Ubuntu
qtwebkit-opensource-src package

Merge lp:~mitya57/ubuntu/saucy/qtwebkit-opensource-src/merge into lp:ubuntu/saucy/qtwebkit-opensource-src

  1. Saucy (13.10)
  2. merge
  3. Merge into saucy
Proposed by Dmitry Shachnev
Status: Superseded
Proposed branch: lp:~mitya57/ubuntu/saucy/qtwebkit-opensource-src/merge
Merge into: lp:ubuntu/saucy/qtwebkit-opensource-src
Diff against target: 15001 lines (+2249/-10412)
134 files modified
.pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (+2/-2)
.pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog (+0/-9047)
.pc/add_experimentalDevicePixelRatio.patch/Source/WebKit2/UIProcess/API/qt/qquickwebview.cpp (+16/-0)
.pc/add_experimentalDevicePixelRatio.patch/Source/WebKit2/UIProcess/qt/QtWebPageSGNode.cpp (+5/-2)
.pc/add_module_version.patch/.qmake.conf (+2/-0)
.pc/applied-patches (+0/-1)
.pc/disable_geolocation_501.diff/Source/WebKit/qt/WidgetApi/qwebpage.cpp (+6/-2)
.pc/no_gc_sections.diff/Source/WebCore/WebCore.pri (+3/-5)
.pc/save_memory.diff/Source/WebCore/WebCore.pri (+0/-323)
.qmake.conf (+2/-0)
Source/JavaScriptCore/ChangeLog (+96/-16)
Source/JavaScriptCore/LLIntOffsetsExtractor.pro (+6/-2)
Source/JavaScriptCore/dfg/DFGRepatch.cpp (+4/-4)
Source/JavaScriptCore/heap/BlockAllocator.h (+7/-1)
Source/JavaScriptCore/heap/CopiedBlock.h (+7/-0)
Source/JavaScriptCore/heap/CopiedSpace.cpp (+4/-4)
Source/JavaScriptCore/heap/CopiedSpace.h (+0/-1)
Source/JavaScriptCore/heap/CopiedSpaceInlines.h (+3/-9)
Source/JavaScriptCore/heap/CopyVisitor.h (+1/-1)
Source/JavaScriptCore/heap/CopyVisitorInlines.h (+5/-8)
Source/JavaScriptCore/heap/SlotVisitorInlines.h (+5/-5)
Source/JavaScriptCore/runtime/Butterfly.h (+3/-1)
Source/JavaScriptCore/runtime/ButterflyInlines.h (+7/-0)
Source/JavaScriptCore/runtime/JSObject.cpp (+3/-3)
Source/JavaScriptCore/runtime/MathObject.cpp (+0/-16)
Source/WTF/ChangeLog (+39/-0)
Source/WTF/wtf/MathExtras.h (+22/-0)
Source/WebCore/ChangeLog (+448/-0)
Source/WebCore/Target.pri (+1/-1)
Source/WebCore/WebCore.pri (+3/-7)
Source/WebCore/bindings/js/JSDOMBinding.h (+21/-0)
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (+1/-1)
Source/WebCore/css/StylePropertySet.cpp (+16/-21)
Source/WebCore/css/StylePropertySet.h (+1/-1)
Source/WebCore/css/StyleResolver.cpp (+9/-11)
Source/WebCore/dom/Document.cpp (+4/-2)
Source/WebCore/dom/Element.cpp (+14/-0)
Source/WebCore/dom/Element.h (+2/-0)
Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp (+4/-4)
Source/WebCore/editing/InsertParagraphSeparatorCommand.h (+2/-2)
Source/WebCore/history/HistoryItem.h (+1/-1)
Source/WebCore/history/qt/HistoryItemQt.cpp (+175/-110)
Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp (+7/-2)
Source/WebCore/html/parser/HTMLDocumentParser.cpp (+5/-0)
Source/WebCore/loader/DocumentLoader.cpp (+3/-3)
Source/WebCore/page/FrameView.cpp (+3/-0)
Source/WebCore/platform/graphics/FontCache.cpp (+2/-0)
Source/WebCore/platform/graphics/qt/GraphicsContextQt.cpp (+3/-3)
Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp (+27/-16)
Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h (+1/-1)
Source/WebCore/platform/graphics/texmap/TextureMapper.cpp (+19/-0)
Source/WebCore/platform/graphics/texmap/TextureMapper.h (+4/-2)
Source/WebCore/platform/graphics/texmap/TextureMapperBackingStore.cpp (+26/-0)
Source/WebCore/platform/graphics/texmap/TextureMapperBackingStore.h (+2/-0)
Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp (+18/-7)
Source/WebCore/platform/graphics/texmap/TextureMapperGL.h (+2/-1)
Source/WebCore/platform/graphics/texmap/TextureMapperImageBuffer.cpp (+22/-0)
Source/WebCore/platform/graphics/texmap/TextureMapperImageBuffer.h (+2/-0)
Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp (+32/-3)
Source/WebCore/platform/graphics/texmap/TextureMapperLayer.h (+14/-3)
Source/WebCore/platform/text/TextEncodingRegistry.cpp (+9/-0)
Source/WebCore/plugins/PluginPackage.cpp (+1/-3)
Source/WebCore/rendering/RenderLayer.cpp (+1/-2)
Source/WebCore/rendering/RenderLayer.h (+0/-4)
Source/WebCore/rendering/RenderObject.cpp (+3/-1)
Source/WebCore/rendering/RenderTableSection.cpp (+6/-1)
Source/WebCore/rendering/svg/RenderSVGResourcePattern.cpp (+72/-67)
Source/WebCore/rendering/svg/RenderSVGResourcePattern.h (+2/-0)
Source/WebCore/svg/graphics/SVGImageCache.cpp (+3/-8)
Source/WebCore/xml/parser/XMLDocumentParser.cpp (+5/-0)
Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp (+6/-1)
Source/WebCore/xml/parser/XMLDocumentParserQt.cpp (+6/-0)
Source/WebKit/ChangeLog (+12/-0)
Source/WebKit/WebKit1.pro (+1/-2)
Source/WebKit/qt/Api/qwebhistory.cpp (+33/-25)
Source/WebKit/qt/ChangeLog (+107/-0)
Source/WebKit/qt/WebCoreSupport/NotificationPresenterClientQt.cpp (+58/-5)
Source/WebKit/qt/WebCoreSupport/NotificationPresenterClientQt.h (+8/-3)
Source/WebKit/qt/WebCoreSupport/QWebPageAdapter.cpp (+2/-2)
Source/WebKit/qt/WebCoreSupport/QWebPageAdapter.h (+1/-1)
Source/WebKit/qt/WidgetApi/qwebinspector.cpp (+7/-5)
Source/WebKit/qt/WidgetApi/qwebpage.cpp (+6/-2)
Source/WebKit/qt/tests/qgraphicswebview/resources/scrolltest_page.html (+6/-0)
Source/WebKit/qt/tests/qwebhistory/tst_qwebhistory.cpp (+134/-7)
Source/WebKit/qt/tests/qwebview/resources/scrolltest_page.html (+6/-0)
Source/WebKit2/ChangeLog (+130/-0)
Source/WebKit2/Target.pri (+3/-0)
Source/WebKit2/UIProcess/API/qt/qquickurlschemedelegate.cpp (+27/-0)
Source/WebKit2/UIProcess/API/qt/qquickurlschemedelegate_p.h (+11/-0)
Source/WebKit2/UIProcess/API/qt/qquickwebview.cpp (+16/-0)
Source/WebKit2/UIProcess/API/qt/tests/qmltests/WebView/tst_applicationScheme.qml (+8/-0)
Source/WebKit2/UIProcess/API/qt/tests/qmltests/common/qrctest.html (+6/-0)
Source/WebKit2/UIProcess/API/qt/tests/qmltests/resources.qrc (+1/-0)
Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp (+3/-1)
Source/WebKit2/UIProcess/Launcher/qt/ProcessLauncherQt.cpp (+1/-1)
Source/WebKit2/UIProcess/PageViewportController.cpp (+26/-23)
Source/WebKit2/UIProcess/PageViewportController.h (+3/-5)
Source/WebKit2/UIProcess/qt/PageViewportControllerClientQt.cpp (+11/-10)
Source/WebKit2/UIProcess/qt/QtWebPageEventHandler.cpp (+0/-1)
Source/WebKit2/WebProcess/WebPage/WebPage.cpp (+2/-2)
Source/qtwebkit.qdocconf (+2/-2)
Tools/ChangeLog (+82/-0)
Tools/qmake/config.tests/libjpeg/libjpeg.cpp (+0/-35)
Tools/qmake/config.tests/libjpeg/libjpeg.pro (+0/-3)
Tools/qmake/config.tests/libpng/libpng.cpp (+0/-33)
Tools/qmake/config.tests/libpng/libpng.pro (+0/-3)
Tools/qmake/config.tests/libxml2/libxml2.pro (+7/-2)
Tools/qmake/config.tests/libxslt/libxslt.pro (+7/-2)
Tools/qmake/mkspecs/features/configure.prf (+18/-3)
Tools/qmake/mkspecs/features/default_pre.prf (+3/-0)
Tools/qmake/mkspecs/features/features.prf (+4/-2)
Tools/qmake/mkspecs/features/functions.prf (+19/-0)
Tools/qmake/mkspecs/features/unix/default_pre.prf (+0/-3)
debian/README.source (+0/-27)
debian/TODO.Debian (+0/-4)
debian/changelog (+58/-250)
debian/control (+38/-8)
debian/libqt5webkit5-dev.install (+40/-77)
debian/libqt5webkit5.install (+2/-2)
debian/patches/05_sparc_unaligned_access.diff (+2/-4)
debian/patches/LLIntCLoop32BigEndian.patch (+10/-41)
debian/patches/add_experimentalDevicePixelRatio.patch (+26/-37)
debian/patches/add_module_version.patch (+4/-5)
debian/patches/devicePixelResolution.patch (+4/-4)
debian/patches/disable_geolocation_501.diff (+3/-3)
debian/patches/hurd.diff (+2/-2)
debian/patches/no_gc_sections.diff (+1/-1)
debian/patches/save_memory.diff (+0/-11)
debian/patches/series (+0/-1)
debian/qtwebkit5-doc-html.install (+1/-0)
debian/qtwebkit5-doc.install (+1/-0)
debian/rules (+29/-8)
debian/source/include-binaries (+0/-1)
debian/watch (+1/-1)
To merge this branch: bzr merge lp:~mitya57/ubuntu/saucy/qtwebkit-opensource-src/merge
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+172094@code.launchpad.net

This proposal has been superseded by a proposal from 2013-07-10.

Description of the change

This is a Debian merge. I've also deleted the old changelog entries, like Debian did.

This is all committed to lp:~kubuntu-packagers/kubuntu-packaging/qtwebkit-opensource-src.

Note that I had to modify dd_experimentalDevicePixelRatio.patch to get it applying correctly, it would be nice if someone made sure that that patch still does what it is expected to do.

To post a comment you must log in.
Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

Thanks a lot for the merge, and also the 5.1 adaptation of it committed to the packaging branch.

We have been conservative with qtwebkit so far, because of that add_experimentalDevicePixelRatio.patch which is going away with 5.1 and which the author hasn't rebased himself (bug #1178443). Your modification at least on a first glance looks similar to what I did at http://bazaar.launchpad.net/~kubuntu-packagers/kubuntu-packaging/qtwebkit-opensource-src/revision/27, which was proven to be faulty.

The fix for bug #1171553 also shouldn't be dropped, so I took your branch, added it back and rebuilt. I'm now also building it at qt5-beta2 PPA (although using orig tarball plus packaging branch lp:~kubuntu-packagers/kubuntu-packaging/qtbase-opensource-src_5.0.2, which should be identical). It may then be tested, but if the DPR is still broken it would be best if we stayed at qtwebkit 5.0.1 until Qt 5.1.x, unless a correct rebasing of that patch is done by someone.

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

(I meant lp:~kubuntu-packagers/kubuntu-packaging/qtwebkit-opensource-src_5.0.2 of course)

Revision history for this message
Dmitry Shachnev (mitya57) wrote :

Thanks for the review, even if we stay on 5.0.1, I would still like to merge changes from Debian (i.e. because qtdoc build-depends on qtwebkit5-doc). Please let me know if I should do a separate 5.0.1-based merge.

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

Dmitry: I haven't gotten the 5.0.2 armhf build working, but the first build log seemed like possibly some random hitch somewhere, so I'm trying another one https://launchpad.net/~canonical-qt5-edgers/+archive/qt5-beta2/+build/4769687

The 5.0.2 testing could also take some time better spent on preparing for 5.1.1, so maybe the 5.0.1 + qtdoc merge would be the best route.

Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

(I just noticed the armhf build problems may be caused by toolchain, as even 5.0.1 is failing to build now: https://launchpad.net/ubuntu/+source/qtwebkit-opensource-src/5.0.1-0ubuntu3)

