenerator::jsValueResult):
(JSC::DFG::IntegerOperand::use):
(JSC::DFG::DoubleOperand::use):
(JSC::DFG::JSValueOperand::use):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::valueToNumber):
(JSC::DFG::NonSpeculativeJIT::valueToInt32):
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculateStrictInt32Operand::use):
(JSC::DFG::SpeculateCellOperand::use):
2011-07-19 Xan Lopez <xlopez@igalia.com>
ARMv7 backend broken, lacks 3 parameter rshift32 method
https://bugs.webkit.org/show_bug.cgi?id=64571
Reviewed by Zoltan Herczeg.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
2011-07-18 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not optimize strict equality as effectively as the old JIT does.
https://bugs.webkit.org/show_bug.cgi?id=64759
Reviewed by Gavin Barraclough.
This adds a more complete set of strict equality optimizations. If either
operand is known numeric, then the code reverts to the old style of optimizing
(first try integer comparison). Otherwise it uses the old JIT's trick of
first simultaneously checking if both operands are either numbers or cells;
if not then a fast path is taken.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-18 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64760
DFG JIT - Should be able to compile program code.
Reviewed by Geoff Garen.
Add support for op_end, hooks to compile program code in Executable.cpp.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
- Add support for op_end
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
- Added, separate out steps of compileFunction.
(JSC::DFG::JITCompiler::compile):
- Added, compile program code.
(JSC::DFG::JITCompiler::compileFunction):
- Sections separated out to helper functions.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::JITCompiler):
- Added m_exceptionCheckCount.
* runtime/Executable.cpp:
(JSC::tryDFGCompile):
(JSC::tryDFGCompileFunction):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
- Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
2011-07-18 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64678
Fix bugs in Object.prototype this handling.
Reviewed by Oliver Hunt.
undefined/null this values should throw TypeErrors, not convert to the global object,
also, to toLocaleString should be calling the ToObject & invoking the object's toString
function, even for values that are already strings.
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncPropertyIsEnumerable):
(JSC::objectProtoFuncToLocaleString):
(JSC::objectProtoFuncToString):
2011-07-18 Filip Pizlo <fpizlo@apple.com>
JSC GC lazy sweep does not inline the common cases of cell destruction.
https://bugs.webkit.org/show_bug.cgi?id=64745
Reviewed by Oliver Hunt.
This inlines the case of JSFinalObject destruction.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::lazySweep):
2011-07-18 Oliver Hunt <oliver@apple.com>
Interpreter build-fix
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
2011-07-18 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not optimize equal-null comparisons and branches.
https://bugs.webkit.org/show_bug.cgi?id=64659
Reviewed by Gavin Barraclough.
Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
which is used by both the speculative and non-speculative JIT. Through
the use of the new isNullConstant helper, the two JITs invoke the
nonSpecualtiveCompareNull() helper instead of their regular comparison
helpers when compiling CompareEq. Through the use of the new isKnownCell
helper, the compare-null code will skip the is-a-cell check if the
speculative JIT had been speculating cell.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownCell):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::isNullConstant):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-18 James Robinson <jamesr@chromium.org>
Timer scheduling should be based off the monotonic clock
https://bugs.webkit.org/show_bug.cgi?id=64544
Reviewed by Darin Adler.
Switches ThreadCondition::timedWait and related utility functions from currentTime() to
monotonicallyIncreasingTime().
Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* wtf/ThreadingPthreads.cpp:
(WTF::ThreadCondition::timedWait):
* wtf/ThreadingWin.cpp:
(WTF::absoluteTimeToWaitTimeoutInterval):
* wtf/gtk/ThreadingGtk.cpp:
(WTF::ThreadCondition::timedWait):
* wtf/qt/ThreadingQt.cpp:
(WTF::ThreadCondition::timedWait):
2011-07-18 Filip Pizlo <fpizlo@apple.com>
JSC JIT does not inline GC allocation fast paths
https://bugs.webkit.org/show_bug.cgi?id=64582
Reviewed by Oliver Hunt.
This addresses inlining allocation for the easiest-to-allocate cases:
op_new_object and op_create_this. Inlining GC allocation fast paths
required three changes. First, the JSGlobalData now saves the vtable
pointer of JSFinalObject, since that's what op_new_object and
op_create_this allocate. Second, the Heap exposes a reference to
the appropriate SizeClass, so that the JIT may inline accesses
directly to the SizeClass for JSFinalObject allocations. And third,
the JIT is extended with code to emit inline fast paths for GC
allocation. A stub call is emitted in the case where the inline fast
path fails.
* heap/Heap.h:
(JSC::Heap::sizeClassFor):
(JSC::Heap::allocate):
* jit/JIT.cpp:
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateJSFinalObject):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::storeVPtrs):
* runtime/JSGlobalData.h:
* runtime/JSObject.h:
(JSC::JSFinalObject::JSFinalObject):
(JSC::JSObject::offsetOfInheritorID):
2011-07-18 Mark Hahnenberg <mhahnenberg@apple.com>
Refactor JSC to replace JSCell::operator new with static create method
https://bugs.webkit.org/show_bug.cgi?id=64466
Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
First step in a longer refactoring process to remove the use of
operator new overloading in order to allocate GC objects and to replace
this method with static create methods for each individual type of heap-allocated
JS object. This particular patch only deals with replacing uses of
operator new within JSC proper. Future patches will remove it from the
parts that interface with the DOM. Due to the DOM's continued dependence
on it, operator new has not actually been removed from JSCell.
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::create):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::create):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::operator new):
(JSC::JSCallbackObject::create):
* API/JSCallbackObjectFunctions.h:
(JSC::::staticFunctionGetter):
* API/JSClassRef.cpp:
(OpaqueJSClass::prototype):
* API/JSContextRef.cpp:
* API/JSObjectRef.cpp:
(JSObjectMake):
(JSObjectMakeFunctionWithCallback):
(JSObjectMakeConstructor):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::createActivation):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::makeFunction):
* bytecompiler/NodesCodegen.cpp:
(JSC::RegExpNode::emitBytecode):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
(JSC::Interpreter::retrieveArguments):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jsc.cpp:
(GlobalObject::create):
(GlobalObject::GlobalObject):
(functionRun):
(jscmain):
* runtime/Arguments.h:
(JSC::Arguments::create):
(JSC::Arguments::createNoParameters):
* runtime/ArrayConstructor.cpp:
(JSC::constructArrayWithSizeQuirk):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::create):
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSplice):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::create):
* runtime/BooleanConstructor.cpp:
(JSC::constructBoolean):
(JSC::constructBooleanFromImmediateBoolean):
* runtime/BooleanConstructor.h:
(JSC::BooleanConstructor::create):
* runtime/BooleanObject.h:
(JSC::BooleanObject::create):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::create):
* runtime/DateConstructor.cpp:
(JSC::constructDate):
* runtime/DateConstructor.h:
(JSC::DateConstructor::create):
* runtime/DateInstance.h:
(JSC::DateInstance::create):
* runtime/DatePrototype.h:
(JSC::DatePrototype::create):
* runtime/Error.cpp:
(JSC::createError):
(JSC::createEvalError):
(JSC::createRangeError):
(JSC::createReferenceError):
(JSC::createSyntaxError):
(JSC::createTypeError):
(JSC::createURIError):
(JSC::StrictModeTypeErrorFunction::create):
(JSC::createTypeErrorFunction):
* runtime/ErrorConstructor.h:
(JSC::ErrorConstructor::create):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
(JSC::ErrorInstance::create):
* runtime/ErrorInstance.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::InterruptedExecutionError::create):
(JSC::createInterruptedExecutionException):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
(JSC::TerminatedExecutionError::create):
(JSC::createTerminatedExecutionException):
* runtime/Executable.cpp:
(JSC::FunctionExecutable::FunctionExecutable):
(JSC::FunctionExecutable::fromGlobalCode):
* runtime/Executable.h:
(JSC::ExecutableBase::create):
(JSC::NativeExecutable::create):
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::create):
(JSC::FunctionExecutable::create):
(JSC::FunctionExecutable::make):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/FunctionConstructor.h:
(JSC::FunctionConstructor::create):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::create):
* runtime/GetterSetter.h:
(JSC::GetterSetter::create):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::create):
(JSC::jsAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::argumentsGetter):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSArray.h:
(JSC::JSArray::create):
* runtime/JSCell.h:
(JSC::JSCell::allocateCell):
* runtime/JSFunction.h:
(JSC::JSFunction::create):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
(JSC::constructEmptyArray):
(JSC::constructArray):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::create):
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSObject.cpp:
(JSC::JSObject::defineGetter):
(JSC::JSObject::defineSetter):
(JSC::putDescriptor):
* runtime/JSObject.h:
(JSC::JSFinalObject::create):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::create):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::create):
* runtime/JSString.cpp:
(JSC::JSString::substringFromRope):
(JSC::JSString::replaceCharacter):
(JSC::StringObject::create):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::create):
(JSC::RopeBuilder::createHasOtherOwner):
(JSC::jsSingleCharacterString):
(JSC::jsSingleCharacterSubstring):
(JSC::jsNontrivialString):
(JSC::jsString):
(JSC::jsSubstring):
(JSC::jsOwnedString):
* runtime/JSValue.cpp:
(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::synthesizeObject):
(JSC::JSValue::synthesizePrototype):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::create):
* runtime/NativeErrorPrototype.h:
(JSC::NativeErrorPrototype::create):
* runtime/NumberConstructor.cpp:
(JSC::constructWithNumberConstructor):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::create):
* runtime/NumberObject.cpp:
(JSC::constructNumber):
* runtime/NumberObject.h:
(JSC::NumberObject::create):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::create):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::create):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::create):
* runtime/Operations.h:
(JSC::jsString):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::createWithoutCaching):
(JSC::RegExp::create):
* runtime/RegExp.h:
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::lookupOrCreate):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::arrayOfMatches):
(JSC::constructRegExp):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::create):
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::create):
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncCompile):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::create):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::create):
(JSC::ScopeChainNode::push):
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::createEmptyString):
(JSC::SmallStrings::createSingleCharacterString):
* runtime/StringConstructor.cpp:
(JSC::constructWithStringConstructor):
* runtime/StringConstructor.h:
(JSC::StringConstructor::create):
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::create):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
* runtime/StringPrototype.h:
(JSC::StringPrototype::create):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::createStructure):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
2011-07-17 Ryuan Choi <ryuan.choi@samsung.com>
[EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
https://bugs.webkit.org/show_bug.cgi?id=64337
Replace ecore_timer_add to Ecore_Pipe.
This is needed because ecore_timer should not be called in a child thread,
but in the main thread.
Reviewed by Antonio Gomes.
* wtf/efl/MainThreadEfl.cpp:
(WTF::pipeObject):
(WTF::monitorDispatchFunctions):
(WTF::initializeMainThreadPlatform):
(WTF::scheduleDispatchFunctionsOnMainThread):
2011-07-17 Filip Pizlo <fpizlo@apple.com>
DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
https://bugs.webkit.org/show_bug.cgi?id=64637
Reviewed by Gavin Barraclough.
* dfg/DFGOperations.cpp:
2011-07-16 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64657
Converted this value not preserved when accessed via direct eval.
Reviewed by Oliver Hunt.
Upon entry into a non-strict function, primitive this values should be boxed as Object types
(or substituted with the global object) - which is done by op_convert_this. However we only
do so where this is used lexically within the function (we omit the conversion op if not).
The problem comes if a direct eval (running within the function's scope) accesses the this
value.
We are safe in the case of a single eval, since the this object will be converted within
callEval, however the converted value is not preserved, and a new wrapper object is allocated
each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
object will be lost between eval statements.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
- If a function uses eval, we always need to convert this.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
- Don't convert primitive values here - this is too late!
(JSC::Interpreter::privateExecute):
- Changed op_convert_this to call new isPrimitive method.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- Changed op_convert_this to call new isPrimitive method.
* runtime/JSCell.h:
(JSC::JSCell::JSValue::isPrimitive):
- Added JSValue::isPrimitive.
* runtime/JSValue.h:
- Added JSValue::isPrimitive.
2011-07-16 Filip Pizlo <fpizlo@apple.com>
DFG JIT compare/branch code emits is-integer tests even when a value is
definitely not an integer.
https://bugs.webkit.org/show_bug.cgi?id=64654
Reviewed by Gavin Barraclough.
Added the isKnownNotInteger() method, which returns true if a node is
definitely not an integer and will always fail any is-integer test. Then
modified the compare and branch code to use this method; if it returns
true then is-int tests are omitted and the compiler always emits a slow
call.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownNotInteger):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compare):
2011-07-16 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT has dead code for slow calls for branches.
https://bugs.webkit.org/show_bug.cgi?id=64653
Reviewed by Gavin Barraclough.
Removed SpeculativeJIT::compilePeepHoleCall.
* dfg/DFGSpeculativeJIT.cpp:
* dfg/DFGSpeculativeJIT.h:
2011-07-15 Mark Rowe <mrowe@apple.com>
Fix the build.
* dfg/DFGGraph.h:
2011-07-15 Gavin Barraclough <barraclough@apple.com>
NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
https://bugs.webkit.org/show_bug.cgi?id=55346
Reviewed by Sam Weinig.
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
- Switch to putDirect since we're not the only ones tranitioning this Structure now.
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
* runtime/NativeErrorPrototype.h:
- Switch base class to ErrorPrototype.
2011-07-15 Gavin Barraclough <barraclough@apple.com>
DFG JIT - Where arguments passed are integers, speculate this.
https://bugs.webkit.org/show_bug.cgi?id=64630
Reviewed by Sam Weinig.
Presently the DFG JIT is overly aggressively predicting double.
Use a bit of dynamic information, and curtail this a little.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
- Check for integer arguments.
* dfg/DFGGraph.h:
- Function declaration.
* runtime/Executable.cpp:
(JSC::tryDFGCompile):
(JSC::FunctionExecutable::compileForCallInternal):
- Add call to predictArgumentTypes.
2011-07-15 Filip Pizlo <fpizlo@apple.com>
DFG JIT is inconsistent about fusing branches and speculating
integer comparisons for branches.
https://bugs.webkit.org/show_bug.cgi?id=64573
Reviewed by Gavin Barraclough.
This patch moves some of NonSpeculativeJIT's functionality up into the
JITCodeGenerator superclass so that it can be used from both JITs. Now,
in cases where the speculative JIT doesn't want to speculate but still
wants to emit good code, it can reliably emit the same code sequence as
the non-speculative JIT. This patch also extends the non-speculative
JIT's compare optimizations to include compare/branch fusing, and
extends the speculative JIT's compare optimizations to cover StrictEqual.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::isKnownInteger):
(JSC::DFG::JITCodeGenerator::isKnownNumeric):
(JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
(JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
* wtf/Platform.h:
2011-07-14 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64250
Global strict mode function leaking global object as "this".
Reviewed by Oliver Hunt.
The root problem here is that we pass the wrong values into
calls, and then try to fix them up in the callee. Correct
behaviour per the spec is to pass in the value undefined,
as this unless either (1) the function call is based on an
explicit property access or (2) the base of the call comes
directly from a 'with'.
This change does away with the need for this conversion of
objects (non strict code should only box primitives), and
does away with all this conversion for strict functions.
This patch may have web compatibility ramifications, and may
require some advocacy.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
- Removed op_convert_this_strict, added op_resolve_with_this.
* bytecode/Opcode.h:
- Removed op_convert_this_strict, added op_resolve_with_this.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitResolveWithThis):
- Removed op_convert_this_strict, added op_resolve_with_this.
* bytecompiler/BytecodeGenerator.h:
- Removed op_convert_this_strict, added op_resolve_with_this.
* bytecompiler/NodesCodegen.cpp:
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
- Removed op_convert_this_strict, added op_resolve_with_this.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Change NeedsThisConversion check to test for JSString's vptr
(objects no longer need conversion).
* interpreter/Interpreter.cpp:
(JSC::Interpreter::resolveThisAndProperty):
- Based on resolveBaseAndProperty, but produce correct this value.
(JSC::Interpreter::privateExecute):
- Removed op_convert_this_strict, added op_resolve_with_this.
* interpreter/Interpreter.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
- Removed op_convert_this_strict, added op_resolve_with_this.
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_resolve_with_this):
- Removed op_convert_this_strict, added op_resolve_with_this.
(JSC::JIT::emit_op_convert_this):
(JSC::JIT::emitSlow_op_convert_this):
- Change NeedsThisConversion check to test for JSString's vptr
(objects no longer need conversion).
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_resolve_with_this):
- Removed op_convert_this_strict, added op_resolve_with_this.
(JSC::JIT::emit_op_convert_this):
(JSC::JIT::emitSlow_op_convert_this):
- Change NeedsThisConversion check to test for JSString's vptr
(objects no longer need conversion).
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- Removed op_convert_this_strict, added op_resolve_with_this.
* jit/JITStubs.h:
- Removed op_convert_this_strict, added op_resolve_with_this.
* runtime/JSActivation.h:
- removed NeedsThisConversion flag, added IsEnvironmentRecord.
* runtime/JSStaticScopeObject.h:
- removed NeedsThisConversion flag, added IsEnvironmentRecord.
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
- removed NeedsThisConversion.
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::isEnvironmentRecord):
(JSC::TypeInfo::overridesHasInstance):
- removed NeedsThisConversion flag, added IsEnvironmentRecord.
* runtime/JSValue.h:
- removed NeedsThisConversion.
* runtime/JSVariableObject.h:
- Corrected StructureFlags inheritance.
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::createStructure):
- Added IsEnvironmentRecord to StructureFlags, addded createStructure.
* runtime/Structure.h:
- removed NeedsThisConversion.
* tests/mozilla/ecma/String/15.5.4.6-2.js:
(getTestCases):
- Removed invalid test case.
2011-07-15 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r91082, r91087, and r91089.
http://trac.webkit.org/changeset/91082
http://trac.webkit.org/changeset/91087
http://trac.webkit.org/changeset/91089
https://bugs.webkit.org/show_bug.cgi?id=64616
gtk tests are failing a lot after this change. (Requested by
dave_levin on #webkit).
* wtf/ThreadIdentifierDataPthreads.cpp:
(WTF::ThreadIdentifierData::identifier):
(WTF::ThreadIdentifierData::initialize):
(WTF::ThreadIdentifierData::initializeKeyOnceHelper):
(WTF::ThreadIdentifierData::initializeKeyOnce):
* wtf/ThreadIdentifierDataPthreads.h:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading):
2011-07-15 David Levin <levin@chromium.org>
Another attempted build fix.
* wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
up the definition of PTHREAD_KEYS_MAX.
2011-07-15 David Levin <levin@chromium.org>
Chromium build fix.
* wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
up the definition of PTHREAD_KEYS_MAX.
2011-07-14 David Levin <levin@chromium.org>
currentThread is too slow!
https://bugs.webkit.org/show_bug.cgi?id=64577
Reviewed by Darin Adler and Dmitry Titov.
The problem is that currentThread results in a pthread_once call which always takes a lock.
With this change, currentThread is 10% faster than isMainThread in release mode and only
5% slower than isMainThread in debug.
* wtf/ThreadIdentifierDataPthreads.cpp:
(WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
which is no longer needed because this is called from initializeThreading().
(WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
intialization of the pthread key should already be done.
(WTF::ThreadIdentifierData::initialize): Ditto.
* wtf/ThreadIdentifierDataPthreads.h:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading): Acquire the pthread key here.
2011-07-14 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not optimize Branch as well as it could.
https://bugs.webkit.org/show_bug.cgi?id=64574
Reviewed by Gavin Barraclough.
This creates a common code path for emitting unfused branches, which does
no speculation, and only performs a slow call if absolutely necessary.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitBranch):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-14 Filip Pizlo <fpizlo@apple.com>
GC allocation fast path has too many operations.
https://bugs.webkit.org/show_bug.cgi?id=64493
Reviewed by Darin Adler.
Changed the timing of the lazy sweep so that it occurs when we land on
a previously-unsweeped block, rather than whenever we land on an unsweeped
cell. After the per-block lazy sweep occurs, the block is turned into a
singly linked list of free cells. The allocation fast path is now just a
load-branch-store to remove a cell from the head of the list.
Additionally, this changes the way new blocks are allocated. Previously,
they would be populated with dummy cells. With this patch, they are
turned into a free list, which means that there will never be destructor
calls for allocations in fresh blocks.
These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
SunSpider. There are no observed statistically significant slow-downs
on any individual benchmark.
* JavaScriptCore.exp:
* heap/Heap.cpp:
(JSC::Heap::allocateSlowCase):
(JSC::Heap::collect):
(JSC::Heap::canonicalizeBlocks):
(JSC::Heap::resetAllocator):
* heap/Heap.h:
(JSC::Heap::forEachProtectedCell):
(JSC::Heap::forEachCell):
(JSC::Heap::forEachBlock):
(JSC::Heap::allocate):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::lazySweep):
(JSC::MarkedBlock::blessNewBlockForFastPath):
(JSC::MarkedBlock::blessNewBlockForSlowPath):
(JSC::MarkedBlock::canonicalizeBlock):
* heap/MarkedBlock.h:
* heap/NewSpace.cpp:
(JSC::NewSpace::addBlock):
(JSC::NewSpace::canonicalizeBlocks):
* heap/NewSpace.h:
(JSC::NewSpace::allocate):
(JSC::NewSpace::SizeClass::SizeClass):
(JSC::NewSpace::SizeClass::canonicalizeBlock):
* heap/OldSpace.cpp:
(JSC::OldSpace::addBlock):
2011-07-14 Filip Pizlo <fpizlo@apple.com>
DFG JIT crashes on host constructor calls in debug mode.
https://bugs.webkit.org/show_bug.cgi?id=64562
Reviewed by Gavin Barraclough.
Fixed the relevant ASSERT.
* dfg/DFGOperations.cpp:
2011-07-14 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT contains a FIXME for rewinding speculative code generation that
has already been fixed.
https://bugs.webkit.org/show_bug.cgi?id=64022
Reviewed by Gavin Barraclough.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
2011-07-14 Ryuan Choi <ryuan.choi@samsung.com>
[EFL] Add OwnPtr specialization for Ecore_Pipe.
https://bugs.webkit.org/show_bug.cgi?id=64515
Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
Reviewed by Xan Lopez.
* wtf/OwnPtrCommon.h:
* wtf/efl/OwnPtrEfl.cpp:
(WTF::deleteOwnedPtr):
2011-07-14 Filip Pizlo <fpizlo@apple.com>
DFG JIT unnecessarily boxes and unboxes values during silent spilling.
https://bugs.webkit.org/show_bug.cgi?id=64068
Reviewed by Gavin Barraclough.
Silent spilling and filling of registers is done during slow-path C
function calls. The silent spill/fill logic does not affect register
allocation on paths that don't involve the C function call.
This changes the silent spilling code to spill in unboxed form. The
silent fill will refill in whatever form the register was spilled in.
For example, the silent spill code may choose not to spill the register
because it was already spilled previously, which would imply that it
was spilled in boxed form. The filling code detects this and either
unboxes, or not, depending on what is appropriate.
This change also results in a simplification of the silent spill/fill
API: silent spilling no longer needs to know about the set of registers
that cannot be trampled, since it never does boxing and hence does not
need a temporary register.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentSpillFPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::valueToNumber):
(JSC::DFG::NonSpeculativeJIT::valueToInt32):
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
(JSC::DFG::NonSpeculativeJIT::compare):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-13 Michael Saboff <msaboff@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64202
Enh: Improve handling of RegExp in the form of /.*blah.*/
Reviewed by Gavin Barraclough.
Added code to both the Yarr interpreter and JIT to handle
these expressions a little differently. First off, the terms
in between the leading and trailing .*'s cannot capture and
also this enhancement is limited to single alternative expressions.
If an expression is of the right form with the aforementioned
restrictions, we process the inner terms and then look for the
beginning of the string and end of the string. There is handling
for multiline expressions to allow the beginning and end to be
right after and right before newlines.
This enhancement speeds up expressions of this type 12x on
a MacBookPro.
Cleaned up 'case' statement indentation.
A new set of tests was added as LayoutTests/fast/regex/dotstar.html
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::InputStream::end):
(JSC::Yarr::Interpreter::matchDotStarEnclosure):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
(JSC::Yarr::ByteCompiler::emitDisjunction):
* yarr/YarrInterpreter.h:
(JSC::Yarr::ByteTerm::DotStarEnclosure):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
(JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
(JSC::Yarr::YarrGenerator::generateTerm):
(JSC::Yarr::YarrGenerator::backtrackTerm):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
(JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
(JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
(JSC::Yarr::YarrPattern::compile):
* yarr/YarrPattern.h:
(JSC::Yarr::PatternTerm::PatternTerm):
2011-07-13 Xan Lopez <xlopez@igalia.com>
[GTK] Fix distcheck
Reviewed by Martin Robinson.
* GNUmakefile.list.am: add missing files.
2011-07-13 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not implement prototype chain or list caching for get_by_id.
https://bugs.webkit.org/show_bug.cgi?id=64147
Reviewed by Gavin Barraclough.
This implements unified support for prototype caching, prototype chain
caching, and polymorphic (i.e. list) prototype and prototype chain
caching. This is done by creating common code for emitting prototype
or chain access stubs, and having it factored out into
generateProtoChainAccessStub(). This function is called by
tryCacheGetByID once the latter determines that some form of prototype
access caching is necessary (i.e. the slot being accessed is not on the
base value but on some other object).
Direct prototype list, and prototype chain list, caching is implemented by
linking the slow path to operationGetByIdProtoBuildList(), which uses the
same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
This change required ensuring that the value in the scratchGPR field in
StructureStubInfo is preserved even after the stub info is in the
chain, or proto_list, states. Hence scratchGPR was moved out of the union
and into the top-level of StructureStubInfo.
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::emitRestoreScratch):
(JSC::DFG::linkRestoreScratch):
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDProtoList):
(JSC::DFG::dfgBuildGetByIDProtoList):
(JSC::DFG::tryCachePutByID):
* dfg/DFGRepatch.h:
2011-07-12 Brent Fulgham <bfulgham@webkit.org>
Standardize WinCairo conditionalized code under PLATFORM macro.
https://bugs.webkit.org/show_bug.cgi?id=64377
Reviewed by Maciej Stachowiak.
* wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
2011-07-13 David Levin <levin@chromium.org>
Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
https://bugs.webkit.org/show_bug.cgi?id=64465
Reviewed by Dmitry Titov.
There isn't a good way to test this as it is very highly unlikely to occur.
* wtf/ThreadIdentifierDataPthreads.cpp:
(WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
isn't thread-safe, change the initialization to be global.
2011-07-12 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64424
Our direct eval behaviour deviates slightly from the spec.
Reviewed by Oliver Hunt.
The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
may be introduced into the caller's environment.
ES5 direct calls are any call where the callee function is provided by a reference, a base
of that Reference is an EnvironmentRecord (this corresponds to all productions
"PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
of the reference is "eval". This means any expression of the form "eval(...)", and that
calls the standard built in eval method from on the Global Object, is considered to be
direct.
In JavaScriptCore we are currently overly restrictive. We also check that the
EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
that hits a var eval in a nested scope is not considered to be direct. This behaviour does
not emanate from the spec, and is incorrect.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
- Fixed direct eval check in op_call_eval.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- Fixed direct eval check in op_call_eval.
* runtime/Executable.h:
(JSC::isHostFunction):
- Added check for host function with specific NativeFunction.
2011-07-13 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
Reviewed by Andreas Kling.
Broken build on QNX
https://bugs.webkit.org/show_bug.cgi?id=63717
QNX doesn't support pthread's SA_RESTART (required by
JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
few minor compilation errors here and there.
Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
tested by him on QNX v6.5 (x86)
* wtf/DateMath.cpp: fix usage of abs/labs
* wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
* wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
2011-07-12 Anders Carlsson <andersca@apple.com>
If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
https://bugs.webkit.org/show_bug.cgi?id=64429
Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
* wtf/NullPtr.h:
2011-07-13 MORITA Hajime <morrita@google.com>
Refactoring: Ignored ExceptionCode value should be less annoying.
https://bugs.webkit.org/show_bug.cgi?id=63688
Added ASSERT_AT macro.
Reviewed by Darin Adler.
* wtf/Assertions.h:
2011-07-12 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not implement op_construct.
https://bugs.webkit.org/show_bug.cgi?id=64066
Reviewed by Gavin Barraclough.
This is a fixed implementation of op_construct. Constructor calls are implemented
by reusing almost all of the code for Call, with care taken to make sure that
where the are differences (like selecting different code blocks), those differences
are respected. The two fixes over the last patch are: (1) make sure the
CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
(either CodeForCall or CodeForConstruct) when invoking the compiler.
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::recordConstruct):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor):
* dfg/DFGRepatch.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/CodeBlock.cpp:
(JSC::CodeBlock::unlinkCalls):
2011-07-12 Oliver Hunt <oliver@apple.com>
Overzealous type validation in method_check
https://bugs.webkit.org/show_bug.cgi?id=64415
Reviewed by Gavin Barraclough.
method_check is essentially just a value look up
optimisation, but it internally stores the value
as a JSFunction, even though it never relies on
this fact. Under GC validation however we end up
trying to enforce that assumption. The fix is
simply to store the value as a correct supertype.
* bytecode/CodeBlock.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgRepatchGetMethodFast):
(JSC::DFG::tryCacheGetMethod):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::patchMethodCallProto):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
2011-07-12 Filip Pizlo <fpizlo@apple.com>
COLLECT_ON_EVERY_ALLOCATION no longer works.
https://bugs.webkit.org/show_bug.cgi?id=64388
Reviewed by Oliver Hunt.
Added a flag to Heap that determines if it's safe to collect (which for now means that
JSGlobalObject has actually been initialized, but it should work for other things, too).
This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
GCing it just grows the heap, if necessary.
Then changed Heap::allocate() to not recurse ad infinitum when
COLLECT_ON_EVERY_ALLOCATION is set. This also makes the allocator generally more
resilient against bugs; this change allowed me to put in handy assertions, such as that
an allocation must succeed after either a collection or after a new block was added.
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::tryAllocate):
(JSC::Heap::allocate):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
* heap/Heap.h:
(JSC::Heap::notifyIsSafeToCollect):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
2011-07-12 Filip Pizlo <fpizlo@apple.com>
DFG JIT put_by_id transition caching does not inform the GC about the structure and
prototype chain that it is referencing.
https://bugs.webkit.org/show_bug.cgi?id=64387
Reviewed by Gavin Barraclough.
Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCachePutByID):
2011-07-12 Adam Roben <aroben@apple.com>
Ensure no intermediate WTF::Strings are created when concatenating with string literals
Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
operator+ is suboptimal
Reviewed by Darin Adler.
* wtf/text/StringConcatenate.h:
(WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
many WTF::Strings get copied while evaluating an operator+ expression.
* wtf/text/StringOperators.h:
(WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
side, since operator+ is left-associative. Having the StringAppend on the right-hand side
was causing us to make intermediate WTF::Strings when evaluating expressions that contained
multiple calls to operator+. Added some more overloads for that take a left-hand side of
const char* to resolve overload ambiguity for certain expressions. Added overloads that take
a left-hand side of const UChar* (matching the const char* overloads) so that wide string
literals don't first have to be converted to a WTF::String in operator+ expressions.
2011-07-12 Adam Roben <aroben@apple.com>
Unreviewed, rolling out r90811.
http://trac.webkit.org/changeset/90811
https://bugs.webkit.org/show_bug.cgi?id=61025
Several svg tests failing assertions beneath
SVGSMILElement::findInstanceTime
* wtf/StdLibExtras.h:
(WTF::binarySearch):
2011-07-12 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
Reviewed by Nikolas Zimmermann.
Speed up SVGSMILElement::findInstanceTime.
https://bugs.webkit.org/show_bug.cgi?id=61025
Add a new parameter to StdlibExtras.h::binarySerarch function
to also handle cases when the array does not contain the key value.
This is needed for an svg function.
* wtf/StdLibExtras.h:
(WTF::binarySearch):
2011-07-11 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT does not guard itself against floating point speculation
failures on non-floating-point constants.
https://bugs.webkit.org/show_bug.cgi?id=64330
Reviewed by Gavin Barraclough.
Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
soon as it notices that it's speculating on something that is a non-numeric
JSConstant.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2011-07-11 Filip Pizlo <fpizlo@apple.com>
DFG Speculative JIT does not always insert speculation checks when speculating
arrays.
https://bugs.webkit.org/show_bug.cgi?id=64254
Reviewed by Gavin Barraclough.
Changed the SetLocal instruction to always validate that the value being stored
into the local variable is an array, if that variable was marked PredictArray.
This is necessary since uses of arrays assume that if a PredictArray value is
in a local variable then the speculation check validating that the value is an
array was already performed.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-11 Gabor Loki <loki@webkit.org>
Fix the condition of the optimized code in doubleTransfer
https://bugs.webkit.org/show_bug.cgi?id=64261
Reviewed by Zoltan Herczeg.
The condition of the optimized code in doubleTransfer is wrong. The
data transfer should be executed with four bytes aligned address.
VFP cannot perform unaligned memory access.
Reported by Jacob Bramley.
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::doubleTransfer):
2011-07-11 Gabor Loki <loki@webkit.org>
Signed arithmetic bug in dataTransfer32.
https://bugs.webkit.org/show_bug.cgi?id=64257
Reviewed by Zoltan Herczeg.
An arithmetic bug is fixed. If the offset of dataTransfer is half of the
addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
a load instruction is emitted with a wrong zero offset.
Inspired by Jacob Bramley's patch from JaegerMonkey.
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::dataTransfer32):
2011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com>
Fix unaligned userspace access for SH4 platforms.
https://bugs.webkit.org/show_bug.cgi?id=62993
* wtf/Platform.h:
2011-07-09 Chao-ying Fu <fu@mips.com>
Fix MIPS build due to readInt32 and readPointer
https://bugs.webkit.org/show_bug.cgi?id=63962
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::readInt32):
(JSC::MIPSAssembler::readPointer):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::rshift32):
2011-07-08 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=64181
REGRESSION (r90602): Gmail doesn't load
Rolling out r90601, r90602.
* dfg/DFGAliasTracker.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addVarArgChild):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::dfgLinkCall):
* dfg/DFGRepatch.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/JSObject.h:
(JSC::JSObject::isUsingInlineStorage):
2011-07-08 Kalev Lember <kalev@smartlink.ee>
Reviewed by Adam Roben.
Add missing _WIN32_WINNT and WINVER definitions
https://bugs.webkit.org/show_bug.cgi?id=59702
Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
available for all source files.
In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
DeleteTimerQueueTimer which are both guarded by
#if (_WIN32_WINNT >= 0x0500)
in MinGW headers.
* config.h:
* wtf/Assertions.cpp:
2011-07-08 Chang Shu <cshu@webkit.org>
Rename "makeSecure" to "fill" and remove the support for displaying last character
to avoid layering violatation.
https://bugs.webkit.org/show_bug.cgi?id=59114
Reviewed by Alexey Proskuryakov.
* JavaScriptCore.exp:
* JavaScriptCore.order:
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::fill):
* wtf/text/StringImpl.h:
* wtf/text/WTFString.h:
(WTF::String::fill):
2011-07-08 Benjamin Poulain <benjamin@webkit.org>
[WK2] Do not forward touch events to the web process when it does not need them
https://bugs.webkit.org/show_bug.cgi?id=64164
Reviewed by Kenneth Rohde Christiansen.
Add a convenience function to obtain a reference to the last element of a Deque.
* wtf/Deque.h:
(WTF::Deque::last):
2011-07-07 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not implement op_construct.
https://bugs.webkit.org/show_bug.cgi?id=64066
Reviewed by Gavin Barraclough.
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::recordConstruct):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor):
* dfg/DFGRepatch.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-07 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not implement get_by_id prototype caching.
https://bugs.webkit.org/show_bug.cgi?id=64077
Reviewed by Gavin Barraclough.
* dfg/DFGRepatch.cpp:
(JSC::DFG::emitRestoreScratch):
(JSC::DFG::linkRestoreScratch):
(JSC::DFG::tryCacheGetByID):
* runtime/JSObject.h:
(JSC::JSObject::addressOfPropertyAtOffset):
2011-07-07 Filip Pizlo <fpizlo@apple.com>
DFG JIT method_check implementation does not link to optimized get_by_id
slow path.
https://bugs.webkit.org/show_bug.cgi?id=64073
Reviewed by Gavin Barraclough.
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgRepatchGetMethodFast):
2011-07-07 Oliver Hunt <oliver@apple.com>
Encode jump and link sizes into the appropriate enums
https://bugs.webkit.org/show_bug.cgi?id=64123
Reviewed by Sam Weinig.
Finally kill off the out of line jump and link size arrays,
so we can avoid icky loads and constant fold the linking arithmetic.
* assembler/ARMv7Assembler.cpp:
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::jumpSizeDelta):
(JSC::ARMv7Assembler::computeJumpType):
2011-07-06 Juan C. Montemayor <jmont@apple.com>
ASSERT_NOT_REACHED running test 262
https://bugs.webkit.org/show_bug.cgi?id=63951
Added a case to the switch statement where the code was failing. Fixed
some logic as well that gave faulty error messages.
Reviewed by Gavin Barraclough.
* parser/JSParser.cpp:
(JSC::JSParser::getTokenName):
(JSC::JSParser::updateErrorMessageSpecialCase):
(JSC::JSParser::updateErrorMessage):
2011-07-06 Filip Pizlo <fpizlo@apple.com>
DFG JIT implementation of op_call results in regressions on sunspider
controlflow-recursive.
https://bugs.webkit.org/show_bug.cgi?id=64039
Reviewed by Gavin Barraclough.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::isSmallInt32Constant):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isInteger):
2011-07-06 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not support method_check
https://bugs.webkit.org/show_bug.cgi?id=63972
Reviewed by Gavin Barraclough.
* assembler/CodeLocation.h:
(JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
(JSC::MethodCallLinkInfo::MethodCallLinkInfo):
(JSC::MethodCallLinkInfo::seenOnce):
(JSC::MethodCallLinkInfo::setSeen):
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::recordGetMethod):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedGetMethod):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addMethodGet):
(JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasIdentifier):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgRepatchGetMethodFast):
(JSC::DFG::tryCacheGetMethod):
(JSC::DFG::dfgRepatchGetMethod):
* dfg/DFGRepatch.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITWriteBarrier.h:
(JSC::JITWriteBarrier::set):
2011-07-06 Filip Pizlo <fpizlo@apple.com>
DFG JIT op_call implementation will flush registers even when those registers are dead
https://bugs.webkit.org/show_bug.cgi?id=64023
Reviewed by Gavin Barraclough.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::integerResult):
(JSC::DFG::JITCodeGenerator::noResult):
(JSC::DFG::JITCodeGenerator::cellResult):
(JSC::DFG::JITCodeGenerator::jsValueResult):
(JSC::DFG::JITCodeGenerator::doubleResult):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-06 Filip Pizlo <fpizlo@apple.com>
DFG speculative JIT may crash when speculating int on a non-int JSConstant.
https://bugs.webkit.org/show_bug.cgi?id=64017
Reviewed by Gavin Barraclough.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::compile):
2011-07-06 Dmitriy Vyukov <dvyukov@google.com>
Reviewed by David Levin.
Allow substitution of dynamic annotations and prevent identical code folding by the linker.
https://bugs.webkit.org/show_bug.cgi?id=62443
* wtf/DynamicAnnotations.cpp:
(WTFAnnotateBenignRaceSized):
(WTFAnnotateHappensBefore):
(WTFAnnotateHappensAfter):
2011-07-06 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
Calls on 32 bit machines are failed after r90423
https://bugs.webkit.org/show_bug.cgi?id=63980
Reviewed by Gavin Barraclough.
Copy the necessary lines from JITCall.cpp.
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCall):
2011-07-05 Filip Pizlo <fpizlo@apple.com>
DFG JIT virtual call implementation is inefficient.
https://bugs.webkit.org/show_bug.cgi?id=63974
Reviewed by Gavin Barraclough.
* dfg/DFGOperations.cpp:
* runtime/Executable.h:
(JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
(JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
(JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
(JSC::ExecutableBase::hasJITCodeForCall):
(JSC::ExecutableBase::hasJITCodeForConstruct):
(JSC::ExecutableBase::hasJITCodeFor):
* runtime/JSFunction.h:
(JSC::JSFunction::scopeUnchecked):
2011-07-05 Oliver Hunt <oliver@apple.com>
Force inlining of simple functions that show up as not being inlined
https://bugs.webkit.org/show_bug.cgi?id=63964
Reviewed by Gavin Barraclough.
Looking at profile data indicates the gcc is failing to inline a
number of trivial functions. This patch hits the ones that show
up in profiles with the ALWAYS_INLINE hammer.
We also replace the memcpy() call in linking with a manual loop.
Apparently memcpy() is almost never faster than an inlined loop.
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::add):
(JSC::ARMv7Assembler::add_S):
(JSC::ARMv7Assembler::ARM_and):
(JSC::ARMv7Assembler::asr):
(JSC::ARMv7Assembler::b):
(JSC::ARMv7Assembler::blx):
(JSC::ARMv7Assembler::bx):
(JSC::ARMv7Assembler::clz):
(JSC::ARMv7Assembler::cmn):
(JSC::ARMv7Assembler::cmp):
(JSC::ARMv7Assembler::eor):
(JSC::ARMv7Assembler::it):
(JSC::ARMv7Assembler::ldr):
(JSC::ARMv7Assembler::ldrCompact):
(JSC::ARMv7Assembler::ldrh):
(JSC::ARMv7Assembler::ldrb):
(JSC::ARMv7Assembler::lsl):
(JSC::ARMv7Assembler::lsr):
(JSC::ARMv7Assembler::movT3):
(JSC::ARMv7Assembler::mov):
(JSC::ARMv7Assembler::movt):
(JSC::ARMv7Assembler::mvn):
(JSC::ARMv7Assembler::neg):
(JSC::ARMv7Assembler::orr):
(JSC::ARMv7Assembler::orr_S):
(JSC::ARMv7Assembler::ror):
(JSC::ARMv7Assembler::smull):
(JSC::ARMv7Assembler::str):
(JSC::ARMv7Assembler::sub):
(JSC::ARMv7Assembler::sub_S):
(JSC::ARMv7Assembler::tst):
(JSC::ARMv7Assembler::linkRecordSourceComparator):
(JSC::ARMv7Assembler::link):
(JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
(JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
(JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
(JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
(JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
(JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
(JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
(JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
(JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
(JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
(JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
(JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
(JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
(JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::linkCode):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::ret):
(JSC::MacroAssemblerARMv7::moveWithPatch):
(JSC::MacroAssemblerARMv7::branchPtrWithPatch):
(JSC::MacroAssemblerARMv7::storePtrWithPatch):
(JSC::MacroAssemblerARMv7::tailRecursiveCall):
(JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
(JSC::MacroAssemblerARMv7::jump):
(JSC::MacroAssemblerARMv7::makeBranch):
2011-07-05 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
Make "Add optimised paths for a few maths functions" work on Qt
https://bugs.webkit.org/show_bug.cgi?id=63893
Reviewed by Oliver Hunt.
Move the generated code to the .text section instead of .data section.
Fix alignment for the 32 bit thunk code.
* jit/ThunkGenerators.cpp:
2011-07-05 Filip Pizlo <fpizlo@apple.com>
DFG JIT does not implement op_call.
https://bugs.webkit.org/show_bug.cgi?id=63858
Reviewed by Gavin Barraclough.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::unlinkCalls):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::setNumberOfCallLinkInfos):
(JSC::CodeBlock::numberOfCallLinkInfos):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::lookupGetByVal):
(JSC::DFG::AliasTracker::recordCall):
(JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::toInt32):
(JSC::DFG::ByteCodeParser::addToGraph):
(JSC::DFG::ByteCodeParser::addVarArgChild):
(JSC::DFG::ByteCodeParser::predictInt32):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::opName):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::refChildren):
* dfg/DFGGraph.h:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::useChildren):
(JSC::DFG::JITCodeGenerator::emitCall):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::addressOfCallData):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::CallRecord::CallRecord):
(JSC::DFG::JITCompiler::notifyCall):
(JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
(JSC::DFG::JITCompiler::addJSCall):
(JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
(JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::child1):
(JSC::DFG::Node::child2):
(JSC::DFG::Node::child3):
(JSC::DFG::Node::firstChild):
(JSC::DFG::Node::numChildren):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
(JSC::DFG::NonSpeculativeJIT::compare):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkCall):
* dfg/DFGRepatch.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
* interpreter/CallFrame.h:
(JSC::ExecState::calleeAsValue):
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
(JSC::JIT::linkCall):
(JSC::JIT::linkConstruct):
* jit/JITCall.cpp:
(JSC::JIT::compileOpCall):
* jit/JITCode.h:
(JSC::JITCode::JITCode):
(JSC::JITCode::jitType):
(JSC::JITCode::HostFunction):
* runtime/JSFunction.h:
* runtime/JSGlobalData.h:
2011-07-05 Oliver Hunt <oliver@apple.com>
Initialize new MarkStack member
* heap/MarkStack.h:
(JSC::MarkStack::MarkStack):
2011-07-05 Oliver Hunt <oliver@apple.com>
Don't throw out compiled code repeatedly
https://bugs.webkit.org/show_bug.cgi?id=63960
Reviewed by Gavin Barraclough.
Stop throwing away all compiled code every time
we're told to do a full GC. Instead unlink all
callsites during such GC passes to maximise the
number of collectable functions, but otherwise
leave compiled functions alone.
* API/JSBase.cpp:
(JSGarbageCollect):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* heap/Heap.cpp:
(JSC::Heap::collectAllGarbage):
* heap/MarkStack.h:
(JSC::MarkStack::shouldUnlinkCalls):
(JSC::MarkStack::setShouldUnlinkCalls):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::recompileAllJSFunctions):
(JSC::JSGlobalData::releaseExecutableMemory):
* runtime/RegExp.cpp:
(JSC::RegExp::compile):
(JSC::RegExp::invalidateCode):
* runtime/RegExp.h:
2011-07-05 Filip Pizlo <fpizlo@apple.com>
JSC JIT has code duplication for the handling of call and construct
https://bugs.webkit.org/show_bug.cgi?id=63957
Reviewed by Gavin Barraclough.
* jit/JIT.cpp:
(JSC::JIT::linkFor):
* jit/JIT.h:
* jit/JITStubs.cpp:
(JSC::jitCompileFor):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::arityCheckFor):
(JSC::lazyLinkFor):
* runtime/Executable.h:
(JSC::ExecutableBase::generatedJITCodeFor):
(JSC::FunctionExecutable::compileFor):
(JSC::FunctionExecutable::isGeneratedFor):
(JSC::FunctionExecutable::generatedBytecodeFor):
(JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
2011-07-05 Gavin Barraclough <barraclough@apple.com>
Build fix following last patch.
* runtime/JSFunction.cpp:
(JSC::createPrototypeProperty):
2011-07-05 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=63947
ASSERT running Object.preventExtensions(Math.sin)
Reviewed by Oliver Hunt.
This is due to calling scope() on a hostFunction as a part of
calling createPrototypeProperty to reify the prototype property.
But host functions don't have a prototype property anyway!
Prevent callling createPrototypeProperty on a host function.
* runtime/JSFunction.cpp:
(JSC::JSFunction::createPrototypeProperty):
(JSC::JSFunction::preventExtensions):
2011-07-04 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=63880
Evaluation order of conversions of operands to >, >= incorrect.
Reviewed by Sam Weinig.
Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
spec. This allows these methods to be reused to perform >, >= relational compares
with correct ordering of type conversions.
* dfg/DFGOperations.cpp:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Operations.h:
(JSC::jsLess):
(JSC::jsLessEq):
2011-07-04 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=16652
Firefox and JavaScriptCore differ in Number.toString(integer)
Our arbitrary radix (2..36) toString conversion is inaccurate.
This is partly because it uses doubles to perform math that requires
higher accuracy, and partly becasue it does not attempt to correctly
detect where to terminate, instead relying on a simple 'epsilon'.
* runtime/NumberPrototype.cpp:
(JSC::decomposeDouble):
- helper function to extract sign, exponent, mantissa from IEEE doubles.
(JSC::Uint16WithFraction::Uint16WithFraction):
- helper class, u16int with infinite precision fraction, used to convert
the fractional part of the number to a string.
(JSC::Uint16WithFraction::operator*=):
- Multiply by a uint16.
(JSC::Uint16WithFraction::operator<):
- Compare two Uint16WithFractions.
(JSC::Uint16WithFraction::floorAndSubtract):
- Extract the integer portion of the number, and subtract it (clears the integer portion).
(JSC::Uint16WithFraction::comparePoint5):
- Compare to 0.5.
(JSC::Uint16WithFraction::sumGreaterThanOne):
- Passed a second Uint16WithFraction, returns true if the result of adding
the two values would be greater than one.
(JSC::Uint16WithFraction::isNormalized):
- Used by ASSERTs to consistency check internal representation.
(JSC::BigInteger::BigInteger):
- helper class, unbounded integer value, used to convert the integer part
of the number to a string.
(JSC::BigInteger::divide):
- Divide this value through by a uint32.
(JSC::BigInteger::operator!):
- test for zero.
(JSC::toStringWithRadix):
- Performs number to string conversion, with the given radix (2..36).
(JSC::numberProtoFuncToString):
- Changed to use toStringWithRadix.
2011-07-04 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=63881
Need separate bytecodes for handling >, >= comparisons.
Reviewed by Oliver Hunt.
This clears the way to fix Bug#63880. We currently handle greater-than comparisons
as being using the corresponding op_less, etc opcodes. This is incorrect with
respect to evaluation ordering of the implicit conversions performed on operands -
we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
but instead convert RHS then LHS.
This patch adds opcodes for greater-than comparisons mirroring existing ones used
for less-than.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/Opcode.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitJumpIfTrue):
(JSC::BytecodeGenerator::emitJumpIfFalse):
* bytecompiler/NodesCodegen.cpp:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compare):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
(JSC::JIT::emit_op_loop_if_greater):
(JSC::JIT::emitSlow_op_loop_if_greater):
(JSC::JIT::emit_op_loop_if_greatereq):
(JSC::JIT::emitSlow_op_loop_if_greatereq):
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_jgreater):
(JSC::JIT::emit_op_jgreatereq):
(JSC::JIT::emit_op_jngreater):
(JSC::JIT::emit_op_jngreatereq):
(JSC::JIT::emitSlow_op_jgreater):
(JSC::JIT::emitSlow_op_jgreatereq):
(JSC::JIT::emitSlow_op_jngreater):
(JSC::JIT::emitSlow_op_jngreatereq):
(JSC::JIT::emit_compareAndJumpSlow):
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emitBinaryDoubleOp):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
* parser/NodeConstructors.h:
(JSC::GreaterNode::GreaterNode):
(JSC::GreaterEqNode::GreaterEqNode):
* parser/Nodes.h:
2011-07-03 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=63879
Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
Reviewed by Sam Weinig.
There is a lot of copy & paste code here; we can reduce duplication by making
a shared implementation.
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::branch32):
(JSC::MacroAssembler::commute):
- Make these function platform agnostic.
* assembler/MacroAssemblerX86Common.h:
- Moved branch32/commute up to MacroAssembler.
* jit/JIT.h:
(JSC::JIT::emit_op_loop_if_lesseq):
(JSC::JIT::emitSlow_op_loop_if_lesseq):
- Add an implementation matching that for op_loop_if_less, which just calls op_jless.
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_jless):
(JSC::JIT::emit_op_jlesseq):
(JSC::JIT::emit_op_jnless):
(JSC::JIT::emit_op_jnlesseq):
(JSC::JIT::emitSlow_op_jless):
(JSC::JIT::emitSlow_op_jlesseq):
(JSC::JIT::emitSlow_op_jnless):
(JSC::JIT::emitSlow_op_jnlesseq):
- Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
(JSC::JIT::emit_compareAndJump):
(JSC::JIT::emit_compareAndJumpSlow):
- Internal implmementation of jless etc for JSVALUE64.
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_compareAndJump):
(JSC::JIT::emit_compareAndJumpSlow):
- Internal implmementation of jless etc for JSVALUE32_64.
* jit/JITOpcodes.cpp:
* jit/JITOpcodes32_64.cpp:
* jit/JITStubs.cpp:
* jit/JITStubs.h:
- Remove old implementation of emit_op_loop_if_lesseq.
2011-07-03 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r90347.
http://trac.webkit.org/changeset/90347
https://bugs.webkit.org/show_bug.cgi?id=63886
Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
(Requested by tkent on #webkit).
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/BigInteger.h: Removed.
* runtime/NumberPrototype.cpp:
(JSC::numberProtoFuncToPrecision):
(JSC::numberProtoFuncToString):
* runtime/Uint16WithFraction.h: Removed.
* wtf/MathExtras.h:
2011-06-30 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=16652
Firefox and JavaScriptCore differ in Number.toString(integer)
Our arbitrary radix (2..36) toString conversion is inaccurate.
This is partly because it uses doubles to perform math that requires
higher accuracy, and partly becasue it does not attempt to correctly
detect where to terminate, instead relying on a simple 'epsilon'.
* runtime/NumberPrototype.cpp:
(JSC::decomposeDouble):
- helper function to extract sign, exponent, mantissa from IEEE doubles.
(JSC::Uint16WithFraction::Uint16WithFraction):
- helper class, u16int with infinite precision fraction, used to convert
the fractional part of the number to a string.
(JSC::Uint16WithFraction::operator*=):
- Multiply by a uint16.
(JSC::Uint16WithFraction::operator<):
- Compare two Uint16WithFractions.
(JSC::Uint16WithFraction::floorAndSubtract):
- Extract the integer portion of the number, and subtract it (clears the integer portion).
(JSC::Uint16WithFraction::comparePoint5):
- Compare to 0.5.
(JSC::Uint16WithFraction::sumGreaterThanOne):
- Passed a second Uint16WithFraction, returns true if the result of adding
the two values would be greater than one.
(JSC::Uint16WithFraction::isNormalized):
- Used by ASSERTs to consistency check internal representation.
(JSC::BigInteger::BigInteger):
- helper class, unbounded integer value, used to convert the integer part
of the number to a string.
(JSC::BigInteger::divide):
- Divide this value through by a uint32.
(JSC::BigInteger::operator!):
- test for zero.
(JSC::toStringWithRadix):
- Performs number to string conversion, with the given radix (2..36).
(JSC::numberProtoFuncToString):
- Changed to use toStringWithRadix.
2011-07-02 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=63866
DFG JIT - implement instanceof
Reviewed by Sam Weinig.
Add ops CheckHasInstance & InstanceOf to implement bytecodes
op_check_has_instance & op_instanceof. This is an initial
functional implementation, performance is a wash. We can
follow up with changes to fuse the InstanceOf node with
a subsequant branch, as we do with other comparisons.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jitAssertIsCell):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::jitAssertIsCell):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-07-01 Oliver Hunt <oliver@apple.com>
IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
https://bugs.webkit.org/show_bug.cgi?id=63732
Reviewed by Gavin Barraclough.
Initialise the memory at the head of the new storage so that
GC is safe if triggered by reportExtraMemoryCost.
* runtime/JSArray.cpp:
(JSC::JSArray::increaseVectorPrefixLength):
2011-07-01 Oliver Hunt <oliver@apple.com>
GC sweep can occur before an object is completely initialised
https://bugs.webkit.org/show_bug.cgi?id=63836
Reviewed by Gavin Barraclough.
In rare cases it's possible for a GC sweep to occur while a
live, but not completely initialised object is on the stack.
In such a case we may incorrectly choose to mark it, even
though it has no children that need marking.
We resolve this by always zeroing out the structure of any
value returned from JSCell::operator new(), and making the
markstack tolerant of a null structure.
* runtime/JSCell.h:
(JSC::JSCell::JSCell::~JSCell):
(JSC::JSCell::JSCell::operator new):
* runtime/Structure.h:
(JSC::MarkStack::internalAppend):
2011-07-01 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG non-speculative JIT always performs slow C calls for div and mod.
https://bugs.webkit.org/show_bug.cgi?id=63684
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
2011-07-01 Juan C. Montemayor <jmont@apple.com>
Reviewed by Oliver Hunt.
Lexer error messages are currently appalling
https://bugs.webkit.org/show_bug.cgi?id=63340
Added error messages for the Lexer. These messages will be displayed
instead of the lexer error messages from the parser that are currently
shown.
* parser/Lexer.cpp:
(JSC::Lexer::getInvalidCharMessage):
(JSC::Lexer::setCode):
(JSC::Lexer::parseString):
(JSC::Lexer::lex):
(JSC::Lexer::clear):
* parser/Lexer.h:
(JSC::Lexer::getErrorMessage):
(JSC::Lexer::setOffset):
* parser/Parser.cpp:
(JSC::Parser::parse):
2011-07-01 Jungshik Shin <jshin@chromium.org>
Reviewed by Alexey Proskuryakov.
Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
build files for ports not using ICU.
Add icu/unicode/uscript.h for ports using ICU. It's taken from
ICU 3.6 (the version used on Mac OS 10.5)
http://bugs.webkit.org/show_bug.cgi?id=20797
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* icu/unicode/uscript.h: Added for UScriptCode enum.
* wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
* wtf/unicode/icu/UnicodeIcu.h:
* wtf/unicode/brew/UnicodeBrew.h:
* wtf/unicode/glib/UnicodeGLib.h:
* wtf/unicode/qt4/UnicodeQt4.h:
* wtf/unicode/wince/UnicodeWinCE.h:
2011-07-01 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=63819
Escaping of forwardslashes in strings incorrect if multiple exist.
The bug is in the parameters passed to a substring - should be
start & length, but we're passing start & end indices!
* runtime/RegExpObject.cpp:
(JSC::regExpObjectSource):
2011-07-01 Adam Roben <aroben@apple.com>
Roll out r90194
http://trac.webkit.org/changeset/90194
https://bugs.webkit.org/show_bug.cgi?id=63778
Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
assertions in WriteBarrierBase<JSC::Structure>::get
* runtime/JSCell.h:
(JSC::JSCell::JSCell::~JSCell):
2011-06-30 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Add optimised paths for a few maths functions
https://bugs.webkit.org/show_bug.cgi?id=63757
Relanding as a Mac only patch.
This adds specialised thunks for Math.abs, Math.round, Math.ceil,
Math.floor, Math.log, and Math.exp as they are apparently more
important in real web content than we thought, which is somewhat
mind-boggling. On average doubles the performance of the common
cases (eg. actually passing numbers in). They're not as efficient
as they could be, but this way gives them the most portability.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsDoubleBitops):
(JSC::MacroAssemblerARM::andnotDouble):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsDoubleBitops):
(JSC::MacroAssemblerARMv7::andnotDouble):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::andnotDouble):
(JSC::MacroAssemblerMIPS::supportsDoubleBitops):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsDoubleBitops):
(JSC::MacroAssemblerSH4::andnotDouble):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::supportsDoubleBitops):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::andnotDouble):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::supportsDoubleBitops):
* assembler/X86Assembler.h:
(JSC::X86Assembler::andnpd_rr):
* create_hash_table:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::finalize):
(JSC::SpecializedThunkJIT::callDoubleToDouble):
* jit/ThunkGenerators.cpp:
(JSC::floorThunkGenerator):
(JSC::ceilThunkGenerator):
(JSC::roundThunkGenerator):
(JSC::expThunkGenerator):
(JSC::logThunkGenerator):
(JSC::absThunkGenerator):
* jit/ThunkGenerators.h:
2011-07-01 David Kilzer <ddkilzer@apple.com>
<http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
Fixes the following build error in clang:
JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
^
( )
fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
tertiary expression evaluate first.
2011-07-01 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r90177 and r90179.
http://trac.webkit.org/changeset/90177
http://trac.webkit.org/changeset/90179
https://bugs.webkit.org/show_bug.cgi?id=63790
It caused crashes on Qt in debug mode (Requested by Ossy on
#webkit).
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::rshift32):
(JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARM::sqrtDouble):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
(JSC::MacroAssemblerARMv7::sqrtDouble):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::sqrtDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::sqrtDouble):
* assembler/MacroAssemblerX86.h:
* assembler/MacroAssemblerX86Common.h:
* assembler/MacroAssemblerX86_64.h:
* assembler/X86Assembler.h:
* create_hash_table:
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::emitLoadDouble):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::finalize):
* jit/ThunkGenerators.cpp:
* jit/ThunkGenerators.h:
2011-06-30 Oliver Hunt <oliver@apple.com>
Reviewed by Beth Dakin.
Make GC validation clear cell structure on destruction
https://bugs.webkit.org/show_bug.cgi?id=63778
* runtime/JSCell.h:
(JSC::JSCell::JSCell::~JSCell):
2011-06-30 Geoffrey Garen <ggaren@apple.com>
Reviewed by Gavin Barraclough.
Added write barrier that was missing from put_by_id_transition
https://bugs.webkit.org/show_bug.cgi?id=63775
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
MacroAssembler& argument so our patching functions could use it.
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCachePutByID): Missing barrier!
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
* jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
because its meaning isn't clear -- maybe in the future we'll have a
clear way to pass all stores through a common function that guarantees
a write barrier, but that's not the case right now.
2011-06-30 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG non-speculative JIT does not reuse registers when compiling comparisons.
https://bugs.webkit.org/show_bug.cgi?id=63565
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
(JSC::DFG::NonSpeculativeJIT::compare):
2011-06-30 Geoffrey Garen <ggaren@apple.com>
Reviewed by Gavin Barraclough.
Added empty write barrier stubs in all the right places in the DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=63764
SunSpider thinks this might be a 0.5% speedup. Meh.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
(JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
for the case where base == scratch, since we now require base and scratch
to be not equal, for the sake of the write barrier.
* dfg/DFGJITCodeGenerator.h: Le stub.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
as the scratch register, since that's incompatible with the write barrier,
which needs a distinct base and scratch.
Do put the global object into a register before loading its var storage,
since it needs to be in a register for the write barrier to operate on it.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitWriteBarrier): Second verse, same as the first.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_scoped_var):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
places.
(JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
is a little more than meaningless.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_scoped_var):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
places.
(JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
is a little more than meaningless.
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
we put the global object in a register and only then load its var storage
by offset.
(JSC::JIT::emitWriteBarrier):
2011-06-30 Oliver Hunt <oliver@apple.com>
Fix ARMv6 build
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::rshift32):
2011-06-30 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Add optimised paths for a few maths functions
https://bugs.webkit.org/show_bug.cgi?id=63757
This adds specialised thunks for Math.abs, Math.round, Math.ceil,
Math.floor, Math.log, and Math.exp as they are apparently more
important in real web content than we thought, which is somewhat
mind-boggling. On average doubles the performance of the common
cases (eg. actually passing numbers in). They're not as efficient
as they could be, but this way gives them the most portability.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::supportsDoubleBitops):
(JSC::MacroAssemblerARM::andnotDouble):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsDoubleBitops):
(JSC::MacroAssemblerARMv7::andnotDouble):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::andnotDouble):
(JSC::MacroAssemblerMIPS::supportsDoubleBitops):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsDoubleBitops):
(JSC::MacroAssemblerSH4::andnotDouble):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::supportsDoubleBitops):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::andnotDouble):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::supportsDoubleBitops):
* assembler/X86Assembler.h:
(JSC::X86Assembler::andnpd_rr):
* create_hash_table:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::finalize):
(JSC::SpecializedThunkJIT::callDoubleToDouble):
* jit/ThunkGenerators.cpp:
(JSC::floorThunkGenerator):
(JSC::ceilThunkGenerator):
(JSC::roundThunkGenerator):
(JSC::expThunkGenerator):
(JSC::logThunkGenerator):
(JSC::absThunkGenerator):
* jit/ThunkGenerators.h:
2011-06-30 Cary Clark <caryclark@google.com>
Reviewed by James Robinson.
Use Skia if Skia on Mac Chrome is enabled
https://bugs.webkit.org/show_bug.cgi?id=62999
* wtf/Platform.h:
Add switch to use Skia if, externally,
Skia has been enabled by a gyp define.
2011-06-30 Juan C. Montemayor <jmont@apple.com>
Reviewed by Geoffrey Garen.
