2013-08-27 Lucas Forschler Merge r154633 2013-08-25 Mark Hahnenberg JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the length of the ArrayStorage after possible reallocing it https://bugs.webkit.org/show_bug.cgi?id=120278 Reviewed by Geoffrey Garen. * runtime/JSObject.cpp: (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): 2013-08-08 Lucas Forschler Merge r153819 2013-08-08 Stephanie Lewis REGRESSION(153806): Crash @ yahoo.com when WebKit is built with a .order file Unreviewed. Ensure llint symbols are in source order. * JavaScriptCore.order: 2013-08-07 Lucas Forschler Merge r153775 2013-08-06 Stephanie Lewis Update Order Files for Safari Unreviewed. * JavaScriptCore.order: 2013-08-07 Lucas Forschler Merge patch from . * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): 2013-08-07 Lucas Forschler Merge r153793 2013-08-07 Mark Hahnenberg 32-bit code gen for TypeOf doesn't properly update the AbstractInterpreter state https://bugs.webkit.org/show_bug.cgi?id=119555 Reviewed by Geoffrey Garen. It uses a speculationCheck where it should be using a DFG_TYPE_CHECK like the 64-bit backend does. This was causing crashes on maps.google.com in 32-bit debug builds. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2013-08-07 Lucas Forschler Merge r153374 2013-07-19 Mark Hahnenberg Setting a large numeric property on an object causes it to allocate a huge backing store https://bugs.webkit.org/show_bug.cgi?id=118914 Reviewed by Geoffrey Garen. There are two distinct actions that we're trying to optimize for: new Array(100000); and: a = []; a[100000] = 42; In the first case, the programmer has indicated that they expect this Array to be very big, so they should get a contiguous array up until some threshold, above which we perform density calculations to see if it is indeed dense enough to warrant being contiguous. In the second case, the programmer hasn't indicated anything about the size of the Array, so we should be more conservative and assume it should be sparse until we've proven otherwise. Currently both of those cases are handled by MIN_SPARSE_ARRAY_INDEX. We should distinguish between them for the purposes of not over-allocating large backing stores like we see on http://www.peekanalytics.com/burgerjoints/ The way that we'll do this is to keep the MIN_SPARSE_ARRAY_INDEX for the first case, and introduce a new heuristic for the second case. If we are putting to an index above a certain threshold (say, 1000) and it is beyond the length of the array, then we will use a sparse map instead. So for example, in the second case above the empty array has a blank indexing type and a length of 0. We put-by-val to an index > 1000 and > a.length, so we'll use a sparse map. This fix is ~800x speedup on the accompanying regression test :-o * runtime/ArrayConventions.h: (JSC::indexIsSufficientlyBeyondLengthForSparseMap): * runtime/JSObject.cpp: (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes): (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage): (JSC::JSObject::putByIndexBeyondVectorLength): (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): 2013-08-01 Lucas Forschler Merge r153615 2013-08-01 Oliver Hunt DFG is not enforcing correct ordering of ToString conversion in MakeRope https://bugs.webkit.org/show_bug.cgi?id=119408 Reviewed by Filip Pizlo. Construct ToString and Phantom nodes in advance of MakeRope nodes to ensure that ordering is ensured, and correct values will be reified on OSR exit. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): 2013-08-01 Mark Hahnenberg GetByVal on Arguments does the wrong size load when checking the Arguments object length https://bugs.webkit.org/show_bug.cgi?id=119281 Reviewed by Geoffrey Garen. This leads to out of bounds accesses and subsequent crashes. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2013-07-29 Lucas Forschler Merge r153071 2013-07-23 Mark Lam Removed unused sourceOffset from JSTokenLocation. https://bugs.webkit.org/show_bug.cgi?id=118996. Reviewed by Geoffrey Garen. This also removes the assertion reported in the bug because it is now moot, thereby resolving the assertion failure issue on Windows. * bytecompiler/NodesCodegen.cpp: (JSC::ArrayNode::toArgumentList): (JSC::ApplyFunctionCallDotNode::emitBytecode): * parser/Lexer.cpp: (JSC::::lex): * parser/Lexer.h: (JSC::::lexExpectIdentifier): * parser/Nodes.h: * parser/Parser.cpp: (JSC::::Parser): (JSC::::parseFunctionInfo): (JSC::::parseExpressionOrLabelStatement): (JSC::::parseMemberExpression): * parser/Parser.h: (JSC::::parse): * parser/ParserTokens.h: (JSC::JSTokenLocation::JSTokenLocation): 2013-07-29 Lucas Forschler Merge r153410 2013-07-28 Oliver Hunt REGRESSION: Crash when opening Facebook.com https://bugs.webkit.org/show_bug.cgi?id=119155 Reviewed by Andreas Kling. Scope nodes are always objects, so we should be using SpecObjectOther rather than SpecCellOther. Marking Scopes as CellOther leads to a contradiction in the CFA, resulting in bogus codegen. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::executeEffects): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): 2013-07-24 Lucas Forschler Merge r153075 2013-07-23 Filip Pizlo DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs https://bugs.webkit.org/show_bug.cgi?id=119032 Reviewed by Oliver Hunt. It just needs some Phantom action. * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd): 2013-07-22 Lucas Forschler Merge r152882 2013-07-18 Andreas Kling CodeBlock DFG entry list isn't getting shrunk-to-fit after linking. Reviewed by Geoffrey Garen. Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first. 886 kB progression on * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): (JSC::DFG::JITCompiler::compile): (JSC::DFG::JITCompiler::compileFunction): 2013-07-22 Lucas Forschler Merge r152868 2013-07-18 Filip Pizlo LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile https://bugs.webkit.org/show_bug.cgi?id=118865 Reviewed by Mark Hahnenberg. * llint/LowLevelInterpreter64.asm: 2013-07-22 Lucas Forschler Merge r152848 2013-07-18 Andreas Kling CodeBlock::m_argumentValueProfiles wastes a lot of memory. Reviewed by Anders Carlsson. Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding for growth, since we won't be appending to it anyway. 921 KB progression on * bytecode/CodeBlock.cpp: (JSC::CodeBlock::setNumParameters): 2013-07-22 Lucas Forschler Merge r152737 2013-07-16 Mark Hahnenberg Remove reference to JSValueStructSupport.h from JSExport.h https://bugs.webkit.org/show_bug.cgi?id=118746 Reviewed by Filip Pizlo. * API/JSExport.h: No such header exists, so it doesn't make sense to reference it. 2013-07-22 Lucas Forschler Merge r152600 2013-07-12 Brent Fulgham [Windows] Build correction after r152573/r152577. https://bugs.webkit.org/show_bug.cgi?id=118610 Reviewed by Oliver Hunt. * jit/JITThunks.cpp: (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second argument of the make_pair to be a function pointer. 2013-07-19 Lucas Forschler Merge r152818 2013-07-17 Filip Pizlo Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813 * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2013-07-19 Lucas Forschler Merge r152813 2013-07-17 Filip Pizlo DFG assumes that NewFunction will never pass its input through https://bugs.webkit.org/show_bug.cgi?id=118798 Reviewed by Sam Weinig. Previously the DFG was assuming that NewFunction always returns a function. That's not the case. It may return whatever was passed to it, if it wasn't passed SpecEmpty. This fact needed to be wired through the compiler. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::executeEffects): * dfg/DFGAbstractValue.h: (JSC::DFG::AbstractValue::makeTop): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::dump): * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::callOperation): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2013-07-18 Lucas Forschler Merge r152807 2013-07-17 Geoffrey Garen JSStringCreateWithCFString should not convert the empty string into the NULL string https://bugs.webkit.org/show_bug.cgi?id=118816 Reviewed by Sam Weinig. * API/JSStringRef.cpp: (JSStringCreateWithUTF8CString): Removed an extraneous comment, which a previous version of the patch made incorrect. * API/JSStringRefCF.cpp: (JSStringCreateWithCFString): Don't convert the empty string into the null string. 2013-07-17 Lucas Forschler Rollout r152600 2013-07-17 Lucas Forschler Merge r152600 2013-07-12 Brent Fulgham [Windows] Build correction after r152573/r152577. https://bugs.webkit.org/show_bug.cgi?id=118610 Reviewed by Oliver Hunt. * jit/JITThunks.cpp: (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second argument of the make_pair to be a function pointer. 2013-07-17 Lucas Forschler Merge r152742 2013-07-16 Filip Pizlo MakeRope fixup shouldn't lead to an Identity without kids https://bugs.webkit.org/show_bug.cgi?id=118745 Reviewed by Mark Hahnenberg. Make the empty string pruning part of fixupMakeRope() stop if it's on the last child. Make Node::convertToIdentity release-assert that it has exactly one kid. * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupMakeRope): * dfg/DFGNode.h: (JSC::DFG::Node::convertToIdentity): 2013-07-15 Lucas Forschler Merge r152613 2013-07-13 Commit Queue Unreviewed, rolling out r151978. http://trac.webkit.org/changeset/151978 https://bugs.webkit.org/show_bug.cgi?id=118651 Caused regressions at least 3 websites (Requested by rniwa on #webkit). * runtime/JSCJSValue.h: * runtime/JSString.h: 2013-07-15 Lucas Forschler Merge r152577 2013-07-11 Oliver Hunt Attempt to fix the windows build. * jit/JITThunks.cpp: (JSC::JITThunks::hostFunctionStub): * jit/JITThunks.h: 2013-07-15 Lucas Forschler Merge r152573 2013-07-10 Oliver Hunt NativeExecutable cache needs to use both call and construct functions for key https://bugs.webkit.org/show_bug.cgi?id=118545 Reviewed by Geoffrey Garen. Make the native executable cache make use a key pair so we don't decide to treat all subsequent functions as not being constructors. * jit/JITThunks.cpp: (JSC::JITThunks::hostFunctionStub): * jit/JITThunks.h: * runtime/JSBoundFunction.cpp: (JSC::JSBoundFunction::create): * runtime/JSCell.cpp: (JSC::JSCell::getCallData): (JSC::JSCell::getConstructData): 2013-07-09 Lucas Forschler Merge r152497 2013-07-09 Mark Lam Gardening to unbreak builds on the Windows bot. Not reviewed. * parser/ParserTokens.h: 2013-07-09 Lucas Forschler Merge r152494 2013-07-09 Mark Lam Fix 30% JSBench regression (caused by adding column numbers to stack traces). https://bugs.webkit.org/show_bug.cgi?id=118481. Reviewed by Mark Hahnenberg and Geoffrey Garen. Previously, we already capture ExpressionRangeInfo that provides a divot for each bytecode that can potentially throw an exception (and therefore generate a stack trace). On first attempt to compute column numbers, we then do a walk of the source string to record all line start positions in a table associated with the SourceProvider. The column number can then be computed as divot - lineStartFor(bytecodeOffset). The computation of this lineStarts table is the source of the 30% JSBench performance regression. The new code now records lineStarts as the lexer and parser scans the source code. These lineStarts are then used to compute the column number for the given divot, and stored in the ExpressionRangeInfo. Similarly, we also capture the line number at the divot point and store that in the ExpressionRangeInfo. Hence, to look up line and column numbers, we now lookup the ExpressionRangeInfo for the bytecodeOffset, and then compute the line and column from the values stored in the expression info. The strategy: 1. We want to minimize perturbations to the lexer and parser. Specifically, the changes added should not change how it scans code, and generate bytecode. 2. We regard the divot as the source character position we are interested in. As such, we'll capture line and lineStart (for column) at the point when we capture the divot information. This ensures that the 3 values are consistent. How the change is done: 1. Change the lexer to track lineStarts. 2. Change the parser to capture line and lineStarts at the point of capturing divots. 3. Change the parser and associated code to plumb these values all the way to the point that the correspoinding ExpressionRangeInfo is emitted. 4. Propagate and record SourceCode firstLine and firstLineColumnOffset to the the necessary places so that we can add them as needed when reifying UnlinkedCodeBlocks into CodeBlocks. 5. Compress the line and column number values in the ExpressionRangeInfo. In practice, we seldom have both large line and column numbers. Hence, we can encode both in an uint32_t most of the time. For the times when we encounter both large line and column numbers, we have a fallback to store the "fat" position info. 6. Emit an ExpressionRangeInfo for UnaryOp nodes to get more line and column number coverage. 7. Change the interpreter to use the new way of computing line and column. 