Unmerged revisions

4. By Dmitry Shachnev

* Merge with Debian experimental, remaining changes:
  - Build-depend on qtsensors and qtlocation
  - Add patches:
    + add_experimentalDevicePixelRatio.patch
    + add_module_version.patch
    + devicePixelResolution.patch
    + DidFirstLayout.patch
    + disable_geolocation_501.diff
    + disabling_jit_for_arm.patch
    + file_access.patch
    + fix_gcc48.patch
    + fixTriggerOSKonWebPages.patch
    + LLIntCLoop32BigEndian.patch
  - Add Vcs-Bzr field
* Refresh patches.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file '.pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp'
2--- .pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2013-05-20 12:00:17 +0000
3+++ .pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2013-06-30 08:18:25 +0000
4@@ -1018,13 +1018,13 @@
5 // Recalculate the recommended layout size, when the available size (device pixel) changes.
6 Settings* settings = m_page->settings();
7
8- int minimumLayoutFallbackWidth = std::max(settings->layoutFallbackWidth(), int(m_viewportSize.width() / m_page->deviceScaleFactor()));
9+ int minimumLayoutFallbackWidth = std::max(settings->layoutFallbackWidth(), m_viewportSize.width());
10
11 // If unset we use the viewport dimensions. This fits with the behavior of desktop browsers.
12 int deviceWidth = (settings->deviceWidth() > 0) ? settings->deviceWidth() : m_viewportSize.width();
13 int deviceHeight = (settings->deviceHeight() > 0) ? settings->deviceHeight() : m_viewportSize.height();
14
15- ViewportAttributes attr = computeViewportAttributes(m_page->viewportArguments(), minimumLayoutFallbackWidth, deviceWidth, deviceHeight, m_page->deviceScaleFactor(), m_viewportSize);
16+ ViewportAttributes attr = computeViewportAttributes(m_page->viewportArguments(), minimumLayoutFallbackWidth, deviceWidth, deviceHeight, 1, m_viewportSize);
17 attr.initialScale = m_page->viewportArguments().zoom; // Resets auto (-1) if no value was set by user.
18
19 // This also takes care of the relayout.
20
21=== removed file '.pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog'
22--- .pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog 2013-05-20 12:00:17 +0000
23+++ .pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog 1970-01-01 00:00:00 +0000
24@@ -1,9047 +0,0 @@
25-2012-12-17 Jonathan Liu <net147@gmail.com>
26-
27- Fix Math.pow implementation with MinGW-w64
28- https://bugs.webkit.org/show_bug.cgi?id=105087
29-
30- Reviewed by Simon Hausmann.
31-
32- The MinGW-w64 runtime has different behaviour for pow()
33- compared to other C runtimes. This results in the following
34- test262 tests failing with the latest MinGW-w64 runtime:
35- - S15.8.2.13_A14
36- - S15.8.2.13_A16
37- - S15.8.2.13_A20
38- - S15.8.2.13_A22
39-
40- Handle the special cases that are different with MinGW-w64.
41-
42- * runtime/MathObject.cpp:
43- (JSC::mathPow):
44-
45-2012-12-07 Jonathan Liu <net147@gmail.com>
46-
47- Add missing forward declaration for JSC::ArrayAllocationProfile
48- https://bugs.webkit.org/show_bug.cgi?id=104425
49-
50- Reviewed by Kentaro Hara.
51-
52- The header for the JSC::ArrayConstructor class is missing a forward
53- declaration for the JSC::ArrayAllocationProfile class which causes
54- compilation to fail when compiling with MinGW-w64.
55-
56- * runtime/ArrayConstructor.h:
57- (JSC):
58-
59-2012-12-07 Jonathan Liu <net147@gmail.com>
60-
61- Add missing const qualifier to JSC::CodeBlock::getJITType()
62- https://bugs.webkit.org/show_bug.cgi?id=104424
63-
64- Reviewed by Laszlo Gombos.
65-
66- JSC::CodeBlock::getJITType() has the const qualifier when JIT is
67- enabled but is missing the const qualifier when JIT is disabled.
68-
69- * bytecode/CodeBlock.h:
70- (JSC::CodeBlock::getJITType):
71-
72-2012-11-30 Pierre Rossi <pierre.rossi@gmail.com>
73-
74- [Qt] Unreviewed speculative Mac build fix after r136232
75-
76- Update the include path so that LLIntAssembly.h is picked up.
77- The bot didn't break until later when a clean build was triggered.
78-
79- * JavaScriptCore.pri:
80-
81-2012-11-30 Allan Sandfeld Jensen <allan.jensen@digia.com>
82-
83- Crash in conversion of empty OpaqueJSString to Identifier
84- https://bugs.webkit.org/show_bug.cgi?id=101867
85-
86- Reviewed by NOBODY (OOPS!).
87-
88- The constructor call used for both null and empty OpaqueJSStrings results
89- in an assertion voilation and crash. This patch instead uses the Identifier
90- constructors which are specifically for null and empty Identifier.
91-
92- * API/OpaqueJSString.cpp:
93- (OpaqueJSString::identifier):
94-
95-2012-11-30 Tor Arne Vestbø <tor.arne.vestbo@digia.com>
96-
97- [Qt] Place the LLIntOffsetsExtractor binaries in debug/release subdirs on Mac
98-
99- Otherwise we'll end up using the same LLIntAssembly.h for both build
100- configs of JavaScriptCore -- one of them which will be for the wrong
101- config.
102-
103- Reviewed by Simon Hausmann.
104-
105- * LLIntOffsetsExtractor.pro:
106-
107-2012-11-30 Julien BRIANCEAU <jbrianceau@nds.com>
108-
109- [sh4] Fix compilation warnings in JavaScriptCore JIT for sh4 arch
110- https://bugs.webkit.org/show_bug.cgi?id=103378
111-
112- Reviewed by Filip Pizlo.
113-
114- * assembler/MacroAssemblerSH4.h:
115- (JSC::MacroAssemblerSH4::branchTest32):
116- (JSC::MacroAssemblerSH4::branchAdd32):
117- (JSC::MacroAssemblerSH4::branchMul32):
118- (JSC::MacroAssemblerSH4::branchSub32):
119- (JSC::MacroAssemblerSH4::branchOr32):
120-
121-2012-11-29 Rafael Weinstein <rafaelw@chromium.org>
122-
123- [HTMLTemplateElement] Add feature flag
124- https://bugs.webkit.org/show_bug.cgi?id=103694
125-
126- Reviewed by Adam Barth.
127-
128- This flag will guard the implementation of the HTMLTemplateElement.
129- http://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html
130-
131- * Configurations/FeatureDefines.xcconfig:
132-
133-2012-11-29 Filip Pizlo <fpizlo@apple.com>
134-
135- It should be easy to find code blocks in debug dumps
136- https://bugs.webkit.org/show_bug.cgi?id=103623
137-
138- Reviewed by Goeffrey Garen.
139-
140- This gives CodeBlock a relatively strong, but also relatively compact, hash. We compute
141- it lazily so that it only impacts run-time when debug support is enabled. We stringify
142- it smartly so that it's short and easy to type. We base it on the source code so that
143- the optimization level is irrelevant. And, we use SHA1 since it's already in our code
144- base. Now, when a piece of code wants to print some debugging to say that it's operating
145- on some code block, it can use this CodeBlockHash instead of memory addresses.
146-
147- This also takes CodeBlock debugging into the new world of print() and dataLog(). In
148- particular, CodeBlock::dump() corresponds to the thing you want printed if you do:
149-
150- dataLog("I heart ", *myCodeBlock);
151-
152- Probably, you want to just print some identifying information at this point rather than
153- the full bytecode dump. So, the existing CodeBlock::dump() has been renamed to
154- CodeBlock::dumpBytecode(), and CodeBlock::dump() now prints the CodeBlockHash plus just
155- a few little tidbits.
156-
157- Here's an example of CodeBlock::dump() output:
158-
159- EkILzr:[0x103883a00, BaselineFunctionCall]
160-
161- EkILzr is the CodeBlockHash. 0x103883a00 is the CodeBlock's address in memory. The other
162- part is self-explanatory.
163-
164- Finally, this new notion of CodeBlockHash is available for other purposes like bisecting
165- breakage. As such CodeBlockHash has all of the comparison operator overloads. When
166- bisecting in DFGDriver.cpp, you can now say things like:
167-
168- if (codeBlock->hash() < CodeBlockHash("CAAAAA"))
169- return false;
170-
171- And yes, CAAAAA is near the median hash, and the largest one is smaller than E99999. Such
172- is life when you use base 62 to encode a 32-bit number.
173-
174- * CMakeLists.txt:
175- * GNUmakefile.list.am:
176- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
177- * JavaScriptCore.xcodeproj/project.pbxproj:
178- * Target.pri:
179- * bytecode/CallLinkInfo.h:
180- (CallLinkInfo):
181- (JSC::CallLinkInfo::specializationKind):
182- * bytecode/CodeBlock.cpp:
183- (JSC::CodeBlock::hash):
184- (JSC):
185- (JSC::CodeBlock::dumpAssumingJITType):
186- (JSC::CodeBlock::dump):
187- (JSC::CodeBlock::dumpBytecode):
188- (JSC::CodeBlock::CodeBlock):
189- (JSC::CodeBlock::finalizeUnconditionally):
190- (JSC::CodeBlock::resetStubInternal):
191- (JSC::CodeBlock::reoptimize):
192- (JSC::ProgramCodeBlock::jettison):
193- (JSC::EvalCodeBlock::jettison):
194- (JSC::FunctionCodeBlock::jettison):
195- (JSC::CodeBlock::shouldOptimizeNow):
196- (JSC::CodeBlock::tallyFrequentExitSites):
197- (JSC::CodeBlock::dumpValueProfiles):
198- * bytecode/CodeBlock.h:
199- (JSC::CodeBlock::specializationKind):
200- (CodeBlock):
201- (JSC::CodeBlock::getJITType):
202- * bytecode/CodeBlockHash.cpp: Added.
203- (JSC):
204- (JSC::CodeBlockHash::CodeBlockHash):
205- (JSC::CodeBlockHash::dump):
206- * bytecode/CodeBlockHash.h: Added.
207- (JSC):
208- (CodeBlockHash):
209- (JSC::CodeBlockHash::CodeBlockHash):
210- (JSC::CodeBlockHash::hash):
211- (JSC::CodeBlockHash::operator==):
212- (JSC::CodeBlockHash::operator!=):
213- (JSC::CodeBlockHash::operator<):
214- (JSC::CodeBlockHash::operator>):
215- (JSC::CodeBlockHash::operator<=):
216- (JSC::CodeBlockHash::operator>=):
217- * bytecode/CodeBlockWithJITType.h: Added.
218- (JSC):
219- (CodeBlockWithJITType):
220- (JSC::CodeBlockWithJITType::CodeBlockWithJITType):
221- (JSC::CodeBlockWithJITType::dump):
222- * bytecode/CodeOrigin.cpp: Added.
223- (JSC):
224- (JSC::CodeOrigin::inlineDepthForCallFrame):
225- (JSC::CodeOrigin::inlineDepth):
226- (JSC::CodeOrigin::inlineStack):
227- (JSC::InlineCallFrame::hash):
228- * bytecode/CodeOrigin.h:
229- (InlineCallFrame):
230- (JSC::InlineCallFrame::specializationKind):
231- (JSC):
232- * bytecode/CodeType.cpp: Added.
233- (WTF):
234- (WTF::printInternal):
235- * bytecode/CodeType.h:
236- (WTF):
237- * bytecode/ExecutionCounter.cpp:
238- (JSC::ExecutionCounter::dump):
239- * bytecode/ExecutionCounter.h:
240- (ExecutionCounter):
241- * dfg/DFGByteCodeParser.cpp:
242- (JSC::DFG::ByteCodeParser::parseCodeBlock):
243- * dfg/DFGDisassembler.cpp:
244- (JSC::DFG::Disassembler::dump):
245- * dfg/DFGGraph.cpp:
246- (JSC::DFG::Graph::dumpCodeOrigin):
247- * dfg/DFGOSRExitCompiler.cpp:
248- * dfg/DFGOperations.cpp:
249- * dfg/DFGRepatch.cpp:
250- (JSC::DFG::generateProtoChainAccessStub):
251- (JSC::DFG::tryCacheGetByID):
252- (JSC::DFG::tryBuildGetByIDList):
253- (JSC::DFG::emitPutReplaceStub):
254- (JSC::DFG::emitPutTransitionStub):
255- (JSC::DFG::dfgLinkClosureCall):
256- * interpreter/Interpreter.cpp:
257- (JSC::Interpreter::dumpCallFrame):
258- * jit/JITCode.cpp: Added.
259- (WTF):
260- (WTF::printInternal):
261- * jit/JITCode.h:
262- (JSC::JITCode::jitType):
263- (WTF):
264- * jit/JITDisassembler.cpp:
265- (JSC::JITDisassembler::dump):
266- (JSC::JITDisassembler::dumpForInstructions):
267- * jit/JITPropertyAccess.cpp:
268- (JSC::JIT::privateCompilePutByIdTransition):
269- (JSC::JIT::privateCompilePatchGetArrayLength):
270- (JSC::JIT::privateCompileGetByIdProto):
271- (JSC::JIT::privateCompileGetByIdSelfList):
272- (JSC::JIT::privateCompileGetByIdProtoList):
273- (JSC::JIT::privateCompileGetByIdChainList):
274- (JSC::JIT::privateCompileGetByIdChain):
275- (JSC::JIT::privateCompileGetByVal):
276- (JSC::JIT::privateCompilePutByVal):
277- * jit/JITPropertyAccess32_64.cpp:
278- (JSC::JIT::privateCompilePutByIdTransition):
279- (JSC::JIT::privateCompilePatchGetArrayLength):
280- (JSC::JIT::privateCompileGetByIdProto):
281- (JSC::JIT::privateCompileGetByIdSelfList):
282- (JSC::JIT::privateCompileGetByIdProtoList):
283- (JSC::JIT::privateCompileGetByIdChainList):
284- (JSC::JIT::privateCompileGetByIdChain):
285- * jit/JITStubs.cpp:
286- (JSC::DEFINE_STUB_FUNCTION):
287- * runtime/CodeSpecializationKind.cpp: Added.
288- (WTF):
289- (WTF::printInternal):
290- * runtime/CodeSpecializationKind.h:
291- (JSC::specializationFromIsCall):
292- (JSC):
293- (JSC::specializationFromIsConstruct):
294- (WTF):
295- * runtime/Executable.cpp:
296- (JSC::ExecutableBase::hashFor):
297- (JSC):
298- (JSC::NativeExecutable::hashFor):
299- (JSC::ScriptExecutable::hashFor):
300- * runtime/Executable.h:
301- (ExecutableBase):
302- (NativeExecutable):
303- (ScriptExecutable):
304- (JSC::ScriptExecutable::source):
305-
306-2012-11-29 Michael Saboff <msaboff@apple.com>
307-
308- Speculative Windows build fix after r136086.
309-
310- Unreviewed build fix.
311-
312- Suspect that ?setDumpsGeneratedCode@BytecodeGenerator@JSC@@SAX_N@Z needs to be removed from Windows
313- export list since the symbol was removed in r136086.
314-
315- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
316-
317-2012-11-28 Filip Pizlo <fpizlo@apple.com>
318-
319- SpeculatedType dumping should not use the static char buffer[thingy] idiom
320- https://bugs.webkit.org/show_bug.cgi?id=103584
321-
322- Reviewed by Michael Saboff.
323-
324- Changed SpeculatedType to be "dumpable" by saying things like:
325-
326- dataLog("thingy = ", SpeculationDump(thingy))
327-
328- Removed the old stringification functions, and changed all code that referred to them
329- to use the new dataLog()/print() style.
330-
331- * CMakeLists.txt:
332- * GNUmakefile.list.am:
333- * JavaScriptCore.xcodeproj/project.pbxproj:
334- * Target.pri:
335- * bytecode/SpeculatedType.cpp:
336- (JSC::dumpSpeculation):
337- (JSC::speculationToAbbreviatedString):
338- (JSC::dumpSpeculationAbbreviated):
339- * bytecode/SpeculatedType.h:
340- * bytecode/ValueProfile.h:
341- (JSC::ValueProfileBase::dump):
342- * bytecode/VirtualRegister.h:
343- (WTF::printInternal):
344- * dfg/DFGAbstractValue.h:
345- (JSC::DFG::AbstractValue::dump):
346- * dfg/DFGByteCodeParser.cpp:
347- (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
348- (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
349- * dfg/DFGGraph.cpp:
350- (JSC::DFG::Graph::dump):
351- (JSC::DFG::Graph::predictArgumentTypes):
352- * dfg/DFGGraph.h:
353- (Graph):
354- * dfg/DFGStructureAbstractValue.h:
355- * dfg/DFGVariableAccessDataDump.cpp: Added.
356- (JSC::DFG::VariableAccessDataDump::VariableAccessDataDump):
357- (JSC::DFG::VariableAccessDataDump::dump):
358- * dfg/DFGVariableAccessDataDump.h: Added.
359- (VariableAccessDataDump):
360-
361-2012-11-28 Michael Saboff <msaboff@apple.com>
362-
363- Change Bytecompiler s_dumpsGeneratedCode to an Options value
364- https://bugs.webkit.org/show_bug.cgi?id=103588
365-
366- Reviewed by Filip Pizlo.
367-
368- Moved the control of dumping bytecodes to Options::dumpGeneratedBytecodes.
369-
370- * bytecode/CodeBlock.cpp:
371- (JSC::CodeBlock::CodeBlock):
372- * bytecompiler/BytecodeGenerator.cpp:
373- * bytecompiler/BytecodeGenerator.h:
374- * jsc.cpp:
375- (runWithScripts):
376- * runtime/Options.h:
377-
378-2012-11-28 Mark Hahnenberg <mhahnenberg@apple.com>
379-
380- Copying phase should use work lists
381- https://bugs.webkit.org/show_bug.cgi?id=101390
382-
383- Reviewed by Filip Pizlo.
384-
385- * JavaScriptCore.xcodeproj/project.pbxproj:
386- * heap/BlockAllocator.cpp:
387- (JSC::BlockAllocator::BlockAllocator):
388- * heap/BlockAllocator.h: New RegionSet for CopyWorkListSegments.
389- (BlockAllocator):
390- (JSC::CopyWorkListSegment):
391- * heap/CopiedBlock.h: Added a per-block CopyWorkList to keep track of the JSCells that need to be revisited during the copying
392- phase to copy their backing stores.
393- (CopiedBlock):
394- (JSC::CopiedBlock::CopiedBlock):
395- (JSC::CopiedBlock::didSurviveGC):
396- (JSC::CopiedBlock::didEvacuateBytes): There is now a one-to-one relationship between GCThreads and the CopiedBlocks they're
397- responsible for evacuating, we no longer need any of that fancy compare and swap stuff.
398- (JSC::CopiedBlock::pin):
399- (JSC::CopiedBlock::hasWorkList):
400- (JSC::CopiedBlock::workList):
401- * heap/CopiedBlockInlines.h: Added.
402- (JSC::CopiedBlock::reportLiveBytes): Since we now have to grab a SpinLock to perform operations on the CopyWorkList during marking,
403- we don't need to do any of that fancy compare and swap stuff we were doing for tracking live bytes.
404- * heap/CopiedSpace.h:
405- (CopiedSpace):
406- * heap/CopiedSpaceInlines.h:
407- (JSC::CopiedSpace::pin):
408- * heap/CopyVisitor.cpp:
409- (JSC::CopyVisitor::copyFromShared): We now iterate over a range of CopiedBlocks rather than MarkedBlocks and revisit the cells in those
410- blocks' CopyWorkLists.
411- * heap/CopyVisitor.h:
412- (CopyVisitor):
413- * heap/CopyVisitorInlines.h:
414- (JSC::CopyVisitor::visitCell): The function responsible for calling the correct copyBackingStore() function for each JSCell from
415- a CopiedBlock's CopyWorkList.
416- (JSC::CopyVisitor::didCopy): We no longer need to check if the block is empty here because we know exactly when we're done
417- evacuating a CopiedBlock, which is when we've gone through all of the CopiedBlock's CopyWorkList.
418- * heap/CopyWorkList.h: Added.
419- (CopyWorkListSegment): Individual chunk of a CopyWorkList that is allocated from the BlockAllocator.
420- (JSC::CopyWorkListSegment::create):
421- (JSC::CopyWorkListSegment::size):
422- (JSC::CopyWorkListSegment::isFull):
423- (JSC::CopyWorkListSegment::get):
424- (JSC::CopyWorkListSegment::append):
425- (JSC::CopyWorkListSegment::CopyWorkListSegment):
426- (JSC::CopyWorkListSegment::data):
427- (JSC::CopyWorkListSegment::endOfBlock):
428- (CopyWorkListIterator): Responsible for giving CopyVisitors a contiguous notion of access across the separate CopyWorkListSegments
429- that make up each CopyWorkList.
430- (JSC::CopyWorkListIterator::get):
431- (JSC::CopyWorkListIterator::operator*):
432- (JSC::CopyWorkListIterator::operator->):
433- (JSC::CopyWorkListIterator::operator++):
434- (JSC::CopyWorkListIterator::operator==):
435- (JSC::CopyWorkListIterator::operator!=):
436- (JSC::CopyWorkListIterator::CopyWorkListIterator):
437- (CopyWorkList): Data structure that keeps track of the JSCells that need copying in a particular CopiedBlock.
438- (JSC::CopyWorkList::CopyWorkList):
439- (JSC::CopyWorkList::~CopyWorkList):
440- (JSC::CopyWorkList::append):
441- (JSC::CopyWorkList::begin):
442- (JSC::CopyWorkList::end):
443- * heap/GCThreadSharedData.cpp:
444- (JSC::GCThreadSharedData::GCThreadSharedData): We no longer use the m_blockSnapshot from the Heap during the copying phase.
445- (JSC::GCThreadSharedData::didStartCopying): We now copy the set of all blocks in the CopiedSpace to a separate vector for
446- iterating over during the copying phase since the set stored in the CopiedSpace will change as blocks are evacuated and
447- recycled throughout the copying phase.
448- * heap/GCThreadSharedData.h:
449- (GCThreadSharedData):
450- * heap/Heap.h:
451- (Heap):
452- * heap/SlotVisitor.h: We now need to know the object who is being marked that has a backing store so that we can store it
453- in a CopyWorkList to revisit later during the copying phase.
454- * heap/SlotVisitorInlines.h:
455- (JSC::SlotVisitor::copyLater):
456- * runtime/JSObject.cpp:
457- (JSC::JSObject::visitButterfly):
458-
459-2012-11-28 Filip Pizlo <fpizlo@apple.com>
460-
461- Disassembly methods should be able to disassemble to any PrintStream& rather than always using WTF::dataFile()
462- https://bugs.webkit.org/show_bug.cgi?id=103492
463-
464- Reviewed by Mark Hahnenberg.
465-
466- Switched disassembly code to use PrintStream&, and to use print() rather than printf().
467-
468- * dfg/DFGDisassembler.cpp:
469- (JSC::DFG::Disassembler::dump):
470- (DFG):
471- (JSC::DFG::Disassembler::dumpDisassembly):
472- * dfg/DFGDisassembler.h:
473- (Disassembler):
474- * dfg/DFGGraph.cpp:
475- (JSC::DFG::printWhiteSpace):
476- (JSC::DFG::Graph::dumpCodeOrigin):
477- (JSC::DFG::Graph::printNodeWhiteSpace):
478- (JSC::DFG::Graph::dump):
479- (DFG):
480- (JSC::DFG::Graph::dumpBlockHeader):
481- * dfg/DFGGraph.h:
482- (Graph):
483- * jit/JITDisassembler.cpp:
484- (JSC::JITDisassembler::dump):
485- (JSC::JITDisassembler::dumpForInstructions):
486- (JSC::JITDisassembler::dumpDisassembly):
487- * jit/JITDisassembler.h:
488- (JITDisassembler):
489-
490-2012-11-28 Filip Pizlo <fpizlo@apple.com>
491-
492- It should be possible to say dataLog("count = ", count, "\n") instead of dataLogF("count = %d\n", count)
493- https://bugs.webkit.org/show_bug.cgi?id=103009
494-
495- Reviewed by Michael Saboff.
496-
497- Instead of converting all of JSC to use the new dataLog()/print() methods, I just changed
498- one place: dumping of abstract values. This is mainly just to ensure that the code I
499- added to WTF is actually doing things.
500-
501- * bytecode/CodeBlock.cpp:
502- (JSC::CodeBlock::dump):
503- * dfg/DFGAbstractValue.h:
504- (JSC::DFG::AbstractValue::dump):
505- (WTF):
506- (WTF::printInternal):
507- * dfg/DFGStructureAbstractValue.h:
508- (JSC::DFG::StructureAbstractValue::dump):
509- (WTF):
510- (WTF::printInternal):
511-
512-2012-11-28 Oliver Hunt <oliver@apple.com>
513-
514- Make source cache include more information about the function extent.
515- https://bugs.webkit.org/show_bug.cgi?id=103552
516-
517- Reviewed by Gavin Barraclough.
518-
519- Add a bit more information to the source cache.
520-
521- * parser/Parser.cpp:
522- (JSC::::parseFunctionInfo):
523- Store the function start offset
524- * parser/SourceProviderCacheItem.h:
525- (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
526- (SourceProviderCacheItem):
527- Add additional field for the start of the real function string, and re-arrange
528- fields to avoid growing the struct.
529-
530-2012-11-27 Filip Pizlo <fpizlo@apple.com>
531-
532- Convert some remaining uses of FILE* to PrintStream&.
533-
534- Rubber stamped by Mark Hahnenberg.
535-
536- * bytecode/ValueProfile.h:
537- (JSC::ValueProfileBase::dump):
538- * bytecode/ValueRecovery.h:
539- (JSC::ValueRecovery::dump):
540- * dfg/DFGByteCodeParser.cpp:
541- (JSC::DFG::ByteCodeParser::parseCodeBlock):
542- * dfg/DFGNode.h:
543- (JSC::DFG::Node::dumpChildren):
544-
545-2012-11-27 Filip Pizlo <fpizlo@apple.com>
546-
547- Fix indentation in JSValue.h
548-
549- Rubber stamped by Mark Hahnenberg.
550-
551- * runtime/JSValue.h:
552-
553-2012-11-26 Filip Pizlo <fpizlo@apple.com>
554-
555- DFG SetLocal should use forwardSpeculationCheck instead of its own half-baked version of same
556- https://bugs.webkit.org/show_bug.cgi?id=103353
557-
558- Reviewed by Oliver Hunt and Gavin Barraclough.
559-
560- Made it possible to use forward speculations for most of the operand classes. Changed the conditional
561- direction parameter from being 'bool isForward' to an enum (SpeculationDirection). Changed SetLocal
562- to use forward speculations and got rid of its half-baked version of same.
563-
564- Also added the ability to force the DFG's disassembler to dump all nodes, even ones that are dead.
565-
566- * dfg/DFGByteCodeParser.cpp:
567- (JSC::DFG::ByteCodeParser::parseBlock):
568- * dfg/DFGDisassembler.cpp:
569- (JSC::DFG::Disassembler::dump):
570- * dfg/DFGDriver.cpp:
571- (JSC::DFG::compile):
572- * dfg/DFGSpeculativeJIT.cpp:
573- (JSC::DFG::SpeculativeJIT::speculationCheck):
574- (DFG):
575- (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
576- (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
577- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
578- (JSC::DFG::SpeculativeJIT::fillStorage):
579- * dfg/DFGSpeculativeJIT.h:
580- (SpeculativeJIT):
581- (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
582- (JSC::DFG::SpeculateIntegerOperand::gpr):
583- (SpeculateIntegerOperand):
584- (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
585- (JSC::DFG::SpeculateDoubleOperand::fpr):
586- (SpeculateDoubleOperand):
587- (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
588- (JSC::DFG::SpeculateCellOperand::gpr):
589- (SpeculateCellOperand):
590- (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
591- (JSC::DFG::SpeculateBooleanOperand::gpr):
592- (SpeculateBooleanOperand):
593- * dfg/DFGSpeculativeJIT32_64.cpp:
594- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
595- (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
596- (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
597- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
598- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
599- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
600- (JSC::DFG::SpeculativeJIT::compile):
601- * dfg/DFGSpeculativeJIT64.cpp:
602- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
603- (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
604- (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
605- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
606- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
607- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
608- (JSC::DFG::SpeculativeJIT::compile):
609- * runtime/Options.h:
610- (JSC):
611-
612-2012-11-26 Daniel Bates <dbates@webkit.org>
613-
614- Substitute "allSeparators8Bit" for "allSeperators8Bit" in JSC::jsSpliceSubstringsWithSeparators()
615- <https://bugs.webkit.org/show_bug.cgi?id=103303>
616-
617- Reviewed by Simon Fraser.
618-
619- Fix misspelled word, "Seperators" [sic], in a local variable name in JSC::jsSpliceSubstringsWithSeparators().
620-
621- * runtime/StringPrototype.cpp:
622- (JSC::jsSpliceSubstringsWithSeparators):
623-
624-2012-11-26 Daniel Bates <dbates@webkit.org>
625-
626- JavaScript fails to handle String.replace() with large replacement string
627- https://bugs.webkit.org/show_bug.cgi?id=102956
628- <rdar://problem/12738012>
629-
630- Reviewed by Oliver Hunt.
631-
632- Fix an issue where we didn't check for overflow when computing the length
633- of the result of String.replace() with a large replacement string.
634-
635- * runtime/StringPrototype.cpp:
636- (JSC::jsSpliceSubstringsWithSeparators):
637-
638-2012-11-26 Zeno Albisser <zeno@webkit.org>
639-
640- [Qt] Fix the LLInt build on Mac
641- https://bugs.webkit.org/show_bug.cgi?id=97587
642-
643- Reviewed by Simon Hausmann.
644-
645- * DerivedSources.pri:
646- * JavaScriptCore.pro:
647-
648-2012-11-26 Oliver Hunt <oliver@apple.com>
649-
650- 32-bit build fix. Move the method decalration outside of the X86_64 only section.
651-
652- * assembler/MacroAssembler.h:
653- (MacroAssembler):
654- (JSC::MacroAssembler::shouldConsiderBlinding):
655-
656-2012-11-26 Oliver Hunt <oliver@apple.com>
657-
658- Don't blind all the things.
659- https://bugs.webkit.org/show_bug.cgi?id=102572
660-
661- Reviewed by Gavin Barraclough.
662-
663- No longer blind all the constants in the instruction stream. We use a
664- simple non-deterministic filter to avoid blinding everything. Also modified
665- the basic integer blinding logic to avoid blinding small negative values.
666-
667- * assembler/MacroAssembler.h:
668- (MacroAssembler):
669- (JSC::MacroAssembler::shouldConsiderBlinding):
670- (JSC::MacroAssembler::shouldBlind):
671-
672-2012-11-26 Mark Hahnenberg <mhahnenberg@apple.com>
673-
674- JSObject::copyButterfly doesn't handle undecided indexing types correctly
675- https://bugs.webkit.org/show_bug.cgi?id=102573
676-
677- Reviewed by Filip Pizlo.
678-
679- We don't do any copying into the newly allocated vector and we don't zero-initialize CopiedBlocks
680- during the copying phase, so we end up with uninitialized memory in arrays which have undecided indexing
681- types. We should just do the actual memcpy from the old block to the new one.
682-