Web Inspector fails to display source for eval with syntax error
https://bugs.webkit.org/show_bug.cgi?id=63583
Web Inspector now displays a link to an eval statement that contains
a syntax error.
* parser/Parser.h:
(JSC::isEvalNode):
(JSC::EvalNode):
(JSC::Parser::parse):
2011-06-30 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
X86Assembler does not encode byte registers in 64-bit mode correctly.
https://bugs.webkit.org/show_bug.cgi?id=63665
* assembler/X86Assembler.h:
(JSC::X86Assembler::testb_rr):
(JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
2011-06-30 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r90102.
http://trac.webkit.org/changeset/90102
https://bugs.webkit.org/show_bug.cgi?id=63714
Lots of tests asserting beneath
SVGSMILElement::findInstanceTime (Requested by aroben on
#webkit).
* wtf/StdLibExtras.h:
(WTF::binarySearch):
2011-06-30 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
Reviewed by Nikolas Zimmermann.
Speed up SVGSMILElement::findInstanceTime.
https://bugs.webkit.org/show_bug.cgi?id=61025
Add a new parameter to StdlibExtras.h::binarySerarch function
to also handle cases when the array does not contain the key value.
This is needed for an svg function.
* wtf/StdLibExtras.h:
(WTF::binarySearch):
2011-06-29 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=63669
DFG JIT - fix spectral-norm regression
The problem is a mis-speculation leading to us falling off the speculative path.
Make the speculation logic slightly smarter, don't predict int if one of the
operands is already loaded as a double (we use this logic already for compares).
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
2011-06-29 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG JIT does not do put_by_id transition caching.
https://bugs.webkit.org/show_bug.cgi?id=63662
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addPropertyAccess):
* dfg/DFGRepatch.cpp:
(JSC::DFG::testPrototype):
(JSC::DFG::tryCachePutByID):
2011-06-29 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Added a dummy write barrier emitting function in all the right places in the old JIT
https://bugs.webkit.org/show_bug.cgi?id=63667
SunSpider reports no change.
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emit_op_put_scoped_var): Do it.
(JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
for the sake of the write barrier.
(JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emit_op_put_scoped_var): Do it.
(JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
for the sake of the write barrier.
(JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
2011-06-29 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG JIT does not perform get_by_id self list caching.
https://bugs.webkit.org/show_bug.cgi?id=63605
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::dfgBuildGetByIDList):
* dfg/DFGRepatch.h:
2011-06-28 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG JIT lacks array.length caching.
https://bugs.webkit.org/show_bug.cgi?id=63505
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::tryAllocate):
(JSC::DFG::JITCodeGenerator::selectScratchGPR):
(JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addPropertyAccess):
(JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
* dfg/DFGRegisterBank.h:
(JSC::DFG::RegisterBank::tryAllocate):
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCacheGetByID):
2011-06-28 Pierre Rossi <pierre.rossi@gmail.com>
Reviewed by Eric Seidel.
Warnings in JSC's JIT on 32 bit
https://bugs.webkit.org/show_bug.cgi?id=63259
Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_method_check):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
2011-06-28 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r89968.
http://trac.webkit.org/changeset/89968
https://bugs.webkit.org/show_bug.cgi?id=63581
Broke chromium windows compile (Requested by jamesr on
#webkit).
* wtf/Platform.h:
2011-06-28 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Fix sampling build
https://bugs.webkit.org/show_bug.cgi?id=63579
Gets opcode sampling building again, doesn't seem to work alas
* bytecode/SamplingTool.cpp:
(JSC::SamplingTool::notifyOfScope):
* bytecode/SamplingTool.h:
(JSC::SamplingTool::SamplingTool):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::enableSampler):
* runtime/Executable.h:
(JSC::ScriptExecutable::ScriptExecutable):
2011-06-28 Cary Clark <caryclark@google.com>
Reviewed by James Robinson.
Use Skia if Skia on Mac Chrome is enabled
https://bugs.webkit.org/show_bug.cgi?id=62999
* wtf/Platform.h:
Add switch to use Skia if, externally,
Skia has been enabled by a gyp define.
2011-06-28 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
ASSERT when launching debug builds with interpreter and jit enabled
https://bugs.webkit.org/show_bug.cgi?id=63566
Add appropriate guards to the various Executable's memory reporting
logic.
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
2011-06-28 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=63563
DFG JIT - add support for double arith to speculative path
Add integer support for div & mod, add double support for div, mod,
add, sub & mul, dynamically selecting based on operand types.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::FPRTemporary::FPRTemporary):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::assembler):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
(JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
(JSC::DFG::SpeculateDoubleOperand::index):
(JSC::DFG::SpeculateDoubleOperand::fpr):
2011-06-28 Oliver Hunt <oliver@apple.com>
Fix interpreter build.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
2011-06-28 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=63561
DFG JIT - don't always assume integer in relational compare
If neither operand is known integer, or either is in double representation,
then at least use a function call (don't bail off the speculative path).
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isDataFormatDouble):
(JSC::DFG::SpeculativeJIT::compareIsInteger):
2011-06-28 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make constant array optimisation less strict about what constitutes a constant
https://bugs.webkit.org/show_bug.cgi?id=63554
Now allow string constants in array literals to actually be considered constant,
and so avoid codegen in array literals with strings in them.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addConstantBuffer):
(JSC::CodeBlock::constantBuffer):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addConstantBuffer):
(JSC::BytecodeGenerator::addStringConstant):
(JSC::BytecodeGenerator::emitNewArray):
* bytecompiler/BytecodeGenerator.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
2011-06-28 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=63560
DFG_JIT allow allocation of specific machine registers
This allow us to allocate the registers necessary to perform x86
idiv instructions for div/mod, and may be useful for shifts, too.
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::GPRTemporary::GPRTemporary):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::allocate):
(JSC::DFG::GPRResult::GPRResult):
* dfg/DFGRegisterBank.h:
(JSC::DFG::RegisterBank::allocateSpecific):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isInteger):
2011-06-28 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=55040
RegExp constructor returns the argument regexp instead of a new object
Per 15.10.3.1, our current behaviour is correct if called as a function,
but incorrect when called as a constructor.
* runtime/RegExpConstructor.cpp:
(JSC::constructRegExp):
(JSC::constructWithRegExpConstructor):
* runtime/RegExpConstructor.h:
2011-06-28 Luke Macpherson <macpherson@chromium.org>
Reviewed by Darin Adler.
Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
https://bugs.webkit.org/show_bug.cgi?id=63469
* wtf/MathExtras.h:
(defaultMinimumForClamp):
Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
(defaultMaximumForClamp):
Symmetric alias for std::numeric_limits::max()
(clampTo):
New templated clamping function that supports arbitrary output types.
(clampToInteger):
Use new clampTo template.
(clampToFloat):
Use new clampTo template.
(clampToPositiveInteger):
Use new clampTo template.
2011-06-28 Adam Roben <aroben@apple.com>
Windows Debug build fix after r89885
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
2011-06-28 Shinya Kawanaka <shinyak@google.com>
Reviewed by Kent Tamura.
Add const to show() method in WTFString and AtomicString.
https://bugs.webkit.org/show_bug.cgi?id=63515
The lack of const in show() method is painful when
doing something like printf-debug.
* wtf/text/AtomicString.cpp:
(WTF::AtomicString::show):
* wtf/text/AtomicString.h:
* wtf/text/WTFString.cpp:
(String::show):
* wtf/text/WTFString.h:
2011-06-27 Ryosuke Niwa <rniwa@webkit.org>
Build fix attempt after r89885.
* JavaScriptCore.exp:
* jsc.cpp:
2011-06-27 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Support throwing away non-running code even while other code is running
https://bugs.webkit.org/show_bug.cgi?id=63485
Add a function to CodeBlock to support unlinking direct linked callsites,
and then with that in place add logic to discard code from any function
that is not currently on the stack.
The unlinking completely reverts any optimized call sites, such that they
may be relinked again in future.
* JavaScriptCore.exp:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::unlinkCalls):
(JSC::CodeBlock::clearEvalCache):
* bytecode/CodeBlock.h:
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::unlink):
* bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::clear):
* heap/Heap.cpp:
(JSC::Heap::getConservativeRegisterRoots):
* heap/Heap.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileOpCall):
* jit/JITWriteBarrier.h:
(JSC::JITWriteBarrierBase::clear):
* jsc.cpp:
(GlobalObject::GlobalObject):
(functionReleaseExecutableMemory):
* runtime/Executable.cpp:
(JSC::EvalExecutable::unlinkCalls):
(JSC::ProgramExecutable::unlinkCalls):
(JSC::FunctionExecutable::discardCode):
(JSC::FunctionExecutable::unlinkCalls):
* runtime/Executable.h:
* runtime/JSGlobalData.cpp:
(JSC::SafeRecompiler::returnValue):
(JSC::SafeRecompiler::operator()):
(JSC::JSGlobalData::releaseExecutableMemory):
2011-06-27 Gavin Barraclough <barraclough@apple.com>
Reviewed by Darin Adler & Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=50554
RegExp.prototype.toString does not escape slashes
The problem here is that we don't escape forwards slashes when converting
a RegExp to a string. This means that RegExp("/").toString() is "///",
which is not a valid RegExp literal. Also, we return an invalid literal
for RegExp.prototype.toString() ("//", which is an empty single-line comment).
From ES5:
"NOTE: The returned String has the form of a RegularExpressionLiteral that
evaluates to another RegExp object with the same behaviour as this object."
* runtime/RegExpObject.cpp:
(JSC::regExpObjectSource):
- Escape forward slashes when getting the source of a RegExp.
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
- Remove unnecessary and erroneous hack to return "//" as the string
representation of RegExp.prototype. This is not a valid RegExp literal
(it is an empty single-line comment).
2011-06-27 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=63497
Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-06-27 Juan C. Montemayor <jmont@apple.com>
Reviewed by Mark Rowe.
Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
https://bugs.webkit.org/show_bug.cgi?id=63392
When both TextPosition.h and XPathGrammar.h are included a compile-error
is caused, since XPathGrammar.h defines a macro called NUMBER and
TextPosition has a typedef named NUMBER.
* wtf/text/TextPosition.h:
(WTF::TextPosition::TextPosition):
(WTF::TextPosition::minimumPosition):
(WTF::TextPosition::belowRangePosition):
2011-06-27 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG JIT does not perform put_by_id caching.
https://bugs.webkit.org/show_bug.cgi?id=63409
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addPropertyAccess):
(JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgRepatchByIdSelfAccess):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::appropriatePutByIdFunction):
(JSC::DFG::tryCachePutByID):
(JSC::DFG::dfgRepatchPutByID):
* dfg/DFGRepatch.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-06-27 Gustavo Noronha Silva <gns@gnome.org>
Unreviewed build fix. One more filed missing during distcheck, for
the MIPS build.
* GNUmakefile.list.am:
2011-06-26 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
https://bugs.webkit.org/show_bug.cgi?id=63347
* dfg/DFGNonSpeculativeJIT.cpp:
- Changed arithmetic operations to speculate in favor of integers.
(JSC::DFG::NonSpeculativeJIT::valueToNumber):
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::basicArithOp):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
* dfg/DFGOperations.cpp:
- Added slow-path routines for arithmetic that perform no speculation; the
non-speculative JIT will generate calls to these in cases where its
speculation fails.
* dfg/DFGOperations.h:
2011-06-24 Nikolas Zimmermann <nzimmermann@rim.com>
Reviewed by Rob Buis.
Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
https://bugs.webkit.org/show_bug.cgi?id=59085
* wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2011-06-24 Michael Saboff <msaboff@apple.com>
Reviewed by Gavin Barraclough.
Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
https://bugs.webkit.org/show_bug.cgi?id=63345
The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
return 9 and 10 bit quantities, therefore changed their return type from
uint8_t to uint16_t. Also casted the places where they are used as they
are currently shifted and used as 7 or 8 bit values.
These methods are currently used for literals for stack offsets,
including creating and destroying stack frames. The prior truncation of
the upper bits caused stack frames to be too small, thus allowing a
JIT'ed function to access and overwrite stack space outside of the
incorrectly sized stack frame.
* assembler/ARMv7Assembler.h:
(JSC::ARMThumbImmediate::getUInt9):
(JSC::ARMThumbImmediate::getUInt10):
(JSC::ARMv7Assembler::add):
(JSC::ARMv7Assembler::ldr):
(JSC::ARMv7Assembler::str):
(JSC::ARMv7Assembler::sub):
(JSC::ARMv7Assembler::sub_S):
2011-06-24 Michael Saboff <msaboff@apple.com>
Reviewed by Geoffrey Garen.
releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
https://bugs.webkit.org/show_bug.cgi?id=63015
Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList(). These
adjustments are a bug. These need to reflect the pages that are released
in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
Made ReleaseFreeList a member of TCMalloc_PageHeap in the process. Updated
Check() and helper method CheckList() to check the number of actual free pages
with free_committed_pages_.
The symptom of the problem of the existing code is that the scavenger may
run unneccesarily without any real work to do, i.e. pages on the free lists.
The scanvenger would also end up freeing too many pages, that is going below
the current 528 target free pages.
Note that the style of the changes was kept consistent with the
existing style.
* wtf/FastMalloc.cpp:
(WTF::TCMalloc_PageHeap::Check):
(WTF::TCMalloc_PageHeap::CheckList):
(WTF::TCMalloc_PageHeap::ReleaseFreeList):
2011-06-24 Abhishek Arya <inferno@chromium.org>
Reviewed by Darin Adler.
Match other clampTo* functions in style with clampToInteger(float)
function.
https://bugs.webkit.org/show_bug.cgi?id=53449
* wtf/MathExtras.h:
(clampToInteger):
(clampToFloat):
(clampToPositiveInteger):
2011-06-24 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r89594.
http://trac.webkit.org/changeset/89594
https://bugs.webkit.org/show_bug.cgi?id=63316
It broke 5 tests on the Qt bot (Requested by Ossy_DC on
#webkit).
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* icu/unicode/uscript.h: Removed.
* wtf/unicode/ScriptCodesFromICU.h: Removed.
* wtf/unicode/brew/UnicodeBrew.h:
* wtf/unicode/glib/UnicodeGLib.h:
* wtf/unicode/icu/UnicodeIcu.h:
* wtf/unicode/qt4/UnicodeQt4.h:
* wtf/unicode/wince/UnicodeWinCE.h:
2011-06-23 Filip Pizlo <fpizlo@apple.com>
Reviewed by Gavin Barraclough.
DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
https://bugs.webkit.org/show_bug.cgi?id=63173
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::cachedGetById):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-06-23 Oliver Hunt <oliver@apple.com>
Fix Qt again.
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::readPointer):
2011-06-23 Oliver Hunt <oliver@apple.com>
Fix Qt Build
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::readPointer):
2011-06-23 Stephanie Lewis <slewis@apple.com>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=63298
Replace Malloc with FastMalloc to match the rest of wtf.
* wtf/BlockStack.h:
(WTF::::~BlockStack):
(WTF::::grow):
(WTF::::shrink):
2011-06-23 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Add the ability to dynamically modify linked call sites
https://bugs.webkit.org/show_bug.cgi?id=63291
Add JITWriteBarrier as a writebarrier class that allows
reading and writing directly into the code stream.
This required adding logic to all the assemblers to allow
us to read values back out of the instruction stream.
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::readPointer):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::readPointer):
(JSC::ARMv7Assembler::readInt32):
(JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
(JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::readPointer):
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::readInt32):
(JSC::MIPSAssembler::readPointer):
* assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodePtr::operator!):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::readPCrelativeAddress):
(JSC::SH4Assembler::readPointer):
(JSC::SH4Assembler::readInt32):
* assembler/X86Assembler.h:
(JSC::X86Assembler::readPointer):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
(JSC::MethodCallLinkInfo::seenOnce):
(JSC::MethodCallLinkInfo::setSeen):
* heap/MarkStack.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
(JSC::JIT::linkCall):
(JSC::JIT::linkConstruct):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::patchMethodCallProto):
* jit/JITPropertyAccess32_64.cpp:
* jit/JITWriteBarrier.h: Added.
(JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
(JSC::JITWriteBarrierBase::operator!):
(JSC::JITWriteBarrierBase::setFlagOnBarrier):
(JSC::JITWriteBarrierBase::isFlagged):
(JSC::JITWriteBarrierBase::setLocation):
(JSC::JITWriteBarrierBase::location):
(JSC::JITWriteBarrierBase::JITWriteBarrierBase):
(JSC::JITWriteBarrierBase::set):
(JSC::JITWriteBarrierBase::get):
(JSC::JITWriteBarrier::JITWriteBarrier):
(JSC::JITWriteBarrier::set):
(JSC::JITWriteBarrier::get):
(JSC::MarkStack::append):
2011-06-23 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=61585
Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
This is due to use of int instead of unsigned, bad math around
the 2^31 boundary.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::ByteCompiler::emitDisjunction):
- Change some uses of int to unsigned, refactor compare logic to
restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generate):
(JSC::Yarr::YarrGenerator::backtrack):
- Ditto.
2011-06-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=63218
DFG JIT - remove machine type guarantees from graph
The DFG JIT currently makes assumptions about the types of machine registers
that certain nodes will be loaded into. This will be broken as we generate
nodes to produce both integer and double code paths. Remove int<->double
conversions nodes. This design decision also gave rise to multiple types of
constant nodes, requiring separate handling for each type. Merge these back
into JSConstant.
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getToInt32):
(JSC::DFG::ByteCodeParser::getToNumber):
(JSC::DFG::ByteCodeParser::toInt32):
(JSC::DFG::ByteCodeParser::toNumber):
(JSC::DFG::ByteCodeParser::isInt32Constant):
(JSC::DFG::ByteCodeParser::isDoubleConstant):
(JSC::DFG::ByteCodeParser::valueOfInt32Constant):
(JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
(JSC::DFG::ByteCodeParser::one):
(JSC::DFG::ByteCodeParser::predictInt32):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::isJSConstant):
(JSC::DFG::JITCodeGenerator::isDoubleConstant):
(JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::fillInt32ToInteger):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::isJSConstant):
(JSC::DFG::JITCompiler::isInt32Constant):
(JSC::DFG::JITCompiler::isDoubleConstant):
(JSC::DFG::JITCompiler::valueOfJSConstant):
(JSC::DFG::JITCompiler::valueOfInt32Constant):
(JSC::DFG::JITCompiler::valueOfDoubleConstant):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::isConstant):
(JSC::DFG::Node::notTakenBytecodeOffset):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::isKnownInteger):
(JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
(JSC::DFG::SpeculativeJIT::compile):
2011-06-23 Jungshik Shin <jshin@chromium.org>
Reviewed by Alexey Proskuryakov.
Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
build files for ports not using ICU.
Add icu/unicode/uscript.h for ports using ICU. It's taken from
ICU 3.6 (the version used on Mac OS 10.5)
http://bugs.webkit.org/show_bug.cgi?id=20797
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* icu/unicode/uscript.h: Added for UScriptCode enum.
* wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
* wtf/unicode/icu/UnicodeIcu.h:
* wtf/unicode/brew/UnicodeBrew.h:
* wtf/unicode/glib/UnicodeGLib.h:
* wtf/unicode/qt4/UnicodeQt4.h:
* wtf/unicode/wince/UnicodeWinCE.h:
2011-06-23 Ryuan Choi <ryuan.choi@samsung.com>
Reviewed by Andreas Kling.
[EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
https://bugs.webkit.org/show_bug.cgi?id=63228
* wtf/Platform.h: Add PLATFORM(EFL) guard.
2011-06-23 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r89547.
http://trac.webkit.org/changeset/89547
https://bugs.webkit.org/show_bug.cgi?id=63252
"Chrmium crash on start" (Requested by yurys on #webkit).
* wtf/DynamicAnnotations.cpp:
(WTFAnnotateBenignRaceSized):
(WTFAnnotateHappensBefore):
(WTFAnnotateHappensAfter):
* wtf/DynamicAnnotations.h:
2011-06-23 Timur Iskhodzhanov <timurrrr@google.com>
Reviewed by David Levin.
Make dynamic annotations weak symbols and prevent identical code folding by the linker
https://bugs.webkit.org/show_bug.cgi?id=62443
* wtf/DynamicAnnotations.cpp:
(WTFAnnotateBenignRaceSized):
(WTFAnnotateHappensBefore):
(WTFAnnotateHappensAfter):
* wtf/DynamicAnnotations.h:
2011-06-22 Yael Aharon <yael.aharon@nokia.com>
Reviewed by Andreas Kling.
[Qt] Add a build flag for building with libxml2 and libxslt.
https://bugs.webkit.org/show_bug.cgi?id=63113
* wtf/Platform.h:
2011-06-22 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r89489.
http://trac.webkit.org/changeset/89489
https://bugs.webkit.org/show_bug.cgi?id=63203
Broke chromium mac build on build.webkit.org (Requested by
abarth on #webkit).
* wtf/Platform.h:
2011-06-22 Cary Clark <caryclark@google.com>
Reviewed by Darin Fisher.
Use Skia if Skia on Mac Chrome is enabled
https://bugs.webkit.org/show_bug.cgi?id=62999
* wtf/Platform.h:
Add switch to use Skia if, externally,
Skia has been enabled by a gyp define.
2011-06-22 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
* interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2011-06-22 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed the conceit that global variables are local variables when running global code
https://bugs.webkit.org/show_bug.cgi?id=63106
This is required for write barrier correctness.
SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
I was able to reduce the regression with a tiny peephole optimization in
the bytecompiler, but not eliminate it. I'm committing this assuming
that turning on generational GC will win back at least 0.5%.
(FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
the global object's var storage. I considered doing the same kind of
optimization in the existing JIT, but it seemed like moving in the wrong
direction.)
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addGlobalVar):
(JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
negative indices, since they're no longer negatively offset from the
current stack frame.
Do give global variables monotonically increasing positive indices, since
that's much easier to work with.
Don't limit the number of optimizable global variables, since it's no
longer limited by the register file, since they're no longer stored in
the register file.
(JSC::BytecodeGenerator::registerFor): Global code never has any local
registers because a var in global code is actually a property of the
global object.
(JSC::BytecodeGenerator::constRegisterFor): Ditto.
(JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
propagation and dead code elimination to speed up our compiles and
reduce WTFs / minute.
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
(JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
global code, since there are none.
(JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
in global code (i.e., global vars), since there are some.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
(JSC::Interpreter::Interpreter):
(JSC::Interpreter::dumpRegisters):
(JSC::Interpreter::execute):
* interpreter/Interpreter.h: Updated for deleted / renamed code.
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::gatherConservativeRoots):
(JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
data members.
* interpreter/RegisterFile.h:
(JSC::RegisterFile::begin):
(JSC::RegisterFile::size):
(JSC::RegisterFile::RegisterFile):
(JSC::RegisterFile::shrink): Removed all code and comments dealing with
global variables stored in the register file.
(JSC::RegisterFile::grow): Updated for same.
Also, a slight correctness fix: Test the VM commit end, and not just the
in-use end, when checking for stack overflow. In theory, it's invalid to
commit past the end of your allocation, even if you never touch that
memory. This makes the usable size of the stack slightly smaller. No test
because we don't know of any case in practice where this crashes.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData): Updated for changes above.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::resizeRegisters):
(JSC::JSGlobalObject::addStaticGlobals):
* runtime/JSGlobalObject.h: Simplified globals to have monotonically
increasing indexes, always located in our external storage.
2011-06-21 MORITA Hajime <morrita@google.com>
Unreviewed, rolling out r89401 and r89403.
http://trac.webkit.org/changeset/89401
http://trac.webkit.org/changeset/89403
https://bugs.webkit.org/show_bug.cgi?id=62970
Breaks mac build and mistakenly enables the spellcheck API
* Configurations/FeatureDefines.xcconfig:
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-06-21 Kent Tamura <tkent@chromium.org>
[Mac] Sort Xcode project files.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-06-20 MORITA Hajime <morrita@google.com>
Reviewed by Kent Tamura.
Spellcheck API should be build-able.
https://bugs.webkit.org/show_bug.cgi?id=62970
No new tests, changing only build related files
* Configurations/FeatureDefines.xcconfig:
2011-06-21 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Moved 'const' off the global-variable-as-local-variable crack pipe
https://bugs.webkit.org/show_bug.cgi?id=63105
This is necessary for moving the rest of the code off of same.
Many problems remain in our handling of const. I have fixed none of them.
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
const to directly implement its unique scoping rules.
* bytecompiler/NodesCodegen.cpp:
(JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
for writing, so we don't overwrite const variables.
(JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
variables are available as local variables, since this won't be the case
once global variables are not available as local variables. Instead, use
put_scoped_var in the case where there is no local variable. Like a local
variable, put_scoped_var succeeds even though const properties are
read-only, since put_scoped_var skips read-only checks. (Yay?)
2011-06-21 Oliver Hunt <oliver@apple.com>
Reviewed by Alexey Proskuryakov.
REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
https://bugs.webkit.org/show_bug.cgi?id=63052
Release mode only failure, the stack overflow guards were getting there error
handling inlined, so that they were essentially causing their own demise.
* parser/JSParser.cpp:
(JSC::JSParser::updateErrorMessage):
(JSC::JSParser::updateErrorWithNameAndMessage):
2011-06-20 Kenneth Russell <kbr@google.com>
Unreviewed.
Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
https://bugs.webkit.org/show_bug.cgi?id=63022
* wtf/Platform.h:
2011-06-18 Anders Carlsson <andersca@apple.com>
Reviewed by Darin Adler.
Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
https://bugs.webkit.org/show_bug.cgi?id=62940
Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
* wtf/PassOwnArrayPtr.h:
(WTF::PassOwnArrayPtr::operator=):
* wtf/PassOwnPtr.h:
(WTF::PassOwnPtr::operator=):
* wtf/PassRefPtr.h:
(WTF::PassRefPtr::operator=):
(WTF::NonNullPassRefPtr::operator=):
2011-06-20 Oliver Hunt <oliver@apple.com>
Reviewed by Darin Adler.
REGRESSION (r79060): Searching for a flight at united.com fails
https://bugs.webkit.org/show_bug.cgi?id=63003
This original change also broke Twitter, and we attempted to refine the fix to
address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
we need to revert the change until we understand the problem better.
* wtf/DateMath.cpp:
(WTF::parseDateFromNullTerminatedCharacters):
2011-06-20 Juan C. Montemayor <jmont@apple.com>
Reviewed by Oliver Hunt.
No context for javascript parse errors.
https://bugs.webkit.org/show_bug.cgi?id=62613
Parse errors now show more details like:
"Unexpected token: ]"
or
"Expected token: while"
For reserved names, numbers, indentifiers, strings, lexer errors,
and EOFs, the following error messages are printed:
"Use of reserved word: super"
"Unexpected number: 42"
"Unexpected identifier: "
"Unexpected string: "foobar""
"Invalid token character sequence: \u4023"
"Unexpected EOF"
* parser/JSParser.cpp:
(JSC::JSParser::consume):
(JSC::JSParser::getToken):
(JSC::JSParser::getTokenName):
(JSC::JSParser::updateErrorMessageSpecialCase):
(JSC::JSParser::updateErrorMessage):
(JSC::JSParser::updateErrorWithNameAndMessage):
(JSC::jsParse):
(JSC::JSParser::JSParser):
(JSC::JSParser::parseProgram):
(JSC::JSParser::parseVarDeclarationList):
(JSC::JSParser::parseForStatement):
(JSC::JSParser::parseBreakStatement):
(JSC::JSParser::parseContinueStatement):
(JSC::JSParser::parseWithStatement):
(JSC::JSParser::parseTryStatement):
(JSC::JSParser::parseStatement):
(JSC::JSParser::parseFormalParameters):
(JSC::JSParser::parseFunctionInfo):
(JSC::JSParser::parseAssignmentExpression):
(JSC::JSParser::parsePrimaryExpression):
(JSC::JSParser::parseMemberExpression):
(JSC::JSParser::parseUnaryExpression):
* parser/JSParser.h:
* parser/Lexer.cpp:
(JSC::Lexer::lex):
* parser/Parser.cpp:
(JSC::Parser::parse):
2011-06-20 Nikolas Zimmermann <nzimmermann@rim.com>
Reviewed by Rob Buis.
Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
https://bugs.webkit.org/show_bug.cgi?id=59085
* wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2011-06-19 Oliver Hunt <oliver@apple.com>
Reviewed by Sam Weinig.
Correct logic for putting errors on the correct line when handling JSONP
https://bugs.webkit.org/show_bug.cgi?id=62962
Minor fix for the minor fix. *sigh*
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
2011-06-19 Oliver Hunt <oliver@apple.com>
Minor fix to correct layout test results.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
2011-06-17 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
JSONP is unnecessarily slow
https://bugs.webkit.org/show_bug.cgi?id=62920
JSONP has unfortunately become a fairly common idiom online, yet
it triggers very poor performance in JSC as we end up doing codegen
for a large number of property accesses that will
* only be run once, so the vast amount of logic we dump to handle
caching of accesses is unnecessary.
* We are doing codegen that is directly proportional to just
creating the object in the first place.
This patch extends the use of the literal parser to JSONP-like structures
in global code, handling a number of different forms I have seen online.
In an extreme case this improves performance of JSONP by more than 2x
due to removal of code generation and execution time, and a few optimisations
that I made to the parser itself.
* API/JSValueRef.cpp:
(JSValueMakeFromJSONString):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
(JSC::Interpreter::execute):
* parser/Lexer.cpp:
(JSC::Lexer::isKeyword):
* parser/Lexer.h:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::tryJSONPParse):
(JSC::LiteralParser::makeIdentifier):
(JSC::LiteralParser::Lexer::lex):
(JSC::LiteralParser::Lexer::next):
(JSC::isSafeStringCharacter):
(JSC::LiteralParser::Lexer::lexString):
(JSC::LiteralParser::Lexer::lexNumber):
(JSC::LiteralParser::parse):
* runtime/LiteralParser.h:
(JSC::LiteralParser::LiteralParser):
(JSC::LiteralParser::tryLiteralParse):
(JSC::LiteralParser::Lexer::Lexer):
2011-06-18 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r89184.
http://trac.webkit.org/changeset/89184
https://bugs.webkit.org/show_bug.cgi?id=62927
It broke 22 tests on all bot (Requested by Ossy_weekend on
#webkit).
* API/JSValueRef.cpp:
(JSValueMakeFromJSONString):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
(JSC::Interpreter::execute):
* parser/Lexer.cpp:
* parser/Lexer.h:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::Lexer::lex):
(JSC::isSafeStringCharacter):
(JSC::LiteralParser::Lexer::lexString):
(JSC::LiteralParser::Lexer::lexNumber):
(JSC::LiteralParser::parse):
* runtime/LiteralParser.h:
(JSC::LiteralParser::LiteralParser):
(JSC::LiteralParser::tryLiteralParse):
(JSC::LiteralParser::Lexer::Lexer):
(JSC::LiteralParser::Lexer::next):
2011-06-17 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
JSONP is unnecessarily slow
https://bugs.webkit.org/show_bug.cgi?id=62920
JSONP has unfortunately become a fairly common idiom online, yet
it triggers very poor performance in JSC as we end up doing codegen
for a large number of property accesses that will
* only be run once, so the vast amount of logic we dump to handle
caching of accesses is unnecessary.
* We are doing codegen that is directly proportional to just
creating the object in the first place.
This patch extends the use of the literal parser to JSONP-like structures
in global code, handling a number of different forms I have seen online.
In an extreme case this improves performance of JSONP by more than 2x
due to removal of code generation and execution time, and a few optimisations
that I made to the parser itself.
* API/JSValueRef.cpp:
(JSValueMakeFromJSONString):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
(JSC::Interpreter::execute):
* parser/Lexer.cpp:
(JSC::Lexer::isKeyword):
* parser/Lexer.h:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/JSONObject.cpp:
(JSC::JSONProtoFuncParse):
* runtime/LiteralParser.cpp:
(JSC::LiteralParser::tryJSONPParse):
(JSC::LiteralParser::makeIdentifier):
(JSC::LiteralParser::Lexer::lex):
(JSC::LiteralParser::Lexer::next):
(JSC::isSafeStringCharacter):
(JSC::LiteralParser::Lexer::lexString):
(JSC::LiteralParser::Lexer::lexNumber):
(JSC::LiteralParser::parse):
* runtime/LiteralParser.h:
(JSC::LiteralParser::LiteralParser):
(JSC::LiteralParser::tryLiteralParse):
(JSC::LiteralParser::Lexer::Lexer):
2011-06-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Moved some property access JIT code into property access JIT files
https://bugs.webkit.org/show_bug.cgi?id=62906
* jit/JITOpcodes.cpp:
* jit/JITOpcodes32_64.cpp:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_get_scoped_var):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_get_global_var):
(JSC::JIT::emit_op_put_global_var):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_scoped_var):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_get_global_var):
(JSC::JIT::emit_op_put_global_var):
2011-06-17 Anders Carlsson <andersca@apple.com>
Build fix.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-06-17 Geoffrey Garen <ggaren@apple.com>
Try to fix the Leopard build?
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-06-16 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Added some write barrier action, compiled out by default
https://bugs.webkit.org/show_bug.cgi?id=62844
* JavaScriptCore.exp: Build!
* JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
issue with Heap.cpp.
* heap/Heap.cpp:
(JSC::Heap::writeBarrierSlowCase):
* heap/Heap.h:
(JSC::Heap::writeBarrier):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::isAtomAligned):
(JSC::MarkedBlock::blockFor):
(JSC::MarkedBlock::atomNumber):
(JSC::MarkedBlock::ownerSetNumber):
(JSC::MarkedBlock::addOldSpaceOwner):
(JSC::MarkedBlock::OwnerSet::OwnerSet):
(JSC::MarkedBlock::OwnerSet::add):
(JSC::MarkedBlock::OwnerSet::clear):
(JSC::MarkedBlock::OwnerSet::size):
(JSC::MarkedBlock::OwnerSet::didOverflow):
(JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
tracks owners for regions within blocks. Currently unused.
2011-06-17 Raphael Kubo da Costa <kubo@profusion.mobi>
Reviewed by Eric Seidel.
[EFL] Add some OwnPtr specializations for EFL types.
For now there are specializations for Ecore_Evas and Evas_Object.
https://bugs.webkit.org/show_bug.cgi?id=62877
* wtf/CMakeListsEfl.txt:
* wtf/OwnPtrCommon.h:
* wtf/efl/OwnPtrEfl.cpp: Added.
(WTF::deleteOwnedPtr):
2011-06-17 Joone Hur <joone.hur@collabora.co.uk>
Reviewed by Martin Robinson.
[GTK] Replace GdkRectangle by cairo_rectangle_int_t
https://bugs.webkit.org/show_bug.cgi?id=60687
Replace GdkRectangle by cairo_rectangle_int_t.
* wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
2011-06-16 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=53014
ES5 strict mode keyword restrictions aren't implemented
The following are future restricted words is strict mode code:
implements, interface, let, package, private, protected, public, static, yield
* parser/JSParser.h:
- Add RESERVED_IF_STRICT token.
* parser/Keywords.table:
- Add new future restricted words.
* parser/Lexer.cpp:
(JSC::Lexer::parseIdentifier):
- Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
(JSC::Lexer::lex):
- Pass strictMode flag to parseIdentifier.
* parser/Lexer.h:
- parseIdentifier needs a strictMode flag.
* runtime/CommonIdentifiers.h:
- Add identifiers for new reserved words.
2011-06-16 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=23611
Multiline Javascript comments cause incorrect parsing of following script.
From the spec:
"A MultiLineComment [is] simply discarded if it contains no line terminator,
but if a MultiLineComment contains one or more line terminators, then it is
replaced with a single line terminator, which becomes part of the stream of
inputs for the syntactic grammar."
This may result in behavioural changes, due to automatic semicolon insertion.
* parser/Lexer.cpp:
(JSC::Lexer::parseMultilineComment):
- Set m_terminator is we see a line terminator in a multiline comment.
2011-06-16 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=62824
DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
CompareEq of non-integer values is the most common cause of speculation failure.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
- Support Equals.
(JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
- new! - peephole optimized Eq of JSValues.
(JSC::DFG::SpeculativeJIT::compile):
- Add peephole optimization for CompareEq.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
- Add support for dead nodes between compare & branch.
(JSC::DFG::SpeculativeJIT::isInteger):
- Added to determine which form of peephole to do in CompareEq.
2011-06-16 Geoffrey Garen <ggaren@apple.com>
Try to fix the Windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
symbol.
* bytecode/EvalCodeCache.h:
* heap/HandleHeap.h:
* heap/HeapRootVisitor.h:
* heap/NewSpace.h:
* runtime/ArgList.h:
* runtime/ScopeChain.h:
* runtime/SmallStrings.h:
* runtime/Structure.h: Stop forward-declaring things that don't really
exist anymore.
2011-06-16 Geoffrey Garen <ggaren@apple.com>
Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
project while crossing my fingers and facing west.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-06-16 Geoffrey Garen <ggaren@apple.com>
Build fix: Removed an incorrect symbol on Windows.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-06-16 Geoffrey Garen <ggaren@apple.com>
Build fix: Removed an accidental commit from the future.
* CMakeLists.txt:
2011-06-16 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Introduced SlotVisitor into the project
https://bugs.webkit.org/show_bug.cgi?id=62820
This resolves a class vs typedef forward declaration issue, and gives all
exported symbols the correct names.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.xcodeproj/project.pbxproj: Build!
* bytecode/EvalCodeCache.h:
* heap/HandleHeap.h:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::markRoots):
* heap/Heap.h:
* heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
clients operate on a MarkStack.
* heap/MarkStack.cpp:
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::drain):
* heap/SlotVisitor.h: Added.
(JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
inheritance to give SlotVisitor all the attributes of MarkStack without
making this change giant. Over time, we will move more behavior into
SlotVisitor and its subclasses.
* heap/MarkStack.h:
* heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
clients operate on a MarkStack.
* runtime/ArgList.h:
* runtime/JSCell.h:
* runtime/JSObject.h:
* runtime/ScopeChain.h:
* runtime/SmallStrings.h:
* runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
clients operate on a MarkStack.
2011-06-15 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Reduce memory usage of resolve_global
https://bugs.webkit.org/show_bug.cgi?id=62765
If we have a large number of resolve_globals in a single
block start planting plain resolve instructions instead
whenever we aren't in a loop. This allows us to reduce
the code size for extremely large functions without
losing the performance benefits of op_resolve_global.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::globalResolveInfoCount):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
(JSC::BytecodeGenerator::emitResolve):
(JSC::BytecodeGenerator::emitResolveWithBase):
* bytecompiler/BytecodeGenerator.h:
2011-06-16 Qi Zhang <qi.2.zhang@nokia.com>
Reviewed by Laszlo Gombos.
[Qt] Fix building with CONFIG(use_system_icu)
https://bugs.webkit.org/show_bug.cgi?id=62744
Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
* wtf/Platform.h:
2011-06-15 Darin Adler <darin@apple.com>
Reviewed by Adam Barth.
Remove obsolete LOOSE_OWN_PTR code
https://bugs.webkit.org/show_bug.cgi?id=59909
The internal Apple dependency on this is gone now.
* wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
set function that takes a raw pointer.
* wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
set functino that takes a raw pointer.
* wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
and assignment operator that takes a nullptr unconditional.
Made constructor that takes a raw pointer private and explicit,
and removed assignment operator that takes a raw pointer.
* wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
unconditional. Made constructor that takes a raw pointer private
and explicit, and removed assignment operator that takes a raw pointer.
2011-06-15 Sam Weinig <sam@webkit.org>
Reviewed by Geoffrey Garen and Gavin Barraclough.
Make access-nseive ~9x faster on the non-speculative path by
adding special casing for doubles that can lossless-ly be converted
to a uint32_t in getByVal and putByVal. This avoids calls to stringification
and the hash lookup. Long term, we should try and get property of a getByVal
and putByVal to be an integer immediate even in the non-speculative path.
* dfg/DFGOperations.cpp:
(JSC::DFG::putByVal):
(JSC::DFG::operationPutByValInternal):
2011-06-15 Oliver Hunt <oliver@apple.com>
Reviewed by Darin Adler.
REGRESSION (r88719): 5by5.tv schedule is not visible
https://bugs.webkit.org/show_bug.cgi?id=62720
Problem here is that the lexer wasn't considering '$' to be
a valid character in an identifier.
* parser/Lexer.h:
(JSC::Lexer::lexExpectIdentifier):
2011-06-15 Oliver Hunt <oliver@apple.com>
Reviewed by Sam Weinig.
Reduce the size of global_resolve
https://bugs.webkit.org/show_bug.cgi?id=62738
Reduce the code size of global_resolve in the JIT by replacing
multiple pointer loads with a single pointer move + two offset
loads.
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_resolve_global):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_resolve_global):
2011-06-14 Geoffrey Garen <ggaren@apple.com>
Reviewed by Dan Bernstein.
Fixed an inavlid ASSERT I found while investigating
<rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
https://bugs.webkit.org/show_bug.cgi?id=62699
No test since we don't know of a way to get WebCore to deallocate the
next-to-finalize handle, which is also the last handle in the list,
while finalizing the second-to-last handle in the list.
* heap/HandleHeap.h:
(JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
non-0 next() after updating it, since it is valid to update m_nextToFinalize
to point to the tail sentinel.
Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
since it is not valid to update m_nextToFinalize to point past the tail
sentinel.
Also, use m_nextToFinalize consistently for clarity.
2011-06-14 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=43841
SegmentedVector::operator== typo
* wtf/SegmentedVector.h:
(WTF::SegmentedVectorIterator::operator==):
(WTF::SegmentedVectorIterator::operator!=):
2011-06-14 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Constant array literals result in unnecessarily large amounts of code
https://bugs.webkit.org/show_bug.cgi?id=62658
Add a new version of op_new_array that simply copies values from a buffer
we hang off of the CodeBlock, rather than generating code to place each
entry into the registerfile, and then copying it from the registerfile into
the array. This is a slight improvement on some sunspider tests, but no
measurable overall change. That's okay though as our goal was to reduce
code size without hurting performance.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addImmediateBuffer):
(JSC::CodeBlock::immediateBuffer):
* bytecode/Opcode.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addImmediateBuffer):
(JSC::BytecodeGenerator::emitNewArray):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ArrayNode::emitBytecode):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_array):
(JSC::JIT::emit_op_new_array_buffer):
* jit/JITOpcodes32_64.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
2011-06-14 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r88841.
http://trac.webkit.org/changeset/88841
https://bugs.webkit.org/show_bug.cgi?id=62672
Caused many tests to crash (Requested by rniwa on #webkit).
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/CodeBlock.h:
* bytecode/Opcode.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitNewArray):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ArrayNode::emitBytecode):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_array):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_new_array):
* jit/JITStubs.cpp:
* jit/JITStubs.h:
2011-06-14 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Constant array literals result in unnecessarily large amounts of code
https://bugs.webkit.org/show_bug.cgi?id=62658
Add a new version of op_new_array that simply copies values from a buffer
we hang off of the CodeBlock, rather than generating code to place each
entry into the registerfile, and then copying it from the registerfile into
the array. This is a slight improvement on some sunspider tests, but no
measurable overall change. That's okay though as our goal was to reduce
code size without hurting performance.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addImmediateBuffer):
(JSC::CodeBlock::immediateBuffer):
* bytecode/Opcode.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addImmediateBuffer):
(JSC::BytecodeGenerator::emitNewArray):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ArrayNode::emitBytecode):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_array):
(JSC::JIT::emit_op_new_array_buffer):
* jit/JITOpcodes32_64.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
2011-06-14 Stephanie Lewis <slewis@apple.com>
Rubber stamped by Oliver Hunt.
<rdar://problem/9511169>
Update order files.
* JavaScriptCore.order:
2011-06-14 Sam Weinig <sam@webkit.org>
Reviewed by Geoffrey Garen.
Fix dumping of constants to have the correct constant number.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
2011-06-14 Benjamin Poulain <benjamin@webkit.org>
Reviewed by Eric Seidel.
KeywordLookupGenerator's Trie does not work with Python 3
https://bugs.webkit.org/show_bug.cgi?id=62635
With Python 3, dict.items() return an iterator. Since the iterator
protocol changed between Python 2 and 3, the easiest way to get the
values is to have something that use the iterator implicitely, like a
for() loop.
* KeywordLookupGenerator.py:
2011-06-13 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Fix llocp and lvalp names in the lexer to something more meaningful
https://bugs.webkit.org/show_bug.cgi?id=62605
A simple rename
* parser/Lexer.cpp:
(JSC::Lexer::parseIdentifier):
(JSC::Lexer::parseString):
(JSC::Lexer::lex):
* parser/Lexer.h:
(JSC::Lexer::lexExpectIdentifier):
2011-06-13 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make it possible to inline the common case of identifier lexing
https://bugs.webkit.org/show_bug.cgi?id=62600
Add a lexing function that expects to lex an "normal" alpha numeric
identifier (that ignores keywords) so it's possible to inline the
common parsing cases. This comes out as a reasonable parsing speed
boost.
* parser/JSParser.cpp:
(JSC::JSParser::nextExpectIdentifier):
(JSC::JSParser::parseProperty):
(JSC::JSParser::parseMemberExpression):
* parser/Lexer.cpp:
* parser/Lexer.h:
(JSC::Lexer::makeIdentifier):
(JSC::Lexer::lexExpectIdentifier):
2011-06-13 Xan Lopez <xlopez@igalia.com>
Reviewed by Martin Robinson.
Distcheck fixes.
* GNUmakefile.am:
* GNUmakefile.list.am:
2011-06-13 Oliver Hunt <oliver@apple.com>
Reviewed by Simon Fraser.
Make it possible to inline Identifier::equal
https://bugs.webkit.org/show_bug.cgi?id=62584
Move Identifier::equal to the Identifier header file.
* runtime/Identifier.cpp:
* runtime/Identifier.h:
(JSC::Identifier::equal):
2011-06-13 Tony Chang <tony@chromium.org>
Reviewed by Dimitri Glazkov.
rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
https://bugs.webkit.org/show_bug.cgi?id=62578
* Configurations/FeatureDefines.xcconfig:
2011-06-13 Tony Chang <tony@chromium.org>
Reviewed by Adam Barth.
rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
https://bugs.webkit.org/show_bug.cgi?id=62545
* Configurations/FeatureDefines.xcconfig:
2011-06-12 Patrick Gansterer <paroga@webkit.org>
Unreviewed. Build fix for !ENABLE(JIT) after r88604.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
2011-06-11 Gavin Barraclough <barraclough@apple.com>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=16777
Remove #define NaN per Darin's comments.
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::parseIntOverflow):
(JSC::parseInt):
(JSC::jsStrDecimalLiteral):
(JSC::jsToNumber):
(JSC::parseFloat):
* wtf/DateMath.cpp:
(WTF::equivalentYearForDST):
(WTF::parseES5DateFromNullTerminatedCharacters):
(WTF::parseDateFromNullTerminatedCharacters):
(WTF::timeClip):
(JSC::parseDateFromNullTerminatedCharacters):
2011-06-11 Gavin Barraclough <barraclough@apple.com>
Rubber stamped by Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=62503
Remove JIT_OPTIMIZE_* switches
The alternative code paths are untested, and not well maintained.
These were useful when there was more churn in the JIT, but now
are a maintenance overhead. Time to move on, removing.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* jit/JIT.cpp:
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
(JSC::JIT::linkConstruct):
* jit/JIT.h:
* jit/JITCall.cpp:
* jit/JITCall32_64.cpp:
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::softModulo):
* jit/JITPropertyAccess.cpp:
* jit/JITPropertyAccess32_64.cpp:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
* wtf/Platform.h:
2011-06-10 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=16777
Eliminate JSC::NaN and JSC::Inf
There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
The ones in std::numeric_limits are perfectly good.
Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
* API/JSCallbackObjectFunctions.h:
(JSC::::toNumber):
* API/JSValueRef.cpp:
(JSValueMakeNumber):
(JSValueToNumber):
* JavaScriptCore.exp:
* runtime/CachedTranscendentalFunction.h:
(JSC::CachedTranscendentalFunction::initialize):
* runtime/DateConstructor.cpp:
(JSC::constructDate):
* runtime/DateInstanceCache.h:
(JSC::DateInstanceData::DateInstanceData):
(JSC::DateInstanceCache::reset):
* runtime/JSCell.cpp:
* runtime/JSCell.h:
(JSC::JSCell::JSValue::getPrimitiveNumber):
(JSC::JSCell::JSValue::toNumber):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::resetDateCache):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncParseInt):
(JSC::globalFuncIsFinite):
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::toNumber):
* runtime/JSValue.cpp:
* runtime/JSValue.h:
* runtime/JSValueInlineMethods.h:
(JSC::jsNaN):
* runtime/MathObject.cpp:
(JSC::mathProtoFuncMax):
(JSC::mathProtoFuncMin):
* runtime/NumberConstructor.cpp:
(JSC::numberConstructorNegInfinity):
(JSC::numberConstructorPosInfinity):
* runtime/NumberPrototype.cpp:
(JSC::numberProtoFuncToExponential):
(JSC::numberProtoFuncToFixed):
(JSC::numberProtoFuncToPrecision):
(JSC::numberProtoFuncToString):
* runtime/UString.cpp:
* wtf/DecimalNumber.h:
(WTF::DecimalNumber::DecimalNumber):
* wtf/dtoa.cpp:
(WTF::dtoa):
2011-06-10 Tony Chang <tony@chromium.org>
Reviewed by Ojan Vafai.
add a compile guard ENABLE(FLEXBOX)
https://bugs.webkit.org/show_bug.cgi?id=62049
* Configurations/FeatureDefines.xcconfig:
2011-06-10 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=55347
"name" and "message" enumerable on *Error.prototype
This arises from chapter 15 of the spec:
"Every other property described in this clause has the attributes
{ [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
unless otherwise specified."
Standardized properties are not enumerable.
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
2011-06-09 Geoffrey Garen <ggaren@apple.com>
Build fix: Corrected header spelling.
* heap/OldSpace.h:
2011-06-09 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Added OldSpace to the project
https://bugs.webkit.org/show_bug.cgi?id=62417
Currently unused.
Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
per-block flag for testing whether you're in NewSpace vs OldSpace.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj: Build!
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::inNewSpace):
(JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
write barrier.
* heap/NewSpace.cpp:
(JSC::NewSpace::addBlock):
(JSC::NewSpace::removeBlock):
* heap/NewSpace.h:
(JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
NewSpace-specific operations.
* heap/OldSpace.cpp: Added.
(JSC::OldSpace::OldSpace):
(JSC::OldSpace::addBlock):
(JSC::OldSpace::removeBlock):
* heap/OldSpace.h: Added.
(JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
Not in use yet.
2011-06-09 Hyowon Kim <hw1008.kim@samsung.com>
Reviewed by Antonio Gomes.
[EFL] Make accelerated compositing build in Webkit-EFL
https://bugs.webkit.org/show_bug.cgi?id=62361
Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
* wtf/Platform.h:
2011-06-09 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
Bug 62405 - Fix integer overflow in Array.prototype.push
Fix geoff's review comments re static_cast.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncPush):
2011-06-09 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Factored MarkedBlock set management into a helper class with a fast case Bloom filter
https://bugs.webkit.org/show_bug.cgi?id=62413
SunSpider reports a small speedup.
This is in preparation for having ConservativeSet operate on arbitrary
sets of MarkedBlocks, and in preparation for conservative scanning
becoming proportionally more important than other GC activities.
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::add):
* heap/ConservativeRoots.h:
(JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
directly, instead of a Heap, so we can operate on subsets of the Heap
instead.
Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
is particularly important since we expect not to find our subject pointer
in the MarkedBlock hash, and hash misses are more expensive than typical
hash lookups because they have high collision rates.
No need for single-pointer add() to be public anymore, since nobody uses it.
* heap/Heap.cpp:
(JSC::Heap::markRoots):
* heap/Heap.h:
(JSC::Heap::forEachCell):
(JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
ConservativeRoots relies on.
Nixed contains(), since nobody uses it anymore.
* heap/MarkedBlock.h:
(WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
the VM layout properties of MarkedBlocks.
* heap/MarkedBlockSet.h: Added.
(JSC::MarkedBlockSet::add):
(JSC::MarkedBlockSet::remove):
(JSC::MarkedBlockSet::recomputeFilter):
(JSC::MarkedBlockSet::filter):
(JSC::MarkedBlockSet::set):
* heap/TinyBloomFilter.h: Added.
(JSC::TinyBloomFilter::TinyBloomFilter):
(JSC::TinyBloomFilter::add):
(JSC::TinyBloomFilter::ruleOut): New helper class, used above.
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::gatherConservativeRoots): No need to specifically
exclude values by tag -- the tiny bloom filter is already a register-register
compare, so adding another "rule out" factor just slows things down.
2011-06-09 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 62405 - Fix integer overflow in Array.prototype.push
There are three integer overflows here, leading to safe (not a security risk)
but incorrect (non-spec-compliant) behaviour.
Two overflows occur when calculating the new length after pushing (one in the
fast version of push in JSArray, one in the generic version in ArrayPrototype).
The other occurs calculating indices to write to when multiple items are pushed.
These errors result in three test-262 failures.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncPush):
* runtime/JSArray.cpp:
(JSC::JSArray::put):
(JSC::JSArray::push):
2011-06-09 Dan Bernstein <mitz@apple.com>
Reviewed by Anders Carlsson.
Add Vector::reverse()
https://bugs.webkit.org/show_bug.cgi?id=62393
* wtf/Vector.h:
(WTF::Vector::reverse): Added
2011-06-08 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Factored a bunch of Heap functionality into stand-alone functors
https://bugs.webkit.org/show_bug.cgi?id=62337
This is in preparation for making these functors operate on arbitrary
sets of MarkedBlocks.
* JavaScriptCore.exp: This file is a small tragedy.
* debugger/Debugger.cpp:
(JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
* heap/HandleHeap.h:
(JSC::HandleHeap::forEachStrongHandle): New function for iterating all
strong handles, so we can play along in the functor game.
* heap/Heap.cpp:
(JSC::CountFunctor::CountFunctor::CountFunctor):
(JSC::CountFunctor::CountFunctor::count):
(JSC::CountFunctor::CountFunctor::returnValue):
(JSC::CountFunctor::ClearMarks::operator()):
(JSC::CountFunctor::ResetAllocator::operator()):
(JSC::CountFunctor::Sweep::operator()):
(JSC::CountFunctor::MarkCount::operator()):
(JSC::CountFunctor::Size::operator()):
(JSC::CountFunctor::Capacity::operator()):
(JSC::CountFunctor::Count::operator()):
(JSC::CountFunctor::CountIfGlobalObject::operator()):
(JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
(JSC::CountFunctor::TakeIfEmpty::operator()):
(JSC::CountFunctor::TakeIfEmpty::returnValue):
(JSC::CountFunctor::RecordType::RecordType):
(JSC::CountFunctor::RecordType::typeName):
(JSC::CountFunctor::RecordType::operator()):
(JSC::CountFunctor::RecordType::returnValue): These functors factor out
behavior that used to be in the functions below.
(JSC::Heap::clearMarks):
(JSC::Heap::sweep):
(JSC::Heap::objectCount):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::protectedGlobalObjectCount):
(JSC::Heap::protectedObjectCount):
(JSC::Heap::protectedObjectTypeCounts):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::resetAllocator):
(JSC::Heap::freeBlocks):
(JSC::Heap::shrink): Factored out behavior into the functors above.
* heap/Heap.h:
(JSC::Heap::forEachProtectedCell):
(JSC::Heap::forEachCell):
(JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
functor-based templates instead of plain iterators because they're simpler
to implement in this case and they require a lot less code at the call site.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
trivial functors.
(JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
we have a few different kind of "for each" now.
* runtime/JSGlobalData.cpp:
(WTF::Recompile::operator()):
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
* runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
2011-06-08 Mikołaj Małecki <m.malecki@samsung.com>
Reviewed by Pavel Feldman.
Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
https://bugs.webkit.org/show_bug.cgi?id=52791
No new tests. The problem can be reproduced by trying to create InspectorValue
from 1.0e-100 and call ->toJSONString() on this.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
export 2 functions DecimalNumber::bufferLengthForStringExponential and
DecimalNumber::toStringExponential.
2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r88404.
http://trac.webkit.org/changeset/88404
https://bugs.webkit.org/show_bug.cgi?id=62342
broke win and mac build (Requested by tony^work on #webkit).
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-06-08 Evan Martin <evan@chromium.org>
Reviewed by Adam Barth.
[chromium] use gyp 'settings' type for settings target
https://bugs.webkit.org/show_bug.cgi?id=62323
The 'settings' gyp target type is for targets that exist solely
for their settings (no build rules). The comment above this target
says it's for this, but it incorrectly uses 'none'.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-06-08 Sailesh Agrawal <sail@chromium.org>
Reviewed by Mihai Parparita.
Chromium Mac: Enable overlay scrollbars
https://bugs.webkit.org/show_bug.cgi?id=59756
Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
* wtf/Platform.h:
2011-06-08 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Add faster lookup cache for multi character identifiers
https://bugs.webkit.org/show_bug.cgi?id=62327
Add a non-hash lookup for mutiple character identifiers. This saves us from
adding repeated identifiers to the ParserArena's identifier list as people
tend to not start all their variables and properties with the same character
and happily identifier locality works in our favour.
* parser/ParserArena.h:
(JSC::IdentifierArena::isEmpty):
(JSC::IdentifierArena::clear):
(JSC::IdentifierArena::makeIdentifier):
2011-06-08 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Took some responsibilities away from NewSpace
https://bugs.webkit.org/show_bug.cgi?id=62325
NewSpace is basically just an allocator now.
Heap acts as a controller, responsible for managing the set of all
MarkedBlocks.
This is in preparation for moving parts of the controller logic into
separate helper classes that can act on arbitrary sets of MarkedBlocks
that may or may not be in NewSpace.
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::destroy):
(JSC::Heap::allocate):
(JSC::Heap::markRoots):
(JSC::Heap::clearMarks):
(JSC::Heap::sweep):
(JSC::Heap::objectCount):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::collect):
(JSC::Heap::resetAllocator):
(JSC::Heap::allocateBlock):
(JSC::Heap::freeBlocks):
(JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
along with all functions that operate on the set of MarkedBlocks. Also
moved responsibility for deciding whether to allocate a new MarkedBlock,
and for allocating it.
* heap/Heap.h:
(JSC::Heap::contains):
(JSC::Heap::forEach): Ditto.
* heap/NewSpace.cpp:
(JSC::NewSpace::addBlock):
(JSC::NewSpace::removeBlock):
(JSC::NewSpace::resetAllocator):
* heap/NewSpace.h:
(JSC::NewSpace::waterMark):
(JSC::NewSpace::allocate): Ditto.
2011-06-08 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Some more MarkedSpace => NewSpace renaming
https://bugs.webkit.org/show_bug.cgi?id=62305
* JavaScriptCore.exp:
* JavaScriptCore.order:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::destroy):
(JSC::Heap::reportExtraMemoryCostSlowCase):
(JSC::Heap::allocate):
(JSC::Heap::markRoots):
(JSC::Heap::objectCount):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::collect):
(JSC::Heap::isValidAllocation):
* heap/Heap.h:
(JSC::Heap::markedSpace):
(JSC::Heap::contains):
(JSC::Heap::forEach):
(JSC::Heap::allocate):
* runtime/JSCell.h:
2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Eric Seidel.
Add export macros to profiler headers.
https://bugs.webkit.org/show_bug.cgi?id=27551
* profiler/Profiler.h:
2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Eric Seidel.
Add export symbols to parser headers.
https://bugs.webkit.org/show_bug.cgi?id=27551
* parser/SourceProviderCache.h:
2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Eric Seidel.
Add export symbols to interpreter headers.
https://bugs.webkit.org/show_bug.cgi?id=27551
* interpreter/Interpreter.h:
2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Eric Seidel.
Add export symbols to debugger headers.
https://bugs.webkit.org/show_bug.cgi?id=27551
* debugger/Debugger.h:
* debugger/DebuggerCallFrame.h:
2011-06-08 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
https://bugs.webkit.org/show_bug.cgi?id=62268
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.h:
* heap/MarkedBlock.h:
* heap/MarkedSpace.cpp: Removed.
* heap/MarkedSpace.h: Removed.
* heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
* heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r88365.
http://trac.webkit.org/changeset/88365
https://bugs.webkit.org/show_bug.cgi?id=62301
windows bots broken (Requested by loislo_ on #webkit).
* JavaScriptCore.exp:
2011-06-08 Ryan Sleevi <rsleevi@chromium.org>
Reviewed by Tony Chang.
Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
Compiling Chromium port under GCC 4.6 produces warnings about nullptr
https://bugs.webkit.org/show_bug.cgi?id=62242
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-06-08 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
Reviewed by Andreas Kling.
Webkit on SPARC Solaris has wrong endian
https://bugs.webkit.org/show_bug.cgi?id=29407
Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
there are more ocurrences of the same code pattern in webkit.
This patch includes the check on these other parts of the code.
This is a speculative fix, I don't have a sparc machine to test and
don't know which kind of test would trigger a crash (but it's quite
obvious that it's the same code duplicated in different files).
* runtime/UString.h:
(JSC::UStringHash::equal):
* wtf/text/StringHash.h:
(WTF::StringHash::equal):
2011-06-08 Yael Aharon <yael.aharon@nokia.com>
Reviewed by Andreas Kling.
[Qt] Build fix for building QtWebKit inside of Qt.
https://bugs.webkit.org/show_bug.cgi?id=62280
Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
into QtWebKit.prl.
No new tests, as this is just a build fix.
* JavaScriptCore.pri:
2011-06-07 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Split 'reset' into 'collect' and 'resetAllocator'
https://bugs.webkit.org/show_bug.cgi?id=62267
* heap/Heap.cpp:
(JSC::Heap::allocate):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
* heap/Heap.h:
* heap/MarkedBlock.h:
(JSC::MarkedBlock::resetAllocator):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::resetAllocator):
* heap/MarkedSpace.h:
(JSC::MarkedSpace::SizeClass::resetAllocator):
2011-06-07 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Renamed some more marks to visits
https://bugs.webkit.org/show_bug.cgi?id=62254
* heap/HandleHeap.cpp:
(JSC::HandleHeap::visitStrongHandles):
(JSC::HandleHeap::visitWeakHandles):
* heap/HandleHeap.h:
* heap/HandleStack.cpp:
(JSC::HandleStack::visit):
* heap/HandleStack.h:
* heap/Heap.cpp:
(JSC::Heap::markProtectedObjects):
(JSC::Heap::markTempSortVectors):
(JSC::Heap::markRoots):
* heap/HeapRootVisitor.h:
(JSC::HeapRootVisitor::visit):
* runtime/ArgList.cpp:
(JSC::MarkedArgumentBuffer::markLists):
2011-06-07 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig
https://bugs.webkit.org/show_bug.cgi?id=55537
Functions claim to have 'callee' which they actually don't (and shouldn't)
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertyNames):
2011-06-07 Juan C. Montemayor <jmont@apple.com>
Reviewed by Darin Adler.
Make JSStaticFunction and JSStaticValue less "const"
https://bugs.webkit.org/show_bug.cgi?id=62222
* API/JSObjectRef.h:
* API/tests/testapi.c:
(checkConstnessInJSObjectNames):
(main):
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-06-07 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=62240
DFG JIT - add support for for-loop array initialization.
Support put by val beyond vector length.
Add a operationPutByValBeyondArrayBounds operation, make
PutValVal call this if the vector length check fails.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
(JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
(JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
(JSC::DFG::JITCodeGenerator::isIntegerConstant):
(JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
2011-06-06 James Simonsen <simonjam@chromium.org>
Reviewed by James Robinson.
Add monotonicallyIncreasingTime() to get monotonically increasing time
https://bugs.webkit.org/show_bug.cgi?id=37743
* wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
(WTF::monotonicallyIncreasingTime):
* wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
2011-06-06 Alexandru Chiculita <achicu@adobe.com>
Reviewed by Kent Tamura.
Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
https://bugs.webkit.org/show_bug.cgi?id=61628
* Configurations/FeatureDefines.xcconfig:
2011-06-06 Mihnea Ovidenie <mihnea@adobe.com>
Reviewed by Kent Tamura.