8. Delete old line and column computation code that is now unused. Misc details: - the old lexer was tracking both a startOffset and charPosition where charPosition equals startOffset - SourceCode.startOffset. We now use startOffset exclusively throughout the system for consistency. All offset values (including lineStart) are relative to the start of the SourceProvider string. These values will only be converted to be relative to the SourceCode.startOffset at the very last minute i.e. when the divot is stored into the ExpressionRangeInfo. This change to use the same offset system everywhere reduces confusion from having to convert back and forth between the 2 systems. It also enables a lot of assertions to be used. - Also fixed some bugs in the choice of divot positions to use. For example, both Eval and Function expressions previously used column numbers from the start of the expression but used the line number at the end of the expression. This is now fixed to use either the start or end positions as appropriate, but not a mix of line and columns from both. - Why use ints instead of unsigneds for offsets and lineStarts inside the lexer and parser? Some tests (e.g. fast/js/call-base-resolution.html and fast/js/eval-cross-window.html) has shown that lineStart offsets can be prior to the SourceCode.startOffset. Keeping the lexer offsets as ints simplifies computations and makes it easier to maintain the assertions that (startOffset >= lineStartOffset). However, column and line numbers are always unsigned when we publish them to the ExpressionRangeInfo. The ints are only used inside the lexer and parser ... well, and bytecode generator. - For all cases, lineStart is always captured where the divot is captured. However, some sputnik conformance tests have shown that we cannot honor line breaks for assignment statements like the following: eval("x\u000A*=\u000A-1;"); In this case, the lineStart is expected to be captured at the start of the assignment expression instead of at the divot point in the middle. The assignment expression is the only special case for this. This patch has been tested against the full layout tests both with release and debug builds with no regression. * API/JSContextRef.cpp: (JSContextCreateBacktrace): - Updated to use the new StackFrame::computeLineAndColumn(). * bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): - Added m_firstLineColumnOffset initialization. - Plumbed the firstLineColumnOffset into the SourceCode. - Initialized column for op_debug using the new way. (JSC::CodeBlock::lineNumberForBytecodeOffset): - Changed to compute line number using the ExpressionRangeInfo. (JSC::CodeBlock::columnNumberForBytecodeOffset): Added - Changed to compute column number using the ExpressionRangeInfo. (JSC::CodeBlock::expressionRangeForBytecodeOffset): * bytecode/CodeBlock.h: (JSC::CodeBlock::firstLineColumnOffset): (JSC::GlobalCodeBlock::GlobalCodeBlock): - Plumbed firstLineColumnOffset through to the super class. (JSC::ProgramCodeBlock::ProgramCodeBlock): - Plumbed firstLineColumnOffset through to the super class. (JSC::EvalCodeBlock::EvalCodeBlock): - Plumbed firstLineColumnOffset through to the super class. But for EvalCodeBlocks, the firstLineColumnOffset is always 1 because we're starting with a new source string with no start offset. (JSC::FunctionCodeBlock::FunctionCodeBlock): - Plumbed firstLineColumnOffset through to the super class. * bytecode/ExpressionRangeInfo.h: - Added modes for encoding line and column into a single 30-bit unsigned. The encoding is in 1 of 3 modes: 1. FatLineMode: 22-bit line, 8-bit column 2. FatColumnMode: 8-bit line, 22-bit column 3. FatLineAndColumnMode: 32-bit line, 32-bit column (JSC::ExpressionRangeInfo::encodeFatLineMode): Added. - Encodes line and column into the 30-bit position using FatLine mode. (JSC::ExpressionRangeInfo::encodeFatColumnMode): Added. - Encodes line and column into the 30-bit position using FatColumn mode. (JSC::ExpressionRangeInfo::decodeFatLineMode): Added. - Decodes the FatLine mode 30-bit position into line and column. (JSC::ExpressionRangeInfo::decodeFatColumnMode): Added. - Decodes the FatColumn mode 30-bit position into line and column. * bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): - Plumbed startColumn through. (JSC::UnlinkedFunctionExecutable::link): - Plumbed startColumn through. (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): - Computes a line number using the new way. (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): - Added decoding of line and column. - Added handling of the case when we do not find a fitting expression range info for a specified bytecodeOffset. This only happens if the bytecodeOffset is below the first expression range info. In that case, we'll use the first expression range info entry. (JSC::UnlinkedCodeBlock::addExpressionInfo): - Added encoding of line and column. * bytecode/UnlinkedCodeBlock.h: - Added m_expressionInfoFatPositions in RareData. (JSC::UnlinkedFunctionExecutable::functionStartColumn): (JSC::UnlinkedCodeBlock::shrinkToFit): - Removed obsoleted m_lineInfo. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitCall): Plumbed line and lineStart through. (JSC::BytecodeGenerator::emitCallEval): Plumbed line and lineStart through. (JSC::BytecodeGenerator::emitCallVarargs): Plumbed line and lineStart through. (JSC::BytecodeGenerator::emitConstruct): Plumbed line and lineStart through. (JSC::BytecodeGenerator::emitDebugHook): Plumbed lineStart through. * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitNode): (JSC::BytecodeGenerator::emitNodeInConditionContext): - Removed obsoleted m_lineInfo. (JSC::BytecodeGenerator::emitExpressionInfo): - Plumbed line and lineStart through. - Compute the line and column to be added to the expression range info. * bytecompiler/NodesCodegen.cpp: (JSC::ThrowableExpressionData::emitThrowReferenceError): (JSC::ResolveNode::emitBytecode): (JSC::ArrayNode::toArgumentList): (JSC::BracketAccessorNode::emitBytecode): (JSC::DotAccessorNode::emitBytecode): (JSC::NewExprNode::emitBytecode): (JSC::EvalFunctionCallNode::emitBytecode): (JSC::FunctionCallValueNode::emitBytecode): (JSC::FunctionCallResolveNode::emitBytecode): (JSC::FunctionCallBracketNode::emitBytecode): (JSC::FunctionCallDotNode::emitBytecode): (JSC::CallFunctionCallDotNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): (JSC::PostfixNode::emitResolve): (JSC::PostfixNode::emitBracket): (JSC::PostfixNode::emitDot): (JSC::DeleteResolveNode::emitBytecode): (JSC::DeleteBracketNode::emitBytecode): (JSC::DeleteDotNode::emitBytecode): (JSC::PrefixNode::emitResolve): (JSC::PrefixNode::emitBracket): (JSC::PrefixNode::emitDot): - Plumbed line and lineStart through the above as needed. (JSC::UnaryOpNode::emitBytecode): - Added emission of an ExpressionRangeInfo for the UnaryOp node. (JSC::BinaryOpNode::emitStrcat): (JSC::ThrowableBinaryOpNode::emitBytecode): (JSC::InstanceOfNode::emitBytecode): (JSC::emitReadModifyAssignment): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::AssignDotNode::emitBytecode): (JSC::ReadModifyDotNode::emitBytecode): (JSC::AssignBracketNode::emitBytecode): (JSC::ReadModifyBracketNode::emitBytecode): - Plumbed line and lineStart through the above as needed. (JSC::ConstStatementNode::emitBytecode): (JSC::EmptyStatementNode::emitBytecode): (JSC::DebuggerStatementNode::emitBytecode): (JSC::ExprStatementNode::emitBytecode): (JSC::VarStatementNode::emitBytecode): (JSC::IfElseNode::emitBytecode): (JSC::DoWhileNode::emitBytecode): (JSC::WhileNode::emitBytecode): (JSC::ForNode::emitBytecode): (JSC::ForInNode::emitBytecode): (JSC::ContinueNode::emitBytecode): (JSC::BreakNode::emitBytecode): (JSC::ReturnNode::emitBytecode): (JSC::WithNode::emitBytecode): (JSC::SwitchNode::emitBytecode): (JSC::LabelNode::emitBytecode): (JSC::ThrowNode::emitBytecode): (JSC::TryNode::emitBytecode): (JSC::ProgramNode::emitBytecode): (JSC::EvalNode::emitBytecode): (JSC::FunctionBodyNode::emitBytecode): - Plumbed line and lineStart through the above as needed. * interpreter/Interpreter.cpp: (JSC::appendSourceToError): - Added line and column arguments for expressionRangeForBytecodeOffset(). (JSC::StackFrame::computeLineAndColumn): - Replaces StackFrame::line() and StackFrame::column(). (JSC::StackFrame::expressionInfo): - Added line and column arguments. (JSC::StackFrame::toString): - Changed to use the new StackFrame::computeLineAndColumn(). (JSC::Interpreter::getStackTrace): - Added the needed firstLineColumnOffset arg for the StackFrame. * interpreter/Interpreter.h: * parser/ASTBuilder.h: (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo): (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo): (JSC::ASTBuilder::createResolve): (JSC::ASTBuilder::createBracketAccess): (JSC::ASTBuilder::createDotAccess): (JSC::ASTBuilder::createRegExp): (JSC::ASTBuilder::createNewExpr): (JSC::ASTBuilder::createAssignResolve): (JSC::ASTBuilder::createFunctionExpr): (JSC::ASTBuilder::createFunctionBody): (JSC::ASTBuilder::createGetterOrSetterProperty): (JSC::ASTBuilder::createFuncDeclStatement): (JSC::ASTBuilder::createBlockStatement): (JSC::ASTBuilder::createExprStatement): (JSC::ASTBuilder::createIfStatement): (JSC::ASTBuilder::createForLoop): (JSC::ASTBuilder::createForInLoop): (JSC::ASTBuilder::createVarStatement): (JSC::ASTBuilder::createReturnStatement): (JSC::ASTBuilder::createBreakStatement): (JSC::ASTBuilder::createContinueStatement): (JSC::ASTBuilder::createTryStatement): (JSC::ASTBuilder::createSwitchStatement): (JSC::ASTBuilder::createWhileStatement): (JSC::ASTBuilder::createDoWhileStatement): (JSC::ASTBuilder::createLabelStatement): (JSC::ASTBuilder::createWithStatement): (JSC::ASTBuilder::createThrowStatement): (JSC::ASTBuilder::createDebugger): (JSC::ASTBuilder::createConstStatement): (JSC::ASTBuilder::appendBinaryExpressionInfo): (JSC::ASTBuilder::appendUnaryToken): (JSC::ASTBuilder::unaryTokenStackLastStart): (JSC::ASTBuilder::unaryTokenStackLastLineStartPosition): Added. (JSC::ASTBuilder::assignmentStackAppend): (JSC::ASTBuilder::createAssignment): (JSC::ASTBuilder::setExceptionLocation): (JSC::ASTBuilder::makeDeleteNode): (JSC::ASTBuilder::makeFunctionCallNode): (JSC::ASTBuilder::makeBinaryNode): (JSC::ASTBuilder::makeAssignNode): (JSC::ASTBuilder::makePrefixNode): (JSC::ASTBuilder::makePostfixNode):. - Plumbed line, lineStart, and startColumn through the above as needed. * parser/Lexer.cpp: (JSC::::currentSourcePtr): (JSC::::setCode): - Added tracking for sourceoffset and lineStart. (JSC::::internalShift): (JSC::::parseIdentifier): - Added tracking for lineStart. (JSC::::parseIdentifierSlowCase): (JSC::::parseString): - Added tracking for lineStart. (JSC::::parseStringSlowCase): (JSC::::lex): - Added tracking for sourceoffset. (JSC::::sourceCode): * parser/Lexer.h: (JSC::Lexer::currentOffset): (JSC::Lexer::currentLineStartOffset): (JSC::Lexer::setOffset): - Added tracking for lineStart. (JSC::Lexer::offsetFromSourcePtr): Added. conversion function. (JSC::Lexer::sourcePtrFromOffset): Added. conversion function. (JSC::Lexer::setOffsetFromSourcePtr): (JSC::::lexExpectIdentifier): - Added tracking for sourceoffset and lineStart. * parser/NodeConstructors.h: (JSC::Node::Node): (JSC::ResolveNode::ResolveNode): (JSC::EvalFunctionCallNode::EvalFunctionCallNode): (JSC::FunctionCallValueNode::FunctionCallValueNode): (JSC::FunctionCallResolveNode::FunctionCallResolveNode): (JSC::FunctionCallBracketNode::FunctionCallBracketNode): (JSC::FunctionCallDotNode::FunctionCallDotNode): (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode): (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode): (JSC::PostfixNode::PostfixNode): (JSC::DeleteResolveNode::DeleteResolveNode): (JSC::DeleteBracketNode::DeleteBracketNode): (JSC::DeleteDotNode::DeleteDotNode): (JSC::PrefixNode::PrefixNode): (JSC::ReadModifyResolveNode::ReadModifyResolveNode): (JSC::ReadModifyBracketNode::ReadModifyBracketNode): (JSC::AssignBracketNode::AssignBracketNode): (JSC::AssignDotNode::AssignDotNode): (JSC::ReadModifyDotNode::ReadModifyDotNode): (JSC::AssignErrorNode::AssignErrorNode): (JSC::WithNode::WithNode): (JSC::ForInNode::ForInNode): - Plumbed line and lineStart through the above as needed. * parser/Nodes.cpp: (JSC::StatementNode::setLoc): Plumbed lineStart. (JSC::ScopeNode::ScopeNode): Plumbed lineStart. (JSC::ProgramNode::ProgramNode): Plumbed startColumn. (JSC::ProgramNode::create): Plumbed startColumn. (JSC::EvalNode::create): (JSC::FunctionBodyNode::FunctionBodyNode): Plumbed startColumn. (JSC::FunctionBodyNode::create): Plumbed startColumn. * parser/Nodes.h: (JSC::Node::startOffset): (JSC::Node::lineStartOffset): Added. (JSC::StatementNode::firstLine): (JSC::StatementNode::lastLine): (JSC::ThrowableExpressionData::ThrowableExpressionData): (JSC::ThrowableExpressionData::setExceptionSourceCode): (JSC::ThrowableExpressionData::divotStartOffset): (JSC::ThrowableExpressionData::divotEndOffset): (JSC::ThrowableExpressionData::divotLine): (JSC::ThrowableExpressionData::divotLineStart): (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData): (JSC::ThrowableSubExpressionData::setSubexpressionInfo): (JSC::ThrowableSubExpressionData::subexpressionDivot): (JSC::ThrowableSubExpressionData::subexpressionStartOffset): (JSC::ThrowableSubExpressionData::subexpressionEndOffset): (JSC::ThrowableSubExpressionData::subexpressionLine): (JSC::ThrowableSubExpressionData::subexpressionLineStart): (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData): (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo): (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot): (JSC::ThrowablePrefixedSubExpressionData::subexpressionStartOffset): (JSC::ThrowablePrefixedSubExpressionData::subexpressionEndOffset): (JSC::ThrowablePrefixedSubExpressionData::subexpressionLine): (JSC::ThrowablePrefixedSubExpressionData::subexpressionLineStart): (JSC::ScopeNode::startStartOffset): (JSC::ScopeNode::startLineStartOffset): (JSC::ProgramNode::startColumn): (JSC::EvalNode::startColumn): (JSC::FunctionBodyNode::startColumn): - Plumbed line and lineStart through the above as needed. * parser/Parser.cpp: (JSC::::Parser): (JSC::::parseSourceElements): (JSC::::parseVarDeclarationList): (JSC::::parseConstDeclarationList): (JSC::::parseForStatement): (JSC::::parseBreakStatement): (JSC::::parseContinueStatement): (JSC::::parseReturnStatement): (JSC::::parseThrowStatement): (JSC::::parseWithStatement): - Plumbed