683- * runtime/JSObject.cpp:
684- (JSC::JSObject::copyButterfly): Just do the same thing that we do for other contiguous indexing types.
685-
686-2012-11-26 Julien BRIANCEAU <jbrianceau@nds.com>
687-
688- [sh4] JavaScriptCore JIT build is broken since r135330
689- Add missing implementation for sh4 arch.
690- https://bugs.webkit.org/show_bug.cgi?id=103145
691-
692- Reviewed by Oliver Hunt.
693-
694- * assembler/MacroAssemblerSH4.h:
695- (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranchPtrWithPatch):
696- (MacroAssemblerSH4):
697- (JSC::MacroAssemblerSH4::startOfBranchPtrWithPatchOnRegister):
698- (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch):
699- (JSC::MacroAssemblerSH4::startOfPatchableBranchPtrWithPatchOnAddress):
700- (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranchPtrWithPatch):
701- * assembler/SH4Assembler.h:
702- (JSC::SH4Assembler::revertJump):
703- (SH4Assembler):
704- (JSC::SH4Assembler::printInstr):
705-
706-2012-11-26 Yuqiang Xian <yuqiang.xian@intel.com>
707-
708- Use load64 instead of loadPtr to load a JSValue on JSVALUE64 platforms
709- https://bugs.webkit.org/show_bug.cgi?id=100909
710-
711- Reviewed by Brent Fulgham.
712-
713- This is a (trivial) fix after r132701.
714-
715- * dfg/DFGOSRExitCompiler64.cpp:
716- (JSC::DFG::OSRExitCompiler::compileExit):
717-
718-2012-11-26 Gabor Ballabas <gaborb@inf.u-szeged.hu>
719-
720- [Qt][ARM] REGRESSION(r130826): It made 33 JSC test and 466 layout tests crash
721- https://bugs.webkit.org/show_bug.cgi?id=98857
722-
723- Reviewed by Zoltan Herczeg.
724-
725- Implement a new version of patchableBranch32 to fix crashing JSC
726- tests.
727-
728- * assembler/MacroAssembler.h:
729- (MacroAssembler):
730- * assembler/MacroAssemblerARM.h:
731- (JSC::MacroAssemblerARM::patchableBranch32):
732- (MacroAssemblerARM):
733-
734-2012-11-21 Filip Pizlo <fpizlo@apple.com>
735-
736- Any function that can log things should be able to easily log them to a memory buffer as well
737- https://bugs.webkit.org/show_bug.cgi?id=103000
738-
739- Reviewed by Sam Weinig.
740-
741- Change all users of WTF::dataFile() to expect a PrintStream& rather than a FILE*.
742-
743- * bytecode/Operands.h:
744- (JSC::OperandValueTraits::dump):
745- (JSC::dumpOperands):
746- (JSC):
747- * dfg/DFGAbstractState.cpp:
748- (JSC::DFG::AbstractState::dump):
749- * dfg/DFGAbstractState.h:
750- (AbstractState):
751- * dfg/DFGAbstractValue.h:
752- (JSC::DFG::AbstractValue::dump):
753- * dfg/DFGCommon.h:
754- (JSC::DFG::NodeIndexTraits::dump):
755- * dfg/DFGStructureAbstractValue.h:
756- (JSC::DFG::StructureAbstractValue::dump):
757- * dfg/DFGVariableEvent.cpp:
758- (JSC::DFG::VariableEvent::dump):
759- (JSC::DFG::VariableEvent::dumpFillInfo):
760- (JSC::DFG::VariableEvent::dumpSpillInfo):
761- * dfg/DFGVariableEvent.h:
762- (VariableEvent):
763- * disassembler/Disassembler.h:
764- (JSC):
765- (JSC::tryToDisassemble):
766- * disassembler/UDis86Disassembler.cpp:
767- (JSC::tryToDisassemble):
768-
769-2012-11-23 Alexis Menard <alexis@webkit.org>
770-
771- [CSS3 Backgrounds and Borders] Implement new CSS3 background-position parsing.
772- https://bugs.webkit.org/show_bug.cgi?id=102104
773-
774- Reviewed by Julien Chaffraix.
775-
776- Protect the new feature behind a feature flag.
777-
778- * Configurations/FeatureDefines.xcconfig:
779-
780-2012-11-23 Gabor Ballabas <gaborb@inf.u-szeged.hu>
781-
782- Fix the ARM traditional build after r135330
783- https://bugs.webkit.org/show_bug.cgi?id=102871
784-
785- Reviewed by Zoltan Herczeg.
786-
787- Added missing functionality to traditional ARM architecture.
788-
789- * assembler/ARMAssembler.h:
790- (JSC::ARMAssembler::revertJump):
791- (ARMAssembler):
792- * assembler/MacroAssemblerARM.h:
793- (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatchOnAddress):
794- (JSC::MacroAssemblerARM::startOfBranchPtrWithPatchOnRegister):
795- (MacroAssemblerARM):
796- (JSC::MacroAssemblerARM::revertJumpReplacementToBranchPtrWithPatch):
797-
798-2012-11-16 Yury Semikhatsky <yurys@chromium.org>
799-
800- Memory instrumentation: extract MemoryObjectInfo declaration into a separate file
801- https://bugs.webkit.org/show_bug.cgi?id=102510
802-
803- Reviewed by Pavel Feldman.
804-
805- Added new symbols for the methods that have moved into .../wtf/MemoryInstrumentation.cpp
806-
807- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
808-
809-2012-11-23 Julien BRIANCEAU <jbrianceau@nds.com>
810-
811- [sh4] JavaScriptCore JIT build is broken since r130839
812- Add missing implementation for sh4 arch.
813- https://bugs.webkit.org/show_bug.cgi?id=101479
814-
815- Reviewed by Filip Pizlo.
816-
817- * assembler/MacroAssemblerSH4.h:
818- (JSC::MacroAssemblerSH4::load8Signed):
819- (MacroAssemblerSH4):
820- (JSC::MacroAssemblerSH4::load16Signed):
821- (JSC::MacroAssemblerSH4::store8):
822- (JSC::MacroAssemblerSH4::store16):
823- (JSC::MacroAssemblerSH4::moveDoubleToInts):
824- (JSC::MacroAssemblerSH4::moveIntsToDouble):
825- (JSC::MacroAssemblerSH4::loadFloat):
826- (JSC::MacroAssemblerSH4::loadDouble):
827- (JSC::MacroAssemblerSH4::storeFloat):
828- (JSC::MacroAssemblerSH4::storeDouble):
829- (JSC::MacroAssemblerSH4::addDouble):
830- (JSC::MacroAssemblerSH4::convertFloatToDouble):
831- (JSC::MacroAssemblerSH4::convertDoubleToFloat):
832- (JSC::MacroAssemblerSH4::urshift32):
833- * assembler/SH4Assembler.h:
834- (JSC::SH4Assembler::sublRegReg):
835- (JSC::SH4Assembler::subvlRegReg):
836- (JSC::SH4Assembler::floatfpulfrn):
837- (JSC::SH4Assembler::fldsfpul):
838- (JSC::SH4Assembler::fstsfpul):
839- (JSC::SH4Assembler::dcnvsd):
840- (SH4Assembler):
841- (JSC::SH4Assembler::movbRegMem):
842- (JSC::SH4Assembler::sizeOfConstantPool):
843- (JSC::SH4Assembler::linkJump):
844- (JSC::SH4Assembler::printInstr):
845- (JSC::SH4Assembler::printBlockInstr):
846-
847-2012-11-22 Balazs Kilvady <kilvadyb@homejinni.com>
848-
849- Fix the MIPS build after r135330
850- https://bugs.webkit.org/show_bug.cgi?id=102872
851-
852- Reviewed by Gavin Barraclough.
853-
854- Revert/replace functions added to MIPS port.
855-
856- * assembler/MIPSAssembler.h:
857- (JSC::MIPSAssembler::revertJumpToMove):
858- (MIPSAssembler):
859- (JSC::MIPSAssembler::replaceWithJump):
860- * assembler/MacroAssemblerMIPS.h:
861- (MacroAssemblerMIPS):
862- (JSC::MacroAssemblerMIPS::startOfBranchPtrWithPatchOnRegister):
863- (JSC::MacroAssemblerMIPS::revertJumpReplacementToBranchPtrWithPatch):
864- (JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatchOnAddress):
865-
866-2012-11-21 Filip Pizlo <fpizlo@apple.com>
867-
868- Rename dataLog() and dataLogV() to dataLogF() and dataLogFV()
869- https://bugs.webkit.org/show_bug.cgi?id=103001
870-
871- Rubber stamped by Dan Bernstein.
872-
873- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
874- * assembler/LinkBuffer.cpp:
875- (JSC::LinkBuffer::finalizeCodeWithDisassembly):
876- (JSC::LinkBuffer::dumpLinkStatistics):
877- (JSC::LinkBuffer::dumpCode):
878- * assembler/LinkBuffer.h:
879- (JSC):
880- * assembler/SH4Assembler.h:
881- (JSC::SH4Assembler::vprintfStdoutInstr):
882- * bytecode/CodeBlock.cpp:
883- (JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
884- (JSC::CodeBlock::printUnaryOp):
885- (JSC::CodeBlock::printBinaryOp):
886- (JSC::CodeBlock::printConditionalJump):
887- (JSC::CodeBlock::printGetByIdOp):
888- (JSC::dumpStructure):
889- (JSC::dumpChain):
890- (JSC::CodeBlock::printGetByIdCacheStatus):
891- (JSC::CodeBlock::printCallOp):
892- (JSC::CodeBlock::printPutByIdOp):
893- (JSC::CodeBlock::printStructure):
894- (JSC::CodeBlock::printStructures):
895- (JSC::CodeBlock::dump):
896- (JSC::CodeBlock::dumpStatistics):
897- (JSC::CodeBlock::finalizeUnconditionally):
898- (JSC::CodeBlock::resetStubInternal):
899- (JSC::CodeBlock::reoptimize):
900- (JSC::ProgramCodeBlock::jettison):
901- (JSC::EvalCodeBlock::jettison):
902- (JSC::FunctionCodeBlock::jettison):
903- (JSC::CodeBlock::shouldOptimizeNow):
904- (JSC::CodeBlock::tallyFrequentExitSites):
905- (JSC::CodeBlock::dumpValueProfiles):
906- * bytecode/Opcode.cpp:
907- (JSC::OpcodeStats::~OpcodeStats):
908- * bytecode/SamplingTool.cpp:
909- (JSC::SamplingFlags::stop):
910- (JSC::SamplingRegion::dumpInternal):
911- (JSC::SamplingTool::dump):
912- * dfg/DFGAbstractState.cpp:
913- (JSC::DFG::AbstractState::initialize):
914- (JSC::DFG::AbstractState::endBasicBlock):
915- (JSC::DFG::AbstractState::mergeStateAtTail):
916- (JSC::DFG::AbstractState::mergeToSuccessors):
917- * dfg/DFGAbstractValue.h:
918- (JSC::DFG::AbstractValue::dump):
919- * dfg/DFGArgumentsSimplificationPhase.cpp:
920- (JSC::DFG::ArgumentsSimplificationPhase::run):
921- * dfg/DFGByteCodeParser.cpp:
922- (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
923- (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
924- (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
925- (JSC::DFG::ByteCodeParser::makeSafe):
926- (JSC::DFG::ByteCodeParser::makeDivSafe):
927- (JSC::DFG::ByteCodeParser::handleCall):
928- (JSC::DFG::ByteCodeParser::handleInlining):
929- (JSC::DFG::ByteCodeParser::parseBlock):
930- (JSC::DFG::ByteCodeParser::processPhiStack):
931- (JSC::DFG::ByteCodeParser::linkBlock):
932- (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
933- (JSC::DFG::ByteCodeParser::parseCodeBlock):
934- (JSC::DFG::ByteCodeParser::parse):
935- * dfg/DFGCFAPhase.cpp:
936- (JSC::DFG::CFAPhase::performBlockCFA):
937- (JSC::DFG::CFAPhase::performForwardCFA):
938- * dfg/DFGCFGSimplificationPhase.cpp:
939- (JSC::DFG::CFGSimplificationPhase::run):
940- (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
941- (JSC::DFG::CFGSimplificationPhase::fixPhis):
942- (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
943- (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
944- (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
945- * dfg/DFGCSEPhase.cpp:
946- (JSC::DFG::CSEPhase::endIndexForPureCSE):
947- (JSC::DFG::CSEPhase::setReplacement):
948- (JSC::DFG::CSEPhase::eliminate):
949- (JSC::DFG::CSEPhase::performNodeCSE):
950- * dfg/DFGCapabilities.cpp:
951- (JSC::DFG::debugFail):
952- * dfg/DFGConstantFoldingPhase.cpp:
953- (JSC::DFG::ConstantFoldingPhase::foldConstants):
954- (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
955- * dfg/DFGDisassembler.cpp:
956- (JSC::DFG::Disassembler::dump):
957- * dfg/DFGDriver.cpp:
958- (JSC::DFG::compile):
959- * dfg/DFGFixupPhase.cpp:
960- (JSC::DFG::FixupPhase::fixupNode):
961- (JSC::DFG::FixupPhase::fixDoubleEdge):
962- * dfg/DFGGraph.cpp:
963- (JSC::DFG::printWhiteSpace):
964- (JSC::DFG::Graph::dumpCodeOrigin):
965- (JSC::DFG::Graph::dump):
966- (JSC::DFG::Graph::dumpBlockHeader):
967- (JSC::DFG::Graph::predictArgumentTypes):
968- * dfg/DFGJITCompiler.cpp:
969- (JSC::DFG::JITCompiler::link):
970- * dfg/DFGOSREntry.cpp:
971- (JSC::DFG::prepareOSREntry):
972- * dfg/DFGOSRExitCompiler.cpp:
973- * dfg/DFGOSRExitCompiler32_64.cpp:
974- (JSC::DFG::OSRExitCompiler::compileExit):
975- * dfg/DFGOSRExitCompiler64.cpp:
976- (JSC::DFG::OSRExitCompiler::compileExit):
977- * dfg/DFGOperations.cpp:
978- * dfg/DFGPhase.cpp:
979- (JSC::DFG::Phase::beginPhase):
980- * dfg/DFGPhase.h:
981- (JSC::DFG::runAndLog):
982- * dfg/DFGPredictionPropagationPhase.cpp:
983- (JSC::DFG::PredictionPropagationPhase::propagate):
984- (JSC::DFG::PredictionPropagationPhase::propagateForward):
985- (JSC::DFG::PredictionPropagationPhase::propagateBackward):
986- (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
987- * dfg/DFGRegisterBank.h:
988- (JSC::DFG::RegisterBank::dump):
989- * dfg/DFGScoreBoard.h:
990- (JSC::DFG::ScoreBoard::use):
991- (JSC::DFG::ScoreBoard::dump):
992- * dfg/DFGSlowPathGenerator.h:
993- (JSC::DFG::SlowPathGenerator::generate):
994- * dfg/DFGSpeculativeJIT.cpp:
995- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
996- (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
997- (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
998- (JSC::DFG::SpeculativeJIT::dump):
999- (JSC::DFG::SpeculativeJIT::checkConsistency):
1000- (JSC::DFG::SpeculativeJIT::compile):
1001- (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
1002- * dfg/DFGSpeculativeJIT32_64.cpp:
1003- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1004- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1005- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1006- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1007- * dfg/DFGSpeculativeJIT64.cpp:
1008- (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1009- (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1010- (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
1011- (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1012- * dfg/DFGStructureCheckHoistingPhase.cpp:
1013- (JSC::DFG::StructureCheckHoistingPhase::run):
1014- * dfg/DFGValidate.cpp:
1015- (Validate):
1016- (JSC::DFG::Validate::reportValidationContext):
1017- (JSC::DFG::Validate::dumpData):
1018- (JSC::DFG::Validate::dumpGraphIfAppropriate):
1019- * dfg/DFGVariableEventStream.cpp:
1020- (JSC::DFG::VariableEventStream::logEvent):
1021- (JSC::DFG::VariableEventStream::reconstruct):
1022- * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1023- (JSC::DFG::VirtualRegisterAllocationPhase::run):
1024- * heap/Heap.cpp:
1025- * heap/HeapStatistics.cpp:
1026- (JSC::HeapStatistics::logStatistics):
1027- (JSC::HeapStatistics::showObjectStatistics):
1028- * heap/MarkStack.h:
1029- * heap/MarkedBlock.h:
1030- * heap/SlotVisitor.cpp:
1031- (JSC::SlotVisitor::validate):
1032- * interpreter/CallFrame.cpp:
1033- (JSC::CallFrame::dumpCaller):
1034- * interpreter/Interpreter.cpp:
1035- (JSC::Interpreter::dumpRegisters):
1036- * jit/JIT.cpp:
1037- (JSC::JIT::privateCompileMainPass):
1038- (JSC::JIT::privateCompileSlowCases):
1039- (JSC::JIT::privateCompile):
1040- * jit/JITDisassembler.cpp:
1041- (JSC::JITDisassembler::dump):
1042- (JSC::JITDisassembler::dumpForInstructions):
1043- * jit/JITStubRoutine.h:
1044- (JSC):
1045- * jit/JITStubs.cpp:
1046- (JSC::DEFINE_STUB_FUNCTION):
1047- * jit/JumpReplacementWatchpoint.cpp:
1048- (JSC::JumpReplacementWatchpoint::fireInternal):
1049- * llint/LLIntExceptions.cpp:
1050- (JSC::LLInt::interpreterThrowInCaller):
1051- (JSC::LLInt::returnToThrow):
1052- (JSC::LLInt::callToThrow):
1053- * llint/LLIntSlowPaths.cpp:
1054- (JSC::LLInt::llint_trace_operand):
1055- (JSC::LLInt::llint_trace_value):
1056- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1057- (JSC::LLInt::traceFunctionPrologue):
1058- (JSC::LLInt::jitCompileAndSetHeuristics):
1059- (JSC::LLInt::entryOSR):
1060- (JSC::LLInt::handleHostCall):
1061- (JSC::LLInt::setUpCall):
1062- * profiler/Profile.cpp:
1063- (JSC::Profile::debugPrintData):
1064- (JSC::Profile::debugPrintDataSampleStyle):
1065- * profiler/ProfileNode.cpp:
1066- (JSC::ProfileNode::debugPrintData):
1067- (JSC::ProfileNode::debugPrintDataSampleStyle):
1068- * runtime/JSGlobalData.cpp:
1069- (JSC::JSGlobalData::dumpRegExpTrace):
1070- * runtime/RegExp.cpp:
1071- (JSC::RegExp::matchCompareWithInterpreter):
1072- * runtime/SamplingCounter.cpp:
1073- (JSC::AbstractSamplingCounter::dump):
1074- * runtime/Structure.cpp:
1075- (JSC::Structure::dumpStatistics):
1076- (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
1077- * tools/CodeProfile.cpp:
1078- (JSC::CodeProfile::report):
1079- * tools/ProfileTreeNode.h:
1080- (JSC::ProfileTreeNode::dumpInternal):
1081- * yarr/YarrInterpreter.cpp:
1082- (JSC::Yarr::ByteCompiler::dumpDisjunction):
1083-
1084-2012-11-21 Filip Pizlo <fpizlo@apple.com>
1085-
1086- It should be possible to say disassemble(stuff) instead of having to say if (!tryToDisassemble(stuff)) dataLog("I failed")
1087- https://bugs.webkit.org/show_bug.cgi?id=103010
1088-
1089- Reviewed by Anders Carlsson.
1090-
1091- You can still say tryToDisassemble(), which will tell you if it failed; you can then
1092- decide what to do instead. But it's better to say disassemble(), which will just print
1093- the instruction ranges if tryToDisassemble() failed. This is particularly appropriate
1094- since that's what all previous users of tryToDisassemble() would have done in some
1095- form or another.
1096-
1097- * CMakeLists.txt:
1098- * GNUmakefile.list.am:
1099- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1100- * JavaScriptCore.xcodeproj/project.pbxproj:
1101- * Target.pri:
1102- * assembler/LinkBuffer.cpp:
1103- (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1104- * dfg/DFGDisassembler.cpp:
1105- (JSC::DFG::Disassembler::dumpDisassembly):
1106- * disassembler/Disassembler.cpp: Added.
1107- (JSC):
1108- (JSC::disassemble):
1109- * disassembler/Disassembler.h:
1110- (JSC):
1111- * jit/JITDisassembler.cpp:
1112- (JSC::JITDisassembler::dumpDisassembly):
1113-
1114-2012-11-21 Filip Pizlo <fpizlo@apple.com>
1115-
1116- dumpOperands() claims that it needs a non-const Operands& when that is completely false
1117- https://bugs.webkit.org/show_bug.cgi?id=103005
1118-
1119- Reviewed by Eric Carlson.
1120-
1121- * bytecode/Operands.h:
1122- (JSC::dumpOperands):
1123- (JSC):
1124-
1125-2012-11-20 Filip Pizlo <fpizlo@apple.com>
1126-
1127- Baseline JIT's disassembly should be just as pretty as the DFG's
1128- https://bugs.webkit.org/show_bug.cgi?id=102873
1129-
1130- Reviewed by Sam Weinig.
1131-
1132- Integrated the CodeBlock's bytecode dumper with the JIT's disassembler. Also fixed
1133- some type goof-ups (instructions are not in a Vector<Instruction> so using a Vector
1134- iterator makes no sense) and stream-lined some things (you don't actually need a
1135- full-fledged ExecState* to dump bytecode).
1136-
1137- * CMakeLists.txt:
1138- * GNUmakefile.list.am:
1139- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1140- * JavaScriptCore.xcodeproj/project.pbxproj:
1141- * Target.pri:
1142- * bytecode/CodeBlock.cpp:
1143- (JSC::CodeBlock::printUnaryOp):
1144- (JSC::CodeBlock::printBinaryOp):
1145- (JSC::CodeBlock::printConditionalJump):
1146- (JSC::CodeBlock::printGetByIdOp):
1147- (JSC::CodeBlock::printCallOp):
1148- (JSC::CodeBlock::printPutByIdOp):
1149- (JSC::CodeBlock::dump):
1150- (JSC):
1151- (JSC::CodeBlock::CodeBlock):
1152- * bytecode/CodeBlock.h:
1153- (CodeBlock):
1154- * interpreter/Interpreter.cpp:
1155- (JSC::Interpreter::dumpCallFrame):
1156- * jit/JIT.cpp:
1157- (JSC::JIT::privateCompileMainPass):
1158- (JSC::JIT::privateCompileSlowCases):
1159- (JSC::JIT::privateCompile):
1160- * jit/JIT.h:
1161- (JIT):
1162- * jit/JITDisassembler.cpp: Added.
1163- (JSC):
1164- (JSC::JITDisassembler::JITDisassembler):
1165- (JSC::JITDisassembler::~JITDisassembler):
1166- (JSC::JITDisassembler::dump):
1167- (JSC::JITDisassembler::dumpForInstructions):
1168- (JSC::JITDisassembler::dumpDisassembly):
1169- * jit/JITDisassembler.h: Added.
1170- (JSC):
1171- (JITDisassembler):
1172- (JSC::JITDisassembler::setStartOfCode):
1173- (JSC::JITDisassembler::setForBytecodeMainPath):
1174- (JSC::JITDisassembler::setForBytecodeSlowPath):
1175- (JSC::JITDisassembler::setEndOfSlowPath):
1176- (JSC::JITDisassembler::setEndOfCode):
1177-
1178-2012-11-21 Daniel Bates <dbates@webkit.org>
1179-
1180- JavaScript fails to concatenate large strings
1181- <https://bugs.webkit.org/show_bug.cgi?id=102963>
1182-
1183- Reviewed by Michael Saboff.
1184-
1185- Fixes an issue where we inadvertently didn't check the length of
1186- a JavaScript string for overflow.
1187-
1188- * runtime/Operations.h:
1189- (JSC::jsString):
1190- (JSC::jsStringFromArguments):
1191-
1192-2012-11-20 Filip Pizlo <fpizlo@apple.com>
1193-
1194- DFG should be able to cache closure calls (part 2/2)
1195- https://bugs.webkit.org/show_bug.cgi?id=102662
1196-
1197- Reviewed by Gavin Barraclough.
1198-
1199- Added caching of calls where the JSFunction* varies, but the Structure* and ExecutableBase*
1200- stay the same. This is accomplished by replacing the branch that compares against a constant
1201- JSFunction* with a jump to a closure call stub. The closure call stub contains a fast path,
1202- and jumps slow directly to the virtual call thunk.
1203-
1204- Looks like a 1% win on V8v7.
1205-
1206- * CMakeLists.txt:
1207- * GNUmakefile.list.am:
1208- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1209- * JavaScriptCore.xcodeproj/project.pbxproj:
1210- * Target.pri:
1211- * bytecode/CallLinkInfo.cpp:
1212- (JSC::CallLinkInfo::unlink):
1213- * bytecode/CallLinkInfo.h:
1214- (CallLinkInfo):
1215- (JSC::CallLinkInfo::isLinked):
1216- (JSC::getCallLinkInfoBytecodeIndex):
1217- * bytecode/CodeBlock.cpp:
1218- (JSC::CodeBlock::finalizeUnconditionally):
1219- (JSC):
1220- (JSC::CodeBlock::findClosureCallForReturnPC):
1221- (JSC::CodeBlock::bytecodeOffset):
1222- (JSC::CodeBlock::codeOriginForReturn):
1223- * bytecode/CodeBlock.h:
1224- (JSC::CodeBlock::getCallLinkInfo):
1225- (CodeBlock):
1226- (JSC::CodeBlock::isIncomingCallAlreadyLinked):
1227- * dfg/DFGJITCompiler.cpp:
1228- (JSC::DFG::JITCompiler::link):
1229- * dfg/DFGJITCompiler.h:
1230- (JSC::DFG::JITCompiler::addJSCall):
1231- (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
1232- (JSCallRecord):
1233- * dfg/DFGOperations.cpp:
1234- * dfg/DFGOperations.h:
1235- * dfg/DFGRepatch.cpp:
1236- (JSC::DFG::linkSlowFor):
1237- (DFG):
1238- (JSC::DFG::dfgLinkFor):
1239- (JSC::DFG::dfgLinkSlowFor):
1240- (JSC::DFG::dfgLinkClosureCall):
1241- * dfg/DFGRepatch.h:
1242- (DFG):
1243- * dfg/DFGSpeculativeJIT32_64.cpp:
1244- (JSC::DFG::SpeculativeJIT::emitCall):
1245- * dfg/DFGSpeculativeJIT64.cpp:
1246- (JSC::DFG::SpeculativeJIT::emitCall):
1247- * dfg/DFGThunks.cpp:
1248- (DFG):
1249- (JSC::DFG::linkClosureCallThunkGenerator):
1250- * dfg/DFGThunks.h:
1251- (DFG):
1252- * heap/Heap.h:
1253- (Heap):
1254- (JSC::Heap::jitStubRoutines):
1255- * heap/JITStubRoutineSet.h:
1256- (JSC::JITStubRoutineSet::size):
1257- (JSC::JITStubRoutineSet::at):
1258- (JITStubRoutineSet):
1259- * jit/ClosureCallStubRoutine.cpp: Added.
1260- (JSC):
1261- (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
1262- (JSC::ClosureCallStubRoutine::~ClosureCallStubRoutine):
1263- (JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):
1264- * jit/ClosureCallStubRoutine.h: Added.
1265- (JSC):
1266- (ClosureCallStubRoutine):
1267- (JSC::ClosureCallStubRoutine::structure):
1268- (JSC::ClosureCallStubRoutine::executable):
1269- (JSC::ClosureCallStubRoutine::codeOrigin):
1270- * jit/GCAwareJITStubRoutine.cpp:
1271- (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
1272- * jit/GCAwareJITStubRoutine.h:
1273- (GCAwareJITStubRoutine):
1274- (JSC::GCAwareJITStubRoutine::isClosureCall):
1275- * jit/JIT.cpp:
1276- (JSC::JIT::privateCompile):
1277-
1278-2012-11-20 Filip Pizlo <fpizlo@apple.com>
1279-
1280- DFG should be able to cache closure calls (part 1/2)
1281- https://bugs.webkit.org/show_bug.cgi?id=102662
1282-
1283- Reviewed by Gavin Barraclough.
1284-
1285- Add ability to revert a jump replacement back to
1286- branchPtrWithPatch(Condition, RegisterID, TrustedImmPtr). This is meant to be
1287- a mandatory piece of functionality for all assemblers. I also renamed some of
1288- the functions for reverting jump replacements back to
1289- patchableBranchPtrWithPatch(Condition, Address, TrustedImmPtr), so as to avoid
1290- confusion.
1291-
1292- * assembler/ARMv7Assembler.h:
1293- (JSC::ARMv7Assembler::BadReg):
1294- (ARMv7Assembler):
1295- (JSC::ARMv7Assembler::revertJumpTo_movT3):
1296- * assembler/LinkBuffer.h:
1297- (JSC):
1298- * assembler/MacroAssemblerARMv7.h:
1299- (JSC::MacroAssemblerARMv7::startOfBranchPtrWithPatchOnRegister):
1300- (MacroAssemblerARMv7):
1301- (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
1302- (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatchOnAddress):
1303- * assembler/MacroAssemblerX86.h:
1304- (JSC::MacroAssemblerX86::startOfBranchPtrWithPatchOnRegister):
1305- (MacroAssemblerX86):
1306- (JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatchOnAddress):
1307- (JSC::MacroAssemblerX86::revertJumpReplacementToBranchPtrWithPatch):
1308- * assembler/MacroAssemblerX86_64.h:
1309- (JSC::MacroAssemblerX86_64::startOfBranchPtrWithPatchOnRegister):
1310- (JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatchOnAddress):
1311- (MacroAssemblerX86_64):
1312- (JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):
1313- * assembler/RepatchBuffer.h:
1314- (JSC::RepatchBuffer::startOfBranchPtrWithPatchOnRegister):
1315- (RepatchBuffer):
1316- (JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress):
1317- (JSC::RepatchBuffer::revertJumpReplacementToBranchPtrWithPatch):
1318- * assembler/X86Assembler.h:
1319- (JSC::X86Assembler::revertJumpTo_cmpl_ir_force32):
1320- (X86Assembler):
1321- * dfg/DFGRepatch.cpp:
1322- (JSC::DFG::replaceWithJump):
1323- (JSC::DFG::dfgResetGetByID):
1324- (JSC::DFG::dfgResetPutByID):
1325-
1326-2012-11-20 Yong Li <yoli@rim.com>
1327-
1328- [ARMv7] Neither linkCall() nor linkPointer() should flush code.
1329- https://bugs.webkit.org/show_bug.cgi?id=99213
1330-
1331- Reviewed by George Staikos.
1332-
1333- LinkBuffer doesn't need to flush code during linking. It will
1334- eventually flush the whole executable. Fixing this gives >%5
1335- sunspider boost (on QNX).
1336-
1337- Also make replaceWithLoad() and replaceWithAddressComputation() flush
1338- only when necessary.
1339-
1340- * assembler/ARMv7Assembler.h:
1341- (JSC::ARMv7Assembler::linkCall):
1342- (JSC::ARMv7Assembler::linkPointer):
1343- (JSC::ARMv7Assembler::relinkCall):
1344- (JSC::ARMv7Assembler::repatchInt32):
1345- (JSC::ARMv7Assembler::repatchPointer):
1346- (JSC::ARMv7Assembler::replaceWithLoad): Flush only after it did write.
1347- (JSC::ARMv7Assembler::replaceWithAddressComputation): Flush only after it did write.
1348- (JSC::ARMv7Assembler::setInt32):
1349- (JSC::ARMv7Assembler::setPointer):
1350-
1351-2012-11-19 Filip Pizlo <fpizlo@apple.com>
1352-
1353- Remove support for ARMv7 errata from the jump code
1354- https://bugs.webkit.org/show_bug.cgi?id=102759
1355-
1356- Reviewed by Oliver Hunt.
1357-
1358- The jump replacement code was wrong to begin with since it wasn't doing
1359- a cache flush on the inserted padding. And, to my knowledge, we don't need
1360- this anymore, so this patch removes all errata code from the ARMv7 port.
1361-
1362- * assembler/ARMv7Assembler.h:
1363- (JSC::ARMv7Assembler::computeJumpType):
1364- (JSC::ARMv7Assembler::replaceWithJump):
1365- (JSC::ARMv7Assembler::maxJumpReplacementSize):
1366- (JSC::ARMv7Assembler::canBeJumpT3):
1367- (JSC::ARMv7Assembler::canBeJumpT4):
1368-
1369-2012-11-19 Patrick Gansterer <paroga@webkit.org>
1370-
1371- [CMake] Create JavaScriptCore ForwardingHeaders
1372- https://bugs.webkit.org/show_bug.cgi?id=92665
1373-
1374- Reviewed by Brent Fulgham.
1375-
1376- When using CMake to build the Windows port, we need
1377- to generate the forwarding headers with it too.
1378-
1379- * CMakeLists.txt:
1380-
1381-2012-11-19 Kihong Kwon <kihong.kwon@samsung.com>
1382-
1383- Add PROXIMITY_EVENTS feature
1384- https://bugs.webkit.org/show_bug.cgi?id=102658
1385-
1386- Reviewed by Kentaro Hara.
1387-
1388- Add PROXIMITY_EVENTS feature to xcode project for JavaScriptCore.
1389-
1390- * Configurations/FeatureDefines.xcconfig:
1391-
1392-2012-11-18 Dan Bernstein <mitz@apple.com>
1393-
1394- Try to fix the DFG build after r135099.
1395-
1396- * dfg/DFGCommon.h:
1397- (JSC::DFG::shouldShowDisassembly):
1398-
1399-2012-11-18 Filip Pizlo <fpizlo@apple.com>
1400-
1401- Unreviewed, build fix for !ENABLE(DFG_JIT).
1402-
1403- * dfg/DFGCommon.h:
1404- (JSC::DFG::shouldShowDisassembly):
1405- (DFG):
1406-
1407-2012-11-18 Filip Pizlo <fpizlo@apple.com>
1408-