Add ENABLE(CSS_REGIONS) guard for CSS Regions support
https://bugs.webkit.org/show_bug.cgi?id=61631
* Configurations/FeatureDefines.xcconfig:
2011-06-06 Carlos Garcia Campos <cgarcia@igalia.com>
Unreviewed. Fix the GTK+ build.
* GNUmakefile.am: Add javascriptcore_cflags variable.
2011-06-04 Kevin Ollivier <kevino@theolliviers.com>
[wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
to build on Mac.
* wtf/Platform.h:
2011-06-04 Gustavo Noronha Silva <gns@gnome.org>
Unreviewed, MIPS build fix.
WebKitGTK+ tarball fails to build on MIPS.
https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
* GNUmakefile.list.am: Add missing MIPS-related file to the list
of files that are added to the tarball on make dist, and fix
sorting.
2011-06-04 Sam Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Fix formatting of the output generated by KeywordLookupGenerator.py
https://bugs.webkit.org/show_bug.cgi?id=62083
- Uses correct year for copyright.
- Puts ending brace on same line as "else if"
- Puts starting brace of function on its own line.
- Adds some tasteful whitespace.
- Adds comments to make clear that scopes are ending
- Make macros actually split on two lines.
* KeywordLookupGenerator.py:
2011-06-04 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
KeywordLookupGenerator.py spams stdout in Chromium Linux build
https://bugs.webkit.org/show_bug.cgi?id=62087
This action does not appear to be needed.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-06-03 Oliver Hunt <oliver@apple.com>
Reviewed by Maciej Stachowiak.
Lexer needs to provide Identifier for reserved words
https://bugs.webkit.org/show_bug.cgi?id=62086
Alas it is necessary to provide an Identifier reference for keywords
so that we can do the right thing when they're used in object literals.
We now keep Identifiers for all reserved words in the CommonIdentifiers
structure so that we can access them without a hash lookup.
* KeywordLookupGenerator.py:
* parser/Lexer.cpp:
(JSC::Lexer::parseIdentifier):
* parser/Lexer.h:
* runtime/CommonIdentifiers.cpp:
(JSC::CommonIdentifiers::CommonIdentifiers):
* runtime/CommonIdentifiers.h:
2011-06-03 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Add debug code to break on speculation failures.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGNode.h:
2011-06-03 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=62082
DFG JIT - bug passing arguments that need swap
This is really just a typo.
When setting up the arguments for a call out to a C operation, we'll
fail to swap arguments where this is necessary. For example, in the
case of 2 arg calls, where the first argument is in %rdx & the second
is in %rsi we should swap (exec will be passed in %rdi), but we don't.
This can also affect function calls passing three arguments.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
- Call swap with the correct arguments.
2011-06-03 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Force inlining of some hot lexer functions
https://bugs.webkit.org/show_bug.cgi?id=62079
Fix more GCC stupidity
* parser/Lexer.h:
(JSC::Lexer::isWhiteSpace):
(JSC::Lexer::isLineTerminator):
2011-06-03 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
GCC not inlining some functions that it really should be
https://bugs.webkit.org/show_bug.cgi?id=62075
Add ALWAYS_INLINE to a number of parsing and lexing functions
that should always be inlined. This gets us ~1.4% on my ad hoc
parser test.
* KeywordLookupGenerator.py:
* parser/JSParser.cpp:
(JSC::JSParser::next):
(JSC::JSParser::nextTokenIsColon):
(JSC::JSParser::consume):
(JSC::JSParser::match):
(JSC::JSParser::tokenStart):
(JSC::JSParser::tokenLine):
(JSC::JSParser::tokenEnd):
* parser/Lexer.cpp:
(JSC::isIdentPart):
2011-06-03 Oliver Hunt <oliver@apple.com>
Whoops, fix last minute bug.
* parser/Lexer.cpp:
(JSC::Lexer::parseIdentifier):
2011-06-03 Martin Robinson <mrobinson@igalia.com>
Try to fix the GTK+ build.
* GNUmakefile.am: Clean up some spaces that should be tabs.
* GNUmakefile.list.am: Add KeywordLookup.h to the source list
and clean up some spaces that should be tabs.
2011-06-03 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Improve keyword lookup
https://bugs.webkit.org/show_bug.cgi?id=61913
Rather than doing multiple hash lookups as we currently
do when trying to identify keywords we now use an
automatically generated decision tree (essentially it's
a hard coded patricia trie). We still use the regular
lookup table for the last few characters of an input as
this allows us to completely skip all bounds checks.
* CMakeLists.txt:
* DerivedSources.make:
* DerivedSources.pro:
* GNUmakefile.am:
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* KeywordLookupGenerator.py: Added.
* make-generated-sources.sh:
* parser/Lexer.cpp:
(JSC::Lexer::internalShift):
(JSC::Lexer::shift):
(JSC::Lexer::parseIdentifier):
* parser/Lexer.h:
2011-06-03 Siddharth Mathur <siddharth.mathur@nokia.com>
Reviewed by Benjamin Poulain.
[Qt] Build flag for experimental ICU library support
https://bugs.webkit.org/show_bug.cgi?id=60786
Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental
ICU powered Unicode support.
* JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
* wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE).
2011-06-03 Alexis Menard <alexis.menard@openbossa.org>
Reviewed by Benjamin Poulain.
[Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
https://bugs.webkit.org/show_bug.cgi?id=61957
When building inside the Qt source tree, qmake always append the mkspecs
defines after ours. We have to workaround and make sure that we append
our flags after the qmake variable used inside Qt. This workaround was provided
by our qmake folks. We need to append in both case because qmake behave differently
when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
* JavaScriptCore.pro:
2011-06-02 Jay Civelli <jcivelli@chromium.org>
Reviewed by Adam Barth.
Added a method to generate RFC 2822 compliant date strings.
https://bugs.webkit.org/show_bug.cgi?id=7169
* wtf/DateMath.cpp:
(WTF::twoDigitStringFromNumber):
(WTF::makeRFC2822DateString):
* wtf/DateMath.h:
2011-06-02 Alexis Menard <alexis.menard@openbossa.org>
Reviewed by Andreas Kling.
[Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
https://bugs.webkit.org/show_bug.cgi?id=61957
When building inside the Qt source tree, qmake always append the mkspecs
defines after ours. We have to workaround and make sure that we append
our flags after the qmake variable used inside Qt. This workaround was provided
by our qmake folks.
* JavaScriptCore.pro:
2011-06-01 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Add single character lookup cache to IdentifierArena
https://bugs.webkit.org/show_bug.cgi?id=61879
Add a simple lookup cache for single ascii character
identifiers. Produces around a 2% improvement in parse
time for my adhoc parser test.
* parser/ParserArena.h:
(JSC::IdentifierArena::IdentifierArena):
(JSC::IdentifierArena::clear):
(JSC::IdentifierArena::makeIdentifier):
2011-05-31 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Freezing a function and its prototype causes browser to crash.
https://bugs.webkit.org/show_bug.cgi?id=61758
Make JSObject::preventExtensions virtual so that we can override it
and instantiate all lazy
* JavaScriptCore.exp:
* runtime/JSFunction.cpp:
(JSC::createPrototypeProperty):
(JSC::JSFunction::preventExtensions):
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSFunction.h:
* runtime/JSObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::seal):
(JSC::JSObject::seal):
2011-06-01 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r87788.
http://trac.webkit.org/changeset/87788
https://bugs.webkit.org/show_bug.cgi?id=61856
breaks windows chromium canary (Requested by jknotten on
#webkit).
* wtf/DateMath.cpp:
(WTF::timeClip):
* wtf/DateMath.h:
2011-06-01 Jay Civelli <jcivelli@chromium.org>
Reviewed by Adam Barth.
Added a method to generate RFC 2822 compliant date strings.
https://bugs.webkit.org/show_bug.cgi?id=7169
* wtf/DateMath.cpp:
(WTF::twoDigitStringFromNumber):
(WTF::makeRFC2822DateString):
* wtf/DateMath.h:
2011-05-31 Yong Li <yoli@rim.com>
Reviewed by Eric Seidel.
https://bugs.webkit.org/show_bug.cgi?id=54807
We have been assuming plain bitfields (like "int a : 31") are always signed integers.
However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
rule we should have in order to make our code independent from compilers and compiler flags.
No new test added because this change is not known to fix any issue.
* bytecode/StructureStubInfo.h:
2011-05-30 Hojong Han <hojong.han@samsung.com>
Reviewed by Geoffrey Garen.
[JSC] malfunction during arithmetic condition check with negative number (-2147483648)
https://bugs.webkit.org/show_bug.cgi?id=61416
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::branch32):
* tests/mozilla/ecma/Expressions/11.12-1.js:
(getTestCases):
2011-05-29 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Some heap refactoring
https://bugs.webkit.org/show_bug.cgi?id=61704
SunSpider says no change.
* JavaScriptCore.exp: Export!
* heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
(JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
(JSC::Heap::allocate): Changed inline allocation code to only select the
size class, since this can be optimized out at compile time -- everything
else is now inlined into this out-of-line function.
No need to duplicate ASSERTs made in our caller.
* heap/Heap.h:
(JSC::Heap::heap):
(JSC::Heap::isMarked):
(JSC::Heap::testAndSetMarked):
(JSC::Heap::testAndClearMarked):
(JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
a layer of indirection through MarkedSpace.
(JSC::Heap::allocate): See above.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::create):
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::allocateBlock):
* heap/MarkedSpace.h:
(JSC::MarkedSpace::allocate): Updated to match changes above.
2011-05-28 David Kilzer <ddkilzer@apple.com>
BUILD FIX when building only the interpreter
Fixes the following compiler warning:
JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
void releaseExecutableMemory(JSGlobalData& globalData)
^
* jit/ExecutableAllocator.h: Moved declaration of
JSC::releaseExecutableMemory().
2011-05-28 David Kilzer <ddkilzer@apple.com>
BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::linkCode): Added missing argument.
2011-05-27 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
JS API is too aggressive about throwing exceptions for NULL get or set operations
https://bugs.webkit.org/show_bug.cgi?id=61678
* API/JSCallbackObject.h: Changed our staticValueGetter to a regular
function that returns a JSValue, so it can fail and still forward to
normal property lookup.
* API/JSCallbackObjectFunctions.h:
(JSC::::getOwnPropertySlot): Don't throw an exception when failing to
access a static property -- just forward the access. This allows objects
to observe get/set operations but still let the JS object manage lifetime.
(JSC::::put): Ditto.
(JSC::::getStaticValue): Same as JSCallbackObject.h.
* API/tests/testapi.c:
(MyObject_set_nullGetForwardSet):
* API/tests/testapi.js: Updated tests to reflect slightly less strict
behavior, which matches headerdoc claims.
2011-05-27 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Property caching is too aggressive for API objects
https://bugs.webkit.org/show_bug.cgi?id=61677
* API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
callback APIs allow the client to change its mind about our propertis at
any time.
* API/tests/testapi.c:
(PropertyCatchalls_getProperty):
(PropertyCatchalls_setProperty):
(PropertyCatchalls_getPropertyNames):
(PropertyCatchalls_class):
(main):
* API/tests/testapi.js: Some tests for dynamic API objects.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::tryCachePutByID):
(JSC::Interpreter::tryCacheGetByID):
* jit/JITStubs.cpp:
(JSC::JITThunks::tryCachePutByID):
(JSC::JITThunks::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
requires it.
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::TypeInfo):
(JSC::TypeInfo::isFinal):
(JSC::TypeInfo::prohibitsPropertyCaching):
(JSC::TypeInfo::flags): Added a flag to track opting out of property
caching. Fixed an "&&" vs "&" typo that was previously harmless, but
is now harmful since m_flags2 can have more than one bit set.
2011-05-27 Stephanie Lewis <slewis@apple.com>
Unreviewed.
Fix a typo in the order_file flag.
* Configurations/Base.xcconfig:
2011-05-27 Patrick Gansterer <paroga@webkit.org>
Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
* runtime/JSGlobalData.cpp:
(JSGlobalData::JSGlobalData):
2011-05-27 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Add a few validity assertions to JSCallbackObject
https://bugs.webkit.org/show_bug.cgi?id=61659
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::visitChildren):
2011-05-27 Oliver Hunt <oliver@apple.com>
Build fix
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::invalidateCode):
2011-05-27 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Try to release unused executable memory when the FixedVMPool allocator is under pressure
https://bugs.webkit.org/show_bug.cgi?id=61651
Rather than crashing when full the FixedVMPool allocator now returns a null
allocation. We replace the code that used to CRASH() on null allocations
with logic that asks the provided globalData to release any executable memory
that it can. Currently this just means throwing away all regexp code, but
in future we'll try to be more aggressive.
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::executableCopy):
* assembler/ARMAssembler.h:
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::executableCopy):
* assembler/AssemblerBufferWithConstantPool.h:
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::linkCode):
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::executableCopy):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::executableCopy):
* assembler/X86Assembler.h:
(JSC::X86Assembler::executableCopy):
(JSC::X86Assembler::X86InstructionFormatter::executableCopy):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* jit/ExecutableAllocator.h:
(JSC::ExecutablePool::create):
(JSC::ExecutablePool::alloc):
(JSC::ExecutableAllocator::ExecutableAllocator):
(JSC::ExecutableAllocator::poolForSize):
(JSC::ExecutablePool::ExecutablePool):
(JSC::ExecutablePool::poolAllocate):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolAllocator::alloc):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::finalize):
* jit/ThunkGenerators.cpp:
(JSC::charCodeAtThunkGenerator):
(JSC::charAtThunkGenerator):
(JSC::fromCharCodeThunkGenerator):
(JSC::sqrtThunkGenerator):
(JSC::powThunkGenerator):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::releaseExecutableMemory):
(JSC::releaseExecutableMemory):
* runtime/JSGlobalData.h:
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::invalidateCode):
* runtime/RegExpCache.h:
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::compile):
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Optimized ConservativeSet to avoid double-visiting objects
https://bugs.webkit.org/show_bug.cgi?id=61592
SunSpider thinks this might be a 1% speedup
* heap/ConservativeRoots.h:
(JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting
an object.
* heap/Heap.h:
(JSC::Heap::isMarked):
(JSC::Heap::testAndSetMarked):
(JSC::Heap::testAndClearMarked):
(JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type
to void*, since clients want to ask questions about arbitrary pointers
into the heap, even when they aren't known to be JSCells.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::testAndClearMarked):
* heap/MarkedSpace.h:
(JSC::MarkedSpace::isMarked):
(JSC::MarkedSpace::testAndSetMarked):
(JSC::MarkedSpace::testAndClearMarked):
(JSC::MarkedSpace::setMarked):
(JSC::MarkedSpace::contains): Ditto.
* wtf/Bitmap.h:
(WTF::::testAndClear): New function for ConservativeRoots's inverted
marking pass.
2011-05-27 Stephanie Lewis <slewis@apple.com>
Rubber Stamped by Adam Roben.
Update Order Files. Use -order_file flag since it can order more of the binary.
* Configurations/Base.xcconfig:
* JavaScriptCore.order:
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Renamed heapRootMarker to heapRootVisitor to match its class name
https://bugs.webkit.org/show_bug.cgi?id=61584
* heap/Heap.cpp:
(JSC::Heap::markProtectedObjects):
(JSC::Heap::markTempSortVectors):
(JSC::Heap::markRoots):
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed some interdependency between Heap and SmallStrings by simplifying
the SmallStrings lifetime model
https://bugs.webkit.org/show_bug.cgi?id=61579
SunSpider reports no change.
Using Weak<T> could accomplish this too, but we're not sure it will give
us the performance we need. This is a first step, and it accomplishes
most of the value of using Weak<T>.
* heap/Heap.cpp:
(JSC::Heap::destroy):
(JSC::Heap::markRoots):
(JSC::Heap::reset): Finalize small strings just like other weak handles.
* runtime/SmallStrings.cpp:
(JSC::finalize):
(JSC::SmallStrings::finalizeSmallStrings):
* runtime/SmallStrings.h: Make all small strings trivially weak, instead
of having an "all for one, one for all" memory model.
2011-05-26 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make RegExpCache a weak map
https://bugs.webkit.org/show_bug.cgi?id=61554
Switch to a weak map for the regexp cache, and hide that
behaviour behind RegExp::create.
When a RegExp is compiled it attempts to add itself to
the "strong" cache. This cache is a simple round-robin
buffer as was the old strong cache. Happily this can
be smaller than the old strong cache as RegExps are only
added when they're compiled so it is under less pressure
to evict.
* bytecompiler/NodesCodegen.cpp:
(JSC::RegExpNode::emitBytecode):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::create):
(JSC::RegExp::match):
* runtime/RegExp.h:
(JSC::RegExp::gcShouldInvalidateCode):
(JSC::RegExp::hasCode):
(JSC::RegExp::key):
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::lookupOrCreate):
(JSC::RegExpCache::RegExpCache):
(JSC::RegExpCache::isReachableFromOpaqueRoots):
(JSC::RegExpCache::finalize):
* runtime/RegExpCache.h:
* runtime/RegExpConstructor.cpp:
(JSC::constructRegExp):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncCompile):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Moved Heap-related functions out of JSCell.h and into respective header files
https://bugs.webkit.org/show_bug.cgi?id=61567
* heap/Heap.h:
(JSC::Heap::allocate):
(JSC::Heap::heap):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::allocate):
* heap/MarkedSpace.h:
(JSC::MarkedSpace::sizeClassFor):
(JSC::MarkedSpace::allocate):
* runtime/JSCell.h:
(JSC::JSCell::destructor):
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Try to fix Windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-05-26 Ryosuke Niwa <rniwa@webkit.org>
Reviewed by Eric Seidel.
[debug feature] WTFString should have show() method
https://bugs.webkit.org/show_bug.cgi?id=61149
Added String::show and AtomicString::show in NDEBUG.
* wtf/text/AtomicString.cpp:
(WTF::AtomicString::show):
* wtf/text/AtomicString.h:
* wtf/text/WTFString.cpp:
(String::show):
* wtf/text/WTFString.h:
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Reviewed by Geoffrey Garen.
Factored out some Heap ASSERTs
https://bugs.webkit.org/show_bug.cgi?id=61565
* JavaScriptCore.exp:
* heap/Heap.cpp:
(JSC::isValidSharedInstanceThreadState):
(JSC::isValidThreadState):
(JSC::Heap::markRoots):
(JSC::Heap::isValidAllocation):
* heap/Heap.h:
* runtime/JSCell.h:
(JSC::JSCell::Heap::allocate):
2011-05-26 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=61508
DFG JIT - Add support for get by id self caching.
Change the call out to be an unexpected call (using silent spill/fill functions),
add a structure check & compact load to the JIT code, and add repatching mechanisms.
Since DFGOperations may want to be be implemented in asm, make these symbols be extern
"C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation,
so that it can look up its StructureStubInfo.
* JavaScriptCore.xcodeproj/project.pbxproj:
- Added new files.
* bytecode/StructureStubInfo.h:
- Added 'unset' entries to union.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
- Return the call, we need this to populate the StructureStubInfo.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
- Populate the CodebBlock's StructureStubInfo Vector.
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
- Return the call, we need this to populate the StructureStubInfo.
(JSC::DFG::JITCompiler::addPropertyAccess):
(JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
- Add structures to record property access info during compilation.
* dfg/DFGOperations.cpp:
- Made all external methods extern "C".
(JSC::DFG::operationPutByValInternal):
- Moved outside of the extern "C" block.
* dfg/DFGOperations.h:
- Made all external methods extern "C".
* dfg/DFGRepatch.cpp: Added.
(JSC::DFG::dfgRepatchCall):
- repatch a call to link to a new callee function.
(JSC::DFG::dfgRepatchGetByIdSelf):
- Modify the JIT code to optimize self accesses.
(JSC::DFG::tryCacheGetByID):
- Internal implementation of dfgRepatchGetByID (factor out failing cases).
(JSC::DFG::dfgRepatchGetByID):
- Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses!
* dfg/DFGRepatch.h: Added.
- Expose dfgRepatchGetByID.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Changed implementation of GetById ops.
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedBlock.h:
* wtf/DoublyLinkedList.h:
(WTF::::DoublyLinkedListNode):
(WTF::::setPrev):
(WTF::::setNext):
(WTF::::prev):
(WTF::::next):
(WTF::::DoublyLinkedList):
(WTF::::isEmpty):
(WTF::::size):
(WTF::::clear):
(WTF::::head):
(WTF::::append):
(WTF::::remove):
(WTF::::removeHead):
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Rolled out http://trac.webkit.org/changeset/87408 because it broke the
Windows build.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::setPrev):
(JSC::MarkedBlock::setNext):
(JSC::MarkedBlock::prev):
(JSC::MarkedBlock::next):
* wtf/DoublyLinkedList.h:
(WTF::::DoublyLinkedList):
(WTF::::isEmpty):
(WTF::::head):
(WTF::::append):
(WTF::::remove):
2011-05-26 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Provide a real owner when copying a property table, for the sake of
write barriers.
https://bugs.webkit.org/show_bug.cgi?id=61547
No test because we can't enable the writeBarrier() ASSERT just yet.
* runtime/Structure.cpp:
(JSC::Structure::addPropertyTransition):
2011-05-26 Adam Roben <aroben@apple.com>
Windows build fix after r87346
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match
reality.
2011-05-26 Patrick Gansterer <paroga@webkit.org>
Reviewed by Adam Barth.
ASSERT(isMainThread()) when using single threaded jsc executable
https://bugs.webkit.org/show_bug.cgi?id=60846
Remove the ASSERT since we do not have the concept of MainThread in JSC.
* wtf/CryptographicallyRandomNumber.cpp:
(WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
(WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
2011-05-25 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=61506
Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator
so that they are available to the SpeculativeJIT.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentSpillFPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
(JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
* dfg/DFGNonSpeculativeJIT.h:
2011-05-25 Ryosuke Niwa <rniwa@webkit.org>
An attempt to revive Windows bots.
* runtime/RegExp.cpp:
* runtime/RegExp.h:
2011-05-25 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT
This data structure, used at runtime by the JIT, is currently unnecessarily populated
with default entries during byte compilation.
Aside from meaning that there is JIT specific code in the bytecompiler, this also ties
us to one entry per corresponding bytecode op, which may be undesirable. Instead,
populate this array from the JIT.
The type StructureStubInfo has two unused states, one for gets & one for puts. Unify
these, so that the class can have a default constructor (and to simply switch statements
in code walking over the table).
This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure
to check for functions containing property access. Instead do so in the DFGByteCodeParser.
* bytecode/CodeBlock.cpp:
(JSC::printStructureStubInfo):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::setNumberOfStructureStubInfos):
(JSC::CodeBlock::numberOfStructureStubInfos):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::visitAggregate):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::StructureStubInfo):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitGetById):
(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emit_op_method_check):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::compileGetByIdSlowCase):
(JSC::JIT::emitSlow_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::emit_op_method_check):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::compileGetByIdSlowCase):
* runtime/Executable.cpp:
(JSC::tryDFGCompile):
2011-05-25 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::Call::Call):
(JSC::AbstractMacroAssembler::Call::fromTailJump):
(JSC::AbstractMacroAssembler::Jump::Jump):
(JSC::AbstractMacroAssembler::Jump::link):
(JSC::AbstractMacroAssembler::Jump::linkTo):
(JSC::AbstractMacroAssembler::Jump::isSet):
(JSC::AbstractMacroAssembler::differenceBetween):
(JSC::AbstractMacroAssembler::linkJump):
(JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::link):
(JSC::LinkBuffer::locationOf):
(JSC::LinkBuffer::locationOfNearCall):
(JSC::LinkBuffer::returnAddressOffset):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::linkCall):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::linkCall):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::linkCall):
* assembler/MacroAssemblerSH4.cpp:
(JSC::MacroAssemblerSH4::linkCall):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::linkCall):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::linkCall):
2011-05-25 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=61500
Add JSObject::offsetOfPropertyStorage
* jit/JITPropertyAccess.cpp:
(JSC::JIT::compileGetDirectOffset):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::compilePutDirectOffset):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::compilePutDirectOffset):
(JSC::JIT::compileGetDirectOffset):
* runtime/JSObject.h:
(JSC::JSObject::offsetOfPropertyStorage):
2011-05-25 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make RegExp GC allocated
https://bugs.webkit.org/show_bug.cgi?id=61490
Make RegExp GC allocated. Basically mechanical change to replace
most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
where actual ownership happens.
Made the RegExpCache use Strong<> references currently to avoid any
changes in behaviour.
* JavaScriptCore.exp:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addRegExp):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addRegExp):
(JSC::BytecodeGenerator::emitNewRegExp):
* bytecompiler/BytecodeGenerator.h:
* runtime/JSCell.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::clearBuiltinStructures):
(JSC::JSGlobalData::addRegExpToTrace):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::create):
(JSC::RegExp::invalidateCode):
* runtime/RegExp.h:
(JSC::RegExp::createStructure):
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::lookupOrCreate):
(JSC::RegExpCache::create):
* runtime/RegExpCache.h:
* runtime/RegExpConstructor.cpp:
(JSC::constructRegExp):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
(JSC::RegExpObject::visitChildren):
* runtime/RegExpObject.h:
(JSC::RegExpObject::setRegExp):
(JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
(JSC::regExpProtoFuncCompile):
* runtime/RegExpPrototype.h:
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
2011-05-25 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Generate regexp code lazily
https://bugs.webkit.org/show_bug.cgi?id=61476
RegExp construction now simply validates the RegExp, it does
not perform actual codegen.
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::recompile):
(JSC::RegExp::compile):
(JSC::RegExp::match):
* runtime/RegExp.h:
(JSC::RegExp::recompileIfNecessary):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::performMatch):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::match):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
(JSC::stringProtoFuncSplit):
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Reviewed by Geoffrey Garen.
Removed MarkSetProperties because it was unused
https://bugs.webkit.org/show_bug.cgi?id=61418
* heap/MarkStack.h:
(JSC::MarkSet::MarkSet):
(JSC::MarkStack::append):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.h:
(JSC::JSArray::visitChildrenDirect):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/WriteBarrier.h:
(JSC::MarkStack::appendValues):
2011-05-25 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make allocations with guard pages ensure that the allocation succeeded
https://bugs.webkit.org/show_bug.cgi?id=61453
Add null checks, and make PageBlock's operator bool() use
the realbase, rather than the start of usable memory.
* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveAndCommit):
* wtf/PageBlock.h:
(WTF::PageBlock::operator bool):
(WTF::PageBlock::PageBlock):
2011-04-10 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Eric Seidel.
Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers.
https://bugs.webkit.org/show_bug.cgi?id=27551
* bytecompiler/BytecodeGenerator.h:
2011-05-24 Keishi Hattori <keishi@webkit.org>
Reviewed by Kent Tamura.
Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer.
https://bugs.webkit.org/show_bug.cgi?id=61273
* Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag.
2011-05-24 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Eric Seidel.
Add export macros to WTFString.h.
https://bugs.webkit.org/show_bug.cgi?id=27551
* wtf/text/WTFString.h:
(WTF::String::String):
(WTF::String::findIgnoringCase):
(WTF::String::isHashTableDeletedValue):
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Maybe fix the Mac build now?
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Maybe fix the Mac build?
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Split HeapRootVisitor into its own class
https://bugs.webkit.org/show_bug.cgi?id=61399
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/HandleHeap.cpp:
* heap/HandleStack.cpp:
* heap/Heap.cpp:
* heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h.
* heap/MarkStack.h:
* runtime/ArgList.cpp:
* runtime/SmallStrings.cpp:
2011-05-24 Jay Civelli <jcivelli@chromium.org>
Rubberstamped by David Kilzer.
Updated some files that I forgot in my previous MHTML CL.
* Configurations/FeatureDefines.xcconfig:
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Fix the Mac build: Yes, please do remove these files, svn.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Let's just have one way to get the system page size, bokay?
https://bugs.webkit.org/show_bug.cgi?id=61384
* CMakeListsEfl.txt:
* CMakeListsWinCE.txt:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
is gone completely now, since it only existed to provide a duplicate way
to access the system page size.
* heap/MarkStack.cpp:
(JSC::MarkStack::reset):
* heap/MarkStack.h:
(JSC::::MarkStackArray):
(JSC::::shrinkAllocation): Use WTF::pageSize.
* heap/MarkStackPosix.cpp:
* heap/MarkStackSymbian.cpp:
* heap/MarkStackWin.cpp: Removed now-empty files.
* jit/ExecutableAllocator.cpp:
(JSC::ExecutableAllocator::reprotectRegion):
* jit/ExecutableAllocator.h:
(JSC::ExecutableAllocator::ExecutableAllocator):
(JSC::ExecutablePool::ExecutablePool):
(JSC::ExecutablePool::poolAllocate):
* jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
* wscript: Removed now-empty files.
* wtf/PageBlock.cpp:
(WTF::systemPageSize): Integrated questionable Symbian page size rule
from ExecutableAllocator, because that seems like what the original
author should have done.
2011-05-24 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
https://bugs.webkit.org/show_bug.cgi?id=61385
The interpreter uses the structure slot of get_by_id and put_by_id to hold
the initial structure it encountered so that it can identify whether a
given access is stable.
When marking though we only visit the slot when we've decided to cache, and
so this value could die. This was "safe" as the value was only used for a
pointer compare, but it was incorrect. We now just mark the slot like we
should have been doing already.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitStructures):
2011-05-24 Adam Roben <aroben@apple.com>
Windows build fix
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions.
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Windows build fix: update the #if OS(WINDOWS) section to match my last patch.
* heap/MarkStack.h:
(JSC::::shrinkAllocation):
2011-05-24 Geoffrey Garen <ggaren@apple.com>
Rubber-stamped by Oliver Hunt.
Split out function definitions and class definitions from class
declarations in MarkStack.h, for readability.
* heap/MarkStack.h:
(JSC::MarkStack::MarkStack):
(JSC::MarkStack::~MarkStack):
(JSC::MarkStack::addOpaqueRoot):
(JSC::MarkStack::containsOpaqueRoot):
(JSC::MarkStack::opaqueRootCount):
(JSC::MarkSet::MarkSet):
(JSC::MarkStack::allocateStack):
(JSC::MarkStack::releaseStack):
(JSC::MarkStack::pageSize):
(JSC::::MarkStackArray):
(JSC::::~MarkStackArray):
(JSC::::expand):
(JSC::::append):
(JSC::::removeLast):
(JSC::::last):
(JSC::::isEmpty):
(JSC::::size):
(JSC::::shrinkAllocation):
2011-05-24 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Avoid creating unnecessary identifiers and strings in the syntax checker
https://bugs.webkit.org/show_bug.cgi?id=61378
Selectively tell the lexer that there are some places it does not need to
do the real work of creating Identifiers for IDENT and STRING tokens.
Make parseString and parseIdentifier templatized on whether they should
do real work, or merely validate the tokens.
SunSpider --parse-only reports ~5-8% win depending on hardware.
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createDotAccess):
* parser/JSParser.cpp:
(JSC::JSParser::next):
(JSC::JSParser::consume):
(JSC::JSParser::parseVarDeclarationList):
(JSC::JSParser::parseConstDeclarationList):
(JSC::JSParser::parseExpression):
(JSC::JSParser::parseAssignmentExpression):
(JSC::JSParser::parseConditionalExpression):
(JSC::JSParser::parseBinaryExpression):
(JSC::JSParser::parseProperty):
(JSC::JSParser::parseObjectLiteral):
(JSC::JSParser::parseArrayLiteral):
(JSC::JSParser::parseArguments):
(JSC::JSParser::parseMemberExpression):
* parser/Lexer.cpp:
(JSC::Lexer::parseIdentifier):
(JSC::Lexer::parseString):
(JSC::Lexer::lex):
* parser/Lexer.h:
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createDotAccess):
(JSC::SyntaxChecker::createProperty):
2011-05-23 Michael Saboff <msaboff@apple.com>
Reviewed by Mark Rowe.
Safari often freezes when clicking "Return free memory" in Caches dialog
https://bugs.webkit.org/show_bug.cgi?id=61325
There are two fixes and improvement in instrumentation code used to find
one of the problems.
Changed ReleaseFreeList() to set the "decommitted" bit when releasing
pages to the system and moving Spans from the normal list to the returned
list.
Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
to eliminate an infinite loop if we can't meet the pagesToRelease target.
Added a check for the decommitted bit being set properly in
TCMalloc_PageHeap::CheckList.
* wtf/FastMalloc.cpp:
(WTF::TCMalloc_PageHeap::scavenge):
(WTF::TCMalloc_PageHeap::Check):
(WTF::TCMalloc_PageHeap::CheckList):
(WTF::ReleaseFreeList):
2011-05-23 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=61306
The begin characters optimization currently has issues (#61129),
and does not appear to still be a performance win. The prudent
next step seems to be to disable while we ascertain whether this
is still a useful performance optimization.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::Interpreter::interpret):
* yarr/YarrInterpreter.h:
(JSC::Yarr::BytecodePattern::BytecodePattern):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):
* yarr/YarrPattern.h:
(JSC::Yarr::YarrPattern::reset):
2011-05-23 Matthew Delaney <mdelaney@apple.com>
Reviewed by Simon Fraser.
Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
https://bugs.webkit.org/show_bug.cgi?id=58216
* wtf/MathExtras.h:
(clampToInteger):
(clampToPositiveInteger):
2011-05-23 Ruben <chromium@hybridsource.org>
Reviewed by Tony Chang.
Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
https://bugs.webkit.org/show_bug.cgi?id=61219
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-05-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
Reviewed by Gavin Barraclough.
[SH4] AssemblerLabel does not name a type
https://bugs.webkit.org/show_bug.cgi?id=59927
SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.
* assembler/MacroAssemblerSH4.h:
2011-05-23 Ryuan Choi <ryuan.choi@samsung.com>
Rubber stamped by Eric Seidel.
[CMAKE] Refactoring wtf related code.
https://bugs.webkit.org/show_bug.cgi?id=60146
Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.
* CMakeLists.txt:
* CMakeListsEfl.txt:
* wtf/CMakeLists.txt:
* wtf/CMakeListsEfl.txt:
2011-05-22 Adam Barth <abarth@webkit.org>
Enable strict PassOwnPtr for everyone. I expect this patch will need
some followups to make the GTK and EFL bots green again.
* wtf/PassOwnPtr.h:
2011-05-20 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Reduce size of inline cache path of get_by_id on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=61221
This reduces the code size of get_by_id by 20 bytes
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::ldrCompact):
(JSC::ARMv7Assembler::repatchCompact):
(JSC::ARMv7Assembler::setUInt7ForLoad):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
* jit/JIT.h:
2011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
Reviewed by Oliver Hunt.
Zombies should "live" forever
https://bugs.webkit.org/show_bug.cgi?id=61170
Reusing zombie cells could still hide garbage
collected cell related bugs.
* JavaScriptCore.pro:
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::clearMarks):
* heap/MarkedBlock.h:
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::destroy):
* runtime/JSCell.h:
(JSC::JSCell::JSValue::isZombie):
* runtime/JSZombie.h:
(JSC::JSZombie::~JSZombie):
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
2011-05-20 Brady Eidson <beidson@apple.com>
Reviewed by Sam Weinig.
<rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
Horrendous bug in callOnMainThreadAndWait
* wtf/MainThread.cpp:
(WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
syncFlag condition, reacquire the mutex first.
2011-05-20 Oliver Hunt <oliver@apple.com>
Reviewed by Sam Weinig.
Remove unnecessary double->int conversion at the end of op_div
https://bugs.webkit.org/show_bug.cgi?id=61198
We don't attempt this conversion on 64bit, removing it actually speeds
up sunspider and v8 slightly, and it reduces code size.
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_div):
2011-05-19 Evan Martin <evan@chromium.org>
Reviewed by Tony Chang.
[chromium] remove <(library) variable
https://bugs.webkit.org/show_bug.cgi?id=61158
This was for a build experiment; we can just use the correct value now.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-05-20 Oliver Hunt <oliver@apple.com>
Reviewed by Sam Weinig.
Interpreter uses wrong bytecode offset for determining exception handler
https://bugs.webkit.org/show_bug.cgi?id=61191
The bytecode offset given for the returnPC from the JIT is
actually the offset for the start of the instruction triggering
the call, whereas in the interpreter it is the actual return
VPC. This means if the next instruction following a call was
in an exception region we would incorrectly redirect to its
handler. Long term we want to completely redo how exceptions
are handled anyway so the simplest and lowest risk fix here is
to simply subtract one from the return vPC so that we have an
offset in the triggering instruction.
It turns out this is caught by a couple of tests already.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::unwindCallFrame):
2011-05-20 Xan Lopez <xlopez@igalia.com>
Reviewed by Oliver Hunt.
JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
https://bugs.webkit.org/show_bug.cgi?id=42756
Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
check of the available memory. This should give us an
overcommit-like behavior in most systems, which is what we want.
* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.
2011-05-19 Gabor Loki <loki@webkit.org>
Fix ARM build after r86919
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::nop):
2011-05-19 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Randomise code starting location a little
https://bugs.webkit.org/show_bug.cgi?id=61161
Add a nop() function to the Assemblers so that we
can randomise code offsets slightly at no real cost.
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::nop):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::nop):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::nop):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::nop):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::nop):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::nop):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::nop):
* assembler/X86Assembler.h:
(JSC::X86Assembler::nop):
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompile):
* jit/JIT.h:
* runtime/WeakRandom.h:
(JSC::WeakRandom::getUint32):
2011-05-19 Oliver Hunt <oliver@apple.com>
Fix windows build.
* wtf/OSAllocatorWin.cpp:
(WTF::OSAllocator::reserveUncommitted):
(WTF::OSAllocator::reserveAndCommit):
2011-05-19 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Add guard pages to each end of the memory region used by the fixedvm allocator
https://bugs.webkit.org/show_bug.cgi?id=61150
Add mechanism to notify the OSAllocator that pages at either end of an
allocation should be considered guard pages. Update PageReservation,
PageAllocation, etc to handle this.
* JavaScriptCore.exp:
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
* wtf/OSAllocator.h:
* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveUncommitted):
(WTF::OSAllocator::reserveAndCommit):
* wtf/PageAllocation.h:
(WTF::PageAllocation::PageAllocation):
* wtf/PageAllocationAligned.h:
(WTF::PageAllocationAligned::PageAllocationAligned):
* wtf/PageBlock.h:
(WTF::PageBlock::PageBlock):
* wtf/PageReservation.h:
(WTF::PageReservation::reserve):
(WTF::PageReservation::reserveWithGuardPages):
Add a new function to make a reservation that will add guard
pages to the ends of an allocation.
(WTF::PageReservation::PageReservation):
2011-05-19 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make Executables release their JIT code as soon as they become dead
https://bugs.webkit.org/show_bug.cgi?id=61134
Add an ability to clear an Executable's jit code without requiring
it to be destroyed, and then call that from a finalizer.
* heap/Weak.h:
(JSC::Weak::Weak):
(JSC::Weak::leak):
* jit/JITCode.h:
(JSC::JITCode::clear):
* runtime/Executable.cpp:
(JSC::ExecutableFinalizer::finalize):
(JSC::ExecutableBase::executableFinalizer):
* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::clearExecutableCode):
2011-05-19 Adam Roben <aroben@apple.com>
Remove a redundant and broken data export
Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
to a linker warning about multiple definitions.)
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
2011-05-18 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
https://bugs.webkit.org/show_bug.cgi?id=61064
Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
for its inline storage. This resolves the problem of GC occurring before
a subclass has initialised its anonymous storage.
* runtime/JSObject.h:
2011-05-18 Adam Barth <abarth@webkit.org>
Reviewed by Sam Weinig.
Delete WTFURL
https://bugs.webkit.org/show_bug.cgi?id=61084
It's been a year and we've failed to complete this project. It's time
to throw in the towel.
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/url: Removed.
* wtf/url/api: Removed.
* wtf/url/api/ParsedURL.cpp: Removed.
* wtf/url/api/ParsedURL.h: Removed.
* wtf/url/api/URLString.h: Removed.
* wtf/url/src: Removed.
* wtf/url/src/RawURLBuffer.h: Removed.
* wtf/url/src/URLBuffer.h: Removed.
* wtf/url/src/URLCharacterTypes.cpp: Removed.
* wtf/url/src/URLCharacterTypes.h: Removed.
* wtf/url/src/URLComponent.h: Removed.
* wtf/url/src/URLEscape.cpp: Removed.
* wtf/url/src/URLEscape.h: Removed.
* wtf/url/src/URLParser.h: Removed.
* wtf/url/src/URLQueryCanonicalizer.h: Removed.
* wtf/url/src/URLSegments.cpp: Removed.
* wtf/url/src/URLSegments.h: Removed.
* wtf/url/wtfurl.gyp: Removed.
2011-05-18 Oliver Hunt <oliver@apple.com>
Reviewed by Sam Weinig.
JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
https://bugs.webkit.org/show_bug.cgi?id=61090
Remove the Structure-free JSGlobalObject constructor and instead always
pass the structure into the JSGlobalObject constructor.
Stop DebuggerActivation creating a new structure every time, and simply
use a single shared structure held by the GlobalData.
* API/JSContextRef.cpp:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::DebuggerActivation):
* jsc.cpp:
(GlobalObject::GlobalObject):
(functionRun):
(jscmain):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::clearBuiltinStructures):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.h:
2011-05-18 Oliver Hunt <oliver@apple.com>
Reviewed by Adam Roben.
Disable gc validation in release builds
https://bugs.webkit.org/show_bug.cgi?id=60680
Add back the NDEBUG check
* wtf/Platform.h:
2011-05-17 Geoffrey Garen <ggaren@apple.com>
Rolled out attempts to fix EFL build because they're not enough -- the
build script needs to be fixed.
* runtime/BooleanPrototype.cpp:
* runtime/DateConstructor.cpp:
* runtime/ErrorPrototype.cpp:
2011-05-17 Geoffrey Garen <ggaren@apple.com>
More attempts to work around the EFL build system being borken.
* runtime/DateConstructor.cpp:
* runtime/ErrorPrototype.cpp:
2011-05-17 Geoffrey Garen <ggaren@apple.com>
Try to fix the EFL build.
* runtime/BooleanPrototype.cpp:
2011-05-16 Geoffrey Garen <ggaren@apple.com>
Rolling back in r86653 with build fixed.
Reviewed by Gavin Barraclough and Oliver Hunt.
Global object initialization is expensive
https://bugs.webkit.org/show_bug.cgi?id=60933
Changed a bunch of globals to allocate their properties lazily, and changed
the global object to allocate a bunch of its globals lazily.
This reduces the footprint of a global object from 287 objects with 58
functions for 24K to 173 objects with 20 functions for 15K.
Large patch, but it's all mechanical.
* DerivedSources.make:
* JavaScriptCore.exp: Build!
* create_hash_table: Added a special case for fromCharCode, since it uses
a custom "thunk generator".
* heap/Heap.cpp:
(JSC::TypeCounter::operator()): Fixed a bug where the type counter would
overcount objects that were owned through more than one mechanism because
it was getting in the way of counting the results for this patch.
* interpreter/CallFrame.h:
(JSC::ExecState::arrayConstructorTable):
(JSC::ExecState::arrayPrototypeTable):
(JSC::ExecState::booleanPrototypeTable):
(JSC::ExecState::dateConstructorTable):
(JSC::ExecState::errorPrototypeTable):
(JSC::ExecState::globalObjectTable):
(JSC::ExecState::numberConstructorTable):
(JSC::ExecState::numberPrototypeTable):
(JSC::ExecState::objectPrototypeTable):
(JSC::ExecState::regExpPrototypeTable):
(JSC::ExecState::stringConstructorTable): Added new tables.
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
(JSC::ArrayConstructor::getOwnPropertySlot):
(JSC::ArrayConstructor::getOwnPropertyDescriptor):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::createStructure):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::getOwnPropertySlot):
(JSC::ArrayPrototype::getOwnPropertyDescriptor):
* runtime/ArrayPrototype.h:
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
(JSC::BooleanPrototype::getOwnPropertySlot):
(JSC::BooleanPrototype::getOwnPropertyDescriptor):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::createStructure):
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
(JSC::DateConstructor::getOwnPropertySlot):
(JSC::DateConstructor::getOwnPropertyDescriptor):
* runtime/DateConstructor.h:
(JSC::DateConstructor::createStructure):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
(JSC::ErrorPrototype::getOwnPropertySlot):
(JSC::ErrorPrototype::getOwnPropertyDescriptor):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::createStructure): Standardized these objects
to use static tables for function properties.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h: Added new tables.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::addStaticGlobals):
(JSC::JSGlobalObject::getOwnPropertySlot):
(JSC::JSGlobalObject::getOwnPropertyDescriptor):
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectFunctions.cpp:
* runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
static table for its global functions. This required uninlining some
things to avoid a circular header dependency. However, those things
probably shouldn't have been inlined in the first place.
Even more global object properties can be made lazy, but that requires
more in-depth changes.
* runtime/MathObject.cpp:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getOwnPropertySlot):
(JSC::NumberConstructor::getOwnPropertyDescriptor):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
(JSC::NumberPrototype::getOwnPropertySlot):
(JSC::NumberPrototype::getOwnPropertyDescriptor):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::createStructure):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
(JSC::ObjectPrototype::put):
(JSC::ObjectPrototype::getOwnPropertySlot):
(JSC::ObjectPrototype::getOwnPropertyDescriptor):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::createStructure):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
(JSC::RegExpPrototype::getOwnPropertySlot):
(JSC::RegExpPrototype::getOwnPropertyDescriptor):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::createStructure):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
(JSC::StringConstructor::getOwnPropertySlot):
(JSC::StringConstructor::getOwnPropertyDescriptor):
* runtime/StringConstructor.h:
(JSC::StringConstructor::createStructure): Standardized these objects
to use static tables for function properties.
2011-05-17 Sam Weinig <sam@webkit.org>
Reviewed by Oliver Hunt.
JSGlobalContextRelease should not trigger a synchronous garbage collection
https://bugs.webkit.org/show_bug.cgi?id=60990
* API/JSContextRef.cpp:
Change synchronous call to collectAllGarbage to a call to trigger the
activityCallback.
2011-05-16 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Reduce code size for inline cache
https://bugs.webkit.org/show_bug.cgi?id=60942
This patch introduces the concept of a "compact" address that
allows individual architectures to control the maximum offset
used for the inline path of get_by_id. This reduces the code
size of get_by_id by 3 bytes on x86 and x86_64 and slightly
improves performance on v8 tests.
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::repatchCompact):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::repatchCompact):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
(JSC::AbstractMacroAssembler::differenceBetween):
(JSC::AbstractMacroAssembler::repatchCompact):
* assembler/CodeLocation.h:
(JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
(JSC::CodeLocationCommon::dataLabelCompactAtOffset):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::locationOf):
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::repatchCompact):
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::repatchCompact):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
* assembler/RepatchBuffer.h:
(JSC::RepatchBuffer::repatch):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::repatchCompact):
* assembler/X86Assembler.h:
(JSC::X86Assembler::movl_mr_disp8):
(JSC::X86Assembler::movq_mr_disp8):
(JSC::X86Assembler::repatchCompact):
(JSC::X86Assembler::setInt8):
(JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
(JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
(JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::patchGetByIdSelf):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::patchGetByIdSelf):
* jit/JITStubs.cpp:
(JSC::JITThunks::tryCacheGetByID):
2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r86653.
http://trac.webkit.org/changeset/86653
https://bugs.webkit.org/show_bug.cgi?id=60944
"Caused regressions on Windows, OSX and EFL" (Requested by
yutak on #webkit).
* DerivedSources.make:
* DerivedSources.pro:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* create_hash_table:
* heap/Heap.cpp:
(JSC::TypeCounter::operator()):
* interpreter/CallFrame.h:
(JSC::ExecState::arrayTable):
(JSC::ExecState::numberTable):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::getOwnPropertySlot):
(JSC::ArrayPrototype::getOwnPropertyDescriptor):
* runtime/ArrayPrototype.h:
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
* runtime/DateConstructor.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::addStaticGlobals):
(JSC::JSGlobalObject::getOwnPropertySlot):
(JSC::JSGlobalObject::getOwnPropertyDescriptor):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncJSCPrint):
* runtime/JSGlobalObjectFunctions.h:
* runtime/MathObject.cpp:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getOwnPropertySlot):
(JSC::NumberConstructor::getOwnPropertyDescriptor):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
* runtime/NumberPrototype.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
(JSC::ObjectPrototype::put):
(JSC::ObjectPrototype::getOwnPropertySlot):
* runtime/ObjectPrototype.h:
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/RegExpPrototype.h:
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
* runtime/StringConstructor.h:
2011-05-16 Geoffrey Garen <ggaren@apple.com>
Reviewed by Geoffrey Garen.
Global object initialization is expensive
https://bugs.webkit.org/show_bug.cgi?id=60933
Changed a bunch of globals to allocate their properties lazily, and changed
the global object to allocate a bunch of its globals lazily.
This reduces the footprint of a global object from 287 objects with 58
functions for 24K to 173 objects with 20 functions for 15K.
Large patch, but it's all mechanical.
* DerivedSources.make:
* JavaScriptCore.exp: Build!
* create_hash_table: Added a special case for fromCharCode, since it uses
a custom "thunk generator".
* heap/Heap.cpp:
(JSC::TypeCounter::operator()): Fixed a bug where the type counter would
overcount objects that were owned through more than one mechanism because
it was getting in the way of counting the results for this patch.
* interpreter/CallFrame.h:
(JSC::ExecState::arrayConstructorTable):
(JSC::ExecState::arrayPrototypeTable):
(JSC::ExecState::booleanPrototypeTable):
(JSC::ExecState::dateConstructorTable):
(JSC::ExecState::errorPrototypeTable):
(JSC::ExecState::globalObjectTable):
(JSC::ExecState::numberConstructorTable):
(JSC::ExecState::numberPrototypeTable):
(JSC::ExecState::objectPrototypeTable):
(JSC::ExecState::regExpPrototypeTable):
(JSC::ExecState::stringConstructorTable): Added new tables.
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
(JSC::ArrayConstructor::getOwnPropertySlot):
(JSC::ArrayConstructor::getOwnPropertyDescriptor):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::createStructure):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::getOwnPropertySlot):
(JSC::ArrayPrototype::getOwnPropertyDescriptor):
* runtime/ArrayPrototype.h:
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
(JSC::BooleanPrototype::getOwnPropertySlot):
(JSC::BooleanPrototype::getOwnPropertyDescriptor):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::createStructure):
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
(JSC::DateConstructor::getOwnPropertySlot):
(JSC::DateConstructor::getOwnPropertyDescriptor):
* runtime/DateConstructor.h:
(JSC::DateConstructor::createStructure):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
(JSC::ErrorPrototype::getOwnPropertySlot):
(JSC::ErrorPrototype::getOwnPropertyDescriptor):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::createStructure): Standardized these objects
to use static tables for function properties.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
* runtime/JSGlobalData.h: Added new tables.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::addStaticGlobals):
(JSC::JSGlobalObject::getOwnPropertySlot):
(JSC::JSGlobalObject::getOwnPropertyDescriptor):
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectFunctions.cpp:
* runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
static table for its global functions. This required uninlining some
things to avoid a circular header dependency. However, those things
probably shouldn't have been inlined in the first place.
Even more global object properties can be made lazy, but that requires
more in-depth changes.
* runtime/MathObject.cpp:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::getOwnPropertySlot):
(JSC::NumberConstructor::getOwnPropertyDescriptor):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
(JSC::NumberPrototype::getOwnPropertySlot):
(JSC::NumberPrototype::getOwnPropertyDescriptor):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::createStructure):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
(JSC::ObjectPrototype::put):
(JSC::ObjectPrototype::getOwnPropertySlot):
(JSC::ObjectPrototype::getOwnPropertyDescriptor):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::createStructure):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
(JSC::RegExpPrototype::getOwnPropertySlot):
(JSC::RegExpPrototype::getOwnPropertyDescriptor):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::createStructure):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
(JSC::StringConstructor::getOwnPropertySlot):
(JSC::StringConstructor::getOwnPropertyDescriptor):
* runtime/StringConstructor.h:
(JSC::StringConstructor::createStructure): Standardized these objects
to use static tables for function properties.
2011-05-16 David Kilzer <ddkilzer@apple.com>
<http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
<rdar://problem/9446430>
Reviewed by Mark Rowe.
* Configurations/Base.xcconfig: Fixed typo.
2011-05-16 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
JSWeakObjectMap finalisation may occur while gc is in inconsistent state
https://bugs.webkit.org/show_bug.cgi?id=60908
<rdar://problem/9409491>
We need to ensure that we have called all the weak map finalizers while
the global object (and hence global context) is still in a consistent
state. The best way to achieve this is to simply use a weak handle and
finalizer on the global object.
* JavaScriptCore.exp:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::WeakMapFinalizer::finalize):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::registerWeakMap):
2011-05-16 Siddharth Mathur <siddharth.mathur@nokia.com>
Reviewed by Laszlo Gombos.
[Qt][WK2][Symbian] Shared memory implementation for Symbian
https://bugs.webkit.org/show_bug.cgi?id=55875
* wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users
2011-05-16 Gavin Barraclough <barraclough@apple.com>
Rubber stamped by Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=60866
Evaluation order broken for empty alternatives in subpatterns
Reverting https://bugs.webkit.org/show_bug.cgi?id=51395
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
2011-05-15 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen & Michael Saboff.
https://bugs.webkit.org/show_bug.cgi?id=60860
Simplify backtracking in YARR JIT
YARR JIT currently performs a single pass of code generation over the pattern,
with special handling to allow the code generation for some backtracking code
out of line. We can simplify things by moving to a common mechanism whereby all
forwards matching code is generated in one pass, and all backtracking code is
generated in another. Backtracking code can be generated in reverse order, to
optimized the common fall-through case.
To make it easier to walk over the pattern, we can first convert to a more
byte-code like format before JIT generating. In time we should unify this with
the YARR interpreter to more closely unify the two.
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
(JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
(JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
(JSC::Yarr::YarrGenerator::BacktrackingState::append):
(JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
(JSC::Yarr::YarrGenerator::BacktrackingState::link):
(JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
(JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
(JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
(JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
(JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
(JSC::Yarr::YarrGenerator::generateAssertionBOL):
(JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
(JSC::Yarr::YarrGenerator::generateAssertionEOL):
(JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
(JSC::Yarr::YarrGenerator::matchAssertionWordchar):
(JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
(JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
(JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
(JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
(JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
(JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
(JSC::Yarr::YarrGenerator::generateTerm):
(JSC::Yarr::YarrGenerator::backtrackTerm):
(JSC::Yarr::YarrGenerator::generate):
(JSC::Yarr::YarrGenerator::backtrack):
(JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
(JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
(JSC::Yarr::YarrGenerator::opCompileAlternative):
(JSC::Yarr::YarrGenerator::opCompileBody):
(JSC::Yarr::YarrGenerator::YarrGenerator):
(JSC::Yarr::YarrGenerator::compile):
2011-05-15 Adam Barth <abarth@webkit.org>
Enable strict PassOwnPtr on Qt. (Build fixes to follow.)
* wtf/PassOwnPtr.h:
2011-05-15 Geoffrey Garen <ggaren@apple.com>
Reviewed by Maciej Stachowiak.
Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
in browser than on command line
This patch fixes a few issues in generated code that could unreasonably
prolong object lifetimes.
* heap/Heap.cpp:
(JSC::Heap::collectAllGarbage): Throw away all function code before doing
a major collection. We want to clear polymorphic caches, since they can
keep alive large object graphs that have gone "stale". For the same reason,
but to a lesser extent, we also want to clear linked functions and other
one-off caches.
This has the side-benefit of reducing memory footprint from run-once
functions, and of allowing predictions and caches that have failed to
re-specialize.
Eventually, if compilation costs rise far enough, we may want a more
limited strategy for de-specializing code without throwing it away
completely, but this works for now, and it's the simplest solution.
* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/JITStubs.h:
* runtime/JSFunction.cpp: Made the host function stub cache weak --
otherwise it's effectively a memory leak that can seriously fragment the
GC and JIT heaps.
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::visitChildren): Cleared up some comments that confused
me when working with this code.
2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
This patch makes the checks performed under GC_VALIDATION
much more aggressive, and adds the checks to more places
in order to allow us to catch GC bugs much closer to the
point of failure.
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedSpace.cpp:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSCell.cpp:
(JSC::slowValidateCell):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::unvalidatedStructure):
(JSC::JSCell::JSCell::JSCell):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
(JSC::slowValidateCell):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::JSCell::classInfo):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
* runtime/WriteBarrier.h:
(JSC::validateCell):
(JSC::JSCell):
(JSC::JSGlobalObject):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::setMayBeNull):
(JSC::WriteBarrierBase::setEarlyValue):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::unvalidatedGet):
(JSC::WriteBarrier::WriteBarrier):
* wtf/Assertions.h:
2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
This patch makes the checks performed under GC_VALIDATION
much more aggressive, and adds the checks to more places
in order to allow us to catch GC bugs much closer to the
point of failure.
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedSpace.cpp:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSCell.cpp:
(JSC::slowValidateCell):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::unvalidatedStructure):
(JSC::JSCell::JSCell::JSCell):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
(JSC::slowValidateCell):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::JSCell::classInfo):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
* runtime/WriteBarrier.h:
(JSC::validateCell):
(JSC::JSCell):
(JSC::JSGlobalObject):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::setMayBeNull):
(JSC::WriteBarrierBase::setEarlyValue):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::unvalidatedGet):
(JSC::WriteBarrier::WriteBarrier):
* wtf/Assertions.h:
2011-05-14 Csaba Osztrogonác <ossy@webkit.org>
Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedSpace.cpp:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSCell.cpp:
* runtime/JSCell.h:
(JSC::JSCell::JSCell::JSCell):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
* runtime/JSONObject.h:
(JSC::JSONObject::createStructure):
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::Structure::createStructure):
(JSC::JSCell::classInfo):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrier::WriteBarrier):
* wtf/Assertions.h:
2011-05-13 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make GC validation more aggressive
https://bugs.webkit.org/show_bug.cgi?id=60802
This patch makes the checks performed under GC_VALIDATION
much more aggressive, and adds the checks to more places
in order to allow us to catch GC bugs much closer to the
point of failure.
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* heap/MarkedSpace.cpp:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSCell.cpp:
(JSC::slowValidateCell):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::unvalidatedStructure):
(JSC::JSCell::JSCell::JSCell):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::visitChildren):
(JSC::slowValidateCell):
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::JSCell::classInfo):
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
* runtime/WriteBarrier.h:
(JSC::validateCell):
(JSC::JSCell):
(JSC::JSGlobalObject):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::setMayBeNull):
(JSC::WriteBarrierBase::setEarlyValue):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::unvalidatedGet):
(JSC::WriteBarrier::WriteBarrier):
* wtf/Assertions.h:
2011-05-01 Holger Hans Peter Freyther <holger@moiji-mobile.com>
Reviewed by Steve Block.
[android] OS(ANDROID) does not imply PLATFORM(ANDROID)
https://bugs.webkit.org/show_bug.cgi?id=59888
It is possible to build QtWebKit and others for OS(ANDROID). Let
the buildsystem decide which platform is to be build.
* wtf/Platform.h:
2011-05-12 Maciej Stachowiak <mjs@apple.com>
Reviewed by Darin Adler.
XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
https://bugs.webkit.org/show_bug.cgi?id=59394
This portion of the change introduces a PassTraits template, which
is used to enable takeFirst() to work for a Deque holding OwnPtrs,
and optimize it for a Deque holding RefPtrs. In the future it can
be deployed elsewhere to make our data structures work better with
our smart pointers.
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/Deque.h:
(WTF::::takeFirst):
* wtf/PassTraits.h: Added.
(WTF::PassTraits::transfer):
2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
Not reviewed.
Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
Not reviewed.
String operator+ reallocates unnecessarily when concatting > 2 strings
https://bugs.webkit.org/show_bug.cgi?id=58420
Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
Reviewed by Darin Adler.
String operator+ reallocates unnecessarily when concatting > 2 strings
https://bugs.webkit.org/show_bug.cgi?id=58420
Provide a faster String append operator.
Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
N strings using operator+, this leads to N-1 reallocations.
Replace this with a flexible operator+ implementation, that avoids these reallocations.
When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
creation of the final string, until operator String() is invoked.
template<typename T>
StringAppend<String, T> operator+(const String& string1, T string2)
{
return StringAppend<String, T>(string1, string2);
}
template<typename U, typename V, typename W>
StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
{
return StringAppend<U, StringAppend<V, W> >(string1, string2);
}
When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
a StringAppend<String, StringAppend<String, String> > object.
Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
against too big string allocations, etc.
Note that the second template, defines a recursive way to concat an arbitary number of strings
into a single String with just one allocation.
* GNUmakefile.list.am: Add StringOperators.h to build.
* JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
* JavaScriptCore.gypi: Add StringOperators.h to build.
* JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
* JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
* wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
* wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
* wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
(WTF::StringAppend::StringAppend):
(WTF::StringAppend::operator String):
(WTF::StringAppend::operator AtomicString):
(WTF::StringAppend::writeTo):
(WTF::StringAppend::length):
(WTF::operator+):
* wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append().
(WTF::emptyString): Add new shared empty string free function.
* wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
2011-05-12 Philippe Normand <pnormand@igalia.com>
Unreviewed, GTK build fix.
* wtf/Platform.h:
2011-05-12 Keith Kyzivat <keith.kyzivat@nokia.com>
Reviewed by Csaba Osztrogonác.
[Qt] Arm debug build failing on ARMAssembler::debugOffset()
https://bugs.webkit.org/show_bug.cgi?id=60688
Related to svn rev 85523
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::debugOffset):
2011-05-11 Igor Oliveira <igor.oliveira@openbossa.org>
Reviewed by Eric Seidel.
WebKit does not build with GCCE
https://bugs.webkit.org/show_bug.cgi?id=60667
Allow compile WebKit with GCCE
* wtf/Alignment.h:
* wtf/Platform.h:
2011-05-11 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Enable strict PassOwnPtr on Mac
https://bugs.webkit.org/show_bug.cgi?id=60684
This should build cleanly now.
* wtf/PassOwnPtr.h:
2011-05-11 Oliver Hunt <oliver@apple.com>
Reviewed by Darin Adler.
Protect JSC from WebCore executing JS during JS wrapper finalization
https://bugs.webkit.org/show_bug.cgi?id=60672
<rdar://problem/9350997>
Detect when we're trying to execute JS during GC and prevent the
execution from happening. We also assert that this isn't happening
as it implies incorrect behaviour of an object's destructor.
* JavaScriptCore.exp:
* heap/Heap.cpp:
* heap/Heap.h:
(JSC::Heap::isBusy):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::isCollectorBusy):
2011-05-11 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Enable gc mark validation in temporarily in release builds
https://bugs.webkit.org/show_bug.cgi?id=60678
Make it easier to turn the gc mark validation on and off, and
temporarily turn it on for all builds.
* heap/MarkStack.cpp:
* heap/MarkStack.h:
(JSC::MarkStack::append):
(JSC::MarkStack::internalAppend):
* runtime/WriteBarrier.h:
(JSC::MarkStack::appendValues):
* wtf/Platform.h:
2011-05-11 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
<rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
SunSpider reports no change.
This bug was caused by changing Structure and Executable to being GC
objects, and by a long-standing bug that would thrash the global object
between dictionary and non-dictionary states.
* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
eagerly transition to dictionary -- this can cause pathological dictionary
churn, and it's not necessary, since objects know how to automatically
transition to dictionary when necessary.
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
extra cost from compilation, because it can be quite high. This is especially
important for program code, since DOM timers can repeatedly allocate
program code without allocating any other objects.
* runtime/JSObject.cpp:
(JSC::JSObject::removeDirect): Don't transition to the uncacheable state
if the thing we're trying to remove doesn't exist. This can happen during
compilation, since the compiler needs to ensure that no pre-existing
conflicting definitions exist for certain declarations.
2011-05-11 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make mark stack validation functions do something useful in a release build
https://bugs.webkit.org/show_bug.cgi?id=60645
Turn ASSERTs into actual if(...) CRASH(); statements.
* heap/MarkStack.cpp:
(JSC::MarkStack::validateValue):
2011-05-11 Xan Lopez <xlopez@igalia.com>
Reviewed by Martin Robinson.