line and lineStart through the above as needed. (JSC::::parseFunctionBody): - Plumbed startColumn. (JSC::::parseFunctionInfo): (JSC::::parseFunctionDeclaration): (JSC::LabelInfo::LabelInfo): (JSC::::parseExpressionOrLabelStatement): (JSC::::parseAssignmentExpression): (JSC::::parseBinaryExpression): (JSC::::parseProperty): (JSC::::parseObjectLiteral): (JSC::::parsePrimaryExpression): (JSC::::parseMemberExpression): (JSC::::parseUnaryExpression): - Plumbed line, lineStart, startColumn through the above as needed. * parser/Parser.h: (JSC::Parser::next): (JSC::Parser::nextExpectIdentifier): (JSC::Parser::tokenStart): (JSC::Parser::tokenColumn): (JSC::Parser::tokenEnd): (JSC::Parser::tokenLineStart): (JSC::Parser::lastTokenLine): (JSC::Parser::lastTokenLineStart): (JSC::::parse): * parser/ParserTokens.h: (JSC::JSTokenLocation::JSTokenLocation): - Plumbed lineStart. (JSC::JSTokenLocation::lineStartPosition): (JSC::JSTokenLocation::startPosition): (JSC::JSTokenLocation::endPosition): * parser/SourceCode.h: (JSC::SourceCode::SourceCode): (JSC::SourceCode::startColumn): (JSC::makeSource): (JSC::SourceCode::subExpression): * parser/SourceProvider.cpp: delete old code. * parser/SourceProvider.h: delete old code. * parser/SourceProviderCacheItem.h: (JSC::SourceProviderCacheItem::closeBraceToken): (JSC::SourceProviderCacheItem::SourceProviderCacheItem): - Plumbed lineStart. * parser/SyntaxChecker.h: (JSC::SyntaxChecker::makeFunctionCallNode): (JSC::SyntaxChecker::makeAssignNode): (JSC::SyntaxChecker::makePrefixNode): (JSC::SyntaxChecker::makePostfixNode): (JSC::SyntaxChecker::makeDeleteNode): (JSC::SyntaxChecker::createResolve): (JSC::SyntaxChecker::createBracketAccess): (JSC::SyntaxChecker::createDotAccess): (JSC::SyntaxChecker::createRegExp): (JSC::SyntaxChecker::createNewExpr): (JSC::SyntaxChecker::createAssignResolve): (JSC::SyntaxChecker::createFunctionExpr): (JSC::SyntaxChecker::createFunctionBody): (JSC::SyntaxChecker::createFuncDeclStatement): (JSC::SyntaxChecker::createForInLoop): (JSC::SyntaxChecker::createReturnStatement): (JSC::SyntaxChecker::createBreakStatement): (JSC::SyntaxChecker::createContinueStatement): (JSC::SyntaxChecker::createWithStatement): (JSC::SyntaxChecker::createLabelStatement): (JSC::SyntaxChecker::createThrowStatement): (JSC::SyntaxChecker::createGetterOrSetterProperty): (JSC::SyntaxChecker::appendBinaryExpressionInfo): (JSC::SyntaxChecker::operatorStackPop): - Made SyntaxChecker prototype changes to match ASTBuilder due to new args added for plumbing line, lineStart, and startColumn. * runtime/CodeCache.cpp: (JSC::CodeCache::generateBytecode): (JSC::CodeCache::getCodeBlock): - Plumbed startColumn. * runtime/Executable.cpp: (JSC::FunctionExecutable::FunctionExecutable): (JSC::ProgramExecutable::compileInternal): (JSC::FunctionExecutable::produceCodeBlockFor): (JSC::FunctionExecutable::fromGlobalCode): - Plumbed startColumn. * runtime/Executable.h: (JSC::ScriptExecutable::startColumn): (JSC::ScriptExecutable::recordParse): (JSC::FunctionExecutable::create): - Plumbed startColumn. 2013-07-08 Lucas Forschler Merge r152052 2013-06-26 Anders Carlsson Add JSStringCreateWithCharactersNoCopy SPI https://bugs.webkit.org/show_bug.cgi?id=118074 Reviewed by Geoffrey Garen. * API/JSStringRef.cpp: (JSStringCreateWithCharactersNoCopy): Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function. * API/JSStringRefPrivate.h: Added. Add a home for the JSStringCreateWithCharactersNoCopy function. * API/OpaqueJSString.h: (OpaqueJSString::OpaqueJSString): Just call isolatedCopy on the passed in string. * API/tests/testapi.c: Add an API test for JSStringCreateWithCharactersNoCopy. * JavaScriptCore.xcodeproj/project.pbxproj: Add new files. 2013-07-08 Lucas Forschler Merge r152314 2013-07-02 Mark Hahnenberg Replace RELEASE_ASSERT with ASSERT in CodeBlock:: bytecodeOffsetForCallAtIndex https://bugs.webkit.org/show_bug.cgi?id=118316 Reviewed by Geoffrey Garen. This is causing some crashiness in release builds. We should replace it with an ASSERT until we track down all the places that need fixing in bug 118315. * bytecode/CodeBlock.h: (JSC::CodeBlock::bytecodeOffsetForCallAtIndex): 2013-07-01 Lucas Forschler Merge r152091 2013-06-27 Timothy Hatcher Notify the debugger about functions created from source code via new Function() or WebCore::JSLazyEventListener. https://bugs.webkit.org/show_bug.cgi?id=118063 Reviewed by Geoffrey Garen. * bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Call Debugger::sourceParsed. 2013-07-01 Lucas Forschler Merge r151978 2013-06-25 Ryosuke Niwa JSString should remember AtomicString https://bugs.webkit.org/show_bug.cgi?id=117386 Reviewed by Geoffrey Garen. Added JSValue::toAtomicString and JSString::atomicString. These two functions allow WebCore to update JSString's m_value to set isAtomic flag and avoid the AtomicStringTable lookups in subsequent attempts to obtain the AtomicString of the same value. * runtime/JSCJSValue.h: * runtime/JSString.h: (JSC::JSString::atomicString): (JSC::JSValue::toAtomicString): 2013-06-25 Lucas Forschler Merge r151786 2013-06-20 Mark Hahnenberg Improper deallocation of JSManagedValue causes crashes during autorelease pool draining https://bugs.webkit.org/show_bug.cgi?id=117840 Reviewed by Geoffrey Garen. Improperly managing a JSManagedValue can cause a crash when the JSC::Weak inside the JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained JSManagedValues cause memory leaks than take down the whole app. The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we can safely null it out. This will prevent ~Weak from crashing. * API/JSManagedValue.mm: (-[JSManagedValue JSC::JSC::]): (JSManagedValueHandleOwner::finalize): * API/tests/testapi.mm: Added a test that crashed prior to this fix due to a leaked managed reference. Also fixed a small style nit I noticed in another test. 2013-06-25 Lucas Forschler Merge r151923 2013-06-24 Roger Fong Unreviewed. Makefile build fix for AppleWindows. * JavaScriptCore.vcxproj/JavaScriptCore.make: 2013-06-21 Lucas Forschler Merge r151787 2013-06-20 Roger Fong Make Windows makefile copy build output to a different folder. . * JavaScriptCore.vcxproj/JavaScriptCore.make: 2013-06-18 Roger Fong Disable some feature flags. . Rubberstamped by Jon Lee. * Configurations/FeatureDefines.xcconfig: 2013-06-18 Oliver Hunt Going to google.com/trends causes a crash https://bugs.webkit.org/show_bug.cgi?id=117602 Reviewed by Geoffrey Garen. When handling op_throw, etc we need to flush the variables and arguments for the entire inline stack, not just the top frame. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::flushAllArgumentsAndCapturedVariablesInInlineStack): (JSC::DFG::ByteCodeParser::parseBlock): 2013-06-18 Roger Fong Replace tools32 folder with tools and update WebKit Windows solution accordingly. . Rubberstamped by Brent Fulgham. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props: * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props: * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props: * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props: * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props: * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd: * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props: * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props: * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props: * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: * JavaScriptCore.vcxproj/jsc/jscDebug.props: * JavaScriptCore.vcxproj/jsc/jscProduction.props: * JavaScriptCore.vcxproj/jsc/jscRelease.props: * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props: * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props: * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props: * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: * JavaScriptCore.vcxproj/testapi/testapiDebug.props: * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props: * JavaScriptCore.vcxproj/testapi/testapiProduction.props: * JavaScriptCore.vcxproj/testapi/testapiRelease.props: * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props: 2013-06-17 Roger Fong Modify Windows makefiles to copy some bin output into Program Files. https://bugs.webkit.org/show_bug.cgi?id=117714. Reviewed by Brent Fulgham. * JavaScriptCore.vcxproj/JavaScriptCore.make: 2013-06-14 Ryosuke Niwa Function names on Object.prototype should be common identifiers https://bugs.webkit.org/show_bug.cgi?id=117614 Reviewed by Darin Adler. Patch written by Sam Weinig. Make Object's prototype function names common identififers since they're used frequently. * runtime/CommonIdentifiers.h: * runtime/FunctionConstructor.cpp: (JSC::constructFunction): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): * runtime/JSObject.h: * runtime/ObjectPrototype.cpp: (JSC::ObjectPrototype::finishCreation): * runtime/StringPrototype.cpp: (JSC::StringPrototype::finishCreation): 2013-06-13 Ryosuke Niwa Remove LiteralIdentifierTable https://bugs.webkit.org/show_bug.cgi?id=117613 Reviewed by Geoffrey Garen. Removed LiteralIdentifierTable since it doesn't seem to have any perf. impact now. * runtime/Identifier.cpp: (JSC::Identifier::add): 2013-06-12 Conrad Shultz JSExport header documentation substitutes "semicolon" for "colon" https://bugs.webkit.org/show_bug.cgi?id=117552 Reviewed by Mark Hahnenberg. * API/JSExport.h: Fix a couple typos. 2013-06-10 Raphael Kubo da Costa [JSC] Remove a vestige of wxWidgets support. https://bugs.webkit.org/show_bug.cgi?id=117419 Reviewed by Benjamin Poulain. * runtime/JSExportMacros.h: Remove a check for BUILDING_WX__ that seems to have gone unnoticed when the wxWidgets port was removed. 2013-06-06 Roger Fong Stop copying AAS binaries into build folder. https://bugs.webkit.org/show_bug.cgi?id=117319. Rubberstamped by Darin Adler. * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd: * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd: * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: 2013-06-05 Filip Pizlo DFG CFA shouldn't filter ArrayModes with ALL_NON_ARRAY_ARRAY_MODES if the speculated type is not SpecArray https://bugs.webkit.org/show_bug.cgi?id=117279 Reviewed by Mark Hahnenberg. * dfg/DFGAbstractValue.h: (JSC::DFG::AbstractValue::filterArrayModesByType): 2013-06-05 Michael Saboff JSC: Crash beneath cti_op_div @ http://gmailblog.blogspot.com https://bugs.webkit.org/show_bug.cgi?id=117280 Reviewed by Filip Pizlo. Updated the merging of VariableAccessData nodes in ArgumentPosition lists to find the unified VariableAccessData node that is the root of the current node instead of using the current node directly when merging attributes. Added new dump code to dump the ArgumentPosition list. * dfg/DFGArgumentPosition.h: (JSC::DFG::rgumentPosition::mergeArgumentPredictionAwareness): (JSC::DFG::ArgumentPosition::mergeArgumentUnboxingAwareness): (JSC::DFG::ArgumentPosition::dump): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::dump): 2013-06-05 Bear Travis [CSS Exclusions][CSS Shapes] Split CSS Exclusions & Shapes compile & runtime flags https://bugs.webkit.org/show_bug.cgi?id=117172 Reviewed by Alexandru Chiculita. Adding the CSS_SHAPES compile flag. * Configurations/FeatureDefines.xcconfig: 2013-06-05 Balazs Kilvady JSC Assertion tests failures on MIPS. https://bugs.webkit.org/show_bug.cgi?id=116552 Reviewed by Geoffrey Garen. Fix condition handlig in branchAdd32 implemetations. * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::branchAdd32): 2013-06-04 Julien Brianceau [sh4] Add floating point absolute function support in baseline JIT. https://bugs.webkit.org/show_bug.cgi?id=117147 Reviewed by Geoffrey Garen. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::supportsFloatingPointAbs): (JSC::MacroAssemblerSH4::absDouble): * assembler/SH4Assembler.h: (JSC::SH4Assembler::dabs): (JSC::SH4Assembler::printInstr): 2013-06-04 Zan Dobersek [JSC] Test262 15.5.4.9_3 test is failing https://bugs.webkit.org/show_bug.cgi?id=116789 Reviewed by Geoffrey Garen. Bring the String.prototype.localeCompare behavior in line wit ES5 15.9.4.9. If method is not given enough arguments, the minimal amount of arguments must be assumed, with their value being undefined. The first argument to localeCompare, in its string form, is used as the 'that' string that's used in the comparison. Therefor, when calling str.localeCompare() or str.localeCompare(undefined), the first argument is `undefined` and the string "undefined" is used as the string to which value of str is compared. * runtime/StringPrototype.cpp: (JSC::stringProtoFuncLocaleCompare): Remove the early return in case of no given arguments to achieve the desired behavior. 2013-06-03 Hojong Han [EFL] Implement GCActivityCallback https://bugs.webkit.org/show_bug.cgi?id=95923 Reviewed by Geoffrey Garen. Implements the activity triggered garbage collector. Additional GCs can be triggered by platfrom timer. It has sort of compaction effect not to make JSC heap grow fast so that memory usage becomes lower than usual. * PlatformEfl.cmake: Added. * heap/HeapTimer.cpp: (JSC): (JSC::HeapTimer::HeapTimer): (JSC::HeapTimer::~HeapTimer): (JSC::HeapTimer::add): (JSC::HeapTimer::stop): (JSC::HeapTimer::timerEvent): * heap/HeapTimer.h: (HeapTimer): * jsc.cpp: (main): * runtime/GCActivityCallback.cpp: (JSC): (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): (JSC::DefaultGCActivityCallback::scheduleTimer): (JSC::DefaultGCActivityCallback::cancelTimer): (JSC::DefaultGCActivityCallback::didAllocate): * runtime/GCActivityCallback.h: (GCActivityCallback): (JSC::GCActivityCallback::GCActivityCallback): (DefaultGCActivityCallback): 2013-06-03 Roger Fong Nuke VS2005 files from the tree. . Rubberstamped by Brent Fulgham. * JavaScriptCore.vcproj: Removed. * JavaScriptCore.vcproj/JavaScriptCore: Removed. * JavaScriptCore.vcproj/JavaScriptCore.make: Removed. * JavaScriptCore.vcproj/JavaScriptCore.resources: Removed. * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Removed. * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePGOOptimize.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Removed. * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed. * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed. * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed. * JavaScriptCore.vcproj/LLIntAssembly: Removed. * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Removed. * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Removed. * JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed. * JavaScriptCore.vcproj/LLIntDesiredOffsets: Removed. * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed. * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Removed. * JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugAll.vsprops: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.vsprops: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleaseCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleasePGO.vsprops: Removed. * JavaScriptCore.vcproj/jsc: Removed. * JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed. * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Removed. * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Removed. * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Removed. * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: Removed. * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd: Removed. * JavaScriptCore.vcproj/jsc/jscPreLink.cmd: Removed. * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Removed. * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Removed. * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Removed. * JavaScriptCore.vcproj/testapi: Removed. * JavaScriptCore.vcproj/testapi/testapi.vcproj: Removed. * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Removed. * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Removed. * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Removed. * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Removed. * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd: Removed. * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd: Removed. * JavaScriptCore.vcproj/testapi/testapiPreLink.cmd: Removed. * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Removed. * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Removed. * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Removed. 2013-05-31 Filip Pizlo Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor() Rubber stamped by Mark Hahnenberg. This has a bogus assertion that checks that the passed CodeOrigin doesn't have an inline call frame. This was well intentioned in the sense that it is true that inlined call frames wouldn't have an activation register. But that doesn't mean that people won't ask. Removing the assertion fixes a debug-only crash and has no impact on production code. This change adds a comment to that effect. * dfg/DFGGraph.h: (JSC::DFG::Graph::uncheckedActivationRegisterFor): 2013-05-31 Julien Brianceau [sh4] Fix Overflow case of branchMul32 in baseline JIT. https://bugs.webkit.org/show_bug.cgi?id=117057 Reviewed by Oliver Hunt. Current implementation of Overflow case in branchMul32 performs an unsigned multiplication whereas a signed multiplication is expected. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::branchMul32): 2013-05-31 Julien Brianceau [sh4] Fix floating point comparisons in baseline JIT. https://bugs.webkit.org/show_bug.cgi?id=117066. Reviewed by Oliver Hunt. Current implementation of branchDouble function in baseline JIT is wrong for some conditions and overkill for others. For instance: - With DoubleGreaterThanOrEqual condition, branch will be taken if either operand is NaN with current implementation whereras it should not. - With DoubleNotEqualOrUnordered condition, performed NaN checks are useless (because comparison result is false if either operand is NaN). * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::branchDouble): 2013-05-31 Julien Brianceau [sh4] Fix double floating point transfer in baseline JIT. https://bugs.webkit.org/show_bug.cgi?id=117054 Reviewed by Oliver Hunt. In current implementation, dmovRegReg function transfers only one single FPRegister as PR=1 and SZ=0 in floating point status/control register. Double transfers must be performed with two fmov.s opcodes. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::moveDouble): (JSC::MacroAssemblerSH4::addDouble): Handle (op2==dest) case properly. (JSC::MacroAssemblerSH4::sqrtDouble): * assembler/SH4Assembler.h: (JSC::SH4Assembler::fmovsRegReg): 2013-05-31 Julien Brianceau [sh4] Handle branchType properly in branchTruncateDoubleToInt32. https://bugs.webkit.org/show_bug.cgi?id=117062 Reviewed by Oliver Hunt. Current implementation of branchTruncateDoubleToInt32 is incorrect when branchType == BranchIfTruncateSuccessful in sh4 baseline JIT. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32): 2013-05-31 Brent Fulgham [Windows] Unreviewed build fix for VS2005 builders. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Add missing export for WTF::SHA1::computeHexDigest 2013-05-30 David Farler Fix jscore-test when not using --sdk option with jsDriver.pl https://bugs.webkit.org/show_bug.cgi?id=116339 Reviewed by Joe Pecoraro. * tests/mozilla/jsDriver.pl: (execute_tests): With each test, the shell_command needs to be started from scratch. This fix will clear the shell_command and start over as before with the opt_arch option when not using --sdk with jsDriver.pl. 2013-05-30 Roger Fong Get rid of JavaScript exports file on AppleWin port. https://bugs.webkit.org/show_bug.cgi?id=117050. Reviewed by Darin Adler. Delete the JavaScriptCoreExportGenerator folder and remove dependencies. Start linking in WTF.lib now that it's a shared library. * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Removed. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/make-export-file-generator: Removed. * JavaScriptCore.vcxproj/jsc/jscCommon.props: * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: * JavaScriptCore.vcxproj/testapi/testapiCommon.props: 2013-05-22 David Farler Add --sdk option to jsDriver.pl to run with iOS Simulator https://bugs.webkit.org/show_bug.cgi?id=116339 Reviewed by David Kilzer. * tests/mozilla/jsDriver.pl: (execute_tests): Prefix shell command with the path to the "sim" tool. (parse_args): Add -d / --sdk option. (usage): Help message for -d / --sdk option. 2013-05-30 Julien Brianceau [sh4] Optimize NaN checks in LLINT for floating point comparisons. https://bugs.webkit.org/show_bug.cgi?id=117049 Reviewed by Oliver Hunt. Use the fcmp/eq opcode in sh4 LLINT to test if a double is NaN. This is more efficient, doesn't require two tmp registers and requires less code than current implementation (which converts double to float, then checks 'E = Emax + 1' and 'f != 0'). * offlineasm/sh4.rb: 2013-05-30 Oliver Hunt JSCallbackObject does not correctly initialise the PropertySlot for getOwnPropertyDescriptor https://bugs.webkit.org/show_bug.cgi?id=117053 Reviewed by Mark Hahnenberg. Set appropriate thisValue on the PropertySlot * API/JSCallbackObjectFunctions.h: (JSC::::getOwnPropertyDescriptor): * API/tests/testapi.mm: 2013-05-29 Jeffrey Pfau [Mac] Enable cache partitioning and the public suffix list on 10.8 Rubber-stamped by David Kilzer. * Configurations/FeatureDefines.xcconfig: 2013-05-28 Brent Fulgham [Windows] Put correct byteCompile symbol in file. Previous version had an extra 'i' appended to the end. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2013-05-28 Brent Fulgham [Windows] Unreviewed build fix. Remove ?byteCompile symbol that is no longer accessible during link. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2013-05-28 Gavin Barraclough String(new Date(2010,10,1)) is wrong in KRAT, YAKT https://bugs.webkit.org/show_bug.cgi?id=106750 Reviewed by Darin Adler. * runtime/JSDateMath.cpp: (JSC::msToGregorianDateTime): - Additional review comment fix. 2013-05-28 Brent Fulgham [Windows] Unreviewed build fix after r150833 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: A CR/LF combination was lost in the file, combining two symbols. 2013-05-27 Gavin Barraclough String(new Date(2010,10,1)) is wrong in KRAT, YAKT https://bugs.webkit.org/show_bug.cgi?id=106750 Reviewed by Darin Adler. First part of a fix, simplfy date handling code, instead of operating separately on the UTC-standard and standard-DST offsets, just generate a combined UTC-local offset (this is what we actually need, and what the OS gives us). * runtime/JSDateMath.cpp: (JSC::getLocalTimeOffset): - removed getUTCOffset, converted getDSTOffset -> getLocalTimeOffset (JSC::gregorianDateTimeToMS): (JSC::msToGregorianDateTime): (JSC::parseDateFromNullTerminatedCharacters): - call getLocalTimeOffset instead of getUTCOffset/getDSTOffset * runtime/VM.cpp: (JSC::VM::resetDateCache): - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache * runtime/VM.h: (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache): (JSC::LocalTimeOffsetCache::reset): (LocalTimeOffsetCache): - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache 2013-05-28 Mark Hahnenberg r150199 is very wrong https://bugs.webkit.org/show_bug.cgi?id=116876 JSValue needs to protect its internal JSValueRef. Reviewed by Darin Adler. * API/JSValue.mm: (-[JSValue initWithValue:inContext:]): (-[JSValue dealloc]): * API/tests/testapi.mm: Added a simple test to make sure that we protect the underlying JavaScript value across garbage collections. 2013-05-27 Patrick Gansterer Use ICU_INCLUDE_DIRS in BlackBerry CMake files https://bugs.webkit.org/show_bug.cgi?id=116210 Reviewed by Rob Buis. Set and use the ICU_INCLUDE_DIRS variable to avoid duplicated adding of the ICU include directory. * PlatformBlackBerry.cmake: 2013-05-27 Gabor Rapcsanyi MacroAssemblerARM should use xor to swap registers instead of move https://bugs.webkit.org/show_bug.cgi?id=116306 Reviewed by Zoltan Herczeg. Change register swapping to xor from move and this way we don't need temporary register anymore. * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::swap): 2013-05-25 Filip Pizlo We broke (-2^31/-1)|0 in the DFG https://bugs.webkit.org/show_bug.cgi?id=116767 Reviewed by Andreas Kling. The bug is that we were assuming that in the -2^31 case, we already had -2^31 in the result register. This was a wrong assumption. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): 2013-05-24 Filip Pizlo We broke !(0/0) https://bugs.webkit.org/show_bug.cgi?id=116736 Reviewed by Gavin Barraclough. * parser/ASTBuilder.h: (JSC::ASTBuilder::createLogicalNot): * runtime/JSCJSValueInlines.h: (JSC::JSValue::pureToBoolean): 2013-05-24 Julien Brianceau [sh4] Optimize LLINT generated code and fix few bugs in baseline JIT. https://bugs.webkit.org/show_bug.cgi?id=116716 Reviewed by Geoffrey Garen. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::mul32): Cosmetic changes. (JSC::MacroAssemblerSH4::convertInt32ToDouble): Absolute address was not dereferenced. (JSC::MacroAssemblerSH4::branch32): Absolute address was not dereferenced. (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): Use all 32 bits of pointer for revertJump call. * assembler/SH4Assembler.h: (JSC::SH4Assembler::revertJump): Use changePCrelativeAddress to patch the whole pointer. (JSC::SH4Assembler::linkJump): Cosmetic change. * offlineasm/sh4.rb: Optimize LLINT generated code. 2013-05-23 Peter Wang CLoop llint backend should not use the d8 register as scratch register https://bugs.webkit.org/show_bug.cgi?id=116019 Reviewed by Csaba Osztrogonác. * offlineasm/cloop.rb: 2013-05-22 Peter Wang Use uninitialized register in "JIT::emit_op_neq_null" and "emit_op_eq_null" https://bugs.webkit.org/show_bug.cgi?id=116593 Reviewed by Filip Pizlo. Generated instructions using uninitialized register. It's caused by a mistake of r126494. * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_eq_null): (JSC::JIT::emit_op_neq_null): 2013-05-22 Filip Pizlo Fix indentation of CodeBlock.h Rubber stampted by Mark Hahnenberg. * bytecode/CodeBlock.h: 2013-05-22 Julien Brianceau [sh4] Remove MacroAssemblerSH4.cpp file. https://bugs.webkit.org/show_bug.cgi?id=116596. Reviewed by Geoffrey Garen. Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done for other architectures. * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * assembler/MacroAssemblerSH4.cpp: Removed. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::linkCall): (MacroAssemblerSH4): (JSC::MacroAssemblerSH4::repatchCall): 2013-05-21 Brent Fulgham [Windows] Unreviewed speculative fix for test-bots. Add export declaration for WTFInvokeCrashHook to avoid runtime load error on test bots. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2013-05-21 Mark Lam Added missing assert condition for PositiveOrZero in ARM branch32(). https://bugs.webkit.org/show_bug.cgi?id=116538. Reviewed by Geoffrey Garen. * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::branchAdd32): 2013-05-20 Mark Hahnenberg Disable SuperRegion https://bugs.webkit.org/show_bug.cgi?id=116362 Rubber stamped by Geoff Garen. * heap/Region.h: 2013-05-20 Oliver Hunt Make C API more robust against null contexts https://bugs.webkit.org/show_bug.cgi?id=116462 Reviewed by Anders Carlsson. Handle null contexts in a non-crashy way. It's a bug to ever call the API with a null context, and the absence of a context means we can't produce a meaningful result, so we still assert in debug builds. Now where possible we detect and early return, returning null for any pointer type, NaN for doubles, and false for any boolean result. * API/JSBase.cpp: (JSEvaluateScript): (JSCheckScriptSyntax): (JSReportExtraMemoryCost): * API/JSContextRef.cpp: (JSContextGetGlobalObject): (JSContextGetGroup): (JSContextGetGlobalContext): (JSContextCreateBacktrace): * API/JSObjectRef.cpp: (JSObjectMake): (JSObjectMakeFunctionWithCallback): (JSObjectMakeConstructor): (JSObjectMakeFunction): (JSObjectMakeArray): (JSObjectMakeDate): (JSObjectMakeError): (JSObjectMakeRegExp): (JSObjectGetPrototype): (JSObjectSetPrototype): (JSObjectHasProperty): (JSObjectGetProperty): (JSObjectSetProperty): (JSObjectGetPropertyAtIndex): (JSObjectSetPropertyAtIndex): (JSObjectDeleteProperty): (JSObjectCopyPropertyNames): * API/JSValueRef.cpp: (JSValueGetType): (JSValueIsUndefined): (JSValueIsNull): (JSValueIsBoolean): (JSValueIsNumber): (JSValueIsString): (JSValueIsObject): (JSValueIsObjectOfClass): (JSValueIsEqual): (JSValueIsStrictEqual): (JSValueIsInstanceOfConstructor): (JSValueMakeUndefined): (JSValueMakeNull): (JSValueMakeBoolean): (JSValueMakeNumber): (JSValueMakeString): (JSValueMakeFromJSONString): (JSValueCreateJSONString): (JSValueToBoolean): (JSValueToNumber): (JSValueToStringCopy): (JSValueToObject): (JSValueProtect): * API/JSWeakObjectMapRefPrivate.cpp: 2013-05-20 David Kilzer Synchronize FeatureDefines.xcconfig * Configurations/FeatureDefines.xcconfig: Remove ENABLE_LINK_PRERENDER. This was missed in r150356. 2013-05-19 Anders Carlsson Remove link prerendering code https://bugs.webkit.org/show_bug.cgi?id=116415 Reviewed by Darin Adler. This code was only used by Chromium and is dead now. * Configurations/FeatureDefines.xcconfig: 2013-05-18 Patrick Gansterer [CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME https://bugs.webkit.org/show_bug.cgi?id=114554 Reviewed by Gyuyoung Kim. Using variables as target names is very uncommon in CMake. The usual way to specify the name of the resulting binary is to set the OUTPUT_NAME target property. * CMakeLists.txt: * shell/CMakeLists.txt: 2013-05-17 Patrick Gansterer [CMake] Remove invalid include paths https://bugs.webkit.org/show_bug.cgi?id=116213 Reviewed by Gyuyoung Kim. Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe to remove them from the list of include directories. * PlatformEfl.cmake: Removed. * PlatformGTK.cmake: Removed. 2013-05-16 Patrick Gansterer Consolidate lists in JavaScriptCore CMake files https://bugs.webkit.org/show_bug.cgi?id=115992 Reviewed by Gyuyoung Kim. Move common files into the CMakeLists.txt to avoid duplicating the list of files. Also rebase the recently added GTK files to match the other CMake ports, since the submitted patch was based on an older version of the source tree. * CMakeLists.txt: * PlatformEfl.cmake: * PlatformGTK.cmake: * shell/CMakeLists.txt: * shell/PlatformEfl.cmake: * shell/PlatformGTK.cmake: 2013-05-16 Geoffrey Garen JSValue shouldn't protect/unprotect its context https://bugs.webkit.org/show_bug.cgi?id=116234 Reviewed by Mark Hahnenberg. Our retain on _context is sufficient. * API/JSValue.mm: (-[JSValue initWithValue:inContext:]): (-[JSValue dealloc]): 2013-05-15 Ryosuke Niwa Another Windows build fix attempt after r150160. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2013-05-15 Oliver Hunt RefCountedArray needs to use vector initialisers for its backing store https://bugs.webkit.org/show_bug.cgi?id=116194 Reviewed by Gavin Barraclough. Use an out of line function to clear the exception stack to avoid needing to include otherwise unnecessary headers all over the place. Everything else is just being updated to use that. * bytecompiler/BytecodeGenerator.cpp: * interpreter/CallFrame.h: (JSC::ExecState::clearSupplementaryExceptionInfo): * interpreter/Interpreter.cpp: (JSC::Interpreter::addStackTraceIfNecessary): (JSC::Interpreter::throwException): * runtime/JSGlobalObject.cpp: (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): * runtime/VM.cpp: (JSC): (JSC::VM::clearExceptionStack): * runtime/VM.h: (VM): (JSC::VM::exceptionStack): 2013-05-15 Commit Queue Unreviewed, rolling out r150051. http://trac.webkit.org/changeset/150051 https://bugs.webkit.org/show_bug.cgi?id=116186 Broke all JSC tests on Mac and the author is unresponsive (Requested by rniwa on #webkit). * JavaScriptCore.xcodeproj/project.pbxproj: 2013-05-15 Julien Brianceau Remove savedTimeoutReg from JITStackFrame for sh4 base JIT. https://bugs.webkit.org/show_bug.cgi?id=116143 Reviewed by Geoffrey Garen. Since r148119, timeoutCheckRegister is removed from baseline JIT. So we don't need to save r8 register in JITStackFrame anymore for sh4. * jit/JITStubs.cpp: * jit/JITStubs.h: (JITStackFrame): 2013-05-15 Nico Weber WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions. https://bugs.webkit.org/show_bug.cgi?id=116157 Reviewed by Anders Carlsson. Also remove a gcc3.2 workaround. Merges parts of these two commits by the talented Nico Weber: https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5 https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312 * os-win32/inttypes.h: 2013-05-13 Alvaro Lopez Ortega Nightly build's jsc doesn't work without DYLD_FRAMEWORK... https://bugs.webkit.org/show_bug.cgi?id=79065 Reviewed by Darin Adler. Fixes the build process so the depencencies of the jsc binary are modified before its copied to its target directory. In this way jsc should always use relative reference to the JavaScriptCore libraries. * JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in the "Copy Into Framework" target. 2013-05-13 Mark Hahnenberg Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers https://bugs.webkit.org/show_bug.cgi?id=116074 If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. If this happens on a GC thread other than the "main" thread, we will deadlock. The solution is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early. Reviewed by Darin Adler. * API/JSVirtualMachine.mm: (scanExternalObjectGraph): 2013-05-13 Benjamin Poulain Improve stringProtoFuncLastIndexOf for the prefix case https://bugs.webkit.org/show_bug.cgi?id=115952 Reviewed by Geoffrey Garen. * runtime/StringPrototype.cpp: (JSC::stringProtoFuncLastIndexOf): Use the optimized string search when possible. On Joseph Pecoraro's tests, this gives a ~30% speed improvement. 2013-05-13 Zalan Bujtas WebProcess consuming very high CPU on linkedin.com https://bugs.webkit.org/show_bug.cgi?id=115601 Reviewed by Andreas Kling. Disable WEB_TIMING_MINIMAL. Turn off window.performance and performance.now(). Some JS frameworks expect additional Web Timing APIs, when performance.now() is available. * Configurations/FeatureDefines.xcconfig: 2013-05-12 Anders Carlsson Stop including UnusedParam.h https://bugs.webkit.org/show_bug.cgi?id=116003 Reviewed by Sam Weinig. UnusedParam.h is empty now so there's no need to include it anymore. * API/APICast.h: * API/tests/JSNode.c: * API/tests/JSNodeList.c: * API/tests/minidom.c: * API/tests/testapi.c: * assembler/AbstractMacroAssembler.h: * assembler/MacroAssemblerCodeRef.h: * bytecode/CodeBlock.cpp: * heap/HandleStack.h: * interpreter/JSStackInlines.h: * jit/CompactJITCodeMap.h: * jit/ExecutableAllocator.h: * parser/SourceProvider.h: * runtime/DatePrototype.cpp: * runtime/JSNotAnObject.cpp: * runtime/JSSegmentedVariableObject.h: * runtime/JSVariableObject.h: * runtime/Options.cpp: * runtime/PropertyOffset.h: 2013-05-11 Martin Robinson [GTK] Add a basic cmake build for WTF and JavaScriptCore https://bugs.webkit.org/show_bug.cgi?id=115967 Reviewed by Laszlo Gombos. * PlatformGTK.cmake: Added. * shell/PlatformGTK.cmake: Added. 2013-05-10 Laszlo Gombos Remove USE(OS_RANDOMNESS) https://bugs.webkit.org/show_bug.cgi?id=108095 Reviewed by Darin Adler. Remove the USE(OS_RANDOMNESS) guard as it is turned on for all ports. * jit/JIT.cpp: (JSC::JIT::JIT): 2013-05-10 Mark Hahnenberg Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase https://bugs.webkit.org/show_bug.cgi?id=115938 We're going to add some more types of check hoisting soon, so let's have the right name here. Rubber stamped by Filip Pizlo. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * dfg/DFGDriver.cpp: (JSC::DFG::compile): * dfg/DFGStructureCheckHoistingPhase.cpp: Removed. * dfg/DFGStructureCheckHoistingPhase.h: Removed. * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp. (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase): (JSC::DFG::performTypeCheckHoisting): * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h. 2013-05-09 Christophe Dumez Unreviewed build fix after r149836. It broke at least EFL and GTK builds. Move new static members initialization outside the class. Those need to have a definition outside the class because their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries). * runtime/CodeCache.cpp: (JSC): * runtime/CodeCache.h: (CodeCacheMap): 2013-05-08 Oliver Hunt Code cache stores bogus var references for functions in eval code https://bugs.webkit.org/show_bug.cgi?id=115747 Reviewed by Mark Hahnenberg. Non-global eval now uses a per-CodeBlock cache, and only use it when we're at the top of a function's scope. This means that we will no longer cache the parsing of a single string across multiple functions, and we won't cache when we're nested inside constructs like |with| and |catch| where previously we would, which is good because caching in those cases is unsound. * bytecode/EvalCodeCache.h: (JSC): (JSC::EvalCodeCache::getSlow): (JSC::EvalCodeCache::get): * bytecode/UnlinkedCodeBlock.h: (JSC::UnlinkedCodeBlock::codeCacheForEval): (UnlinkedCodeBlock): (RareData): * debugger/Debugger.cpp: (JSC::evaluateInGlobalCallFrame): * debugger/DebuggerCallFrame.cpp: (JSC::DebuggerCallFrame::evaluate): * interpreter/Interpreter.cpp: (JSC::eval): * runtime/CodeCache.cpp: (JSC::CodeCache::CodeCache): (JSC::CodeCache::generateBytecode): (JSC): (JSC::CodeCache::getCodeBlock): * runtime/CodeCache.h: (JSC::CodeCacheMap::CodeCacheMap): (CodeCacheMap): (JSC::CodeCacheMap::canPruneQuickly): (JSC::CodeCacheMap::prune): (JSC::CodeCache::create): (CodeCache): * runtime/Executable.cpp: (JSC::EvalExecutable::EvalExecutable): (JSC::EvalExecutable::compileInternal): * runtime/Executable.h: (JSC::EvalExecutable::create): (EvalExecutable): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::createEvalCodeBlock): * runtime/JSGlobalObject.h: (JSGlobalObject): * runtime/JSGlobalObjectFunctions.cpp: (JSC::globalFuncEval): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: (VM): 2013-05-08 Mark Hahnenberg DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes https://bugs.webkit.org/show_bug.cgi?id=115805 Reviewed by Geoffrey Garen. It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray) instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray. To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which should then use Array::PossiblyArray, then do the checks we were already doing. * bytecode/ArrayProfile.h: (JSC::hasSeenArray): (JSC::hasSeenNonArray): * dfg/DFGArrayMode.cpp: (JSC::DFG::ArrayMode::fromObserved): 2013-05-09 Joe Mason [BlackBerry] Set up logging buffer on start of jsc executable https://bugs.webkit.org/show_bug.cgi?id=114688 Reviewed by Rob Buis. Internal PR: 322715 Internally Reviewed By: Jeff Rogers * jsc.cpp: (main): call BB::Platform::setupApplicationLogging 2013-05-08 Michael Saboff JSC: There should be a disassembler for ARM Thumb 2 https://bugs.webkit.org/show_bug.cgi?id=115827 Reviewed by Filip Pizlo. Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging and profiling code. The opcode coverage is currently not complete. It covers all of the integer instructions JSC currently emits, but only a limited number of floating point opcodes. Currently that is just the 64 bit vmov and vmsr instructions. The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes for each instruction group. There is a public format method that does the bulk of the disassembly work. There are two broad sub-classes, ARMv7D16BitOpcode and ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes. There are sub-classes under those two classes for individual and related groups of opcodes. Instructions are "dispatched" to the right subclass via two arrays of linked lists in the inner classes OpcodeGroup. There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode. Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine that it matches a particular group. OpcodeGroup uses a static method to reinterpret_cast the Opcode object to the right base class for the instruction group for formatting. The cast eliminates the need of allocating an object for each decoded instruction. Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether the instruction is 16 or 32 bit. * JavaScriptCore.xcodeproj/project.pbxproj: * disassembler/ARMv7: Added. * disassembler/ARMv7/ARMv7DOpcode.cpp: Added. (ARMv7Disassembler): (OpcodeGroupInitializer): (JSC::ARMv7Disassembler::ARMv7DOpcode::init): (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock): (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt): (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode): (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble): (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat): (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format): * disassembler/ARMv7/ARMv7DOpcode.h: Added. (ARMv7Disassembler): (ARMv7DOpcode): (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode): (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction): (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction): (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName): (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName): (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock): (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock): (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset): (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount): (ARMv7D16BitOpcode): (OpcodeGroup): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd): (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber): (ARMv7DOpcodeAddRegisterT2): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm): (ARMv7DOpcodeAddSPPlusImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8): (ARMv7DOpcodeAddSubtract): (ARMv7DOpcodeAddSubtractT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn): (ARMv7DOpcodeAddSubtractImmediate3): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn): (ARMv7DOpcodeAddSubtractImmediate8): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn): (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8): (ARMv7DOpcodeBranchConditionalT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset): (ARMv7DOpcodeBranchExchangeT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm): (ARMv7DOpcodeBranchT2): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11): (ARMv7DOpcodeCompareImmediateT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8): (ARMv7DOpcodeCompareRegisterT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn): (ARMv7DOpcodeCompareRegisterT2): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn): (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm): (ARMv7DOpcodeDataProcessingRegisterT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn): (ARMv7DOpcodeGeneratePCRelativeAddress): (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd): (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8): (ARMv7DOpcodeLoadFromLiteralPool): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8): (ARMv7DOpcodeLoadStoreRegisterImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale): (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte): (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord): (ARMv7DOpcodeLoadStoreRegisterOffsetT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt): (ARMv7DOpcodeLoadStoreRegisterSPRelative): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8): (ARMv7DOpcodeLogicalImmediateT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5): (ARMv7DOpcodeMiscAddSubSP): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7): (ARMv7DOpcodeMiscByteHalfwordOps): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op): (ARMv7DOpcodeMiscBreakpointT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8): (ARMv7DOpcodeMiscCompareAndBranch): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn): (ARMv7DOpcodeMiscHint16): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA): (ARMv7DOpcodeMiscIfThenT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask): (ARMv7DOpcodeMiscPushPop): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask): (ARMv7DOpcodeMoveImmediateT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd): (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8): (ARMv7DOpcodeMoveRegisterT1): (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd): (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm): (ARMv7D32BitOpcode): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt): (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber): (ARMv7DOpcodeBranchRelative): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11): (ARMv7DOpcodeConditionalBranchT3): (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset): (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition): (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6): (ARMv7DOpcodeBranchOrBranchLink): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10): (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL): (ARMv7DOpcodeDataProcessingLogicalAndRithmetic): (ARMv7DOpcodeDataProcessingModifiedImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12): (ARMv7DOpcodeDataProcessingShiftedReg): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit): (ARMv7DOpcodeDataProcessingReg): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2): (ARMv7DOpcodeDataProcessingRegShift): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName): (ARMv7DOpcodeDataProcessingRegExtend): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate): (ARMv7DOpcodeDataProcessingRegParallel): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName): (ARMv7DOpcodeDataProcessingRegMisc): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName): (ARMv7DOpcodeHint32): (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint): (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption): (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op): (ARMv7DOpcodeFPTransfer): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd): (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn): (ARMv7DOpcodeDataLoad): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op): (ARMv7DOpcodeLoadRegister): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2): (ARMv7DOpcodeLoadSignedImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8): (ARMv7DOpcodeLoadUnsignedImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12): (ARMv7DOpcodeLongMultipleDivide): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit): (ARMv7DOpcodeDataPushPopSingle): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op): (ARMv7DOpcodeDataStoreSingle): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op): (ARMv7DOpcodeStoreSingleImmediate12): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12): (ARMv7DOpcodeStoreSingleImmediate8): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8): (ARMv7DOpcodeStoreSingleRegister): (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2): (ARMv7DOpcodeUnmodifiedImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12): (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16): (ARMv7DOpcodeVMOVDoublePrecision): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm): (ARMv7DOpcodeVMOVSinglePrecision): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm): (ARMv7DOpcodeVMSR): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL): (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt): * disassembler/ARMv7Disassembler.cpp: Added. (JSC::tryToDisassemble): 2013-05-07 Julien Brianceau Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT. https://bugs.webkit.org/show_bug.cgi?id=115722 Reviewed by Oliver Hunt. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::load8PostInc): (MacroAssemblerSH4): (JSC::MacroAssemblerSH4::load16Unaligned): (JSC::MacroAssemblerSH4::load16PostInc): (JSC::MacroAssemblerSH4::storeDouble): (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): * assembler/SH4Assembler.h: (JSC::SH4Assembler::movwMemRegIn): (SH4Assembler): (JSC::SH4Assembler::movbMemRegIn): (JSC::SH4Assembler::printInstr): 2013-05-07 Anders Carlsson Remove AlwaysInline.h from WTF https://bugs.webkit.org/show_bug.cgi?id=115727 Reviewed by Brent Fulgham. The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason to keep AlwaysInline.h around anymore. * jit/JSInterfaceJIT.h: * parser/Lexer.h: * runtime/JSCJSValue.h: * runtime/SymbolTable.h: 2013-05-07 Mikhail Pozdnyakov HashTraits >::PeekType should be raw pointer for better performance https://bugs.webkit.org/show_bug.cgi?id=115646 Reviewed by Darin Adler. * bytecompiler/StaticPropertyAnalyzer.h: (JSC::StaticPropertyAnalyzer::putById): Updated accordingly to new HashMap<.., RefPtr>::get() semantics. 2013-05-06 Julien Brianceau Misc bugfix and cleaning in sh4 base JIT. https://bugs.webkit.org/show_bug.cgi?id=115627 Reviewed by Oliver Hunt. Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions. Remove misplaced extuw() implementation from MacroAssemblerSH4. Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate. (JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate. (JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register. (JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case. (MacroAssemblerSH4): (JSC::MacroAssemblerSH4::load16): Handle "base == r0" case. (JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler. (JSC::MacroAssemblerSH4::load16Signed): Cosmetic change. (JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case. (JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case. (JSC::MacroAssemblerSH4::store32): * assembler/SH4Assembler.h: (JSC::SH4Assembler::movwRegMemr0): (SH4Assembler): (JSC::SH4Assembler::movbRegMemr0): (JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change. (JSC::SH4Assembler::maxJumpReplacementSize): (JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode. (JSC::SH4Assembler::printInstr): 2013-05-06 Anders Carlsson Stop using WTF::deleteAllValues in JavaScriptCore https://bugs.webkit.org/show_bug.cgi?id=115670 Reviewed by Oliver Hunt. Change the Vectors used to Vectors of OwnPtrs instead. * heap/DFGCodeBlocks.cpp: (JSC::DFGCodeBlocks::~DFGCodeBlocks): (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks): 2013-05-06 Andras Becsi Build with GCC 4.8 fails because of -Wmaybe-uninitialized https://bugs.webkit.org/show_bug.cgi?id=115648 Reviewed by Michael Saboff. Initialize values in Options::setOption since from there we end up calling OptionRange::init with uninitialized members. * runtime/Options.cpp: 2013-05-06 Gabor Rapcsanyi JSC ARM traditional failing on Octane NavierStokes test https://bugs.webkit.org/show_bug.cgi?id=115626 Reviewed by Zoltan Herczeg. Change the ARM traditional assembler to use double precision on value conversions. * assembler/ARMAssembler.h: 2013-05-03 Michael Saboff There should be a runtime option to constrain what functions get DFG compiled https://bugs.webkit.org/show_bug.cgi?id=115576 Reviewed by Mark Hahnenberg. Added OptionRange to Options to allow checking that something is within an option or not. The new OptionClass supports range strings in the form of [!][:]. If only one value is given, then it will be used for both low and high. A leading '!' inverts the check. If no range is given, then checking for a value within a range will always return true. Added the option "bytecodeRangeToDFGCompile" that takes an OptionRange string to select the bytecode range of code blocks to DFG compile. * dfg/DFGDriver.cpp: (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile range. * runtime/Options.cpp: (JSC::parse): Added overloaded parse() for OptionRange. (JSC::OptionRange::init): Parse range string and then initialize the range. (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within the specified range. (JSC::Options::dumpOption): Added code to dump OptionRange options. * runtime/Options.h: (OptionRange): New class. (JSC::OptionRange::operator= ): This is really used as a default ctor for use within the Option static array initialization. (JSC::OptionRange::rangeString): This is used for debug. It assumes that the char* passed into OptionRange::init is valid when this function is called. 2013-05-02 Oliver Hunt Fix potential bug in lookup logic https://bugs.webkit.org/show_bug.cgi?id=115522 Reviewed by Mark Hahnenberg. Though not a problem in practise, it is technically possible to inject an un-proxied global object into the scope chain via the C API. This change makes sure that the scope walk in BytecodeGenerator actually limits itself to scopes that are statically bindable. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::resolve): * runtime/JSObject.h: (JSObject): (JSC): (JSC::JSObject::isStaticScopeObject): 2013-05-01 Roger Fong Set Path in makefile for AppleWin. * JavaScriptCore.vcxproj/JavaScriptCore.make: 2013-05-01 Benjamin Poulain Remove the remaining wscript https://bugs.webkit.org/show_bug.cgi?id=115459 Reviewed by Andreas Kling. * wscript: Removed. 2013-04-30 Mark Lam JSContextGroupSetExecutionTimeLimit() should not pass a callback to the VM watchdog if its client did not pass one in. https://bugs.webkit.org/show_bug.cgi?id=115461. Reviewed by Geoffrey Garen. * API/JSContextRef.cpp: (internalScriptTimeoutCallback): (JSContextGroupSetExecutionTimeLimit): * API/tests/testapi.c: (main): - Added test case when the time limit callback is 0. - Also updated a check to verify that a TerminatedExecutionException is thrown when the time out is cancelled. - Also fixed some cosmetic typos. 2013-04-30 Geoffrey Garen Removed op_ensure_property_exists https://bugs.webkit.org/show_bug.cgi?id=115460 Reviewed by Mark Hahnenberg. It was unused, and whatever it was once used for was not optimized. * JavaScriptCore.order: * bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): * bytecode/Opcode.h: (JSC::padOpcodeName): * jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): * jit/JIT.h: * jit/JITOpcodes.cpp: * jit/JITOpcodes32_64.cpp: * jit/JITStubs.cpp: * jit/JITStubs.h: * llint/LLIntSlowPaths.cpp: * llint/LLIntSlowPaths.h: * llint/LowLevelInterpreter.asm: 2013-04-30 Oliver Hunt JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry https://bugs.webkit.org/show_bug.cgi?id=115449 Reviewed by Geoffrey Garen. Rename callframeishost to something that makes sense, and fix getCallerInfo to correctly handle inline functions calling into the VM. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::codeOriginForReturn): Make this more robust in the face of incorrect stack walking * interpreter/CallFrame.cpp: (JSC::CallFrame::trueCallerFrame): Everyone has to perform a codeblock() check before calling this so we might as well just do it here. * interpreter/Interpreter.cpp: (JSC::getCallerInfo): 2013-04-30 Julien Brianceau Bug fixing in sh4 base JIT and LLINT. https://bugs.webkit.org/show_bug.cgi?id=115420 Reviewed by Oliver Hunt. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::lshift32): (JSC::MacroAssemblerSH4::rshift32): (JSC::MacroAssemblerSH4::branchMul32): (JSC::MacroAssemblerSH4::urshift32): (JSC::MacroAssemblerSH4::replaceWithJump): (JSC::MacroAssemblerSH4::maxJumpReplacementSize): * assembler/SH4Assembler.h: (JSC::SH4Assembler::shldRegReg): (JSC::SH4Assembler::shadRegReg): (JSC::SH4Assembler::shalImm8r): (SH4Assembler): (JSC::SH4Assembler::sharImm8r): (JSC::SH4Assembler::maxJumpReplacementSize): (JSC::SH4Assembler::replaceWithJump): * offlineasm/sh4.rb: 2013-04-30 Geoffrey Garen Objective-C JavaScriptCore API should publicly support bridging to C https://bugs.webkit.org/show_bug.cgi?id=115447 Reviewed by Mark Hahnenberg. For consistency, I renamed +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef] +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef] -[JSContext globalContext] => -[JSContext JSGlobalContextRef] I searched svn to verify that these functions don't have clients yet, so we won't break anything. I also exported as public API +[JSValue valueWithJSValueRef:] +[JSContext contextWithJSGlobalContextRef:] It's hard to integrate with the C API without these. 2013-04-30 Commit Queue Unreviewed, rolling out r149349 and r149354. http://trac.webkit.org/changeset/149349 http://trac.webkit.org/changeset/149354 https://bugs.webkit.org/show_bug.cgi?id=115444 The Thumb version of compileSoftModulo make invalid use of registers (Requested by benjaminp on #webkit). * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * assembler/ARMv7Assembler.h: (ARMv7Assembler): * assembler/AbstractMacroAssembler.h: (JSC::isARMv7s): (JSC): * assembler/MacroAssemblerARMv7.cpp: Removed. * assembler/MacroAssemblerARMv7.h: (MacroAssemblerARMv7): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileSoftModulo): (DFG): (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::callOperation): (SpeculativeJIT): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2013-04-30 Zalan Bujtas Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/ https://bugs.webkit.org/show_bug.cgi?id=111244 Reviewed by David Kilzer. Enable performance.now() as a minimal subset of Web Timing API. It returns DOMHighResTimeStamp, a monotonically increasing value representing the number of milliseconds from the start of the navigation of the current document. JS libraries use this API to check against the requestAnimationFrame() timestamp. * Configurations/FeatureDefines.xcconfig: 2013-04-30 Zoltan Arvai Unreviewed. Speculative build fix on Qt Arm and Mips after r149349. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileSoftModulo): 2013-04-29 Cosmin Truta [ARM] Expand the use of integer division https://bugs.webkit.org/show_bug.cgi?id=115138 Reviewed by Benjamin Poulain. If availability of hardware integer division isn't known at compile time, check the CPU flags and decide at runtime whether to fall back to software. Currently, this OS-specific check is implemented on QNX. Moreover, use operator % instead of fmod() in the calculation of the software modulo. Even when it's software-emulated, operator % is faster than fmod(): on ARM v7 QNX, without hardware division, we noticed >3% speedup on SunSpider. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * assembler/ARMv7Assembler.h: (JSC::ARMv7Assembler::sdiv): Did not compile conditionally. (JSC::ARMv7Assembler::udiv): Ditto. * assembler/AbstractMacroAssembler.h: (JSC::isARMv7s): Removed. * assembler/MacroAssemblerARMv7.cpp: Added. (JSC::isIntegerDivSupported): Added. * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added. * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case. * dfg/DFGOperations.cpp: (JSC::DFG::operationModOnInts): Added. * dfg/DFGOperations.h: (JSC::DFG::Z_DFGOperation_ZZ): Added. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen from the common implementation; used operationModOnInts on ARM. (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7. (JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM. * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM. 2013-04-29 Benjamin Poulain Unify the data access of StringImpl members from JavaScriptCore https://bugs.webkit.org/show_bug.cgi?id=115320 Reviewed by Andreas Kling. DFG accesses the member infos by directly calling the methods on StringImpl, while the baseline JIT was using helper methods on ThunkHelpers. Cut the middle man, and use StringImpl directly everywhere. * jit/JITInlines.h: (JSC::JIT::emitLoadCharacterString): * jit/JITPropertyAccess.cpp: (JSC::JIT::stringGetByValStubGenerator): * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::stringGetByValStubGenerator): * jit/JSInterfaceJIT.h: * jit/ThunkGenerators.cpp: (JSC::stringCharLoad): 2013-04-29 Benjamin Poulain Use push and pop for iOS math function thunks https://bugs.webkit.org/show_bug.cgi?id=115215 Reviewed by Filip Pizlo. The iOS ABI is a little different than regular ARM ABI regarding stack alignment. The requirement is 4 bytes: "The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned, grows downward, and contains local variables and a function’s parameters." Subsequently, we can just use push and pop to preserve the link register. * jit/ThunkGenerators.cpp: 2013-04-29 Brent Fulgham [Windows, WinCairo] Get rid of last few pthread include/link references. https://bugs.webkit.org/show_bug.cgi?id=115375 Reviewed by Tim Horton. * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: * JavaScriptCore.vcxproj/jsc/jscCommon.props: * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: * JavaScriptCore.vcxproj/testapi/testapiCommon.props: 2013-04-29 Roger Fong Unreviewed. AppleWin VS2010 build fix. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: 2013-04-26 Mark Hahnenberg ~BlockAllocator should ASSERT that it has no more Regions left https://bugs.webkit.org/show_bug.cgi?id=115287 Reviewed by Andreas Kling. * heap/BlockAllocator.cpp: (JSC::BlockAllocator::~BlockAllocator): (JSC::BlockAllocator::allRegionSetsAreEmpty): * heap/BlockAllocator.h: (RegionSet): (JSC::BlockAllocator::RegionSet::isEmpty): (BlockAllocator): 2013-04-29 Mark Hahnenberg IndexingTypes should use hex https://bugs.webkit.org/show_bug.cgi?id=115286 Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate. Reviewed by Geoffrey Garen. * runtime/IndexingType.h: 2013-04-29 Carlos Garcia Campos Unreviewed. Fix make distcheck. * GNUmakefile.list.am: Add missing headers files to compilation and offlineasm/sh4.rb script. 2013-04-28 Dean Jackson [Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS) https://bugs.webkit.org/show_bug.cgi?id=115310 Reviewed by Simon Fraser. Remove ENABLE_HIGH_DPI_CANVAS_macosx. * Configurations/FeatureDefines.xcconfig: 2013-04-27 Darin Adler Move from constructor and member function adoptCF/NS to free function adoptCF/NS. https://bugs.webkit.org/show_bug.cgi?id=115307 Reviewed by Geoffrey Garen. * heap/HeapTimer.cpp: (JSC::HeapTimer::HeapTimer): * runtime/VM.cpp: (JSC::enableAssembler): Use adoptCF free function. 2013-04-27 Anders Carlsson Try to fix the Windows build. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: 2013-04-25 Geoffrey Garen Cleaned up pre/post inc/dec in bytecode https://bugs.webkit.org/show_bug.cgi?id=115222 Reviewed by Filip Pizlo. A few related changes here: (*) Removed post_inc and post_dec. The two-result form was awkward to reason about. Being explicit about the intermediate mov and to_number reduces DFG overhead, removes some fragile ASSERTs from the DFG, and fixes a const bug. Plus, we get to blow away 262 lines of code. (*) Renamed pre_inc and pre_dec to inc and dec, since there's only one version now. (*) Renamed to_jsnumber to to_number, to match the ECMA name. (*) Tightened up the codegen and runtime support for to_number. * JavaScriptCore.order: Order! * bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): * bytecode/Opcode.h: (JSC::padOpcodeName): * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitInc): (JSC::BytecodeGenerator::emitDec): * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitToNumber): (BytecodeGenerator): Removed post_inc and post_dec. * bytecompiler/NodesCodegen.cpp: (JSC::emitPreIncOrDec): Updated for rename. (JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed. These are rare, and they boil away in the DFG. (JSC::PostfixNode::emitResolve): (JSC::PrefixNode::emitResolve): For const, use an explicit mov instead of any special forms. This fixes a bug where we would do string add/subtract instead of number. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCapabilities.h: (JSC::DFG::canCompileOpcode): * jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases): * jit/JIT.h: * jit/JITArithmetic.cpp: (JSC::JIT::emit_op_inc): (JSC::JIT::emitSlow_op_inc): (JSC::JIT::emit_op_dec): (JSC::JIT::emitSlow_op_dec): * jit/JITArithmetic32_64.cpp: (JSC::JIT::emit_op_inc): (JSC::JIT::emitSlow_op_inc): (JSC::JIT::emit_op_dec): (JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames. * jit/JITOpcodes.cpp: (JSC::JIT::emit_op_to_number): (JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's no such thing! * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions about the lowest valued tag. (JSC::JIT::emitSlow_op_to_number): Updated for renames. * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): * jit/JITStubs.h: * llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): * llint/LLIntSlowPaths.h: * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: * parser/NodeConstructors.h: (JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames. * runtime/Operations.cpp: (JSC::jsIsObjectType): Removed a test for number cells. There's no such thing! 2013-04-27 Julien Brianceau REGRESSION(r149114): cache flush for SH4 arch may flush an extra page. https://bugs.webkit.org/show_bug.cgi?id=115305 Reviewed by Andreas Kling. * assembler/SH4Assembler.h: (JSC::SH4Assembler::cacheFlush): 2013-04-26 Geoffrey Garen Re-landing Filled out more cases of branch folding in bytecode when emitting expressions into a branching context https://bugs.webkit.org/show_bug.cgi?id=115057 Reviewed by Phil Pizlo. We can't fold the number == 1 case to boolean because all non-zero numbers down-cast to true, but only 1 is == to true. 2013-04-26 Filip Pizlo Correct indentation of SymbolTable.h Rubber stamped by Mark Hahnenberg. * runtime/SymbolTable.h: 2013-04-26 Roger Fong Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders. Make the DebugSuffix configuration use _debug dependencies. * JavaScriptCore.vcxproj/JavaScriptCore.make: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: * JavaScriptCore.vcxproj/JavaScriptCoreCF.props: * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props: * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props: * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props: * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props: * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props: * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd: * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props: * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props: * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props: * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: * JavaScriptCore.vcxproj/build-generated-files.sh: * JavaScriptCore.vcxproj/copy-files.cmd: * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: * JavaScriptCore.vcxproj/jsc/jscCommon.props: * JavaScriptCore.vcxproj/jsc/jscDebug.props: * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd: * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd: * JavaScriptCore.vcxproj/jsc/jscProduction.props: * JavaScriptCore.vcxproj/jsc/jscRelease.props: * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props: * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props: * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props: * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: * JavaScriptCore.vcxproj/testapi/testapiCommon.props: * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: * JavaScriptCore.vcxproj/testapi/testapiDebug.props: * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props: * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: * JavaScriptCore.vcxproj/testapi/testapiProduction.props: * JavaScriptCore.vcxproj/testapi/testapiRelease.props: * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props: 2013-04-26 Roger Fong Disable sub-pixel layout on mac. https://bugs.webkit.org/show_bug.cgi?id=114999. Reviewed by Simon Fraser. * Configurations/FeatureDefines.xcconfig: 2013-04-26 Oliver Hunt Make stack tracing more robust https://bugs.webkit.org/show_bug.cgi?id=115272 Reviewed by Geoffrey Garen. CallFrame already handles stack walking confusion robustly, so we should make sure that the actual walk handles that as well. * interpreter/Interpreter.cpp: (JSC::getCallerInfo): 2013-04-26 Mark Hahnenberg REGRESSION(r149165): It made many tests crash on 32 bit https://bugs.webkit.org/show_bug.cgi?id=115227 Reviewed by Csaba Osztrogonác. m_reservation is uninitialized when ENABLE(SUPER_REGION) is false. * heap/SuperRegion.cpp: (JSC::SuperRegion::~SuperRegion): 2013-04-26 Julien Brianceau Fix SH4 build broken since r149159. https://bugs.webkit.org/show_bug.cgi?id=115229 Add BranchTruncateType enum in SH4 port and handle it in branchTruncateDoubleToInt32. Reviewed by Allan Sandfeld Jensen. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32): 2013-04-25 Mark Hahnenberg SuperRegion doesn't call deallocate() on its PageReservation https://bugs.webkit.org/show_bug.cgi?id=115208 Reviewed by Geoffrey Garen. It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator also has this bug, but it doesn't matter much because there's only one instance of that class throughout the entire lifetime of the process, whereas each VM has its own SuperRegion. * heap/SuperRegion.cpp: (JSC::SuperRegion::~SuperRegion): * heap/SuperRegion.h: (SuperRegion): * jit/ExecutableAllocatorFixedVMPool.cpp: (FixedVMPoolExecutableAllocator): (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator): 2013-04-25 Filip Pizlo DFG doesn't support to_jsnumber https://bugs.webkit.org/show_bug.cgi?id=115129 Reviewed by Geoffrey Garen. Based on Oliver's patch. Implements to_jsnumber as Identity(Number:@thingy), and then does an optimization in Fixup to turn Identity(Number:) into Identity(Int32:) if the predictions tell us to. Identity is later turned into Phantom. Also fixed BackPropMask, which appeared to have NodeDoesNotExit included in it. That's wrong; NodeDoesNotExit is not a backward propagation property. Also fixed Identity to be marked as CanExit (i.e. not NodeDoesNotExit). This more than doubles the FPS on ammo. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCapabilities.h: (JSC::DFG::canCompileOpcode): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): (FixupPhase): (JSC::DFG::FixupPhase::observeUseKindOnNode): (JSC::DFG::FixupPhase::observeUseKindOnEdge): * dfg/DFGNodeFlags.h: (DFG): * dfg/DFGNodeType.h: (DFG): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): 2013-04-24 Oliver Hunt Add support for Math.imul https://bugs.webkit.org/show_bug.cgi?id=115143 Reviewed by Filip Pizlo. Add support for Math.imul, a thunk generator for Math.imul, and an intrinsic. Fairly self explanatory set of changes, DFG intrinsics simply leverages the existing ValueToInt32 nodes. * create_hash_table: * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::executeEffects): * dfg/DFGBackwardsPropagationPhase.cpp: (JSC::DFG::BackwardsPropagationPhase::propagate): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleIntrinsic): * dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::performNodeCSE): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGNodeType.h: (DFG): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileArithIMul): * dfg/DFGSpeculativeJIT.h: (SpeculativeJIT): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * jit/ThunkGenerators.cpp: (JSC::imulThunkGenerator): (JSC): * jit/ThunkGenerators.h: (JSC): * runtime/Intrinsic.h: * runtime/MathObject.cpp: (JSC): (JSC::mathProtoFuncIMul): * runtime/VM.cpp: (JSC::thunkGeneratorForIntrinsic): 2013-04-25 Filip Pizlo Unreviewed, roll out http://trac.webkit.org/changeset/148999 It broke http://kripken.github.io/ammo.js/examples/new/ammo.html * JavaScriptCore.order: * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitNewArray): (JSC::BytecodeGenerator::emitThrowReferenceError): (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded): * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::shouldEmitProfileHooks): (BytecodeGenerator): * bytecompiler/NodesCodegen.cpp: (JSC): (JSC::NullNode::emitBytecode): (JSC::BooleanNode::emitBytecode): (JSC::NumberNode::emitBytecode): (JSC::StringNode::emitBytecode): (JSC::IfNode::emitBytecode): (JSC::IfElseNode::emitBytecode): * parser/ASTBuilder.h: (JSC::ASTBuilder::createIfStatement): (ASTBuilder): * parser/NodeConstructors.h: (JSC): (JSC::NullNode::NullNode): (JSC::BooleanNode::BooleanNode): (JSC::NumberNode::NumberNode): (JSC::StringNode::StringNode): (JSC::IfNode::IfNode): (JSC::IfElseNode::IfElseNode): * parser/Nodes.h: (JSC::ExpressionNode::isPure): (JSC::ExpressionNode::isSubtract): (StatementNode): (NullNode): (JSC::NullNode::isNull): (BooleanNode): (JSC::BooleanNode::isPure): (NumberNode): (JSC::NumberNode::value): (JSC::NumberNode::isPure): (StringNode): (JSC::StringNode::isPure): (JSC::StringNode::isString): (BinaryOpNode): (IfNode): (JSC): (IfElseNode): (ContinueNode): (BreakNode): * parser/Parser.cpp: (JSC::::parseIfStatement): * parser/ResultType.h: (ResultType): * runtime/JSCJSValueInlines.h: (JSC::JSValue::pureToBoolean): * runtime/JSCell.h: (JSCell): * runtime/JSCellInlines.h: (JSC): 2013-04-25 Filip Pizlo PreciseJumpTargets should treat loop_hint as a jump target https://bugs.webkit.org/show_bug.cgi?id=115209 Reviewed by Mark Hahnenberg. I didn't add a test but I turned this into a release assertion. Running Octane is enough to trigger it. * bytecode/PreciseJumpTargets.cpp: (JSC::computePreciseJumpTargets): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): 2013-04-25 Roman Zhuykov Fix problems with processing negative zero on DFG. https://bugs.webkit.org/show_bug.cgi?id=113862 Reviewed by Filip Pizlo. Fix NodeNeedsNegZero flag propagation in BackwardPropagationPhase. Function arithNodeFlags should not mask NodeNeedsNegZero flag for ArithNegate and DoubleAsInt32 nodes and this flag should be always used to decide where we need to generate nezative-zero checks. Remove unnecessary negative-zero checks from integer ArithDiv on ARM. Also remove such checks from integer ArithMod on ARM and X86, and make them always to check not only "modulo_result == 0" but also "dividend < 0". Generate faster code for case when ArithMod operation divisor is constant power of 2 on ARMv7 in the same way as on ARMv7s, and add negative-zero checks into this code when needed. Change speculationCheck ExitKind from Overflow to NegativeZero where applicable. This shows 30% speedup of math-spectral-norm, and 5% speedup on SunSpider overall on ARMv7 Linux. * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::branchConvertDoubleToInt32): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32): * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32): * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32): * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32): * dfg/DFGBackwardsPropagationPhase.cpp: (JSC::DFG::BackwardsPropagationPhase::isNotNegZero): (JSC::DFG::BackwardsPropagationPhase::isNotPosZero): (JSC::DFG::BackwardsPropagationPhase::propagate): * dfg/DFGNode.h: (JSC::DFG::Node::arithNodeFlags): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32): (JSC::DFG::SpeculativeJIT::compileSoftModulo): (JSC::DFG::SpeculativeJIT::compileArithNegate): 2013-04-25 Oliver Hunt Stack guards are too conservative https://bugs.webkit.org/show_bug.cgi?id=115147 Reviewed by Mark Hahnenberg. Increase stack guard to closer to old size. * interpreter/Interpreter.cpp: (JSC::Interpreter::StackPolicy::StackPolicy): 2013-04-25 Oliver Hunt Stack guards are too conservative https://bugs.webkit.org/show_bug.cgi?id=115147 Reviewed by Geoffrey Garen. Reduce the limits and simplify the decision making. * interpreter/Interpreter.cpp: (JSC::Interpreter::StackPolicy::StackPolicy): 2013-04-25 Nick Diego Yamane JSC: Fix interpreter misbehavior in builds with JIT disabled https://bugs.webkit.org/show_bug.cgi?id=115190 Reviewed by Oliver Hunt. Commit http://trac.webkit.org/changeset/147858 modified some details on how JS stack traces are built. The method "getLineNumberForCallFrame", renamed in that changeset to "getBytecodeOffsetForCallFrame" is always returning `0' when JIT is disabled How to reproduce: - Build webkit with JIT disabled - Open MiniBrowser, for example, with http://google.com - In a debug build, WebProcess will hit the following ASSERT: Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279 ASSERT(low); * interpreter/Interpreter.cpp: (JSC::getBytecodeOffsetForCallFrame): 2013-04-25 Oliver Hunt Make checkSyntax take a VM instead of an ExecState RS=Tim * jsc.cpp: (runInteractive): * runtime/Completion.cpp: (JSC::checkSyntax): * runtime/Completion.h: (JSC): 2013-04-25 Michael Saboff 32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean https://bugs.webkit.org/show_bug.cgi?id=115188 Reviewed by Geoffrey Garen. Changed the RegExpTest node to set the AbstractValue to boolean, since that what it is. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::executeEffects): 2013-04-25 Julien Brianceau REGRESSION(r137994): Random crashes occur with SH4 JSC. https://bugs.webkit.org/show_bug.cgi?id=115167. Reviewed by Oliver Hunt. Since r137994, uncommited pages could be inside the area of memory in parameter of the cacheFlush function. That's why we have to flush each page separately to avoid a fail of the whole flush, if an uncommited page is in the area. This patch is very similar to changeset 145194 made for ARMv7 architecture, see https://bugs.webkit.org/show_bug.cgi?id=111441 for further information. * assembler/SH4Assembler.h: (JSC::SH4Assembler::cacheFlush): 2013-04-24 Mark Lam Add watchdog timer polling for the DFG. https://bugs.webkit.org/show_bug.cgi?id=115134. Reviewed by Geoffrey Garen. The strategy is to add a speculation check to the DFG generated code to test if the watchdog timer has fired or not. If the watchdog timer has fired, the generated code will do an OSR exit to the baseline JIT, and let it handle servicing the watchdog timer. If the watchdog is not enabled, this speculation check will not be emitted. * API/tests/testapi.c: (currentCPUTime_callAsFunction): (extendTerminateCallback): (main): - removed try/catch statements so that we can test the watchdog on the DFG. - added JS bindings to a native currentCPUTime() function so that the timeout tests can be more accurate. - also shortened the time values so that the tests can complete sooner. * bytecode/ExitKind.h: * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::executeEffects): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGNodeType.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * runtime/Watchdog.cpp: (JSC::Watchdog::setTimeLimit): 2013-04-24 Filip Pizlo Special thunks for math functions should work on ARMv7 https://bugs.webkit.org/show_bug.cgi?id=115144 Reviewed by Gavin Barraclough and Oliver Hunt. The only hard bit here was ensuring that we implemented the very special "cheap C call" convention on ARMv7. * assembler/AbstractMacroAssembler.h: (JSC::isARMv7s): (JSC): (JSC::isX86): * dfg/DFGCommon.h: * jit/SpecializedThunkJIT.h: (SpecializedThunkJIT): (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn): * jit/ThunkGenerators.cpp: (JSC::floorThunkGenerator): (JSC::ceilThunkGenerator): (JSC::roundThunkGenerator): (JSC::expThunkGenerator): (JSC::logThunkGenerator): 2013-04-24 Julien Brianceau Misc bugfix and cleaning in sh4 base JIT. https://bugs.webkit.org/show_bug.cgi?id=115022. Reviewed by Oliver Hunt. Remove unused add32() and sub32() with scratchreg parameter to avoid confusion as this function prototype means another behaviour. Remove unused "void push(Address)" function which seems quite buggy. * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::and32): Cosmetic change. (JSC::MacroAssemblerSH4::lshift32): Cosmetic change. (JSC::MacroAssemblerSH4::or32): Cosmetic change. (JSC::MacroAssemblerSH4::xor32): Cosmetic change. (MacroAssemblerSH4): (JSC::MacroAssemblerSH4::load32): Cosmetic change. (JSC::MacroAssemblerSH4::load8Signed): Fix invalid offset upper limit when using r0 register and cosmetic changes. (JSC::MacroAssemblerSH4::load8): Reuse load8Signed to avoid duplication. (JSC::MacroAssemblerSH4::load16): Fix invalid offset upper limit when using r0 register, fix missing offset shift and cosmetic changes. (JSC::MacroAssemblerSH4::store32): Cosmetic change. (JSC::MacroAssemblerSH4::branchAdd32): Store result value before branch. 2013-04-24 Patrick Gansterer [WIN] Remove pthread from Visual Studio files in JavaScriptCore https://bugs.webkit.org/show_bug.cgi?id=114864 Reviewed by Brent Fulgham. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: * JavaScriptCore.vcxproj/jsc/jscCommon.props: * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: * JavaScriptCore.vcxproj/testapi/testapiCommon.props: * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: 2013-04-24 Filip Pizlo DFG should keep the operand to create_this alive if it's emitting code for create_this https://bugs.webkit.org/show_bug.cgi?id=115133 Reviewed by Mark Hahnenberg. The DFG must model bytecode liveness, or else OSR exit is going to have a really bad time. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): 2013-04-24 Roger Fong Have VS2010 WebKit solution look in WebKit_Libraries/lib32 for dependencies. * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd: * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd: * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: 2013-04-24 Geoffrey Garen 32-bit build fix. Unreviewed. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): Explicitly truncate to 32-bit to avoid compiler warnings. It's safe to truncate because the payload of a boolean is the low bits on both 64-bit and 32-bit. 2013-04-23 Geoffrey Garen Filled out more cases of branch folding in the DFG https://bugs.webkit.org/show_bug.cgi?id=115088 Reviewed by Oliver Hunt. No change on the benchmarks we track, but a 3X speedup on a microbenchmark that uses these techniques. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): (!/=)= and (!/=)== can constant fold all types, not just numbers, because true constants have no side effects when type-converted at runtime. * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGNode.h: (JSC::DFG::Node::shouldSpeculateBoolean): Added support for fixing up boolean uses, like we do for other types like number. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): (JSC::DFG::SpeculativeJIT::compare): (JSC::DFG::SpeculativeJIT::compileStrictEq): (JSC::DFG::SpeculativeJIT::compileBooleanCompare): Peephole fuse boolean compare and/or compare-branch, now that we have the types for them. * dfg/DFGSpeculativeJIT.h: Updated declarations. == Rolled over to ChangeLog-2013-04-24 ==