1409- JSC should have more logging in structure-related code
1410- https://bugs.webkit.org/show_bug.cgi?id=102630
1411-
1412- Reviewed by Simon Fraser.
1413-
1414- - JSValue::description() now tells you if something is a structure, and if so,
1415- what kind of structure it is.
1416-
1417- - Jettisoning logic now tells you why things are being jettisoned.
1418-
1419- - It's now possible to turn off GC-triggered jettisoning entirely.
1420-
1421- * bytecode/CodeBlock.cpp:
1422- (JSC::CodeBlock::finalizeUnconditionally):
1423- (JSC::CodeBlock::reoptimize):
1424- (JSC::ProgramCodeBlock::jettison):
1425- (JSC::EvalCodeBlock::jettison):
1426- (JSC::FunctionCodeBlock::jettison):
1427- * bytecode/CodeBlock.h:
1428- (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
1429- * runtime/JSValue.cpp:
1430- (JSC::JSValue::description):
1431- * runtime/Options.h:
1432- (JSC):
1433-
1434-2012-11-18 Filip Pizlo <fpizlo@apple.com>
1435-
1436- DFG constant folding phase should say 'changed = true' whenever it changes the graph
1437- https://bugs.webkit.org/show_bug.cgi?id=102550
1438-
1439- Rubber stamped by Mark Hahnenberg.
1440-
1441- * dfg/DFGConstantFoldingPhase.cpp:
1442- (JSC::DFG::ConstantFoldingPhase::foldConstants):
1443-
1444-2012-11-17 Elliott Sprehn <esprehn@chromium.org>
1445-
1446- Expose JSObject removeDirect and PrivateName to WebCore
1447- https://bugs.webkit.org/show_bug.cgi?id=102546
1448-
1449- Reviewed by Geoffrey Garen.
1450-
1451- Export removeDirect for use in WebCore so JSDependentRetained works.
1452-
1453- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1454-
1455-2012-11-16 Filip Pizlo <fpizlo@apple.com>
1456-
1457- Given a PutById or GetById with a proven structure, the DFG should be able to emit a PutByOffset or GetByOffset instead
1458- https://bugs.webkit.org/show_bug.cgi?id=102327
1459-
1460- Reviewed by Mark Hahnenberg.
1461-
1462- If the profiler tells us that a GetById or PutById may be polymorphic but our
1463- control flow analysis proves that it isn't, we should trust the control flow
1464- analysis over the profiler. This arises in cases where GetById or PutById were
1465- inlined: the inlined function may have been called from other places that led
1466- to polymorphism, but in the current inlined context, there is no polymorphism.
1467-
1468- * bytecode/CodeBlock.cpp:
1469- (JSC::CodeBlock::dump):
1470- * bytecode/GetByIdStatus.cpp:
1471- (JSC::GetByIdStatus::computeFor):
1472- (JSC):
1473- * bytecode/GetByIdStatus.h:
1474- (JSC::GetByIdStatus::GetByIdStatus):
1475- (GetByIdStatus):
1476- * bytecode/PutByIdStatus.cpp:
1477- (JSC::PutByIdStatus::computeFor):
1478- (JSC):
1479- * bytecode/PutByIdStatus.h:
1480- (JSC):
1481- (JSC::PutByIdStatus::PutByIdStatus):
1482- (PutByIdStatus):
1483- * dfg/DFGAbstractState.cpp:
1484- (JSC::DFG::AbstractState::execute):
1485- * dfg/DFGAbstractValue.h:
1486- (JSC::DFG::AbstractValue::bestProvenStructure):
1487- (AbstractValue):
1488- * dfg/DFGConstantFoldingPhase.cpp:
1489- (JSC::DFG::ConstantFoldingPhase::foldConstants):
1490- (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
1491- (ConstantFoldingPhase):
1492- * dfg/DFGNode.h:
1493- (JSC::DFG::Node::convertToGetByOffset):
1494- (Node):
1495- (JSC::DFG::Node::convertToPutByOffset):
1496- (JSC::DFG::Node::hasStorageResult):
1497- * runtime/JSGlobalObject.h:
1498- (JSC::Structure::prototypeChain):
1499- (JSC):
1500- (JSC::Structure::isValid):
1501- * runtime/Operations.h:
1502- (JSC::isPrototypeChainNormalized):
1503- (JSC):
1504- * runtime/Structure.h:
1505- (Structure):
1506- (JSC::Structure::transitionDidInvolveSpecificValue):
1507-
1508-2012-11-16 Tony Chang <tony@chromium.org>
1509-
1510- Remove ENABLE_CSS_HIERARCHIES since it's no longer in use
1511- https://bugs.webkit.org/show_bug.cgi?id=102554
1512-
1513- Reviewed by Andreas Kling.
1514-
1515- As mentioned in https://bugs.webkit.org/show_bug.cgi?id=79939#c41 ,
1516- we're going to revist this feature once additional vendor support is
1517- achieved.
1518-
1519- * Configurations/FeatureDefines.xcconfig:
1520-
1521-2012-11-16 Patrick Gansterer <paroga@webkit.org>
1522-
1523- Build fix for WinCE after r133688.
1524-
1525- Use numeric_limits<uint32_t>::max() instead of UINT32_MAX.
1526-
1527- * runtime/CodeCache.h:
1528- (JSC::CacheMap::CacheMap):
1529-
1530-2012-11-15 Filip Pizlo <fpizlo@apple.com>
1531-
1532- ClassInfo.h should have correct indentation.
1533-
1534- Rubber stamped by Mark Hahnenberg.
1535-
1536- ClassInfo.h had some true creativity in its use of whitespace. Some things within
1537- the namespace were indented four spaces and others where not. One #define had its
1538- contents indented four spaces, while another didn't. I applied the following rule:
1539-
1540- - Non-macro things in the namespace should not be indented (that's our current
1541- accepted practice).
1542-
1543- - Macros should never be indented but if they are multi-line then their subsequent
1544- bodies should be indented four spaces. I believe that is consistent with what we
1545- do elsewhere.
1546-
1547- * runtime/ClassInfo.h:
1548- (JSC):
1549- (MethodTable):
1550- (ClassInfo):
1551- (JSC::ClassInfo::propHashTable):
1552- (JSC::ClassInfo::isSubClassOf):
1553- (JSC::ClassInfo::hasStaticProperties):
1554-
1555-2012-11-15 Filip Pizlo <fpizlo@apple.com>
1556-
1557- DFG should copy propagate trivially no-op ConvertThis
1558- https://bugs.webkit.org/show_bug.cgi?id=102445
1559-
1560- Reviewed by Oliver Hunt.
1561-
1562- Copy propagation is always a good thing, since it reveals must-alias relationships
1563- to the CFA and CSE. This accomplishes copy propagation for ConvertThis by first
1564- converting it to an Identity node (which is done by the constant folder since it
1565- has access to CFA results) and then performing substitution of references to
1566- Identity with references to Identity's child in the CSE.
1567-
1568- I'm not aiming for a big speed-up here; I just think that this will be useful for
1569- the work on https://bugs.webkit.org/show_bug.cgi?id=102327.
1570-
1571- * dfg/DFGAbstractState.cpp:
1572- (JSC::DFG::AbstractState::execute):
1573- * dfg/DFGCSEPhase.cpp:
1574- (JSC::DFG::CSEPhase::performNodeCSE):
1575- * dfg/DFGConstantFoldingPhase.cpp:
1576- (JSC::DFG::ConstantFoldingPhase::foldConstants):
1577- * dfg/DFGNodeType.h:
1578- (DFG):
1579- * dfg/DFGPredictionPropagationPhase.cpp:
1580- (JSC::DFG::PredictionPropagationPhase::propagate):
1581- * dfg/DFGSpeculativeJIT32_64.cpp:
1582- (JSC::DFG::SpeculativeJIT::compile):
1583- * dfg/DFGSpeculativeJIT64.cpp:
1584- (JSC::DFG::SpeculativeJIT::compile):
1585-
1586-2012-11-15 Filip Pizlo <fpizlo@apple.com>
1587-
1588- CallData.h should have correct indentation.
1589-
1590- Rubber stamped by Mark Hahneberg.
1591-
1592- * runtime/CallData.h:
1593- (JSC):
1594-
1595-2012-11-15 Filip Pizlo <fpizlo@apple.com>
1596-
1597- Remove methodCallDummy since it is not used anymore.
1598-
1599- Rubber stamped by Mark Hahnenberg.
1600-
1601- * runtime/JSGlobalObject.cpp:
1602- (JSC::JSGlobalObject::reset):
1603- (JSC):
1604- (JSC::JSGlobalObject::visitChildren):
1605- * runtime/JSGlobalObject.h:
1606- (JSGlobalObject):
1607-
1608-2012-11-14 Filip Pizlo <fpizlo@apple.com>
1609-
1610- Structure should be able to easily tell if the prototype chain might intercept a store
1611- https://bugs.webkit.org/show_bug.cgi?id=102326
1612-
1613- Reviewed by Geoffrey Garen.
1614-
1615- This improves our ability to reason about the correctness of the more optimized
1616- prototype chain walk in JSObject::put(), while also making it straight forward to
1617- check if the prototype chain will do strange things to a property store by just
1618- looking at the structure.
1619-
1620- * runtime/JSObject.cpp:
1621- (JSC::JSObject::put):
1622- * runtime/Structure.cpp:
1623- (JSC::Structure::prototypeChainMayInterceptStoreTo):
1624- (JSC):
1625- * runtime/Structure.h:
1626- (Structure):
1627-
1628-2012-11-15 Thiago Marcos P. Santos <thiago.santos@intel.com>
1629-
1630- [CMake] Do not regenerate LLIntAssembly.h on every incremental build
1631- https://bugs.webkit.org/show_bug.cgi?id=102248
1632-
1633- Reviewed by Kenneth Rohde Christiansen.
1634-
1635- Update LLIntAssembly.h's mtime after running asm.rb to make the build
1636- system dependency tracking consistent.
1637-
1638- * CMakeLists.txt:
1639-
1640-2012-11-15 Thiago Marcos P. Santos <thiago.santos@intel.com>
1641-
1642- Fix compiler warnings about signed/unsigned comparison on i386
1643- https://bugs.webkit.org/show_bug.cgi?id=102249
1644-
1645- Reviewed by Kenneth Rohde Christiansen.
1646-
1647- Add casting to unsigned to shut up gcc warnings. Build was broken on
1648- JSVALUE32_64 ports compiling with -Werror.
1649-
1650- * llint/LLIntData.cpp:
1651- (JSC::LLInt::Data::performAssertions):
1652-
1653-2012-11-14 Brent Fulgham <bfulgham@webkit.org>
1654-
1655- [Windows, WinCairo] Unreviewed build fix.
1656-
1657- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1658- Missed one of the exports that was part of the WebKit2.def.
1659-
1660-2012-11-14 Brent Fulgham <bfulgham@webkit.org>
1661-
1662- [Windows, WinCairo] Correct build failure.
1663- https://bugs.webkit.org/show_bug.cgi?id=102302
1664-
1665- WebCore symbols were mistakenly added to the JavaScriptCore
1666- library definition file.
1667-
1668- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove
1669- WebCore symbols that were incorrectly added to the export file.
1670-
1671-2012-11-14 Mark Lam <mark.lam@apple.com>
1672-
1673- Change JSEventListener::m_jsFunction to be a weak ref.
1674- https://bugs.webkit.org/show_bug.cgi?id=101989.
1675-
1676- Reviewed by Geoffrey Garen.
1677-
1678- Added infrastructure for scanning weak ref slots.
1679-
1680- * heap/SlotVisitor.cpp: Added #include "SlotVisitorInlines.h".
1681- * heap/SlotVisitor.h:
1682- (SlotVisitor): Added SlotVisitor::appendUnbarrieredWeak().
1683- * heap/SlotVisitorInlines.h: Added #include "Weak.h".
1684- (JSC::SlotVisitor::appendUnbarrieredWeak): Added.
1685- * heap/Weak.h:
1686- (JSC::operator==): Added operator==() for Weak.
1687- * runtime/JSCell.h: Removed #include "SlotVisitorInlines.h".
1688- * runtime/JSObject.h: Added #include "SlotVisitorInlines.h".
1689-
1690-2012-11-14 Filip Pizlo <fpizlo@apple.com>
1691-
1692- Read-only properties created with putDirect() should tell the structure that there are read-only properties
1693- https://bugs.webkit.org/show_bug.cgi?id=102292
1694-
1695- Reviewed by Gavin Barraclough.
1696-
1697- This mostly affects things like function.length.
1698-
1699- * runtime/JSObject.h:
1700- (JSC::JSObject::putDirectInternal):
1701-
1702-2012-11-13 Filip Pizlo <fpizlo@apple.com>
1703-
1704- Don't access Node& after adding nodes to the graph.
1705- https://bugs.webkit.org/show_bug.cgi?id=102005
1706-
1707- Reviewed by Oliver Hunt.
1708-
1709- * dfg/DFGFixupPhase.cpp:
1710- (JSC::DFG::FixupPhase::fixupNode):
1711-
1712-2012-11-14 Valery Ignatyev <valery.ignatyev@ispras.ru>
1713-
1714- Replace (typeof(x) != <"object", "undefined", ...>) with
1715- !(typeof(x) == <"object",..>). Later is_object, is_<...> bytecode operation
1716- will be used.
1717-
1718- https://bugs.webkit.org/show_bug.cgi?id=98893
1719-
1720- Reviewed by Filip Pizlo.
1721-
1722- This eliminates expensive typeof implementation and
1723- allows to use DFG optimizations, which doesn't support 'typeof'.
1724-
1725- * bytecompiler/NodesCodegen.cpp:
1726- (JSC::BinaryOpNode::emitBytecode):
1727-
1728-2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu>
1729-
1730- [Qt][ARM]REGRESSION(r133985): It broke the build
1731- https://bugs.webkit.org/show_bug.cgi?id=101740
1732-
1733- Reviewed by Csaba Osztrogonác.
1734-
1735- Changed the emitGenericContiguousPutByVal to accept the additional IndexingType argument.
1736- This information was passed as a template parameter.
1737-
1738- * jit/JIT.h:
1739- (JSC::JIT::emitInt32PutByVal):
1740- (JSC::JIT::emitDoublePutByVal):
1741- (JSC::JIT::emitContiguousPutByVal):
1742- (JIT):
1743- * jit/JITPropertyAccess.cpp:
1744- (JSC::JIT::emitGenericContiguousPutByVal):
1745- * jit/JITPropertyAccess32_64.cpp:
1746- (JSC::JIT::emitGenericContiguousPutByVal):
1747-
1748-2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu>
1749-
1750- Fix the MIPS build after r134332
1751- https://bugs.webkit.org/show_bug.cgi?id=102227
1752-
1753- Reviewed by Csaba Osztrogonác.
1754-
1755- Added missing methods for the MacroAssemblerMIPS, based on the MacroAssemblerARMv7.
1756-
1757- * assembler/MacroAssemblerMIPS.h:
1758- (JSC::MacroAssemblerMIPS::canJumpReplacePatchableBranchPtrWithPatch):
1759- (MacroAssemblerMIPS):
1760- (JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatch):
1761- (JSC::MacroAssemblerMIPS::revertJumpReplacementToPatchableBranchPtrWithPatch):
1762-
1763-2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu>
1764-
1765- Fix the [-Wreturn-type] warning in JavaScriptCore/assembler/MacroAssemblerARM.h
1766- https://bugs.webkit.org/show_bug.cgi?id=102206
1767-
1768- Reviewed by Csaba Osztrogonác.
1769-
1770- Add a return value for the function to suppress the warning.
1771-
1772- * assembler/MacroAssemblerARM.h:
1773- (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch):
1774-
1775-2012-11-14 Sheriff Bot <webkit.review.bot@gmail.com>
1776-
1777- Unreviewed, rolling out r134599.
1778- http://trac.webkit.org/changeset/134599
1779- https://bugs.webkit.org/show_bug.cgi?id=102225
1780-
1781- It broke the 32 bit EFL build (Requested by Ossy on #webkit).
1782-
1783- * jit/JITPropertyAccess.cpp:
1784- * jit/JITPropertyAccess32_64.cpp:
1785- (JSC):
1786- (JSC::JIT::emitGenericContiguousPutByVal):
1787-
1788-2012-11-14 Balazs Kilvady <kilvadyb@homejinni.com>
1789-
1790- [Qt][ARM]REGRESSION(r133985): It broke the build
1791- https://bugs.webkit.org/show_bug.cgi?id=101740
1792-
1793- Reviewed by Csaba Osztrogonác.
1794-
1795- Template function body moved to fix VALUE_PROFILER disabled case.
1796-
1797- * jit/JITPropertyAccess.cpp:
1798- (JSC):
1799- (JSC::JIT::emitGenericContiguousPutByVal):
1800- * jit/JITPropertyAccess32_64.cpp:
1801-
1802-2012-11-13 Filip Pizlo <fpizlo@apple.com>
1803-
1804- DFG CreateThis should be able to statically account for the structure of the object it creates, if profiling indicates that this structure is always the same
1805- https://bugs.webkit.org/show_bug.cgi?id=102017
1806-
1807- Reviewed by Geoffrey Garen.
1808-
1809- This adds a watchpoint in JSFunction on the cached inheritor ID. It also changes
1810- NewObject to take a structure as an operand (previously it implicitly used the owning
1811- global object's empty object structure). Any GetCallee where the callee is predictable
1812- is turned into a CheckFunction + WeakJSConstant, and any CreateThis on a WeakJSConstant
1813- where the inheritor ID watchpoint is still valid is turned into an InheritorIDWatchpoint
1814- followed by a NewObject. NewObject already accounts for the structure it uses for object
1815- creation in the CFA.
1816-
1817- * dfg/DFGAbstractState.cpp:
1818- (JSC::DFG::AbstractState::execute):
1819- * dfg/DFGByteCodeParser.cpp:
1820- (JSC::DFG::ByteCodeParser::parseBlock):
1821- * dfg/DFGCSEPhase.cpp:
1822- (JSC::DFG::CSEPhase::checkFunctionElimination):
1823- * dfg/DFGGraph.cpp:
1824- (JSC::DFG::Graph::dump):
1825- * dfg/DFGNode.h:
1826- (JSC::DFG::Node::hasFunction):
1827- (JSC::DFG::Node::function):
1828- (JSC::DFG::Node::hasStructure):
1829- * dfg/DFGNodeType.h:
1830- (DFG):
1831- * dfg/DFGOperations.cpp:
1832- * dfg/DFGOperations.h:
1833- * dfg/DFGPredictionPropagationPhase.cpp:
1834- (JSC::DFG::PredictionPropagationPhase::propagate):
1835- * dfg/DFGSpeculativeJIT.h:
1836- (JSC::DFG::SpeculativeJIT::callOperation):
1837- * dfg/DFGSpeculativeJIT32_64.cpp:
1838- (JSC::DFG::SpeculativeJIT::compile):
1839- * dfg/DFGSpeculativeJIT64.cpp:
1840- (JSC::DFG::SpeculativeJIT::compile):
1841- * runtime/Executable.h:
1842- (JSC::JSFunction::JSFunction):
1843- * runtime/JSBoundFunction.cpp:
1844- (JSC):
1845- * runtime/JSFunction.cpp:
1846- (JSC::JSFunction::JSFunction):
1847- (JSC::JSFunction::put):
1848- (JSC::JSFunction::defineOwnProperty):
1849- * runtime/JSFunction.h:
1850- (JSC::JSFunction::tryGetKnownInheritorID):
1851- (JSFunction):
1852- (JSC::JSFunction::addInheritorIDWatchpoint):
1853-
1854-2012-11-13 Filip Pizlo <fpizlo@apple.com>
1855-
1856- JSFunction and its descendants should be destructible
1857- https://bugs.webkit.org/show_bug.cgi?id=102062
1858-
1859- Reviewed by Mark Hahnenberg.
1860-
1861- This will make it easy to place an InlineWatchpointSet inside JSFunction. In the
1862- future, we could make JSFunction non-destructible again by making a version of
1863- WatchpointSet that is entirely GC'd, but this seems like overkill for now.
1864-
1865- This is performance-neutral.
1866-
1867- * runtime/JSBoundFunction.cpp:
1868- (JSC::JSBoundFunction::destroy):
1869- (JSC):
1870- * runtime/JSBoundFunction.h:
1871- (JSBoundFunction):
1872- * runtime/JSFunction.cpp:
1873- (JSC):
1874- (JSC::JSFunction::destroy):
1875- * runtime/JSFunction.h:
1876- (JSFunction):
1877-
1878-2012-11-13 Cosmin Truta <ctruta@rim.com>
1879-
1880- Uninitialized fields in class JSLock
1881- https://bugs.webkit.org/show_bug.cgi?id=101695
1882-
1883- Reviewed by Mark Hahnenberg.
1884-
1885- Initialize JSLock::m_ownerThread and JSLock::m_lockDropDepth.
1886-
1887- * runtime/JSLock.cpp:
1888- (JSC::JSLock::JSLock):
1889-
1890-2012-11-13 Peter Gal <galpeter@inf.u-szeged.hu>
1891-
1892- Fix the ARM traditional build after r134332
1893- https://bugs.webkit.org/show_bug.cgi?id=102044
1894-
1895- Reviewed by Zoltan Herczeg.
1896-
1897- Added missing methods for the MacroAssemblerARM, based on the MacroAssemblerARMv7.
1898-
1899- * assembler/MacroAssemblerARM.h:
1900- (JSC::MacroAssemblerARM::canJumpReplacePatchableBranchPtrWithPatch):
1901- (MacroAssemblerARM):
1902- (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch):
1903- (JSC::MacroAssemblerARM::revertJumpReplacementToPatchableBranchPtrWithPatch):
1904-
1905-2012-11-12 Filip Pizlo <fpizlo@apple.com>
1906-
1907- op_get_callee should have value profiling
1908- https://bugs.webkit.org/show_bug.cgi?id=102047
1909-
1910- Reviewed by Sam Weinig.
1911-
1912- This will allow us to detect if the callee is always the same, which is probably
1913- the common case for a lot of constructors.
1914-
1915- * bytecode/CodeBlock.cpp:
1916- (JSC::CodeBlock::CodeBlock):
1917- * bytecode/Opcode.h:
1918- (JSC):
1919- (JSC::padOpcodeName):
1920- * bytecompiler/BytecodeGenerator.cpp:
1921- (JSC::BytecodeGenerator::BytecodeGenerator):
1922- * jit/JITOpcodes.cpp:
1923- (JSC::JIT::emit_op_get_callee):
1924- * jit/JITOpcodes32_64.cpp:
1925- (JSC::JIT::emit_op_get_callee):
1926- * llint/LowLevelInterpreter32_64.asm:
1927- * llint/LowLevelInterpreter64.asm:
1928-
1929-2012-11-12 Filip Pizlo <fpizlo@apple.com>
1930-
1931- The act of getting the callee during 'this' construction should be explicit in bytecode
1932- https://bugs.webkit.org/show_bug.cgi?id=102016
1933-
1934- Reviewed by Michael Saboff.
1935-
1936- This is mostly a rollout of http://trac.webkit.org/changeset/116673, but also includes
1937- changes to have create_this use the result of get_callee.
1938-
1939- No performance or behavioral impact. This is just meant to allow us to profile
1940- get_callee in the future.
1941-
1942- * bytecode/CodeBlock.cpp:
1943- (JSC::CodeBlock::dump):
1944- * bytecode/Opcode.h:
1945- (JSC):
1946- (JSC::padOpcodeName):
1947- * bytecompiler/BytecodeGenerator.cpp:
1948- (JSC::BytecodeGenerator::BytecodeGenerator):
1949- * dfg/DFGByteCodeParser.cpp:
1950- (JSC::DFG::ByteCodeParser::parseBlock):
1951- * dfg/DFGCapabilities.h:
1952- (JSC::DFG::canCompileOpcode):
1953- * jit/JIT.cpp:
1954- (JSC::JIT::privateCompileMainPass):
1955- * jit/JIT.h:
1956- (JIT):
1957- * jit/JITOpcodes.cpp:
1958- (JSC::JIT::emit_op_get_callee):
1959- (JSC):
1960- (JSC::JIT::emit_op_create_this):
1961- * jit/JITOpcodes32_64.cpp:
1962- (JSC::JIT::emit_op_get_callee):
1963- (JSC):
1964- (JSC::JIT::emit_op_create_this):
1965- * llint/LLIntSlowPaths.cpp:
1966- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1967- * llint/LowLevelInterpreter32_64.asm:
1968- * llint/LowLevelInterpreter64.asm:
1969-
1970-2012-11-12 Filip Pizlo <fpizlo@apple.com>
1971-
1972- Unreviewed, fix ARMv7 build.
1973-
1974- * assembler/MacroAssemblerARMv7.h:
1975- (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch):
1976- (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch):
1977-
1978-2012-11-12 Filip Pizlo <fpizlo@apple.com>
1979-
1980- Patching of jumps to stubs should use jump replacement rather than branch destination overwrite
1981- https://bugs.webkit.org/show_bug.cgi?id=101909
1982-
1983- Reviewed by Geoffrey Garen.
1984-
1985- This saves a few instructions in inline cases, on those architectures where it is
1986- easy to figure out where to put the jump replacement. Sub-1% speed-up across the
1987- board.
1988-
1989- * assembler/MacroAssemblerARMv7.h:
1990- (MacroAssemblerARMv7):
1991- (JSC::MacroAssemblerARMv7::canJumpReplacePatchableBranchPtrWithPatch):
1992- (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch):
1993- (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch):
1994- * assembler/MacroAssemblerX86.h:
1995- (JSC::MacroAssemblerX86::canJumpReplacePatchableBranchPtrWithPatch):
1996- (MacroAssemblerX86):
1997- (JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatch):
1998- (JSC::MacroAssemblerX86::revertJumpReplacementToPatchableBranchPtrWithPatch):
1999- * assembler/MacroAssemblerX86_64.h:
2000- (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranchPtrWithPatch):
2001- (MacroAssemblerX86_64):
2002- (JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatch):
2003- (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranchPtrWithPatch):
2004- * assembler/RepatchBuffer.h:
2005- (JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatch):
2006- (RepatchBuffer):
2007- (JSC::RepatchBuffer::replaceWithJump):
2008- (JSC::RepatchBuffer::revertJumpReplacementToPatchableBranchPtrWithPatch):
2009- * assembler/X86Assembler.h:
2010- (X86Assembler):
2011- (JSC::X86Assembler::revertJumpTo_movq_i64r):
2012- (JSC::X86Assembler::revertJumpTo_cmpl_im_force32):
2013- (X86InstructionFormatter):
2014- * bytecode/StructureStubInfo.h:
2015- * dfg/DFGRepatch.cpp:
2016- (JSC::DFG::replaceWithJump):
2017- (DFG):
2018- (JSC::DFG::tryCacheGetByID):
2019- (JSC::DFG::tryBuildGetByIDList):
2020- (JSC::DFG::tryBuildGetByIDProtoList):
2021- (JSC::DFG::tryCachePutByID):
2022- (JSC::DFG::dfgResetGetByID):
2023- (JSC::DFG::dfgResetPutByID):
2024-
2025-2012-11-11 Filip Pizlo <fpizlo@apple.com>
2026-
2027- DFG ArithMul overflow check elimination is too aggressive
2028- https://bugs.webkit.org/show_bug.cgi?id=101871
2029-
2030- Reviewed by Oliver Hunt.
2031-
2032- The code was ignoring the fact that ((a * b) | 0) == (((a | 0) * (b | 0)) | 0)
2033- only holds if a * b < 2^53. So, I changed it to only enable the optimization
2034- when a < 2^22 and b is an int32 (and vice versa), using a super trivial peephole
2035- analysis to prove the inequality. I considered writing an epic forward flow
2036- formulation that tracks the ranges of integer values but then I thought better
2037- of it.
2038-
2039- This also rewires the ArithMul integer speculation logic. Previously, we would
2040- assume that an ArithMul was only UsedAsNumber if it escaped, and separately we
2041- would decide whether to speculate integer based on a proof of the <2^22
2042- inequality. Now, we treat the double rounding behavior of ArithMul as if the
2043- result was UsedAsNumber even if it did not escape. Then we try to prove that
2044- double rounding cannot happen by attemping to prove that a < 2^22. This then
2045- feeds back into the decision of whether or not to speculate integer (if we fail
2046- to prove a < 2^22 then we're UsedAsNumber, and if we're also MayOverflow then
2047- that forces double speculation).
2048-
2049- No performance impact. It just fixes a bug.
2050-
2051- * dfg/DFGGraph.h:
2052- (JSC::DFG::Graph::mulShouldSpeculateInteger):
2053- * dfg/DFGPredictionPropagationPhase.cpp:
2054- (PredictionPropagationPhase):
2055- (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
2056- (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
2057- (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
2058- (JSC::DFG::PredictionPropagationPhase::propagate):
2059-
2060-2012-11-11 Filip Pizlo <fpizlo@apple.com>
2061-
2062- DFG should not emit function checks if we've already proved that the operand is that exact function
2063- https://bugs.webkit.org/show_bug.cgi?id=101885
2064-
2065- Reviewed by Oliver Hunt.
2066-
2067- * dfg/DFGAbstractState.cpp:
2068- (JSC::DFG::AbstractState::execute):
2069- * dfg/DFGAbstractValue.h:
2070- (JSC::DFG::AbstractValue::filterByValue):
2071- (AbstractValue):
2072- * dfg/DFGConstantFoldingPhase.cpp:
2073- (JSC::DFG::ConstantFoldingPhase::foldConstants):
2074-
2075-2012-11-12 Kentaro Hara <haraken@chromium.org>
2076-
2077- [V8][JSC] ScriptProfileNode::callUID needs not to be [Custom]
2078- https://bugs.webkit.org/show_bug.cgi?id=101892
2079-
2080- Reviewed by Adam Barth.
2081-
2082- Added callUID(), which enables us to kill custom bindings for ScriptProfileNode::callUID.
2083-
2084- * profiler/ProfileNode.h:
2085- (JSC::ProfileNode::callUID):
2086-
2087-2012-11-12 Carlos Garcia Campos <cgarcia@igalia.com>
2088-
2089- Unreviewed. Fix make distcheck.
2090-
2091- * GNUmakefile.list.am: Add missing header.
2092-
2093-2012-11-11 Michael Pruett <michael@68k.org>
2094-
2095- Fix assertion failure in JSObject::tryGetIndexQuickly()
2096- https://bugs.webkit.org/show_bug.cgi?id=101869
2097-
2098- Reviewed by Filip Pizlo.
2099-
2100- Currently JSObject::tryGetIndexQuickly() triggers an assertion
2101- failure when the object has an undecided indexing type. This
2102- case should be treated the same as a blank indexing type.
2103-
2104- * runtime/JSObject.h:
2105- (JSC::JSObject::tryGetIndexQuickly):
2106-
2107-2012-11-11 Filip Pizlo <fpizlo@apple.com>
2108-
2109- DFG register allocation should be greedy rather than round-robin
2110- https://bugs.webkit.org/show_bug.cgi?id=101870
2111-
2112- Reviewed by Geoffrey Garen.
2113-
2114- This simplifies the code, reduces some code duplication, and shows some slight
2115- performance improvements in a few places, likely due to the fact that lower-numered
2116- registers also typically have smaller encodings.
2117-
2118- * dfg/DFGRegisterBank.h:
2119- (JSC::DFG::RegisterBank::RegisterBank):
2120- (JSC::DFG::RegisterBank::tryAllocate):
2121- (JSC::DFG::RegisterBank::allocate):
2122- (JSC::DFG::RegisterBank::allocateInternal):
2123- (RegisterBank):
2124-
2125-2012-11-11 Kenichi Ishibashi <bashi@chromium.org>
2126-
2127- WTFString::utf8() should have a mode of conversion to use replacement character
2128- https://bugs.webkit.org/show_bug.cgi?id=101678
2129-
2130- Reviewed by Alexey Proskuryakov.
2131-
2132- Follow the change on String::utf8()
2133-
2134- * runtime/JSGlobalObjectFunctions.cpp:
2135- (JSC::encode): Pass String::StrictConversion instead of true to String::utf8().
2136-
2137-2012-11-10 Filip Pizlo <fpizlo@apple.com>
2138-
2139- DFG should optimize out the NaN check on loads from double arrays if the array prototype chain is having a great time
2140- https://bugs.webkit.org/show_bug.cgi?id=101718
2141-
2142- Reviewed by Geoffrey Garen.
2143-