Fix copy&paste error in comment.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator): the value is stored in
regT2, not regT1.
2011-05-11 Adam Roben <aroben@apple.com>
WinCE build fixes for strict PassOwnPtr
* wtf/unicode/CollatorDefault.cpp:
(WTF::Collator::userDefault): Use adoptPtr.
2011-05-11 Holger Hans Peter Freyther <holger@moiji-mobile.com>
Unreviewed build fix.
[MIPS] Fix compilation of the MIPS JIT
Include the MIPSAssembler.h first to indirectly include
AssemblerBuffer.h before the AbstractMacroAssembler.h. This
order is used for the ARM and X86 MacroAssembler*.h
* assembler/MacroAssemblerMIPS.h:
2011-05-11 Adam Roben <aroben@apple.com>
Turn on strict PassOwnPtr on Windows
Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled
Reviewed by Adam Barth.
* wtf/PassOwnPtr.h:
2011-05-10 Stephanie Lewis <slewis@apple.com>
Unreviewed.
Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130
* Configurations/JavaScriptCore.xcconfig:
2011-05-10 Adam Barth <abarth@webkit.org>
Reviewed by David Levin.
Enable strict PassOwnPtr on Chromium
https://bugs.webkit.org/show_bug.cgi?id=60502
Other platforms to follow.
* wtf/PassOwnPtr.h:
2011-05-10 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
https://bugs.webkit.org/show_bug.cgi?id=60532
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.xcodeproj/project.pbxproj: Build!
* heap/Handle.h: Moved HandleTypes to its own header because that's the
WebKit style, and it was necessary to resolve a circular dependency
between Handle.h and WriteBarrier.h.
* heap/Heap.h:
(JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
verify that all the code is in the right place.
* heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
resolve a circular dependency.
* runtime/ArgList.h:
* runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
free anymore.
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
function, now that it exists.
* runtime/SmallStrings.h: Removed a stray #include to resolve a circular
dependency.
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::set):
(JSC::MarkStack::append):
(JSC::MarkStack::appendValues): Updated to match the changes above.
2011-05-10 Oliver Hunt <oliver@apple.com>
Build fix.
* heap/MarkStack.cpp:
(JSC::MarkStack::validateValue):
2011-05-10 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Add some aggressive GC validation to debug builds.
https://bugs.webkit.org/show_bug.cgi?id=60601
When assertions are enabled we now do some validity checking
of objects being added to the mark stack.
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
(JSC::PolymorphicAccessStructureList::visitAggregate):
* heap/MarkStack.cpp:
(JSC::MarkStack::validateSet):
(JSC::MarkStack::validateValue):
* heap/MarkStack.h:
(JSC::MarkStack::appendValues):
(JSC::MarkStack::append):
(JSC::MarkStack::internalAppend):
2011-05-09 Darin Adler <darin@apple.com>
Reviewed by Oliver Hunt.
http://bugs.webkit.org/show_bug.cgi?id=60509
Wrong type used for return value from strlen
* wtf/FastMalloc.cpp:
(WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
fastMalloc won't return if it fails.
2011-05-09 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
CSP should block Function constructor
https://bugs.webkit.org/show_bug.cgi?id=60240
When eval is disabled, we need to block the use of the function
constructor. However, the WebCore JSC bindings call the function
constructor directly to create inline event listeners. To support that
use, this patch adds an entrypoint that bypasses the check for whether
eval is enabled.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/FunctionConstructor.h:
2011-05-09 Adam Roben <aroben@apple.com>
Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes
Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
WebKit1 IDL file changes to avoid build errors
Reviewed by Tim Hatcher.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
Updated for script rename.
* JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
from react-to-vsprops-changes.py.
(top level): Moved a constant here from main.
(main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
react_to_webkit1_interface_changes function.
(react_to_vsprops_changes): Moved code here from main. Updated to use the
TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
and touch_if_older_than.
(react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
file has changed.
(mtime_of_newest_file_matching_glob): Added. Code came from main.
(touch_if_older_than): Added. Code came from main.
2011-05-08 Jessie Berlin <jberlin@apple.com>
Reviewed by Dan Bernstein.
Make JSRetainPtr work with JSGlobalContextRefs.
https://bugs.webkit.org/show_bug.cgi?id=60452
Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.
* API/JSRetainPtr.h:
(JSRetain):
(JSRelease):
2011-05-07 Dawit Alemayehu <adawit@kde.org>
Reviewed by Daniel Bates.
Fix compile with GCC 4.6.0
https://bugs.webkit.org/show_bug.cgi?id=60380
Remove unused local variable from code.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
2011-05-06 Alexis Menard <alexis.menard@openbossa.org>
Unreviewed build fix with gcc 4.6.0 on linux and c++0x support.
std::tr1::has_trivial_constructor is in <tr1/memory>.
* wtf/TypeTraits.h:
2011-05-05 Jay Civelli <jcivelli@chromium.org>
Reviewed by Adam Barth.
Added convenience methods to convert from a byte to hex ASCII digit
characters and vice-versa.
https://bugs.webkit.org/show_bug.cgi?id=59834
* wtf/ASCIICType.h:
(WTF::toASCIIHexValue):
(WTF::lowerNibbleToASCIIHexDigit):
(WTF::upperNibbleToASCIIHexDigit):
2011-05-05 Alexis Menard <alexis.menard@openbossa.org>
Reviewed by Benjamin Poulain.
[Qt] Make QtWebKit build when using gcc 4.6.0
https://bugs.webkit.org/show_bug.cgi?id=60265
If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate
the c++0x support because it works.
* JavaScriptCore.pro:
2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
Reviewed by Geoffrey Garen.
Port MachineStackMarker.cpp to Windows x64
https://bugs.webkit.org/show_bug.cgi?id=60216
* heap/MachineStackMarker.cpp:
(JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also
on 64-bit Windows.
(JSC::otherThreadStackPointer): return the Rsp register on Windows x64.
2011-05-04 Fridrich Strba <fridrich.strba@bluewin.ch>
Reviewed by Martin Robinson.
Link libjavascriptcoregtk on Windows with winmm.dll
https://bugs.webkit.org/show_bug.cgi?id=60215
* GNUmakefile.am:
2011-05-04 Tao Bai <michaelbai@chromium.org>
Reviewed by David Kilzer.
Populate touch-icon url to FrameLoaderClient
https://bugs.webkit.org/show_bug.cgi?id=59143
* Configurations/FeatureDefines.xcconfig:
2011-05-03 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
<rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
code that accidentally survived the conversion to a switch statement,
causing a lot of important code not to run most of the time.
Since this is not a trivial finger-picking mistake, I will not call it a
typo.
2011-05-04 Adam Roben <aroben@apple.com>
Another attempted build fix
* wtf/OwnPtr.h:
(WTF::OwnPtr::operator==):
(WTF::OwnPtr::operator!=):
* wtf/PassOwnPtr.h:
(WTF::PassOwnPtr::operator==):
(WTF::PassOwnPtr::operator!=):
Added a return statement. And made a tweak based on a suggestion from Anders Carlsson.
2011-05-04 Adam Roben <aroben@apple.com>
Try to fix Leopard, Qt, and probably others
* wtf/OwnPtr.h:
(WTF::OwnPtr::operator==):
(WTF::OwnPtr::operator!=):
* wtf/PassOwnPtr.h:
(WTF::PassOwnPtr::operator==):
(WTF::PassOwnPtr::operator!=):
Try to get the compiler not to instantiate these function templates unnecessarily.
2011-05-03 Adam Roben <aroben@apple.com>
Disallow equality comparisons between [Pass]OwnPtrs
If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something
really sneaky, in which case you should stop!)
Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error
Reviewed by Anders Carlsson and Antti Koivisto.
* wtf/OwnPtr.h:
(WTF::OwnPtr::operator==):
(WTF::OwnPtr::operator!=):
* wtf/PassOwnPtr.h:
(WTF::PassOwnPtr::operator==):
(WTF::PassOwnPtr::operator!=):
Added private equality operators that fail to compile when used. (When not used, the
compiler will skip over them because they are function templates.)
2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
Reviewed by Gavin Barraclough.
JITArithmetic.cpp produces a warning on a unused variable.
https://bugs.webkit.org/show_bug.cgi?id=60060
Just properly use what we already have converted.
* jit/JITArithmetic.cpp:
(JSC::JIT::emitSlow_op_add):
(JSC::JIT::emitSlow_op_mul):
2011-05-04 Alexis Menard <alexis.menard@openbossa.org>
Reviewed by Geoffrey Garen.
JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0.
https://bugs.webkit.org/show_bug.cgi?id=60050
This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable
in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated
as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED
which copy the idea of ASSERT_UNUSED.
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_method_check):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::emit_op_put_by_id):
* wtf/Assertions.h:
(assertWithMessageUnused):
2011-04-29 Jer Noble <jer.noble@apple.com>
Reviewed by Eric Seidel.
Implement FULLSCREEN_API on Windows, Part 4: Enable it
https://bugs.webkit.org/show_bug.cgi?id=59798
* wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win.
2011-05-03 Alexis Menard <alexis.menard@openbossa.org>
Reviewed by Eric Seidel.
Unused but set variable warning in MacroAssemberX86_64
https://bugs.webkit.org/show_bug.cgi?id=59482
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::call):
(JSC::MacroAssemblerX86_64::tailRecursiveCall):
(JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
2011-05-03 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make malloc validation useful
https://bugs.webkit.org/show_bug.cgi?id=57502
Reland this patch (rolled out in 82905) without
turning it on by default.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* wtf/FastMalloc.cpp:
(WTF::tryFastMalloc):
(WTF::fastMalloc):
(WTF::tryFastCalloc):
(WTF::fastCalloc):
(WTF::fastFree):
(WTF::tryFastRealloc):
(WTF::fastRealloc):
(WTF::fastMallocSize):
(WTF::TCMalloc_PageHeap::isScavengerSuspended):
(WTF::TCMalloc_PageHeap::scheduleScavenger):
(WTF::TCMalloc_PageHeap::suspendScavenger):
(WTF::TCMalloc_PageHeap::signalScavenger):
(WTF::TCMallocStats::malloc):
(WTF::TCMallocStats::free):
(WTF::TCMallocStats::fastCalloc):
(WTF::TCMallocStats::tryFastCalloc):
(WTF::TCMallocStats::calloc):
(WTF::TCMallocStats::fastRealloc):
(WTF::TCMallocStats::tryFastRealloc):
(WTF::TCMallocStats::realloc):
(WTF::TCMallocStats::fastMallocSize):
* wtf/FastMalloc.h:
(WTF::Internal::fastMallocValidationHeader):
(WTF::Internal::fastMallocValidationSuffix):
(WTF::Internal::fastMallocMatchValidationType):
(WTF::Internal::setFastMallocMatchValidationType):
(WTF::fastMallocMatchValidateFree):
(WTF::fastMallocValidate):
2011-05-03 Xan Lopez <xlopez@igalia.com>
Reviewed by Anders Carlsson.
Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield
https://bugs.webkit.org/show_bug.cgi?id=59261
Use unary '+' to force proper type detection in template arguments
with GCC 4.6.0. See bug report for more details.
* runtime/Structure.cpp:
(JSC::StructureTransitionTable::remove): Use '+' to force precise type detection.
(JSC::StructureTransitionTable::add): ditto.
* runtime/Structure.h:
(JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto.
2011-05-03 Jessie Berlin <jberlin@apple.com>
Rubber-stamped by Adam Roben.
Revert r85550 and r85575.
Variables cannot be exported via the .def file. Instead, they should be annotated with
JS_EXPORTDATA.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):
* runtime/Structure.h:
(JSC::Structure::typeInfo):
(JSC::Structure::previousID):
(JSC::Structure::propertyStorageCapacity):
(JSC::Structure::propertyStorageSize):
(JSC::Structure::get):
(JSC::Structure::materializePropertyMapIfNecessary):
2011-05-02 Adam Roben <aroben@apple.com>
Allow implicit conversion from nullptr_t to PassOwnPtr
This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in
strict PassOwnPtr mode.
Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr
doesn't work, but should
Reviewed by Adam Barth.
* wtf/PassOwnPtr.h:
(WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t.
* wtf/MessageQueue.h:
(WTF::::waitForMessageFilteredWithTimeout):
(WTF::::tryGetMessage):
Use the new implicit conversion.
2011-05-02 Jessie Berlin <jberlin@apple.com>
Rubber-stamped by Oliver Hunt.
Remove an assertion that Windows was hitting on launch.
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):
* runtime/Structure.h:
(JSC::Structure::typeInfo):
(JSC::Structure::previousID):
(JSC::Structure::propertyStorageCapacity):
(JSC::Structure::propertyStorageSize):
(JSC::Structure::get):
(JSC::Structure::materializePropertyMapIfNecessary):
2011-05-02 Mark Rowe <mrowe@apple.com>
Reviewed by Geoff Garen.
<rdar://problem/9371948> JavaScriptCore should build with GCC 4.2
* Configurations/CompilerVersion.xcconfig:
2011-05-02 Gavin Barraclough <barraclough@apple.com>
ARMv7 build fix.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::Jump::link):
(JSC::AbstractMacroAssembler::Jump::linkTo):
2011-05-02 Oliver Hunt <oliver@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-05-02 Michael Saboff <msaboff@apple.com>
Reviewed by Geoffrey Garen.
crash in JSC::RegExp::match
https://bugs.webkit.org/show_bug.cgi?id=58922
Cleared chained backtrack data label when linking label even if that
label doesn't chain itself. This is needed so that subsequent
backtrack data labels point to the next outer paren and not within
the current paren.
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
2011-05-02 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Tiny bit of heap cleanup.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::contains): Tightened up an assertion and a comment.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::globalData):
(JSC::MarkedSpace::highWaterMark):
(JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class
definition, for better clarity.
2011-05-02 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Correct marking of interpreter data in mixed mode builds
https://bugs.webkit.org/show_bug.cgi?id=59962
We had a few places in mixed mode builds where we would not
track data used by the interpreter for marking. This patch
corrects the problem and adds a number of assertions to catch
live Structures being collected.
* JavaScriptCore.exp:
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addPropertyAccessInstruction):
(JSC::CodeBlock::addGlobalResolveInstruction):
(JSC::CodeBlock::addStructureStubInfo):
(JSC::CodeBlock::addGlobalResolveInfo):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitResolve):
(JSC::BytecodeGenerator::emitResolveWithBase):
(JSC::BytecodeGenerator::emitGetById):
(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):
* runtime/Structure.h:
(JSC::Structure::typeInfo):
(JSC::Structure::previousID):
(JSC::Structure::propertyStorageCapacity):
(JSC::Structure::propertyStorageSize):
(JSC::Structure::get):
(JSC::Structure::materializePropertyMapIfNecessary):
2011-05-02 Xan Lopez <xlopez@igalia.com>
Reviewed by Alexey Proskuryakov.
Use native NullPtr when using GCC 4.6.0 and C++0x
https://bugs.webkit.org/show_bug.cgi?id=59252
GCC 4.6.0 has nullptr support, use it when possible.
* wtf/NullPtr.cpp: include config.h to pull in Platform.h before
NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition.
* wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to
use native nullptr.
2011-05-02 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=59950
Clean up AssemblerBuffer to use a Vector internally.
AssemblerBuffer handles reallocing a byte array itself - stop that.
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::executableCopy):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerLabel::AssemblerLabel):
(JSC::AssemblerLabel::labelAtOffset):
(JSC::AssemblerBuffer::AssemblerBuffer):
(JSC::AssemblerBuffer::~AssemblerBuffer):
(JSC::AssemblerBuffer::isAvailable):
(JSC::AssemblerBuffer::ensureSpace):
(JSC::AssemblerBuffer::isAligned):
(JSC::AssemblerBuffer::putIntegral):
(JSC::AssemblerBuffer::putIntegralUnchecked):
(JSC::AssemblerBuffer::putByteUnchecked):
(JSC::AssemblerBuffer::putByte):
(JSC::AssemblerBuffer::putShortUnchecked):
(JSC::AssemblerBuffer::putShort):
(JSC::AssemblerBuffer::putIntUnchecked):
(JSC::AssemblerBuffer::putInt):
(JSC::AssemblerBuffer::putInt64Unchecked):
(JSC::AssemblerBuffer::putInt64):
(JSC::AssemblerBuffer::codeSize):
(JSC::AssemblerBuffer::label):
(JSC::AssemblerBuffer::executableCopy):
(JSC::AssemblerBuffer::rewindToLabel):
(JSC::AssemblerBuffer::debugOffset):
(JSC::AssemblerBuffer::append):
(JSC::AssemblerBuffer::grow):
* assembler/AssemblerBufferWithConstantPool.h:
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::linkCall):
* assembler/X86Assembler.h:
(JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
2011-05-02 Jeff Miller <jeffm@apple.com>
Reviewed by Alexy Proskuryakov.
Avoid potential buffer overflow in WTFLog() and WTFLogVerbose()
https://bugs.webkit.org/show_bug.cgi?id=59949
* wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose().
2011-05-02 Adam Barth <abarth@webkit.org>
Reviewed by Alexey Proskuryakov.
StringImpl::endsWith has some insane code
https://bugs.webkit.org/show_bug.cgi?id=59900
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::endsWith):
- m_data shadows a member variable of the same name.
2011-05-02 Gabor Loki <loki@webkit.org>
Buildfix for ARM after r85448
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::loadBranchTarget):
2011-05-01 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Strict-mode only reserved words not reserved
https://bugs.webkit.org/show_bug.cgi?id=55342
Fix line number tracking when we rollback the lexer.
* parser/JSParser.cpp:
(JSC::JSParser::parseSourceElements):
2011-05-01 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
ES5 Strict mode does not allow getter and setter for same propId
https://bugs.webkit.org/show_bug.cgi?id=57295
Simplify and correct the logic for strict mode object literals.
* parser/JSParser.cpp:
(JSC::JSParser::parseStrictObjectLiteral):
2011-05-01 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Assigning to function identifier under strict should throw
https://bugs.webkit.org/show_bug.cgi?id=59289
Add logic to StaticScopeObject to ensure we don't silently consume
writes to constant properties.
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::put):
2011-05-01 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=59903
Use AssemblerLabel throughout Assembler classes, AssemblerBuffer
Creating a lable() into the AssemblerBuffer should return an AssemblerLabel,
not an unsigned int.
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::executableCopy):
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::blx):
(JSC::ARMAssembler::label):
(JSC::ARMAssembler::loadBranchTarget):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::b):
(JSC::ARMv7Assembler::blx):
(JSC::ARMv7Assembler::bx):
(JSC::ARMv7Assembler::label):
(JSC::ARMv7Assembler::ARMInstructionFormatter::label):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::label):
* assembler/AssemblerBufferWithConstantPool.h:
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::label):
(JSC::MIPSAssembler::relocateJumps):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::loadConstant):
(JSC::SH4Assembler::loadConstantUnReusable):
(JSC::SH4Assembler::call):
(JSC::SH4Assembler::jmp):
(JSC::SH4Assembler::jne):
(JSC::SH4Assembler::je):
(JSC::SH4Assembler::label):
(JSC::SH4Assembler::oneShortOp):
* assembler/X86Assembler.h:
(JSC::X86Assembler::call):
(JSC::X86Assembler::jmp_r):
(JSC::X86Assembler::label):
(JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
(JSC::X86Assembler::X86InstructionFormatter::label):
2011-05-01 Adam Barth <abarth@webkit.org>
Reviewed by David Levin.
Enable strict mode for OwnPtr and PassOwnPtr
https://bugs.webkit.org/show_bug.cgi?id=59428
* wtf/OwnPtr.h:
2011-05-01 Patrick Gansterer <paroga@webkit.org>
Reviewed by Adam Barth.
Enable strict OwnPtr for PLATFORM(WIN)
https://bugs.webkit.org/show_bug.cgi?id=59881
* wtf/OwnPtr.h:
2011-05-01 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
https://bugs.webkit.org/show_bug.cgi?id=59896
Remove JmpSrc/JmpDst types.
The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these
object be per-assembler in unhelpful, causes unnecessary code duplication,
and prevents the AssemblerBuffer from providing a richer type for labels.
The limited semantic meaning that they did convey is undermined by the manner
in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst
for data labels).
Jumps on ARMv7 have had additional information added to the object via the
ARMv7 JmpSrc. This data should probably be in the instruction stream. This
patch does not fix the problem, and moves the data (ifdefed) to
AbstractMacroAssembler::Jump (which is effectively where it was before!).
This at least closes the hole such that no further data may be added to JmpSrc,
but this is unfortunate, and should be cleaned up.
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::blx):
(JSC::ARMAssembler::label):
(JSC::ARMAssembler::align):
(JSC::ARMAssembler::loadBranchTarget):
(JSC::ARMAssembler::jmp):
(JSC::ARMAssembler::linkPointer):
(JSC::ARMAssembler::linkJump):
(JSC::ARMAssembler::linkCall):
(JSC::ARMAssembler::getRelocatedAddress):
(JSC::ARMAssembler::getDifferenceBetweenLabels):
(JSC::ARMAssembler::getCallReturnOffset):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::b):
(JSC::ARMv7Assembler::blx):
(JSC::ARMv7Assembler::bx):
(JSC::ARMv7Assembler::label):
(JSC::ARMv7Assembler::align):
(JSC::ARMv7Assembler::getRelocatedAddress):
(JSC::ARMv7Assembler::getDifferenceBetweenLabels):
(JSC::ARMv7Assembler::getCallReturnOffset):
(JSC::ARMv7Assembler::linkJump):
(JSC::ARMv7Assembler::linkCall):
(JSC::ARMv7Assembler::linkPointer):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::Label::isSet):
(JSC::AbstractMacroAssembler::Call::Call):
(JSC::AbstractMacroAssembler::Jump::Jump):
(JSC::AbstractMacroAssembler::Jump::link):
(JSC::AbstractMacroAssembler::Jump::linkTo):
(JSC::AbstractMacroAssembler::linkPointer):
(JSC::AbstractMacroAssembler::getLinkerAddress):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerLabel::AssemblerLabel):
(JSC::AssemblerLabel::isSet):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::patch):
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::label):
(JSC::MIPSAssembler::align):
(JSC::MIPSAssembler::getRelocatedAddress):
(JSC::MIPSAssembler::getDifferenceBetweenLabels):
(JSC::MIPSAssembler::getCallReturnOffset):
(JSC::MIPSAssembler::linkJump):
(JSC::MIPSAssembler::linkCall):
(JSC::MIPSAssembler::linkPointer):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::branchDouble):
(JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN):
(JSC::MacroAssemblerARMv7::jump):
(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::ret):
(JSC::MacroAssemblerARMv7::tailRecursiveCall):
(JSC::MacroAssemblerARMv7::makeBranch):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::nearCall):
(JSC::MacroAssemblerMIPS::call):
(JSC::MacroAssemblerMIPS::tailRecursiveCall):
(JSC::MacroAssemblerMIPS::branchTrue):
(JSC::MacroAssemblerMIPS::branchFalse):
(JSC::MacroAssemblerMIPS::branchEqual):
(JSC::MacroAssemblerMIPS::branchNotEqual):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::call):
(JSC::SH4Assembler::jmp):
(JSC::SH4Assembler::jne):
(JSC::SH4Assembler::je):
(JSC::SH4Assembler::label):
(JSC::SH4Assembler::align):
(JSC::SH4Assembler::linkJump):
(JSC::SH4Assembler::linkCall):
(JSC::SH4Assembler::linkPointer):
(JSC::SH4Assembler::getCallReturnOffset):
(JSC::SH4Assembler::getRelocatedAddress):
(JSC::SH4Assembler::getDifferenceBetweenLabels):
(JSC::SH4Assembler::patchPointer):
* assembler/X86Assembler.h:
(JSC::X86Assembler::call):
(JSC::X86Assembler::jmp):
(JSC::X86Assembler::jmp_r):
(JSC::X86Assembler::jne):
(JSC::X86Assembler::jnz):
(JSC::X86Assembler::je):
(JSC::X86Assembler::jz):
(JSC::X86Assembler::jl):
(JSC::X86Assembler::jb):
(JSC::X86Assembler::jle):
(JSC::X86Assembler::jbe):
(JSC::X86Assembler::jge):
(JSC::X86Assembler::jg):
(JSC::X86Assembler::ja):
(JSC::X86Assembler::jae):
(JSC::X86Assembler::jo):
(JSC::X86Assembler::jp):
(JSC::X86Assembler::js):
(JSC::X86Assembler::jCC):
(JSC::X86Assembler::label):
(JSC::X86Assembler::labelFor):
(JSC::X86Assembler::align):
(JSC::X86Assembler::linkJump):
(JSC::X86Assembler::linkCall):
(JSC::X86Assembler::linkPointer):
(JSC::X86Assembler::getCallReturnOffset):
(JSC::X86Assembler::getRelocatedAddress):
(JSC::X86Assembler::getDifferenceBetweenLabels):
(JSC::X86Assembler::rewindToLabel):
(JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
(JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::atJumpTarget):
(JSC::JIT::emitGetVirtualRegister):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_jmp):
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_jsr):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emit_op_jmp_scopes):
2011-05-01 Chao-ying Fu <fu@mips.com>
Reviewed by Eric Seidel.
Fix MIPS build due to the split of "Condition" enum
https://bugs.webkit.org/show_bug.cgi?id=59407
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::debugOffset):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::branch32):
(JSC::MacroAssemblerMIPS::compare32):
2011-04-30 Adam Barth <abarth@webkit.org>
Reviewed by Adam Barth.
Enable strict OwnPtr for GTK
https://bugs.webkit.org/show_bug.cgi?id=59861
* wtf/OwnPtr.h:
2011-04-30 Gavin Barraclough <barraclough@apple.com>
ARMv7 build fix.
* assembler/AssemblerBufferWithConstantPool.h:
2011-04-30 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 59869 - AssemblerBuffer cleanup - disambiguate size()
The method size() is called on the AssemblerBuffer both to acquire
the complete size of the code, and to get a position to use as a
label into the code. Instead, add an explicit 'label' method.
* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::executableCopy):
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::blx):
(JSC::ARMAssembler::codeSize):
(JSC::ARMAssembler::label):
(JSC::ARMAssembler::loadBranchTarget):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::b):
(JSC::ARMv7Assembler::blx):
(JSC::ARMv7Assembler::bx):
(JSC::ARMv7Assembler::label):
(JSC::ARMv7Assembler::codeSize):
(JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize):
(JSC::ARMv7Assembler::ARMInstructionFormatter::data):
* assembler/AbstractMacroAssembler.h:
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::codeSize):
(JSC::AssemblerBuffer::label):
* assembler/AssemblerBufferWithConstantPool.h:
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::linkCode):
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::newJmpSrc):
(JSC::MIPSAssembler::appendJump):
(JSC::MIPSAssembler::label):
(JSC::MIPSAssembler::codeSize):
(JSC::MIPSAssembler::relocateJumps):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::loadConstant):
(JSC::SH4Assembler::loadConstantUnReusable):
(JSC::SH4Assembler::call):
(JSC::SH4Assembler::jmp):
(JSC::SH4Assembler::jne):
(JSC::SH4Assembler::je):
(JSC::SH4Assembler::label):
(JSC::SH4Assembler::executableCopy):
(JSC::SH4Assembler::oneShortOp):
(JSC::SH4Assembler::codeSize):
* assembler/X86Assembler.h:
(JSC::X86Assembler::call):
(JSC::X86Assembler::jmp_r):
(JSC::X86Assembler::codeSize):
(JSC::X86Assembler::label):
(JSC::X86Assembler::executableCopy):
(JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
(JSC::X86Assembler::X86InstructionFormatter::codeSize):
(JSC::X86Assembler::X86InstructionFormatter::label):
(JSC::X86Assembler::X86InstructionFormatter::executableCopy):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::compile):
2011-04-29 Adam Barth <abarth@webkit.org>
Attempt to fix the Windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-04-29 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
CSP script-src should block eval
https://bugs.webkit.org/show_bug.cgi?id=59850
ggaren recommend a different approach to this patch, essentially
installing a new function for function-eval and changing the AST
representation of operator-eval to call function-eval. However, I'm
not sure that approach is workable because the ASTBuilder doesn't know
about global objects, and there is added complication due to the cache.
This approach is more dynamic, adding a branch in EvalExecutable to
detect whether eval is current disabled in the lexical scope. The spec
is slightly unclear about whether we should return undefined or throw
an exception. I've asked Brandon to clarify the spec, but throwing an
exception seems natural.
* JavaScriptCore.exp:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::disableEval):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::isEvalEnabled):
2011-04-29 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=59847
Remove linkOffset from LinkBuffer
This is redundant since removal of recompilation for exception info.
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::linkCode):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::JIT::compile):
(JSC::JIT::compileCTIMachineTrampolines):
(JSC::JIT::compileCTINativeCall):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::finalize):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::compile):
2011-04-29 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt & Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=59221
[RegexFuzz] Regression blocking testing
Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion
node, emitDisjunction recursively calls to itself to emit the nested disjunction
the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into
account the uncheck that has just taken place).
Also, the special handling given to countToCheck in the case of parenthetical
assertions is nonsense, delete it, along with the isParentheticalAssertion argument.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::ByteCompiler::emitDisjunction):
2011-04-29 Csaba Osztrogonác <ossy@webkit.org>
Reviewed by Adam Barth.
Enable strict OwnPtr for Qt
https://bugs.webkit.org/show_bug.cgi?id=59667
* wtf/OwnPtr.h:
2011-04-29 Dean Jackson <dino@apple.com>
Reviewed by Simon Fraser.
Add ENABLE macro for WebKitAnimation
https://bugs.webkit.org/show_bug.cgi?id=59729
Add new feature to toggle WebKit Animation API.
* Configurations/FeatureDefines.xcconfig:
2011-04-28 Sam Weinig <sam@webkit.org>
Reviewed by Mark Rowe.
Install testapi.js along side testapi
https://bugs.webkit.org/show_bug.cgi?id=59773
* JavaScriptCore.xcodeproj/project.pbxproj:
Add new build phase to copy testapi.js to install path of testapi
on install.
2011-04-28 David Levin <levin@chromium.org>
Reviewed by Adam Barth.
Remove IMAGE_RESIZER related code.
https://bugs.webkit.org/show_bug.cgi?id=59735
* Configurations/FeatureDefines.xcconfig:
2011-04-28 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=59763
DFG JIT - Unify FPRReg & FPRegisterID
(Following on from GPRReg/RegisterID unification).
* dfg/DFGFPRInfo.h:
(JSC::DFG::FPRInfo::toRegister):
(JSC::DFG::FPRInfo::debugName):
* dfg/DFGGPRInfo.h:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::checkConsistency):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::boxDouble):
(JSC::DFG::JITCodeGenerator::unboxDouble):
(JSC::DFG::JITCodeGenerator::flushRegisters):
(JSC::DFG::JITCodeGenerator::isFlushed):
(JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
(JSC::DFG::JITCodeGenerator::setupStubArguments):
(JSC::DFG::JITCodeGenerator::callOperation):
(JSC::DFG::GPRResult::lockedResult):
(JSC::DFG::FPRResult::lockedResult):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::EntryLocation::EntryLocation):
(JSC::DFG::NonSpeculativeJIT::valueToNumber):
(JSC::DFG::NonSpeculativeJIT::valueToInt32):
(JSC::DFG::NonSpeculativeJIT::numberToInt32):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
(JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
(JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
* dfg/DFGRegisterBank.h:
(JSC::DFG::RegisterBank::iterator::regID):
(JSC::DFG::RegisterBank::iterator::debugName):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculationCheck::SpeculationCheck):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
2011-04-28 David Kilzer <ddkilzer@apple.com>
Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called"
This reverts commit r85195. It was crashing DumpRenderTree on Lion.
* wtf/mac/MainThreadMac.mm:
(WTF::postTimer):
2011-04-28 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Remove WML
https://bugs.webkit.org/show_bug.cgi?id=59678
Remove the WML configuration option from the Mac build system.
* Configurations/FeatureDefines.xcconfig:
2011-04-28 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r85233 and r85235.
http://trac.webkit.org/changeset/85233
http://trac.webkit.org/changeset/85235
https://bugs.webkit.org/show_bug.cgi?id=59754
Causes issues with jsc. (Requested by dave_levin on #webkit).
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jit/ExecutableAllocator.h:
(JSC::ExecutablePool::ExecutablePool):
* parser/SourceProvider.h:
(JSC::SourceProvider::SourceProvider):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
* wtf/CMakeLists.txt:
* wtf/RefCounted.h:
(WTF::RefCountedBase::ref):
(WTF::RefCountedBase::hasOneRef):
(WTF::RefCountedBase::refCount):
(WTF::RefCountedBase::derefBase):
* wtf/SizeLimits.cpp:
* wtf/ThreadRestrictionVerifier.h: Removed.
* wtf/text/CString.h:
(WTF::CStringBuffer::CStringBuffer):
2011-04-28 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 59740 - DFG JIT - Unify GPRReg & RegisterID
Currently we use a mix of enum values throughout the DFG JIT to represent
gpr registers - the RegisterID provided by the MacroAssembler, and the
GPRReg enum giving the sequential register set over which the RegisterBank
allocates. Unify the two.
Patch to unify FPRReg in a similar fashion will follow.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGFPRInfo.h: Added.
(JSC::DFG::next):
(JSC::DFG::FPRBankInfo::toRegister):
(JSC::DFG::FPRBankInfo::toIndex):
* dfg/DFGGPRInfo.h: Added.
(JSC::DFG::GPRInfo::toRegister):
(JSC::DFG::GPRInfo::toIndex):
(JSC::DFG::GPRInfo::debugName):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::dump):
(JSC::DFG::JITCodeGenerator::checkConsistency):
(JSC::DFG::GPRTemporary::GPRTemporary):
(JSC::DFG::FPRTemporary::FPRTemporary):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::boxDouble):
(JSC::DFG::JITCodeGenerator::unboxDouble):
(JSC::DFG::JITCodeGenerator::spill):
(JSC::DFG::JITCodeGenerator::flushRegisters):
(JSC::DFG::JITCodeGenerator::isFlushed):
(JSC::DFG::JITCodeGenerator::bitOp):
(JSC::DFG::JITCodeGenerator::shiftOp):
(JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
(JSC::DFG::JITCodeGenerator::setupStubArguments):
(JSC::DFG::JITCodeGenerator::callOperation):
(JSC::DFG::IntegerOperand::gpr):
(JSC::DFG::DoubleOperand::gpr):
(JSC::DFG::GPRTemporary::gpr):
(JSC::DFG::FPRTemporary::gpr):
(JSC::DFG::GPRResult::lockedResult):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::fillInt32ToInteger):
(JSC::DFG::JITCompiler::fillToJS):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::jitAssertIsInt32):
(JSC::DFG::JITCompiler::jitAssertIsJSInt32):
(JSC::DFG::JITCompiler::jitAssertIsJSNumber):
(JSC::DFG::JITCompiler::jitAssertIsJSDouble):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::preserveReturnAddressAfterCall):
(JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn):
(JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr):
(JSC::DFG::JITCompiler::emitPutToCallFrameHeader):
(JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
(JSC::DFG::JITCompiler::addressForGlobalVar):
(JSC::DFG::JITCompiler::addressFor):
(JSC::DFG::JITCompiler::tagFor):
(JSC::DFG::JITCompiler::payloadFor):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::EntryLocation::EntryLocation):
(JSC::DFG::NonSpeculativeJIT::valueToNumber):
(JSC::DFG::NonSpeculativeJIT::valueToInt32):
(JSC::DFG::NonSpeculativeJIT::numberToInt32):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
(JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
(JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
(JSC::DFG::NonSpeculativeJIT::silentFillGPR):
(JSC::DFG::NonSpeculativeJIT::silentFillFPR):
(JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
(JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
* dfg/DFGRegisterBank.h:
(JSC::DFG::RegisterBank::allocate):
(JSC::DFG::RegisterBank::retain):
(JSC::DFG::RegisterBank::release):
(JSC::DFG::RegisterBank::lock):
(JSC::DFG::RegisterBank::unlock):
(JSC::DFG::RegisterBank::isLocked):
(JSC::DFG::RegisterBank::name):
(JSC::DFG::RegisterBank::iterator::name):
(JSC::DFG::RegisterBank::iterator::isLocked):
(JSC::DFG::RegisterBank::iterator::release):
(JSC::DFG::RegisterBank::iterator::gpr):
(JSC::DFG::RegisterBank::iterator::debugName):
(JSC::DFG::RegisterBank::iterator::operator++):
(JSC::DFG::RegisterBank::iterator::operator!=):
(JSC::DFG::RegisterBank::iterator::index):
(JSC::DFG::RegisterBank::iterator::iterator):
(JSC::DFG::RegisterBank::begin):
(JSC::DFG::RegisterBank::end):
(JSC::DFG::RegisterBank::isLockedAtIndex):
(JSC::DFG::RegisterBank::nameAtIndex):
(JSC::DFG::RegisterBank::releaseAtIndex):
(JSC::DFG::RegisterBank::allocateInternal):
(JSC::DFG::RegisterBank::MapEntry::MapEntry):
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::~ScoreBoard):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculationCheck::SpeculationCheck):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::initializeVariableTypes):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculateIntegerOperand::gpr):
2011-04-28 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Remove evil addressOfStructure() function
https://bugs.webkit.org/show_bug.cgi?id=59739
Remove the addressOfStructure function from JSCell, and update
callsites to use the same logic as testPrototype()
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdProtoList):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdProtoList):
* runtime/JSCell.h:
2011-04-28 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Clean up testPrototype()
https://bugs.webkit.org/show_bug.cgi?id=59734
Remove direct pointer to the inside of a GC object and just do
the indirect load manually. Doesn't effect sunspider but does
clean up the code quite a bit, and simplifies the handling of
GC values.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::testPrototype):
2011-04-28 David Levin <levin@chromium.org>
Build fix.
* wtf/RefCounted.h: Fix inverted ifdef.
2011-04-07 David Levin <levin@chromium.org>
Reviewed by Darin Adler.
Add asserts to RefCounted to make sure ref/deref happens on the right thread.
https://bugs.webkit.org/show_bug.cgi?id=31639
* GNUmakefile.list.am: Added new files to the build.
* JavaScriptCore.gypi: Ditto.
* JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
* JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
* jit/ExecutableAllocator.h:
(JSC::ExecutablePool::ExecutablePool): Turned off checks for this
due to not being able to figure out what was guarding it (bug 58091).
* parser/SourceProvider.h:
(JSC::SourceProvider::SourceProvider): Ditto.
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp): Ditto.
* wtf/CMakeLists.txt: Added new files to the build.
* wtf/ThreadRestrictionVerifier.h: Added.
Everything is done in the header to avoid the issue with exports
that are only useful in debug but still needing to export them.
* wtf/RefCounted.h:
(WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
and filed bug 58171 about making it stricter.
(WTF::RefCountedBase::hasOneRef): Ditto.
(WTF::RefCountedBase::refCount): Ditto.
(WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
(WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
Filed bug 58174 to remove this method.
(WTF::RefCountedBase::derefBase):
* wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
* wtf/text/CString.h:
(WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
done in Chromium's test_shell (bug 58093).
2011-04-28 Xan Lopez <xlopez@igalia.com>
Unreviewed attempt to fix the build.
* GNUmakefile.am: add -lpthread.
2011-04-28 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Only need a single implementation of testPrototype
https://bugs.webkit.org/show_bug.cgi?id=59724
Remove excess copy of identical testPrototype() code
* jit/JITPropertyAccess.cpp:
(JSC::JIT::testPrototype):
* jit/JITPropertyAccess32_64.cpp:
2011-04-28 Xan Lopez <xlopez@igalia.com>
Reviewed by Martin Robinson.
[Gtk] Split JSC and WebCore builds
https://bugs.webkit.org/show_bug.cgi?id=19428
Build JavaScriptCore as a libtool shared library instead of a
private convenience library.
* GNUmakefile.am: define new jsc library and adapt to new name for
javascriptcore target.
* GNUmakefile.list.am: ditto.
2011-04-28 David Kilzer <ddkilzer@apple.com>
<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called
Reviewed by Simon Fraser.
* wtf/mac/MainThreadMac.mm:
(WTF::postTimer): Use RetainPtr to plug the leak.
2011-04-27 Sam Weinig <sam@webkit.org>
Reviewed by David Kilzer.
Add way to install testapi in production builds
https://bugs.webkit.org/show_bug.cgi?id=59674
* Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig.
Add configuration file for TestAPI. In addition to name, we now specify an install path
and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL.
* JavaScriptCore.xcodeproj/project.pbxproj:
Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig
file.
2011-04-27 Adam Barth <abarth@webkit.org>
Reviewed by David Levin.
Enable strict OwnPtrs for Chromium
https://bugs.webkit.org/show_bug.cgi?id=59666
* wtf/OwnPtr.h:
2011-04-27 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Add ability to remove keys from weakmap API
https://bugs.webkit.org/show_bug.cgi?id=59645
Add JSWeakObjectMapRemove API
* API/JSWeakObjectMapRefPrivate.cpp:
* API/JSWeakObjectMapRefPrivate.h:
* JavaScriptCore.exp:
2011-04-27 Adam Barth <abarth@webkit.org>
Reviewed by David Levin.
Enable strict mode for OwnPtr
https://bugs.webkit.org/show_bug.cgi?id=59428
This patch enables strict mode for OwnPtr on PLATFORM(MAC) only.
* wtf/OwnPtr.h:
2011-04-27 Steve Block <steveblock@google.com>
Reviewed by David Levin.
Remove Android build system
https://bugs.webkit.org/show_bug.cgi?id=48111
This is to avoid the maintenance burden until the Android port is
fully upstreamed.
* Android.mk: Removed.
* Android.v8.wtf.mk: Removed.
2011-04-27 Mark Rowe <mrowe@apple.com>
Fix 32-bit build after r85036.
* wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit.
2011-04-27 Csaba Osztrogonác <ossy@webkit.org>
Unreviewed buildfix after r85036.
Readd non-dead code.
* wtf/OSAllocatorPosix.cpp:
(WTF::OSAllocator::reserveAndCommit):
2011-04-27 Adam Barth <abarth@webkit.org>
Reviewed by Kenneth Russell.
OwnPtr assignment operator should be private
https://bugs.webkit.org/show_bug.cgi?id=59487
Unfortunately we can't remove the copy constructor because of some
detail about gcc. (The issue is documented in a comment already.)
* wtf/OwnPtr.h:
2011-04-26 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r84977.
http://trac.webkit.org/changeset/84977
https://bugs.webkit.org/show_bug.cgi?id=59568
caused crashes on the SL WK2 bots (Requested by jessieberlin
on #webkit).
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::call):
(JSC::MacroAssemblerX86_64::tailRecursiveCall):
(JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
2011-04-26 Kevin Ollivier <kevino@theolliviers.com>
Rubberstamped by Eric Seidel.
Enable waf to be used to build other ports
https://bugs.webkit.org/show_bug.cgi?id=58213
* wscript:
2011-04-26 Sam Weinig <sam@webkit.org>
Reviewed by David Hyatt.
Remove Datagrid from the tree
https://bugs.webkit.org/show_bug.cgi?id=59543
* Configurations/FeatureDefines.xcconfig:
Remove feature.
2011-04-26 Adrienne Walker <enne@google.com>
Reviewed by Geoffrey Garen.
Fix incorrect use of OwnPtr<T*> in GCActivityCallback
https://bugs.webkit.org/show_bug.cgi?id=59559
* runtime/GCActivityCallback.h:
2011-04-26 Xan Lopez <xlopez@igalia.com>
Reviewed by Daniel Bates.
Unused but set variable warning in MacroAssembelX86_64
https://bugs.webkit.org/show_bug.cgi?id=59482
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::call): do not declare the label
variable if we are not going to use it.
(JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto.
(JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto.
2011-04-26 Dan Bernstein <mitz@apple.com>
Reviewed by Mark Rowe.
Choose the compiler based on the Xcode version for Snow Leopard debug builds.
* Configurations/Base.xcconfig:
* Configurations/CompilerVersion.xcconfig: Added.
2011-04-25 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Nixed special finalizer handling for WebCore strings
https://bugs.webkit.org/show_bug.cgi?id=59425
SunSpider reports no change.
Not needed anymore, since weak handles have finalizers.
* runtime/JSString.cpp:
(JSC::JSString::resolveRope):
(JSC::JSString::resolveRopeSlowCase):
(JSC::JSString::outOfMemory):
(JSC::JSString::substringFromRope):
(JSC::JSString::replaceCharacter): Updated for removal of union.
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::~JSString):
(JSC::RopeBuilder::appendStringInConstruct):
(JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for
union or special constructor anymore.
2011-04-26 Gabor Loki <loki@webkit.org>
Reviewed by Csaba Osztrogonác.
Speeding up SVG filters with multicore (SMP) support
https://bugs.webkit.org/show_bug.cgi?id=43903
Some SVG filters execute a huge number of pixel manipulations, which
cannot be sped up by graphics accelerators, since their algorithm is
too complex. Using the power of Symmetric Multi Processing (SMP) we
can split up a task to smaller (data independent) tasks, which can be
executed independently.
The ParallelJobs framework provides a simple way for distributed
programming. The framework is based on WebKit's threading infrastructure,
Open Multi-Processing's (OpenMP) API, and libdispatch API.
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/ParallelJobs.h: Added.
(WTF::ParallelJobs::ParallelJobs):
(WTF::ParallelJobs::numberOfJobs):
(WTF::ParallelJobs::parameterForJob):
(WTF::ParallelJobs::executeJobs):
* wtf/ParallelJobsGeneric.cpp: Added.
(WTF::ParallelEnvironment::ThreadPrivate::tryLockFor):
(WTF::ParallelEnvironment::ThreadPrivate::executeJob):
(WTF::ParallelEnvironment::ThreadPrivate::waitForFinish):
(WTF::ParallelEnvironment::ThreadPrivate::workerThread):
* wtf/ParallelJobsGeneric.h: Added.
(WTF::ParallelEnvironment::ParallelEnvironment):
(WTF::ParallelEnvironment::numberOfJobs):
(WTF::ParallelEnvironment::parameterForJob):
(WTF::ParallelEnvironment::executeJobs):
(WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate):
(WTF::ParallelEnvironment::ThreadPrivate::create):
* wtf/ParallelJobsLibdispatch.h: Added.
(WTF::ParallelEnvironment::ParallelEnvironment):
(WTF::ParallelEnvironment::numberOfJobs):
(WTF::ParallelEnvironment::parameterForJob):
(WTF::ParallelEnvironment::executeJobs):
* wtf/ParallelJobsOpenMP.h: Added.
(WTF::ParallelEnvironment::ParallelEnvironment):
(WTF::ParallelEnvironment::numberOfJobs):
(WTF::ParallelEnvironment::parameterForJob):
(WTF::ParallelEnvironment::executeJobs):
* wtf/Platform.h:
* wtf/wtf.pri:
2011-04-26 Mihai Parparita <mihaip@chromium.org>
Reviewed by Adam Barth.
Turn off make built-in implicit rules for derived sources makefile
https://bugs.webkit.org/show_bug.cgi?id=59418
We don't use any of make's built-in implicit rules, turning them off
speeds up parsing of the makefile.
* JavaScriptCore.xcodeproj/project.pbxproj:
* gyp/generate-derived-sources.sh:
2011-04-25 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Custom prototypes on DOM objects don't persist after garbage collection
https://bugs.webkit.org/show_bug.cgi?id=59412
SunSpider reports no change.
The hasCustomProperties() check didn't check for a custom prototype.
* runtime/JSObject.h:
(JSC::JSObject::hasCustomProperties): Changed to delegate to Structure
because it is the "truth" about an object's pedigree.
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/Structure.h:
(JSC::Structure::didTransition): Track whether a Structure has ever
transitioned for any reason. If so, we have to assume that the object
holding it is custom in some way.
2011-04-25 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
https://bugs.webkit.org/show_bug.cgi?id=59405
DFG JIT - add type speculation for integer & array types, for vars & args.
If a var or argument is used as the base for a GetByVal or PutByVal access
we are speculating that it is of type Array (we only generate code on the
speculative path to perform array accesses). By typing the var or args slot
as Array, and checking on entry to the function (in the case of args), and
each time the local is written to, we can avoid a type check at each point
the array is accessed. This will typically hoist type checks out of loops.
Similarly, any local that is incremented or decremented, or is the input or
output or a bitwise operator, is likely to be an integer. By typing the
local as int32 we can avoid speculation checks on access, and tagging when
writing to the slot. All accesses can become 32bit instead of 64.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::predictArray):
(JSC::DFG::ByteCodeParser::predictInt32):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.h:
(JSC::DFG::PredictionSlot::PredictionSlot):
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::getPrediction):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::tagFor):
(JSC::DFG::JITCompiler::payloadFor):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::initializeVariableTypes):
* dfg/DFGSpeculativeJIT.h:
* runtime/Executable.cpp:
(JSC::tryDFGCompile):
2011-04-25 David Levin <levin@chromium.org>
Reviewed by James Robinson.
Fix OwnPtr strict mode violation in MessageQueue.h
https://bugs.webkit.org/show_bug.cgi?id=59400
* wtf/MessageQueue.h:
(WTF::::waitForMessage):
(WTF::::waitForMessageFilteredWithTimeout):
(WTF::::tryGetMessage):
2011-04-25 Adam Barth <abarth@webkit.org>
Reviewed by Darin Adler.
JavaScriptCore should play nice strict OwnPtrs
https://bugs.webkit.org/show_bug.cgi?id=59401
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parse):
* heap/Heap.cpp:
(JSC::TypeCounter::TypeCounter):
* jit/JITStubs.cpp:
(JSC::JITThunks::JITThunks):
* parser/JSParser.cpp:
(JSC::JSParser::Scope::Scope):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
2011-04-25 Mark Rowe <mrowe@apple.com>
Build fix.
* wtf/ListHashSet.h:
2011-04-25 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 59370 - DFG JIT - fix leak of BlocksBlocks
(put the blocks immediately into an OwnPtr).
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parse):
2011-04-25 James Robinson <jamesr@chromium.org>
Reviewed by David Levin.
Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor
https://bugs.webkit.org/show_bug.cgi?id=59353
* wtf/ListHashSet.h:
(WTF::::ListHashSet):
2011-04-25 David Levin <levin@chromium.org>
Reviewed by Adam Barth.
Fix PassOwnPtr issues in Structure and JSGlobalData.cpp
https://bugs.webkit.org/show_bug.cgi?id=59347
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/Structure.cpp:
(JSC::Structure::copyPropertyTable):
(JSC::Structure::createPropertyMap):
* runtime/Structure.h:
2011-04-25 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make ClassInfo required when creating a Structure
https://bugs.webkit.org/show_bug.cgi?id=59340
Add ClassInfo to all those types which currently don't
have it, and add an assertion to Structure::create to
ensure that the provided classInfo is not null.
* runtime/Executable.h:
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/GetterSetter.cpp:
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/JSAPIValueWrapper.cpp:
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSString.cpp:
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::JSCell::createDummyStructure):
2011-04-25 David Levin <levin@chromium.org>
Reviewed by Adam Barth.
PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr.
https://bugs.webkit.org/show_bug.cgi?id=59342
This patch is to prepare for the strict OwnPtr hack-a-thon.
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::copy):
2011-04-25 Thouraya ANDOLSI <thouraya.andolsi@st.com>
Reviewed by Gavin Barraclough.
Rationalize MacroAssembler branch methods
https://bugs.webkit.org/show_bug.cgi?id=58950
split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition'
and apply related changes (only for SH4 platforms).
* assembler/MacroAssemblerSH4.cpp:
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::compare32):
(JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerSH4::branchDouble):
(JSC::MacroAssemblerSH4::branch32):
(JSC::MacroAssemblerSH4::branchTest8):
(JSC::MacroAssemblerSH4::branch8):
(JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
(JSC::MacroAssemblerSH4::test8):
(JSC::MacroAssemblerSH4::branch16):
(JSC::MacroAssemblerSH4::branchTest32):
(JSC::MacroAssemblerSH4::branchAdd32):
(JSC::MacroAssemblerSH4::branchMul32):
(JSC::MacroAssemblerSH4::branchSub32):
(JSC::MacroAssemblerSH4::branchOr32):
(JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
(JSC::MacroAssemblerSH4::branchPtrWithPatch):
(JSC::MacroAssemblerSH4::SH4Condition):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::cmpEqImmR0):
2011-04-25 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
PropertyMapHashTable should work with strict OwnPtr
https://bugs.webkit.org/show_bug.cgi?id=59337
This patch is in preparation for the strict OwnPtr hack-a-thon.
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::PropertyTable):
(JSC::PropertyTable::addDeletedOffset):
2011-04-25 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Nixed MarkStack::deprecatedAppend, since it has no clients left.
* heap/MarkStack.h:
2011-04-23 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?:
SetLocals to temporaries will only be generated if they are used within other
blocks, due to the SSA based DCE.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processPhiStack):
(JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.h:
(JSC::DFG::BasicBlock::BasicBlock):
2011-04-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig & Geoff Garen.
Bug 59266 - DFG JIT - Add SSA style DCE
This works by making GetLocal nodes reference SetLocal nodes from prior blocks,
via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a
matching child Phi, and add the Phi to a work queue to add references to prior
definitions once we have the full CFG & can determine predecessors. This process
is iterative, inserting new phis into predecessors as necessary.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getVariable):
(JSC::DFG::ByteCodeParser::setVariable):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::processWorkQueue):
(JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::refChildren):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::ref):
* dfg/DFGNode.h:
(JSC::DFG::Node::ref):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::~ScoreBoard):
(JSC::DFG::ScoreBoard::dump):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-04-22 Vitaly Repeshko <vitalyr@chromium.org>
Reviewed by Adam Barth.
Add missing default constructors for HashMap iterator specializations.
https://bugs.webkit.org/show_bug.cgi?id=59250
* wtf/HashIterators.h:
* wtf/HashTable.h:
(WTF::HashTableConstIterator::HashTableConstIterator): Added cast
to help compiler find the function template.
2011-04-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 59262 - DFG JIT - reduce size of VariableRecord
We never need both the get & set node, only the most recent
(which is always a set, if both exist).
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getVariable):
(JSC::DFG::ByteCodeParser::setVariable):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.h:
(JSC::DFG::VariableRecord::VariableRecord):
2011-04-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoffrey Garen.
Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks,
such that this information is available for DCE. Also, since this enlarges the
size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a
vector of blocks.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::getVariable):
(JSC::DFG::ByteCodeParser::setVariable):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::setupPredecessors):
(JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::VariableRecord::VariableRecord):
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::BasicBlock::getBytecodeBegin):
(JSC::DFG::Graph::blockIndexForBytecodeOffset):
(JSC::DFG::Graph::blockForBytecodeOffset):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2011-04-22 Gavin Barraclough <barraclough@apple.com>
Errk, build fix.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-04-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop,
move out the call to checkConsistency().
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
2011-04-21 Vitaly Repeshko <vitalyr@chromium.org>
Reviewed by Adam Barth.
Provide default constructors for HashMap iterators.
https://bugs.webkit.org/show_bug.cgi?id=59151
These will be used to implement an iterator over EventTarget's
listeners.
* wtf/HashTable.h:
(WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter):
(WTF::HashTableIteratorAdapter::HashTableIteratorAdapter):
2011-04-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks
These will be necessary for DCE support.
Also factor allocateVirtualRegisters out into its own method.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::setupPredecessors):
(JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::blockForBytecodeOffset):
* dfg/DFGNode.h:
(JSC::DFG::Node::isTerminal):
2011-04-22 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Object.create creates uncachable objects
https://bugs.webkit.org/show_bug.cgi?id=59164
Use the prototype object's inheritorID, as we
should always have done
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::nullPrototypeObjectStructure):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorCreate):
2011-04-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result
We currently allocate virtual registers to nodes which have no result - these are
clearly unused, and may result in us allocating a larger than necessary stack frame.
Encapsulate Node::virtualRegister such that we can ASSERT this is only called on
nodes that have results, and improve the quality of output from the consistency check.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::ref):
(JSC::DFG::Graph::deref):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::dump):
(JSC::DFG::JITCodeGenerator::checkConsistency):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::canReuse):
(JSC::DFG::JITCodeGenerator::isFilled):
(JSC::DFG::JITCodeGenerator::isFilledDouble):
(JSC::DFG::JITCodeGenerator::use):
(JSC::DFG::JITCodeGenerator::integerResult):
(JSC::DFG::JITCodeGenerator::noResult):
(JSC::DFG::JITCodeGenerator::cellResult):
(JSC::DFG::JITCodeGenerator::jsValueResult):
(JSC::DFG::JITCodeGenerator::doubleResult):
(JSC::DFG::JITCodeGenerator::initConstantInfo):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::fillInt32ToInteger):
(JSC::DFG::JITCompiler::fillToJS):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasResult):
(JSC::DFG::Node::virtualRegister):
(JSC::DFG::Node::setVirtualRegister):
(JSC::DFG::Node::refCount):
(JSC::DFG::Node::ref):
(JSC::DFG::Node::deref):
(JSC::DFG::Node::adjustedRefCount):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::isKnownInteger):
(JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::use):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compile):
2011-04-22 Sam Weinig <sam@webkit.org>
Reviewed by Gavin Barraclough and Oliver Hunt.
Arrays should participate in global object forwarding fun
https://bugs.webkit.org/show_bug.cgi?id=59215
* runtime/JSGlobalObject.h:
(JSC::constructEmptyArray):
(JSC::constructArray):
Add variants of constructArray that take a global object.
2011-04-22 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r84650 and r84654.
http://trac.webkit.org/changeset/84650
http://trac.webkit.org/changeset/84654
https://bugs.webkit.org/show_bug.cgi?id=59218
Broke Windows build (Requested by bweinstein on #webkit).
* API/JSCallbackObjectFunctions.h:
(JSC::::init):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* heap/Handle.h:
(JSC::HandleBase::operator!):
(JSC::HandleBase::operator UnspecifiedBoolType*):
(JSC::HandleTypes::getFromSlot):
* heap/HandleHeap.cpp:
(JSC::HandleHeap::markStrongHandles):
(JSC::HandleHeap::markWeakHandles):
(JSC::HandleHeap::finalizeWeakHandles):
(JSC::HandleHeap::writeBarrier):
(JSC::HandleHeap::protectedGlobalObjectCount):
(JSC::HandleHeap::isValidWeakNode):
* heap/HandleHeap.h:
(JSC::HandleHeap::copyWeak):
(JSC::HandleHeap::makeWeak):
(JSC::HandleHeap::Node::slot):
* heap/HandleStack.cpp:
(JSC::HandleStack::mark):
(JSC::HandleStack::grow):
* heap/HandleStack.h:
(JSC::HandleStack::zapTo):
(JSC::HandleStack::push):
* heap/Heap.cpp:
(JSC::HandleHeap::protectedObjectTypeCounts):
* heap/Local.h:
(JSC::::set):
* heap/Strong.h:
(JSC::Strong::set):
* heap/Weak.h:
(JSC::Weak::set):
* runtime/StructureTransitionTable.h:
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):
* runtime/WeakGCMap.h:
(JSC::WeakGCMap::add):
(JSC::WeakGCMap::set):
* runtime/WriteBarrier.h:
2011-04-22 Brian Weinstein <bweinstein@apple.com>
Part of Windows build fix from r84650.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-04-22 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make it harder to use HandleSlot incorrectly
https://bugs.webkit.org/show_bug.cgi?id=59205
Just add a little type fudging to make it harder to
incorrectly assign through a HandleSlot.
* API/JSCallbackObjectFunctions.h:
(JSC::::init):
* JavaScriptCore.exp:
* heap/Handle.h:
(JSC::HandleBase::operator!):
(JSC::HandleBase::operator UnspecifiedBoolType*):
(JSC::HandleTypes::getFromSlot):
* heap/HandleHeap.cpp:
(JSC::HandleHeap::markStrongHandles):
(JSC::HandleHeap::markWeakHandles):
(JSC::HandleHeap::finalizeWeakHandles):
(JSC::HandleHeap::writeBarrier):
(JSC::HandleHeap::protectedGlobalObjectCount):
(JSC::HandleHeap::isValidWeakNode):
* heap/HandleHeap.h:
(JSC::HandleHeap::copyWeak):
(JSC::HandleHeap::makeWeak):
(JSC::HandleHeap::Node::slot):
* heap/HandleStack.cpp:
(JSC::HandleStack::mark):
(JSC::HandleStack::grow):
* heap/HandleStack.h:
(JSC::HandleStack::zapTo):
(JSC::HandleStack::push):
* heap/Heap.cpp:
(JSC::HandleHeap::protectedObjectTypeCounts):
* heap/Local.h:
(JSC::::set):
* heap/Strong.h:
(JSC::Strong::set):
* heap/Weak.h:
(JSC::Weak::set):
* runtime/StructureTransitionTable.h:
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):
* runtime/WeakGCMap.h:
(JSC::WeakGCMap::add):
(JSC::WeakGCMap::set):
* runtime/WriteBarrier.h:
(JSC::OpaqueJSValue::toJSValue):
(JSC::OpaqueJSValue::toJSValueRef):
(JSC::OpaqueJSValue::fromJSValue):
2011-04-22 Patrick Gansterer <paroga@webkit.org>
Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r84583.
http://trac.webkit.org/changeset/84583
https://bugs.webkit.org/show_bug.cgi?id=59173
"broke
http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js
/Object-create.html" (Requested by ggaren on #webkit).
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorCreate):
2011-04-21 Maciej Stachowiak <mjs@apple.com>
Reviewed by Adam Roben.
Add a feature define to allow <details> and <summary> to be disabled
https://bugs.webkit.org/show_bug.cgi?id=59118
<rdar://problem/9257045>
* Configurations/FeatureDefines.xcconfig:
2011-04-21 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Object.create creates uncachable objects
https://bugs.webkit.org/show_bug.cgi?id=59164
Use the prototype object's inheritorID, as we
should always have done
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorCreate):
2011-04-21 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Start moving to a general visitor pattern for GC traversal
https://bugs.webkit.org/show_bug.cgi?id=59141
This is just a rename:
markChildren -> visitChildren
markAggregate -> visitAggregate
markStack -> visitor
MarkStack -> typedef'd to SlotVisitor
* API/JSCallbackObject.h:
(JSC::JSCallbackObjectData::visitChildren):
(JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
(JSC::JSCallbackObject::visitChildren):
* JavaScriptCore.exp:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitStructures):
(JSC::EvalCodeCache::visitAggregate):
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
* bytecode/EvalCodeCache.h:
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::visitAggregate):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::visitAggregate):
* bytecode/StructureStubInfo.h:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::visitChildren):
* debugger/DebuggerActivation.h:
* heap/HandleHeap.cpp:
(JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
(JSC::HandleHeap::markStrongHandles):
(JSC::HandleHeap::markWeakHandles):
* heap/HandleHeap.h:
* heap/HandleStack.cpp:
(JSC::HandleStack::mark):
* heap/HandleStack.h:
* heap/Heap.cpp:
(JSC::Heap::markProtectedObjects):
(JSC::Heap::markTempSortVectors):
(JSC::Heap::markRoots):
* heap/Heap.h:
* heap/MarkStack.cpp:
(JSC::MarkStack::visitChildren):
(JSC::MarkStack::drain):
* heap/MarkStack.h:
(JSC::HeapRootVisitor::HeapRootVisitor):
(JSC::HeapRootVisitor::mark):
(JSC::HeapRootVisitor::visitor):
* heap/MarkedSpace.h:
* runtime/ArgList.cpp:
(JSC::MarkedArgumentBuffer::markLists):
* runtime/ArgList.h:
* runtime/Arguments.cpp:
(JSC::Arguments::visitChildren):
* runtime/Arguments.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):
* runtime/Executable.h:
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::visitChildren):
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSActivation.cpp:
(JSC::JSActivation::visitChildren):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::visitChildren):
* runtime/JSArray.h:
(JSC::JSArray::visitDirect):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::visitChildren):
* runtime/JSFunction.cpp:
(JSC::JSFunction::visitChildren):
* runtime/JSFunction.h:
* runtime/JSGlobalObject.cpp:
(JSC::visitIfNeeded):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren):
* runtime/JSObject.h:
(JSC::JSObject::visitDirect):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::visitChildren):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::visitChildren):
* runtime/JSStaticScopeObject.h:
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::TypeInfo):
(JSC::TypeInfo::overridesVisitChildren):
* runtime/JSWrapperObject.cpp:
(JSC::JSWrapperObject::visitChildren):
* runtime/JSWrapperObject.h:
* runtime/JSZombie.h:
(JSC::JSZombie::visitChildren):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::visitChildren):
* runtime/NativeErrorConstructor.h:
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::visitChildren):
* runtime/RegExpObject.h:
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::visitChildren):
* runtime/ScopeChain.h:
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::visitChildren):
* runtime/SmallStrings.h:
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
* runtime/StructureChain.cpp:
(JSC::StructureChain::visitChildren):
* runtime/StructureChain.h:
(JSC::StructureChain::createStructure):
2011-04-21 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r84548.
http://trac.webkit.org/changeset/84548
https://bugs.webkit.org/show_bug.cgi?id=59144
Broke chromium-win build (Requested by aklein on #webkit).