2144- If we're reading from a JSArray in double mode, where the array's structure is
2145- primordial (all aspects of the structure are unchanged except for indexing type),
2146- and the result of the load is used in arithmetic that is known to not distinguish
2147- between NaN and undefined, then we should not emit a NaN check. Looks like a 5%
2148- win on navier-stokes.
2149-
2150- Also fixed an OpInfo initialization goof for String ops that was revealed by this
2151- change.
2152-
2153- * dfg/DFGAbstractState.cpp:
2154- (JSC::DFG::AbstractState::execute):
2155- * dfg/DFGArrayMode.cpp:
2156- (JSC::DFG::arraySpeculationToString):
2157- * dfg/DFGArrayMode.h:
2158- (JSC::DFG::ArrayMode::isSaneChain):
2159- (ArrayMode):
2160- (JSC::DFG::ArrayMode::isInBounds):
2161- * dfg/DFGByteCodeParser.cpp:
2162- (JSC::DFG::ByteCodeParser::handleIntrinsic):
2163- * dfg/DFGFixupPhase.cpp:
2164- (JSC::DFG::FixupPhase::fixupNode):
2165- * dfg/DFGNodeFlags.cpp:
2166- (JSC::DFG::nodeFlagsAsString):
2167- * dfg/DFGNodeFlags.h:
2168- (DFG):
2169- * dfg/DFGPredictionPropagationPhase.cpp:
2170- (JSC::DFG::PredictionPropagationPhase::propagate):
2171- * dfg/DFGSpeculativeJIT32_64.cpp:
2172- (JSC::DFG::SpeculativeJIT::compile):
2173- * dfg/DFGSpeculativeJIT64.cpp:
2174- (JSC::DFG::SpeculativeJIT::compile):
2175- * runtime/JSGlobalObject.cpp:
2176- (JSC::JSGlobalObject::arrayPrototypeChainIsSane):
2177- (JSC):
2178- * runtime/JSGlobalObject.h:
2179- (JSGlobalObject):
2180-
2181-2012-11-10 Filip Pizlo <fpizlo@apple.com>
2182-
2183- DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true
2184- https://bugs.webkit.org/show_bug.cgi?id=101511
2185-
2186- Reviewed by Geoffrey Garen.
2187-
2188- This is the second attempt at this patch, which fixes the !"" case.
2189-
2190- To make life easier, this moves BranchDirection into BasicBlock so that after
2191- running the CFA, we always know, for each block, what direction the CFA
2192- proved. CFG simplification now both uses and preserves cfaBranchDirection in
2193- its transformations.
2194-
2195- Also made both LogicalNot and Branch check whether the operand is a known cell
2196- with a known structure, and if so, made them do the appropriate folding.
2197-
2198- 5% speed-up on V8/raytrace because it makes raytrace's own null checks
2199- evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact
2200- that we were already doing structure check hoisting.
2201-
2202- * JavaScriptCore.xcodeproj/project.pbxproj:
2203- * dfg/DFGAbstractState.cpp:
2204- (JSC::DFG::AbstractState::endBasicBlock):
2205- (JSC::DFG::AbstractState::execute):
2206- (JSC::DFG::AbstractState::mergeToSuccessors):
2207- * dfg/DFGAbstractState.h:
2208- (AbstractState):
2209- * dfg/DFGBasicBlock.h:
2210- (JSC::DFG::BasicBlock::BasicBlock):
2211- (BasicBlock):
2212- * dfg/DFGBranchDirection.h: Added.
2213- (DFG):
2214- (JSC::DFG::branchDirectionToString):
2215- (JSC::DFG::isKnownDirection):
2216- (JSC::DFG::branchCondition):
2217- * dfg/DFGCFGSimplificationPhase.cpp:
2218- (JSC::DFG::CFGSimplificationPhase::run):
2219- (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2220-
2221-2012-11-10 Sheriff Bot <webkit.review.bot@gmail.com>
2222-
2223- Unreviewed, rolling out r133971.
2224- http://trac.webkit.org/changeset/133971
2225- https://bugs.webkit.org/show_bug.cgi?id=101839
2226-
2227- Causes WebProcess to hang at 100% on www.apple.com (Requested
2228- by kling on #webkit).
2229-
2230- * JavaScriptCore.xcodeproj/project.pbxproj:
2231- * dfg/DFGAbstractState.cpp:
2232- (JSC::DFG::AbstractState::endBasicBlock):
2233- (JSC::DFG::AbstractState::execute):
2234- (JSC::DFG::AbstractState::mergeToSuccessors):
2235- * dfg/DFGAbstractState.h:
2236- (JSC::DFG::AbstractState::branchDirectionToString):
2237- (AbstractState):
2238- * dfg/DFGBasicBlock.h:
2239- (JSC::DFG::BasicBlock::BasicBlock):
2240- (BasicBlock):
2241- * dfg/DFGBranchDirection.h: Removed.
2242- * dfg/DFGCFGSimplificationPhase.cpp:
2243- (JSC::DFG::CFGSimplificationPhase::run):
2244- (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2245-
2246-2012-11-09 Filip Pizlo <fpizlo@apple.com>
2247-
2248- If the DFG ArrayMode says that an access is on an OriginalArray, then the checks should always enforce this
2249- https://bugs.webkit.org/show_bug.cgi?id=101720
2250-
2251- Reviewed by Mark Hahnenberg.
2252-
2253- Previously, "original" arrays was just a hint that we could find the structure
2254- of the array if we needed to even if the array profile didn't have it due to
2255- polymorphism. Now, "original" arrays are a property that is actually checked:
2256- if an array access has ArrayMode::arrayClass() == Array::OriginalArray, then we
2257- can be sure that the code performing the access is dealing with not just a
2258- JSArray, but a JSArray that has no named properties, no indexed accessors, and
2259- the ArrayPrototype as its prototype. This will be useful for optimizations that
2260- are being done as part of https://bugs.webkit.org/show_bug.cgi?id=101720.
2261-
2262- * dfg/DFGAbstractState.cpp:
2263- (JSC::DFG::AbstractState::execute):
2264- * dfg/DFGArrayMode.cpp:
2265- (JSC::DFG::ArrayMode::originalArrayStructure):
2266- (DFG):
2267- (JSC::DFG::ArrayMode::alreadyChecked):
2268- * dfg/DFGArrayMode.h:
2269- (JSC):
2270- (DFG):
2271- (JSC::DFG::ArrayMode::withProfile):
2272- (ArrayMode):
2273- (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
2274- * dfg/DFGConstantFoldingPhase.cpp:
2275- (JSC::DFG::ConstantFoldingPhase::foldConstants):
2276- * dfg/DFGFixupPhase.cpp:
2277- (JSC::DFG::FixupPhase::checkArray):
2278- * dfg/DFGSpeculativeJIT.cpp:
2279- (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
2280- (JSC::DFG::SpeculativeJIT::checkArray):
2281- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2282- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2283- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
2284- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
2285- (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
2286- (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
2287-
2288-2012-11-09 Filip Pizlo <fpizlo@apple.com>
2289-
2290- Fix indentation of BooleanPrototype.h
2291-
2292- Rubber stamped by Mark Hahnenberg.
2293-
2294- * runtime/BooleanPrototype.h:
2295-
2296-2012-11-09 Filip Pizlo <fpizlo@apple.com>
2297-
2298- Fix indentation of BooleanObject.h
2299-
2300- Rubber stamped by Mark Hahnenberg.
2301-
2302- * runtime/BooleanObject.h:
2303-
2304-2012-11-09 Filip Pizlo <fpizlo@apple.com>
2305-
2306- Fix indentation of BooleanConstructor.h
2307-
2308- Rubber stamped by Mark Hahnenberg.
2309-
2310- * runtime/BooleanConstructor.h:
2311-
2312-2012-11-09 Filip Pizlo <fpizlo@apple.com>
2313-
2314- Fix indentation of BatchedTransitionOptimizer.h
2315-
2316- Rubber stamped by Mark Hahnenberg.
2317-
2318- * runtime/BatchedTransitionOptimizer.h:
2319-
2320-2012-11-09 Oliver Hunt <oliver@apple.com>
2321-
2322- So Thingy probably isn't the best name for a class, so
2323- renamed to CacheMap.
2324-
2325- RS=Geoff
2326-
2327- * runtime/CodeCache.h:
2328- (JSC::CacheMap::CacheMap):
2329-
2330-2012-11-09 Filip Pizlo <fpizlo@apple.com>
2331-
2332- ArrayPrototype should start out with a blank indexing type
2333- https://bugs.webkit.org/show_bug.cgi?id=101719
2334-
2335- Reviewed by Mark Hahnenberg.
2336-
2337- This allows us to track if the array prototype ever ends up with indexed
2338- properties.
2339-
2340- * runtime/ArrayPrototype.cpp:
2341- (JSC::ArrayPrototype::create):
2342- (JSC::ArrayPrototype::ArrayPrototype):
2343- * runtime/ArrayPrototype.h:
2344- (ArrayPrototype):
2345- (JSC::ArrayPrototype::createStructure):
2346-
2347-2012-11-08 Mark Hahnenberg <mhahnenberg@apple.com>
2348-
2349- MarkStackArray should use the BlockAllocator instead of the MarkStackSegmentAllocator
2350- https://bugs.webkit.org/show_bug.cgi?id=101642
2351-
2352- Reviewed by Filip Pizlo.
2353-
2354- MarkStackSegmentAllocator is like a miniature version of the BlockAllocator. Now that the BlockAllocator has support
2355- for a variety of block sizes, we should get rid of the MarkStackSegmentAllocator in favor of the BlockAllocator.
2356-
2357- * heap/BlockAllocator.h: Add new specializations of regionSetFor for the new MarkStackSegments.
2358- (JSC):
2359- (JSC::MarkStackSegment):
2360- * heap/GCThreadSharedData.cpp:
2361- (JSC::GCThreadSharedData::GCThreadSharedData):
2362- (JSC::GCThreadSharedData::reset):
2363- * heap/GCThreadSharedData.h:
2364- (GCThreadSharedData):
2365- * heap/MarkStack.cpp:
2366- (JSC::MarkStackArray::MarkStackArray): We now have a doubly linked list of MarkStackSegments, so we need to refactor
2367- all the places that used the old custom tail/previous logic.
2368- (JSC::MarkStackArray::~MarkStackArray):
2369- (JSC::MarkStackArray::expand):
2370- (JSC::MarkStackArray::refill):
2371- (JSC::MarkStackArray::donateSomeCellsTo): Refactor to use the new linked list.
2372- (JSC::MarkStackArray::stealSomeCellsFrom): Ditto.
2373- * heap/MarkStack.h:
2374- (JSC):
2375- (MarkStackSegment):
2376- (JSC::MarkStackSegment::MarkStackSegment):
2377- (JSC::MarkStackSegment::sizeFromCapacity):
2378- (MarkStackArray):
2379- * heap/MarkStackInlines.h:
2380- (JSC::MarkStackSegment::create):
2381- (JSC):
2382- (JSC::MarkStackArray::postIncTop):
2383- (JSC::MarkStackArray::preDecTop):
2384- (JSC::MarkStackArray::setTopForFullSegment):
2385- (JSC::MarkStackArray::setTopForEmptySegment):
2386- (JSC::MarkStackArray::top):
2387- (JSC::MarkStackArray::validatePrevious):
2388- (JSC::MarkStackArray::append):
2389- (JSC::MarkStackArray::removeLast):
2390- (JSC::MarkStackArray::isEmpty):
2391- (JSC::MarkStackArray::size):
2392- * heap/SlotVisitor.cpp:
2393- (JSC::SlotVisitor::SlotVisitor):
2394-
2395-2012-11-09 Gabor Ballabas <gaborb@inf.u-szeged.hu>
2396-
2397- [Qt] r133953 broke the ARM_TRADITIONAL build
2398- https://bugs.webkit.org/show_bug.cgi?id=101706
2399-
2400- Reviewed by Csaba Osztrogonác.
2401-
2402- Fix for both hardfp and softfp.
2403-
2404- * dfg/DFGCCallHelpers.h:
2405- (CCallHelpers):
2406- (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2407-
2408-2012-11-09 Sheriff Bot <webkit.review.bot@gmail.com>
2409-
2410- Unreviewed, rolling out r134051.
2411- http://trac.webkit.org/changeset/134051
2412- https://bugs.webkit.org/show_bug.cgi?id=101757
2413-
2414- It didn't fix the build (Requested by Ossy on #webkit).
2415-
2416- * dfg/DFGCCallHelpers.h:
2417- (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2418-
2419-2012-11-09 Gabor Ballabas <gaborb@inf.u-szeged.hu>
2420-
2421- [Qt] r133953 broke the ARM_TRADITIONAL build
2422- https://bugs.webkit.org/show_bug.cgi?id=101706
2423-
2424- Reviewed by Csaba Osztrogonác.
2425-
2426- Fix the ARM_TRADITIONAL build after r133953
2427-
2428- * dfg/DFGCCallHelpers.h:
2429- (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2430- (CCallHelpers):
2431-
2432-2012-11-09 Csaba Osztrogonác <ossy@webkit.org>
2433-
2434- [Qt] Fix the LLINT build from ARMv7 platform
2435- https://bugs.webkit.org/show_bug.cgi?id=101712
2436-
2437- Reviewed by Simon Hausmann.
2438-
2439- Enable generating of LLIntAssembly.h on ARM platforms.
2440-
2441- * DerivedSources.pri:
2442- * JavaScriptCore.pro:
2443-
2444-2012-11-08 Filip Pizlo <fpizlo@apple.com>
2445-
2446- ArrayPrototype.h should have correct indentation
2447-
2448- Rubber stamped by Sam Weinig.
2449-
2450- * runtime/ArrayPrototype.h:
2451-
2452-2012-11-08 Mark Lam <mark.lam@apple.com>
2453-
2454- Renamed ...InlineMethods.h files to ...Inlines.h.
2455- https://bugs.webkit.org/show_bug.cgi?id=101145.
2456-
2457- Reviewed by Geoffrey Garen.
2458-
2459- This is only a refactoring effort to rename the files. There are no
2460- functionality changes.
2461-
2462- * API/JSObjectRef.cpp:
2463- * GNUmakefile.list.am:
2464- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2465- * JavaScriptCore.xcodeproj/project.pbxproj:
2466- * bytecode/CodeBlock.cpp:
2467- * dfg/DFGOperations.cpp:
2468- * heap/ConservativeRoots.cpp:
2469- * heap/CopiedBlock.h:
2470- * heap/CopiedSpace.cpp:
2471- * heap/CopiedSpaceInlineMethods.h: Removed.
2472- * heap/CopiedSpaceInlines.h: Copied from Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h.
2473- * heap/CopyVisitor.cpp:
2474- * heap/CopyVisitorInlineMethods.h: Removed.
2475- * heap/CopyVisitorInlines.h: Copied from Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h.
2476- * heap/GCThread.cpp:
2477- * heap/GCThreadSharedData.cpp:
2478- * heap/HandleStack.cpp:
2479- * heap/Heap.cpp:
2480- * heap/HeapRootVisitor.h:
2481- * heap/MarkStack.cpp:
2482- * heap/MarkStackInlineMethods.h: Removed.
2483- * heap/MarkStackInlines.h: Copied from Source/JavaScriptCore/heap/MarkStackInlineMethods.h.
2484- * heap/SlotVisitor.cpp:
2485- * heap/SlotVisitor.h:
2486- * heap/SlotVisitorInlineMethods.h: Removed.
2487- * heap/SlotVisitorInlines.h: Copied from Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h.
2488- * jit/HostCallReturnValue.cpp:
2489- * jit/JIT.cpp:
2490- * jit/JITArithmetic.cpp:
2491- * jit/JITArithmetic32_64.cpp:
2492- * jit/JITCall.cpp:
2493- * jit/JITCall32_64.cpp:
2494- * jit/JITInlineMethods.h: Removed.
2495- * jit/JITInlines.h: Copied from Source/JavaScriptCore/jit/JITInlineMethods.h.
2496- * jit/JITOpcodes.cpp:
2497- * jit/JITOpcodes32_64.cpp:
2498- * jit/JITPropertyAccess.cpp:
2499- * jit/JITPropertyAccess32_64.cpp:
2500- * jsc.cpp:
2501- * runtime/ArrayConstructor.cpp:
2502- * runtime/ArrayPrototype.cpp:
2503- * runtime/ButterflyInlineMethods.h: Removed.
2504- * runtime/ButterflyInlines.h: Copied from Source/JavaScriptCore/runtime/ButterflyInlineMethods.h.
2505- * runtime/IndexingHeaderInlineMethods.h: Removed.
2506- * runtime/IndexingHeaderInlines.h: Copied from Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h.
2507- * runtime/JSActivation.h:
2508- * runtime/JSArray.cpp:
2509- * runtime/JSArray.h:
2510- * runtime/JSCell.h:
2511- * runtime/JSObject.cpp:
2512- * runtime/JSValueInlineMethods.h: Removed.
2513- * runtime/JSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlineMethods.h.
2514- * runtime/LiteralParser.cpp:
2515- * runtime/ObjectConstructor.cpp:
2516- * runtime/Operations.h:
2517- * runtime/RegExpMatchesArray.cpp:
2518- * runtime/RegExpObject.cpp:
2519- * runtime/StringPrototype.cpp:
2520-
2521-2012-11-08 Filip Pizlo <fpizlo@apple.com>
2522-
2523- ArrayConstructor.h should have correct indentation
2524-
2525- Rubber stamped by Sam Weinig.
2526-
2527- * runtime/ArrayConstructor.h:
2528-
2529-2012-11-08 Filip Pizlo <fpizlo@apple.com>
2530-
2531- DFG should know that int == null is always false
2532- https://bugs.webkit.org/show_bug.cgi?id=101665
2533-
2534- Reviewed by Oliver Hunt.
2535-
2536- * dfg/DFGAbstractState.cpp:
2537- (JSC::DFG::AbstractState::execute):
2538-
2539-2012-11-08 Filip Pizlo <fpizlo@apple.com>
2540-
2541- Arguments.h should have correct indentation
2542-
2543- Rubber stamped by Sam Weinig.
2544-
2545- * runtime/Arguments.h:
2546-
2547-2012-11-08 Filip Pizlo <fpizlo@apple.com>
2548-
2549- It should be possible to JIT compile get_by_vals and put_by_vals even if the DFG is disabled.
2550-
2551- Reviewed by Oliver Hunt.
2552-
2553- * jit/JITInlineMethods.h:
2554- (JSC::JIT::chooseArrayMode):
2555-
2556-2012-11-08 Filip Pizlo <fpizlo@apple.com>
2557-
2558- op_call should have LLInt call link info even if the DFG is disabled
2559- https://bugs.webkit.org/show_bug.cgi?id=101672
2560-
2561- Reviewed by Oliver Hunt.
2562-
2563- Get rid of the evil uses of fall-through.
2564-
2565- * bytecode/CodeBlock.cpp:
2566- (JSC::CodeBlock::CodeBlock):
2567-
2568-2012-11-08 Oliver Hunt <oliver@apple.com>
2569-
2570- Improve effectiveness of function-level caching
2571- https://bugs.webkit.org/show_bug.cgi?id=101667
2572-
2573- Reviewed by Filip Pizlo.
2574-
2575- Added a random-eviction based cache for unlinked functions, and switch
2576- UnlinkedFunctionExecutable's code references to Weak<>, thereby letting
2577- us remove the explicit UnlinkedFunctionExecutable::clearCode() calls that
2578- were being triggered by GC.
2579-
2580- Refactored the random eviction part of the CodeCache into a separate data
2581- structure so that I didn't have to duplicate the code again, and then used
2582- that for the new function cache.
2583-
2584- * bytecode/UnlinkedCodeBlock.cpp:
2585- (JSC::UnlinkedFunctionExecutable::visitChildren):
2586- (JSC::UnlinkedFunctionExecutable::codeBlockFor):
2587- * bytecode/UnlinkedCodeBlock.h:
2588- (JSC::UnlinkedFunctionExecutable::clearCodeForRecompilation):
2589- (UnlinkedFunctionExecutable):
2590- * debugger/Debugger.cpp:
2591- * runtime/CodeCache.cpp:
2592- (JSC::CodeCache::getCodeBlock):
2593- (JSC::CodeCache::generateFunctionCodeBlock):
2594- (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2595- (JSC::CodeCache::usedFunctionCode):
2596- (JSC):
2597- * runtime/Executable.cpp:
2598- (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilationIfNotCompiling):
2599- (JSC::FunctionExecutable::clearCode):
2600- * runtime/Executable.h:
2601- (FunctionExecutable):
2602-
2603-2012-11-07 Filip Pizlo <fpizlo@apple.com>
2604-
2605- DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true
2606- https://bugs.webkit.org/show_bug.cgi?id=101511
2607-
2608- Reviewed by Oliver Hunt.
2609-
2610- To make life easier, this moves BranchDirection into BasicBlock so that after
2611- running the CFA, we always know, for each block, what direction the CFA
2612- proved. CFG simplification now both uses and preserves cfaBranchDirection in
2613- its transformations.
2614-
2615- Also made both LogicalNot and Branch check whether the operand is a known cell
2616- with a known structure, and if so, made them do the appropriate folding.
2617-
2618- 5% speed-up on V8/raytrace because it makes raytrace's own null checks
2619- evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact
2620- that we were already doing structure check hoisting.
2621-
2622- * JavaScriptCore.xcodeproj/project.pbxproj:
2623- * dfg/DFGAbstractState.cpp:
2624- (JSC::DFG::AbstractState::endBasicBlock):
2625- (JSC::DFG::AbstractState::execute):
2626- (JSC::DFG::AbstractState::mergeToSuccessors):
2627- * dfg/DFGAbstractState.h:
2628- (AbstractState):
2629- * dfg/DFGBasicBlock.h:
2630- (JSC::DFG::BasicBlock::BasicBlock):
2631- (BasicBlock):
2632- * dfg/DFGBranchDirection.h: Added.
2633- (DFG):
2634- (JSC::DFG::branchDirectionToString):
2635- (JSC::DFG::isKnownDirection):
2636- (JSC::DFG::branchCondition):
2637- * dfg/DFGCFGSimplificationPhase.cpp:
2638- (JSC::DFG::CFGSimplificationPhase::run):
2639- (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2640-
2641-2012-11-08 Christophe Dumez <christophe.dumez@intel.com>
2642-
2643- [JSC] HTML extensions to String.prototype should escape " as &quot; in argument values
2644- https://bugs.webkit.org/show_bug.cgi?id=90667
2645-
2646- Reviewed by Benjamin Poulain.
2647-
2648- Escape quotation mark as &quot; in argument values to:
2649- - String.prototype.anchor(name)
2650- - String.prototype.fontcolor(color)
2651- - String.prototype.fontsize(size)
2652- - String.prototype.link(href)
2653-
2654- This behavior matches Chromium/V8 and Firefox/Spidermonkey
2655- implementations and is requited by:
2656- http://mathias.html5.org/specs/javascript/#escapeattributevalue
2657-
2658- This also fixes a potential security risk (XSS vector).
2659-
2660- * runtime/StringPrototype.cpp:
2661- (JSC::stringProtoFuncFontcolor):
2662- (JSC::stringProtoFuncFontsize):
2663- (JSC::stringProtoFuncAnchor):
2664- (JSC::stringProtoFuncLink):
2665-
2666-2012-11-08 Anders Carlsson <andersca@apple.com>
2667-
2668- HeapStatistics::s_pauseTimeStarts and s_pauseTimeEnds should be Vectors
2669- https://bugs.webkit.org/show_bug.cgi?id=101651
2670-
2671- Reviewed by Andreas Kling.
2672-
2673- HeapStatistics uses Deques when Vectors would work just as good.
2674-
2675- * heap/HeapStatistics.cpp:
2676- * heap/HeapStatistics.h:
2677- (HeapStatistics):
2678-
2679-2012-11-07 Filip Pizlo <fpizlo@apple.com>
2680-
2681- DFG should not assume that something is a double just because it might be undefined
2682- https://bugs.webkit.org/show_bug.cgi?id=101438
2683-
2684- Reviewed by Oliver Hunt.
2685-
2686- This changes all non-bitop arithmetic to (a) statically expect that variables are
2687- defined prior to use in arithmetic and (b) not fall off into double paths just
2688- because a value may not be a number. This is accomplished with two new notions of
2689- speculation:
2690-
2691- shouldSpeculateIntegerExpectingDefined: Should we speculate that the value is an
2692- integer if we ignore undefined (i.e. SpecOther) predictions?
2693-
2694- shouldSpeculateIntegerForArithmetic: Should we speculate that the value is an
2695- integer if we ignore non-numeric predictions?
2696-
2697- This is a ~2x speed-up on programs that seem to our prediction propagator to have
2698- paths in which otherwise numeric variables are undefined.
2699-
2700- * bytecode/SpeculatedType.h:
2701- (JSC::isInt32SpeculationForArithmetic):
2702- (JSC):
2703- (JSC::isInt32SpeculationExpectingDefined):
2704- (JSC::isDoubleSpeculationForArithmetic):
2705- (JSC::isNumberSpeculationExpectingDefined):
2706- * dfg/DFGAbstractState.cpp:
2707- (JSC::DFG::AbstractState::execute):
2708- * dfg/DFGFixupPhase.cpp:
2709- (JSC::DFG::FixupPhase::fixupNode):
2710- * dfg/DFGGraph.h:
2711- (JSC::DFG::Graph::addShouldSpeculateInteger):
2712- (JSC::DFG::Graph::mulShouldSpeculateInteger):
2713- (JSC::DFG::Graph::negateShouldSpeculateInteger):
2714- (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
2715- (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
2716- * dfg/DFGNode.h:
2717- (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
2718- (Node):
2719- (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
2720- (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
2721- (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
2722- * dfg/DFGPredictionPropagationPhase.cpp:
2723- (JSC::DFG::PredictionPropagationPhase::propagate):
2724- (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2725- * dfg/DFGSpeculativeJIT.cpp:
2726- (JSC::DFG::SpeculativeJIT::compileAdd):
2727- (JSC::DFG::SpeculativeJIT::compileArithMod):
2728- * dfg/DFGSpeculativeJIT32_64.cpp:
2729- (JSC::DFG::SpeculativeJIT::compile):
2730- * dfg/DFGSpeculativeJIT64.cpp:
2731- (JSC::DFG::SpeculativeJIT::compile):
2732- * jit/JITArithmetic.cpp:
2733- (JSC::JIT::emit_op_div):
2734-
2735-2012-11-06 Filip Pizlo <fpizlo@apple.com>
2736-
2737- JSC should infer when indexed storage contains only integers or doubles
2738- https://bugs.webkit.org/show_bug.cgi?id=98606
2739-
2740- Reviewed by Oliver Hunt.
2741-
2742- This adds two new indexing types: int32 and double. It also adds array allocation profiling,
2743- which allows array allocations to converge to allocating arrays using those types to which
2744- those arrays would have been converted.
2745-
2746- 20% speed-up on navier-stokes. 40% speed-up on various Kraken DSP tests. Some slow-downs too,
2747- but a performance win overall on all benchmarks we track.
2748-
2749- * API/JSObjectRef.cpp:
2750- (JSObjectMakeArray):
2751- * CMakeLists.txt:
2752- * GNUmakefile.list.am:
2753- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2754- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2755- * JavaScriptCore.xcodeproj/project.pbxproj:
2756- * Target.pri:
2757- * assembler/AbstractMacroAssembler.h:
2758- (JumpList):
2759- (JSC::AbstractMacroAssembler::JumpList::JumpList):
2760- * assembler/MacroAssemblerX86Common.h:
2761- (JSC::MacroAssemblerX86Common::branchDouble):
2762- * assembler/X86Assembler.h:
2763- (JSC::X86Assembler::jnp):
2764- (X86Assembler):
2765- (JSC::X86Assembler::X86InstructionFormatter::emitRex):
2766- * bytecode/ArrayAllocationProfile.cpp: Added.
2767- (JSC):
2768- (JSC::ArrayAllocationProfile::updateIndexingType):
2769- * bytecode/ArrayAllocationProfile.h: Added.
2770- (JSC):
2771- (ArrayAllocationProfile):
2772- (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
2773- (JSC::ArrayAllocationProfile::selectIndexingType):
2774- (JSC::ArrayAllocationProfile::updateLastAllocation):
2775- (JSC::ArrayAllocationProfile::selectIndexingTypeFor):
2776- (JSC::ArrayAllocationProfile::updateLastAllocationFor):
2777- * bytecode/ArrayProfile.cpp:
2778- (JSC::ArrayProfile::updatedObservedArrayModes):
2779- (JSC):
2780- * bytecode/ArrayProfile.h:
2781- (JSC):
2782- (JSC::arrayModesInclude):
2783- (JSC::shouldUseSlowPutArrayStorage):
2784- (JSC::shouldUseFastArrayStorage):
2785- (JSC::shouldUseContiguous):
2786- (JSC::shouldUseDouble):
2787- (JSC::shouldUseInt32):
2788- (ArrayProfile):
2789- * bytecode/ByValInfo.h:
2790- (JSC::isOptimizableIndexingType):
2791- (JSC::jitArrayModeForIndexingType):
2792- * bytecode/CodeBlock.cpp:
2793- (JSC::CodeBlock::dump):
2794- (JSC::CodeBlock::CodeBlock):
2795- (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2796- (JSC):
2797- (JSC::CodeBlock::updateAllValueProfilePredictions):
2798- (JSC::CodeBlock::updateAllArrayPredictions):
2799- (JSC::CodeBlock::updateAllPredictions):
2800- (JSC::CodeBlock::shouldOptimizeNow):
2801- * bytecode/CodeBlock.h:
2802- (CodeBlock):
2803- (JSC::CodeBlock::numberOfArrayAllocationProfiles):
2804- (JSC::CodeBlock::addArrayAllocationProfile):
2805- (JSC::CodeBlock::updateAllValueProfilePredictions):
2806- (JSC::CodeBlock::updateAllArrayPredictions):
2807- * bytecode/DFGExitProfile.h:
2808- (JSC::DFG::exitKindToString):
2809- * bytecode/Instruction.h:
2810- (JSC):
2811- (JSC::Instruction::Instruction):
2812- * bytecode/Opcode.h:
2813- (JSC):
2814- (JSC::padOpcodeName):
2815- * bytecode/SpeculatedType.h:
2816- (JSC):
2817- (JSC::isRealNumberSpeculation):
2818- * bytecode/UnlinkedCodeBlock.cpp:
2819- (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2820- * bytecode/UnlinkedCodeBlock.h:
2821- (JSC):
2822- (JSC::UnlinkedCodeBlock::addArrayAllocationProfile):
2823- (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles):
2824- (UnlinkedCodeBlock):
2825- * bytecompiler/BytecodeGenerator.cpp:
2826- (JSC::BytecodeGenerator::newArrayAllocationProfile):
2827- (JSC):
2828- (JSC::BytecodeGenerator::emitNewArray):
2829- (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2830- * bytecompiler/BytecodeGenerator.h:
2831- (BytecodeGenerator):
2832- * dfg/DFGAbstractState.cpp:
2833- (JSC::DFG::AbstractState::execute):
2834- * dfg/DFGArrayMode.cpp:
2835- (JSC::DFG::ArrayMode::fromObserved):
2836- (JSC::DFG::ArrayMode::refine):
2837- (DFG):
2838- (JSC::DFG::ArrayMode::alreadyChecked):
2839- (JSC::DFG::arrayTypeToString):
2840- * dfg/DFGArrayMode.h:
2841- (JSC::DFG::ArrayMode::withType):
2842- (ArrayMode):
2843- (JSC::DFG::ArrayMode::withTypeAndConversion):
2844- (JSC::DFG::ArrayMode::usesButterfly):
2845- (JSC::DFG::ArrayMode::isSpecific):
2846- (JSC::DFG::ArrayMode::supportsLength):
2847- (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
2848- * dfg/DFGByteCodeParser.cpp:
2849- (JSC::DFG::ByteCodeParser::getArrayMode):
2850- (ByteCodeParser):
2851- (JSC::DFG::ByteCodeParser::handleIntrinsic):
2852- (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2853- (JSC::DFG::ByteCodeParser::parseBlock):
2854- * dfg/DFGCCallHelpers.h:
2855- (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2856- (CCallHelpers):
2857- * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2858- (JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal):
2859- (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal):
2860- * dfg/DFGFixupPhase.cpp:
2861- (JSC::DFG::FixupPhase::fixupNode):
2862- (JSC::DFG::FixupPhase::checkArray):