* wtf/Platform.h:
2011-04-21 Adam Klein <adamk@chromium.org>
Reviewed by David Levin.
[fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion
https://bugs.webkit.org/show_bug.cgi?id=55728
Enable WTF_MULTIPLE_THREADS for Chromium.
* wtf/Platform.h:
2011-04-20 Michael Saboff <msaboff@apple.com>
Reviewed by Geoff Garen.
JSString::resolveRope inefficient for common 2 fiber case
https://bugs.webkit.org/show_bug.cgi?id=58994
Split JSString::resolveRope into three routines.
resolveRope allocates the new buffer and handles the 1 or 2
fiber case with single level fibers.
resolveRopeSlowCase handles the general case.
outOfMemory handles the rare out of memory exception case.
* runtime/JSString.cpp:
(JSC::JSString::resolveRope):
(JSC::JSString::resolveRopeSlowCase):
(JSC::JSString::outOfMemory):
* runtime/JSString.h:
2011-04-20 Adam Klein <adamk@chromium.org>
Reviewed by David Levin.
Rename all uses of JSC_MULTIPLE_THREADS under wtf/... to WTF_MULTIPLE_THREADS
https://bugs.webkit.org/show_bug.cgi?id=59040
This will be used to fix https://bugs.webkit.org/show_bug.cgi?id=55728
by enabling WTF_MULTIPLE_THREADS for Chromium.
* wtf/CryptographicallyRandomNumber.cpp:
(WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
(WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
* wtf/FastMalloc.cpp:
* wtf/Platform.h:
Enable WTF_MULTIPLE_THREADS whenever JSC_MULTIPLE_THREADS is enabled.
* wtf/RandomNumber.cpp:
(WTF::randomNumber):
* wtf/RefCountedLeakCounter.cpp:
(WTF::RefCountedLeakCounter::increment):
(WTF::RefCountedLeakCounter::decrement):
* wtf/dtoa.cpp:
(WTF::pow5mult):
2011-04-20 Gavin Barraclough <barraclough@apple.com>
Rubber stamped by Geoff Garen
Bug 59069 - DFG JIT - register allocate r8, r9, r10
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::gprToRegisterID):
2011-04-20 Gavin Barraclough <barraclough@apple.com>
Build fix - revert accidental change.
* wtf/Platform.h:
2011-04-20 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Add SAMPLING_FLAGS tool to DFG JIT.
* bytecode/SamplingTool.h:
(JSC::SamplingFlags::addressOfFlags):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::setSamplingFlag):
(JSC::DFG::JITCompiler::clearSamplingFlag):
* dfg/DFGJITCompiler.h:
* jit/JITInlineMethods.h:
(JSC::JIT::setSamplingFlag):
(JSC::JIT::clearSamplingFlag):
* wtf/Platform.h:
2011-04-20 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 59022 - DFG JIT - Optimize branch-on-relational-compare
If a relational compare (< or <=) is immediately followed by a branch,
we can combine the two, avoiding generation of a boolean into a register.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branch32):
(JSC::MacroAssemblerX86Common::invert):
(JSC::MacroAssemblerX86Common::commute):
* dfg/DFGNode.h:
(JSC::DFG::Node::adjustedRefCount):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isJSConstantWithInt32Value):
(JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2011-04-20 Gavin Barraclough <barraclough@apple.com>
ARMv7 build fix II.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::softModulo):
2011-04-20 Gavin Barraclough <barraclough@apple.com>
ARMv7 build fix.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::test8):
2011-04-19 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Rationalize MacroAssembler branch methods
https://bugs.webkit.org/show_bug.cgi?id=58950
The MacroAssembler currently exposes x86's weird behaviour that the 'setcc'
instruction only sets the low 8 bits of a register. Stop that.
Having done so, to clarify remove the 'set32' prefix from test & compare
instructions - these methods all now set a full 32/64 bit register (Ptr size).
The size in the function name should indicate the amount of data being compared.
Also split out the 'Condition' enum into 'RelationalCondition' and
'ResultCondition'. The former is used in binary comparison, the latter is a unary
condition check on the result of an operation.
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::branchPtr):
(JSC::MacroAssembler::branch32):
(JSC::MacroAssembler::branch16):
(JSC::MacroAssembler::branchTestPtr):
(JSC::MacroAssembler::comparePtr):
(JSC::MacroAssembler::branchAddPtr):
(JSC::MacroAssembler::branchSubPtr):
(JSC::MacroAssembler::branchTest8):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::branch8):
(JSC::MacroAssemblerARM::branch32):
(JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerARM::branch16):
(JSC::MacroAssemblerARM::branchTest8):
(JSC::MacroAssemblerARM::branchTest32):
(JSC::MacroAssemblerARM::branchAdd32):
(JSC::MacroAssemblerARM::branchMul32):
(JSC::MacroAssemblerARM::branchSub32):
(JSC::MacroAssemblerARM::branchNeg32):
(JSC::MacroAssemblerARM::branchOr32):
(JSC::MacroAssemblerARM::compare32):
(JSC::MacroAssemblerARM::test32):
(JSC::MacroAssemblerARM::test8):
(JSC::MacroAssemblerARM::branchPtrWithPatch):
(JSC::MacroAssemblerARM::ARMCondition):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::branch32):
(JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerARMv7::branch16):
(JSC::MacroAssemblerARMv7::branch8):
(JSC::MacroAssemblerARMv7::branchTest32):
(JSC::MacroAssemblerARMv7::branchTest8):
(JSC::MacroAssemblerARMv7::branchAdd32):
(JSC::MacroAssemblerARMv7::branchMul32):
(JSC::MacroAssemblerARMv7::branchOr32):
(JSC::MacroAssemblerARMv7::branchSub32):
(JSC::MacroAssemblerARMv7::compare32):
(JSC::MacroAssemblerARMv7::test32):
(JSC::MacroAssemblerARMv7::test8):
(JSC::MacroAssemblerARMv7::branchPtrWithPatch):
(JSC::MacroAssemblerARMv7::makeBranch):
(JSC::MacroAssemblerARMv7::armV7Condition):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::branch8):
(JSC::MacroAssemblerMIPS::branch32):
(JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerMIPS::branch16):
(JSC::MacroAssemblerMIPS::branchTest32):
(JSC::MacroAssemblerMIPS::branchTest8):
(JSC::MacroAssemblerMIPS::branchAdd32):
(JSC::MacroAssemblerMIPS::branchMul32):
(JSC::MacroAssemblerMIPS::branchSub32):
(JSC::MacroAssemblerMIPS::branchOr32):
(JSC::MacroAssemblerMIPS::compare32):
(JSC::MacroAssemblerMIPS::test8):
(JSC::MacroAssemblerMIPS::test32):
(JSC::MacroAssemblerMIPS::branchPtrWithPatch):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::branch32):
(JSC::MacroAssemblerX86::branchPtrWithPatch):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branch8):
(JSC::MacroAssemblerX86Common::branch32):
(JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerX86Common::branch16):
(JSC::MacroAssemblerX86Common::branchTest32):
(JSC::MacroAssemblerX86Common::branchTest8):
(JSC::MacroAssemblerX86Common::branchAdd32):
(JSC::MacroAssemblerX86Common::branchMul32):
(JSC::MacroAssemblerX86Common::branchSub32):
(JSC::MacroAssemblerX86Common::branchNeg32):
(JSC::MacroAssemblerX86Common::branchOr32):
(JSC::MacroAssemblerX86Common::compare32):
(JSC::MacroAssemblerX86Common::test8):
(JSC::MacroAssemblerX86Common::test32):
(JSC::MacroAssemblerX86Common::x86Condition):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::comparePtr):
(JSC::MacroAssemblerX86_64::branchPtr):
(JSC::MacroAssemblerX86_64::branchTestPtr):
(JSC::MacroAssemblerX86_64::branchAddPtr):
(JSC::MacroAssemblerX86_64::branchSubPtr):
(JSC::MacroAssemblerX86_64::branchPtrWithPatch):
(JSC::MacroAssemblerX86_64::branchTest8):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_eq):
(JSC::JIT::emit_op_neq):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_eq):
(JSC::JIT::emit_op_neq):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
2011-04-20 Balazs Kelemen <kbalazs@webkit.org>
Reviewed by Csaba Osztrogonác.
[Qt] Cleanup includepath adjustment for generated files
https://bugs.webkit.org/show_bug.cgi?id=58869
* JavaScriptCore.pri: Add the directory of generated files to the include
path with absolute path to make it valid in the final build step.
2011-04-19 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Remove unneeded deprecated methods from MarkStack
https://bugs.webkit.org/show_bug.cgi?id=58853
Remove deprecated methods
* heap/MarkStack.h:
2011-04-19 Mark Rowe <mrowe@apple.com>
Things work best when the Xcode project refers to the file at a path that exists.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-04-19 Renata Hodovan <reni@webkit.org>
Reviewed by Eric Seidel.
Move the alignment related macros in Vector.h to new Alignment.h.
https://bugs.webkit.org/show_bug.cgi?id=56000
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/Alignment.h: Added.
* wtf/CMakeLists.txt:
* wtf/Vector.h:
2011-04-19 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Remove DeprecatedPtr
https://bugs.webkit.org/show_bug.cgi?id=58718
Remove the class an all functions that still exist to support it.
* heap/MarkStack.h:
(JSC::MarkStack::append):
* runtime/JSValue.h:
* runtime/WriteBarrier.h:
2011-04-19 Jungshik Shin <jshin@chromium.org>
Reviewed by David Levin
Add U+FEFF (Zero width no-break space) to CharacterNames.h.
It's added to the list of characters to treat as zero-width
in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=48860
* wtf/unicode/CharacterNames.h:
2011-04-19 Csaba Osztrogonác <ossy@webkit.org>
[Qt] REGRESSION(84176): http/tests/xmlhttprequest/event-listener-gc.html fails
https://bugs.webkit.org/show_bug.cgi?id=58871
Unreviewed, rolling out r84176, r84178, r84186, r84212 and r84231.
http://trac.webkit.org/changeset/84176 (original patch)
http://trac.webkit.org/changeset/84178 (original patch - part 2)
http://trac.webkit.org/changeset/84186 (build fix)
http://trac.webkit.org/changeset/84212
http://trac.webkit.org/changeset/84231 (skip failing test)
original bugs:
- https://bugs.webkit.org/show_bug.cgi?id=58718
- https://bugs.webkit.org/show_bug.cgi?id=58853
* heap/MarkStack.h:
(JSC::MarkStack::deprecatedAppendValues):
(JSC::MarkStack::append):
(JSC::MarkStack::deprecatedAppend):
* runtime/JSValue.h:
* runtime/WriteBarrier.h:
(JSC::DeprecatedPtr::DeprecatedPtr):
(JSC::DeprecatedPtr::get):
(JSC::DeprecatedPtr::operator*):
(JSC::DeprecatedPtr::operator->):
(JSC::DeprecatedPtr::slot):
(JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
(JSC::DeprecatedPtr::operator!):
(JSC::operator==):
2011-04-18 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Remove unneeded deprecated methods from MarkStack
https://bugs.webkit.org/show_bug.cgi?id=58853
Remove deprecated methods
* heap/MarkStack.h:
2011-04-18 Oliver Hunt <oliver@apple.com>
Reviewed by Adam Roben.
Off by one initialising repeat callframe
https://bugs.webkit.org/show_bug.cgi?id=58838
<rdar://problem/8756810>
If the end of a callframe made for a repeat call landed on
a page boundary the following page may not have been committed
which means that the off by one could lead to a crash. However
it could only happen in this case and only on windows which is
why it was so hard to repro. Alas given the steps needed to
reproduce are such that it's not really possible to make a
testcase.
This fix makes the code a little less squirrely by not trying
to avoid the unnecessary initialisation of |this|.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::prepareForRepeatCall):
2011-04-18 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
Bug 58829 - DFG JIT - Optimize add/sub immediate, multiply.
Add code generation for add/subtract instruction with immediate operands
(where a child is a constant), and don't bail to non-speculative if an
integer multiple results in a +0 result (only if it should be generating -0).
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isDoubleConstantWithInt32Value):
2011-04-18 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
Bug 58817 - DFG JIT - if speculative compilation fails, throw away code.
If we detect a logical conflict, throw away generated code,
and only compile through the NonSpeculativeJIT.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::rewindToLabel):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::rewindToOffset):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branchAdd32):
(JSC::MacroAssemblerX86Common::branchSub32):
* assembler/X86Assembler.h:
(JSC::X86Assembler::rewindToLabel):
(JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkSpeculationChecks):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
2011-04-18 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Remove DeprecatedPtr
https://bugs.webkit.org/show_bug.cgi?id=58718
As simple as it sounds.
* runtime/JSValue.h:
* runtime/WriteBarrier.h:
2011-04-17 Cameron Zwarich <zwarich@apple.com>
Reviewed by Dan Bernstein.
JSC no longer builds with Clang due to -Woverloaded-virtual warning
https://bugs.webkit.org/show_bug.cgi?id=58760
Rename Structure's specificValue overload of put to putSpecificValue to avoid
Clang's warning for overloading a virtual function.
* runtime/Structure.cpp:
(JSC::Structure::addPropertyTransition):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::putSpecificValue):
* runtime/Structure.h:
2011-04-17 Patrick Gansterer <paroga@webkit.org>
Reviewed by Adam Barth.
Remove WTF_PLATFORM_SGL
https://bugs.webkit.org/show_bug.cgi?id=58743
WTF_PLATFORM_SGL and PLATFORM(SGL) are not used in the code anywhere.
* wtf/Platform.h:
2011-04-17 Patrick Gansterer <paroga@webkit.org>
Reviewed by Adam Barth.
Rename PLATFORM(CA) to USE(CA)
https://bugs.webkit.org/show_bug.cgi?id=58742
* wtf/Platform.h:
2011-04-17 Patrick Gansterer <paroga@webkit.org>
Reviewed by Adam Barth.
Rename PLATFORM(CG) to USE(CG)
https://bugs.webkit.org/show_bug.cgi?id=58729
* wtf/Platform.h:
2011-04-16 Patrick Gansterer <paroga@webkit.org>
Reviewed by Eric Seidel.
Rename PLATFORM(CAIRO) to USE(CAIRO)
https://bugs.webkit.org/show_bug.cgi?id=55192
* wtf/Platform.h:
* wtf/gobject/GTypedefs.h:
2011-04-15 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r84067.
http://trac.webkit.org/changeset/84067
https://bugs.webkit.org/show_bug.cgi?id=58724
qt build are failing. (Requested by loislo2 on #webkit).
* heap/MarkStack.h:
(JSC::MarkStack::append):
* runtime/JSValue.h:
* runtime/WriteBarrier.h:
(JSC::DeprecatedPtr::DeprecatedPtr):
(JSC::DeprecatedPtr::get):
(JSC::DeprecatedPtr::operator*):
(JSC::DeprecatedPtr::operator->):
(JSC::DeprecatedPtr::slot):
(JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
(JSC::DeprecatedPtr::operator!):
(JSC::operator==):
2011-04-15 Shishir Agrawal <shishir@chromium.org>
Reviewed by James Robinson.
Add a flag to guard Page Visibility API changes.
https://bugs.webkit.org/show_bug.cgi?id=58464
* Configurations/FeatureDefines.xcconfig:
2011-04-15 Gavin Barraclough <barraclough@apple.com>
Errrk! - build fix from !x86-64.
* dfg/DFGNode.h:
2011-04-15 David Levin <levin@chromium.org>
Revert of r83974.
JavaScriptCore shouldn't depend on ../ThirdParty/gtest/xcode/gtest.xcodeproj
https://bugs.webkit.org/show_bug.cgi?id=58716
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/tests/RunAllWtfTests.cpp: Removed.
* wtf/tests/StringTests.cpp: Removed.
2011-04-15 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Remove DeprecatedPtr
https://bugs.webkit.org/show_bug.cgi?id=58718
As simple as it sounds.
* heap/MarkStack.h:
(JSC::MarkStack::append):
* runtime/JSValue.h:
* runtime/WriteBarrier.h:
2011-04-15 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Add a simple tool to gather statistics on whether functions
are completed through the new or old JIT.
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
2011-04-15 Oliver Hunt <oliver@apple.com>
GC allocate Structure
https://bugs.webkit.org/show_bug.cgi?id=58483
Rolling r83894 r83827 r83810 r83809 r83808 back in with
a workaround for the gcc bug seen by the gtk bots
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::createStructure):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::createStructure):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::createStructure):
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
* API/JSContextRef.cpp:
* JavaScriptCore.JSVALUE32_64only.exp:
* JavaScriptCore.JSVALUE64only.exp:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::markStructures):
(JSC::CodeBlock::markAggregate):
* bytecode/CodeBlock.h:
(JSC::MethodCallLinkInfo::setSeen):
(JSC::GlobalResolveInfo::GlobalResolveInfo):
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
(JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
(JSC::PolymorphicAccessStructureList::markAggregate):
(JSC::Instruction::Instruction):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::markAggregate):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::initGetByIdSelf):
(JSC::StructureStubInfo::initGetByIdProto):
(JSC::StructureStubInfo::initGetByIdChain):
(JSC::StructureStubInfo::initPutByIdTransition):
(JSC::StructureStubInfo::initPutByIdReplace):
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::DebuggerActivation):
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::createStructure):
* heap/Handle.h:
* heap/MarkStack.cpp:
(JSC::MarkStack::markChildren):
(JSC::MarkStack::drain):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::sweep):
* heap/Strong.h:
(JSC::Strong::Strong):
(JSC::Strong::set):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::resolveGlobal):
(JSC::Interpreter::resolveGlobalDynamic):
(JSC::Interpreter::tryCachePutByID):
(JSC::Interpreter::uncachePutByID):
(JSC::Interpreter::tryCacheGetByID):
(JSC::Interpreter::uncacheGetByID):
(JSC::Interpreter::privateExecute):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::patchMethodCallProto):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::patchMethodCallProto):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITStubs.cpp:
(JSC::JITThunks::tryCachePutByID):
(JSC::JITThunks::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::getPolymorphicAccessStructureListSlot):
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
* jsc.cpp:
(cleanupGlobalData):
* runtime/Arguments.h:
(JSC::Arguments::createStructure):
(JSC::Arguments::Arguments):
(JSC::JSActivation::copyRegisters):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
(JSC::constructArrayWithSizeQuirk):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
(JSC::arrayProtoFuncSplice):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/BooleanObject.h:
(JSC::BooleanObject::createStructure):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
* runtime/DateConstructor.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
* runtime/DateInstance.h:
(JSC::DateInstance::createStructure):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
* runtime/DatePrototype.h:
(JSC::DatePrototype::createStructure):
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
* runtime/ErrorConstructor.h:
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
(JSC::ErrorInstance::create):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::createStructure):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
* runtime/Executable.cpp:
* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):
(JSC::NativeExecutable::NativeExecutable):
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::createStructure):
* runtime/GetterSetter.h:
(JSC::GetterSetter::GetterSetter):
(JSC::GetterSetter::createStructure):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
(JSC::InternalFunction::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
* runtime/JSActivation.h:
(JSC::JSActivation::createStructure):
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::JSByteArray):
(JSC::JSByteArray::createStructure):
* runtime/JSByteArray.h:
(JSC::JSByteArray::JSByteArray):
* runtime/JSCell.cpp:
(JSC::isZombie):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::JSCell):
(JSC::JSCell::JSCell::addressOfStructure):
(JSC::JSCell::JSCell::structure):
(JSC::JSCell::JSCell::markChildren):
(JSC::JSCell::JSValue::isZombie):
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
* runtime/JSFunction.h:
(JSC::JSFunction::createStructure):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::storeVPtrs):
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::clearBuiltinStructures):
(JSC::JSGlobalData::createLeaked):
* runtime/JSGlobalData.h:
(JSC::allocateGlobalHandle):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::markChildren):
(JSC::JSGlobalObject::copyGlobalsFrom):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::createStructure):
(JSC::Structure::prototypeChain):
(JSC::Structure::isValid):
(JSC::constructEmptyArray):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::JSNotAnObject):
(JSC::JSNotAnObject::createStructure):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
* runtime/JSONObject.h:
(JSC::JSONObject::createStructure):
* runtime/JSObject.cpp:
(JSC::JSObject::defineGetter):
(JSC::JSObject::defineSetter):
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::removeDirect):
(JSC::JSObject::createInheritorID):
* runtime/JSObject.h:
(JSC::JSObject::createStructure):
(JSC::JSObject::JSObject):
(JSC::JSNonFinalObject::createStructure):
(JSC::JSNonFinalObject::JSNonFinalObject):
(JSC::JSFinalObject::create):
(JSC::JSFinalObject::createStructure):
(JSC::JSFinalObject::JSFinalObject):
(JSC::constructEmptyObject):
(JSC::createEmptyObjectStructure):
(JSC::JSObject::~JSObject):
(JSC::JSObject::setPrototype):
(JSC::JSObject::setStructure):
(JSC::JSObject::inheritorID):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::transitionTo):
(JSC::JSObject::markChildrenDirect):
* runtime/JSObjectWithGlobalObject.cpp:
(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
* runtime/JSObjectWithGlobalObject.h:
(JSC::JSObjectWithGlobalObject::createStructure):
(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::JSPropertyNameIterator):
(JSC::JSPropertyNameIterator::create):
(JSC::JSPropertyNameIterator::get):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
(JSC::JSPropertyNameIterator::setCachedStructure):
(JSC::Structure::setEnumerationCache):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::JSStaticScopeObject):
(JSC::JSStaticScopeObject::createStructure):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::createStructure):
* runtime/JSType.h:
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::TypeInfo):
* runtime/JSValue.h:
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::createStructure):
(JSC::JSVariableObject::JSVariableObject):
(JSC::JSVariableObject::copyRegisterArray):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::createStructure):
(JSC::JSWrapperObject::JSWrapperObject):
* runtime/JSZombie.cpp:
* runtime/JSZombie.h:
(JSC::JSZombie::JSZombie):
(JSC::JSZombie::createStructure):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
* runtime/MathObject.h:
(JSC::MathObject::createStructure):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
(JSC::NativeErrorConstructor::markChildren):
(JSC::constructWithNativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::createStructure):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::createStructure):
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::createStructure):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
* runtime/ObjectPrototype.h:
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::PropertyTable):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
(JSC::RegExpMatchesArray::RegExpMatchesArray):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::createStructure):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
* runtime/RegExpObject.h:
(JSC::RegExpObject::createStructure):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/RegExpPrototype.h:
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
(JSC::ScopeChainNode::createStructure):
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::StrictEvalActivation):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
* runtime/StringObject.h:
(JSC::StringObject::createStructure):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
(JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
(JSC::StringPrototype::createStructure):
* runtime/Structure.cpp:
(JSC::StructureTransitionTable::remove):
(JSC::StructureTransitionTable::add):
(JSC::Structure::Structure):
(JSC::Structure::~Structure):
(JSC::Structure::materializePropertyMap):
(JSC::Structure::addPropertyTransitionToExistingStructure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::removePropertyTransition):
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::getterSetterTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::toCacheableDictionaryTransition):
(JSC::Structure::toUncacheableDictionaryTransition):
(JSC::Structure::sealTransition):
(JSC::Structure::freezeTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::copyPropertyTable):
(JSC::Structure::put):
(JSC::Structure::markChildren):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::setPrototypeWithoutTransition):
(JSC::Structure::createStructure):
(JSC::JSCell::createDummyStructure):
(JSC::StructureTransitionTable::keyForWeakGCMapFinalizer):
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
(JSC::StructureChain::markChildren):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
(JSC::StructureChain::head):
(JSC::StructureChain::createStructure):
* runtime/StructureTransitionTable.h:
(JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
(JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
(JSC::StructureTransitionTable::~StructureTransitionTable):
(JSC::StructureTransitionTable::slot):
(JSC::StructureTransitionTable::setMap):
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::clearSingleTransition):
(JSC::StructureTransitionTable::setSingleTransition):
* runtime/WeakGCMap.h:
(JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
(JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
(JSC::WeakGCMap::contains):
(JSC::WeakGCMap::find):
(JSC::WeakGCMap::remove):
(JSC::WeakGCMap::add):
(JSC::WeakGCMap::set):
(JSC::WeakGCMap::finalize):
* runtime/WriteBarrier.h:
(JSC::writeBarrier):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
2011-04-15 Fridrich Strba <fridrich.strba@bluewin.ch>
Reviewed by Gavin Barraclough.
Correctly prefix symbols. Since gcc 4.5.0, Windows x64 symbols
are not prefixed by underscore anymore. This is consistent with
what MSVC does.
https://bugs.webkit.org/show_bug.cgi?id=58573
* jit/JITStubs.cpp:
2011-04-15 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
Bug 58705 - DFG JIT Add support for flow control (branch, jump).
Add support for control flow by breaking the CodeBlock up into multiple
basic blocks, generating code for each basic block in turn through the
speculative JIT & then the non-speculative JIT.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::setTemporary):
(JSC::DFG::ByteCodeParser::addToGraph):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::BasicBlock::getBytecodeOffset):
(JSC::DFG::Graph::blockIndexForBytecodeOffset):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::JITCodeGenerator):
(JSC::DFG::JITCodeGenerator::addBranch):
(JSC::DFG::JITCodeGenerator::linkBranches):
(JSC::DFG::JITCodeGenerator::BranchRecord::BranchRecord):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::isJump):
(JSC::DFG::Node::isBranch):
(JSC::DFG::Node::takenBytecodeOffset):
(JSC::DFG::Node::notTakenBytecodeOffset):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
2011-04-15 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
Bug 58701 - DFG JIT - add GetLocal/SetLocal nodes
Use these for both access to arguments & local variables, adds ability
to set locals, such that values will persist between basic blocks.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::getVariable):
(JSC::DFG::ByteCodeParser::setVariable):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::getThis):
(JSC::DFG::ByteCodeParser::setThis):
(JSC::DFG::ByteCodeParser::VariableRecord::VariableRecord):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::derefChildren):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::ref):
(JSC::DFG::Graph::deref):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasLocal):
(JSC::DFG::Node::local):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-04-15 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 58696 - DFG JIT split handling of vars/temporaries
Presently all callee registers are treated as having single block scope,
since the DFG JIT can only compile single block functions. In order to
expand the JIT to support control flow we will need to change to retaining
locals (but not temporaries) across basic block boundaries.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::set):
(JSC::DFG::ByteCodeParser::getVariable):
(JSC::DFG::ByteCodeParser::setVariable):
(JSC::DFG::ByteCodeParser::getTemporary):
(JSC::DFG::ByteCodeParser::setTemporary):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::getInt32Constant):
(JSC::DFG::ByteCodeParser::getDoubleConstant):
(JSC::DFG::ByteCodeParser::getJSConstant):
(JSC::DFG::ByteCodeParser::constantUndefined):
(JSC::DFG::ByteCodeParser::constantNull):
(JSC::DFG::ByteCodeParser::one):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):
(JSC::DFG::parse):
* dfg/DFGNode.h:
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::ScoreBoard):
(JSC::DFG::ScoreBoard::~ScoreBoard):
(JSC::DFG::ScoreBoard::allocate):
(JSC::DFG::ScoreBoard::use):
2011-04-15 Michael Saboff <msaboff@apple.com>
Reviewed by Oliver Hunt.
globalObject moved to JSObjectWithGlobalObject.cpp inhibits inlining
https://bugs.webkit.org/show_bug.cgi?id=58677
Moved JSObjectWithGlobalObject::globalObject() to
runtime/JSObjectWithGlobalObject.h to allow the compiler to inline
it for a performance benefit. An equivalent instance had been in
a header file before r60057.
* JavaScriptCore.exp:
* runtime/JSObjectWithGlobalObject.cpp:
* runtime/JSObjectWithGlobalObject.h:
(JSC::JSObjectWithGlobalObject::globalObject):
2011-04-14 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make JSNodeFilterCondition handle its lifetime correctly
https://bugs.webkit.org/show_bug.cgi?id=58622
Add export
* JavaScriptCore.exp:
2011-04-14 Alexey Proskuryakov <ap@apple.com>
Reviewed by Dan Bernstein.
WebKit2: Password field input does not switch to ASCII-compatible source
https://bugs.webkit.org/show_bug.cgi?id=58583
<rdar://problem/9059651>
* wtf/Platform.h: Removed WTF_USE_CARBON_SECURE_INPUT_MODE. It's now only used by Chromium,
and shouldn't be enabled on any other platforms, so there is no reason to make it
configurable via Platform.h.
2011-04-15 Dmitry Lomov <dslomov@google.com>
Reviewed by David Levin.
Add a sample test case for GTest framework
https://bugs.webkit.org/show_bug.cgi?id=58509
Add an example of GTest testcase, complete with a runner, to JavaScriptCore.
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/tests/RunAllWtfTests.cpp: Added.
(main):
* wtf/tests/StringTests.cpp: Added.
2011-04-15 Anna Cavender <annacc@chromium.org>
Reviewed by Eric Carlson.
Renaming TRACK feature define to VIDEO_TRACK
https://bugs.webkit.org/show_bug.cgi?id=53556
* Configurations/FeatureDefines.xcconfig:
2011-04-14 Gavin Barraclough <barraclough@apple.com>
Rubber stamped by Geoffrey Garen.
Hide DFG_JIT_RESTRICTIONS behind ARITHMETIC_OP() macro, and rename
m_regressionGuard to m_parseFailed, such that it can be reused for
other failure cases.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::parse):
2011-04-14 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoffrey Garen.
Bug 58620 - DFG JIT - loading of arguments should not be lazy
This optimization is overly simplistic. It only works because we never
write out definitions to arguments (since we currently only compile
single block functions). Revert this for now, we may want to reintroduce
something like this again in the future, but it will need to be aware
how to schedule definitions to arguments versus lazy loads that have not
yet been performed.
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::needsSpill):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::initConstantInfo):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::JITCompiler::fillInt32ToInteger):
(JSC::DFG::JITCompiler::fillToJS):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::isKnownInteger):
(JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compile):
2011-04-14 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoffrey Garen.
Bug 58600 - DFG JIT bugs in ValueToInt, PutByVal
The bug in PutByVal is that an operand is in JSValueOperand - when this
locks an integer into a register it will always retag the value without
checking if the register is already locked. This is a problem where the
value being stored by a PutByVal is the same as the subscript.
The subscript is locked into a register first, as a strict integer.
Locking the value results in the subscript being modified.
The bug in ValueToInt related to the function of sillentFillAllRegisters.
The problem is that this method will restore all register values from
prior to the call, overwriting the result of the call out. Allow a
register to be passed to specifically be excluded from being preserved.
* assembler/ARMAssembler.h:
(JSC::ARMAssembler::debugOffset):
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::debugOffset):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::debugOffset):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::debugAddress):
* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::debugOffset):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::orPtr):
* assembler/X86Assembler.h:
(JSC::X86Assembler::debugOffset):
(JSC::X86Assembler::X86InstructionFormatter::debugOffset):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGenerationInfo.h:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::isConstant):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::isConstant):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::valueToNumber):
(JSC::DFG::NonSpeculativeJIT::valueToInt32):
(JSC::DFG::NonSpeculativeJIT::numberToInt32):
(JSC::DFG::NonSpeculativeJIT::isKnownInteger):
(JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
(JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
(JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
(JSC::DFG::NonSpeculativeJIT::silentFillGPR):
(JSC::DFG::NonSpeculativeJIT::silentFillFPR):
(JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
(JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2011-04-14 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Drain the mark stack while marking weak handles, not after.
https://bugs.webkit.org/show_bug.cgi?id=58574
Otherwise, items that would have caused more weak handle marking are
processed after all weak handle marking has finished, and referenced
weak handles get recycled.
* heap/HandleHeap.cpp:
(JSC::HandleHeap::markWeakHandles): Removed looping from here, since we
want Heap::markRoots to be responsible for draining the mark stack.
* heap/Heap.cpp:
(JSC::Heap::markRoots): Moved looping to here, as explained above.
For efficiency's sake, drain the mark stack before starting to mark weak
handles. Otherwise, items drained while marking weak handles may force
an extra trip through the weak handle list.
For correctness's sake, drain the mark stack each time through the weak
handle list. Otherwise, opaque roots that would make weak handles reachable
are not discovered until after weak handle marking is over.
2011-04-14 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make protected object list in caches window reflect reality
https://bugs.webkit.org/show_bug.cgi?id=58565
Make sure the heap includes objects protected by Strong handles
in its list of protected objects.
* heap/HandleHeap.h:
* heap/Heap.cpp:
(JSC::HandleHeap::protectedObjectTypeCounts):
2011-04-14 Satish Sampath <satish@chromium.org>
Reviewed by Anders Carlsson.
Don't emit RegExp tables for chromium where they are not used
https://bugs.webkit.org/show_bug.cgi?id=58544
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* create_regex_tables: Added the "--notables" command line argument.
2011-04-13 Geoffrey Garen <ggaren@apple.com>
Try to fix ASSERTs seen on Windows bots.
* wtf/HashTable.h:
(WTF::hashTableSwap): Force MSVC to use the right version of swap.
2011-04-13 Ryuan Choi <ryuan.choi@samsung.com>
Reviewed by Kenneth Rohde Christiansen.
[CMAKE] Separate DerivedSources.
https://bugs.webkit.org/show_bug.cgi?id=58427
* CMakeLists.txt: Change DERIVED_SOURCES_DIR to DERIVED_SOURCES_JAVASCRIPTCORE_DIR.
2011-04-13 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Switched DOM wrappers to use HashMap of Weak<T> instead of WeakGCMap<T>
https://bugs.webkit.org/show_bug.cgi?id=58482
This will allow wrappers to make individual decisions about their lifetimes.
* heap/HandleHeap.h:
(JSC::HandleHeap::copyWeak): New function for copying a weak handle.
It's wasn't previously possible to perform this operation using HandleHeap
API because the HandleHeap doesn't expose its underlying Node structure.
* heap/Local.h:
(JSC::::set):
* heap/Strong.h:
(JSC::Strong::set): Added ASSERTs to verify that dead objects are not
resurrected by placement into handles.
(JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
is efficient.
* heap/Weak.h:
(JSC::Weak::Weak): Fixed a bug where copying a weak pointer would not
copy its weak callback and context.
(JSC::Weak::operator=): Added an assignment operator, since the default
C++ assignment operator did the wrong thing.
(JSC::Weak::set): Added ASSERTs to verify that dead objects are not
resurrected by placement into handles.
(JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
is efficient, and can be done without copying, which is illegal during
the handle finalization phase.
2011-04-13 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make PropertyMapEntry use a WriteBarrier for specificValue
https://bugs.webkit.org/show_bug.cgi?id=58407
Make PropertyMapEntry use a WriteBarrier for specificValue, and then
propagate the required JSGlobalData through all the methods it ends
up being needed.
* API/JSClassRef.cpp:
(OpaqueJSClass::prototype):
* API/JSContextRef.cpp:
* API/JSObjectRef.cpp:
(JSObjectMake):
(JSObjectSetPrototype):
* JavaScriptCore.exp:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* interpreter/Interpreter.cpp:
(JSC::appendSourceToError):
(JSC::Interpreter::tryCacheGetByID):
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::JITThunks::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):
* runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnPropertySlot):
* runtime/JSFunction.cpp:
(JSC::JSFunction::name):
(JSC::JSFunction::displayName):
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::putWithAttributes):
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::resetPrototype):
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::put):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::defineGetter):
(JSC::JSObject::defineSetter):
(JSC::JSObject::lookupGetter):
(JSC::JSObject::lookupSetter):
(JSC::JSObject::getPropertySpecificValue):
(JSC::JSObject::getOwnPropertyNames):
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::removeDirect):
(JSC::JSObject::getOwnPropertyDescriptor):
(JSC::JSObject::defineOwnProperty):
* runtime/JSObject.h:
(JSC::JSObject::getDirect):
(JSC::JSObject::getDirectLocation):
(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::setPrototypeWithCycleCheck):
(JSC::JSObject::setPrototype):
(JSC::JSObject::inlineGetOwnPropertySlot):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectFunctionWithoutTransition):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorCreate):
(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::objectConstructorPreventExtensions):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):
* runtime/Operations.h:
(JSC::normalizePrototypeChain):
* runtime/PropertyMapHashTable.h:
(JSC::PropertyMapEntry::PropertyMapEntry):
(JSC::PropertyTable::PropertyTable):
(JSC::PropertyTable::copy):
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):
(JSC::Structure::despecifyDictionaryFunction):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::removePropertyTransition):
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::getterSetterTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::toCacheableDictionaryTransition):
(JSC::Structure::toUncacheableDictionaryTransition):
(JSC::Structure::sealTransition):
(JSC::Structure::freezeTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):
(JSC::Structure::copyPropertyTable):
(JSC::Structure::get):
(JSC::Structure::despecifyFunction):
(JSC::Structure::despecifyAllFunctions):
(JSC::Structure::put):
(JSC::Structure::getPropertyNames):
* runtime/Structure.h:
(JSC::Structure::get):
(JSC::Structure::materializePropertyMapIfNecessary):
2011-04-13 Paul Knight <pknight@apple.com>
Reviewed by Gavin Barraclough.
BACKTRACE() macro should check for Debug configuration in macro, not WTFReportBacktrace definition
https://bugs.webkit.org/show_bug.cgi?id=58405
The BACKTRACE() macro requires JavaScriptCore be built with a Debug
configuration in order for it to be enabled. Move the NDEBUG check to
the header so it will be enabled when the calling framework or
application is built with a Debug configuration, similar to how
ASSERT() and friends work.
* wtf/Assertions.cpp:
* wtf/Assertions.h:
2011-04-12 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Alexey Proskuryakov.
https://bugs.webkit.org/show_bug.cgi?id=58131
Provide a workaround for an obscure Studio 12 compiler bug, which
couldn't call src->~T() on a const T *src.
* wtf/Vector.h:
2011-04-12 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=58395
Exceptions thrown from property getters called from Array prototype functions can be missed
This is caught by an ASSERT in the top of Interpreter::executeCall.
Check for exceptions after accessing properties that could be getters.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
- Add exception checks.
2011-04-12 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make API callback objects use weak handles to run their finalizers
https://bugs.webkit.org/show_bug.cgi?id=58389
Make the API object's private data struct act as a finalizer for
an api object if the callback object has a API defined finalizer.
* API/JSCallbackObject.cpp:
(JSC::JSCallbackObjectData::finalize):
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::init):
* heap/Handle.h:
2011-04-12 Geoffrey Garen <ggaren@apple.com>
Reviewed by Geoffrey Garen.
Cleaned up hash traits, and added hash traits for handles
https://bugs.webkit.org/show_bug.cgi?id=58381
* heap/Handle.h:
(JSC::HandleBase::swap):
(JSC::Handle::Handle):
(JSC::Handle::swap): Implemented swap, so we can rehash efficiently, and
without creating new handles (which is not allowed during handle finalization).
* heap/Strong.h:
(JSC::Strong::swap): Use new SimpleClassHashTraits to avoid duplication.
* heap/Weak.h:
(JSC::Weak::isHashTableDeletedValue):
(JSC::Weak::Weak):
(JSC::Weak::swap):
(JSC::Weak::hashTableDeletedValue): Ditto.
* wtf/HashTraits.h:
(WTF::SimpleClassHashTraits::constructDeletedValue):
(WTF::SimpleClassHashTraits::isDeletedValue): Added SimpleClassHashTraits,
which are analogous to SimpleClassVectorTraits, since they are used in a
bunch of places.
* wtf/RetainPtr.h: Use new SimpleClassHashTraits to avoid duplication.
* wtf/text/StringHash.h: Use new SimpleClassHashTraits to avoid duplication.
2011-04-12 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Cleaned up some Vector traits, and added missing Vector traits for handles
https://bugs.webkit.org/show_bug.cgi?id=58372
* heap/Local.h: Inherit from SimpleClassVectorTraits to avoid duplication.
* heap/Strong.h: Ditto.
* heap/Weak.h: Ditto.
* parser/JSParser.cpp: Fixed a traits error. No test case because this
particular trait is not currently exercised by the parser.
* runtime/UString.h: No need to override canInitializeWithMemset, since
our base class sets it to true.
* wtf/VectorTraits.h: Inherit from VectorTraitsBase to avoid duplication.
* wtf/text/WTFString.h: No need to override canInitializeWithMemset, since
our base class sets it to true.
2011-04-12 Thouraya ANDOLSI <thouraya.andolsi@st.com>
Reviewed by Eric Seidel.
[Qt] Enable JIT build for SH4 platforms.
https://bugs.webkit.org/show_bug.cgi?id=58317
enable JIT build for QT backend for SH4 platforms.
* JavaScriptCore.pro:
* wtf/Platform.h:
2011-04-11 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Alexey Proskuryakov.
https://bugs.webkit.org/show_bug.cgi?id=58289
Fix compilation on Solaris/Studio 12 C++ in wtf/FastMalloc.cpp,
WTF::TCMalloc_PageHeap::runScavengerThread(void*) expected to return a value.
* wtf/FastMalloc.cpp:
(WTF::TCMalloc_PageHeap::runScavengerThread):
2011-04-11 Mark Rowe <mrowe@apple.com>
Fix the build.
* JavaScriptCore.xcodeproj/project.pbxproj: Headers used outside of JavaScriptCore need to be marked as private.
2011-04-11 Anna Cavender <annacc@chromium.org>
Reviewed by Eric Carlson.
Setup ENABLE(TRACK) feature define
https://bugs.webkit.org/show_bug.cgi?id=53556
* Configurations/FeatureDefines.xcconfig:
2011-04-11 Geoffrey Garen <ggaren@apple.com>
Try to fix a few builds.
Updated a few more build configurations for file moves.
* CMakeListsWinCE.txt:
2011-04-11 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64
The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload
separately on JSVALUE64, even though EncodedValueDescriptor is not used in
JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr
on X86_64. Using the union allows us to remove a layer of makeImmediate()/
immedaiteValue() methods.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITInlineMethods.h:
(JSC::JIT::emitTagAsBoolImmediate):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emitSlow_op_not):
* runtime/JSCell.h:
* runtime/JSValue.h:
* runtime/JSValueInlineMethods.h:
(JSC::JSValue::encode):
(JSC::JSValue::decode):
(JSC::JSValue::operator==):
(JSC::JSValue::operator!=):
(JSC::JSValue::JSValue):
(JSC::JSValue::operator bool):
(JSC::JSValue::asInt32):
(JSC::JSValue::isUndefinedOrNull):
(JSC::JSValue::isBoolean):
(JSC::JSValue::isCell):
(JSC::JSValue::isInt32):
(JSC::JSValue::asDouble):
(JSC::JSValue::isNumber):
(JSC::JSValue::asCell):
2011-04-11 Geoffrey Garen <ggaren@apple.com>
Try to fix a few builds.
Updated a few more build configurations for file moves.
* CMakeListsEfl.txt:
* wscript:
2011-04-11 Geoffrey Garen <ggaren@apple.com>
Build fix: Updated a file name.
* CMakeLists.txt:
2011-04-11 Geoffrey Garen <ggaren@apple.com>
Rubber-stamped by Sam Weinig.
Moved remaining heap implementation files to the heap folder.
* Android.mk:
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp.
* heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h.
* heap/Handle.h:
* heap/Heap.cpp:
* heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp.
* heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h.
* heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp.
* heap/MarkStack.h: Copied from runtime/MarkStack.h.
* heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp.
* heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp.
* heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp.
* heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp.
* heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h.
* heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp.
* heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h.
* interpreter/RegisterFile.cpp:
* runtime/ConservativeSet.cpp: Removed.
* runtime/ConservativeSet.h: Removed.
* runtime/MachineStackMarker.cpp: Removed.
* runtime/MachineStackMarker.h: Removed.
* runtime/MarkStack.cpp: Removed.
* runtime/MarkStack.h: Removed.
* runtime/MarkStackPosix.cpp: Removed.
* runtime/MarkStackSymbian.cpp: Removed.
* runtime/MarkStackWin.cpp: Removed.
* runtime/MarkedBlock.cpp: Removed.
* runtime/MarkedBlock.h: Removed.
* runtime/MarkedSpace.cpp: Removed.
* runtime/MarkedSpace.h: Removed.
2011-04-11 Gavin Barraclough <barraclough@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-04-09 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 58198 - Clean up JSValue implementation for JSVALUE64
Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64
JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64,
which should not have been here. JSImmediate mostly contained uncalled methods,
along with the internal implementation of the JSValue constructors split unnecessarily
across a number of layers of function calls. These could largely be merged back
together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified.
The .cpp files were empty.
Moving all these methods into JSValue.h seems to be a repro measurable regression, so
I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag
values as static const members of JSValue also measures as a repro regression, so I
have made these #defines.
* Android.mk:
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
- Removed JSImmediate.h, JSNumberCell.h.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitLoad):
- Removed class JSImmediate.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
- Removed class JSImmediate.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Removed class JSImmediate.
* jit/JITArithmetic.cpp:
(JSC::JIT::compileBinaryArithOpSlowCase):
- Removed class JSImmediate.
* jit/JITInlineMethods.h:
(JSC::JIT::emitJumpIfJSCell):
(JSC::JIT::emitJumpIfNotJSCell):
(JSC::JIT::emitJumpIfImmediateInteger):
(JSC::JIT::emitJumpIfNotImmediateInteger):
(JSC::JIT::emitFastArithDeTagImmediate):
(JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
(JSC::JIT::emitFastArithReTagImmediate):
(JSC::JIT::emitTagAsBoolImmediate):
- Removed class JSImmediate.
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emitSlow_op_not):
- Removed class JSImmediate.
* jit/JSInterfaceJIT.h:
- Removed class JSImmediate.
* runtime/JSCell.h:
- Removed JSImmediate.h, JSNumberCell.h.
* runtime/JSImmediate.cpp: Removed.
* runtime/JSImmediate.h: Removed.
* runtime/JSNumberCell.cpp: Removed.
* runtime/JSNumberCell.h: Removed.
- Removed.
* runtime/JSObject.h:
- Removed JSImmediate.h, JSNumberCell.h.
* runtime/JSString.h:
- Removed JSImmediate.h, JSNumberCell.h.
* runtime/JSValue.h:
- Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64.
* runtime/JSValueInlineMethods.h: Added.
(JSC::JSValue::toInt32):
(JSC::JSValue::toUInt32):
(JSC::JSValue::isUInt32):
(JSC::JSValue::asUInt32):
(JSC::JSValue::uncheckedGetNumber):
(JSC::JSValue::toJSNumber):
(JSC::jsNaN):
(JSC::JSValue::getNumber):
(JSC::JSValue::getBoolean):
(JSC::JSValue::JSValue):
(JSC::JSValue::encode):
(JSC::JSValue::decode):
(JSC::JSValue::operator bool):
(JSC::JSValue::operator==):
(JSC::JSValue::operator!=):
(JSC::JSValue::isUndefined):
(JSC::JSValue::isNull):
(JSC::JSValue::isUndefinedOrNull):
(JSC::JSValue::isCell):
(JSC::JSValue::isInt32):
(JSC::JSValue::isDouble):
(JSC::JSValue::isTrue):
(JSC::JSValue::isFalse):
(JSC::JSValue::tag):
(JSC::JSValue::payload):
(JSC::JSValue::asInt32):
(JSC::JSValue::asDouble):
(JSC::JSValue::asCell):
(JSC::JSValue::isNumber):
(JSC::JSValue::isBoolean):
(JSC::JSValue::makeImmediate):
(JSC::JSValue::immediateValue):
(JSC::reinterpretDoubleToIntptr):
(JSC::reinterpretIntptrToDouble):
- Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h.
* runtime/Operations.h:
- Removed JSImmediate.h, JSNumberCell.h.
* wtf/StdLibExtras.h:
- Export bitwise_cast.
2011-04-11 Thouraya ANDOLSI <thouraya.andolsi@st.com>
Reviewed by Oliver Hunt.
SH4 JIT SUPPORT.
https://bugs.webkit.org/show_bug.cgi?id=44329
Add JIT remaining part for SH4 platforms.
* assembler/MacroAssemblerSH4.h:
* jit/JIT.h:
* jit/JITInlineMethods.h:
* jit/JITOpcodes32_64.cpp:
* jit/JITPropertyAccess32_64.cpp:
* jit/JITStubs.cpp:
* jit/JITStubs.h:
* jit/JSInterfaceJIT.h:
2011-04-10 Geoffrey Garen <ggaren@apple.com>
Rubber-stamped by Beth Dakin.
Moved Heap.h and Heap.cpp to the heap folder, because anything less
would be uncivilized.
* Android.mk:
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp: Copied from JavaScriptCore/runtime/Heap.cpp.
* heap/Heap.h: Copied from JavaScriptCore/runtime/Heap.h.
* runtime/Heap.cpp: Removed.
* runtime/Heap.h: Removed.
2011-04-10 Patrick Gansterer <paroga@webkit.org>
Reviewed by Darin Adler.
Remove duplicated code from AtomicString::fromUTF8()
https://bugs.webkit.org/show_bug.cgi?id=53711
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* wtf/text/AtomicString.cpp:
(WTF::AtomicString::fromUTF8Internal):
* wtf/text/AtomicString.h:
(WTF::AtomicString::fromUTF8):
* wtf/unicode/UTF8.cpp:
(WTF::Unicode::calculateStringHashAndLengthFromUTF8):
* wtf/unicode/UTF8.h:
2011-04-10 Maciej Stachowiak <mjs@apple.com>
Not reviewed.
Fix build (at least on Lion) by adding some newish header files to
PrivateHeaders.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-04-09 Geoffrey Garen <ggaren@apple.com>
Not reviewed.
Try recommitting some things svn left out of its last commit.
* heap/Handle.h:
(JSC::HandleBase::operator!):
(JSC::HandleBase::HandleBase):
(JSC::HandleBase::slot):
(JSC::HandleBase::setSlot):
(JSC::Handle::Handle):
* heap/HandleHeap.cpp:
(JSC::HandleHeap::markWeakHandles):
(JSC::HandleHeap::finalizeWeakHandles):
(JSC::HandleHeap::isValidWeakNode):
* heap/HandleHeap.h:
(JSC::HandleHeap::globalData):
2011-04-08 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
A few heap-related renames and file moves.
WeakGCPtr<T> => Weak<T>
Global<T> => Strong<T>
collector/ => heap/
collector/* => heap/*
runtime/WeakGCPtr.h => heap/Weak.h
(Eventually, even more files should move into the heap directory. Like
Heap.h and Heap.cpp, for example.)
* API/JSClassRef.h:
* CMakeLists.txt:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pri:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
* JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/SamplingTool.h:
* bytecompiler/BytecodeGenerator.h:
* collector: Removed.
* collector/handles: Removed.
* collector/handles/Global.h: Removed.
* collector/handles/Handle.h: Removed.
* collector/handles/HandleHeap.cpp: Removed.
* collector/handles/HandleHeap.h: Removed.
* collector/handles/HandleStack.cpp: Removed.
* collector/handles/HandleStack.h: Removed.
* collector/handles/Local.h: Removed.
* collector/handles/LocalScope.h: Removed.
* heap: Copied from collector.
* heap/Handle.h: Copied from collector/handles/Handle.h.
* heap/HandleHeap.cpp: Copied from collector/handles/HandleHeap.cpp.
* heap/HandleHeap.h: Copied from collector/handles/HandleHeap.h.
* heap/HandleStack.cpp: Copied from collector/handles/HandleStack.cpp.
* heap/HandleStack.h: Copied from collector/handles/HandleStack.h.
* heap/Local.h: Copied from collector/handles/Local.h.
* heap/LocalScope.h: Copied from collector/handles/LocalScope.h.
* heap/Strong.h: Copied from collector/handles/Global.h.
(JSC::Strong::Strong):
(JSC::Strong::~Strong):
(JSC::Strong::operator=):
* heap/Weak.h: Copied from runtime/WeakGCPtr.h.
(JSC::Weak::Weak):
(JSC::Weak::~Weak):
* heap/handles: Removed.
* interpreter/RegisterFile.h:
* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/JITStubs.h:
* runtime/Structure.h:
* runtime/WeakGCPtr.h: Removed.
2011-04-08 Alpha Lam <hclam@chromium.org>
Unreviewed, rolling out r83335.
http://trac.webkit.org/changeset/83335
https://bugs.webkit.org/show_bug.cgi?id=53556
GTK and QT bots are broken
* Configurations/FeatureDefines.xcconfig:
2011-04-08 Gavin Barraclough <barraclough@apple.com>
Ooops, typo, build fix.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parse):
2011-04-08 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 58154 - Add support for comparison operators to the DFG JIT.
Add support for <, <=, ==, ===, and also !. Add support for all corresponding
bytecode ops, including the not- and -null forms. Initially add functionally
correct support, we'll revisit the performance.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::constantNull):
(JSC::DFG::ByteCodeParser::parse):
- Add support for parsing of bytecode opcodes,
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::callOperation):
- Add new operation call types, return bool values.
* dfg/DFGNode.h:
- Add new node types.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
- Add code generation for new nodes.
* dfg/DFGOperations.cpp:
(JSC::DFG::operationCompareLess):
(JSC::DFG::operationCompareLessEq):
(JSC::DFG::operationCompareEq):
(JSC::DFG::operationCompareStrictEq):
(JSC::DFG::dfgConvertJSValueToBoolean):
* dfg/DFGOperations.h:
- Add operation callbacks to implement new ops.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- Add code generation for new nodes.
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
- Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompilePatchGetArrayLength):
- Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
* runtime/JSImmediate.h:
- Make tag values public, rather than relying on a friend - this matches JSVALUE32_64.
2011-04-07 Anna Cavender <annacc@chromium.org>
Reviewed by Eric Carlson.
Setup ENABLE(TRACK) feature define
https://bugs.webkit.org/show_bug.cgi?id=53556
* Configurations/FeatureDefines.xcconfig:
2011-04-07 Balazs Kelemen <kbalazs@webkit.org>
Reviewed by Kenneth Rohde Christiansen.
[WK2][Qt][GTK] Introduce common use flag for the shared UNIX domain socket IPC implementation
https://bugs.webkit.org/show_bug.cgi?id=58030
* wtf/Platform.h: Introduce USE(UNIX_DOMAIN_SOCKETS) for WebKit2.
2011-04-08 Adam Roben <aroben@apple.com>
Clean build fix
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Don't try to delete directories that
don't exist. Also switched from del /s to rmdir /s, which has the benefit of deleting the
directory itself in addition to the files it contains.
2011-04-07 Geoffrey Garen <ggaren@apple.com>
Reviewed by Maciej Stachowiak.
Some Handle<T> cleanup
https://bugs.webkit.org/show_bug.cgi?id=58109
* bytecode/SamplingTool.h: Sorted alphabetically because that's the
WebKit style. Added a Global.h #include that was previously missing
but harmless.
* collector/handles/Global.h:
(JSC::Global::Global): Added a null constructor. No need for a special
tag, and the tag is incompatible with some data structures.
(JSC::Global::isHashTableDeletedValue):
(JSC::Global::~Global):
(JSC::Global::set):
(JSC::Global::operator=):
(JSC::Global::clear):
(JSC::Global::hashTableDeletedValue): Reordered constructors to be near
each other.
(JSC::Global::setWithWriteBarrier): Renamed internalSet to
setWithWriteBarrier for clarity, and funneled more code into using set
and setWithWriteBarrier to reduce duplication.
* collector/handles/Handle.h:
(JSC::HandleBase::operator!):
(JSC::HandleBase::HandleBase): Removed isEmpty(), since we already have
boolean and ! operators.
(JSC::HandleBase::slot):
(JSC::HandleBase::setSlot):
(JSC::Handle::Handle): Added general support for null Handles. This was
previously outlawed by ASSERTs, but our code has grown to support and
rely on null Handles.
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::markWeakHandles):
(JSC::HandleHeap::finalizeWeakHandles):
(JSC::HandleHeap::isValidWeakNode): Migrated from isValidWeakHandle,
and beefed this up a bit.
* collector/handles/HandleHeap.h:
(JSC::HandleHeap::globalData): Added accessor, used by some new set functions.
* collector/handles/Local.h: Moved hash traits to the bottom of the file,
since this file is about the Local class, not the traits.
(JSC::::Local): Updated for removal of invalidate().
(JSC::::operator): Deployed "using" to avoid a lot of this->
template funny business.
(JSC::::setWithSlotCheck): Renamed from internalSet, more specific now.
* interpreter/RegisterFile.h:
(JSC::RegisterFile::RegisterFile): Updated to use null constructor.
* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub):
* runtime/JSPropertyNameIterator.h:
(JSC::Structure::setEnumerationCache):
* runtime/Structure.h: Removed clearEnumerationCache
because it was an unused holdover from when the enumeration cache was
not a handle.
* runtime/WeakGCMap.h:
(JSC::WeakGCMap::set): Finish initializing our handle before putting it
in the table. This seemed more logical, and at one point was required
to avoid triggering an ASSERT.
* runtime/WeakGCPtr.h: Inherit from Handle instead of rolling our own
handle-like behavior, to avoid duplication.
(JSC::WeakGCPtr::WeakGCPtr):
(JSC::WeakGCPtr::~WeakGCPtr):
(JSC::WeakGCPtr::get):
(JSC::WeakGCPtr::clear):
(JSC::WeakGCPtr::set):
(JSC::WeakGCPtr::setWithWriteBarrier): Removed duplicate code and
standardized on Handle idioms.
2011-04-07 Adam Barth <abarth@webkit.org>
Reviewed by Martin Robinson.
Refactor Gtk build system to separate list of files
https://bugs.webkit.org/show_bug.cgi?id=58090
This is the first step towards generating part of the GTK build system
using GYP. In the first iteration, our plan is to just generate the
list of files. This patch is the first step, which is to separate out
the part of JavaScriptCore build system that we intend to generate from
the rest of the build system.
* GNUmakefile.am:
* GNUmakefile.list.am: Added.
2011-04-07 Zoltan Herczeg <zherczeg@webkit.org>
Reviewed by Gavin Barraclough.
Mapping booleans the same way as integers
https://bugs.webkit.org/show_bug.cgi?id=56913
Instead of having a seperate tag field for booleans,
the logical values are stored in the payload field
(for JSValue32_64 representation).
1.007x speedup on SunSpider.
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitStoreBool):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emitSlow_op_jfalse):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emitSlow_op_jtrue):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_eq):
(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::emit_op_neq):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
* jit/JSInterfaceJIT.h:
* runtime/JSValue.h:
(JSC::JSValue::JSValue):
(JSC::JSValue::isTrue):
(JSC::JSValue::isFalse):
(JSC::JSValue::getBoolean):
2011-04-07 Eric Seidel <eric@webkit.org>
Reviewed by Adam Barth.
Add stub support for generating Gtk build system from gyp
https://bugs.webkit.org/show_bug.cgi?id=58086
This does not produce a buildable JavaScriptCore, but it
does allow running gyp/configure --port=gtk and having
it generate a gtk.Makefile which we can use for testing
the rest of the plumbing.
* gyp/gtk.gyp: Added.
2011-04-07 Andrew Scherkus <scherkus@chromium.org>
Revert ENABLE_TRACK patch due to compile failures.
* Configurations/FeatureDefines.xcconfig:
2011-04-07 Adam Barth <abarth@webkit.org>
Fix whitespace in GNUmakefile.am.
* GNUmakefile.am:
2011-04-07 Gavin Barraclough <barraclough@apple.com>
Fix a couple of typos in comments that Darin spotted.
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_not):
* runtime/JSImmediate.h:
2011-04-06 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoff Garen.
Bug 58057 - Store boolean payload in low bit of JSImmediate
And remove some uncalled functions from JSImmediate.h
* jit/JITInlineMethods.h:
(JSC::JIT::emitTagAsBoolImmediate):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_not):
* runtime/JSImmediate.h:
(JSC::JSImmediate::makeInt):
(JSC::JSImmediate::makeBool):
(JSC::JSImmediate::intValue):
(JSC::JSImmediate::boolValue):
(JSC::JSImmediate::asInt32):
(JSC::JSImmediate::toDouble):
(JSC::JSValue::asInt32):
(JSC::JSValue::isUInt32):
(JSC::JSValue::asUInt32):
2011-04-07 Liang Qi <liang.qi@nokia.com>
Reviewed by Laszlo Gombos.
[Qt][Symbian] Enable webkit build with GCCE on Symbian.
https://bugs.webkit.org/show_bug.cgi?id=57841
* wtf/MathExtras.h: GCCE compiler doesn't support those std static functions.
2011-04-06 Dai Mikurube <dmikurube@chromium.org>
Reviewed by David Levin.
Add QUOTA build flag for unified quota API
https://bugs.webkit.org/show_bug.cgi?id=57918
* Configurations/FeatureDefines.xcconfig: Added QUOTA build flag
2011-04-06 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Darin Adler.
Make sure JS_EXPORT_PRIVATE is an empty define when we aren't using the export macros.
https://bugs.webkit.org/show_bug.cgi?id=27551
* config.h:
2011-04-06 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Stop JSObject::isUsingInlineStorage() from using the structure
https://bugs.webkit.org/show_bug.cgi?id=57986
Make the isUsingInlineStorage() implementation just look at
whether the property storage is inside the object.
* runtime/JSObject.h:
(JSC::JSObject::isUsingInlineStorage):
(JSC::JSObject::JSObject):
2011-04-06 Gavin Barraclough <barraclough@apple.com>
Rubber stamped by Geoff Garen.
Update comments documenting JSVALUE64/JSVALUE32_64 JSValue representations.
* runtime/JSImmediate.h:
* runtime/JSValue.h:
2011-04-06 Lucas De Marchi <lucas.demarchi@profusion.mobi>
cmake: Fix build for ARMv7
* CMakeLists.txt: add missing file.
2011-04-06 Liang Qi <liang.qi@nokia.com>
Reviewed by Benjamin Poulain.
Correct a include file name.
https://bugs.webkit.org/show_bug.cgi?id=57839
* wtf/PageAllocatorSymbian.h: It should be case sensitive. This fix
builds on Unix hosts.
2011-04-06 Adam Roben <aroben@apple.com>
Build fix after r83056
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Added property svn:executable.
2011-04-06 Adam Roben <aroben@apple.com>
Move JavaScriptCoreGenerated's file-copying logic out to a new script
Hopefully this will make it easier to modify this logic in the future. I also made the
script much quieter than the old logic, since it didn't seem helpful to see long lists of
filenames during the copying phase.
If we like this new style, we could copy it for our other projects.
Fixes <http://webkit.org/b/57950> JavaScriptCoreGenerated's file-copying logic is hard to
modify and noisy
Reviewed by Steve Falkenburg.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Moved logic to copy
files from here...
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: ...to here. (Added.)
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added copy-files.cmd
for convenience.
2011-04-05 Geoffrey Garen <ggaren@apple.com>
Try to fix the Windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Who likes export files? I do!
2011-04-05 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Introduced the concept of opaque roots, in preparation for marking the DOM with them
https://bugs.webkit.org/show_bug.cgi?id=57903
* JavaScriptCore.exp: Who likes export files? I do!
* collector/handles/HandleHeap.cpp:
(JSC::isValidWeakHandle): Factored out a helper function for ASSERTs.
(JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid
weak linkage problems.
(JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback.
Currently unused.
(JSC::WeakHandleOwner::finalize): Switched from pure virtual to a
default empty implementation, since not all clients necessarily want
or need non-trivial finalizers.
(JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two
passes. The first pass marks all reachable weak handles. The second pass
finalizes all unreachable weak handles. This must be two passes because
we don't know the set of finalizable weak handles until we're done
marking all weak handles.
(JSC::HandleHeap::finalizeWeakHandles): Use new helper function.
* collector/handles/HandleHeap.h: Ditto.
* runtime/Heap.cpp:
(JSC::Heap::destroy):
(JSC::Heap::markRoots):
(JSC::Heap::reset): Split out handle marking from handle finalization.
* runtime/MarkStack.cpp:
(JSC::MarkStack::reset):
* runtime/MarkStack.h:
(JSC::MarkStack::addOpaqueRoot):
(JSC::MarkStack::containsOpaqueRoot):
(JSC::MarkStack::opaqueRootCount):
(JSC::HeapRootMarker::markStack): New helper functions for managing the
set of opaque roots.
* runtime/WeakGCMap.h:
(JSC::WeakGCMap::finalize): Renamed to match parent class declaration.
2011-04-05 Balazs Kelemen <kbalazs@webkit.org>
Reviewed by Darin Adler.
Build fix for YarrParser.h
https://bugs.webkit.org/show_bug.cgi?id=57822
* yarr/YarrParser.h:
(JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
2011-04-05 Steve Falkenburg <sfalken@apple.com>
Follow-up Windows build fix.
Don't skip react-to-vsprops-changes.py for all production builds,
only those initiated via JavaScriptCore.make.
* JavaScriptCore.vcproj/JavaScriptCore.make:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
2011-04-05 Oliver Hunt <oliver@apple.com>
Reviewed by Darin Adler.
REGRESSION (r82849): 85,000+ JSC-related leaks seen on SnowLeopard Intel Leaks
https://bugs.webkit.org/show_bug.cgi?id=57857
Whoops, accidentally removed a deref().
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
2011-04-05 Steve Falkenburg <sfalken@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add per-configuration vsprops files.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed inheritance from common.vsprops.
Set production environment variable before calling make.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Added.
2011-04-05 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make caches window show more info about non-jsobject GC values
https://bugs.webkit.org/show_bug.cgi?id=57874
Add ClassInfo to the various internal JS types that currently
don't have any, and make the text for caches window show the
classname for non-JSObject instances.
* runtime/Executable.cpp:
* runtime/Executable.h:
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):
(JSC::NativeExecutable::NativeExecutable):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/Heap.cpp:
(JSC::TypeCounter::typeName):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/ScopeChain.cpp:
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::createStructure):
* runtime/StructureChain.cpp:
* runtime/StructureChain.h:
(JSC::StructureChain::createStructure):
2011-04-05 Nikolas Zimmermann <nzimmermann@rim.com>
Reviewed by Andreas Kling.
Cleanup StringConcatenate
https://bugs.webkit.org/show_bug.cgi?id=57836
Don't use PassRefPtr in local variables, properly store in RefPtrs and release on return.
Add a makeString() variant taking 9 arguments, needed by a follow-up patch.
* wtf/text/StringConcatenate.h:
(WTF::tryMakeString):
(WTF::makeString):
2011-04-04 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r82876.
http://trac.webkit.org/changeset/82876
https://bugs.webkit.org/show_bug.cgi?id=57816
Caused a lot of test crashes (Requested by tkent on #webkit).
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* wtf/FastMalloc.cpp:
(WTF::tryFastMalloc):
(WTF::fastMalloc):
(WTF::tryFastCalloc):
(WTF::fastCalloc):
(WTF::fastFree):
(WTF::tryFastRealloc):
(WTF::fastRealloc):
(WTF::fastMallocSize):
(WTF::TCMalloc_PageHeap::isScavengerSuspended):
(WTF::TCMalloc_PageHeap::scheduleScavenger):
(WTF::TCMalloc_PageHeap::suspendScavenger):
(WTF::TCMalloc_PageHeap::signalScavenger):
(WTF::TCMallocStats::malloc):
(WTF::TCMallocStats::free):
(WTF::TCMallocStats::fastCalloc):
(WTF::TCMallocStats::tryFastCalloc):
(WTF::TCMallocStats::calloc):
(WTF::TCMallocStats::fastRealloc):
(WTF::TCMallocStats::tryFastRealloc):
(WTF::TCMallocStats::realloc):
(WTF::TCMallocStats::fastMallocSize):
* wtf/FastMalloc.h:
(WTF::Internal::fastMallocMatchValidationType):
(WTF::Internal::fastMallocMatchValidationValue):
(WTF::Internal::setFastMallocMatchValidationType):
(WTF::fastMallocMatchValidateFree):
* wtf/Platform.h:
2011-04-04 Oliver Hunt <oliver@apple.com>
Reviewed by Antti Koivisto.
Stop JSCell.h from including Structure.h
https://bugs.webkit.org/show_bug.cgi?id=57809
* runtime/GetterSetter.h:
* runtime/JSAPIValueWrapper.h:
* runtime/JSCell.h:
(JSC::JSCell::JSValue::toThisObject):
* runtime/JSString.h:
* runtime/ScopeChain.h:
* runtime/Structure.h:
(JSC::JSCell::isObject):
(JSC::JSCell::isString):
(JSC::JSCell::classInfo):
(JSC::JSCell::createDummyStructure):
(JSC::JSValue::needsThisConversion):
(JSC::MarkStack::internalAppend):
* runtime/StructureChain.h:
2011-04-04 Oliver Hunt <oliver@apple.com>
Fix clang build.
* wtf/FastMalloc.cpp:
(WTF::fastMalloc):
(WTF::fastCalloc):
(WTF::fastRealloc):
2011-04-04 Oliver Hunt <oliver@apple.com>
Remove accidental change to Platform.h
* wtf/Platform.h:
2011-04-04 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Fixed a weak-handle-related leak in RegisterFile
https://bugs.webkit.org/show_bug.cgi?id=57793
* interpreter/RegisterFile.cpp: Nixed leaky GlobalObjectNotifier.
* interpreter/RegisterFile.h:
(JSC::RegisterFile::GlobalObjectOwner::finalize):
(JSC::RegisterFile::RegisterFile): Replaced GlobalObjectNotifier with
a per-RegisterFile weak handle owner, which does not leak.
* runtime/WeakGCPtr.h:
(JSC::WeakGCPtr::set): Allow set() to take a context argument, since
RegisterFile now needs this. (Seems like it was an accidental omission
all along.)
2011-04-04 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make malloc validation useful
https://bugs.webkit.org/show_bug.cgi?id=57502
This patch changes FAST_MALLOC_MATCH_VALIDATION with a general
corruption check that tags the beginning and end of all allocations
to check for write overflows and overwrites the contents of
memory on free in order to (hopefully) show up use-after-free issues
sooner.
We also turn it on by default for debug builds.
* JavaScriptCore.exp:
* wtf/FastMalloc.cpp:
(WTF::tryFastMalloc):
(WTF::fastMalloc):
(WTF::tryFastCalloc):
(WTF::fastCalloc):
(WTF::fastFree):
(WTF::tryFastRealloc):
(WTF::fastRealloc):
(WTF::TCMalloc_PageHeap::isScavengerSuspended):
(WTF::TCMalloc_PageHeap::scheduleScavenger):
(WTF::TCMalloc_PageHeap::suspendScavenger):
(WTF::TCMalloc_PageHeap::signalScavenger):
(WTF::TCMallocStats::malloc):
(WTF::TCMallocStats::free):
(WTF::TCMallocStats::fastCalloc):
(WTF::TCMallocStats::tryFastCalloc):
(WTF::TCMallocStats::calloc):
(WTF::TCMallocStats::fastRealloc):
(WTF::TCMallocStats::tryFastRealloc):
(WTF::TCMallocStats::realloc):
* wtf/FastMalloc.h:
(WTF::Internal::fastMallocValidationHeader):
(WTF::Internal::fastMallocValidationSuffix):
(WTF::Internal::fastMallocMatchValidationType):
(WTF::Internal::setFastMallocMatchValidationType):
(WTF::fastMallocMatchValidateFree):
(WTF::fastMallocValidate):
* wtf/Platform.h:
2011-04-04 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Renamed clearWeakPointers => updateWeakHandles and removed misleading comment
https://bugs.webkit.org/show_bug.cgi?id=57790
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::updateWeakHandles): Updated for rename.
* collector/handles/HandleHeap.h: Removed comment claiming that this
function should only be called during teardown, because it's actually
called after every GC pass.
* runtime/Heap.cpp:
(JSC::Heap::destroy):
(JSC::Heap::markRoots): Updated for rename.
2011-04-04 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Standardized handling of handles for immediate values
https://bugs.webkit.org/show_bug.cgi?id=57788
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::clearWeakPointers): Don't check for null or non-cell
values here, because our write barrier guarantees that such values are
not in the weak list.
(JSC::HandleHeap::writeBarrier): Standardized on checking for null before
checking for cell, and on using early return instead of if/else.
* collector/handles/HandleHeap.h:
(JSC::HandleHeap::deallocate):
(JSC::HandleHeap::makeWeak): Ditto.
2011-04-04 Geoffrey Garen <ggaren@apple.com>
Not reviewed.
Removed a redundant variable from HandleHeap
https://bugs.webkit.org/show_bug.cgi?id=57786
Forgot to commit the file that actually removes the data member!
* collector/handles/HandleHeap.h:
2011-04-04 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed a redundant variable from HandleHeap
https://bugs.webkit.org/show_bug.cgi?id=57786
We don't need a specific variable to indicate that we're in the middle
of the finalization phase, since m_nextToFinalize already does this.
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::HandleHeap):
(JSC::HandleHeap::clearWeakPointers):
(JSC::HandleHeap::writeBarrier):
2011-04-04 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Renamed Finalizer => WeakHandleOwner (in preparation for adding a reachability callback)
https://bugs.webkit.org/show_bug.cgi?id=57775
Also renamed noFinalizer => emptyWeakOwner, since this is really an
optimization for a weak owner with empty callbacks.
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::clearWeakPointers): Updated for renames. Removed
redundant initialization of m_nextToFinalize. Moved deletion check inside
weak owner check, since the weak owner can't delete the node if there is
no weak owner!
* collector/handles/HandleHeap.h:
(JSC::WeakHandleOwner::~WeakHandleOwner):
(JSC::HandleHeap::makeWeak): Updated for renames.
(JSC::HandleHeap::hasWeakOwner): Changed getFinalizer to hasWeakOwner,
to clarify this function's role in assertions.
(JSC::HandleHeap::Node::Node):
(JSC::HandleHeap::Node::makeWeak):
(JSC::HandleHeap::Node::isWeak):
(JSC::HandleHeap::Node::weakOwner):
(JSC::HandleHeap::Node::weakOwnerContext):
(JSC::HandleHeap::Node::emptyWeakOwner):
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::globalObjectCollectedNotifier):
* interpreter/RegisterFile.h:
* runtime/WeakGCMap.h:
* runtime/WeakGCPtr.h:
(JSC::WeakGCPtr::WeakGCPtr):
(JSC::WeakGCPtr::set): Updated for renames.
2011-04-04 Oliver Hunt <oliver@apple.com>
Fix WinCE build.
* bytecode/Instruction.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::tryCachePutByID):
(JSC::Interpreter::tryCacheGetByID):
2011-04-04 Adam Roben <aroben@apple.com>
Delete mt.dep files when doing a clean build due to .vsprops file changes
Apparently this is yet another file that Visual Studio can't figure out it needs to rebuild.
Fixes <http://webkit.org/b/57777> r82850 failed to build on Windows Debug (Build)
Reviewed by Brian Weinstein.
* JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
(main): Added dep to the list of extensions we look for when choosing files to delete.
2011-04-01 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make StructureChain GC allocated
https://bugs.webkit.org/show_bug.cgi?id=56695
Make StructureChain GC allocated, and make the various owners
mark it correctly.
* JavaScriptCore.exp:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::derefStructures):
(JSC::CodeBlock::refStructures):
(JSC::CodeBlock::markAggregate):
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
(JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
(JSC::PolymorphicAccessStructureList::derefStructures):
(JSC::PolymorphicAccessStructureList::markAggregate):
(JSC::Instruction::Instruction):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::markAggregate):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::initGetByIdChain):
(JSC::StructureStubInfo::initPutByIdTransition):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
(JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
* collector/handles/Handle.h:
(JSC::HandleConverter::operator->):
(JSC::HandleConverter::operator*):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_jneq_ptr):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_jneq_ptr):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITStubs.cpp:
(JSC::JITThunks::tryCachePutByID):
(JSC::JITThunks::tryCacheGetByID):
(JSC::getPolymorphicAccessStructureListSlot):
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSCell.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::markIfNeeded):
* runtime/JSGlobalObject.h:
(JSC::Structure::prototypeChain):
* runtime/JSObject.h:
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::markChildrenDirect):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::create):
(JSC::JSPropertyNameIterator::get):
(JSC::JSPropertyNameIterator::markChildren):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::setCachedPrototypeChain):
* runtime/JSZombie.cpp:
(JSC::JSZombie::leakedZombieStructure):
* runtime/JSZombie.h:
* runtime/MarkStack.h:
(JSC::MarkStack::append):
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::sweep):
* runtime/Structure.cpp:
(JSC::Structure::addPropertyTransition):
* runtime/Structure.h:
(JSC::Structure::markAggregate):
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
(JSC::StructureChain::~StructureChain):
(JSC::StructureChain::markChildren):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
(JSC::StructureChain::createStructure):
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
2011-04-01 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed some complexity from HandleHeap
https://bugs.webkit.org/show_bug.cgi?id=57650
Eliminated pointer-tagging flags.
Tied being weak to having a finalizer (or at least a finalizer sentinel).
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::clearWeakPointers): Removed the special self-destroying
flag. It was unused. If we bring it back, we'll probably use a shared
autodeallocating finalizer instead.
* collector/handles/HandleHeap.h:
(JSC::HandleHeap::makeWeak): makeWeak and adding a finalizer are now
a single, atomic operation -- this makes the relationship between
finalizers and weak pointers clearer, and impossible to get wrong.
(JSC::HandleHeap::Node::Node):
(JSC::HandleHeap::Node::handleHeap): No more flags.
(JSC::HandleHeap::Node::makeWeak):
(JSC::HandleHeap::Node::isWeak): Ditto above. We use a special sentienl
value in the finalizer slot to indicate that a handle is weak but doesn't
require an external function call for finalization.
2011-04-01 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed WeakGCMap::deprecatedRemove because it was deprecated and unused
https://bugs.webkit.org/show_bug.cgi?id=57648
* runtime/WeakGCMap.h:
2011-04-01 Adam Roben <aroben@apple.com>
Maintain the invariant that Lexer::m_current is set to -1 when at the end of the code buffer
Covered by existing tests.
Fixes <http://webkit.org/b/56699>.
Reviewed by Oliver Hunt.
* parser/Lexer.h:
(JSC::Lexer::setOffset): Copied code from Lexer::shift to update m_current, because
supposedly the idiom that function uses is fast.
2011-03-31 Thouraya ANDOLSI <thouraya.andolsi@st.com>
Reviewed by Oliver Hunt.
SH4 JIT SUPPORT.
https://bugs.webkit.org/show_bug.cgi?id=44329
Add YARR support for SH4 platforms (disabled by default).
* GNUmakefile.am:
* assembler/MacroAssembler.h:
* assembler/MacroAssemblerSH4.cpp: Added.
* assembler/MacroAssemblerSH4.h: Added.
* assembler/SH4Assembler.h: Added.
* yarr/YarrJIT.cpp:
2011-03-30 Adam Roben <aroben@apple.com>
Clean build fix
* JavaScriptCore.vcproj/JavaScriptCore.sln: Serialized project dependencies so projects
don't try to build in parallel (which doesn't mesh with our buildfailed mechanism).
2011-03-30 Oliver Hunt <oliver@apple.com>
Rollout r82500
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::derefStructures):
(JSC::CodeBlock::refStructures):
(JSC::CodeBlock::markAggregate):
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
(JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
(JSC::PolymorphicAccessStructureList::derefStructures):
(JSC::Instruction::Instruction):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::initGetByIdChain):
(JSC::StructureStubInfo::initPutByIdTransition):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
(JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_jneq_ptr):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_jneq_ptr):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITStubs.cpp:
(JSC::getPolymorphicAccessStructureListSlot):
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSCell.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::markIfNeeded):
* runtime/JSGlobalObject.h:
(JSC::Structure::prototypeChain):
* runtime/JSObject.h:
(JSC::JSObject::markChildrenDirect):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::create):
(JSC::JSPropertyNameIterator::get):
(JSC::JSPropertyNameIterator::markChildren):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::setCachedPrototypeChain):
* runtime/MarkStack.h:
(JSC::MarkStack::append):
* runtime/Structure.h:
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
2011-03-29 Matthew Delaney <mdelaney@apple.com>
Reviewed by Simon Fraser.
Use the Accelerate vImage vectorized (un)premultiplyImageData functions for ImageBufferCG
https://bugs.webkit.org/show_bug.cgi?id=53134
* wtf/Platform.h: Added in WTF flag for using the Accelerate framework
2011-03-30 Steve Falkenburg <sfalken@apple.com>
Reviewed by Adam Roben.
Share most vsprops between Release and Production builds in releaseproduction.vsprops
https://bugs.webkit.org/show_bug.cgi?id=57508
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
* JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
* JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
* JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
* JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
* JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
* JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
* JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
* JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
* JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
* JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
* JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
2011-03-30 Mark Rowe <mrowe@apple.com>
Reviewed by Adam Roben.
Explicitly prevent testapi and minidom from being installed rather than relying
on Xcode's current behavior of not installing if INSTALL_PATH is not explicitly
set at the target level.
<rdar://problem/9206357>
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-03-30 Timur Iskhodzhanov <timurrrr@google.com>
Reviewed by Alexey Proskuryakov.
Add some dynamic annotations to JavaScriptCore/wtf
https://bugs.webkit.org/show_bug.cgi?id=53747
By using these annotations we can improve the precision of finding
WebKit errors using dynamic analysis tools like ThreadSanitizer and Valgrind.
These annotations don't affect the compiled binaries unless USE(DYNAMIC_ANNOTATIONS) is "1".
These files don't add new functionality, so don't need extra tests.
* GNUmakefile.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/DynamicAnnotations.cpp: Added.
(WTFAnnotateBenignRaceSized):
(WTFAnnotateHappensBefore):
(WTFAnnotateHappensAfter):
* wtf/DynamicAnnotations.h: Added.
* wtf/ThreadSafeRefCounted.h:
(WTF::ThreadSafeRefCountedBase::derefBase):
* wtf/text/StringStatics.cpp:
(WTF::StringImpl::empty):
2011-03-30 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make StructureChain GC allocated
https://bugs.webkit.org/show_bug.cgi?id=56695
Make StructureChain GC allocated, and make the various owners
mark it correctly.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::derefStructures):
(JSC::CodeBlock::refStructures):
(JSC::CodeBlock::markAggregate):
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
(JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
(JSC::PolymorphicAccessStructureList::derefStructures):
(JSC::PolymorphicAccessStructureList::markAggregate):
(JSC::Instruction::Instruction):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::markAggregate):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::initGetByIdChain):
(JSC::StructureStubInfo::initPutByIdTransition):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
(JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_jneq_ptr):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_jneq_ptr):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITStubs.cpp:
(JSC::getPolymorphicAccessStructureListSlot):
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSCell.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::markIfNeeded):
* runtime/JSGlobalObject.h:
(JSC::Structure::prototypeChain):
* runtime/JSObject.h:
(JSC::JSObject::markChildrenDirect):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::create):
(JSC::JSPropertyNameIterator::get):
(JSC::JSPropertyNameIterator::markChildren):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::setCachedPrototypeChain):
* runtime/MarkStack.h:
(JSC::MarkStack::append):
* runtime/Structure.h:
(JSC::Structure::cachedPrototypeChainSlot):
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
(JSC::StructureChain::createStructure):
2011-03-30 Steve Falkenburg <sfalken@apple.com>
Reviewed by Adam Roben.
Update Windows production build logic for new production configurations
https://bugs.webkit.org/show_bug.cgi?id=57494
* JavaScriptCore.vcproj/JavaScriptCore.make:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
* JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
* JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
* JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
* JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
* JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
2011-03-30 Steve Falkenburg <sfalken@apple.com>
Reviewed by Adam Roben.
Rename Windows configuration Release_LTCG to Production for clarity
https://bugs.webkit.org/show_bug.cgi?id=57465
* JavaScriptCore.vcproj/JavaScriptCore.sln:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops.
* JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jsc.vcproj:
* JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops.
* JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Removed.
* JavaScriptCore.vcproj/testapi/testapi.vcproj:
* JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops.
* JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Removed.
2011-03-30 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
Reviewed by Maciej Stachowiak.
Add the NEXT_OPCODE() macro to the DFG-JIT parser
https://bugs.webkit.org/show_bug.cgi?id=57322
In JavaScriptCore we use macros to jump to the next opcode
(both in interpreter and JIT). This macro is added to the
DFG-JIT parser as well.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parse):
2011-03-29 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
~25% regression on v8-splay in the SunSpider harness
https://bugs.webkit.org/show_bug.cgi?id=56128
I'm not sure if this is the root cause of the regression Stephanie
measured, but it seems to get us back to previous v8-splay times.
SunSpider reports no change. v8-splay says 41% faster.
* runtime/Heap.cpp:
(JSC::Heap::reset): Make marking proportional to 1X the size of the heap,
not .5X the size of the heap. When the heap is large, this makes a big
difference. (Our old heap growth policy matched this. You can see by
looking at resizeBlocks in revisions prior to r77699.)
2011-03-29 Steve Falkenburg <sfalken@apple.com>
Reviewed by Darin Adler.
Use per-configuration vsprops in JavaScriptCore to avoid WebKitVSPropsRedirectionDir removal by MSVC IDE
https://bugs.webkit.org/show_bug.cgi?id=57350
Visual Studio's IDE was removing instances of $(WebKitVSPropsRedirectionDir) from
InheritedPropertySheet rules in our vcproj files when the vcproj was edited from within
the IDE. To avoid this, add a separate vsprops file for each project configuration that
contains the required inherited property sheets.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Added.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Added.
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Added.
* JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Added.
* JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Added.
* JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Added.
* JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Added.
* JavaScriptCore.vcproj/jsc/jsc.vcproj:
* JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Added.
* JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Added.
* JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Added.
* JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Added.
* JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Added.
* JavaScriptCore.vcproj/testapi/testapi.vcproj:
* JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Added.
* JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Added.
* JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Added.
* JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Added.
* JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Added.
2011-03-29 Oliver Hunt <oliver@apple.com>
Reviewed by Eric Seidel.
REGRESSION(r82173): Causes assertion and test failures in run-javascriptcore-tests on Windows (Requested by aroben on #webkit).
https://bugs.webkit.org/show_bug.cgi?id=57333
constructDate now takes the global object explicitly as it may be called
by functions other than the constructor itself.
* API/JSObjectRef.cpp:
(JSObjectMakeDate):
* runtime/DateConstructor.cpp:
(JSC::constructDate):
(JSC::constructWithDateConstructor):
* runtime/DateConstructor.h:
2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Benjamin Poulain.
https://bugs.webkit.org/show_bug.cgi?id=41953
Fix compile error on Solaris 10/Sun Studio 12 CC emanating from MathExtras.h
* wtf/MathExtras.h:
2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=57231
Add conditional for SUNCC supporting alignment macros
Compile fix for Solaris 10/Sun Studio 12 CC
* wtf/Vector.h:
2011-03-29 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=57256
Fix crash on misaligned reads on Solaris 10/Sparc
* wtf/text/AtomicString.cpp:
(WTF::equal):
2011-03-28 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
instanceof Array test fails when using iframes
https://bugs.webkit.org/show_bug.cgi?id=17250
This is a problem with all built in constructors, the use of
lexicalGlobalObject rather than the constructors own
global object reference means that a builtin will always use
the prototype from the lexical global object rather than that
of the constructors origin.
* API/JSObjectRef.cpp:
(JSObjectMakeFunction):
(JSObjectMakeRegExp):
* JavaScriptCore.exp:
* runtime/ArrayConstructor.cpp:
(JSC::constructArrayWithSizeQuirk):
* runtime/BooleanConstructor.cpp:
(JSC::constructBoolean):
(JSC::constructBooleanFromImmediateBoolean):
* runtime/BooleanConstructor.h:
* runtime/DateConstructor.cpp:
(JSC::constructDate):
* runtime/DateInstance.cpp:
* runtime/DateInstance.h:
* runtime/ErrorConstructor.cpp:
(JSC::constructWithErrorConstructor):
(JSC::callErrorConstructor):
* runtime/FunctionConstructor.cpp:
(JSC::constructWithFunctionConstructor):
(JSC::callFunctionConstructor):
(JSC::constructFunction):
* runtime/FunctionConstructor.h:
* runtime/JSCell.cpp:
(JSC::JSCell::getOwnPropertySlot):
(JSC::JSCell::put):
(JSC::JSCell::deleteProperty):
(JSC::JSCell::toThisObject):
(JSC::JSCell::toObject):
* runtime/JSCell.h:
(JSC::JSCell::JSValue::toObject):
* runtime/JSNotAnObject.cpp:
(JSC::JSNotAnObject::toObject):
* runtime/JSNotAnObject.h:
* runtime/JSObject.cpp:
(JSC::JSObject::toObject):
* runtime/JSObject.h:
* runtime/JSString.cpp:
(JSC::StringObject::create):
(JSC::JSString::toObject):
(JSC::JSString::toThisObject):
* runtime/JSString.h:
* runtime/JSValue.cpp:
(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::toThisObjectSlowCase):
(JSC::JSValue::synthesizeObject):
* runtime/JSValue.h:
* runtime/NumberConstructor.cpp:
(JSC::constructWithNumberConstructor):
* runtime/NumberObject.cpp:
(JSC::constructNumber):
* runtime/NumberObject.h:
* runtime/ObjectConstructor.cpp:
(JSC::constructObject):
(JSC::constructWithObjectConstructor):
(JSC::callObjectConstructor):
* runtime/RegExpConstructor.cpp:
(JSC::constructRegExp):
(JSC::constructWithRegExpConstructor):
(JSC::callRegExpConstructor):
* runtime/RegExpConstructor.h:
* runtime/StringConstructor.cpp:
(JSC::constructWithStringConstructor):
* runtime/StringObject.h:
2011-03-28 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
REGRESSION [r78794-r79249] Allocation of memory is slow when number of active objects is large
https://bugs.webkit.org/show_bug.cgi?id=56823
Partial fix for most of the problem. (TOT still shows a regression, though.)
* runtime/Heap.cpp:
(JSC::Heap::reportExtraMemoryCostSlowCase): Use highWaterMark(), instead of
capacity(), since capacity() is O(n) relative to the size of the heap.
In limited circumstances, capacity() is also worse than highWaterMark()
for measuring extra cost relative to heap size, since capacity() only
measures the *current* capacity of the heap, but the heap will grow if
necessary to attain highWaterMark().
2011-03-28 Oliver Hunt <oliver@apple.com>
REGRESSION(r82130): It made all tests crash (Requested by Ossy on #webkit).
https://bugs.webkit.org/show_bug.cgi?id=57251
Build fix, had remnant of another patch in r82130
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByIdChainList):
2011-03-27 Oliver Hunt <oliver@apple.com>
Reviewed by Maciej Stachowiak.
Add additional immediate types to allow us to distinguish the source of a JIT immediate
https://bugs.webkit.org/show_bug.cgi?id=57190
Allow us to distinguish whether a JIT immediate is a value that we
control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled
or influenced by code we are compiling. Currently we do nothing with this
information -- this change is large and mechanical but would obscure any
logic changes that we would have made.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
(JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
(JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
(JSC::AbstractMacroAssembler::Imm32::Imm32):
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::pop):
(JSC::MacroAssembler::poke):
(JSC::MacroAssembler::branchPtr):
(JSC::MacroAssembler::branch32):
(JSC::MacroAssembler::addPtr):
(JSC::MacroAssembler::andPtr):
(JSC::MacroAssembler::orPtr):
(JSC::MacroAssembler::subPtr):
(JSC::MacroAssembler::xorPtr):
(JSC::MacroAssembler::setPtr):
(JSC::MacroAssembler::storePtr):
(JSC::MacroAssembler::branchTestPtr):
(JSC::MacroAssembler::branchSubPtr):
(JSC::MacroAssembler::branchTest8):
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::add32):
(JSC::MacroAssemblerARM::and32):
(JSC::MacroAssemblerARM::lshift32):
(JSC::MacroAssemblerARM::mul32):
(JSC::MacroAssemblerARM::or32):
(JSC::MacroAssemblerARM::rshift32):
(JSC::MacroAssemblerARM::urshift32):
(JSC::MacroAssemblerARM::sub32):
(JSC::MacroAssemblerARM::xor32):
(JSC::MacroAssemblerARM::store32):
(JSC::MacroAssemblerARM::push):
(JSC::MacroAssemblerARM::move):
(JSC::MacroAssemblerARM::branch8):
(JSC::MacroAssemblerARM::branch32):
(JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerARM::branch16):
(JSC::MacroAssemblerARM::branchTest8):
(JSC::MacroAssemblerARM::branchTest32):
(JSC::MacroAssemblerARM::branchAdd32):
(JSC::MacroAssemblerARM::branchMul32):
(JSC::MacroAssemblerARM::branchSub32):
(JSC::MacroAssemblerARM::set32Compare32):
(JSC::MacroAssemblerARM::set8Compare32):
(JSC::MacroAssemblerARM::set32Test32):
(JSC::MacroAssemblerARM::set32Test8):
(JSC::MacroAssemblerARM::moveWithPatch):
(JSC::MacroAssemblerARM::branchPtrWithPatch):
(JSC::MacroAssemblerARM::storePtrWithPatch):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::add32):
(JSC::MacroAssemblerARMv7::and32):
(JSC::MacroAssemblerARMv7::lshift32):
(JSC::MacroAssemblerARMv7::mul32):
(JSC::MacroAssemblerARMv7::or32):
(JSC::MacroAssemblerARMv7::rshift32):
(JSC::MacroAssemblerARMv7::urshift32):
(JSC::MacroAssemblerARMv7::sub32):
(JSC::MacroAssemblerARMv7::xor32):
(JSC::MacroAssemblerARMv7::load32):
(JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch):
(JSC::MacroAssemblerARMv7::load16):
(JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch):
(JSC::MacroAssemblerARMv7::store32):
(JSC::MacroAssemblerARMv7::loadDouble):
(JSC::MacroAssemblerARMv7::storeDouble):
(JSC::MacroAssemblerARMv7::push):
(JSC::MacroAssemblerARMv7::move):
(JSC::MacroAssemblerARMv7::compare32):
(JSC::MacroAssemblerARMv7::test32):
(JSC::MacroAssemblerARMv7::branch32):
(JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerARMv7::branch16):
(JSC::MacroAssemblerARMv7::branch8):
(JSC::MacroAssemblerARMv7::branchTest32):
(JSC::MacroAssemblerARMv7::branchTest8):
(JSC::MacroAssemblerARMv7::branchAdd32):
(JSC::MacroAssemblerARMv7::branchMul32):
(JSC::MacroAssemblerARMv7::branchSub32):
(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::set32Compare32):
(JSC::MacroAssemblerARMv7::set8Compare32):
(JSC::MacroAssemblerARMv7::set32Test32):
(JSC::MacroAssemblerARMv7::set32Test8):
(JSC::MacroAssemblerARMv7::moveWithPatch):
(JSC::MacroAssemblerARMv7::branchPtrWithPatch):
(JSC::MacroAssemblerARMv7::storePtrWithPatch):
(JSC::MacroAssemblerARMv7::tailRecursiveCall):
(JSC::MacroAssemblerARMv7::makeJump):
(JSC::MacroAssemblerARMv7::makeBranch):
(JSC::MacroAssemblerARMv7::setupArmAddress):
(JSC::MacroAssemblerARMv7::makeBaseIndexBase):
(JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::add32):
(JSC::MacroAssemblerMIPS::and32):
(JSC::MacroAssemblerMIPS::lshift32):
(JSC::MacroAssemblerMIPS::mul32):
(JSC::MacroAssemblerMIPS::or32):
(JSC::MacroAssemblerMIPS::rshift32):
(JSC::MacroAssemblerMIPS::urshift32):
(JSC::MacroAssemblerMIPS::sub32):
(JSC::MacroAssemblerMIPS::xor32):
(JSC::MacroAssemblerMIPS::load32):
(JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch):
(JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch):
(JSC::MacroAssemblerMIPS::store32):
(JSC::MacroAssemblerMIPS::push):
(JSC::MacroAssemblerMIPS::move):
(JSC::MacroAssemblerMIPS::branch8):
(JSC::MacroAssemblerMIPS::branch32):
(JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerMIPS::branch16):
(JSC::MacroAssemblerMIPS::branchTest32):
(JSC::MacroAssemblerMIPS::branchTest8):
(JSC::MacroAssemblerMIPS::branchAdd32):
(JSC::MacroAssemblerMIPS::branchMul32):
(JSC::MacroAssemblerMIPS::branchSub32):
(JSC::MacroAssemblerMIPS::set8Compare32):
(JSC::MacroAssemblerMIPS::set32Compare32):
(JSC::MacroAssemblerMIPS::set32Test8):
(JSC::MacroAssemblerMIPS::set32Test32):
(JSC::MacroAssemblerMIPS::moveWithPatch):
(JSC::MacroAssemblerMIPS::branchPtrWithPatch):
(JSC::MacroAssemblerMIPS::storePtrWithPatch):
(JSC::MacroAssemblerMIPS::tailRecursiveCall):
(JSC::MacroAssemblerMIPS::loadDouble):
(JSC::MacroAssemblerMIPS::storeDouble):
(JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::add32):
(JSC::MacroAssemblerX86::addWithCarry32):
(JSC::MacroAssemblerX86::and32):
(JSC::MacroAssemblerX86::or32):
(JSC::MacroAssemblerX86::sub32):
(JSC::MacroAssemblerX86::store32):
(JSC::MacroAssemblerX86::branch32):
(JSC::MacroAssemblerX86::moveWithPatch):
(JSC::MacroAssemblerX86::branchPtrWithPatch):
(JSC::MacroAssemblerX86::storePtrWithPatch):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::add32):
(JSC::MacroAssemblerX86Common::and32):
(JSC::MacroAssemblerX86Common::lshift32):
(JSC::MacroAssemblerX86Common::mul32):
(JSC::MacroAssemblerX86Common::or32):
(JSC::MacroAssemblerX86Common::rshift32):
(JSC::MacroAssemblerX86Common::urshift32):
(JSC::MacroAssemblerX86Common::sub32):
(JSC::MacroAssemblerX86Common::xor32):
(JSC::MacroAssemblerX86Common::store32):
(JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
(JSC::MacroAssemblerX86Common::push):
(JSC::MacroAssemblerX86Common::move):
(JSC::MacroAssemblerX86Common::branch8):
(JSC::MacroAssemblerX86Common::branch32):
(JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerX86Common::branch16):
(JSC::MacroAssemblerX86Common::branchTest32):
(JSC::MacroAssemblerX86Common::branchTest8):
(JSC::MacroAssemblerX86Common::branchAdd32):
(JSC::MacroAssemblerX86Common::branchMul32):
(JSC::MacroAssemblerX86Common::branchSub32):
(JSC::MacroAssemblerX86Common::set8Compare32):
(JSC::MacroAssemblerX86Common::set32Compare32):
(JSC::MacroAssemblerX86Common::set32Test8):
(JSC::MacroAssemblerX86Common::set32Test32):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::add32):
(JSC::MacroAssemblerX86_64::and32):
(JSC::MacroAssemblerX86_64::or32):
(JSC::MacroAssemblerX86_64::sub32):
(JSC::MacroAssemblerX86_64::loadDouble):
(JSC::MacroAssemblerX86_64::addDouble):
(JSC::MacroAssemblerX86_64::convertInt32ToDouble):
(JSC::MacroAssemblerX86_64::store32):
(JSC::MacroAssemblerX86_64::call):
(JSC::MacroAssemblerX86_64::tailRecursiveCall):
(JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
(JSC::MacroAssemblerX86_64::addPtr):
(JSC::MacroAssemblerX86_64::andPtr):
(JSC::MacroAssemblerX86_64::orPtr):
(JSC::MacroAssemblerX86_64::subPtr):
(JSC::MacroAssemblerX86_64::xorPtr):
(JSC::MacroAssemblerX86_64::storePtr):
(JSC::MacroAssemblerX86_64::setPtr):
(JSC::MacroAssemblerX86_64::branchPtr):
(JSC::MacroAssemblerX86_64::branchTestPtr):
(JSC::MacroAssemblerX86_64::branchSubPtr):
(JSC::MacroAssemblerX86_64::moveWithPatch):
(JSC::MacroAssemblerX86_64::branchPtrWithPatch):
(JSC::MacroAssemblerX86_64::storePtrWithPatch):
(JSC::MacroAssemblerX86_64::branchTest8):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::callOperation):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jitAssertIsInt32):
(JSC::DFG::JITCompiler::emitCount):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.cpp:
(JSC::JIT::emitTimeoutCheck):
(JSC::JIT::privateCompile):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_urshift):
(JSC::JIT::emitSlow_op_urshift):
(JSC::JIT::emit_op_post_inc):
(JSC::JIT::emit_op_post_dec):
(JSC::JIT::emit_op_pre_inc):
(JSC::JIT::emit_op_pre_dec):
(JSC::JIT::emit_op_mod):
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_negate):
(JSC::JIT::emit_op_jnless):
(JSC::JIT::emit_op_jless):
(JSC::JIT::emit_op_jlesseq):
(JSC::JIT::emit_op_lshift):
(JSC::JIT::emitRightShift):
(JSC::JIT::emitRightShiftSlowCase):
(JSC::JIT::emit_op_bitand):
(JSC::JIT::emit_op_bitor):
(JSC::JIT::emit_op_bitxor):
(JSC::JIT::emit_op_bitnot):
(JSC::JIT::emit_op_post_inc):
(JSC::JIT::emit_op_post_dec):
(JSC::JIT::emitSlow_op_post_dec):
(JSC::JIT::emit_op_pre_inc):
(JSC::JIT::emit_op_pre_dec):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitAdd32Constant):
(JSC::JIT::emit_op_sub):
(JSC::JIT::emitSub32Constant):
(JSC::JIT::emitBinaryDoubleOp):
(JSC::JIT::emit_op_mul):
(JSC::JIT::emitSlow_op_mul):
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mod):
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::emit_op_ret_object_or_this):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITInlineMethods.h:
(JSC::JIT::emitPutCellToCallFrameHeader):
(JSC::JIT::emitPutIntToCallFrameHeader):
(JSC::JIT::emitPutImmediateToCallFrameHeader):
(JSC::JIT::emitLoadCharacterString):
(JSC::JIT::restoreArgumentReferenceForTrampoline):
(JSC::JIT::checkStructure):
(JSC::JIT::setSamplingFlag):
(JSC::JIT::clearSamplingFlag):
(JSC::JIT::emitCount):
(JSC::JIT::sampleInstruction):
(JSC::JIT::sampleCodeBlock):
(JSC::JIT::emitStoreInt32):
(JSC::JIT::emitStoreCell):
(JSC::JIT::emitStoreBool):
(JSC::JIT::emitJumpSlowCaseIfNotJSCell):
(JSC::JIT::emitInitRegister):
(JSC::JIT::emitJumpIfJSCell):
(JSC::JIT::emitJumpIfNotJSCell):
(JSC::JIT::emitJumpIfImmediateInteger):
(JSC::JIT::emitJumpIfNotImmediateInteger):
(JSC::JIT::emitFastArithDeTagImmediate):
(JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
(JSC::JIT::emitFastArithReTagImmediate):
(JSC::JIT::emitTagAsBoolImmediate):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_check_has_instance):
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emit_op_ret_object_or_this):
(JSC::JIT::emit_op_resolve):
(JSC::JIT::emit_op_to_primitive):
(JSC::JIT::emit_op_resolve_base):
(JSC::JIT::emit_op_ensure_property_exists):
(JSC::JIT::emit_op_resolve_skip):
(JSC::JIT::emit_op_resolve_global):
(JSC::JIT::emitSlow_op_resolve_global):
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_jsr):
(JSC::JIT::emit_op_resolve_with_base):
(JSC::JIT::emit_op_new_func_exp):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
(JSC::JIT::emit_op_to_jsnumber):
(JSC::JIT::emit_op_push_new_scope):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emit_op_init_lazy_reg):
(JSC::JIT::emit_op_convert_this):
(JSC::JIT::emit_op_convert_this_strict):
(JSC::JIT::emitSlow_op_not):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::emit_op_get_arguments_length):
(JSC::JIT::emitSlow_op_get_arguments_length):
(JSC::JIT::emit_op_get_argument_by_val):
(JSC::JIT::emitSlow_op_resolve_global_dynamic):
(JSC::JIT::emit_op_new_regexp):
(JSC::JIT::emit_op_load_varargs):
(JSC::JIT::emitSlow_op_load_varargs):
(JSC::JIT::emit_op_new_func):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_loop_if_lesseq):
(JSC::JIT::emit_op_check_has_instance):
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emit_op_get_scoped_var):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_tear_off_activation):
(JSC::JIT::emit_op_tear_off_arguments):
(JSC::JIT::emit_op_resolve):
(JSC::JIT::emit_op_to_primitive):
(JSC::JIT::emit_op_resolve_base):
(JSC::JIT::emit_op_ensure_property_exists):
(JSC::JIT::emit_op_resolve_skip):
(JSC::JIT::emit_op_resolve_global):
(JSC::JIT::emitSlow_op_resolve_global):
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_jsr):
(JSC::JIT::emit_op_eq):
(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::emit_op_neq):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emit_op_resolve_with_base):
(JSC::JIT::emit_op_new_func_exp):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
(JSC::JIT::emit_op_to_jsnumber):
(JSC::JIT::emit_op_push_new_scope):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_create_activation):
(JSC::JIT::emit_op_create_arguments):
(JSC::JIT::emit_op_convert_this):
(JSC::JIT::emit_op_convert_this_strict):
(JSC::JIT::emit_op_get_arguments_length):
(JSC::JIT::emitSlow_op_get_arguments_length):
(JSC::JIT::emit_op_get_argument_by_val):
(JSC::JIT::softModulo):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_get_by_pname):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_index):
(JSC::JIT::emit_op_put_getter):
(JSC::JIT::emit_op_put_setter):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emit_op_method_check):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::compileGetByIdSlowCase):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::testPrototype):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_getter):
(JSC::JIT::emit_op_put_setter):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emit_op_method_check):
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::compileGetByIdSlowCase):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::testPrototype):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
(JSC::JIT::emit_op_get_by_pname):
* jit/JITStubCall.h:
(JSC::JITStubCall::addArgument):
* jit/JITStubs.cpp:
(JSC::getPolymorphicAccessStructureListSlot):
(JSC::DEFINE_STUB_FUNCTION):
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
(JSC::JSInterfaceJIT::emitLoadInt32):
(JSC::JSInterfaceJIT::emitLoadDouble):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::loadJSStringArgument):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):
(JSC::SpecializedThunkJIT::tagReturnAsJSCell):
* jit/ThunkGenerators.cpp:
(JSC::charToString):
(JSC::powThunkGenerator):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::matchCharacterClass):
(JSC::Yarr::YarrGenerator::storeToFrame):
(JSC::Yarr::YarrGenerator::storeToFrameWithPatch):
(JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
(JSC::Yarr::YarrGenerator::generatePatternCharacterSingle):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
(JSC::Yarr::YarrGenerator::generateParenthesesSingle):
(JSC::Yarr::YarrGenerator::generateDisjunction):
2011-03-28 Andras Becsi <abecsi@webkit.org>
Reviewed by Csaba Osztrogonác.
[Qt] Fix the linking of jsc with MinGW after r81963.
* jsc.pro: add -l and remove the lib suffix.
2011-03-27 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Alexey Proskuryakov.
https://bugs.webkit.org/show_bug.cgi?id=57170 Fix last elements
in an enum to remove a trailing comma. Sun Studio 12 CC errors out.
Compile fix only, no actual code change.
* wtf/MessageQueue.h:
2011-03-25 Oliver Hunt <oliver@apple.com>
Reviewed by Darin Adler.
Allow defineOwnProperty to work on DOMObjects
https://bugs.webkit.org/show_bug.cgi?id=57129
Fix a couple of places where we uses getter()/setter() rather
than [gs]etterPresent().
* runtime/JSObject.cpp:
(JSC::JSObject::defineOwnProperty):
2011-03-25 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Crash when paused at a breakpoint caused by inaccurate Activation records.
https://bugs.webkit.org/show_bug.cgi?id=57120
* runtime/JSActivation.cpp:
(JSC::JSActivation::symbolTableGet):
(JSC::JSActivation::symbolTablePut):
(JSC::JSActivation::getOwnPropertyNames):
(JSC::JSActivation::symbolTablePutWithAttributes):
2011-03-24 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Crash in debugger beneath MarkStack::drain @ me.com, ibm.com
https://bugs.webkit.org/show_bug.cgi?id=57080
<rdar://problem/8525907>
The crash was caused by changes in the executable after recompilation.
The fix is for the activation to copy the data it needs instead of
relying on the data in the executable.
SunSpider and v8 report no change.
* runtime/Arguments.h:
(JSC::JSActivation::copyRegisters): Use our own data members instead of
reading data out of the executable.
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation): Initialize our data members.
(JSC::JSActivation::markChildren):
(JSC::JSActivation::symbolTableGet):
(JSC::JSActivation::symbolTablePut):
(JSC::JSActivation::getOwnPropertyNames):
(JSC::JSActivation::symbolTablePutWithAttributes):
(JSC::JSActivation::isDynamicScope):
(JSC::JSActivation::argumentsGetter): Use our own data members instead of
reading data out of the executable.
* runtime/JSActivation.h: Added new data members to track data previously
tracked by the executable. Since I've removed the executable pointer,
on a 64bit system, I've only made activations bigger by an int.
2011-03-25 David Kilzer <ddkilzer@apple.com>
Remove duplicate entry from JavaScriptCore.exp
JSC::createStackOverflowError(JSC::ExecState*) was originally
exported in r60057, then duplicated in r60392.
* JavaScriptCore.exp: Removed duplicate entry.
2011-03-25 Jarred Nicholls <jarred@sencha.com>
Reviewed by Ariya Hidayat.
[Qt] MSVC Build Error - need to link advapi32.lib for jsc.exe
https://bugs.webkit.org/show_bug.cgi?id=56098
Need to link advapi32.lib for jsc.exe since wtf/OSRandomSource.cpp uses the Win32 Crypto API
* jsc.pro:
2011-03-24 Nikolas Zimmermann <nzimmermann@rim.com>
Reviewed by Darin Adler.
Introduce WTF HexNumber.h
https://bugs.webkit.org/show_bug.cgi?id=56099
Introduce a set of functions that ease converting from a bye or a number to a hex string,
replacing several of these conversions and String::format("%x") usages all over WebCore.
* GNUmakefile.am: Add HexNumber.h to build.
* JavaScriptCore.exp: Export StringBuilder::reserveCapacity.
* JavaScriptCore.gypi: Add HexNumber.h to build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity.
* JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build.
* JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
* wtf/CMakeLists.txt: Ditto.
* wtf/HexNumber.h: Added.
(WTF::Internal::hexDigitsForMode): Internal helper.
(WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination.
(WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..'
(WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination.
2011-03-24 Geoffrey Garen <ggaren@apple.com>
Windows build fix take 2: Add new symobl.
(I should have used the EWS bots for this!)
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-03-24 Geoffrey Garen <ggaren@apple.com>
Windows build fix take 1: Removed old symobl.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-03-24 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Ensure that all compilation takes place within a dynamic global object scope
https://bugs.webkit.org/show_bug.cgi?id=57054
<rdar://problem/9083011>
Otherwise, entry to the global object scope might throw away the code
we just compiled, causing a crash.
* JavaScriptCore.exp: Updated for signature change.
* debugger/Debugger.cpp:
(JSC::evaluateInGlobalCallFrame):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls
here because (a) they took place outside a dynamic global object scope
and (b) they were redundant.
* interpreter/CachedCall.h:
(JSC::CachedCall::CachedCall): Updated for signature change.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct): Declare our dynamic global object
scope earlier, to ensure that compilation takes place within it.
* runtime/Completion.cpp:
(JSC::evaluate): Removed explicit compilation calls here because (a)
they took place outside a dynamic global object scope and (b) they were
redundant.
* runtime/Executable.h:
(JSC::EvalExecutable::compile):
(JSC::ProgramExecutable::compile):
(JSC::FunctionExecutable::compileForCall):
(JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to
verify our new invariant that all compilation takes place within a
dynamic global object scope.
* runtime/JSGlobalObject.cpp:
(JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
* runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope
to require a JSGlobalData instead of an ExecState* since it is often
easier to provide the former, and the latter was not necessary.
2011-03-24 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear
https://bugs.webkit.org/show_bug.cgi?id=55671
This is no longer necessary, and it seems that with the new weakmap
model it's simply unsafe, so this reduces it to a no-op.
* API/JSWeakObjectMapRefPrivate.cpp:
2011-03-24 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=20302
Correct implementation of signbit on Solaris
* wtf/MathExtras.h:
(signbit):
2011-03-23 Mark Rowe <mrowe@apple.com>
Reviewed by Darin Adler.
<rdar://problem/7959320> Threads that use APIs above the BSD layer must be registered with the Obj-C GC.
* wtf/ThreadingPthreads.cpp:
(WTF::initializeCurrentThreadInternal):
2011-03-23 Mark Rowe <mrowe@apple.com>
Stop setting OTHER_OPTIONS in JavaScriptCore's Makefile.
It's not necessary to pass "-target All" as xcodebuild always builds the
first target in the project unless otherwise specified. The presence of
that option also breaks "make clean" since that results in both the
-target and -alltargets options being passed to xcodebuild.
* Makefile:
2011-03-23 Pavel Feldman <pfeldman@chromium.org>
Not reviewed: bring back Vector::contains that was removed as a part of roll back.
* wtf/Vector.h:
(WTF::::contains):
2011-03-23 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r81686.
http://trac.webkit.org/changeset/81686
https://bugs.webkit.org/show_bug.cgi?id=56914
Breaks webkit_tests in Chromium again. (Requested by pfeldman
on #webkit).
* wtf/Vector.h:
2011-03-23 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
JavaScriptCore GYP build should work on a case-sensitive file system
https://bugs.webkit.org/show_bug.cgi?id=56911
The issue is that there are two UString.h headers, one named UString.h
and one named ustring.h. This patch excludes ustring.h from the header
map to avoid confusion. While I was editing this part of the GYP file,
I cleaned up the exclude rules to be more modern.
* gyp/JavaScriptCore.gyp:
2011-03-22 Geoffrey Garen <ggaren@apple.com>
Reviewed by Maciej Stachowiak.
REGRESSION (r78382): No scripts appear in the Web Inspector's Scripts
panel on Windows, and many inspector regression tests are failing
https://bugs.webkit.org/show_bug.cgi?id=54490
The bug was caused by two different classes using the same name (Recompiler).
* debugger/Debugger.cpp:
* runtime/JSGlobalData.cpp:
(WTF::Recompiler::operator()): Put Recompiler in an anonymous namespace,
so our two recompilers' inline functions don't stomp each other at
link time.
2011-03-22 Sam Weinig <sam@webkit.org>
Reviewed by Mark Rowe.
Remove USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
<rdar://problem/8944718>
* DerivedSources.make:
Remove generation of USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
2011-03-22 Gabor Loki <loki@webkit.org>
Reviewed by Csaba Osztrogonác.
[Qt] Add DFG module to build system (disabled by default).
https://bugs.webkit.org/show_bug.cgi?id=56845
* JavaScriptCore.pri:
* JavaScriptCore.pro:
2011-03-22 Eric Seidel <eric@webkit.org>
Reviewed by Adam Barth.
Add support to build-webkit for building with gyp-generated project files
https://bugs.webkit.org/show_bug.cgi?id=56877
Found a couple missing Private headers while trying to make WebCore build.
* JavaScriptCore.gypi:
2011-03-22 Eric Seidel <eric@webkit.org>
Reviewed by Adam Barth.
Make it possible to build JavaScriptCore and WebCore gyp builds outside of Source
https://bugs.webkit.org/show_bug.cgi?id=56867
This should make it possible to build the gyp-generated JavaScriptCore.xcodeproj
from a JavaScriptCore directory outside of Source.
* gyp/JavaScriptCore.gyp:
* gyp/run-if-exists.sh: Added.
* gyp/update-info-plist.sh: Added.
2011-03-22 Eric Seidel <eric@webkit.org>
Reviewed by Adam Barth.
Add Profiling Configuration to JavaScriptCore gyp build
https://bugs.webkit.org/show_bug.cgi?id=56862
It appears this is identical to Release, but I suspect
there is someone/thing who uses the Profiling target
so we're adding it for completeness.
* gyp/JavaScriptCore.gyp:
2011-03-22 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Remove os_win32_files variable from the GYP build
https://bugs.webkit.org/show_bug.cgi?id=56804
Now that our understanding of GYP is sufficiently advanced, we don't
need os_win32_files any more. (Turns out Eric was right, as he always
is.)
* JavaScriptCore.gypi:
2011-03-22 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
GYP build of JavaScriptCore should be able to link from an empty WebKitBuild directory
https://bugs.webkit.org/show_bug.cgi?id=56803
Previously, we thought we should generate the derived source files in
the shared intermediate build products directory, but there are
assumptions built into other parts of the Mac build system that the
derived source files will be generated in a particular subdirectory of
the build products directory.
This patch is a partial revert of the change that moved the derived
source files to the shared intermediate directory. After this patch,
the GYP build can build JavaScriptCore without help from the main
normal build system.
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
* gyp/generate-derived-sources.sh:
* gyp/generate-dtrace-header.sh:
2011-03-22 Jay Civelli <jcivelli@chromium.org>
Reviewed by David Levin.
Adding a contains method to Vector.
https://bugs.webkit.org/show_bug.cgi?id=55859
* wtf/Vector.h:
(WTF::Vector::contains):
2011-03-22 Gabor Loki <loki@webkit.org>
Reviewed by Alexey Proskuryakov.
Fix a bunch of typos in DFG.
https://bugs.webkit.org/show_bug.cgi?id=56813
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::parse):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::setSpilled):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::setupStubArguments):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.h:
* dfg/DFGOperations.h:
* dfg/DFGRegisterBank.h:
(JSC::DFG::RegisterBank::allocate):
* dfg/DFGScoreBoard.h:
(JSC::DFG::ScoreBoard::~ScoreBoard):
(JSC::DFG::ScoreBoard::allocate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
2011-03-22 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Production configuration in GYP isn&apos;t set up correctly
https://bugs.webkit.org/show_bug.cgi?id=56786
Update JavaScriptCore.gyp with information mined from
JavaScriptCore.xcodeproj.
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
2011-03-22 Kent Tamura <tkent@chromium.org>
Reviewed by Eric Seidel.
REGRESSION(r80096): Number type input unexpectedly rounds fractional values
https://bugs.webkit.org/show_bug.cgi?id=56367
Introduce clampToInteger(unsigned).
* wtf/MathExtras.h:
(clampToInteger): Added.
2011-03-21 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
GYP build should not have include paths that point within the source tree
https://bugs.webkit.org/show_bug.cgi?id=56788
Turns out we don't need these include paths anymore now that we have
header maps working properly.
* gyp/JavaScriptCore.gyp:
- Also, remove jsc.cpp from the excluded list because it's not part
of the jsc_files variable instead of the javascriptcore_files
variable.
2011-03-21 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Solve the Assertions.cpp / -Wno-missing-format-attribute mystery
https://bugs.webkit.org/show_bug.cgi?id=56780
The reason we couldn't resolve this warning in the GYP build was that
the normal build disables this warning specifically for this file.
This patch takes the same approach as the previous patch to
WebCoreObjCExtras.mm in that it uses a pragma to suppress the warning
(rather than a build system configuration).
* JavaScriptCore.xcodeproj/project.pbxproj:
- Remove the special-case for this file.
* gyp/JavaScriptCore.gyp:
- Remove the work-around for this issue.
* wtf/Assertions.cpp:
- Add a pragma disabling this warning for this file.
2011-03-21 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
WebCore GYP build shouldn't crash on startup
https://bugs.webkit.org/show_bug.cgi?id=56776
Debug builds shouldn't define NDEBUG. This same logic exists in the
project.pbxproj file.
* gyp/JavaScriptCore.gyp:
2011-03-21 Robert Kroeger <rjkroege@chromium.org>
Reviewed by Antonio Gomes.
Flag to enable/disable a GestureReocognizer framework
https://bugs.webkit.org/show_bug.cgi?id=49345
* wtf/Platform.h:
2011-03-21 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Add new files to JavaScriptCore.gypi
https://bugs.webkit.org/show_bug.cgi?id=56766
* JavaScriptCore.gypi:
2011-03-21 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r81377.
http://trac.webkit.org/changeset/81377
https://bugs.webkit.org/show_bug.cgi?id=56765
WebPageSerializerTest.MultipleFrames is broken (Requested by
simonjam on #webkit).
* wtf/Vector.h:
2011-03-21 Gabor Loki <loki@webkit.org>
Reviewed by Csaba Osztrogonác.
Extend constant pool to be able to store 16 bit instructions with a constant
https://bugs.webkit.org/show_bug.cgi?id=46796
The putShortWithConstantInt function inserts a 16 bit instruction which
refers a 32 bits constant or literal. This is a vital function for those
target which loads a PC relative value with a 16 bit instruction (like
Thumb-2 instruction set and SH4 architecture).
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::putIntegral):
(JSC::AssemblerBuffer::putIntegralUnchecked):
* assembler/AssemblerBufferWithConstantPool.h:
2011-03-21 Philippe Normand <pnormand@igalia.com>
Unreviewed, GTK distcheck build fix.
* GNUmakefile.am:
2011-03-20 Bill Budge <bbudge@chromium.org>
Reviewed by Adam Barth.
Rename ThreadSafeShared to ThreadSafeRefCounted
https://bugs.webkit.org/show_bug.cgi?id=56714
No new tests. Exposes no new functionality.
* API/JSClassRef.h:
* API/OpaqueJSString.h:
* GNUmakefile.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/Atomics.h:
* wtf/CMakeLists.txt:
* wtf/CrossThreadRefCounted.h:
(WTF::CrossThreadRefCounted::CrossThreadRefCounted):
(WTF::::crossThreadCopy):
* wtf/ThreadSafeRefCounted.h: Copied from wtf/ThreadSafeShared.h.
(WTF::ThreadSafeRefCountedBase::ThreadSafeRefCountedBase):
(WTF::ThreadSafeRefCountedBase::ref):
(WTF::ThreadSafeRefCountedBase::refCount):
(WTF::ThreadSafeRefCountedBase::derefBase):
(WTF::ThreadSafeRefCounted::ThreadSafeRefCounted):
* wtf/ThreadSafeShared.h: Removed.
* wtf/Threading.h:
2011-03-19 Patrick Gansterer <paroga@webkit.org>
Reviewed by Darin Adler.
Remove StringImpl::computeHash()
https://bugs.webkit.org/show_bug.cgi?id=49894
Replace remainig StringImpl::computeHash with StringImpl::computeHashStringHasher.
* wtf/text/AtomicString.cpp:
(WTF::CStringTranslator::hash):
(WTF::UCharBufferTranslator::hash):
(WTF::HashAndCharactersTranslator::hash):
* wtf/text/StringImpl.h:
(WTF::StringImpl::setHash):
(WTF::StringImpl::hash):
2011-03-19 Patrick Gansterer <paroga@webkit.org>
Reviewed by Darin Adler.
Rename WTF::StringHasher methods
https://bugs.webkit.org/show_bug.cgi?id=53532
Rename createHash to computeHash and createBlobHash to hashMemory.
Also add a using WTF::StringHasher in the header file.
* profiler/CallIdentifier.h:
(JSC::CallIdentifier::Hash::hash):
* runtime/Identifier.cpp:
(JSC::IdentifierCStringTranslator::hash):
(JSC::IdentifierUCharBufferTranslator::hash):
* wtf/StringHasher.h:
(WTF::StringHasher::computeHash):
(WTF::StringHasher::hashMemory):
* wtf/text/StringHash.h:
(WTF::CaseFoldingHash::hash):
* wtf/text/StringImpl.h:
(WTF::StringImpl::computeHash):
* wtf/unicode/UTF8.cpp:
(WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
2011-03-18 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
[GTK] JSC crashes in 32bit Release bots after r80743
https://bugs.webkit.org/show_bug.cgi?id=56180
The crash was caused by referencing GC memory from a GC destructor. This
is not safe because destruction time / order is not guaranteed.
* profiler/ProfileGenerator.cpp:
(JSC::ProfileGenerator::create):
(JSC::ProfileGenerator::ProfileGenerator):
(JSC::ProfileGenerator::willExecute):
(JSC::ProfileGenerator::didExecute):
* profiler/ProfileGenerator.h:
(JSC::ProfileGenerator::origin): Made ExecState* the first argument,
to match the rest of this class and JSC.
Use a JSGlobalObject* instead of an ExecState* with an indirect reference
to a JSGlobalObject* to track our origin. This is simpler and more
efficient, and it removes the destruction order dependency that was causing
our crash.
* profiler/Profiler.cpp:
(JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*.
(JSC::Profiler::stopProfiling): New function for stopping all profiles
for a given global object. This is more straight-forward than multiplexing
through the old function.
(JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*.
* profiler/Profiler.h: Ditto.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::~JSGlobalObject): Ditto.
2011-03-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
1 Structure leaked beneath JSGlobalData::storeVPtrs()
https://bugs.webkit.org/show_bug.cgi?id=56595
* runtime/Executable.cpp:
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):
* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::NativeExecutable::NativeExecutable):
(JSC::VPtrHackExecutable::VPtrHackExecutable):
(JSC::ScriptExecutable::ScriptExecutable): Use a raw pointer instead of
PassRefPtr, like JSString does, since JSGlobalData owns the singleton
exectuable structure.
2011-03-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Mark Rowe.
Fixed some string leaks seen on the buildbot
https://bugs.webkit.org/show_bug.cgi?id=56619
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::~PropertyTable): DEref!
2011-03-17 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Crash in JSC::MarkStack::drain Under Stress
https://bugs.webkit.org/show_bug.cgi?id=56470
We perform a number of gc allocations while when
we are setting up new globals in a piece of global
code. We do this by adding new properties to the
symbol table, and then expanding the storage to fit
at the end.
If a GC happens during this time we will report an
incorrect size for the global object's symbol table
storage.
This patch corrects this by growing the storage size
before we starting adding entries to the symbol table.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::resizeRegisters):
2011-03-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
1 Structure leaked beneath JSGlobalData::storeVPtrs()
https://bugs.webkit.org/show_bug.cgi?id=56595
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::storeVPtrs): Take local ownership of the Structure
we're using, since the Executable is not designed to own the Structure.
2011-03-17 Gavin Barraclough <barraclough@apple.com>
Rubber Stamped by Sam Weinig.
Add missing register-register branchTest8 to MacroAssemblerX86Common/X86Assembler.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branchTest8):
* assembler/X86Assembler.h:
(JSC::X86Assembler::testb_rr):
2011-03-17 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 56603 - DFG JIT related cleanup
Move node generation out to separate function, move binarySearch algorithm out
to StdLibExtras, fix Graph::dump() to print comma between non-node children,
even if there are no node children.
* bytecode/CodeBlock.h:
(JSC::getCallReturnOffset):
(JSC::CodeBlock::getStubInfo):
(JSC::CodeBlock::getCallLinkInfo):
(JSC::CodeBlock::getMethodCallLinkInfo):
(JSC::CodeBlock::bytecodeOffset):
- Move binaryChop to binarySearch in StdLibExtras
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::parse):
(JSC::DFG::parse):
- Make m_noArithmetic a member, initialize m_currentIndex in the constructor.