2863- * dfg/DFGGraph.cpp:
2864- (JSC::DFG::Graph::dump):
2865- * dfg/DFGGraph.h:
2866- (JSC::DFG::Graph::byValIsPure):
2867- * dfg/DFGNode.h:
2868- (NewArrayBufferData):
2869- (JSC::DFG::Node::hasIndexingType):
2870- (Node):
2871- (JSC::DFG::Node::indexingType):
2872- (JSC::DFG::Node::setIndexingType):
2873- * dfg/DFGOperations.cpp:
2874- * dfg/DFGOperations.h:
2875- * dfg/DFGPredictionPropagationPhase.cpp:
2876- (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2877- * dfg/DFGSpeculativeJIT.cpp:
2878- (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
2879- (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
2880- (DFG):
2881- (JSC::DFG::SpeculativeJIT::checkArray):
2882- (JSC::DFG::SpeculativeJIT::arrayify):
2883- (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
2884- (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
2885- * dfg/DFGSpeculativeJIT.h:
2886- (JSC::DFG::SpeculativeJIT::callOperation):
2887- (SpeculativeJIT):
2888- (SpeculateIntegerOperand):
2889- (JSC::DFG::SpeculateIntegerOperand::use):
2890- (SpeculateDoubleOperand):
2891- (JSC::DFG::SpeculateDoubleOperand::use):
2892- * dfg/DFGSpeculativeJIT32_64.cpp:
2893- (DFG):
2894- (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
2895- (JSC::DFG::SpeculativeJIT::compile):
2896- * dfg/DFGSpeculativeJIT64.cpp:
2897- (JSC::DFG::SpeculativeJIT::compile):
2898- * jit/JIT.h:
2899- (JSC::JIT::emitInt32GetByVal):
2900- (JIT):
2901- (JSC::JIT::emitInt32PutByVal):
2902- (JSC::JIT::emitDoublePutByVal):
2903- (JSC::JIT::emitContiguousPutByVal):
2904- * jit/JITExceptions.cpp:
2905- (JSC::genericThrow):
2906- * jit/JITInlineMethods.h:
2907- (JSC::arrayProfileSaw):
2908- (JSC::JIT::chooseArrayMode):
2909- * jit/JITOpcodes.cpp:
2910- (JSC::JIT::emit_op_new_array):
2911- (JSC::JIT::emit_op_new_array_with_size):
2912- (JSC::JIT::emit_op_new_array_buffer):
2913- * jit/JITPropertyAccess.cpp:
2914- (JSC::JIT::emit_op_get_by_val):
2915- (JSC::JIT::emitDoubleGetByVal):
2916- (JSC):
2917- (JSC::JIT::emitContiguousGetByVal):
2918- (JSC::JIT::emit_op_put_by_val):
2919- (JSC::JIT::emitGenericContiguousPutByVal):
2920- (JSC::JIT::emitSlow_op_put_by_val):
2921- (JSC::JIT::privateCompileGetByVal):
2922- (JSC::JIT::privateCompilePutByVal):
2923- * jit/JITPropertyAccess32_64.cpp:
2924- (JSC::JIT::emit_op_get_by_val):
2925- (JSC::JIT::emitContiguousGetByVal):
2926- (JSC::JIT::emitDoubleGetByVal):
2927- (JSC):
2928- (JSC::JIT::emit_op_put_by_val):
2929- (JSC::JIT::emitGenericContiguousPutByVal):
2930- (JSC::JIT::emitSlow_op_put_by_val):
2931- * jit/JITStubs.cpp:
2932- (JSC::DEFINE_STUB_FUNCTION):
2933- * jit/JITStubs.h:
2934- (JSC):
2935- * jsc.cpp:
2936- (GlobalObject::finishCreation):
2937- * llint/LLIntSlowPaths.cpp:
2938- (JSC::LLInt::jitCompileAndSetHeuristics):
2939- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2940- * llint/LowLevelInterpreter.asm:
2941- * llint/LowLevelInterpreter32_64.asm:
2942- * llint/LowLevelInterpreter64.asm:
2943- * offlineasm/x86.rb:
2944- * runtime/ArrayConstructor.cpp:
2945- (JSC::constructArrayWithSizeQuirk):
2946- * runtime/ArrayConstructor.h:
2947- (JSC):
2948- * runtime/ArrayPrototype.cpp:
2949- (JSC::arrayProtoFuncConcat):
2950- (JSC::arrayProtoFuncSlice):
2951- (JSC::arrayProtoFuncSplice):
2952- (JSC::arrayProtoFuncFilter):
2953- (JSC::arrayProtoFuncMap):
2954- * runtime/Butterfly.h:
2955- (JSC::Butterfly::contiguousInt32):
2956- (JSC::Butterfly::contiguousDouble):
2957- (JSC::Butterfly::fromContiguous):
2958- * runtime/ButterflyInlineMethods.h:
2959- (JSC::Butterfly::createUninitializedDuringCollection):
2960- * runtime/FunctionPrototype.cpp:
2961- (JSC::functionProtoFuncBind):
2962- * runtime/IndexingHeaderInlineMethods.h:
2963- (JSC::IndexingHeader::indexingPayloadSizeInBytes):
2964- * runtime/IndexingType.cpp:
2965- (JSC::leastUpperBoundOfIndexingTypes):
2966- (JSC):
2967- (JSC::leastUpperBoundOfIndexingTypeAndType):
2968- (JSC::leastUpperBoundOfIndexingTypeAndValue):
2969- (JSC::indexingTypeToString):
2970- * runtime/IndexingType.h:
2971- (JSC):
2972- (JSC::hasUndecided):
2973- (JSC::hasInt32):
2974- (JSC::hasDouble):
2975- * runtime/JSArray.cpp:
2976- (JSC::JSArray::setLength):
2977- (JSC::JSArray::pop):
2978- (JSC::JSArray::push):
2979- (JSC::JSArray::shiftCountWithAnyIndexingType):
2980- (JSC::JSArray::unshiftCountWithAnyIndexingType):
2981- (JSC::compareNumbersForQSortWithInt32):
2982- (JSC):
2983- (JSC::compareNumbersForQSortWithDouble):
2984- (JSC::JSArray::sortNumericVector):
2985- (JSC::JSArray::sortNumeric):
2986- (JSC::JSArray::sortCompactedVector):
2987- (JSC::JSArray::sort):
2988- (JSC::JSArray::sortVector):
2989- (JSC::JSArray::fillArgList):
2990- (JSC::JSArray::copyToArguments):
2991- (JSC::JSArray::compactForSorting):
2992- * runtime/JSArray.h:
2993- (JSArray):
2994- (JSC::createContiguousArrayButterfly):
2995- (JSC::JSArray::create):
2996- (JSC::JSArray::tryCreateUninitialized):
2997- * runtime/JSGlobalObject.cpp:
2998- (JSC::JSGlobalObject::reset):
2999- (JSC):
3000- (JSC::JSGlobalObject::haveABadTime):
3001- (JSC::JSGlobalObject::visitChildren):
3002- * runtime/JSGlobalObject.h:
3003- (JSGlobalObject):
3004- (JSC::JSGlobalObject::originalArrayStructureForIndexingType):
3005- (JSC::JSGlobalObject::arrayStructureForIndexingTypeDuringAllocation):
3006- (JSC::JSGlobalObject::arrayStructureForProfileDuringAllocation):
3007- (JSC::JSGlobalObject::isOriginalArrayStructure):
3008- (JSC::constructEmptyArray):
3009- (JSC::constructArray):
3010- * runtime/JSObject.cpp:
3011- (JSC::JSObject::copyButterfly):
3012- (JSC::JSObject::getOwnPropertySlotByIndex):
3013- (JSC::JSObject::putByIndex):
3014- (JSC::JSObject::enterDictionaryIndexingMode):
3015- (JSC::JSObject::createInitialIndexedStorage):
3016- (JSC):
3017- (JSC::JSObject::createInitialUndecided):
3018- (JSC::JSObject::createInitialInt32):
3019- (JSC::JSObject::createInitialDouble):
3020- (JSC::JSObject::createInitialContiguous):
3021- (JSC::JSObject::convertUndecidedToInt32):
3022- (JSC::JSObject::convertUndecidedToDouble):
3023- (JSC::JSObject::convertUndecidedToContiguous):
3024- (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
3025- (JSC::JSObject::convertUndecidedToArrayStorage):
3026- (JSC::JSObject::convertInt32ToDouble):
3027- (JSC::JSObject::convertInt32ToContiguous):
3028- (JSC::JSObject::convertInt32ToArrayStorage):
3029- (JSC::JSObject::convertDoubleToContiguous):
3030- (JSC::JSObject::convertDoubleToArrayStorage):
3031- (JSC::JSObject::convertContiguousToArrayStorage):
3032- (JSC::JSObject::convertUndecidedForValue):
3033- (JSC::JSObject::convertInt32ForValue):
3034- (JSC::JSObject::setIndexQuicklyToUndecided):
3035- (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
3036- (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
3037- (JSC::JSObject::ensureInt32Slow):
3038- (JSC::JSObject::ensureDoubleSlow):
3039- (JSC::JSObject::ensureContiguousSlow):
3040- (JSC::JSObject::ensureArrayStorageSlow):
3041- (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
3042- (JSC::JSObject::switchToSlowPutArrayStorage):
3043- (JSC::JSObject::deletePropertyByIndex):
3044- (JSC::JSObject::getOwnPropertyNames):
3045- (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
3046- (JSC::JSObject::putByIndexBeyondVectorLength):
3047- (JSC::JSObject::putDirectIndexBeyondVectorLength):
3048- (JSC::JSObject::getNewVectorLength):
3049- (JSC::JSObject::countElements):
3050- (JSC::JSObject::ensureLengthSlow):
3051- (JSC::JSObject::getOwnPropertyDescriptor):
3052- * runtime/JSObject.h:
3053- (JSC::JSObject::getArrayLength):
3054- (JSC::JSObject::getVectorLength):
3055- (JSC::JSObject::canGetIndexQuickly):
3056- (JSC::JSObject::getIndexQuickly):
3057- (JSC::JSObject::tryGetIndexQuickly):
3058- (JSC::JSObject::canSetIndexQuickly):
3059- (JSC::JSObject::canSetIndexQuicklyForPutDirect):
3060- (JSC::JSObject::setIndexQuickly):
3061- (JSC::JSObject::initializeIndex):
3062- (JSC::JSObject::hasSparseMap):
3063- (JSC::JSObject::inSparseIndexingMode):
3064- (JSObject):
3065- (JSC::JSObject::ensureInt32):
3066- (JSC::JSObject::ensureDouble):
3067- (JSC::JSObject::ensureLength):
3068- (JSC::JSObject::indexingData):
3069- (JSC::JSObject::currentIndexingData):
3070- (JSC::JSObject::getHolyIndexQuickly):
3071- (JSC::JSObject::relevantLength):
3072- (JSC::JSObject::currentRelevantLength):
3073- * runtime/JSValue.cpp:
3074- (JSC::JSValue::description):
3075- * runtime/LiteralParser.cpp:
3076- (JSC::::parse):
3077- * runtime/ObjectConstructor.cpp:
3078- (JSC::objectConstructorGetOwnPropertyNames):
3079- (JSC::objectConstructorKeys):
3080- * runtime/StringPrototype.cpp:
3081- (JSC::stringProtoFuncMatch):
3082- (JSC::stringProtoFuncSplit):
3083- * runtime/Structure.cpp:
3084- (JSC::Structure::nonPropertyTransition):
3085- * runtime/StructureTransitionTable.h:
3086- (JSC::newIndexingType):
3087-
3088-2012-11-08 Balazs Kilvady <kilvadyb@homejinni.com>
3089-
3090- ASSERT problem on MIPS
3091- https://bugs.webkit.org/show_bug.cgi?id=100589
3092-
3093- Reviewed by Oliver Hunt.
3094-
3095- ASSERT fix for MIPS arch.
3096-
3097- * jit/JITOpcodes.cpp:
3098- (JSC::JIT::emit_resolve_operations):
3099-
3100-2012-11-08 Michael Saboff <msaboff@apple.com>
3101-
3102- OpaqueJSClassContextData() should use StringImpl::isolatedCopy() to make string copies
3103- https://bugs.webkit.org/show_bug.cgi?id=101507
3104-
3105- Reviewed by Andreas Kling.
3106-
3107- Changed to use isolatedCopy() for key Strings.
3108-
3109- * API/JSClassRef.cpp:
3110- (OpaqueJSClassContextData::OpaqueJSClassContextData):
3111-
3112-2012-11-07 Mark Hahnenberg <mhahnenberg@apple.com>
3113-
3114- WeakBlocks should be HeapBlocks
3115- https://bugs.webkit.org/show_bug.cgi?id=101411
3116-
3117- Reviewed by Oliver Hunt.
3118-
3119- Currently WeakBlocks use fastMalloc memory. They are very similar to the other HeapBlocks, however,
3120- so we should change them to being allocated with the BlockAllocator.
3121-
3122- * heap/BlockAllocator.cpp:
3123- (JSC::BlockAllocator::BlockAllocator):
3124- * heap/BlockAllocator.h: Added a new RegionSet for WeakBlocks.
3125- (JSC):
3126- (BlockAllocator):
3127- (JSC::WeakBlock):
3128- * heap/Heap.h: Friended WeakSet to allow access to the BlockAllocator.
3129- (Heap):
3130- * heap/WeakBlock.cpp:
3131- (JSC::WeakBlock::create): Refactored to use HeapBlocks rather than fastMalloc.
3132- (JSC::WeakBlock::WeakBlock):
3133- * heap/WeakBlock.h: Changed the WeakBlock size to 4 KB so that it divides evenly into the Region size.
3134- (JSC):
3135- (WeakBlock):
3136- * heap/WeakSet.cpp:
3137- (JSC::WeakSet::~WeakSet):
3138- (JSC::WeakSet::addAllocator):
3139-
3140-2012-11-07 Filip Pizlo <fpizlo@apple.com>
3141-
3142- Indentation of ArgList.h is wrong
3143- https://bugs.webkit.org/show_bug.cgi?id=101441
3144-
3145- Reviewed by Andreas Kling.
3146-
3147- Just unindented by 4 spaces.
3148-
3149- * runtime/ArgList.h:
3150-
3151-2012-11-07 Gabor Ballabas <gaborb@inf.u-szeged.hu>
3152-
3153- [Qt][ARM] REGRESSION(r133688): It made all JSC and layout tests crash on ARM traditional platform
3154- https://bugs.webkit.org/show_bug.cgi?id=101465
3155-
3156- Reviewed by Oliver Hunt.
3157-
3158- Fix failing javascriptcore tests on ARM after r133688
3159-
3160- * bytecode/CodeBlock.cpp:
3161- (JSC::CodeBlock::CodeBlock):
3162-
3163-2012-11-06 Oliver Hunt <oliver@apple.com>
3164-
3165- Reduce parser overhead in JSC
3166- https://bugs.webkit.org/show_bug.cgi?id=101127
3167-
3168- Reviewed by Filip Pizlo.
3169-
3170- An exciting journey into the world of architecture in which our hero
3171- adds yet another layer to JSC codegeneration.
3172-
3173- This patch adds a marginally more compact form of bytecode that is
3174- free from any data specific to a given execution context, and that
3175- does store any data structures necessary for execution. To actually
3176- execute this UnlinkedBytecode we still need to instantiate a real
3177- CodeBlock, but this is a much faster linear time operation than any
3178- of the earlier parsing or code generation passes.
3179-
3180- As the unlinked code is context free we can then simply use a cache
3181- from source to unlinked code mapping to completely avoid all of the
3182- old parser overhead. The cache is currently very simple and memory
3183- heavy, using the complete source text as a key (rather than SourceCode
3184- or equivalent), and a random eviction policy.
3185-
3186- This seems to produce a substantial win when loading identical content
3187- in different contexts.
3188-
3189- * API/tests/testapi.c:
3190- (main):
3191- * CMakeLists.txt:
3192- * GNUmakefile.list.am:
3193- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3194- * JavaScriptCore.xcodeproj/project.pbxproj:
3195- * bytecode/CodeBlock.cpp:
3196- * bytecode/CodeBlock.h:
3197- Moved a number of fields, and a bunch of logic to UnlinkedCodeBlock.h/cpp
3198- * bytecode/Opcode.h:
3199- Added a global const init no op instruction needed to get correct
3200- behaviour without any associated semantics.
3201- * bytecode/UnlinkedCodeBlock.cpp: Added.
3202- * bytecode/UnlinkedCodeBlock.h: Added.
3203- A fairly shallow, GC allocated version of the old CodeBlock
3204- classes with a 32bit instruction size, and just metadata
3205- size tracking.
3206- * bytecompiler/BytecodeGenerator.cpp:
3207- * bytecompiler/BytecodeGenerator.h:
3208- Replace direct access to m_symbolTable with access through
3209- symbolTable(). ProgramCode no longer has a symbol table at
3210- all so some previously unconditional (and pointless) uses
3211- of symbolTable get null checks.
3212- A few other changes to deal with type changes due to us generating
3213- unlinked code (eg. pointer free, so profile indices rather than
3214- pointers).
3215- * dfg/DFGByteCodeParser.cpp:
3216- * dfg/DFGCapabilities.h:
3217- Support global_init_nop
3218- * interpreter/Interpreter.cpp:
3219- Now get the ProgramExecutable to initialise new global properties
3220- before starting execution.
3221- * jit/JIT.cpp:
3222- * jit/JITDriver.h:
3223- * jit/JITStubs.cpp:
3224- * llint/LLIntData.cpp:
3225- * llint/LLIntSlowPaths.cpp:
3226- * llint/LowLevelInterpreter.asm:
3227- * llint/LowLevelInterpreter32_64.asm:
3228- * llint/LowLevelInterpreter64.asm:
3229- Adding init_global_const_nop everywhere else
3230- * parser/Parser.h:
3231- * parser/ParserModes.h: Added.
3232- * parser/ParserTokens.h:
3233- Parser no longer needs a global object or callframe to function
3234- * runtime/CodeCache.cpp: Added.
3235- * runtime/CodeCache.h: Added.
3236- A simple, random eviction, Source->UnlinkedCode cache
3237- * runtime/Executable.cpp:
3238- * runtime/Executable.h:
3239- Executables now reference their unlinked counterparts, and
3240- request code specifically for the target global object.
3241- * runtime/JSGlobalData.cpp:
3242- * runtime/JSGlobalData.h:
3243- GlobalData now owns a CodeCache and a set of new structures
3244- for the unlinked code types.
3245- * runtime/JSGlobalObject.cpp:
3246- * runtime/JSGlobalObject.h:
3247- Utility functions used by executables to perform compilation
3248-
3249- * runtime/JSType.h:
3250- Add new JSTypes for unlinked code
3251-
3252-2012-11-06 Michael Saboff <msaboff@apple.com>
3253-
3254- JSStringCreateWithCFString() Should create an 8 bit String if possible
3255- https://bugs.webkit.org/show_bug.cgi?id=101104
3256-
3257- Reviewed by Darin Adler.
3258-
3259- Try converting the CFString to an 8 bit string using CFStringGetBytes(...,
3260- kCFStringEncodingISOLatin1, ...) and return the 8 bit string if successful.
3261- If not proceed with 16 bit conversion.
3262-
3263- * API/JSStringRefCF.cpp:
3264- (JSStringCreateWithCFString):
3265-
3266-2012-11-06 Oliver Hunt <oliver@apple.com>
3267-
3268- Reduce direct m_symbolTable usage in CodeBlock
3269- https://bugs.webkit.org/show_bug.cgi?id=101391
3270-
3271- Reviewed by Sam Weinig.
3272-
3273- Simple refactoring.
3274-
3275- * bytecode/CodeBlock.cpp:
3276- (JSC::CodeBlock::dump):
3277- (JSC::CodeBlock::dumpStatistics):
3278- (JSC::CodeBlock::nameForRegister):
3279- * bytecode/CodeBlock.h:
3280- (JSC::CodeBlock::isCaptured):
3281-
3282-2012-11-06 Michael Saboff <msaboff@apple.com>
3283-
3284- Lexer::scanRegExp, create 8 bit pattern and flag Identifiers from 16 bit source when possible
3285- https://bugs.webkit.org/show_bug.cgi?id=101013
3286-
3287- Reviewed by Darin Adler.
3288-
3289- Changed scanRegExp so that it will create 8 bit identifiers from 8 bit sources and from 16 bit sources
3290- whan all the characters are 8 bit. Using two templated helpers, the "is all 8 bit" check is only performed
3291- on 16 bit sources. The first helper is orCharacter() that will accumulate the or value of all characters
3292- only for 16 bit sources. Replaced the helper Lexer::makeIdentifierSameType() with Lexer::makeRightSizedIdentifier().
3293-
3294- * parser/Lexer.cpp:
3295- (JSC::orCharacter<LChar>): Explicit template that serves as a placeholder.
3296- (JSC::orCharacter<UChar>): Explicit template that actually or accumulates characters.
3297- (JSC::Lexer::scanRegExp):
3298- * parser/Lexer.h:
3299- (Lexer):
3300- (JSC::Lexer::makeRightSizedIdentifier<LChar>): New template that always creates an 8 bit Identifier.
3301- (JSC::Lexer::makeRightSizedIdentifier<UChar>): New template that creates an 8 bit Identifier for 8 bit
3302- data in a 16 bit source.
3303-
3304-2012-11-06 Filip Pizlo <fpizlo@apple.com>
3305-
3306- Indentation of JSCell.h is wrong
3307- https://bugs.webkit.org/show_bug.cgi?id=101379
3308-
3309- Rubber stamped by Alexey Proskuryakov.
3310-
3311- Just removed four spaces on a bunch of lines.
3312-
3313- * runtime/JSCell.h:
3314-
3315-2012-11-05 Filip Pizlo <fpizlo@apple.com>
3316-
3317- Indentation of JSObject.h is wrong
3318- https://bugs.webkit.org/show_bug.cgi?id=101313
3319-
3320- Rubber stamped by Alexey Proskuryakov.
3321-
3322- Just unindented code, since namespace bodies shouldn't be indented.
3323-
3324- * runtime/JSObject.h:
3325-
3326-2012-11-05 Filip Pizlo <fpizlo@apple.com>
3327-
3328- Indentation of JSArray.h is wrong
3329- https://bugs.webkit.org/show_bug.cgi?id=101314
3330-
3331- Rubber stamped by Alexey Proskuryakov.
3332-
3333- Just removing the indentation inside the namespace body.
3334-
3335- * runtime/JSArray.h:
3336-
3337-2012-11-05 Filip Pizlo <fpizlo@apple.com>
3338-
3339- DFG should not fall down to patchable GetById just because a prototype had things added to it
3340- https://bugs.webkit.org/show_bug.cgi?id=101299
3341-
3342- Reviewed by Geoffrey Garen.
3343-
3344- This looks like a slight win on V8v7 and SunSpider.
3345-
3346- * bytecode/DFGExitProfile.h:
3347- (JSC::DFG::exitKindToString):
3348- * dfg/DFGSpeculativeJIT64.cpp:
3349- (JSC::DFG::SpeculativeJIT::compile):
3350-
3351-2012-11-05 Filip Pizlo <fpizlo@apple.com>
3352-
3353- Get rid of method_check
3354- https://bugs.webkit.org/show_bug.cgi?id=101147
3355-
3356- Reviewed by Geoffrey Garen.
3357-
3358- op_method_check no longer buys us anything, since get_by_id proto caching
3359- gives just as much profiling information and the DFG inlines monomorphic
3360- proto accesses anyway.
3361-
3362- This also has the potential for a speed-up since it makes parsing of
3363- profiling data easier. No longer do we have to deal with the confusion of
3364- the get_by_id portion of a method_check appearing monomorphic even though
3365- we're really dealing with a bimorphic access (method_check specializes for
3366- one case and get_by_id for another).
3367-
3368- This looks like a 1% speed-up on both SunSpider and V8v7.
3369-
3370- * CMakeLists.txt:
3371- * GNUmakefile.list.am:
3372- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3373- * JavaScriptCore.xcodeproj/project.pbxproj:
3374- * Target.pri:
3375- * bytecode/CodeBlock.cpp:
3376- (JSC::CodeBlock::printGetByIdCacheStatus):
3377- (JSC::CodeBlock::dump):
3378- (JSC::CodeBlock::finalizeUnconditionally):
3379- (JSC::CodeBlock::shrinkToFit):
3380- (JSC::CodeBlock::unlinkCalls):
3381- * bytecode/CodeBlock.h:
3382- (JSC::CodeBlock::getCallLinkInfo):
3383- (JSC::CodeBlock::callLinkInfo):
3384- (CodeBlock):
3385- * bytecode/GetByIdStatus.cpp:
3386- (JSC::GetByIdStatus::computeFromLLInt):
3387- * bytecode/MethodCallLinkInfo.cpp: Removed.
3388- * bytecode/MethodCallLinkInfo.h: Removed.
3389- * bytecode/MethodCallLinkStatus.cpp: Removed.
3390- * bytecode/MethodCallLinkStatus.h: Removed.
3391- * bytecode/Opcode.h:
3392- (JSC):
3393- (JSC::padOpcodeName):
3394- * bytecompiler/BytecodeGenerator.cpp:
3395- (JSC):
3396- * bytecompiler/BytecodeGenerator.h:
3397- (BytecodeGenerator):
3398- * bytecompiler/NodesCodegen.cpp:
3399- (JSC::FunctionCallDotNode::emitBytecode):
3400- * dfg/DFGByteCodeParser.cpp:
3401- (JSC::DFG::ByteCodeParser::parseBlock):
3402- * dfg/DFGCapabilities.h:
3403- (JSC::DFG::canCompileOpcode):
3404- * jit/JIT.cpp:
3405- (JSC::JIT::privateCompileMainPass):
3406- (JSC::JIT::privateCompileSlowCases):
3407- (JSC::PropertyStubCompilationInfo::copyToStubInfo):
3408- (JSC::JIT::privateCompile):
3409- * jit/JIT.h:
3410- (JSC::PropertyStubCompilationInfo::slowCaseInfo):
3411- (PropertyStubCompilationInfo):
3412- (JSC):
3413- (JIT):
3414- * jit/JITPropertyAccess.cpp:
3415- (JSC):
3416- (JSC::JIT::emitSlow_op_get_by_id):
3417- (JSC::JIT::compileGetByIdSlowCase):
3418- * jit/JITPropertyAccess32_64.cpp:
3419- (JSC):
3420- (JSC::JIT::compileGetByIdSlowCase):
3421- * jit/JITStubs.cpp:
3422- (JSC):
3423- * jit/JITStubs.h:
3424- * llint/LowLevelInterpreter.asm:
3425-
3426-2012-11-05 Yuqiang Xian <yuqiang.xian@intel.com>
3427-
3428- Refactor LLInt64 to distinguish the pointer operations from the 64-bit integer operations
3429- https://bugs.webkit.org/show_bug.cgi?id=100321
3430-
3431- Reviewed by Filip Pizlo.
3432-
3433- We have refactored the MacroAssembler and JIT compilers to distinguish
3434- the pointer operations from the 64-bit integer operations (see bug #99154).
3435- Now we want to do the similar work for LLInt, and the goal is same as
3436- the one mentioned in 99154.
3437-
3438- This is the second part of the modification: in the low level interpreter,
3439- changing the operations on 64-bit integers to use the "<foo>q" instructions.
3440- This also removes some unused/meaningless "<foo>p" instructions.
3441-
3442- * llint/LowLevelInterpreter.asm:
3443- * llint/LowLevelInterpreter.cpp:
3444- (JSC::CLoop::execute):
3445- * llint/LowLevelInterpreter64.asm:
3446- * offlineasm/armv7.rb:
3447- * offlineasm/cloop.rb:
3448- * offlineasm/instructions.rb:
3449- * offlineasm/x86.rb:
3450-
3451-2012-11-05 Filip Pizlo <fpizlo@apple.com>
3452-
3453- Prototype chain caching should check that the path from the base object to the slot base involves prototype hops only
3454- https://bugs.webkit.org/show_bug.cgi?id=101276
3455-
3456- Reviewed by Gavin Barraclough.
3457-
3458- Changed normalizePrototypeChain() to report an invalid prototype chain if any object is a proxy.
3459- This catches cases where our prototype chain checks would have been insufficient to guard against
3460- newly introduced properties, despecialized properties, or deleted properties in the chain of
3461- objects involved in the access.
3462-
3463- * dfg/DFGRepatch.cpp:
3464- (JSC::DFG::tryCacheGetByID):
3465- (JSC::DFG::tryBuildGetByIDProtoList):
3466- (JSC::DFG::tryCachePutByID):
3467- (JSC::DFG::tryBuildPutByIdList):
3468- * jit/JITStubs.cpp:
3469- (JSC::JITThunks::tryCachePutByID):
3470- (JSC::JITThunks::tryCacheGetByID):
3471- (JSC::DEFINE_STUB_FUNCTION):
3472- * llint/LLIntSlowPaths.cpp:
3473- (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3474- * runtime/Operations.h:
3475- (JSC):
3476- (JSC::normalizePrototypeChain):
3477-
3478-2012-11-05 Dima Gorbik <dgorbik@apple.com>
3479-
3480- Back out controversial changes from Bug 98665.
3481- https://bugs.webkit.org/show_bug.cgi?id=101244
3482-
3483- Reviewed by David Kilzer.
3484-
3485- Backing out changes from Bug 98665 until further discussions take place on rules for including Platform.h in Assertions.h.
3486-
3487- * API/tests/minidom.c:
3488- * API/tests/testapi.c:
3489-
3490-2012-11-04 Filip Pizlo <fpizlo@apple.com>
3491-
3492- Reduce the verbosity of referring to QNaN in JavaScriptCore
3493- https://bugs.webkit.org/show_bug.cgi?id=101174
3494-
3495- Reviewed by Geoffrey Garen.
3496-
3497- Introduces a #define QNaN in JSValue.h, and replaces all previous uses of
3498- std::numeric_limits<double>::quiet_NaN() with QNaN.
3499-
3500- * API/JSValueRef.cpp:
3501- (JSValueMakeNumber):
3502- (JSValueToNumber):
3503- * dfg/DFGSpeculativeJIT.cpp:
3504- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
3505- * jit/JITPropertyAccess.cpp:
3506- (JSC::JIT::emitFloatTypedArrayGetByVal):
3507- * runtime/CachedTranscendentalFunction.h:
3508- (JSC::CachedTranscendentalFunction::initialize):
3509- * runtime/DateConstructor.cpp:
3510- (JSC::constructDate):
3511- * runtime/DateInstanceCache.h:
3512- (JSC::DateInstanceData::DateInstanceData):
3513- (JSC::DateInstanceCache::reset):
3514- * runtime/ExceptionHelpers.cpp:
3515- (JSC::InterruptedExecutionError::defaultValue):
3516- (JSC::TerminatedExecutionError::defaultValue):
3517- * runtime/JSCell.h:
3518- (JSC::JSValue::getPrimitiveNumber):
3519- * runtime/JSDateMath.cpp:
3520- (JSC::parseDateFromNullTerminatedCharacters):
3521- * runtime/JSGlobalData.cpp:
3522- (JSC::JSGlobalData::JSGlobalData):
3523- (JSC::JSGlobalData::resetDateCache):
3524- * runtime/JSGlobalObjectFunctions.cpp:
3525- (JSC::parseInt):
3526- (JSC::jsStrDecimalLiteral):
3527- (JSC::toDouble):
3528- (JSC::jsToNumber):
3529- (JSC::parseFloat):
3530- * runtime/JSValue.cpp:
3531- (JSC::JSValue::toNumberSlowCase):
3532- * runtime/JSValue.h:
3533- (JSC):
3534- * runtime/JSValueInlineMethods.h:
3535- (JSC::jsNaN):
3536- * runtime/MathObject.cpp:
3537- (JSC::mathProtoFuncMax):
3538- (JSC::mathProtoFuncMin):
3539-
3540-2012-11-03 Filip Pizlo <fpizlo@apple.com>
3541-
3542- Baseline JIT should use structure watchpoints whenever possible
3543- https://bugs.webkit.org/show_bug.cgi?id=101146
3544-
3545- Reviewed by Sam Weinig.
3546-
3547- No speed-up yet except on toy programs. I think that it will start to show
3548- speed-ups with https://bugs.webkit.org/show_bug.cgi?id=101147, which this is
3549- a step towards.
3550-
3551- * jit/JIT.h:
3552- (JIT):
3553- * jit/JITPropertyAccess.cpp:
3554- (JSC::JIT::privateCompilePutByIdTransition):
3555- (JSC::JIT::privateCompileGetByIdProto):
3556- (JSC::JIT::privateCompileGetByIdProtoList):
3557- (JSC::JIT::privateCompileGetByIdChainList):
3558- (JSC::JIT::privateCompileGetByIdChain):
3559- (JSC::JIT::addStructureTransitionCheck):
3560- (JSC):
3561- (JSC::JIT::testPrototype):
3562- * jit/JITPropertyAccess32_64.cpp:
3563- (JSC::JIT::privateCompilePutByIdTransition):
3564- (JSC::JIT::privateCompileGetByIdProto):
3565- (JSC::JIT::privateCompileGetByIdProtoList):
3566- (JSC::JIT::privateCompileGetByIdChainList):
3567- (JSC::JIT::privateCompileGetByIdChain):
3568-
3569-2012-11-04 Csaba Osztrogonác <ossy@webkit.org>
3570-
3571- [Qt] udis86_itab.c is always regenerated
3572- https://bugs.webkit.org/show_bug.cgi?id=100756
3573-
3574- Reviewed by Simon Hausmann.
3575-
3576- * DerivedSources.pri: Generate sources to the generated directory.
3577- * disassembler/udis86/differences.txt:
3578- * disassembler/udis86/itab.py: Add --outputDir option.
3579- (UdItabGenerator.__init__):
3580- (genItabH):
3581- (genItabC):
3582- (main):
3583-
3584-2012-11-02 Filip Pizlo <fpizlo@apple.com>
3585-
3586- LLInt 32-bit put_by_val ArrayStorage case should use the right register (t3, not t2) for the index in the publicLength updating path
3587- https://bugs.webkit.org/show_bug.cgi?id=101118
3588-
3589- Reviewed by Gavin Barraclough.
3590-
3591- * llint/LowLevelInterpreter32_64.asm:
3592-
3593-2012-11-02 Filip Pizlo <fpizlo@apple.com>
3594-
3595- DFG::Node::converToStructureTransitionWatchpoint should take kindly to ArrayifyToStructure
3596- https://bugs.webkit.org/show_bug.cgi?id=101117
3597-
3598- Reviewed by Gavin Barraclough.
3599-
3600- We have logic to convert ArrayifyToStructure to StructureTransitionWatchpoint, which is awesome, except
3601- that previously convertToStructureTransitionWatchpoint was (a) asserting that it never saw an
3602- ArrayifyToStructure and (b) would incorrectly create a ForwardStructureTransitionWatchpoint if it did.
3603-
3604- * dfg/DFGNode.h:
3605- (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
3606-
3607-2012-11-02 Filip Pizlo <fpizlo@apple.com>
3608-
3609- DFG::SpeculativeJIT::typedArrayDescriptor should use the Float64Array descriptor for Float64Arrays
3610- https://bugs.webkit.org/show_bug.cgi?id=101114
3611-
3612- Reviewed by Gavin Barraclough.
3613-
3614- As in https://bugs.webkit.org/show_bug.cgi?id=101112, this was only wrong when Float64Array descriptors
3615- hadn't been initialized yet. That happens rarely, but when it does happen, we would crash.
3616-
3617- This would also become much more wrong if we ever put type size info (num bytes, etc) in the descriptor
3618- and used that directly. So it's good to fix it.
3619-
3620- * dfg/DFGSpeculativeJIT.cpp:
3621- (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
3622-
3623-2012-11-02 Filip Pizlo <fpizlo@apple.com>
3624-
3625- JIT::privateCompileGetByVal should use the uint8ClampedArrayDescriptor for compiling accesses to Uint8ClampedArrays
3626- https://bugs.webkit.org/show_bug.cgi?id=101112
3627-
3628- Reviewed by Gavin Barraclough.
3629-
3630- The only reason why the code was wrong to use uint8ArrayDescriptor instead is that if we're just using
3631- Uint8ClampedArrays then the descriptor for Uint8Array may not have been initialized.
3632-
3633- * jit/JITPropertyAccess.cpp:
3634- (JSC::JIT::privateCompileGetByVal):
3635-
3636-2012-11-02 Mark Hahnenberg <mhahnenberg@apple.com>
3637-
3638- MarkedBlocks should use something other than the mark bits to indicate liveness for newly allocated objects
3639- https://bugs.webkit.org/show_bug.cgi?id=100877
3640-
3641- Reviewed by Filip Pizlo.
3642-
3643- Currently when we canonicalize cell liveness data in MarkedBlocks, we set the mark bit for every cell in the
3644- block except for those in the free list. This allows us to consider objects that were allocated since the
3645- previous collection to be considered live until they have a chance to be properly marked by the collector.
3646-
3647- If we want to use the mark bits to signify other types of information, e.g. using sticky mark bits for generational
3648- collection, we will have to keep track of newly allocated objects in a different fashion when we canonicalize cell liveness.
3649-
3650- One method would be to allocate a separate set of bits while canonicalizing liveness data. These bits would
3651- track the newly allocated objects in the block separately from those objects who had already been marked. We would
3652- then check these bits, along with the mark bits, when determining liveness.
3653-
3654- * heap/Heap.h:
3655- (Heap):
3656- (JSC::Heap::isLive): We now check for the presence of the newlyAllocated Bitmap.
3657- (JSC):
3658- * heap/MarkedBlock.cpp:
3659- (JSC::MarkedBlock::specializedSweep): We clear the newlyAllocated Bitmap if we're creating a free list. This
3660- will happen if we canonicalize liveness data for some other reason than collection (e.g. forEachCell) and
3661- then start allocating again.
3662- (JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor):
3663- (SetNewlyAllocatedFunctor):
3664- (JSC::SetNewlyAllocatedFunctor::operator()): We set the newlyAllocated bits for all the objects
3665- that aren't already marked. We undo the bits for the objects in the free list later in canonicalizeCellLivenessData.
3666- (JSC::MarkedBlock::canonicalizeCellLivenessData): We should never have a FreeListed block with a newlyAllocated Bitmap.
3667- We allocate the new Bitmap, set the bits for all the objects that aren't already marked, and then unset all of the
3668- bits for the items currently in the FreeList.
3669- * heap/MarkedBlock.h:
3670- (JSC::MarkedBlock::clearMarks): We clear the newlyAllocated bitmap if it exists because at this point we don't need it
3671- any more.
3672- (JSC::MarkedBlock::isEmpty): If we have some objects that are newlyAllocated, we are not empty.
3673- (JSC::MarkedBlock::isNewlyAllocated):
3674- (JSC):
3675- (JSC::MarkedBlock::setNewlyAllocated):
3676- (JSC::MarkedBlock::clearNewlyAllocated):
3677- (JSC::MarkedBlock::isLive): We now check the newlyAllocated Bitmap, if it exists, when determining liveness of a cell in
3678- a block that is Marked.
3679- * heap/WeakBlock.cpp:
3680- (JSC::WeakBlock::visit): We need to make sure we don't finalize objects that are in the newlyAllocated Bitmap.
3681- (JSC::WeakBlock::reap): Ditto.
3682-
3683-2012-11-02 Filip Pizlo <fpizlo@apple.com>
3684-
3685- JIT::privateCompileGetByVal should use MacroAssemblerCodePtr::createFromExecutableAddress like JIT::privateCompilePutByVal
3686- https://bugs.webkit.org/show_bug.cgi?id=101109
3687-
3688- Reviewed by Gavin Barraclough.
3689-
3690- This fixes crashes on ARMv7 resulting from the return address already being tagged with the THUMB2 bit.
3691-
3692- * jit/JITPropertyAccess.cpp:
3693- (JSC::JIT::privateCompileGetByVal):
3694-
3695-2012-11-02 Simon Fraser <simon.fraser@apple.com>
3696-
3697- Enable SUBPIXEL_LAYOUT on Mac
3698- https://bugs.webkit.org/show_bug.cgi?id=101076
3699-
3700- Reviewed by Dave Hyatt.
3701-
3702- Define ENABLE_SUBPIXEL_LAYOUT and include it in FEATURE_DEFINES.
3703-
3704- * Configurations/FeatureDefines.xcconfig:
3705-
3706-2012-11-02 Michael Saboff <msaboff@apple.com>
3707-
3708- RegExp.prototype.toString Should Produce an 8 bit JSString if possible.
3709- https://bugs.webkit.org/show_bug.cgi?id=101003
3710-
3711- Reviewed by Geoffrey Garen.
3712-
3713- Took the logic of regExpObjectSource() and created two templated helpers that uses the
3714- source character type when appending to the StringBuilder.
3715-
3716- * runtime/RegExpObject.cpp:
3717- (JSC::appendLineTerminatorEscape): Checks line terminate type to come up with escaped version.
3718- (JSC::regExpObjectSourceInternal): Templated version of original.
3719- (JSC::regExpObjectSource): Wrapper function.
3720-
3721-2012-11-02 Adam Barth <abarth@webkit.org>
3722-
3723- ENABLE(UNDO_MANAGER) is disabled everywhere and is not under active development
3724- https://bugs.webkit.org/show_bug.cgi?id=100711
3725-
3726- Reviewed by Eric Seidel.
3727-
3728- * Configurations/FeatureDefines.xcconfig:
3729-
3730-2012-11-02 Simon Hausmann <simon.hausmann@digia.com>
3731-
3732- [Qt] Fix build on Windows when Qt is configured with -release
3733- https://bugs.webkit.org/show_bug.cgi?id=101041
3734-
3735- Reviewed by Jocelyn Turcotte.
3736-
3737- When Qt is configured with -debug or -release, the release/debug build of for example
3738- QtCore is not available by default. For LLIntExtractor we always need to build debug
3739- _and_ release versions, but we do not actually need any Qt libraries nor qtmain(d).lib.
3740- Therefore we can disable all these features but need to keep $$QT.core.includes in the
3741- INCLUDEPATH for some defines from qglobal.h.
3742-
3743- * LLIntOffsetsExtractor.pro:
3744-
3745-2012-11-01 Mark Lam <mark.lam@apple.com>
3746-
3747- A llint workaround for a toolchain issue.
3748- https://bugs.webkit.org/show_bug.cgi?id=101012.
3749-
3750- Reviewed by Michael Saboff.
3751-
3752- * llint/LowLevelInterpreter.asm:
3753- - use a local label to workaround the toolchain issue with undeclared
3754- global labels.
3755-
3756-2012-11-01 Oliver Hunt <oliver@apple.com>
3757-
3758- Remove GlobalObject constant register that is typically unused
3759- https://bugs.webkit.org/show_bug.cgi?id=101005
3760-
3761- Reviewed by Geoffrey Garen.
3762-
3763- The GlobalObject constant register is frequently allocated even when it
3764- is not used, it is also getting in the way of some other optimisations.
3765-
3766- * bytecode/CodeBlock.cpp:
3767- (JSC::CodeBlock::CodeBlock):
3768- * bytecode/CodeBlock.h:
3769- (CodeBlock):
3770- * bytecompiler/BytecodeGenerator.cpp:
3771- (JSC::BytecodeGenerator::BytecodeGenerator):
3772- * dfg/DFGByteCodeParser.cpp:
3773- (JSC::DFG::ByteCodeParser::parseResolveOperations):
3774-
3775-2012-10-31 Filip Pizlo <fpizlo@apple.com>
3776-
3777- DFG optimized string access code should be enabled
3778- https://bugs.webkit.org/show_bug.cgi?id=100825
3779-
3780- Reviewed by Oliver Hunt.
3781-
3782- - Removes prediction checks from the parser.
3783-
3784- - Fixes the handling of array mode refinement for strings. I.e. we don't do
3785- any refinement - we already know it's going to be a string. We could
3786- revisit this in the future, but for now the DFG lacks the ability to
3787- handle any array modes other than Array::String for string intrinsics, so
3788- this is as good as it gets.
3789-
3790- - Removes uses of isBlahSpeculation for checking if a mode is already
3791- checked. isBlahSpeculation implicitly checks if the SpeculatedType is not
3792- BOTTOM ("empty"), which breaks for checking if a mode is already checked
3793- since a mode may already be "checked" in the sense that we've proven that
3794- the code is unreachable.
3795-
3796- ~1% speed-up on V8v7, mostly from a speed-up on crypto, which uses string
3797- intrinsics in one of the hot functions.
3798-
3799- * bytecode/SpeculatedType.h:
3800- (JSC::speculationChecked):
3801- (JSC):
3802- * dfg/DFGArrayMode.cpp:
3803- (JSC::DFG::ArrayMode::alreadyChecked):
3804- * dfg/DFGByteCodeParser.cpp:
3805- (JSC::DFG::ByteCodeParser::handleIntrinsic):
3806- * dfg/DFGFixupPhase.cpp:
3807- (JSC::DFG::FixupPhase::fixupNode):
3808- * dfg/DFGSpeculativeJIT.cpp:
3809- (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
3810-
3811-2012-10-31 Filip Pizlo <fpizlo@apple.com>
3812-
3813- Sparse array size threshold should be increased to 100000
3814- https://bugs.webkit.org/show_bug.cgi?id=100827
3815-
3816- Reviewed by Oliver Hunt.
3817-
3818- This enables the use of contiguous arrays in programs that previously
3819- couldn't use them. And I so far can't see any examples of this being
3820- a downside. To the extent that there is a downside, it ought to be
3821- addressed by GC: https://bugs.webkit.org/show_bug.cgi?id=100828
3822-
3823- * runtime/ArrayConventions.h:
3824- (JSC):
3825-
3826-2012-10-31 Mark Lam <mark.lam@apple.com>
3827-
3828- C++ llint 64-bit backend needs to zero extend results of int32 operations.
3829- https://bugs.webkit.org/show_bug.cgi?id=100899.
3830-
3831- Reviewed by Filip Pizlo.
3832-
3833- llint asm instructions ending in "i" for a 64-bit machine expects the
3834- high 32-bit of registers to be zero'ed out when a 32-bit instruction
3835- writes into a register. Fixed the C++ llint to honor this.
3836-
3837- Fixed the index register used in BaseIndex addressing to be of size
3838- intptr_t as expected.
3839-
3840- Updated CLoopRegister to handle different endiannesss configurations.
3841-
3842- * llint/LowLevelInterpreter.cpp:
3843- (JSC::CLoopRegister::clearHighWord):
3844- - new method to clear the high 32-bit of a 64-bit register.
3845- It's a no-op for the 32-bit build.
3846- (CLoopRegister):
3847- - CLoopRegister now takes care of packing and byte endianness order.
3848- (JSC::CLoop::execute): - Added an assert.
3849- * offlineasm/cloop.rb:
3850- - Add calls to clearHighWord() wherever needed.
3851-
3852-2012-10-31 Mark Lam <mark.lam@apple.com>
3853-
3854- A JSC printf (support for %J+s and %b).
3855- https://bugs.webkit.org/show_bug.cgi?id=100566.
3856-
3857- Reviewed by Michael Saboff.
3858-
3859- Added VMInspector::printf(), fprintf(), sprintf(), and snprintf().
3860- - %b prints ints as boolean TRUE (non-zero) or FALSE (zero).
3861- - %Js prints a WTF::String* like a %s prints a char*.
3862- Also works for 16bit WTF::Strings (prints wchar_t* using %S).
3863- - '+' is a modifier meaning 'use verbose mode', and %J+s is an example
3864- of its use.
3865-
3866- * JavaScriptCore.xcodeproj/project.pbxproj:
3867- * interpreter/VMInspector.cpp:
3868- (FormatPrinter):
3869- (JSC::FormatPrinter::~FormatPrinter):
3870- (JSC::FormatPrinter::print):
3871- (JSC::FormatPrinter::printArg):
3872- (JSC::FormatPrinter::printWTFString):
3873- (JSC::FileFormatPrinter::FileFormatPrinter):
3874- (JSC::FileFormatPrinter::printArg):
3875- (JSC::StringFormatPrinter::StringFormatPrinter):
3876- (JSC::StringFormatPrinter::printArg):
3877- (JSC::StringNFormatPrinter::StringNFormatPrinter):
3878- (JSC::StringNFormatPrinter::printArg):
3879- (JSC::VMInspector::fprintf):
3880- (JSC::VMInspector::printf):
3881- (JSC::VMInspector::sprintf):
3882- (JSC::VMInspector::snprintf):
3883- * interpreter/VMInspector.h:
3884- (VMInspector):
3885-
3886-2012-10-31 Mark Lam <mark.lam@apple.com>
3887-
3888- 64-bit llint PC offset can be negative: using an unsigned shift is a bug.
3889- https://bugs.webkit.org/show_bug.cgi?id=100896.
3890-
3891- Reviewed by Filip Pizlo.
3892-
3893- Fixed the PC offset divisions in the 64-bit llint asm to use rshift instead of urshift.
3894-
3895- * llint/LowLevelInterpreter64.asm:
3896-
3897-2012-10-30 Yuqiang Xian <yuqiang.xian@intel.com>
3898-
3899- glsl-function-atan.html WebGL conformance test fails after https://bugs.webkit.org/show_bug.cgi?id=99154
3900- https://bugs.webkit.org/show_bug.cgi?id=100789
3901-
3902- Reviewed by Filip Pizlo.
3903-
3904- We accidently missed a bitwise double to int64 conversion.
3905-
3906- * dfg/DFGSpeculativeJIT.h:
3907- (JSC::DFG::SpeculativeJIT::silentFill):
3908-
3909-2012-10-30 Joseph Pecoraro <pecoraro@apple.com>
3910-
3911- [Mac] Sync up FeatureDefine Configuration Files
3912- https://bugs.webkit.org/show_bug.cgi?id=100171
3913-
3914- Reviewed by David Kilzer.
3915-
3916- Follow up to better coordinate with iOS feature defines. Make:
3917-
3918- - ENABLE_FILTERS always on
3919- - ENABLE_INPUT_* iphonesimulator values point to the iphoneos values
3920-
3921- * Configurations/FeatureDefines.xcconfig:
3922-
3923-2012-10-30 Joseph Pecoraro <pecoraro@apple.com>
3924-
3925- [Mac] Sync up FeatureDefine Configuration Files
3926- https://bugs.webkit.org/show_bug.cgi?id=100171
3927-
3928- Reviewed by David Kilzer.
3929-
3930- Ensure an identical FeatureDefine files across all projects. Changes:
3931-
3932- - ENABLE_CSS_BOX_DECORATION_BREAK should be in all
3933- - ENABLE_PDFKIT_PLUGIN should be in all
3934- - ENABLE_RESOLUTION_MEDIA_QUERY should be in all
3935- - ENABLE_ENCRYPTED_MEDIA should be in all
3936- - ENABLE_HIDDEN_PAGE_DOM_TIMER_THROTTLING with corrected value
3937- - Some alphabetical ordering cleanup
3938-
3939- * Configurations/FeatureDefines.xcconfig:
3940-
3941-2012-10-30 Mark Hahnenberg <mhahnenberg@apple.com>
3942-
3943- Arrays can change IndexingType in the middle of sorting
3944- https://bugs.webkit.org/show_bug.cgi?id=100773
3945-
3946- Reviewed by Filip Pizlo.
3947-
3948- Instead of giving up, we just fetch the appropriate vector based on the current
3949- IndexingType of the array.
3950-
3951- * runtime/JSArray.cpp:
3952- (JSC::JSArray::sortVector):
3953- * runtime/JSObject.h:
3954- (JSObject):
3955- (JSC::JSObject::currentIndexingData):
3956- (JSC::JSObject::currentRelevantLength):
3957-
3958-2012-10-29 Anders Carlsson <andersca@apple.com>
3959-
3960- Build WebKit as C++11 on Mac
3961- https://bugs.webkit.org/show_bug.cgi?id=100720
3962-
3963- Reviewed by Daniel Bates.
3964-
3965- * Configurations/Base.xcconfig:
3966- Add CLANG_CXX_LANGUAGE_STANDARD=gnu++0x.
3967-
3968- * bytecompiler/BytecodeGenerator.cpp:
3969- (JSC::BytecodeGenerator::generate):
3970- (JSC::BytecodeGenerator::pushFinallyContext):
3971- (JSC::BytecodeGenerator::beginSwitch):
3972- * llint/LLIntOffsetsExtractor.cpp:
3973- * runtime/Identifier.cpp:
3974- (JSC::Identifier::add8):
3975- * runtime/Identifier.h:
3976- (JSC::Identifier::add):
3977- * runtime/JSONObject.cpp:
3978- (JSC::appendStringToStringBuilder):
3979- * runtime/StringPrototype.cpp:
3980- (JSC::replaceUsingStringSearch):
3981- Add static_casts to prevent implicit type conversions in non-constant initializer lists.
3982-
3983-2012-10-28 Mark Rowe <mrowe@apple.com>
3984-
3985- Simplify Xcode configuration settings that used to vary between OS versions.
3986-
3987- Reviewed by Dan Bernstein.
3988-
3989- * Configurations/Base.xcconfig:
3990- * Configurations/DebugRelease.xcconfig:
3991- * Configurations/JavaScriptCore.xcconfig:
3992-
3993-2012-10-28 Mark Rowe <mrowe@apple.com>
3994-
3995- Remove references to unsupported OS and Xcode versions.
3996-
3997- Reviewed by Anders Carlsson.
3998-
3999- * Configurations/Base.xcconfig:
4000- * Configurations/CompilerVersion.xcconfig: Removed.
4001- * Configurations/DebugRelease.xcconfig:
4002- * Configurations/Version.xcconfig:
4003- * JavaScriptCore.xcodeproj/project.pbxproj:
4004-
4005-2012-10-29 Michael Saboff <msaboff@apple.com>
4006-
4007- Non-special escape character sequences cause JSC::Lexer::parseString to create 16 bit strings
4008- https://bugs.webkit.org/show_bug.cgi?id=100576
4009-
4010- Reviewed by Darin Adler.
4011-
4012- Changed singleEscape() processing to be based on a lookup of a static table. The table
4013- covers ASCII characters SPACE through DEL. If a character can be a single character escape,
4014- then the table provides the non-zero result of that escape. Updated the result of
4015- singleEscape to be an LChar to make the table as small as possible.
4016- Added a new test fast/js/normal-character-escapes-in-string-literals.html to validated
4017- the behavior.
4018-
4019- * parser/Lexer.cpp:
4020- (JSC::singleEscape):
4021- (JSC::Lexer::parseString):
4022- (JSC::Lexer::parseStringSlowCase):
4023-
4024-2012-10-29 Enrica Casucci <enrica@apple.com>
4025-
4026- Add ENABLE_USERSELECT_ALL feature flag.
4027- https://bugs.webkit.org/show_bug.cgi?id=100559
4028-
4029- Reviewed by Eric Seidel.
4030-
4031- * Configurations/FeatureDefines.xcconfig:
4032-
4033-2012-10-28 Filip Pizlo <fpizlo@apple.com>
4034-
4035- DFG should be able to emit effectful structure checks
4036- https://bugs.webkit.org/show_bug.cgi?id=99260
4037-
4038- Reviewed by Oliver Hunt.
4039-
4040- This change allows us to find out if an array access that has gone polymorphic
4041- is operating over known structures - i.e. the primordial array structures of the
4042- global object that the code block containing the array access belongs to. We
4043- term this state "OriginalArray" for short. The fact that the access has gone
4044- polymorphic means that the array profile will not be able to report the set of
4045- structures it had seen - but if it can tell us that all of the structures were
4046- primordial then it just so happens that we can deduce what the structure set
4047- would have been by just querying the code block's global object. This allows us
4048- to emit an ArrayifyToStructure instead of an Arrayify if we find that we need to
4049- do conversions. The fast path of an ArrayifyToStructure is exactly like the fast
4050- path of a CheckStructure and is mostly subject to the same optimizations. It
4051- also burns one fewer registers.
4052-
4053- Essentially the notion of OriginalArray is a super cheap way of getting the
4054- array profile to tell us a structure set instead of a singleton structure.
4055- Currently, the array profile can only tell us the structure seen at an array
4056- access if there was exactly one structure. If there were multiple structures, it
4057- won't tell us anything other than the array modes and other auxiliary profiling
4058- data (whether there were stores to holes, for example). With OriginalArray, we
4059- cheaply get a structure set if all of the structures were primordial for the
4060- code block's global object, since in that case the array mode set (ArrayModes)
4061- can directly tell us the structure set. In the future, we might consider adding
4062- complete structure sets to the array profiles, but I suspect that we would hit
4063- diminishing returns if we did so - it would only help if we have array accesses
4064- that are both polymorphic and are cross-global-object accesses (rare) or if the
4065- arrays had named properties or other structure transitions that are unrelated to
4066- indexing type (also rare).
4067-
4068- This also does away with Arrayify (and the new ArrayifyToStructure) returning
4069- the butterfly pointer. This turns out to be faster and easier to CSE.
4070-
4071- And, this also changes constant folding to be able to eliminate CheckStructure,
4072- ForwardCheckStructure, and ArrayifyToStructure in addition to being able to
4073- transform them into structure transition watchpoints. This is great for
4074- ArrayifyToStructure because then CSE and CFA know that there is no side effect.
4075- Converting CheckStructure and ForwardCheckStructure to also behave this way is
4076- just a matter of elegance.
4077-
4078- This has no performance impact right now. It's intended to alleviate some of the
4079- regressions seen in the early implementation of
4080- https://bugs.webkit.org/show_bug.cgi?id=98606.
4081-
4082- * bytecode/ArrayProfile.cpp:
4083- (JSC::ArrayProfile::computeUpdatedPrediction):
4084- * bytecode/ArrayProfile.h:
4085- (JSC):
4086- (JSC::ArrayProfile::ArrayProfile):
4087- (ArrayProfile):
4088- (JSC::ArrayProfile::usesOriginalArrayStructures):
4089- * bytecode/CodeBlock.cpp:
4090- (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
4091- * dfg/DFGAbstractState.cpp:
4092- (JSC::DFG::AbstractState::execute):
4093- * dfg/DFGArrayMode.cpp:
4094- (JSC::DFG::ArrayMode::fromObserved):
4095- (JSC::DFG::ArrayMode::alreadyChecked):
4096- (JSC::DFG::arrayClassToString):
4097- * dfg/DFGArrayMode.h:
4098- (JSC::DFG::ArrayMode::withProfile):
4099- (JSC::DFG::ArrayMode::isJSArray):
4100- (ArrayMode):
4101- (JSC::DFG::ArrayMode::isJSArrayWithOriginalStructure):
4102- (JSC::DFG::ArrayMode::supportsLength):
4103- (JSC::DFG::ArrayMode::arrayModesWithIndexingShape):
4104- * dfg/DFGByteCodeParser.cpp:
4105- (JSC::DFG::ByteCodeParser::getArrayMode):
4106- (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
4107- (JSC::DFG::ByteCodeParser::handleGetByOffset):
4108- * dfg/DFGCSEPhase.cpp:
4109- (JSC::DFG::CSEPhase::checkStructureElimination):
4110- (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
4111- (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
4112- (JSC::DFG::CSEPhase::checkArrayElimination):
4113- (JSC::DFG::CSEPhase::getScopeRegistersLoadElimination):
4114- * dfg/DFGConstantFoldingPhase.cpp:
4115- (JSC::DFG::ConstantFoldingPhase::foldConstants):
4116- * dfg/DFGFixupPhase.cpp:
4117- (JSC::DFG::FixupPhase::fixupNode):
4118- (JSC::DFG::FixupPhase::checkArray):
4119- * dfg/DFGNode.h:
4120- (JSC::DFG::Node::hasStructure):
4121- (JSC::DFG::Node::hasArrayMode):
4122- (JSC::DFG::Node::arrayMode):
4123- * dfg/DFGNodeType.h:
4124- (DFG):
4125- * dfg/DFGPredictionPropagationPhase.cpp:
4126- (JSC::DFG::PredictionPropagationPhase::propagate):
4127- * dfg/DFGSpeculativeJIT.cpp:
4128- (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
4129- (JSC::DFG::SpeculativeJIT::arrayify):
4130- * dfg/DFGSpeculativeJIT.h:
4131- (SpeculativeJIT):
4132- * dfg/DFGSpeculativeJIT32_64.cpp:
4133- (JSC::DFG::SpeculativeJIT::compile):
4134- * dfg/DFGSpeculativeJIT64.cpp:
4135- (JSC::DFG::SpeculativeJIT::compile):
4136- * runtime/JSGlobalObject.h:
4137- (JSC::JSGlobalObject::isOriginalArrayStructure):
4138- * runtime/Structure.cpp:
4139- (JSC::Structure::nonPropertyTransition):
4140-
4141-2012-10-28 Filip Pizlo <fpizlo@apple.com>
4142-
4143- There should not be blind spots in array length array profiling
4144- https://bugs.webkit.org/show_bug.cgi?id=100620
4145-
4146- Reviewed by Oliver Hunt.
4147-
4148- I don't think this has any performance impact. But it's good to not have random
4149- programs occasionally emit a GetById for array length accesses.
4150-
4151- * jit/JITPropertyAccess.cpp:
4152- (JSC::JIT::compileGetByIdHotPath):
4153- (JSC::JIT::privateCompilePatchGetArrayLength):
4154- * jit/JITPropertyAccess32_64.cpp:
4155- (JSC::JIT::compileGetByIdHotPath):
4156- (JSC::JIT::privateCompilePatchGetArrayLength):
4157-
4158-2012-10-28 Filip Pizlo <fpizlo@apple.com>
4159-
4160- Unreviewed, make always-true enum-to-int comparisons use casts.
4161-
4162- * dfg/DFGFPRInfo.h:
4163- (JSC::DFG::FPRInfo::debugName):
4164- * dfg/DFGGPRInfo.h:
4165- (JSC::DFG::JSValueSource::tagGPR):
4166- (JSC::DFG::GPRInfo::toIndex):
4167- (JSC::DFG::GPRInfo::debugName):
4168- * runtime/JSTypeInfo.h:
4169- (JSC::TypeInfo::TypeInfo):
4170-
4171-2012-10-27 Filip Pizlo <fpizlo@apple.com>
4172-
4173- OSR exit compilation should defend against argument recoveries from code blocks that are no longer on the inline stack
4174- https://bugs.webkit.org/show_bug.cgi?id=100601
4175-
4176- Reviewed by Oliver Hunt.
4177-
4178- This happened to me while I was fixing bugs for https://bugs.webkit.org/show_bug.cgi?id=100599.
4179- I'm not sure how to reproduce this.
4180-
4181- * dfg/DFGAssemblyHelpers.h:
4182- (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
4183- (AssemblyHelpers):
4184- * dfg/DFGOSRExitCompiler32_64.cpp:
4185- (JSC::DFG::OSRExitCompiler::compileExit):
4186- * dfg/DFGOSRExitCompiler64.cpp:
4187- (JSC::DFG::OSRExitCompiler::compileExit):
4188-
4189-2012-10-27 Filip Pizlo <fpizlo@apple.com>
4190-
4191- DFG::Array::Mode needs to be cleaned up
4192- https://bugs.webkit.org/show_bug.cgi?id=100599
4193-
4194- Reviewed by Oliver Hunt.
4195-
4196- Turn the previous massive Array::Mode enum into a class that contains four
4197- fields, the type, whether it's a JSArray, the level of speculation, and the
4198- kind of conversion to perform.
4199-
4200- No performance or behavioral change.
4201-
4202- * dfg/DFGAbstractState.cpp:
4203- (JSC::DFG::AbstractState::execute):
4204- * dfg/DFGArgumentsSimplificationPhase.cpp:
4205- (JSC::DFG::ArgumentsSimplificationPhase::run):
4206- * dfg/DFGArrayMode.cpp:
4207- (JSC::DFG::ArrayMode::fromObserved):
4208- (JSC::DFG::ArrayMode::refine):
4209- (JSC::DFG::ArrayMode::alreadyChecked):
4210- (JSC::DFG::arrayTypeToString):
4211- (JSC::DFG::arrayClassToString):
4212- (DFG):
4213- (JSC::DFG::arraySpeculationToString):
4214- (JSC::DFG::arrayConversionToString):
4215- (JSC::DFG::ArrayMode::toString):
4216- * dfg/DFGArrayMode.h:
4217- (DFG):
4218- (ArrayMode):
4219- (JSC::DFG::ArrayMode::ArrayMode):
4220- (JSC::DFG::ArrayMode::type):
4221- (JSC::DFG::ArrayMode::arrayClass):
4222- (JSC::DFG::ArrayMode::speculation):
4223- (JSC::DFG::ArrayMode::conversion):
4224- (JSC::DFG::ArrayMode::asWord):
4225- (JSC::DFG::ArrayMode::fromWord):
4226- (JSC::DFG::ArrayMode::withSpeculation):
4227- (JSC::DFG::ArrayMode::usesButterfly):
4228- (JSC::DFG::ArrayMode::isJSArray):
4229- (JSC::DFG::ArrayMode::isInBounds):
4230- (JSC::DFG::ArrayMode::mayStoreToHole):
4231- (JSC::DFG::ArrayMode::isOutOfBounds):
4232- (JSC::DFG::ArrayMode::isSlowPut):
4233- (JSC::DFG::ArrayMode::canCSEStorage):
4234- (JSC::DFG::ArrayMode::lengthNeedsStorage):
4235- (JSC::DFG::ArrayMode::modeForPut):
4236- (JSC::DFG::ArrayMode::isSpecific):