* dfg/DFGByteCodeParser.h:
- Change parse() to not take a start index (always 0).
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
- Fix Graph::dump() to print comma between non-node children, even if there are no node children.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::JITCodeGenerator):
- Initialize m_compileIndex in constructor.
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGNonSpeculativeJIT.h:
- Spilt out compilation of individual node.
* dfg/DFGOperations.cpp:
(JSC::DFG::operationConvertThis):
* dfg/DFGOperations.h:
- Cleanup parameter name.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
- Spilt out compilation of individual node.
* runtime/Executable.cpp:
(JSC::tryDFGCompile):
- Change parse() to not take a start index (always 0).
* wtf/StdLibExtras.h:
(WTF::binarySearch):
- Move binaryChop to binarySearch in StdLibExtras
2011-03-17 Anders Carlsson <andersca@apple.com>
Reviewed by Geoffrey Garen.
Fix clang build.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::storeVPtrs):
2011-03-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
1 Structure leaked beneath JSGlobalData::storeVPtrs()
https://bugs.webkit.org/show_bug.cgi?id=56595
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::storeVPtrs): Now that we have an executable, we need
to explicitly run its destructor.
2011-03-17 Jeff Miller <jeffm@apple.com>
Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically:
*.mode*
*.pbxuser
*.perspective*
project.xcworkspace
xcuserdata
* JavaScriptCore.xcodeproj: Modified property svn:ignore.
2011-03-17 Gavin Barraclough <barraclough@apple.com>
Reverting r81197, breaks JIT + INTERPRETER build.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
(JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addPropertyAccessInstruction):
(JSC::CodeBlock::addGlobalResolveInstruction):
(JSC::CodeBlock::addStructureStubInfo):
* bytecode/Opcode.h:
* bytecode/StructureStubInfo.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitResolve):
(JSC::BytecodeGenerator::emitResolveWithBase):
(JSC::BytecodeGenerator::emitGetById):
(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):
(JSC::BytecodeGenerator::emitCatch):
2011-03-17 Ben Taylor <bentaylor.solx86@gmail.com>
Reviewed by Alexey Proskuryakov.
Add a COMPILER(SUNCC) define for Sun Studio 12.
https://bugs.webkit.org/show_bug.cgi?56444
derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932
* wtf/Platform.h:
2011-03-17 Jay Civelli <jcivelli@chromium.org>
Reviewed by David Levin.
Adding a contains method to Vector.
https://bugs.webkit.org/show_bug.cgi?id=55859
* wtf/Vector.h:
(WTF::::operator):
(WTF::::contains):
2011-03-17 Patrick Gansterer <paroga@webkit.org>
Fix the interpreter build.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute): Added globalData to inheritorID().
2011-03-16 Sam Weinig <sam@webkit.org>
Fix the interpreter build.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::resolve):
(JSC::Interpreter::resolveSkip):
(JSC::Interpreter::resolveGlobal):
(JSC::Interpreter::resolveGlobalDynamic):
(JSC::Interpreter::resolveBaseAndProperty):
(JSC::Interpreter::privateExecute):
Remove .get()s.
2011-03-16 Adam Barth <abarth@webkit.org>
Reviewed by James Robinson.
Remove USE(BUILTIN_UTF8_CODEC)
https://bugs.webkit.org/show_bug.cgi?id=56508
We added this recently when we were unsure about the stability of the
built-in UTF-8 codec. However, the codec seems to be stable, so we
don't need the macro.
* wtf/Platform.h:
2011-03-16 Daniel Bates <dbates@rim.com>
Reviewed by Darin Adler.
Make JIT build for ARM Thumb-2 with RVCT
https://bugs.webkit.org/show_bug.cgi?id=56440
Derived from a patch by Dave Tapuska.
Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment.
* jit/JITStubs.cpp:
2011-03-16 Chao-ying Fu <fu@mips.com>
Reviewed by Darin Adler.
Fix MIPS build with const *void
https://bugs.webkit.org/show_bug.cgi?id=56513
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::load32):
(JSC::MacroAssemblerMIPS::store32):
2011-03-16 Oliver Hunt <oliver@apple.com>
Reviewed by Darin Adler.
Remove unnecessary caller tracking shenanigans from CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=56483
This removes some leftover cruft from when we made CodeBlock
mark its callees. Removing it gives us a 0.7% progression,
reducing the overall regression to ~1.3%.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::shrinkToFit):
* bytecode/CodeBlock.h:
(JSC::CallLinkInfo::CallLinkInfo):
* jit/JIT.cpp:
(JSC::JIT::linkCall):
(JSC::JIT::linkConstruct):
2011-03-15 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make Structure creation require a JSGlobalData
https://bugs.webkit.org/show_bug.cgi?id=56438
Mechanical change to make Structure::create require JSGlobalData&, and
require all users to provide the globalData.
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::createStructure):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::createStructure):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::createStructure):
* API/JSContextRef.cpp:
* JavaScriptCore.exp:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::DebuggerActivation):
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::createStructure):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jsc.cpp:
(GlobalObject::GlobalObject):
(functionRun):
(jscmain):
* runtime/Arguments.h:
(JSC::Arguments::createStructure):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/BooleanObject.h:
(JSC::BooleanObject::createStructure):
* runtime/DateInstance.h:
(JSC::DateInstance::createStructure):
* runtime/DatePrototype.h:
(JSC::DatePrototype::createStructure):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::createStructure):
* runtime/Executable.h:
(JSC::ExecutableBase::createStructure):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::createStructure):
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/InternalFunction.h:
(JSC::InternalFunction::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSActivation.h:
(JSC::JSActivation::createStructure):
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::createStructure):
* runtime/JSByteArray.h:
(JSC::JSByteArray::JSByteArray):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::createDummyStructure):
* runtime/JSFunction.h:
(JSC::JSFunction::createStructure):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::storeVPtrs):
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::createStructure):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::createStructure):
* runtime/JSONObject.h:
(JSC::JSONObject::createStructure):
* runtime/JSObject.cpp:
(JSC::JSObject::createInheritorID):
* runtime/JSObject.h:
(JSC::JSObject::createStructure):
(JSC::JSNonFinalObject::createStructure):
(JSC::JSFinalObject::createStructure):
(JSC::createEmptyObjectStructure):
(JSC::JSObject::inheritorID):
* runtime/JSObjectWithGlobalObject.h:
(JSC::JSObjectWithGlobalObject::createStructure):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::createStructure):
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::createStructure):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::createStructure):
* runtime/JSZombie.h:
(JSC::JSZombie::createStructure):
* runtime/MathObject.h:
(JSC::MathObject::createStructure):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::createStructure):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::createStructure):
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::createStructure):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::createStructure):
* runtime/RegExpObject.h:
(JSC::RegExpObject::createStructure):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::createStructure):
* runtime/StringObject.h:
(JSC::StringObject::createStructure):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
* runtime/StringPrototype.h:
(JSC::StringPrototype::createStructure):
* runtime/Structure.h:
(JSC::Structure::create):
2011-03-16 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Some conservative root gathering cleanup
https://bugs.webkit.org/show_bug.cgi?id=56447
SunSpider says 0.5% - 1.8% faster.
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::gatherConservativeRoots):
* interpreter/RegisterFile.h: New helper function for doing the
conservative gathering of the register file. It's still conservative,
since the register file may contain uninitialized values, but it's
moving-safe, because it only visits values tagged as pointers, so there's
no risk of mistaking an integer for a pointer and accidentally changing it.
* runtime/ConservativeSet.cpp:
(JSC::ConservativeRoots::add):
* runtime/ConservativeSet.h: Added a single-value add function, used above.
* runtime/Heap.cpp:
(JSC::Heap::markRoots): Separated machine stack conservative roots from
register file conservative roots because machine stack roots must be
pinned, but register file roots need not be pinned.
Adopted new interface for passing the current stack extent to the machine
stack root gathering routine. This allows us to exclude marking-related
data structures on the stack, and thus avoid double-marking the set of
machine roots.
* runtime/MachineStackMarker.cpp:
(JSC::MachineThreads::gatherFromCurrentThread):
(JSC::MachineThreads::gatherConservativeRoots):
* runtime/MachineStackMarker.h: Added new interface, described above.
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::firstAtom):
* wtf/StdLibExtras.h:
(WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used
by MachineStacks.
2011-03-16 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
A little bit of MarkStack cleanup
https://bugs.webkit.org/show_bug.cgi?id=56443
Moved MarkStack functions into MarkStack.h/.cpp.
SunSpider reports no change.
* runtime/JSArray.h:
* runtime/JSCell.h: Moved from here...
* runtime/MarkStack.cpp:
(JSC::MarkStack::markChildren):
(JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's
a huge function, and not called many times.
* runtime/MarkStack.h:
(JSC::MarkStack::~MarkStack): Moved near constructor, per style guide.
(JSC::MarkStack::append):
(JSC::MarkStack::deprecatedAppend):
(JSC::MarkStack::internalAppend): Moved to here.
2011-03-15 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed another deprecatedAppend
https://bugs.webkit.org/show_bug.cgi?id=56429
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::markStrongHandles):
* collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are
marked directly by the Heap.
* runtime/Heap.cpp:
(JSC::Heap::markRoots): Ditto.
2011-03-15 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed some more deprecated / unsafe append
https://bugs.webkit.org/show_bug.cgi?id=56428
* collector/handles/HandleStack.cpp:
(JSC::HandleStack::mark):
* collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot
marker, since it's a heap root.
* runtime/ArgList.cpp:
(JSC::MarkedArgumentBuffer::markLists):
(JSC::MarkedArgumentBuffer::slowAppend):
* runtime/ArgList.h: Ditto.
* runtime/Heap.cpp:
(JSC::Heap::markRoots): Added a mark call for marking the handle stack.
It seems like Oliver forgot this in his last patch. (!)
* runtime/MarkStack.h: Removed appendSlots, since it would allow an
object to embed JSValues directly instead of using WriteBarrier.
(JSC::MarkStack::append): Added a private append for a list of values.
(JSC::HeapRootMarker::mark): Access to the above.
2011-03-15 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed a few more deprecatedAppends, and removed HeapRoot<T>
https://bugs.webkit.org/show_bug.cgi?id=56422
Added HeapRootMarker, a privileged class for marking direct heap roots
that are iterated during each garbage collection. This is easier to use
and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>.
* debugger/Debugger.cpp:
(JSC::evaluateInGlobalCallFrame):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluate):
* interpreter/CallFrame.h:
(JSC::ExecState::exception):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Completion.cpp:
(JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to
call .get() on it.
* runtime/Heap.cpp:
(JSC::Heap::markProtectedObjects):
(JSC::Heap::markTempSortVectors):
(JSC::Heap::markRoots):
* runtime/Heap.h: Updated to use HeapRootMarker.
* runtime/JSCell.h:
(JSC::JSCell::MarkStack::append): Added private functions for
HeapRootMarker to use.
* runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>.
* runtime/MarkStack.h:
(JSC::HeapRootMarker::HeapRootMarker):
(JSC::HeapRootMarker::mark): Added private functions for
HeapRootMarker to use.
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::markChildren): Updated to use HeapRootMarker.
* runtime/SmallStrings.h:
(JSC::SmallStrings::emptyString):
(JSC::SmallStrings::singleCharacterString):
(JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker.
* runtime/WriteBarrier.h: Removed HeapRoot<T>.
2011-03-14 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Made the global object moving-GC-safe
https://bugs.webkit.org/show_bug.cgi?id=56348
SunSpider reports no change.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::markChildren): Removed a dubious comment that
suggested we do not need to visit all our references during GC, since
that is not true in a moving GC.
Re-sorted data members by type, removed one duplicate, and added back
the one missing mark I found.
* runtime/JSGlobalObject.h: Re-sorted data members by type.
2011-03-15 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Introduce Local<T> to allow us to start moving to precise marking of locals
https://bugs.webkit.org/show_bug.cgi?id=56394
Introduce a new handle type, Local<T> and a scoping mechanism
LocalScope to allow us to start moving towards precise marking
of temporaries and local variables.
We also start to use the new Local<> type in the JSON stringifier
so that we can have some coverage of their behaviour in the initial
checkin.
* GNUmakefile.am:
* JavaScriptCore.gypi:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* collector/handles/Handle.h:
(JSC::::asObject):
* collector/handles/HandleStack.cpp: Added.
(JSC::HandleStack::HandleStack):
(JSC::HandleStack::mark):
(JSC::HandleStack::grow):
* collector/handles/HandleStack.h: Added.
(JSC::HandleStack::enterScope):
(JSC::HandleStack::zapTo):
(JSC::HandleStack::leaveScope):
(JSC::HandleStack::push):
* collector/handles/Local.h: Added.
(JSC::Local::internalSet):
(JSC::::Local):
(JSC::::operator):
(JSC::LocalStack::LocalStack):
(JSC::LocalStack::peek):
(JSC::LocalStack::pop):
(JSC::LocalStack::push):
(JSC::LocalStack::isEmpty):
(JSC::LocalStack::size):
* collector/handles/LocalScope.h: Added.
(JSC::LocalScope::LocalScope):
(JSC::LocalScope::~LocalScope):
(JSC::LocalScope::release):
* runtime/Heap.cpp:
(JSC::Heap::markRoots):
* runtime/Heap.h:
(JSC::Heap::allocateLocalHandle):
(JSC::Heap::handleStack):
* runtime/JSCell.h:
(JSC::JSCell::::getString):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::allocateLocalHandle):
* runtime/JSONObject.cpp:
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::stringify):
(JSC::Stringifier::appendStringifiedValue):
(JSC::Stringifier::Holder::Holder):
(JSC::Walker::Walker):
(JSC::Walker::walk):
(JSC::JSONProtoFuncParse):
(JSC::JSONProtoFuncStringify):
(JSC::JSONStringify):
* runtime/JSONObject.h:
* runtime/MarkStack.h:
(JSC::MarkStack::appendValues):
(JSC::MarkStack::appendSlots):
2011-03-15 Gavin Barraclough <barraclough@apple.com>
Rubber Stamped by Sam Weinig.
Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler
Some methods have unnecessary differences in name/arguments for interpreter/JIT.
* bytecode/CodeBlock.cpp:
* bytecode/CodeBlock.h:
(JSC::HandlerInfo::HandlerInfo):
(JSC::CodeBlock::addPropertyAccessInfo):
(JSC::CodeBlock::addGlobalResolveInfo):
(JSC::CodeBlock::addCallLinkInfo):
(JSC::CodeBlock::globalResolveInfo):
* bytecode/Opcode.h:
* bytecode/StructureStubInfo.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitResolve):
(JSC::BytecodeGenerator::emitResolveWithBase):
(JSC::BytecodeGenerator::emitGetById):
(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitConstruct):
(JSC::BytecodeGenerator::emitCatch):
2011-03-15 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Fix broken assert in new code.
* dfg/DFGAliasTracker.h:
(JSC::DFG::AliasTracker::recordPutByVal):
- recordPutByVal is called for both PutByVal & PutByValAlias.
2011-03-15 Gavin Barraclough <barraclough@apple.com>
Rubber stamped by Sam Weinig.
Removed redundant code from BytecodeGenerator.
* bytecompiler/BytecodeGenerator.cpp:
* bytecompiler/BytecodeGenerator.h:
- delete uncalled code missed when reparsing was removed.
2011-03-15 Kevin Ollivier <kevino@theolliviers.com>
Reviewed by Darin Adler.
Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export
info into the headers rather than in export symbol definition files, but disable it on
all platforms initially so we can deal with port build issues one port at a time.
https://bugs.webkit.org/show_bug.cgi?id=27551
* API/JSBase.h:
* config.h:
* wtf/Assertions.h:
* wtf/ExportMacros.h: Added.
* wtf/Platform.h:
2011-03-14 Laszlo Gombos <laszlo.1.gombos@nokia.com>
Unreviewed build fix.
Buildfix when JIT is not enabled after r81079
https://bugs.webkit.org/show_bug.cgi?id=56361
* runtime/Executable.cpp:
2011-03-14 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Made the global object moving-GC-safe
https://bugs.webkit.org/show_bug.cgi?id=56348
SunSpider reports no change.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::markChildren): Removed a dubious comment that
suggested we do not need to visit all our references during GC, since
that is not true in a moving GC.
Re-sorted data members by type, removed one duplicate, and added back
the one missing mark I found.
* runtime/JSGlobalObject.h: Re-sorted data members by type.
2011-03-14 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Made JSWrapperObject and subclasses moving-GC-safe
https://bugs.webkit.org/show_bug.cgi?id=56346
SunSpider reports no change.
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance): No more need for JSGlobalData, since
we don't initialize the wrapped value in our constructor.
* runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because
we do not in fact override markChildren.
* runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object
no longer does so for us. Also added an ASSERT to catch a latent bug,
where DatePrototype stomped on its base class's anonymous slot. Hard-coded
anonymous slots are a plague on our code. This doesn't cause any problems
in our existing code since the base class never reads the anonymous slot
it declares, but it caused crashes when I tried to start using the slot
in an initial version of this patch.
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::JSWrapperObject):
(JSC::JSWrapperObject::internalValue):
(JSC::JSWrapperObject::setInternalValue): Resolved a problem where
our internal value was stored in two places: an anonymous slot, and a
data member which was not always visited during GC. Now, we only use the
data member, and we always visit it. (Instead of relying on certain
subclasses to set the OverridesMarkChildren bit, we set it ourselves.)
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject): No more need for JSGlobalData, since
we don't initialize the wrapped value in our constructor.
* runtime/NumberObject.h: Removed meaningless declaration.
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject): No more need for JSGlobalData, since
we don't initialize the wrapped value in our constructor.
* runtime/StringObject.h: Don't set the OverridesMarkChildren flag because
we do not in fact override markChildren.
* runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object
no longer does so for us. Also added an ASSERT to catch a latent bug,
where DatePrototype stomped on its base class's anonymous slot. Hard-coded
anonymous slots are a plague on our code.
2011-03-14 Michael Saboff <msaboff@apple.com>
Reviewed by Gavin Barraclough.
Look-ahead assertions with back references don’t work as expected
https://bugs.webkit.org/show_bug.cgi?id=56082
Changed parentheses assertion processing to temporarily back out the
number of known characters after the assertion while processing the
assertion. This was done so that assertions don't fail due to
checking the number of required characters as additional to the
rest of the express since assertions don't "consume" input.
Added a byte code to uncheck characters to support the change.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::ByteCompiler::uncheckInput):
(JSC::Yarr::ByteCompiler::emitDisjunction):
* yarr/YarrInterpreter.h:
(JSC::Yarr::ByteTerm::UncheckInput):
2011-03-14 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
Reviewed by Laszlo Gombos.
[Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian.
https://bugs.webkit.org/show_bug.cgi?id=56133
Add condition to not compile webkit internal math round functions on RVCT compiler versions
from 3.0.0 because they are already defined in compiler math library.
* wtf/MathExtras.h:
2011-03-14 Gavin Barraclough <barraclough@apple.com>
Reviewed by Geoffrey Garen & Oliver Hunt.
Bug 56284 - Add a dataflow intermediate representation for use in JIT generation.
The JSC JIT presently generates code directly from the bytecode used by the interpreter.
This is not an optimal intermediate representation for JIT code generation, since it does
not capture liveness information of values, and provides little opportunity to perform
any static analysis for even primitive types. The JIT currently generates two code paths,
a fast path handling common cases, and a slower path handling less common operand types.
However the slow path jumps back into the fast path, meaning that information arising
from the earlier type checks cannot be propagated to later operations.
This patch adds:
* a dataflow intermediate representation capable of describing a single basic block
of operations,
* a mechanism to convert a simple, single-block bytecode functions to the new IR,
* and a JIT code generator capable of generating code from this representation.
The JIT generates two code paths, with the slower path not reentering the fast path
mid-block, allowing speculative optimizations to be made on the hot path, with type
information arising from these speculative decisions able to be propagated through the
dataflow. Code generation of both speculative and non-speculative paths exploits the type
and liveness information represented in the dataflow graph to attempt to avoid redundant
boxing and type-checking of values, and to remove unnecessary spills of temporary values
to the RegisterFile.
The dataflow JIT currently can only support a subset of bytecode operations, limited to
arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
expanded to include, control-flow, function calls, and then the long-tail of remaining
bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
this only supports x86-64.
The status of the dataflow JIT is currently work-in-progress. Limitations of the present
JIT code generation may cause performance regressions, particularly:
* the policy to only generate arithmetic code on the speculative path using integer
instructions, never using floating point.
* the policy to only generate arithmetic code on the non-speculative path using
floating point instructions, never using integer.
* always generating JSValue adds on the non-speculative path as a call out to a
C-function, never handling this in JIT code.
* always assuming by-Value property accesses on the speculative path to be array
accesses.
* generating all by-Value property accesses from the non-speculative path as a call
out to a C-function.
* generating all by-Indentifer property accesses as a call out to a C-function.
Due to these regressions, the code is landed in a state where it is disabled in most
cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
addressed, the JIT will be allowed to trigger in more cases.
* JavaScriptCore.xcodeproj/project.pbxproj:
- Added new files to Xcode project.
* dfg: Added.
- Added directory for new code.
* dfg/DFGByteCodeParser.cpp: Added.
* dfg/DFGByteCodeParser.h: Added.
- Contruct a DFG::Graph representation from a bytecode CodeBlock.
* dfg/DFGGenerationInfo.h: Added.
- Track type & register information for VirtualRegisters during JIT code generation.
* dfg/DFGGraph.cpp: Added.
* dfg/DFGGraph.h: Added.
- Dataflow graph intermediate representation for code generation.
* dfg/DFGJITCodeGenerator.cpp: Added.
* dfg/DFGJITCodeGenerator.h: Added.
- Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
* dfg/DFGJITCompiler.cpp: Added.
* dfg/DFGJITCompiler.h: Added.
- Class responsible for driving code generation of speculativeJIT & non-speculative
code paths from the dataflow graph.
* dfg/DFGNonSpeculativeJIT.cpp: Added.
* dfg/DFGNonSpeculativeJIT.h: Added.
- Used to generate the non-speculative code path, this make no assumptions
about operand types.
* dfg/DFGOperations.cpp: Added.
* dfg/DFGOperations.h: Added.
- Helper functions called from the JIT generated code.
* dfg/DFGRegisterBank.h: Added.
- Used to track contents of physical registers during JIT code generation.
* dfg/DFGSpeculativeJIT.cpp: Added.
* dfg/DFGSpeculativeJIT.h: Added.
- Used to generate the speculative code path, this make assumptions about
operand types to enable optimization.
* runtime/Executable.cpp:
- Add code to attempt to use the DFG JIT to compile a function, with fallback
to the existing JIT.
* wtf/Platform.h:
- Added compile guards to enable the DFG JIT.
2011-03-14 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed more cases of DeprecatedPtr (exception, SmallStrings)
https://bugs.webkit.org/show_bug.cgi?id=56332
* runtime/Identifier.cpp:
(JSC::Identifier::add):
(JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded
constant, to make this code less brittle.
* runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because
this reference is owned and managed directly by the heap.
* runtime/JSString.cpp:
(JSC::JSString::substringFromRope):
* runtime/JSString.h:
(JSC::jsSingleCharacterString):
(JSC::jsSingleCharacterSubstring):
(JSC::jsString):
(JSC::jsStringWithFinalizer):
(JSC::jsSubstring):
(JSC::jsOwnedString): Use a variable instead of a hard-coded
constant, to make this code less brittle.
* runtime/SmallStrings.cpp:
(JSC::SmallStringsStorage::rep):
(JSC::SmallStringsStorage::SmallStringsStorage):
(JSC::SmallStrings::SmallStrings):
(JSC::SmallStrings::markChildren):
(JSC::SmallStrings::clear):
(JSC::SmallStrings::count): Use a variable instead of a hard-coded
constant, to make this code less brittle.
* runtime/SmallStrings.h:
(JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of
DeprecatedPtr because these references are owned and managed directly by
the heap.
Stop using FixedArray because we only want a very limited set
of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.)
* runtime/WriteBarrier.h:
(JSC::operator==):
(JSC::WriteBarrier::WriteBarrier):
(JSC::HeapRoot::HeapRoot):
(JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set
without write barrier because we assume all HeapRoots are scanned during
all GC passes.
2011-03-14 Brian Weinstein <bweinstein@apple.com>
Reviewed by Adam Roben and Gavin Barraclough.
FileSystemWin.cpp needs listDirectory() implementation
https://bugs.webkit.org/show_bug.cgi?id=56331
<rdar://problem/9126635>
Give StringConcatenate the ability to deal with const UChar*'s as a String type to append.
* wtf/text/StringConcatenate.h:
2011-03-14 Mark Rowe <mrowe@apple.com>
Reviewed by Oliver Hunt.
<http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot
* API/JSClassRef.cpp:
(OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if
the class definition contains duplicates. This also removes what look to be leaks
of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr
which retains / releases the instances at the appropriate time, so explicitly calling
ref is not necessary.
2011-03-14 Oliver Hunt <oliver@apple.com>
Fix windows build
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::emitLoadInt32):
(JSC::JSInterfaceJIT::tagFor):
(JSC::JSInterfaceJIT::payloadFor):
(JSC::JSInterfaceJIT::intPayloadFor):
(JSC::JSInterfaceJIT::intTagFor):
(JSC::JSInterfaceJIT::addressFor):
2011-03-11 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Ensure all values are correctly tagged in the registerfile
https://bugs.webkit.org/show_bug.cgi?id=56214
This patch makes sure that all JSCell pointers written to
the registerfile are correctly tagged as JSCells, and replaces
raw int usage with the immediate representation.
For performance, register pressure, and general saneness reasons
I've added abstractions for reading and writing the tag
and payload of integer registers directly for the JSVALUE64
encoding.
* interpreter/Register.h:
(JSC::Register::withInt):
(JSC::Register::withCallee):
(JSC::Register::operator=):
(JSC::Register::i):
(JSC::Register::activation):
(JSC::Register::function):
(JSC::Register::propertyNameIterator):
(JSC::Register::scopeChain):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITInlineMethods.h:
(JSC::JIT::emitPutToCallFrameHeader):
(JSC::JIT::emitPutCellToCallFrameHeader):
(JSC::JIT::emitPutIntToCallFrameHeader):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
(JSC::JIT::emit_op_load_varargs):
(JSC::JIT::emitSlow_op_load_varargs):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::intPayloadFor):
(JSC::JSInterfaceJIT::intTagFor):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::returnJSValue):
(JSC::SpecializedThunkJIT::returnDouble):
(JSC::SpecializedThunkJIT::returnInt32):
(JSC::SpecializedThunkJIT::returnJSCell):
2011-03-13 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
A few Heap-related renames (sans file moves, which should come next)
https://bugs.webkit.org/show_bug.cgi?id=56283
ConservativeSet => ConservativeRoots. "Set" was misleading, since items
are not uniqued. Also, "Roots" is more specific about what's in the set.
MachineStackMarker => MachineThreads. "Threads" is more descriptive of
the fact that this class maintains a set of all threads using JSC.
"Stack" was misleading, since this class traverses stacks and registers.
"Mark" was misleading, since this class doesn't mark anything anymore.
registerThread => addCurrentThread. "Current" is more specific.
unregisterThread => removeCurrentThread. "Current" is more specific.
"currentThreadRegistrar" => threadSpecific. The only point of this data
structure is to register a thread-specific destructor with a pointer to
this.
"mark...Conservatively" => "gather". "Mark" is not true, since these
functions don't mark anything. "Conservatively" is redundant, since they
take "ConservativeRoots" as an argument.
* API/APIShims.h:
(JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
* JavaScriptCore.exp:
* runtime/ConservativeSet.cpp:
(JSC::ConservativeRoots::grow):
(JSC::ConservativeRoots::add):
* runtime/ConservativeSet.h:
(JSC::ConservativeRoots::ConservativeRoots):
(JSC::ConservativeRoots::~ConservativeRoots):
(JSC::ConservativeRoots::size):
(JSC::ConservativeRoots::roots):
* runtime/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::markRoots):
* runtime/Heap.h:
(JSC::Heap::machineThreads):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::makeUsableFromMultipleThreads):
* runtime/MachineStackMarker.cpp:
(JSC::MachineThreads::MachineThreads):
(JSC::MachineThreads::~MachineThreads):
(JSC::MachineThreads::makeUsableFromMultipleThreads):
(JSC::MachineThreads::addCurrentThread):
(JSC::MachineThreads::removeThread):
(JSC::MachineThreads::removeCurrentThread):
(JSC::MachineThreads::gatherFromCurrentThreadInternal):
(JSC::MachineThreads::gatherFromCurrentThread):
(JSC::MachineThreads::gatherFromOtherThread):
(JSC::MachineThreads::gatherConservativeRoots):
* runtime/MachineStackMarker.h:
* runtime/MarkStack.h:
(JSC::MarkStack::append):
2011-03-13 David Kilzer <ddkilzer@apple.com>
BUILD FIX for armv7 after r80969
Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
<https://bugs.webkit.org/show_bug.cgi?id=56270>
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::load32): Made void* address argument
const.
(JSC::MacroAssemblerARMv7::store32): Ditto.
2011-03-13 Geoffrey Garen <ggaren@apple.com>
Not reviewed.
Try to fix the Mac build.
* JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward
ConervativeSet.h, since it's now visible when compiling other projects.
2011-03-13 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed another case of DeprecatedPtr (ConservativeSet)
https://bugs.webkit.org/show_bug.cgi?id=56281
The ConservativeSet is an internal data structure used during marking,
so direct pointers are fine.
* runtime/ConservativeSet.cpp:
(JSC::ConservativeSet::grow):
* runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append.
(JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated
the size of the set based on sizeof(DeprecatedPtr<T>*) instead of
sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not.
(JSC::ConservativeSet::size):
(JSC::ConservativeSet::set): Use direct pointers, as stated above.
* runtime/Heap.cpp:
(JSC::Heap::markRoots):
* runtime/MarkStack.h:
(JSC::MarkStack::append): Created a special case of append for
ConservativeSet. I didn't want to add back a generic "append JSCell*"
function, since other class might start using that wrong. (In the end,
this function might go away, since the Heap will want to do something
slightly more interesting with the conservative set, but this is OK for
now.)
2011-03-13 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed another case of DeprecatedPtr (PutPropertySlot)
https://bugs.webkit.org/show_bug.cgi?id=56278
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::setExistingProperty):
(JSC::PutPropertySlot::setNewProperty):
(JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot,
since it's a stack-allocated temporary.
2011-03-13 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Removed one case of DeprecatedPtr (ScopeChainIterator)
https://bugs.webkit.org/show_bug.cgi?id=56277
* runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator,
since it's a stack-allocated temporary.
2011-03-13 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 56273 - Add three operand forms to MacroAssember operations.
Adding for X86(_64) for now, should be rolled out to other backends as necessary.
These may allow more efficient code generation in some cases, avoiding the need
for unnecessary register-register move instructions.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::Jump::link):
(JSC::AbstractMacroAssembler::Jump::linkTo):
- marked these methods const.
(JSC::AbstractMacroAssembler::Jump::isSet):
- add a method to check whether a Jump object has been set to
reference an instruction, or is in a null, unset state.
* assembler/MacroAssemblerCodeRef.h:
(JSC::FunctionPtr::FunctionPtr):
- add non-explicit constructor, for FunctionPtr's to C/C++ functions.
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::and32):
(JSC::MacroAssemblerX86Common::lshift32):
(JSC::MacroAssemblerX86Common::or32):
(JSC::MacroAssemblerX86Common::rshift32):
(JSC::MacroAssemblerX86Common::urshift32):
(JSC::MacroAssemblerX86Common::xor32):
(JSC::MacroAssemblerX86Common::moveDouble):
(JSC::MacroAssemblerX86Common::addDouble):
(JSC::MacroAssemblerX86Common::divDouble):
(JSC::MacroAssemblerX86Common::subDouble):
(JSC::MacroAssemblerX86Common::mulDouble):
(JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
(JSC::MacroAssemblerX86Common::branchTest32):
(JSC::MacroAssemblerX86Common::branchTest8):
(JSC::MacroAssemblerX86Common::branchAdd32):
(JSC::MacroAssemblerX86Common::branchMul32):
(JSC::MacroAssemblerX86Common::branchSub32):
- add three operand forms of these instructions.
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::addDouble):
(JSC::MacroAssemblerX86_64::convertInt32ToDouble):
(JSC::MacroAssemblerX86_64::loadPtr):
(JSC::MacroAssemblerX86_64::branchTestPtr):
* assembler/X86Assembler.h:
(JSC::X86Assembler::JmpSrc::isSet):
- add a method to check whether a JmpSrc object has been set to
reference an instruction, or is in a null, unset state.
(JSC::X86Assembler::movsd_rr):
- added FP register-register move.
(JSC::X86Assembler::linkJump):
- Add an assert to check jumps aren't linked more than once.
* jit/JITInlineMethods.h:
(JSC::JIT::emitLoadInt32ToDouble):
- load integers to the FPU via regsiters on x86-64.
2011-03-13 Gavin Barraclough <barraclough@apple.com>
ARM build fix.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::load32):
2011-03-13 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
The JIT need to 'friend' other classes in order to be able to calculate offsets
of various properties, or the absolute addresses of members within specific objects,
in order to JIT generate code that will access members within the class when run.
Instead of using friends in these cases, switch to providing specific accessor
methods to provide this information. In the case of offsets, these can be static
functions, and in the case of pointers to members within a specific object these can
be const methods returning pointers to const values, to prevent clients from
modifying values otherwise encapsulated within classes.
* bytecode/SamplingTool.h:
* interpreter/Register.h:
* interpreter/RegisterFile.h:
* runtime/JSArray.h:
* runtime/JSCell.h:
* runtime/JSTypeInfo.h:
* runtime/JSVariableObject.h:
* runtime/Structure.h:
* wtf/RefCounted.h:
- Change these classes to no longer friend the JIT, add accessors for member offsets.
* jit/JIT.cpp:
* jit/JITCall32_64.cpp:
* jit/JITInlineMethods.h:
* jit/JITOpcodes.cpp:
* jit/JITOpcodes32_64.cpp:
* jit/JITPropertyAccess.cpp:
* jit/JITPropertyAccess32_64.cpp:
- Change the JIT to use class accessors, rather than taking object ofsets directly.
* assembler/AbstractMacroAssembler.h:
* assembler/MacroAssemblerX86_64.h:
* assembler/X86Assembler.h:
- Since the accessors for objects members return const pointers to retain encapsulation,
methods generating code with absolute addresses must be able to handle const pointers
(the JIT doesn't write to these values, do dies treat the pointer to value as const
from within the C++ code of the JIT, if not at runtime!).
2011-03-12 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r80919.
http://trac.webkit.org/changeset/80919
https://bugs.webkit.org/show_bug.cgi?id=56251
all windows bots failed to compile this change (Requested by
loislo on #webkit).
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/StructureStubInfo.cpp:
* interpreter/Register.h:
(JSC::Register::withInt):
(JSC::Register::withCallee):
(JSC::Register::operator=):
(JSC::Register::i):
(JSC::Register::activation):
(JSC::Register::function):
(JSC::Register::propertyNameIterator):
(JSC::Register::scopeChain):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITInlineMethods.h:
(JSC::JIT::emitPutToCallFrameHeader):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
(JSC::JIT::emit_op_load_varargs):
(JSC::JIT::emitSlow_op_load_varargs):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::payloadFor):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::returnJSValue):
(JSC::SpecializedThunkJIT::returnDouble):
(JSC::SpecializedThunkJIT::returnInt32):
(JSC::SpecializedThunkJIT::returnJSCell):
* runtime/ArgList.cpp:
* runtime/DateConversion.cpp:
* runtime/GCActivityCallbackCF.cpp:
* runtime/Identifier.cpp:
* runtime/JSActivation.h:
(JSC::asActivation):
* runtime/JSLock.cpp:
* runtime/JSNumberCell.cpp:
* runtime/JSObject.h:
* runtime/JSPropertyNameIterator.h:
* runtime/JSValue.h:
* runtime/JSZombie.cpp:
* runtime/MarkedBlock.cpp:
* runtime/MarkedSpace.cpp:
* runtime/PropertyNameArray.cpp:
* runtime/ScopeChain.h:
(JSC::ExecState::globalThisValue):
* wtf/DateMath.cpp:
2011-03-11 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Ensure all values are correctly tagged in the registerfile
https://bugs.webkit.org/show_bug.cgi?id=56214
This patch makes sure that all JSCell pointers written to
the registerfile are correctly tagged as JSCells, and replaces
raw int usage with the immediate representation.
For performance, register pressure, and general saneness reasons
I've added abstractions for reading and writing the tag
and payload of integer registers directly for the JSVALUE64
encoding.
* interpreter/Register.h:
(JSC::Register::withInt):
(JSC::Register::withCallee):
(JSC::Register::operator=):
(JSC::Register::i):
(JSC::Register::activation):
(JSC::Register::function):
(JSC::Register::propertyNameIterator):
(JSC::Register::scopeChain):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::compileOpCallVarargs):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* jit/JITInlineMethods.h:
(JSC::JIT::emitPutToCallFrameHeader):
(JSC::JIT::emitPutCellToCallFrameHeader):
(JSC::JIT::emitPutIntToCallFrameHeader):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
(JSC::JIT::emit_op_load_varargs):
(JSC::JIT::emitSlow_op_load_varargs):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emit_op_get_pnames):
(JSC::JIT::emit_op_next_pname):
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::intPayloadFor):
(JSC::JSInterfaceJIT::intTagFor):
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::returnJSValue):
(JSC::SpecializedThunkJIT::returnDouble):
(JSC::SpecializedThunkJIT::returnInt32):
(JSC::SpecializedThunkJIT::returnJSCell):
2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
Reviewed by Eric Seidel.
Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner.
https://bugs.webkit.org/show_bug.cgi?id=56231
* JavaScriptCore.gypi: Added project_dir variable.
* gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore.
* gyp/generate-dtrace-header.sh: Changed to use project_dir.
2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
Reviewed by Adam Barth.
Start using derived sources correctly and link minidom with JavaScriptCore gyp project.
https://bugs.webkit.org/show_bug.cgi?id=56217
* gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory
to the scripts.
* gyp/generate-derived-sources.sh: Changed to use passed directory.
* gyp/generate-dtrace-header.sh: Ditto.
2011-03-11 Eric Carlson <eric.carlson@apple.com>
Reviewed by Sam Weinig.
<rdar://problem/8955589> Adopt AVFoundation media back end on Lion.
No new tests, existing media tests cover this.
* JavaScriptCore.exp: Export cancelCallOnMainThread
* wtf/Platform.h: Define WTF_USE_AVFOUNDATION.
2011-03-11 Dimitri Glazkov <dglazkov@chromium.org>
Reviewed by Adam Barth.
Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project.
https://bugs.webkit.org/show_bug.cgi?id=56207
* JavaScriptCore.gypi: Added Tracing.d to the sources.
* gyp/generate-dtrace-header.sh: Added.
* gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them),
and added DTrace header generating step.
2011-03-10 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Fix allocation of native function with a cached thunk
https://bugs.webkit.org/show_bug.cgi?id=56127
Fix this race condition found while fixing zombies.
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::clearWeakPointers):
* runtime/Heap.cpp:
(JSC::Heap::reset):
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::markChildren):
* runtime/JSValue.h:
(JSC::JSValue::decode):
* runtime/JSZombie.cpp:
(JSC::JSZombie::leakedZombieStructure):
* runtime/JSZombie.h:
(JSC::JSZombie::createStructure):
* runtime/MarkedBlock.cpp:
2011-03-10 Luiz Agostini <luiz.agostini@openbossa.org>
Reviewed by Andreas Kling.
[Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently)
https://bugs.webkit.org/show_bug.cgi?id=33008
Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally.
Symbian is excluded because pthread_kill does not work on it. Mac is excluded because
it has its own ways to do JSC threading.
Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true.
* runtime/MachineStackMarker.cpp:
* wtf/Platform.h:
2011-03-10 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
Bug 56077 - ES5 conformance issues with RegExp.prototype
There are three issues causing test failures in sputnik.
(1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden).
(2) The 'length' property of the test/exec functions should be 1.
(3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input.
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::markChildren):
- Added to mark lastIndex
(JSC::regExpObjectLastIndex):
(JSC::setRegExpObjectLastIndex):
- lastIndex is now stored as a JSValue.
(JSC::RegExpObject::match):
- Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double).
* runtime/RegExpObject.h:
(JSC::RegExpObject::setLastIndex):
(JSC::RegExpObject::setLastIndex):
- Set lastIndex, either from a size_t or a JSValue.
(JSC::RegExpObject::getLastIndex):
- Get lastIndex.
(JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
- Initialize as a JSValue.
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
- Add test/exec properties with length 1.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
- Do not read RegExp.input if none is provided.
* tests/mozilla/js1_2/regexp/RegExp_input.js:
* tests/mozilla/js1_2/regexp/RegExp_input_as_array.js:
- Update these tests (they relied on non-ES5 behaviour).
2011-03-10 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Rolled back in 80277 and 80280 with event handler layout test failures fixed.
https://bugs.webkit.org/show_bug.cgi?id=55653
The failures were caused by a last minute typo: assigning to currentEvent
instead of m_currentEvent.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecompiler/BytecodeGenerator.cpp:
* jit/JITOpcodes.cpp:
* jit/JITOpcodes32_64.cpp:
* runtime/Arguments.h:
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSCell.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/JSVariableObject.h:
* runtime/MarkedSpace.cpp:
* runtime/MarkedSpace.h:
2011-03-09 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
jquery/manipulation.html fails after r80598
https://bugs.webkit.org/show_bug.cgi?id=56019
When linking a call, codeblock now takes ownership of the linked function
This removes the need for unlinking, and thus the incorrectness that was
showing up in these tests.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::markAggregate):
* bytecode/CodeBlock.h:
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setUnlinked):
(JSC::CodeBlock::addCaller):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
(JSC::JIT::linkCall):
(JSC::JIT::linkConstruct):
* jit/JIT.h:
* runtime/Executable.cpp:
* runtime/Executable.h:
2011-03-09 Daniel Bates <dbates@rim.com>
Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684>
(Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>).
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError().
2011-03-09 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 56041 - RexExp constructor should only accept flags "gim"
Fix for issues introduced in r80667.
Invalid flags to a RegExp literal are a late syntax error!
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addRegExp):
- Pass a PassRefPtr<RegExp>
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addRegExp):
(JSC::BytecodeGenerator::emitNewRegExp):
* bytecompiler/BytecodeGenerator.h:
- Pass a PassRefPtr<RegExp>
* bytecompiler/NodesCodegen.cpp:
(JSC::RegExpNode::emitBytecode):
- Should not be ASSERTing that the flags are valid - this is a late(er) error.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
- Need to check for error from RegExp constructor.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- Need to check for error from RegExp constructor.
* runtime/RegExp.h:
(JSC::RegExp::isValid):
- Make isValid check that the regexp was created with valid flags.
* runtime/RegExpKey.h:
- Since we'll not create RegExp objects with invalid flags, separate out the deleted value.
2011-03-09 Gavin Barraclough <barraclough@apple.com>
Windows build fix part 2.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-03-09 Gavin Barraclough <barraclough@apple.com>
Windows build fix part 1.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-03-09 Gavin Barraclough <barraclough@apple.com>
Reviewed by Darin Adler.
Bug 56041 - RexExp constructor should only accept flags "gim"
We also should be passing the flags around as a bitfield rather than a string,
and should not have redundant, incompatible code for converting the string to a bitfield!
* JavaScriptCore.exp:
* bytecompiler/NodesCodegen.cpp:
(JSC::RegExpNode::emitBytecode):
- Need to parse flags string to enum.
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExp::RegExp):
(JSC::RegExp::create):
- Add method to parse flags string to enum, change constructor/create args to take enum.
* runtime/RegExp.h:
(JSC::RegExp::global):
(JSC::RegExp::ignoreCase):
(JSC::RegExp::multiline):
- Change to use new enum values.
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::lookupOrCreate):
(JSC::RegExpCache::create):
* runtime/RegExpCache.h:
- Changed to use regExpFlags enum instead of int/const UString&.
* runtime/RegExpConstructor.cpp:
(JSC::constructRegExp):
- Add use new enum parsing, check for error.
* runtime/RegExpKey.h:
(JSC::RegExpKey::RegExpKey):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
- Pass NoFlags value instead of empty string.
(JSC::regExpProtoFuncCompile):
- Add use new enum parsing, check for error.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
- Pass NoFlags value instead of empty string.
2011-03-08 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig
Bug 55994 - Functions on Array.prototype should check length first.
These methods are designed to work on generic objects too, and if 'length'
is a getter that throws an exception, ensure this is correctly thrown
(even if other exceptions would be thrown, too).
Make the length check the first thing we do.
This change shows a progression on SunSpider on my machine, but this is likely bogus.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
2011-03-07 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make CodeBlock GC write barrier safe
https://bugs.webkit.org/show_bug.cgi?id=55910
In order to make CodeBlock WriteBarrier safe it was necessary
to make it have a single GC owner, and for that reason I have
made ExecutableBase a GC allocated object. This required
updating their creation routines as well as all sites that hold
a reference to them. GC objects that held Executable's have been
converted to WriteBarriers, and all other sites now use Global<>.
As an added benefit this gets rid of JSGlobalData's list of
GlobalCodeBlocks.
Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression
on SunSpider. Given none of the tests that show regressions
demonstrate a regression on their own, and sampling shows up nothing.
I suspect we're just getting one or two additional gc passes at
the end of the run.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::CodeBlock):
(JSC::EvalCodeCache::markAggregate):
(JSC::CodeBlock::markAggregate):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::ownerExecutable):
(JSC::CodeBlock::addConstant):
(JSC::CodeBlock::constantRegister):
(JSC::CodeBlock::getConstant):
(JSC::CodeBlock::addFunctionDecl):
(JSC::CodeBlock::addFunctionExpr):
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ExecState::r):
* bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::get):
* bytecode/SamplingTool.h:
(JSC::ScriptSampleRecord::ScriptSampleRecord):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addConstantValue):
(JSC::BytecodeGenerator::emitEqualityOp):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::makeFunction):
* debugger/Debugger.cpp:
(JSC::evaluateInGlobalCallFrame):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluate):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::callEval):
* jit/JITInlineMethods.h:
(JSC::JIT::emitLoadDouble):
(JSC::JIT::emitLoadInt32ToDouble):
* jit/JITStubs.cpp:
(JSC::JITThunks::JITThunks):
(JSC::JITThunks::hostFunctionStub):
(JSC::JITThunks::clearHostFunctionStubs):
* jit/JITStubs.h:
* runtime/Completion.cpp:
(JSC::checkSyntax):
(JSC::evaluate):
* runtime/Executable.cpp:
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):
(JSC::FunctionExecutable::~FunctionExecutable):
(JSC::EvalExecutable::markChildren):
(JSC::ProgramExecutable::markChildren):
(JSC::FunctionExecutable::markChildren):
(JSC::FunctionExecutable::fromGlobalCode):
* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::NativeExecutable):
(JSC::VPtrHackExecutable::VPtrHackExecutable):
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::EvalExecutable::create):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::create):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::create):
(JSC::FunctionExecutable::createStructure):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
* runtime/Heap.cpp:
(JSC::Heap::destroy):
(JSC::Heap::markRoots):
* runtime/Heap.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
(JSC::JSActivation::markChildren):
* runtime/JSActivation.h:
(JSC::JSActivation::JSActivationData::JSActivationData):
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::~JSFunction):
(JSC::JSFunction::markChildren):
* runtime/JSFunction.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::storeVPtrs):
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::getHostFunction):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/JSObject.cpp:
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::markChildren):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSZombie.cpp:
(JSC::JSZombie::leakedZombieStructure):
* runtime/JSZombie.h:
(JSC::JSZombie::createStructure):
* runtime/MarkedSpace.h:
2011-03-07 Andy Estes <aestes@apple.com>
Reviewed by Dan Bernstein.
REGRESSION (r79060): Timestamp is missing from tweets in twitter.
https://bugs.webkit.org/show_bug.cgi?id=55228
A change to the date parser to handle the case where the year is
specified before the time zone inadvertently started accepting strings
such as '+0000' as valid years. Those strings actually represent time
zones in an offset of hours and minutes from UTC, not years.
* wtf/DateMath.cpp:
(WTF::parseDateFromNullTerminatedCharacters): If the current character
in dateString is '+' or '-', do not try to parse the next token as a
year.
2011-03-06 Yuta Kitamura <yutak@chromium.org>
Reviewed by Kent Tamura.
Add SHA-1 for new WebSocket protocol
https://bugs.webkit.org/show_bug.cgi?id=55039
The code is based on Chromium's portable SHA-1 implementation
(src/base/sha1_portable.cc). Modifications were made in order
to make the code comply with WebKit coding style.
* GNUmakefile.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/MD5.cpp:
(WTF::MD5::MD5):
* wtf/SHA1.cpp: Added.
(WTF::testSHA1): This function will be run the first time SHA1
constructor is called. This function computes a few hash values
and checks the results in debug builds. However, constructor is
probably not a good place to run these tests, so we need to find
a good place for it (bug 55853).
(WTF::expectSHA1):
(WTF::f):
(WTF::k):
(WTF::rotateLeft):
(WTF::SHA1::SHA1):
(WTF::SHA1::addBytes):
(WTF::SHA1::computeHash):
(WTF::SHA1::finalize):
(WTF::SHA1::processBlock):
(WTF::SHA1::reset):
* wtf/SHA1.h: Added.
(WTF::SHA1::addBytes):
* wtf/wtf.pri:
2011-03-05 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Add Derived Sources to WebCore GYP build
https://bugs.webkit.org/show_bug.cgi?id=55813
Rename the action to be friendlier.
* gyp/JavaScriptCore.gyp:
2011-03-04 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
Reviewed by Laszlo Gombos.
[Qt] Need symbian version of cryptographicallyRandomValuesFromOS
https://bugs.webkit.org/show_bug.cgi?id=55782
Implement Symbian version of cryptographicallyRandomValuesFromOS
* wtf/OSRandomSource.cpp:
(WTF::cryptographicallyRandomValuesFromOS):
2011-03-04 Gavin Barraclough <barraclough@apple.com>
Reviewed by Cameron Zwarich.
Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible().
* runtime/JSObject.cpp:
(JSC::JSObject::defineOwnProperty):
Add missing check.
2011-03-04 Gavin Barraclough <barraclough@apple.com>
Rubber stamped by olliej.
Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
(1) don't infinite loop.
(2) goto 1.
2011-03-04 Gavin Barraclough <barraclough@apple.com>
cmake build fix.
* CMakeLists.txt:
2011-03-04 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Add Copy Files step to JavaScriptCore GYP build for apitest and minidom
https://bugs.webkit.org/show_bug.cgi?id=55798
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
2011-03-04 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Remove unneeded round-trips through ../Source in the Chromium GYP build
https://bugs.webkit.org/show_bug.cgi?id=55795
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-03-04 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Use target_defaults to reduce boilerplate in GYP build system
https://bugs.webkit.org/show_bug.cgi?id=55790
Instead of setting up the configuration in each target, just defer to
target_defaults. Also, removed a define that was redundant with the
xcconfig.
* gyp/JavaScriptCore.gyp:
2011-03-03 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 55736 - Implement seal/freeze/preventExtensions for normal object types.
Provide basic functionallity from section 15.2.4 of ECMA-262.
This support will need expanding to cover arrays, too.
Shows a 0.5% progression on SunSpidey, this seems to be due to changing
ObjectConstructor to use a static table.
* DerivedSources.make:
* JavaScriptCore.exp:
* interpreter/CallFrame.h:
(JSC::ExecState::objectConstructorTable):
Add a static table for ObjectConstructor.
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::~JSGlobalData):
Add a static table for ObjectConstructor.
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
Add a static table for ObjectConstructor.
* runtime/JSObject.cpp:
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
Transition the object's structure.
(JSC::JSObject::defineOwnProperty):
Check isExtensible.
* runtime/JSObject.h:
(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensible):
These wrap method on structure.
(JSC::JSObject::putDirectInternal):
Check isExtensible.
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
(JSC::ObjectConstructor::getOwnPropertySlot):
(JSC::ObjectConstructor::getOwnPropertyDescriptor):
Change ObjectConstructor to use a static table.
(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::objectConstructorPreventExtensions):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):
(JSC::objectConstructorIsExtensible):
Add new methods on Object.
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::createStructure):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
init/propagate m_preventExtensions
(JSC::Structure::sealTransition):
(JSC::Structure::freezeTransition):
(JSC::Structure::preventExtensionsTransition):
transition the structure, materializing the property map, setting m_preventExtensions & changing attributes.
(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):
check attributes to detect if object is sealed/frozen.
* runtime/Structure.h:
(JSC::Structure::isExtensible):
checks the m_preventExtensions flag.
2011-03-04 Steve Falkenburg <sfalken@apple.com>
Reviewed by Jon Honeycutt.
Adopt VersionStamper tool for Windows WebKit DLLs
https://bugs.webkit.org/show_bug.cgi?id=55784
<rdar://problem/9021273>
We now use a tool to stamp the version number onto the Apple WebKit DLLs
during the post-build step.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:
2011-03-04 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
JavaScriptCore GYP build should use a header map
https://bugs.webkit.org/show_bug.cgi?id=55712
This patch moves the os-win32 files into their own variable so that we
can use a header map in the Apple Mac Xcode build. The problem is that
the header map searches the whole project rather than just the files
included in a given target. Another solution to this problem is to
make GYP smarter about filtering out what files are added to the
project file.
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
2011-03-03 Ryosuke Niwa <rniwa@webkit.org>
Reviewed by Darin Adler.
Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h
https://bugs.webkit.org/show_bug.cgi?id=55554
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0.
(JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::addStaticGlobals): Ditto.
* wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR
(WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t.
2011-03-03 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Add jsc to JavaScriptCore GYP build
https://bugs.webkit.org/show_bug.cgi?id=55711
* JavaScriptCore.gypi:
- Move jsc.cpp into jsc_files because it's really part of the jsc
target.
* JavaScriptCore.xcodeproj/project.pbxproj:
- Remove extraneous files from the normal jsc build. I probably
added these by mistake at some point.
* gyp/JavaScriptCore.gyp:
- Add the jsc target to the GYP file.
2011-03-03 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Add testapi to JavaScriptCore GYP build
https://bugs.webkit.org/show_bug.cgi?id=55707
The new testapi target is slightly incomplete. There's a resource
copying step that we don't quite have yet.
This patch also cleans up some of the configuration issues in
JavaScriptCore.xcodeproj. It seems kind of wordy to repeat these for
each target. I suspect there's a more compact way of defining the
configurations, but this removes the "Default" configuration, which is
progress.
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
2011-03-03 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Teach JavaScriptCore GYP build about private headers
https://bugs.webkit.org/show_bug.cgi?id=55532
This patch distinguishes between public and private framework headers
so that public headers are copied into the Headers directory and
private headers are copied into the PrivateHeaders directory.
* gyp/JavaScriptCore.gyp:
2011-03-03 Geoffrey Garen <ggaren@apple.com>
Rolled out 80277 and 80280 because they caused event handler layout test
failures.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecompiler/BytecodeGenerator.cpp:
* jit/JITOpcodes.cpp:
* jit/JITOpcodes32_64.cpp:
* runtime/Arguments.h:
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSCell.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSObject.cpp:
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/JSVariableObject.h:
* runtime/MarkedSpace.cpp:
* runtime/MarkedSpace.h:
2011-03-03 Kevin Ollivier <kevino@theolliviers.com>
[wx] Build fix. Alter order of headers included to make sure windows.h
is configured by wx, and skip Posix implementation file we don't use on Win.
* wscript:
* wtf/wx/StringWx.cpp:
2011-03-03 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
JSVariableObject needs to use WriteBarrier for symboltable property storage
https://bugs.webkit.org/show_bug.cgi?id=55698
Replace the direct usage of Register in JSVariableObject (and descendents)
with WriteBarrier. This requires updating the Arguments object to use
WriteBarrier as well.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::unwindCallFrame):
(JSC::Interpreter::privateExecute):
(JSC::Interpreter::retrieveArguments):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/ArgList.h:
(JSC::MarkedArgumentBuffer::initialize):
* runtime/Arguments.cpp:
(JSC::Arguments::markChildren):
(JSC::Arguments::copyToRegisters):
(JSC::Arguments::fillArgList):
(JSC::Arguments::getOwnPropertySlot):
(JSC::Arguments::getOwnPropertyDescriptor):
(JSC::Arguments::put):
* runtime/Arguments.h:
(JSC::Arguments::setActivation):
(JSC::Arguments::Arguments):
(JSC::Arguments::copyRegisters):
(JSC::JSActivation::copyRegisters):
* runtime/JSActivation.cpp:
(JSC::JSActivation::markChildren):
(JSC::JSActivation::symbolTableGet):
(JSC::JSActivation::symbolTablePut):
(JSC::JSActivation::symbolTablePutWithAttributes):
(JSC::JSActivation::put):
(JSC::JSActivation::putWithAttributes):
(JSC::JSActivation::argumentsGetter):
* runtime/JSActivation.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::put):
(JSC::JSGlobalObject::putWithAttributes):
(JSC::JSGlobalObject::markChildren):
(JSC::JSGlobalObject::copyGlobalsFrom):
(JSC::JSGlobalObject::copyGlobalsTo):
(JSC::JSGlobalObject::resizeRegisters):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::setRegisters):
(JSC::JSGlobalObject::addStaticGlobals):
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::put):
(JSC::JSStaticScopeObject::putWithAttributes):
* runtime/JSVariableObject.cpp:
(JSC::JSVariableObject::symbolTableGet):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::registerAt):
(JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
(JSC::JSVariableObject::symbolTableGet):
(JSC::JSVariableObject::symbolTablePut):
(JSC::JSVariableObject::symbolTablePutWithAttributes):
(JSC::JSVariableObject::copyRegisterArray):
(JSC::JSVariableObject::setRegisters):
2011-03-03 Geoffrey Garen <ggaren@apple.com>
Try to fix Windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol.
* runtime/JSStaticScopeObject.cpp:
(JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function
inline -- it's virtual.
2011-03-02 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
Moved all variable object storage inline -- upping the object size limit to 1K
https://bugs.webkit.org/show_bug.cgi?id=55653
* JavaScriptCore.exp:
* bytecompiler/BytecodeGenerator.cpp:
* jit/JITOpcodes.cpp:
* runtime/Arguments.h:
* runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_.
* runtime/JSCell.h:
(JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class
to accomodate objects up to 1K.
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_.
* runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum
object size, since it doesn't anymore.
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K.
2011-03-03 Timothy Hatcher <timothy@apple.com>
Make APIShims usable from WebCore.
Reviewed by Oliver Hunt.
* ForwardingHeaders/JavaScriptCore/APIShims.h: Added.
* GNUmakefile.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-03-03 Peter Varga <pvarga@webkit.org>
Reviewed by Oliver Hunt.
Begin Characters Optimization Causes YARR Interpreter Errors
https://bugs.webkit.org/show_bug.cgi?id=55479
The addBeginTerm function is removed because it doesn't correctly handle those
cases when an "invalid" term has been
collected (e.g. CharacterClass). Move the removed function to the
setupAlternativeBeginTerms method's switch-case
where the non-allowed cases are correctly handled.
Reenable the Beginning Character Optimization in the YARR Interpreter again.
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms):
(JSC::Yarr::YarrPattern::compile):
2011-03-02 Jessie Berlin <jberlin@apple.com>
Reviewed by Adam Roben.
WebKit2: Use CFNetwork Sessions API.
https://bugs.webkit.org/show_bug.cgi?id=55435
Add the ability to create a Private Browsing storage session.
* wtf/Platform.h:
Add a new #define for using CF Storage Sessions.
2011-03-02 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Remove "register slot" concept from PropertySlot
https://bugs.webkit.org/show_bug.cgi?id=55621
PropertySlot had already stopped storing Register "slots"
so this patch is simply removing that api entirely.
This exposed a problem in the ProgramNode constructor for
BytecodeGenerator where it reads from the registerfile
before it has initialised it.
This bug wasn't a problem before as we were merely testing
for property existence rather than the actual value, and
used to work because setRegisterSlot didn't check that the
provided slot contained an initialised value.
To get around this issue we now use symbolTableHasProperty
to do the symbol table check without trying to read the
RegisterFile.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* runtime/Arguments.cpp:
(JSC::Arguments::getOwnPropertySlot):
* runtime/JSActivation.cpp:
(JSC::JSActivation::symbolTableGet):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::symbolTableHasProperty):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::symbolTableGet):
* runtime/PropertySlot.h:
2011-03-02 Daniel Cheng <dcheng@chromium.org>
Reviewed by David Levin.
Add feature define for data transfer items
https://bugs.webkit.org/show_bug.cgi?id=55510
* Configurations/FeatureDefines.xcconfig:
* wtf/Platform.h:
2011-03-02 Adam Roben <aroben@apple.com>
Delete old .res files whenever any .vsprops file changes
Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to
fail
Reviewed by Tony Chang.
* JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
(main): Restructured code to loop over a set of file extensions, deleting any old files that
have that extension. Now deletes .res files, too. (We previously deleted any file matching
*.manifest*, but that turned out to just be the union of *.manifest and *.res.)
2011-03-02 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Teach JavaScriptCore GYP build how to build minidom
https://bugs.webkit.org/show_bug.cgi?id=55536
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
2011-03-01 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
JavaScriptCore GYP build should copy some headers into the target framework
https://bugs.webkit.org/show_bug.cgi?id=55524
After this patch, all the framework headers are exported as public
headers. We need to teach GYP how to handle private headers.
I struggled to determine how to store the information about whether a
header was public, private, or project (i.e., not exported).
Generally, the GYPI should just list the files, but it seemed siliy to
have an almost duplicated list of files in the GYP file itself. If
this design doesn't scale, we might have to revisit it in the future.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* JavaScriptCore.gypi:
* gyp/JavaScriptCore.gyp:
2011-03-01 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r80079.
http://trac.webkit.org/changeset/80079
https://bugs.webkit.org/show_bug.cgi?id=55547
"Broke the Win debug build?" (Requested by dcheng on #webkit).
* wtf/Platform.h:
2011-03-01 Daniel Cheng <dcheng@chromium.org>
Reviewed by David Levin.
Add feature define for data transfer items
https://bugs.webkit.org/show_bug.cgi?id=55510
* wtf/Platform.h:
2011-03-01 Oliver Hunt <oliver@apple.com>
Reviewed by Joseph Pecoraro.
Misaligned memory access in CloneDeserializer on all ARM arch.
https://bugs.webkit.org/show_bug.cgi?id=48742
Add a CPU class for architectures that need aligned addresses
for memory access.
* wtf/Platform.h:
2011-03-01 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Add pre- and post-build actions for JavaScriptCore GYP build
https://bugs.webkit.org/show_bug.cgi?id=55507
After this patch, we have all the steps for building the main
JavaScriptCore framework except the "copy headers" step, which I'll do
next.
* gyp/JavaScriptCore.gyp:
2011-03-01 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Rolled back in r79627 now that the underlying cause for it crashing is fixed.
https://bugs.webkit.org/show_bug.cgi?id=55159
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/Heap.cpp:
(JSC::Heap::allocateSlowCase):
* runtime/Heap.h:
* runtime/JSCell.h:
(JSC::JSCell::MarkedSpace::sizeClassFor):
(JSC::JSCell::Heap::allocate):
(JSC::JSCell::JSCell::operator new):
* runtime/MarkedBlock.h:
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::allocateBlock):
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::SizeClass::SizeClass):
2011-03-01 Mark Rowe <mrowe@apple.com>
Reviewed by Sam Weinig.
Replace two script phases that do nothing but copy files with copy files build phases.
This speeds up the build by a few seconds on high-end Mac Pros.
* JavaScriptCore.xcodeproj/project.pbxproj:
2011-03-01 David Kilzer <ddkilzer@apple.com>
Spring cleaning!
Rubber-stamped by Mark Rowe.
* JavaScriptCore.xcodeproj/project.pbxproj:
(Copy Into Framework): Remove "set -x" and its comment.
2011-03-01 Michael Saboff <msaboff@apple.com>
Reviewed by Darin Adler.
TinyMCE not working in nightlies
https://bugs.webkit.org/show_bug.cgi?id=54978
Disabling setupBeginChars() to temporarily work arround the test
failure. Filed https://bugs.webkit.org/show_bug.cgi?id=55479
to track fixing the issue.
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPattern::compile):
2011-02-23 Joseph Pecoraro <joepeck@webkit.org>
Reviewed by Kenneth Rohde Christiansen.
Viewport parsing no longer accepts "1.0;" value as valid.
https://bugs.webkit.org/show_bug.cgi?id=53705
Include a didReadNumber parameter to String -> float / double
conversion functions. This way, if the "ok" boolean out
parameter is false, you can check to see if there in fact
was a valid number parsed with garbage at the end. Examples
of that would be parsing "123x456" would have ok = false,
but didReadNumber = true.
* JavaScriptCore.exp:
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::toDouble):
(WTF::StringImpl::toFloat):
* wtf/text/StringImpl.h:
* wtf/text/WTFString.cpp:
(WTF::String::toDouble):
(WTF::String::toFloat):
(WTF::charactersToDouble):
(WTF::charactersToFloat):
* wtf/text/WTFString.h:
2011-02-28 Geoffrey Garen <ggaren@apple.com>
Reviewed by Gavin Barraclough.
Past-the-end writes in VM exceptions (caused crashes in r79627)
https://bugs.webkit.org/show_bug.cgi?id=55448
Some exceptions had the wrong structures, so they misoverestimated their
inline storage sizes.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData): Use the right structure.
* runtime/JSObject.h:
(JSC::JSNonFinalObject::JSNonFinalObject):
(JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity
is correct to verify this doesn't happen again.
2011-03-01 Andras Becsi <abecsi@webkit.org>
Reviewed by Csaba Osztrogonác.
[Qt] Clean up the project files and move common options to WebKit.pri.
* JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri.
* JavaScriptCore.pro: Deduplicate options.
* jsc.pro: Ditto.
2011-03-01 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Teach JavaScriptCore GYP build about DEPTH
https://bugs.webkit.org/show_bug.cgi?id=55425
In addition to teaching the JavaScriptCore GYP build about DEPTH, this
change overrides the GCC warning configuration to disable a warning
that's causing probems in Assertions.cpp. With that warning disabled,
JavaScriptCore builds again.
* gyp/JavaScriptCore.gyp:
2011-02-28 Gavin Barraclough <barraclough@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-02-28 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r79948.
http://trac.webkit.org/changeset/79948
https://bugs.webkit.org/show_bug.cgi?id=55439
"caused crashes on the SL release bot" (Requested by ggaren on
#webkit).
* runtime/JSGlobalData.h:
* runtime/WriteBarrier.h:
2011-02-28 Gavin Barraclough <barraclough@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-02-28 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig & Darin Adler.
Bug 55423 - Clean up property tables in Structure
Encapsulate, reduce duplication of table search code,
and reduce the size of the tables (remove the index,
just maintain the tables in the correct order).
Shows a 0.5% - 1% progression on sunspider.
* JavaScriptCore.exp:
* runtime/PropertyMapHashTable.h:
(JSC::isPowerOf2):
(JSC::nextPowerOf2):
bit ops used to calculate table size.
(JSC::PropertyMapEntry::PropertyMapEntry):
(JSC::PropertyTable::ordered_iterator::operator++):
(JSC::PropertyTable::ordered_iterator::operator==):
(JSC::PropertyTable::ordered_iterator::operator!=):
(JSC::PropertyTable::ordered_iterator::operator*):
(JSC::PropertyTable::ordered_iterator::operator->):
(JSC::PropertyTable::ordered_iterator::ordered_iterator):
implementation of the iterator types
(JSC::PropertyTable::PropertyTable):
(JSC::PropertyTable::~PropertyTable):
constructors take an initial capacity for the table,
a table to copy, or both.
(JSC::PropertyTable::begin):
(JSC::PropertyTable::end):
create in-order iterators.
(JSC::PropertyTable::find):
search the hash table
(JSC::PropertyTable::add):
add a value to the hash table
(JSC::PropertyTable::remove):
remove a value from the hash table
(JSC::PropertyTable::size):
(JSC::PropertyTable::isEmpty):
accessors.
(JSC::PropertyTable::propertyStorageSize):
(JSC::PropertyTable::clearDeletedOffsets):
(JSC::PropertyTable::hasDeletedOffset):
(JSC::PropertyTable::getDeletedOffset):
(JSC::PropertyTable::addDeletedOffset):
cache deleted (available) offsets in the property storage array.
(JSC::PropertyTable::copy):
take a copy of the PropertyTable, potentially expanding the capacity.
(JSC::PropertyTable::sizeInMemory):
used for DEBUG build statistics
(JSC::PropertyTable::reinsert):
(JSC::PropertyTable::rehash):
(JSC::PropertyTable::tableCapacity):
(JSC::PropertyTable::deletedEntryIndex):
(JSC::PropertyTable::skipDeletedEntries):
(JSC::PropertyTable::table):
(JSC::PropertyTable::usedCount):
(JSC::PropertyTable::dataSize):
(JSC::PropertyTable::sizeForCapacity):
(JSC::PropertyTable::canInsert):
these methods provide internal implementation.
* runtime/Structure.cpp:
(JSC::Structure::dumpStatistics):
(JSC::Structure::~Structure):
(JSC::Structure::materializePropertyMap):
(JSC::Structure::despecifyDictionaryFunction):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::copyPropertyTable):
(JSC::Structure::get):
(JSC::Structure::despecifyFunction):
(JSC::Structure::despecifyAllFunctions):
(JSC::Structure::put):
(JSC::Structure::remove):
(JSC::Structure::createPropertyMap):
(JSC::Structure::getPropertyNames):
(JSC::PropertyTable::checkConsistency):
(JSC::Structure::checkConsistency):
factored out code to PropertyMapHashTable.h
* runtime/Structure.h:
(JSC::Structure::propertyStorageSize):
(JSC::Structure::isEmpty):
(JSC::Structure::get):
factored out code to PropertyMapHashTable.h
2011-02-28 Xan Lopez <xlopez@igalia.com>
Another fix build :(
Fix typo.
* runtime/MachineStackMarker.cpp:
(JSC::freePlatformThreadRegisters):
2011-02-28 Xan Lopez <xlopez@igalia.com>
Unreviewed build fix for Snow Leopard.
* runtime/MachineStackMarker.cpp:
(JSC::freePlatformThreadRegisters):
2011-02-28 Alejandro G. Castro <alex@igalia.com>
Unreviewed, fix SnowLeopard compilation after r79952.
* runtime/MachineStackMarker.cpp:
(JSC::freePlatformThreadRegisters):
2011-02-28 Mark Rowe <mrowe@apple.com>
Reviewed by Darin Adler.
<http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors.
* wtf/OwnArrayPtr.h:
(WTF::::set): Implement OwnArrayPtr::set.
2011-02-28 Martin Zoubek <martin.zoubek@acision.com> and Alejandro G. Castro <alex@igalia.com>
Reviewed by Martin Robinson.
Multithread support for JSC on UNIX
https://bugs.webkit.org/show_bug.cgi?id=26838
Implement suspendThread() and resumeThread() for systems with
pthread.h using thread signal handler.
* runtime/MachineStackMarker.cpp:
(JSC::pthreadSignalHandlerSuspendResume):
(JSC::MachineStackMarker::Thread::Thread):
(JSC::getCurrentPlatformThread):
(JSC::suspendThread):
(JSC::resumeThread):
(JSC::getPlatformThreadRegisters):
(JSC::otherThreadStackPointer):
(JSC::freePlatformThreadRegisters):
(JSC::MachineStackMarker::markOtherThreadConservatively):
* wtf/Platform.h: Added Gtk port to use
ENABLE_JSC_MULTIPLE_THREADS.
2011-02-28 Oliver Hunt <oliver@apple.com>
Reviewed by Darin Adler.
Stop using DeprecatedPtr for the global exception slot
https://bugs.webkit.org/show_bug.cgi?id=55424
Create GCRootPtr to signify that the exception slot is
a gcroot, and so is exempt from the usual writebarrier
restrictions.
* runtime/JSGlobalData.h:
* runtime/WriteBarrier.h:
(JSC::GCRootPtr::GCRootPtr):
(JSC::GCRootPtr::operator=):
2011-02-28 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
Use more xcconfig files in JavaScriptCore gyp build
https://bugs.webkit.org/show_bug.cgi?id=55391
The GYP experts tell me that we have have a total of two xcconfig
files: one for the xcodeproj as a whole and one for each target. This
patch uses that technique to re-use the existing xcconfig files and
eliminate the duplication.
Technically, this patch introduces some build errors because the
xcconfig files assume that the xcodeproj file is one level higher in
the directory hierarchy. Specifically, the xcodeproj file can no
longer find the Info.plist or the prefix header. I plan to fix that in
a subsequent patch.
Also, this patch introduces the Release and Production configurations,
which should work correctly now.
* gyp/JavaScriptCore.gyp:
2011-02-28 Jon Honeycutt <jhoneycutt@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
Add symbol to export.
2011-02-28 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make ScopeChainNode GC allocated
https://bugs.webkit.org/show_bug.cgi?id=55283
Simplify lifetime and other issues with the scopechain
by making it gc allocated. This allows us to simplify
function exit and unwinding, as well as making the
current iterative refcounting go away.
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::createActivation):
* bytecode/StructureStubInfo.cpp:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
(JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
* bytecompiler/BytecodeGenerator.h:
* debugger/Debugger.cpp:
(JSC::Recompiler::operator()):
* debugger/DebuggerCallFrame.h:
(JSC::DebuggerCallFrame::scopeChain):
* interpreter/CachedCall.h:
(JSC::CachedCall::CachedCall):
* interpreter/CallFrame.h:
* interpreter/Interpreter.cpp:
(JSC::depth):
(JSC::Interpreter::unwindCallFrame):
(JSC::Interpreter::throwException):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::privateExecute):
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallInitializeCallFrame):
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_ret_object_or_this):
(JSC::JIT::compileOpCall):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_ret_object_or_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_end):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
* runtime/ArgList.cpp:
* runtime/Completion.cpp:
(JSC::evaluate):
* runtime/Completion.h:
* runtime/DateConversion.cpp:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
* runtime/GCActivityCallbackCF.cpp:
* runtime/Identifier.cpp:
* runtime/JSCell.h:
* runtime/JSChunk.cpp: Added.
* runtime/JSChunk.h: Added.
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::markChildren):
(JSC::JSFunction::getCallData):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::getConstructData):
* runtime/JSFunction.h:
(JSC::JSFunction::scope):
(JSC::JSFunction::setScope):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::markChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
(JSC::JSGlobalObject::globalScopeChain):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/JSLock.cpp:
* runtime/JSNumberCell.cpp:
* runtime/JSZombie.cpp:
* runtime/MarkedBlock.cpp:
* runtime/MarkedSpace.cpp:
* runtime/PropertyNameArray.cpp:
* runtime/ScopeChain.cpp:
(JSC::ScopeChainNode::print):
(JSC::ScopeChainNode::localDepth):
(JSC::ScopeChainNode::markChildren):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
(JSC::ScopeChainNode::createStructure):
(JSC::ScopeChainNode::push):
(JSC::ScopeChainNode::pop):
(JSC::ScopeChainIterator::ScopeChainIterator):
(JSC::ScopeChainIterator::operator*):
(JSC::ScopeChainIterator::operator->):
(JSC::ScopeChainIterator::operator++):
(JSC::ScopeChainNode::begin):
(JSC::ScopeChainNode::end):
(JSC::ExecState::globalData):
(JSC::ExecState::lexicalGlobalObject):
(JSC::ExecState::globalThisValue):
* runtime/ScopeChainMark.h:
* wtf/DateMath.cpp:
2011-02-27 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible
https://bugs.webkit.org/show_bug.cgi?id=55326
Currently, randomNumber does a bunch of platform-specific work that to
get a cryptographic randomness when available. Instead, we should use
cryptographicallyRandomNumber, which abstracts this work.
Unfortunately, we can't remove all of the WTF::randomNumber
implementation because not every port has access to cryptographically
random numbers.
* wtf/RandomNumber.cpp:
(WTF::randomNumber):
2011-02-27 Benjamin Poulain <ikipou@gmail.com>
Reviewed by Darin Adler.
Eliminate DeprecatedPtrList from RenderBlock
https://bugs.webkit.org/show_bug.cgi?id=54972
Add methods find() and contains() using an adaptor to ListHashSet.
Those method are like the one of HashSet, they allow to find objects
based on a different key than the one used to define the set.
Add convenience methods for direct access to the head and tail of the list.
Those methods are providing similar API/behavior as Vector.
* wtf/ListHashSet.h:
(WTF::::first):
(WTF::::last):
(WTF::::removeLast):
(WTF::ListHashSetTranslatorAdapter::hash):
(WTF::ListHashSetTranslatorAdapter::equal):
(WTF::::find):
(WTF::::contains):
2011-02-26 Patrick Gansterer <paroga@webkit.org>
Reviewed by Andreas Kling.
Add support for DragonFly BSD
https://bugs.webkit.org/show_bug.cgi?id=54407
DragonFly BSD is based on FreeBSD, so handle it like FreeBSD.
* wtf/Platform.h:
2011-02-26 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
JavaScriptCore should use the xcconfig file instead of importing that information into GYP
https://bugs.webkit.org/show_bug.cgi?id=55282
Technically, this breaks the build because I had removed one of the
warnings in this config file, but this change seems like an
improvement.
* gyp/JavaScriptCore.gyp:
2011-02-26 Thouraya ANDOLSI <thouraya.andolsi@st.com>
Reviewed by Nikolas Zimmermann.
SH4 JIT SUPPORT
https://bugs.webkit.org/show_bug.cgi?id=44329
Provide an ExecutableAllocater::cacheFlush() implementation for
Linux/SH4.
* jit/ExecutableAllocator.h:
(JSC::ExecutableAllocator::cacheFlush):
2011-02-25 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r79627.
http://trac.webkit.org/changeset/79627
https://bugs.webkit.org/show_bug.cgi?id=55274
broke worker tests (Requested by olliej on #webkit).
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/Heap.cpp:
(JSC::Heap::allocate):
* runtime/Heap.h:
* runtime/JSCell.h:
(JSC::JSCell::JSCell::operator new):
(JSC::JSCell::MarkedSpace::sizeClassFor):
(JSC::JSCell::MarkedSpace::allocate):
* runtime/MarkedBlock.h:
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::allocateBlock):
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::SizeClass::SizeClass):
2011-02-25 Michael Saboff <msaboff@apple.com>
Reviewed by Darin Adler.
Leak in JSParser::Scope of ScopeLabelInfo Vector
https://bugs.webkit.org/show_bug.cgi?id=55249
Changed m_labels to be an OwnPtr<>. Added VectorTraits
and Scope copy constructor to support this change.
* parser/JSParser.cpp:
(JSC::JSParser::Scope::~Scope):
2011-02-25 Fumitoshi Ukai <ukai@chromium.org>
Reviewed by Adam Barth.
WebSocket uses insecure random numbers
https://bugs.webkit.org/show_bug.cgi?id=54714
* JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
2011-02-25 Patrick Gansterer <paroga@webkit.org>
Reviewed by Adam Roben.
Move timeBeginPeriod into OS(WINDOWS) section
https://bugs.webkit.org/show_bug.cgi?id=55247
* jsc.cpp:
(main): timeBeginPeriod is available on all Windows versions and not compiler specific.
2011-02-25 Patrick Gansterer <paroga@webkit.org>
Unreviewed WinCE build fix for r79695.
* jsc.cpp:
(main): SetErrorMode isn't available on WinCE.
2011-02-25 Adam Roben <aroben@apple.com>
Work around Cygwin's crash-suppression behavior
Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will
inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be
invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode
when our test apps launch to work around Cygwin's behavior.
Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem
debugger) when launched from Cygwin 1.7
Reviewed by Darin Adler.
* API/tests/testapi.c: Added a now-needed #include.
(main):
* jsc.cpp:
(main):
Call ::SetErrorMode(0) to undo Cygwin's folly.
* JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our
other projects do so that windows.h won't define min/max macros that interfere with
std::numeric_limits<T>::min/max.
2011-02-24 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Add GYP project for JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=55027
Again, this GYP files is very rough, but it succeeds in building
JavaScriptCore. There's a lot more work to do here, especially in the
area of sharing with JavaScriptGlue.gyp. This patch is more of a
checkpoint so that other folks can help out if they wish.
* gyp: Added.
* gyp/JavaScriptCore.gyp: Added.
* gyp/generate-derived-sources.sh: Added.
2011-02-24 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Add missing files to JavaScriptCore.gypi
https://bugs.webkit.org/show_bug.cgi?id=55193
I forgot to add mm files in my previous patch.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* JavaScriptCore.gypi:
2011-02-24 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
Remove unused parameter name in GCActivityCallback.cpp
https://bugs.webkit.org/show_bug.cgi?id=55194
This change is not strictly required for the GYP-based build system,
but I noticed this error when working on the new build system.
* runtime/GCActivityCallback.cpp:
(JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2011-02-24 James Robinson <jamesr@chromium.org>
Reviewed by Darin Fisher.
Add a USE() macro to control use of the built-in UTF8 codec
https://bugs.webkit.org/show_bug.cgi?id=55189
Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi.
* wtf/Platform.h:
2011-02-24 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
Variable-sized allocation (but still capped at 64 bytes)
https://bugs.webkit.org/show_bug.cgi?id=55159
SunSpider reports no change.
* JavaScriptCore.exp: Some day, I hope not to have to edit this file.
* runtime/Heap.cpp:
(JSC::Heap::allocateSlowCase): Split allocation into a fast and slow
case, so the fast case can inline size class selection and turn it into
a compile-time constant.
Changed the collect-on-every allocation debugging switch to collect only
on every slow allocation, so you can still flip the switch without
recompiling the world. This may also be preferable for debugging purposes,
since collecting after every single allocation can be unusably slow,
and can mask problems by running destructors early.
* runtime/Heap.h: Ditto.
* runtime/JSCell.h:
(JSC::JSCell::MarkedSpace::sizeClassFor):
(JSC::JSCell::Heap::allocate):
(JSC::JSCell::JSCell::operator new): The inlining mentioned above.
* runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With
multiple size classes, allocating a full 256KB for the first allocation
in a given class can be pathologically wasteful. (8KB, or 4KB Mac and
8KB Windows, would be even better, but that seems to be a peformance
regression for now.)
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::allocateBlock):
(JSC::MarkedSpace::reset): There's more than one size class now, and its
cell size is not constant.
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::SizeClass::SizeClass): Ditto.
2011-02-23 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Make WeakGCMap use new handle infrastructure
https://bugs.webkit.org/show_bug.cgi?id=55100
Remove old WeakGCMap implementation and move over to new handle
based logic.
This has a number of benefits, most notably it makes a WeakGCMap
always reflect the true state of the world by as all entries are
removed at the first gc cycle that makes them dead. This allows
us to get rid of code in a wide variety of objects where the only
purpose was to remove themselves from maps.
It also means that we no longer need to have special "unchecked"
versions of any functions on WeakGCMap. Alas in order to maintain
compatibility with the JSWeakObjectMapClear API it is still
necessary to have an api that resembles uncheckedRemove, this is
now deprecatedRemove and will be dealt with in a later patch.
In order to get correct semantics in WeakGCMap we need more
contextual information in the finalizer, so we've added an
abstract class based finaliser and a context parameter to the
calls.
The new an improved WeakGCMap also results in sigificantly more
churn in the weak handle lists so exposed some potential problems
during the post mark phase which have been rectified as well.
* API/JSWeakObjectMapRefPrivate.cpp:
* API/JSWeakObjectMapRefPrivate.h:
* runtime/Heap.cpp:
(JSC::Heap::globalObjectCount):
(JSC::Heap::protectedGlobalObjectCount):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::~JSGlobalObject):
(JSC::JSGlobalObject::init):
* runtime/WeakGCMap.h:
(JSC::WeakGCMap::iterator::iterator):
(JSC::WeakGCMap::iterator::get):
(JSC::WeakGCMap::iterator::getSlot):
(JSC::WeakGCMap::iterator::operator++):
(JSC::WeakGCMap::iterator::operator==):
(JSC::WeakGCMap::iterator::operator!=):
(JSC::WeakGCMap::WeakGCMap):
(JSC::WeakGCMap::isEmpty):
(JSC::WeakGCMap::clear):
(JSC::WeakGCMap::get):
(JSC::WeakGCMap::getSlot):
(JSC::WeakGCMap::set):
(JSC::WeakGCMap::take):
(JSC::WeakGCMap::size):
(JSC::WeakGCMap::deprecatedRemove):
(JSC::WeakGCMap::begin):
(JSC::WeakGCMap::end):
(JSC::WeakGCMap::~WeakGCMap):
(JSC::WeakGCMap::finalize):
* runtime/WeakGCPtr.h:
(JSC::WeakGCPtr::WeakGCPtr):
(JSC::WeakGCPtr::set):
2011-02-24 Oliver Hunt <oliver@apple.com>
Reviewed by Gavin Barraclough.
Make weaklist processing deal with weak handles being removed during the iteration
https://bugs.webkit.org/show_bug.cgi?id=55105
It is possible for the handle heap to end up in a broken state if
a handle's finalizer removes either the current or next handle
to be visited during the post-gc cleanup. This patch removes that
problem by allowing the deallocate(Node*) routine to update the
iterator if it is called during finalization.
* collector/handles/HandleHeap.cpp:
(JSC::HandleHeap::HandleHeap):
(JSC::HandleHeap::updateAfterMark):
(JSC::HandleHeap::clearWeakPointers):
(JSC::HandleHeap::writeBarrier):
(JSC::HandleHeap::protectedGlobalObjectCount):
* collector/handles/HandleHeap.h:
(JSC::Finalizer::~Finalizer):
(JSC::HandleHeap::getFinalizer):
(JSC::HandleHeap::deallocate):
(JSC::HandleHeap::makeWeak):
(JSC::HandleHeap::makeSelfDestroying):
(JSC::HandleHeap::Node::Node):
(JSC::HandleHeap::Node::setFinalizer):
(JSC::HandleHeap::Node::finalizer):
(JSC::HandleHeap::Node::finalizerContext):
* interpreter/RegisterFile.cpp:
(JSC::RegisterFile::setGlobalObject):
(JSC::GlobalObjectNotifier::finalize):
(JSC::RegisterFile::globalObjectCollectedNotifier):
* interpreter/RegisterFile.h:
(JSC::RegisterFile::RegisterFile):
* runtime/Heap.cpp:
(JSC::Heap::destroy):
* runtime/WeakGCPtr.h:
(JSC::WeakGCPtr::WeakGCPtr):
(JSC::WeakGCPtr::set):
2011-02-24 Michael Saboff <msaboff@apple.com>
Reviewed by Oliver Hunt.
PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd()
https://bugs.webkit.org/show_bug.cgi?id=55156
Added code to delete unneeded PatternAlternative after it is removed
from m_alternatives Vector.
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
2011-02-24 Eric Seidel <eric@webkit.org>
Reviewed by Anders Carlsson.
VectorBuffer should not call malloc(0)
https://bugs.webkit.org/show_bug.cgi?id=55091
Turns out the malloc() call which was so hot in:
https://bugs.webkit.org/show_bug.cgi?id=55005
was actually just malloc(0).
We shouldn't be calling malloc(0) anyway, since there is no need to
and it might actually do work on some systems.
I believe on Mac it ends up taking the standard spinlocks (expensive)
and the code on Brew actually does a malloc(1) instead. Neither is desirable.
* wtf/Vector.h:
(WTF::VectorBufferBase::allocateBuffer):
(WTF::VectorBufferBase::tryAllocateBuffer):
2011-02-24 Patrick Gansterer <paroga@webkit.org>
Reviewed by Darin Adler.
Remove obsolete PLATFORM(CI)
https://bugs.webkit.org/show_bug.cgi?id=55082
* wtf/Platform.h:
2011-02-24 Martin Robinson <mrobinson@igalia.com>
Reviewed by Xan Lopez.
[GTK] Remove the GFile GOwnPtr specialization
https://bugs.webkit.org/show_bug.cgi?id=55154
Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr
to track GFiles since they are just regular reference-counted GObjects.
* wtf/gobject/GOwnPtr.cpp: Remove GFile specialization.
* wtf/gobject/GOwnPtr.h: Ditto.
2011-02-24 Patrick Gansterer <paroga@webkit.org>
Reviewed by Eric Seidel.
Rename PLATFORM(SKIA) to USE(SKIA)
https://bugs.webkit.org/show_bug.cgi?id=55090
* wtf/Platform.h:
2011-02-24 Patrick Gansterer <paroga@webkit.org>
Reviewed by Alexey Proskuryakov.
Remove pthreads dependecy for JSLock
https://bugs.webkit.org/show_bug.cgi?id=54832
JSLock is only needed to support an obsolete execution model where JavaScriptCore
automatically protected against concurrent access from multiple threads.
So it's safe to disable it on non-mac platforms where we don't have native pthreads.
* runtime/JSLock.cpp:
2011-02-24 Chao-ying Fu <fu@mips.com>
Reviewed by Eric Seidel.
Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values
https://bugs.webkit.org/show_bug.cgi?id=54997
* jit/JIT.h:
* jit/JITStubs.cpp:
(JSC::JITThunks::JITThunks):
2011-02-24 Andras Becsi <abecsi@webkit.org>
Reviewed by Laszlo Gombos.
[Qt] MinGW build fails to link
https://bugs.webkit.org/show_bug.cgi?id=55050
Prepend the libraries of subcomponents instead of appending them
to fix the library order according to the dependency of the libraries
* JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore
* jsc.pro: ditto
2011-02-24 Eric Seidel <eric@webkit.org>
Reviewed by Adam Barth.
Deque<T> should support inline capacity
https://bugs.webkit.org/show_bug.cgi?id=55032
The title says it all. There are currently no places
which use this code yet, however it's been tested in conjunction
with code for bug 55005.
This also adds an ASSERT that capacity is never 1. If you were able
to set the capacity equal to 1, the Deque would just get confused
and happily append your item but still think it had size 0.
* wtf/Deque.h:
(WTF::DequeIterator::DequeIterator):
(WTF::DequeConstIterator::DequeConstIterator):
(WTF::DequeReverseIterator::DequeReverseIterator):
(WTF::DequeConstReverseIterator::DequeConstReverseIterator):
(WTF::::checkValidity):
(WTF::::checkIndexValidity):
(WTF::::invalidateIterators):
(WTF::::Deque):
(WTF::deleteAllValues):
(WTF::::operator):
(WTF::::destroyAll):
(WTF::::~Deque):
(WTF::::swap):
(WTF::::clear):
(WTF::::findIf):
(WTF::::expandCapacityIfNeeded):
(WTF::::expandCapacity):
(WTF::::takeFirst):
(WTF::::append):
(WTF::::prepend):
(WTF::::removeFirst):
(WTF::::remove):
(WTF::::addToIteratorsList):
(WTF::::removeFromIteratorsList):
(WTF::::DequeIteratorBase):
(WTF::::~DequeIteratorBase):
(WTF::::isEqual):
(WTF::::increment):
(WTF::::decrement):
(WTF::::after):
(WTF::::before):
* wtf/Vector.h:
2011-02-22 Adam Barth <abarth@webkit.org>
Reviewed by Ojan Vafai.
Add missing files to JavaScriptCore.gypi
https://bugs.webkit.org/show_bug.cgi?id=55020
gypi files are supposed to list every file under the sun. This patch
adds some missing files and sorts the rest.
* JavaScriptCore.gypi:
2011-02-23 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
Refactored MarkedSpace to operate in terms of size classes
https://bugs.webkit.org/show_bug.cgi?id=55106
SunSpider reports no change.
* runtime/JSCell.h:
(JSC::JSCell::MarkedSpace::sizeClassFor):
(JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size
class. Since these functions are inline, the compiler can constant fold
them.
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::cellSize):
(JSC::MarkedBlock::size): Factored out a cellSize() helper.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::allocateBlock):
(JSC::MarkedSpace::allocateFromSizeClass):
(JSC::MarkedSpace::shrink):
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::SizeClass::SizeClass):
(JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of
abstract SizeClass objects, which are independent linked lists of blocks
of a certain size class, instead of a single m_heap object.
2011-02-23 Adam Barth <abarth@webkit.org>
Reviewed by James Robinson.
[Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox
https://bugs.webkit.org/show_bug.cgi?id=55093
Exclude OSRandomSource.cpp from the Chromium build. This function is
implemented in WebKit/chromium/src instead.
* JavaScriptCore.gyp/JavaScriptCore.gyp:
2011-02-23 Oliver Hunt <oliver@apple.com>
Roll out r64156 as it introduces incorrect behaviour.
* runtime/JSByteArray.h:
(JSC::JSByteArray::setIndex):
2011-02-23 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation
https://bugs.webkit.org/show_bug.cgi?id=55079
SunSpider reports no change.
* runtime/Heap.cpp:
(JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace,
since we want Heap to logically control MarkedSpace. MarkedSpace should
never choose to sweep itself.
* runtime/JSCell.h:
(JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a
member of MarkedBlock. No need to reset nextAtom to firstAtom() when
we reach the end of a block, since there's now an explicit reset pass
during GC.
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered
some data members to improve cache locality.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h:
(JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an
explicit reset pass.
2011-02-23 James Robinson <jamesr@chromium.org>
Unreviewed, rolling out r79428.
http://trac.webkit.org/changeset/79428
https://bugs.webkit.org/show_bug.cgi?id=54714
Does not work in the Chromium sandbox
* JavaScriptCore.exp:
2011-02-23 Adam Roben <aroben@apple.com>
Fix an off-by-one error in JSC::appendSourceToError
Looks like this bug has been around since the code was first added in r35245.
Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError
when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled
Reviewed by Darin Adler.
* interpreter/Interpreter.cpp:
(JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the
character at stop-1 rather than at stop. At this point in the code, stop represents the
index just past the end of the characters we care about, and can even be just past the end
of the entire data buffer.
2011-02-23 Geoffrey Garen <ggaren@apple.com>
Reviewed by Darin Adler.
Rolled back in r79367 with SnowLeopard Release bot crash fixed.
https://bugs.webkit.org/show_bug.cgi?id=54999
The crash was caused by failure to update the "nextBlock" pointer when
removing a block from the list while shrinking. The fix is to update the
"nextBlock" pointer.
This crash was very rare because it only happened in cases where the very
first block in the heap contained no marked cells.
2011-02-23 Dan Bernstein <mitz@apple.com>
Reviewed by Gavin Barraclough.
Include frame numbers in backtraces.
https://bugs.webkit.org/show_bug.cgi?id=55060
* wtf/Assertions.cpp:
2011-02-23 Xan Lopez <xlopez@igalia.com>
Reviewed by Gavin Barraclough.
latest jsc for armv7 crashes in sunspider tests
https://bugs.webkit.org/show_bug.cgi?id=54667
Update JIT offset values in ARMv7 after r78732. Fixes crashes in
SunSpider and JavaScript tests.
* jit/JIT.h: update values.
2011-02-23 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r79418.
http://trac.webkit.org/changeset/79418
https://bugs.webkit.org/show_bug.cgi?id=55043
"breaks shlib linux build" (Requested by morrita on #webkit).
* JavaScriptCore.gyp/JavaScriptCore.gyp:
* JavaScriptCore.gypi:
2011-02-23 Patrick Gansterer <paroga@webkit.org>
Reviewed by Alexey Proskuryakov.
Use DEFINE_STATIC_LOCAL for ignoreSetMutex in Structure.cpp
https://bugs.webkit.org/show_bug.cgi?id=54831
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/Structure.cpp:
(JSC::ignoreSetMutex):
(JSC::Structure::Structure):
(JSC::Structure::~Structure):
(JSC::Structure::initializeThreading):
* runtime/Structure.h:
2011-02-23 Patrick Gansterer <paroga@webkit.org>
Reviewed by Darin Adler.
Rename PLATFORM(CF) to USE(CF)
https://bugs.webkit.org/show_bug.cgi?id=53540
* runtime/DatePrototype.cpp:
* runtime/GCActivityCallbackCF.cpp:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* wtf/CurrentTime.cpp:
* wtf/Platform.h:
* wtf/text/AtomicString.h:
* wtf/text/StringImpl.h:
(WTF::StringImpl::computeHash):
* wtf/text/WTFString.h:
* wtf/unicode/icu/CollatorICU.cpp:
(WTF::Collator::userDefault):
2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
Unreviewed build fix for Windows.
WebSocket uses insecure random numbers
https://bugs.webkit.org/show_bug.cgi?id=54714
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export WTF::cryptographicallyRandomNumber()
2011-02-23 Fumitoshi Ukai <ukai@chromium.org>
Reviewed by Adam Barth.
WebSocket uses insecure random numbers
https://bugs.webkit.org/show_bug.cgi?id=54714
* JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
2011-02-22 Adam Barth <abarth@webkit.org>
Reviewed by Ojan Vafai.
Add missing files to JavaScriptCore.gypi
https://bugs.webkit.org/show_bug.cgi?id=55020
gypi files are supposed to list every file under the sun. This patch
adds some missing files and sorts the rest.
* JavaScriptCore.gypi:
2011-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r79367.
http://trac.webkit.org/changeset/79367
https://bugs.webkit.org/show_bug.cgi?id=55012
all layout tests are crashing on Snow Leopard (Requested by
rniwa on #webkit).
* GNUmakefile.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* runtime/MarkedBlock.h:
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::destroy):
(JSC::MarkedSpace::allocateBlock):
(JSC::MarkedSpace::freeBlock):
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::shrink):
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h:
(JSC::CollectorHeap::collectorBlock):
* wtf/CMakeLists.txt:
* wtf/DoublyLinkedList.h: Removed.
2011-02-22 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
https://bugs.webkit.org/show_bug.cgi?id=54999
SunSpider reports no change.
* GNUmakefile.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time.
* wtf/CMakeLists.txt:
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::setPrev):
(JSC::MarkedBlock::setNext):
(JSC::MarkedBlock::prev):
(JSC::MarkedBlock::next): Added linked list data members and accessors.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::destroy):
(JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore.
(JSC::MarkedSpace::freeBlocks): New helper function for updating relevant
data structures when freeing blocks.
(JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and
not a vector index.
(JSC::MarkedSpace::shrink): Construct a temporary list of empties and
then free them, to avoid modifying our hash table while iterating it.
This wasn't a concern before because we were using indirect array
indexing, not direct pointer indexing.
(JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and
not a vector index.
* runtime/MarkedSpace.h:
(JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list.
* wtf/DoublyLinkedList.h: Added. New linked list class.
(WTF::::DoublyLinkedList):
(WTF::::isEmpty):
(WTF::::head):
(WTF::::append):
(WTF::::remove):
2011-02-22 Gavin Barraclough <barraclough@apple.com>
Windows build fix.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-02-22 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 54988 - Re-create StructureTransitionTable class, encapsulate transition table
The Structure class keeps a table of transitions to derived Structure types. Since
this table commonly contains a single entry we employ an optimization where instead
of holding a map, we may hold a pointer directly to a single instance of the mapped
type. We use an additional bit of data to flag whether the pointer is currently
pointing to a table of transitions, or a singleton transition. Previously we had
commonly used a pattern of storing data in the low bits of pointers, but had moved
away from this since it causes false leaks to be reported by the leaks tool. However
in this case, the entries in the map are weak links - this pointer will never be
responsible for keeping an object alive. As such we can use this approach provided
that the bit is set when a table is not in use (otherwise the table would appear to
be leaked).
Additionally, the transition table currently allows two entries to exist for a given
key - one specialized to a particular value, and one not specialized. This is
unnecessary, wasteful, and a little inconsistent. (If you create an entry for a
specialized value, then a non-specialized entry, both will exist. If you create an
entry for a non-specialized value, then try to create a specialized entry, only a
non-specialized form will be allowed.)
This shows a small progression on v8.
* JavaScriptCore.exp:
* runtime/JSObject.h:
(JSC::JSObject::putDirectInternal):
* runtime/Structure.cpp:
(JSC::StructureTransitionTable::contains):
(JSC::StructureTransitionTable::get):
(JSC::StructureTransitionTable::remove):
(JSC::StructureTransitionTable::add):
(JSC::Structure::dumpStatistics):
(JSC::Structure::Structure):
(JSC::Structure::~Structure):
(JSC::Structure::addPropertyTransitionToExistingStructure):
(JSC::Structure::addPropertyTransition):
* runtime/Structure.h:
(JSC::Structure::get):
* runtime/StructureTransitionTable.h:
(JSC::StructureTransitionTable::Hash::hash):
(JSC::StructureTransitionTable::Hash::equal):
(JSC::StructureTransitionTable::HashTraits::emptyValue):
(JSC::StructureTransitionTable::HashTraits::constructDeletedValue):
(JSC::StructureTransitionTable::HashTraits::isDeletedValue):
(JSC::StructureTransitionTable::StructureTransitionTable):
(JSC::StructureTransitionTable::~StructureTransitionTable):
(JSC::StructureTransitionTable::isUsingSingleSlot):
(JSC::StructureTransitionTable::map):
(JSC::StructureTransitionTable::setMap):
(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):
2011-02-22 Andras Becsi <abecsi@webkit.org>
Reviewed by Laszlo Gombos.
[Qt] Redesign the build system
https://bugs.webkit.org/show_bug.cgi?id=51339
Part 2.
Build WebCore as a static library, compile the WebKit API and WebKit2 API
in a final step and link to WebKit2, WebCore and JSC libraries to fix
linking issues resulting from stripped away symbols.
* JavaScriptCore.pri: Remove the workaround.
2011-02-21 Adam Roben <aroben@apple.com>
Fix linker warning on Windows
r79135 tried to export JSObject::s_info by adding it to JavaScriptCore.def. This is the
obvious way (since it's how we export functions), but unfortunately it doesn't work correct.
r79222 made us export it the right way (using the JS_EXPORTDATA macro), but forgot to remove
it from JavaScriptCore.def. This caused us to get linker warnings about exporting the symbol
multiple times.
Rubber-stamped by Anders Carlsson.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSObject::s_info.
2011-02-21 Brian Weinstein <bweinstein@apple.com>
Reviewed by Adam Roben.
WebResourceCacheManager should be responsible for managing the CFURLCache as well
as the WebCore memory cache.
https://bugs.webkit.org/show_bug.cgi?id=54886
Part of <rdar://problem/8971738>
Add a new use flag for using the CFURLCache.
* wtf/Platform.h:
2011-02-21 Xan Lopez <xlopez@igalia.com>
Reviewed by Gavin Barraclough.
Use ASSERT_JIT_OFFSET in JITPropertyAccess32_64.cpp
https://bugs.webkit.org/show_bug.cgi?id=54901
* jit/JIT.h: swap actual and expected values in message, they were
reversed.
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCall): use ASSERT_JIT_OFFSET instead of
a simple ASSERT.
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_method_check): ditto.
(JSC::JIT::compileGetByIdHotPath): ditto.
(JSC::JIT::compileGetByIdSlowCase): ditto.
(JSC::JIT::emit_op_put_by_id): ditto.
2011-02-21 Gavin Barraclough <barraclough@apple.com>
Ruber stamped by Sam Weinig
Bug 54899 - Math.LOG10E should be 0.4342944819032518
This value is quoted in section 15.8.1.5 of the spec.
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
2011-02-21 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 54894 - Make inheritance structure described by ClassInfo match C++ class hierarchy.
The ClassInfo objects describe an inheritance hierarchy, with each ClassInfo instance
containing a pointer to its parent class. These links should reflect the inheritance
hierarchy of C++ classes below JSObject. For the large part it does, but in some cases
entries in the C++ hierarchy are skipped over. This presently likely doesn't matter,
since intervening C++ classes may not have ClassInfo - but would be a potential bug
were ClassInfo were to be added.
* API/JSCallbackConstructor.cpp:
* API/JSCallbackFunction.cpp:
* API/JSCallbackObjectFunctions.h:
* runtime/Arguments.h:
* runtime/ArrayPrototype.cpp:
* runtime/BooleanObject.cpp:
* runtime/DateInstance.cpp:
* runtime/DatePrototype.cpp:
* runtime/ErrorInstance.cpp:
* runtime/InternalFunction.cpp:
* runtime/JSActivation.cpp:
* runtime/JSArray.cpp:
* runtime/JSFunction.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.h:
* runtime/JSZombie.h:
* runtime/MathObject.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberObject.cpp:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpObject.cpp:
* runtime/StringObject.cpp:
* runtime/StringPrototype.cpp:
2011-02-21 Adam Roben <aroben@apple.com>
Export JSObject::s_info from JavaScriptCore.dll
This matches what we do for all other ClassInfo objects that WebCore needs access to.
Fixes <http://webkit.org/b/54881> REGRESSION (r79132): Lots of tests crashing in
JSCell::inherits on Windows
Reviewed by Sam Weinig.
* runtime/JSObject.h: Added JS_EXPORTDATA to s_info.
2011-02-21 Kristian Amlie <kristian.amlie@nokia.com>
Reviewed by Andreas Kling.
Switched to compiler based detection, where the error actually is.
It is not the platform that needs the workaround, it is the compiler.
QtWebKit fails to compile on Windows XP with msvc-2008
https://bugs.webkit.org/show_bug.cgi?id=54746
* bytecode/CodeBlock.h:
* runtime/RegExpObject.h:
2011-02-20 Gavin Barraclough <barraclough@apple.com>
Reviewed by Oliver Hunt.
https://bugs.webkit.org/show_bug.cgi?id=54839
Remove PrototypeFunction, NativeFunctionWrapper, and GlobalEvalFunction.
Historically, Native functions used to be represented by PrototypeFunctions, however
since introducing call optimizations to the JIT this has used JSFunctions for host
calls too. At the point this change was made, the interpreter continued to use
PrototypeFunctions, however since fallback from the JIT to interpreter was introduced
the interpreter has had to be able to run using host functions represented using
JSFunctions - leading to an unnecessary and redundant divergence in behaviour between
interpreter only builds, and situations where the JIT has fallen back to interpreting.
NativeFunctionWrapper only existed to select between PrototypeFunction and JSFunction
for wrappers for host functions, and as such can also be removed.
GlobalEvalFunction is a redundant wrapper that happens to be derived from
PrototypeFunction. It existed to hold a reference to the global object - but since all
functions how derive from JSObjectWithGlobalObject, this no longer requires an
additional class to provide this functionality.
* JavaScriptCore.JSVALUE32_64only.exp:
* JavaScriptCore.JSVALUE64only.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
Removed symbols / references to files.
* runtime/GlobalEvalFunction.cpp: Removed.
* runtime/GlobalEvalFunction.h: Removed.
* runtime/NativeFunctionWrapper.h: Removed.
* runtime/PrototypeFunction.cpp: Removed.
* runtime/PrototypeFunction.h: Removed.
Removed.
* runtime/Executable.cpp:
(JSC::NativeExecutable::~NativeExecutable):
* runtime/Executable.h:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::NativeExecutable):
(JSC::JSFunction::nativeFunction):
* runtime/JSFunction.cpp:
(JSC::callHostFunctionAsConstructor):
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::getCallData):
* runtime/JSFunction.h:
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::getHostFunction):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::getCTIStub):
Added interpreter-friendly constructors for NativeExecutables.
* bytecompiler/BytecodeGenerator.cpp:
* interpreter/Interpreter.cpp:
* jit/JITStubs.cpp:
* jsc.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/BooleanPrototype.h:
* runtime/CallData.h:
* runtime/DateConstructor.cpp:
* runtime/DateConstructor.h:
* runtime/ErrorPrototype.cpp:
* runtime/ErrorPrototype.h:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectFunctions.cpp:
* runtime/Lookup.cpp:
* runtime/NumberPrototype.cpp:
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectConstructor.h:
* runtime/ObjectPrototype.cpp:
* runtime/ObjectPrototype.h:
* runtime/RegExpPrototype.cpp:
* runtime/RegExpPrototype.h:
* runtime/SmallStrings.h:
* runtime/StringConstructor.cpp:
* runtime/StringConstructor.h:
Removed use of redundant classes.
2011-02-19 Laszlo Gombos <laszlo.1.gombos@nokia.com>
Unreviewed build fix for Symbian.
[Symbian] Revert the removal of linking
against hal after r79126.
Dependency on the hal library can not be removed
as it is still used (e.g. in MarkStackSymbian.cpp).
* JavaScriptCore.pri:
2011-02-19 Gavin Barraclough <barraclough@apple.com>
Interpreter build fix.
* runtime/ArrayConstructor.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/DateConstructor.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/FunctionPrototype.cpp:
* runtime/Lookup.cpp:
* runtime/NumberPrototype.cpp:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/RegExpPrototype.cpp:
* runtime/StringConstructor.cpp:
2011-02-19 Gavin Barraclough <barraclough@apple.com>
Build fix!!
* JavaScriptCore.exp:
2011-02-19 Gavin Barraclough <barraclough@apple.com>
Windows build fix!!
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-02-19 Gavin Barraclough <barraclough@apple.com>
Windows build fix!
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2011-02-19 Gavin Barraclough <barraclough@apple.com>
Build fix!
* JavaScriptCore.exp:
2011-02-18 Gavin Barraclough <barraclough@apple.com>
Reviewed by Sam Weinig.
Bug 54786 - Devirtualize JSCell::classInfo()
Instead of making a virtual function call, add a pointer to the ClassInfo
onto Structure.
This removes a virtual function call, and paves the way towards removing all
the createStructure methods, and StructureFlags/AnonymousSlotCount properties
(these should be able to move onto ClassInfo).
Calls to Structure::create must now pass a pointer to the ClassInfo for the
structure. All objects now have a ClassInfo pointer, non-object cell types
still do not.
Changes are most mechanical, involving three steps:
* Remove virtual classInfo() methods.
* Add &s_info parameter to calls to Structure::create.
* Rename ClassInfo static members on classes from 'info' to 's_info',
for consistency.
* API/JSCallbackConstructor.cpp:
* API/JSCallbackConstructor.h:
* API/JSCallbackFunction.cpp:
* API/JSCallbackFunction.h:
* API/JSCallbackObject.cpp:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
* API/JSObjectRef.cpp:
* API/JSValueRef.cpp:
* API/JSWeakObjectMapRefPrivate.cpp:
* JavaScriptCore.exp:
* debugger/Debugger.cpp:
* debugger/DebuggerActivation.h:
* debugger/DebuggerCallFrame.cpp:
* interpreter/Interpreter.cpp:
* jit/JITCall32_64.cpp:
* jit/JITOpcodes.cpp:
* jit/JITStubs.cpp:
* profiler/Profiler.cpp:
* runtime/Arguments.cpp:
* runtime/Arguments.h:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/ArrayPrototype.h:
* runtime/BooleanObject.cpp:
* runtime/BooleanObject.h:
* runtime/BooleanPrototype.cpp:
* runtime/DateConstructor.cpp:
* runtime/DateInstance.cpp:
* runtime/DateInstance.h:
* runtime/DatePrototype.cpp:
* runtime/DatePrototype.h:
* runtime/ErrorInstance.cpp:
* runtime/ErrorInstance.h:
* runtime/ErrorPrototype.cpp:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:
* runtime/GetterSetter.h:
* runtime/GlobalEvalFunction.h:
* runtime/InternalFunction.cpp:
* runtime/InternalFunction.h:
* runtime/JSAPIValueWrapper.h:
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
* runtime/JSByteArray.h:
* runtime/JSCell.cpp:
* runtime/JSCell.h:
* runtime/JSFunction.cpp:
* runtime/JSFunction.h:
* runtime/JSGlobalData.cpp:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSNotAnObject.h:
* runtime/JSONObject.cpp:
* runtime/JSONObject.h:
* runtime/JSObject.cpp:
* runtime/JSObject.h:
* runtime/JSObjectWithGlobalObject.h:
* runtime/JSPropertyNameIterator.h:
* runtime/JSStaticScopeObject.h:
* runtime/JSString.h:
* runtime/JSVariableObject.h:
* runtime/JSWrapperObject.h:
* runtime/JSZombie.cpp:
* runtime/JSZombie.h:
* runtime/Lookup.cpp:
* runtime/MathObject.cpp:
* runtime/MathObject.h:
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeErrorConstructor.h:
* runtime/NumberConstructor.cpp:
* runtime/NumberConstructor.h:
* runtime/NumberObject.cpp:
* runtime/NumberObject.h:
* runtime/NumberPrototype.cpp:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpConstructor.h:
* runtime/RegExpObject.cpp:
* runtime/RegExpObject.h:
* runtime/RegExpPrototype.cpp:
* runtime/ScopeChain.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringObject.cpp:
* runtime/StringObject.h:
* runtime/StringObjectThatMasqueradesAsUndefined.h:
* runtime/StringPrototype.cpp:
* runtime/StringPrototype.h:
* runtime/Structure.cpp:
* runtime/Structure.h:
2011-02-19 David Kilzer <ddkilzer@apple.com>
<http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc
Reviewed by Dan Bernstein.
* Configurations/Base.xcconfig: Added
JAVASCRIPTCORE_FRAMEWORKS_DIR variable.
* Configurations/JavaScriptCore.xcconfig: Used
JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH.
* JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
for Production configuration of jsc target.
(Copy Into Framework): Removed old build phase.
(Fix Framework Reference): Renamed build phase to "Copy Into
Framework". Added "set -x" call to make the script print the
commands it is running. Added code to exit early for Production
builds since this was never intended for them. Added code to
copy jsc into the JavaScriptCore.framework/Resources directory.
2011-02-19 Siddharth Mathur <siddharth.mathur@nokia.com>
Reviewed by Laszlo Gombos.
[Symbian] OSAllocator implementation for Symbian OS.
Manages both data and code region requests. V8 and Sunspider tested
OK with interpreter. Not tested with JSC JIT yet as it has unrelated
failures. Also no thread safety yet.
https://bugs.webkit.org/show_bug.cgi?id=51128
* JavaScriptCore.pri: removed HAL linkage
* wtf/Bitmap.h:
(WTF::::findRunOfZeros): find run of zeros in a bitmap. quick n dirty
* wtf/OSAllocator.h:
(WTF::OSAllocator::decommitAndRelease): decommit explicitly
* wtf/OSAllocatorSymbian.cpp: Impl. of OSAllocator interface
(WTF::allocateCodeChunk): utility for code chunks
(WTF::deallocateCodeChunk): utility for code chunks
(WTF::dataAllocatorInstance): getter for data allocator instance
(WTF::OSAllocator::reserveUncommitted):
(WTF::OSAllocator::releaseDecommitted):
(WTF::OSAllocator::commit):
(WTF::OSAllocator::decommit):
(WTF::OSAllocator::reserveAndCommit):
(WTF::PageAllocatorSymbian::PageAllocatorSymbian): maps requests
to one underlying Symbian chunk
(WTF::PageAllocatorSymbian::~PageAllocatorSymbian):
(WTF::PageAllocatorSymbian::reserve):
(WTF::PageAllocatorSymbian::release):
(WTF::PageAllocatorSymbian::commit):
(WTF::PageAllocatorSymbian::decommit):
(WTF::PageAllocatorSymbian::contains):
* wtf/PageAllocatorSymbian.h: Added.
(WTF::SymbianChunk::SymbianChunk): wrapper around RChunk
(WTF::SymbianChunk::~SymbianChunk):
(WTF::SymbianChunk::contains):
2011-02-19 Yong Li <yoli@rim.com>
Reviewed by Eric Seidel.
https://bugs.webkit.org/show_bug.cgi?id=54687
When being built with armcc, "int" bit fields are treated as
unsigned integers, which will fail the comparisons like "m_offset == -1".
Using "signed" fixes the problem.
* assembler/ARMAssembler.h:
* assembler/ARMv7Assembler.h:
2011-02-18 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Made MarkedSpace block iteration size-class agnostic
https://bugs.webkit.org/show_bug.cgi?id=54792
SunSpider reports no change.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::clearMarks):
(JSC::MarkedSpace::sweep):
(JSC::MarkedSpace::objectCount):
(JSC::MarkedSpace::size):
(JSC::MarkedSpace::capacity):
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::forEach): Iterate blocks in hashing order instead of
size class list order. This is a much simpler convention in a world
of many different size classes.
2011-02-18 Kristian Amlie <kristian.amlie@nokia.com>
Reviewed by Andreas Kling.
Added friend exception to Qt platform, which also compiles Windows.
QtWebKit fails to compile on Windows XP with msvc-2008
https://bugs.webkit.org/show_bug.cgi?id=54746
* bytecode/CodeBlock.h:
* runtime/RegExpObject.h:
2011-02-18 Geoffrey Garen <ggaren@apple.com>
(Rolled back in r79022 with crash fixed.)
Reviewed by Sam Weinig.
Use hashing instead of linear search in the conservative pointer test
https://bugs.webkit.org/show_bug.cgi?id=54767
SunSpider reports no change.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::destroy): No need to explicitly clear the blocks array,
since freeBlock removes items for us.
(JSC::MarkedSpace::freeBlock): Fixed a typo that always removed the last
block from the block set instead of the block being freed. Changed to
remove a block from our data structures before deallocating it, since
this is slightly cleaner.
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::contains): Variable-sized objects will use more,
smaller blocks, so it's important for the contains check not to be O(n)
in the number of blocks.
2011-02-18 chris reiss <christopher.reiss@nokia.com>
Reviewed by Andreas Kling.
REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
https://bugs.webkit.org/show_bug.cgi?id=49989
updated test fast/js/script-tests/date-parse-test.js
* wtf/DateMath.cpp:
(WTF::parseDateFromNullTerminatedCharacters):
2011-02-18 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r79022.
http://trac.webkit.org/changeset/79022
https://bugs.webkit.org/show_bug.cgi?id=54775
It broke the whole world (Requested by Ossy on #webkit).
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::contains):
2011-02-18 Yael Aharon <yael.aharon@nokia.com>
Reviewed by Dave Hyatt.
Add support for dir=auto
https://bugs.webkit.org/show_bug.cgi?id=50916
Change defaultWritingDirection() to return if the writing direction
was determined from a letter with strong directionality or not.
* JavaScriptCore.exp:
* JavaScriptCore.order:
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::defaultWritingDirection):
* wtf/text/StringImpl.h:
* wtf/text/WTFString.h:
(WTF::String::defaultWritingDirection):
2011-02-18 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Use hashing instead of linear search in the conservative pointer test
https://bugs.webkit.org/show_bug.cgi?id=54767
SunSpider reports no change.
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::contains): Variable-sized objects will use more,
smaller blocks, so it's important for the contains check not to be O(n)
in the number of blocks.
2011-02-18 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Tightened some usage accounting code in MarkedSpace
https://bugs.webkit.org/show_bug.cgi?id=54761
SunSpider reports no change.
* runtime/Heap.cpp:
(JSC::Heap::Heap): Initialize the marked space high water mark on
construction, instead of relying on some implicit subtleties to make
not initializing it work out OK.
* runtime/Heap.h: Fixed up includes.
* runtime/MarkedBlock.h: Made firstAtom() static so clients can call it
even without having allocated a block.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace): Don't pre-allocate a block, since this
would be prohibitively expensive with multiple size classes.
(JSC::MarkedSpace::allocateBlock):
(JSC::MarkedSpace::freeBlock): Track allocated blocks in a hash set,
since linear search in the contains check will be prohibitively
expensive once we're using lots of smaller blocks.
(JSC::MarkedSpace::allocate): Don't assume that we always have a block
allocated, since we don't anymore. (See above.)
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h: Updated for changes mentioned above.
2011-02-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Made object allocation secretly variable-sized (Shhhh!)
https://bugs.webkit.org/show_bug.cgi?id=54721
SunSpider reports no change.
Internally, MarkedBlock now makes variable-sized allocations, even
though MarkedSpace doesn't take advantage of this yet.
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are
fixed-sized.
* runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things
that are not multiples of 64 bytes.
2011-02-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Fixed some math errors when when using variable-sized cells
https://bugs.webkit.org/show_bug.cgi?id=54717
SunSpider reports no change.
Computer Science Barbie says, "Math is not so hard afterall!"
* runtime/JSCell.h:
(JSC::JSCell::MarkedBlock::allocate): Round up when calculating the
minimum number of atoms required for a cell, since rounding down
will get you splinched.
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::sweep):
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests
because m_endAtom is actually a fuzzy end -- iterating from firstAtom()
may not hit m_endAtom exactly.
2011-02-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
A little more abstraction for MarkedSpace::contains
https://bugs.webkit.org/show_bug.cgi?id=54715
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::contains): Added a contains function, so MarkedSpace
doesn't have to know how MarkedBlock tracks containment internally.
* runtime/MarkedSpace.h:
(JSC::MarkedSpace::contains): Call through to MarkedBlock to figure out
if a cell that seems to be in a block is valid.
2011-02-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Removed the invariant that the last cell in a block is always marked
https://bugs.webkit.org/show_bug.cgi?id=54713
SunSpider reports no change.
This adds one branch to allocation, but simplifies the mark invariant,
especially in a world of variable-sized cells. Now, it really is true
that any cell whose mark bit is set is a valid, live cell whose
constructor has run and whose destructor has not run.
* runtime/JSCell.h:
(JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while
since we can no longer rely on a set mark bit to break out of this loop
before it reaches the end of the block.
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::sweep):
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::isEmpty):
(JSC::MarkedBlock::clearMarks):
(JSC::MarkedBlock::markCount):
(JSC::MarkedBlock::forEach): No need to set a special last mark bit.
2011-02-17 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r78856 and r78907.
http://trac.webkit.org/changeset/78856
http://trac.webkit.org/changeset/78907
https://bugs.webkit.org/show_bug.cgi?id=54705
These seem to break tests on 32-bit builds. (Requested by
aroben on #webkit).
* JavaScriptCore.xcodeproj/project.pbxproj:
* collector/handles/Global.h:
(JSC::Global::internalSet):
* collector/handles/Handle.h:
(JSC::HandleTypes::getFromSlot):
(JSC::HandleTypes::toJSValue):
(JSC::HandleTypes::validateUpcast):
(JSC::HandleConverter::operator->):
(JSC::HandleConverter::operator*):
(JSC::Handle::Handle):
(JSC::Handle::get):
* runtime/JSArray.cpp:
(JSC::JSArray::sortNumeric):
* runtime/JSObject.h:
(JSC::JSObject::inlineGetOwnPropertySlot):
* runtime/SlotAccessor.h: Removed.
* runtime/WeakGCPtr.h:
(JSC::WeakGCPtr::get):
(JSC::WeakGCPtr::internalSet):
* runtime/WriteBarrier.h:
(JSC::DeprecatedPtr::DeprecatedPtr):
(JSC::DeprecatedPtr::get):
(JSC::DeprecatedPtr::operator*):
(JSC::DeprecatedPtr::operator->):
(JSC::DeprecatedPtr::slot):
(JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
(JSC::DeprecatedPtr::operator!):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::operator*):
(JSC::WriteBarrierBase::operator->):
(JSC::WriteBarrierBase::clear):
(JSC::WriteBarrierBase::slot):
(JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
(JSC::WriteBarrierBase::operator!):
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
(JSC::WriteBarrier::WriteBarrier):
2011-02-17 Csaba Osztrogonác <ossy@webkit.org>
Unreviewed.
[Qt] Buildfix.
* wtf/RetainPtr.h: Add missing PLATFORM(CF) guard.
2011-02-17 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Made MarkedBlock variable-sized
https://bugs.webkit.org/show_bug.cgi?id=54692
SunSpider reports no change.
Each MarkedBlock is now composed of a set of fixed-sized atoms, with one
mark bit per atom. A given cell may be composed of one or more atoms.
* runtime/Heap.cpp:
(JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace,
bubbling it up from MarkedBlock, since MarkedBlock now supports variable-
sizedness.
* runtime/JSCell.h:
(JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and
(implicit) one constants -- these quantities are not constant anymore.
Updated for switch from cell to atom.
* runtime/MarkedBlock.cpp:
(JSC::MarkedBlock::create):
(JSC::MarkedBlock::destroy):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::sweep):
* runtime/MarkedBlock.h:
(JSC::MarkedBlock::firstAtom):
(JSC::MarkedBlock::atoms):
(JSC::MarkedBlock::isAtomAligned):
(JSC::MarkedBlock::blockFor):
(JSC::MarkedBlock::isEmpty):
(JSC::MarkedBlock::clearMarks):
(JSC::MarkedBlock::size):
(JSC::MarkedBlock::capacity):
(JSC::MarkedBlock::atomNumber):
(JSC::MarkedBlock::isMarked):
(JSC::MarkedBlock::testAndSetMarked):
(JSC::MarkedBlock::setMarked):
(JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE
and BLOCK_SIZE, and switched away from calling arbitrary pointers cells.
* runtime/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::allocateBlock):
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::reset):
* runtime/MarkedSpace.h:
(JSC::CollectorHeap::CollectorHeap):
(JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness
a property of MarkedSpace.
2011-02-17 Oliver Hunt <oliver@apple.com>
Attempt to fix windows build
* runtime/WriteBarrier.h:
2011-02-17 Oliver Hunt <oliver@apple.com>
Reviewed by Geoffrey Garen.
Refactor WriteBarrier and DeprecatedPtr to have less code duplication.
https://bugs.webkit.org/show_bug.cgi?id=54608
Make use of the tricks used for Handle, et al to avoid duplicating all
of the logic for DeprecatedPtr and WriteBarrier simply to support known
vs. unknown types.
* JavaScriptCore.xcodeproj/project.pbxproj:
* collector/handles/Global.h:
(JSC::Global::internalSet):
* collector/handles/Handle.h:
(JSC::Handle::Handle):
(JSC::Handle::get):
* runtime/JSArray.cpp:
(JSC::JSArray::sortNumeric):
* runtime/JSObject.h:
(JSC::JSObject::inlineGetOwnPropertySlot):
* runtime/SlotAccessor.h: Added.
(JSC::SlotTypes::getFromBaseType):
(JSC::SlotTypes::convertToBaseType):
(JSC::SlotTypes::getFromSlot):
(JSC::SlotTypes::toJSValue):
(JSC::SlotTypes::validateUpcast):
(JSC::SlotAccessor::operator->):
(JSC::SlotAccessor::operator*):
* runtime/WeakGCPtr.h:
(JSC::WeakGCPtr::get):
(JSC::WeakGCPtr::internalSet):
* runtime/WriteBarrier.h:
(JSC::DeprecatedPtr::DeprecatedPtr):
(JSC::DeprecatedPtr::get):
(JSC::DeprecatedPtr::slot):
(JSC::DeprecatedPtr::operator=):
(JSC::WriteBarrierTranslator::convertToStorage):
(JSC::WriteBarrierTranslator::convertFromStorage):
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrierBase::get):
(JSC::WriteBarrierBase::clear):
(JSC::WriteBarrierBase::slot):
(JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
(JSC::WriteBarrierBase::operator!):
(JSC::WriteBarrierBase::setWithoutWriteBarrier):
(JSC::WriteBarrier::WriteBarrier):
2011-02-17 Kevin Ollivier <kevino@theolliviers.com>
[wx] Revert incorrect blind fix and restore previous working code.
* wtf/wx/StringWx.cpp:
(WTF::String::String):
2011-02-16 Geoffrey Garen <ggaren@apple.com>
Reviewed by Maciej Stachowiak.
Intermittent crashes beneath MarkStack::drain
https://bugs.webkit.org/show_bug.cgi?id=54614
<rdar://problem/8971070>
The crashes were caused by a GC happening after the global object's
property table had grown (due to compilation), but before the properties
had been fully initialized by program execution.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator): Explicitly resize the global
object's register storage immediately, without waiting for program
execution to do it for us. This ensures that the global object's count
of global variables is consistent with the size of its global variable
storage at all times, and it ensures that all global variables are
properly initialized from the get-go.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::resizeRegisters):
* runtime/JSGlobalObject.h: Added a helper function for growing the
global object's register storage, and initializing new registers.
== Rolled over to ChangeLog-2011-02-16 ==