4237- (JSC::DFG::ArrayMode::supportsLength):
4238- (JSC::DFG::ArrayMode::benefitsFromStructureCheck):
4239- (JSC::DFG::ArrayMode::doesConversion):
4240- (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
4241- (JSC::DFG::ArrayMode::operator==):
4242- (JSC::DFG::ArrayMode::operator!=):
4243- (JSC::DFG::ArrayMode::arrayModesWithIndexingShape):
4244- (JSC::DFG::canCSEStorage):
4245- (JSC::DFG::lengthNeedsStorage):
4246- * dfg/DFGByteCodeParser.cpp:
4247- (JSC::DFG::ByteCodeParser::getArrayMode):
4248- (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
4249- (JSC::DFG::ByteCodeParser::handleIntrinsic):
4250- (JSC::DFG::ByteCodeParser::parseBlock):
4251- * dfg/DFGCSEPhase.cpp:
4252- (JSC::DFG::CSEPhase::getArrayLengthElimination):
4253- (JSC::DFG::CSEPhase::checkArrayElimination):
4254- (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
4255- (JSC::DFG::CSEPhase::performNodeCSE):
4256- * dfg/DFGConstantFoldingPhase.cpp:
4257- (JSC::DFG::ConstantFoldingPhase::foldConstants):
4258- * dfg/DFGFixupPhase.cpp:
4259- (JSC::DFG::FixupPhase::fixupNode):
4260- (JSC::DFG::FixupPhase::checkArray):
4261- (JSC::DFG::FixupPhase::blessArrayOperation):
4262- * dfg/DFGGraph.cpp:
4263- (JSC::DFG::Graph::dump):
4264- * dfg/DFGGraph.h:
4265- (JSC::DFG::Graph::byValIsPure):
4266- * dfg/DFGNode.h:
4267- (JSC::DFG::Node::arrayMode):
4268- (JSC::DFG::Node::setArrayMode):
4269- * dfg/DFGSpeculativeJIT.cpp:
4270- (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
4271- (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
4272- (JSC::DFG::SpeculativeJIT::checkArray):
4273- (JSC::DFG::SpeculativeJIT::arrayify):
4274- (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
4275- (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
4276- (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
4277- (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
4278- (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
4279- (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
4280- (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
4281- (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
4282- (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
4283- * dfg/DFGSpeculativeJIT.h:
4284- (JSC::DFG::SpeculativeJIT::putByValWillNeedExtraRegister):
4285- (SpeculativeJIT):
4286- * dfg/DFGSpeculativeJIT32_64.cpp:
4287- (JSC::DFG::SpeculativeJIT::compile):
4288- * dfg/DFGSpeculativeJIT64.cpp:
4289- (JSC::DFG::SpeculativeJIT::compile):
4290-
4291-2012-10-27 Dan Bernstein <mitz@apple.com>
4292-
4293- REAL_PLATFORM_NAME build setting is no longer needed
4294- https://bugs.webkit.org/show_bug.cgi?id=100587
4295-
4296- Reviewed by Mark Rowe.
4297-
4298- Removed the definition of REAL_PLATFORM_NAME and replaced references to it with references
4299- to PLATFORM_NAME.
4300-
4301- * Configurations/Base.xcconfig:
4302- * Configurations/CompilerVersion.xcconfig:
4303- * Configurations/DebugRelease.xcconfig:
4304- * Configurations/FeatureDefines.xcconfig:
4305- * Configurations/JSC.xcconfig:
4306- * Configurations/JavaScriptCore.xcconfig:
4307- * Configurations/ToolExecutable.xcconfig:
4308-
4309-2012-10-25 Filip Pizlo <fpizlo@apple.com>
4310-
4311- Forward OSR calculation is wrong in the presence of multiple SetLocals, or a mix of SetLocals and Phantoms
4312- https://bugs.webkit.org/show_bug.cgi?id=100461
4313-
4314- Reviewed by Oliver Hunt and Gavin Barraclough.
4315-
4316- This does a couple of things. First, it removes the part of the change in r131822 that made the forward
4317- OSR exit calculator capable of handling multiple SetLocals. That change was wrong, because it would
4318- blindly assume that all SetLocals had the same ValueRecovery, and would ignore the possibility that if
4319- there is no value recovery then a ForwardCheckStructure on the first SetLocal would not know how to
4320- recover the state associated with the second SetLocal. Then, it introduces the invariant that any bytecode
4321- op that decomposes into multiple SetLocals must first emit dead SetLocals as hints and then emit a second
4322- set of SetLocals to actually do the setting of the locals. This means that if a ForwardCheckStructure (or
4323- any other hoisted forward speculation) is inserted, it will always be inserted on the second set of
4324- SetLocals (since hoisting only touches the live ones), at which point OSR will already know about the
4325- mov hints implied by the first set of (dead) SetLocals. This gives us the behavior we wanted, namely, that
4326- a ForwardCheckStructure applied to a variant set by a resolve_with_base-like operation can correctly do a
4327- forward exit while also ensuring that prior to exiting we set the appropriate locals.
4328-
4329- * dfg/DFGByteCodeParser.cpp:
4330- (JSC::DFG::ByteCodeParser::parseBlock):
4331- * dfg/DFGOSRExit.cpp:
4332- (JSC::DFG::OSRExit::OSRExit):
4333- * dfg/DFGOSRExit.h:
4334- (OSRExit):
4335- * dfg/DFGOSRExitCompiler.cpp:
4336- * dfg/DFGOSRExitCompiler32_64.cpp:
4337- (JSC::DFG::OSRExitCompiler::compileExit):
4338- * dfg/DFGOSRExitCompiler64.cpp:
4339- (JSC::DFG::OSRExitCompiler::compileExit):
4340- * dfg/DFGSpeculativeJIT.cpp:
4341- (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
4342-
4343-2012-10-26 Simon Hausmann <simon.hausmann@digia.com>
4344-
4345- [Qt] Fix the LLInt build on Windows
4346- https://bugs.webkit.org/show_bug.cgi?id=97648
4347-
4348- Reviewed by Tor Arne Vestbø.
4349-
4350- The main change for the port on Windows is changing the way offsets are extracted
4351- and the LLIntAssembly.h is generated to accomodate release and debug configurations.
4352-
4353- Firstly the LLIntOffsetsExtractor binary is now built as-is (no DESTDIR set) and
4354- placed into debug\LLIntOffsetsExtractor.exe and release\LLIntOffsetsExtractor.exe
4355- on Windows debug_and_release builds. On other patforms it remainds in the regular
4356- out directory.
4357-
4358- Secondly the LLIntAssembly.h files must be different for different build types,
4359- so the LLIntAssembly.h generator in DerivedSources.pri operates no on the extractor
4360- binary files as input. Using a simple exists() check we verify the presence of either
4361- a regular, a debug\LLIntOffsetsExtractor and a release\LLIntOffsetsExtractor binary
4362- and process all of them. The resulting assembly files consequently end up in
4363- generated\debug\LLIntAssembly.h and generated\release\LLIntAssembly.h.
4364-
4365- In Target.pri we have to also make sure that those directories are in the include
4366- path according to the release or debug configuration.
4367-
4368- Lastly a small tweak - swapping WTF.pri and JSC.pri inclusions - in the
4369- LLIntOffsetsExtractor build was needed to make sure that we include
4370- JavaScriptCore/config.h instead of WTF/config.h, required to fix the
4371- build issues originally pasted in bug #97648.
4372-
4373- * DerivedSources.pri:
4374- * JavaScriptCore.pro:
4375- * LLIntOffsetsExtractor.pro:
4376- * Target.pri:
4377-
4378-2012-10-26 Gabor Ballabas <gaborb@inf.u-szeged.hu>
4379-
4380- [Qt] Enable JSC's disassembler on x86, x86_64 Linux
4381- https://bugs.webkit.org/show_bug.cgi?id=100386
4382-
4383- Reviewed by Simon Hausmann.
4384-
4385- It works fine on Linux x86, x86_64 just needs to be enabled in the
4386- QtWebKit build system.
4387-
4388- * DerivedSources.pri:
4389- * JavaScriptCore.pri:
4390- * Target.pri:
4391-
4392-2012-10-26 Thiago Marcos P. Santos <thiago.santos@intel.com>
4393-
4394- Add feature flags for CSS Device Adaptation
4395- https://bugs.webkit.org/show_bug.cgi?id=95960
4396-
4397- Reviewed by Kenneth Rohde Christiansen.
4398-
4399- * Configurations/FeatureDefines.xcconfig:
4400-
4401-2012-10-26 Simon Hausmann <simon.hausmann@digia.com>
4402-
4403- [WIN] Make LLInt offsets extractor work on Windows
4404- https://bugs.webkit.org/show_bug.cgi?id=100369
4405-
4406- Reviewed by Kenneth Rohde Christiansen.
4407-
4408- Open the input file explicitly in binary mode to prevent ruby/Windows from thinking that
4409- it's a text mode file that needs even new line conversions. The binary mode parameter is
4410- ignored on other platforms.
4411-
4412- * offlineasm/offsets.rb:
4413-
4414-2012-10-25 Michael Saboff <msaboff@apple.com>
4415-
4416- SymbolTableIndexHashTraits::needsDestruction should be set to true
4417- https://bugs.webkit.org/show_bug.cgi?id=100437
4418-
4419- Reviewed by Mark Hahnenberg.
4420-
4421- For correctness, set SymbolTableIndexHashTraits::needsDestruction to true since SymbolTableEntry's do
4422- need to have their destructor called due to the possibility of rare data.
4423-
4424- * runtime/SymbolTable.h:
4425- (SymbolTableIndexHashTraits):
4426-
4427-2012-10-25 Filip Pizlo <fpizlo@apple.com>
4428-
4429- DFG Arrayify elimination should replace it with GetButterfly rather than Phantom
4430- https://bugs.webkit.org/show_bug.cgi?id=100441
4431-
4432- Reviewed by Oliver Hunt and Gavin Barraclough.
4433-
4434- Made array profiler's to-string helper behave correctly.
4435-
4436- Made Arrayify elimination do the right thing (convert to GetButterfly).
4437-
4438- Made CFA's interference analysis track clobbered array modes correctly, mostly by
4439- simplifying the machinery.
4440-
4441- * bytecode/ArrayProfile.cpp:
4442- (JSC::arrayModesToString):
4443- * dfg/DFGAbstractState.cpp:
4444- (JSC::DFG::AbstractState::execute):
4445- * dfg/DFGAbstractValue.h:
4446- (JSC::DFG::AbstractValue::clobberArrayModes):
4447- (AbstractValue):
4448- * dfg/DFGConstantFoldingPhase.cpp:
4449- (JSC::DFG::ConstantFoldingPhase::foldConstants):
4450-
4451-2012-10-25 Filip Pizlo <fpizlo@apple.com>
4452-
4453- REGRESSION (r131793-r131826): Crash going to wikifonia.org
4454- https://bugs.webkit.org/show_bug.cgi?id=100281
4455-
4456- Reviewed by Oliver Hunt.
4457-
4458- Restore something that got lost in the resolve refactoring: the ability to give up on life if
4459- we see a resolve of 'arguments'.
4460-
4461- * runtime/JSScope.cpp:
4462- (JSC::JSScope::resolveContainingScopeInternal):
4463-
4464-2012-10-25 Dominik Röttsches <dominik.rottsches@intel.com>
4465-
4466- Conditionalize XHR timeout support
4467- https://bugs.webkit.org/show_bug.cgi?id=100356
4468-
4469- Reviewed by Adam Barth.
4470-
4471- Adding XHR_TIMEOUT feature to conditionalize this on ports without network backend support.
4472-
4473- * Configurations/FeatureDefines.xcconfig:
4474-
4475-2012-10-25 Michael Saboff <msaboff@apple.com>
4476-
4477- REGRESSION (r131836): failures in list styles tests on EFL, GTK
4478- https://bugs.webkit.org/show_bug.cgi?id=99824
4479-
4480- Reviewed by Oliver Hunt.
4481-
4482- Saved start of string since it is modified by call convertUTF8ToUTF16().
4483-
4484- * API/JSStringRef.cpp:
4485- (JSStringCreateWithUTF8CString):
4486-
4487-2012-10-24 Filip Pizlo <fpizlo@apple.com>
4488-
4489- DFG NewArrayBuffer node should keep its data in a structure on the side to free up one of the opInfos
4490- https://bugs.webkit.org/show_bug.cgi?id=100328
4491-
4492- Reviewed by Oliver Hunt.
4493-
4494- * dfg/DFGByteCodeParser.cpp:
4495- (JSC::DFG::ByteCodeParser::parseBlock):
4496- * dfg/DFGGraph.h:
4497- (Graph):
4498- * dfg/DFGNode.h:
4499- (NewArrayBufferData):
4500- (DFG):
4501- (JSC::DFG::Node::newArrayBufferData):
4502- (Node):
4503- (JSC::DFG::Node::startConstant):
4504- (JSC::DFG::Node::numConstants):
4505-
4506-2012-10-25 Mark Lam <mark.lam@apple.com>
4507-
4508- Update the C++ llint to work with the latest op_resolve... changes.
4509- https://bugs.webkit.org/show_bug.cgi?id=100345.
4510-
4511- Reviewed by Oliver Hunt.
4512-
4513- * llint/LowLevelInterpreter.cpp:
4514- (JSC::CLoop::execute):
4515- - emit opcode name as label when not using COMPUTED_GOTOs. The new op_resolve
4516- opcodes have jumps to these labels.
4517- - declare all opcode labels as UNUSED_LABEL()s to keep the compiler happy
4518- for opcodes that are not referenced by anyone.
4519- * offlineasm/asm.rb:
4520- - strip llint_ prefix from opcode names used as labels.
4521-
4522-2012-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
4523-
4524- Refactor LLInt64 to distinguish the pointer operations from the 64-bit integer operations
4525- https://bugs.webkit.org/show_bug.cgi?id=100321
4526-
4527- Reviewed by Filip Pizlo.
4528-
4529- We have refactored the MacroAssembler and JIT compilers to distinguish
4530- the pointer operations from the 64-bit integer operations (see bug #99154).
4531- Now we want to do the similar work for LLInt, and the goal is same as
4532- the one mentioned in 99154.
4533-
4534- This is the first part of the modification: in the offline assembler,
4535- adding the support of the "<foo>q" instructions which will be used for
4536- 64-bit integer operations.
4537-
4538- * llint/LowLevelInterpreter.cpp:
4539- (JSC::CLoop::execute):
4540- * offlineasm/cloop.rb:
4541- * offlineasm/instructions.rb:
4542- * offlineasm/x86.rb:
4543-
4544-2012-10-24 Filip Pizlo <fpizlo@apple.com>
4545-
4546- DFG compileBlahBlahByVal methods for Contiguous and ArrayStorage have only one caller and should be removed
4547- https://bugs.webkit.org/show_bug.cgi?id=100311
4548-
4549- Reviewed by Mark Hahnenberg.
4550-
4551- Just trying to simplify things before I make them more complicated again.
4552-
4553- * dfg/DFGSpeculativeJIT.h:
4554- (SpeculativeJIT):
4555- (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
4556- * dfg/DFGSpeculativeJIT32_64.cpp:
4557- (DFG):
4558- (JSC::DFG::SpeculativeJIT::compile):
4559- * dfg/DFGSpeculativeJIT64.cpp:
4560- (DFG):
4561- (JSC::DFG::SpeculativeJIT::compile):
4562-
4563-2012-10-23 Andreas Kling <kling@webkit.org>
4564-
4565- CodeBlock: Give m_putToBaseOperations an inline capacity.
4566- <http://webkit.org/b/100190>
4567- <rdar://problem/12562466>
4568-
4569- Reviewed by Oliver Hunt.
4570-
4571- Since the CodeBlock constructor always inserts a single PutToBaseOperation, but there's no
4572- guarantee that more will follow, give the m_putToBaseOperations vector an inline capacity of 1.
4573- There are 4009 of these Vectors on Membuster3, and only 126 of them have more than a single entry.
4574-
4575- This change yields a 1.90MB reduction in memory usage.
4576-
4577- * bytecode/CodeBlock.h:
4578- (CodeBlock):
4579-
4580-2012-10-23 Christophe Dumez <christophe.dumez@intel.com>
4581-
4582- Regression(r132143): Assertion hit in JSC::Interpreter::StackPolicy::StackPolicy(JSC::Interpreter&, const WTF::StackBounds&)
4583- https://bugs.webkit.org/show_bug.cgi?id=100109
4584-
4585- Reviewed by Oliver Hunt.
4586-
4587- Fix possible integer overflow in StackPolicy constructor by
4588- using size_t type instead of int for stack sizes. The value
4589- returned by StackBounds::size() is of type size_t but was
4590- assigned to an int, which may overflow.
4591-
4592- * interpreter/Interpreter.cpp:
4593- (JSC):
4594- (JSC::Interpreter::StackPolicy::StackPolicy):
4595-
4596-2012-10-23 Carlos Garcia Campos <cgarcia@igalia.com>
4597-
4598- Unreviewed. Fix make distcheck.
4599-
4600- * GNUmakefile.list.am: Add missing header file.
4601-
4602-2012-10-23 Mark Lam <mark.lam@apple.com>
4603-
4604- Make topCallFrame reliable.
4605- https://bugs.webkit.org/show_bug.cgi?id=98928.
4606-
4607- Reviewed by Geoffrey Garen.
4608-
4609- - VM entry points and the GC now uses topCallFrame.
4610- - The callerFrame value in CallFrames are now always the previous
4611- frame on the stack, except for the first frame which has a
4612- callerFrame of 0 (not counting the HostCallFrameFlag).
4613- Hence, we can now traverse every frame on the stack all the way
4614- back to the first frame.
4615- - GlobalExec's will no longer be used as the callerFrame values in
4616- call frames.
4617- - Added fences and traps for debugging the JSStack in debug builds.
4618-
4619- * bytecode/SamplingTool.h:
4620- (SamplingTool):
4621- (JSC::SamplingTool::CallRecord::CallRecord):
4622- * dfg/DFGOperations.cpp:
4623- - Fixed 2 DFG helper functions to flush topCallFrame as expected.
4624- * dfg/DFGSpeculativeJIT.h:
4625- (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
4626- * interpreter/CallFrame.h:
4627- (JSC::ExecState::callerFrameNoFlags):
4628- (ExecState):
4629- (JSC::ExecState::argIndexForRegister):
4630- (JSC::ExecState::getArgumentUnsafe):
4631- * interpreter/CallFrameClosure.h:
4632- (CallFrameClosure):
4633- * interpreter/Interpreter.cpp:
4634- (JSC):
4635- (JSC::eval):
4636- (JSC::Interpreter::Interpreter):
4637- (JSC::Interpreter::throwException):
4638- (JSC::Interpreter::execute):
4639- (JSC::Interpreter::executeCall):
4640- (JSC::Interpreter::executeConstruct):
4641- (JSC::Interpreter::prepareForRepeatCall):
4642- (JSC::Interpreter::endRepeatCall):
4643- * interpreter/Interpreter.h:
4644- (JSC):
4645- (Interpreter):
4646- * interpreter/JSStack.cpp:
4647- (JSC::JSStack::JSStack):
4648- (JSC::JSStack::gatherConservativeRoots):
4649- (JSC::JSStack::disableErrorStackReserve):
4650- * interpreter/JSStack.h:
4651- (JSC):
4652- (JSStack):
4653- (JSC::JSStack::installFence):
4654- (JSC::JSStack::validateFence):
4655- (JSC::JSStack::installTrapsAfterFrame):
4656- * interpreter/JSStackInlines.h: Added.
4657- (JSC):
4658- (JSC::JSStack::getTopOfFrame):
4659- (JSC::JSStack::getTopOfStack):
4660- (JSC::JSStack::getStartOfFrame):
4661- (JSC::JSStack::pushFrame):
4662- (JSC::JSStack::popFrame):
4663- (JSC::JSStack::generateFenceValue):
4664- (JSC::JSStack::installFence):
4665- (JSC::JSStack::validateFence):
4666- (JSC::JSStack::installTrapsAfterFrame):
4667- * jit/JITStubs.cpp:
4668- (JSC::jitCompileFor):
4669- (JSC::lazyLinkFor):
4670- - Set frame->codeBlock to 0 for both the above because they are called
4671- with partially intitialized frames (cb uninitialized), but may
4672- trigger a GC.
4673- (JSC::DEFINE_STUB_FUNCTION):
4674- * runtime/JSGlobalData.cpp:
4675- (JSC::JSGlobalData::JSGlobalData):
4676-
4677-2012-10-22 Filip Pizlo <fpizlo@apple.com>
4678-
4679- DFG::Array::Undecided should be called DFG::Array::SelectUsingPredictions
4680- https://bugs.webkit.org/show_bug.cgi?id=100052
4681-
4682- Reviewed by Oliver Hunt.
4683-
4684- No functional change, just renaming. It's a clearer name that more accurately
4685- reflects the meaning, and it eliminates the namespace confusion that will happen
4686- with the Undecided indexing type in https://bugs.webkit.org/show_bug.cgi?id=98606
4687-
4688- * dfg/DFGAbstractState.cpp:
4689- (JSC::DFG::AbstractState::execute):
4690- * dfg/DFGArrayMode.cpp:
4691- (JSC::DFG::fromObserved):
4692- (JSC::DFG::refineArrayMode):
4693- (JSC::DFG::modeAlreadyChecked):
4694- (JSC::DFG::modeToString):
4695- * dfg/DFGArrayMode.h:
4696- (JSC::DFG::canCSEStorage):
4697- (JSC::DFG::modeIsSpecific):
4698- (JSC::DFG::modeSupportsLength):
4699- (JSC::DFG::benefitsFromStructureCheck):
4700- * dfg/DFGFixupPhase.cpp:
4701- (JSC::DFG::FixupPhase::fixupNode):
4702- (JSC::DFG::FixupPhase::blessArrayOperation):
4703- * dfg/DFGSpeculativeJIT.cpp:
4704- (JSC::DFG::SpeculativeJIT::arrayify):
4705- * dfg/DFGSpeculativeJIT32_64.cpp:
4706- (JSC::DFG::SpeculativeJIT::compile):
4707- * dfg/DFGSpeculativeJIT64.cpp:
4708- (JSC::DFG::SpeculativeJIT::compile):
4709-
4710-2012-10-22 Mark Lam <mark.lam@apple.com>
4711-
4712- Change stack recursion checks to be based on stack availability.
4713- https://bugs.webkit.org/show_bug.cgi?id=99872.
4714-
4715- Reviewed by Filip Pizlo and Geoffrey Garen.
4716-
4717- - Remove m_reentryDepth, ThreadStackType which are now obsolete.
4718- - Replaced the reentryDepth checks with a StackBounds check.
4719- - Added the Interpreter::StackPolicy class to compute a reasonable
4720- stack capacity requirement given the native stack that the
4721- interpreter is executing on at that time.
4722- - Reserved an amount of JSStack space for the use of error handling
4723- and enable its use (using Interpreter::ErrorHandlingMode) when
4724- we're about to throw or report an exception.
4725- - Interpreter::StackPolicy also allows more native stack space
4726- to be used when in ErrorHandlingMode. This is needed in the case
4727- of native stack overflows.
4728- - Fixed the parser so that it throws a StackOverflowError instead of
4729- a SyntaxError when it encounters a stack overflow.
4730-
4731- * API/JSContextRef.cpp:
4732- (JSContextGroupCreate):
4733- (JSGlobalContextCreateInGroup):
4734- * JavaScriptCore.order:
4735- * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
4736- * interpreter/Interpreter.cpp:
4737- (JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode):
4738- (JSC):
4739- (JSC::Interpreter::ErrorHandlingMode::~ErrorHandlingMode):
4740- (JSC::Interpreter::StackPolicy::StackPolicy):
4741- (JSC::Interpreter::Interpreter):
4742- (JSC::Interpreter::execute):
4743- (JSC::Interpreter::executeCall):
4744- (JSC::Interpreter::executeConstruct):
4745- (JSC::Interpreter::prepareForRepeatCall):
4746- * interpreter/Interpreter.h:
4747- (JSC):
4748- (Interpreter):
4749- (ErrorHandlingMode):
4750- (StackPolicy):
4751- (JSC::Interpreter::StackPolicy::requiredCapacity):
4752- * interpreter/JSStack.cpp:
4753- (JSC):
4754- (JSC::JSStack::JSStack):
4755- (JSC::JSStack::growSlowCase):
4756- (JSC::JSStack::enableErrorStackReserve):
4757- (JSC::JSStack::disableErrorStackReserve):
4758- * interpreter/JSStack.h:
4759- (JSStack):
4760- (JSC::JSStack::reservationEnd):
4761- (JSC):
4762- * jsc.cpp:
4763- (jscmain):
4764- * parser/Parser.cpp:
4765- (JSC::::Parser):
4766- * parser/Parser.h:
4767- (Parser):
4768- (JSC::::parse):
4769- * runtime/ExceptionHelpers.cpp:
4770- (JSC::throwStackOverflowError):
4771- * runtime/JSGlobalData.cpp:
4772- (JSC::JSGlobalData::JSGlobalData):
4773- (JSC::JSGlobalData::createContextGroup):
4774- (JSC::JSGlobalData::create):
4775- (JSC::JSGlobalData::createLeaked):
4776- (JSC::JSGlobalData::sharedInstance):
4777- * runtime/JSGlobalData.h:
4778- (JSC):
4779- (JSGlobalData):
4780- * runtime/StringRecursionChecker.h:
4781- (JSC::StringRecursionChecker::performCheck):
4782- * testRegExp.cpp:
4783- (realMain):
4784-
4785-2012-10-20 Martin Robinson <mrobinson@igalia.com>
4786-
4787- Fix 'make dist' for the GTK+ port
4788-
4789- * GNUmakefile.list.am: Add missing files to the source list.
4790-
4791-2012-10-21 Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
4792-
4793- [CMake][JSC] Depend on risc.rb to decide when to run the LLInt scripts.
4794- https://bugs.webkit.org/show_bug.cgi?id=99917
4795-
4796- Reviewed by Geoffrey Garen.
4797-
4798- Depend on the newly-added risc.rb to make sure we always run the
4799- LLInt scripts when one of them changes.
4800-
4801- * CMakeLists.txt:
4802-
4803-2012-10-20 Filip Pizlo <fpizlo@apple.com>
4804-
4805- LLInt backends of non-ARM RISC platforms should be able to share code with the existing ARMv7 backend
4806- https://bugs.webkit.org/show_bug.cgi?id=99745
4807-
4808- Reviewed by Geoffrey Garen.
4809-
4810- This moves all of the things in armv7.rb that I thought are generally useful out
4811- into risc.rb. It also separates some phases (branch ops is separated into one
4812- phase that does sensible things, and another that does things that are painfully
4813- ARM-specific), and removes ARM assumptions from others by using a callback to
4814- drive exactly what lowering must happen. The goal here is to minimize the future
4815- maintenance burden of LLInt by ensuring that the various platforms share as much
4816- lowering code as possible.
4817-
4818- * offlineasm/armv7.rb:
4819- * offlineasm/risc.rb: Added.
4820-
4821-2012-10-19 Filip Pizlo <fpizlo@apple.com>
4822-
4823- DFG should have some facility for recognizing redundant CheckArrays and Arrayifies
4824- https://bugs.webkit.org/show_bug.cgi?id=99287
4825-
4826- Reviewed by Mark Hahnenberg.
4827-
4828- Adds reasoning about indexing type sets (i.e. ArrayModes) to AbstractValue, which
4829- then enables us to fold away CheckArray's and Arrayify's that are redundant.
4830-
4831- * bytecode/ArrayProfile.cpp:
4832- (JSC::arrayModesToString):
4833- (JSC):
4834- * bytecode/ArrayProfile.h:
4835- (JSC):
4836- (JSC::mergeArrayModes):
4837- (JSC::arrayModesAlreadyChecked):
4838- * bytecode/StructureSet.h:
4839- (JSC::StructureSet::arrayModesFromStructures):
4840- (StructureSet):
4841- * dfg/DFGAbstractState.cpp:
4842- (JSC::DFG::AbstractState::execute):
4843- * dfg/DFGAbstractValue.h:
4844- (JSC::DFG::AbstractValue::AbstractValue):
4845- (JSC::DFG::AbstractValue::clear):
4846- (JSC::DFG::AbstractValue::isClear):
4847- (JSC::DFG::AbstractValue::makeTop):
4848- (JSC::DFG::AbstractValue::clobberStructures):
4849- (AbstractValue):
4850- (JSC::DFG::AbstractValue::setMostSpecific):
4851- (JSC::DFG::AbstractValue::set):
4852- (JSC::DFG::AbstractValue::operator==):
4853- (JSC::DFG::AbstractValue::merge):
4854- (JSC::DFG::AbstractValue::filter):
4855- (JSC::DFG::AbstractValue::filterArrayModes):
4856- (JSC::DFG::AbstractValue::validate):
4857- (JSC::DFG::AbstractValue::checkConsistency):
4858- (JSC::DFG::AbstractValue::dump):
4859- (JSC::DFG::AbstractValue::clobberArrayModes):
4860- (JSC::DFG::AbstractValue::clobberArrayModesSlow):
4861- (JSC::DFG::AbstractValue::setFuturePossibleStructure):
4862- (JSC::DFG::AbstractValue::filterFuturePossibleStructure):
4863- * dfg/DFGArrayMode.cpp:
4864- (JSC::DFG::modeAlreadyChecked):
4865- * dfg/DFGArrayMode.h:
4866- (JSC::DFG::arrayModesFor):
4867- (DFG):
4868- * dfg/DFGConstantFoldingPhase.cpp:
4869- (JSC::DFG::ConstantFoldingPhase::foldConstants):
4870- * dfg/DFGSpeculativeJIT.cpp:
4871- (JSC::DFG::SpeculativeJIT::arrayify):
4872-
4873-2012-10-19 Filip Pizlo <fpizlo@apple.com>
4874-
4875- Baseline JIT should not inline array allocations, to make them easier to instrument
4876- https://bugs.webkit.org/show_bug.cgi?id=99905
4877-
4878- Reviewed by Mark Hahnenberg.
4879-
4880- This will make it easier to instrument array allocations for the purposes of profiling.
4881- It also allows us to kill off a bunch of code. And, this doesn't appear to hurt
4882- performance at all. That's expected because these days any hot allocation will end up
4883- in the DFG JIT, which does inline these allocations.
4884-
4885- * jit/JIT.cpp:
4886- (JSC::JIT::privateCompileSlowCases):
4887- * jit/JIT.h:
4888- (JIT):
4889- * jit/JITInlineMethods.h:
4890- (JSC):
4891- * jit/JITOpcodes.cpp:
4892- (JSC::JIT::emit_op_new_array):
4893-
4894-2012-10-19 Oliver Hunt <oliver@apple.com>
4895-
4896- Fix some of the regression cause by the non-local variable reworking
4897- https://bugs.webkit.org/show_bug.cgi?id=99896
4898-
4899- Reviewed by Filip Pizlo.
4900-
4901- The non0local variable reworking led to some of the optimisations performed by
4902- the bytecode generator being dropped. This in turn put more pressure on the DFG
4903- optimisations. This exposed a short coming in our double speculation propogation.
4904- Now we try to distinguish between places where we should SpecDoubleReal vs generic
4905- SpecDouble.
4906-
4907- * dfg/DFGPredictionPropagationPhase.cpp:
4908- (PredictionPropagationPhase):
4909- (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
4910- (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPredictions):
4911- (JSC::DFG::PredictionPropagationPhase::propagate):
4912-
4913-2012-10-19 Michael Saboff <msaboff@apple.com>
4914-
4915- Lexer should create 8 bit Identifiers for RegularExpressions and ASCII identifiers
4916- https://bugs.webkit.org/show_bug.cgi?id=99855
4917-
4918- Reviewed by Filip Pizlo.
4919-
4920- Added makeIdentifier helpers that will always make an 8 bit Identifier or make an
4921- Identifier that is the same size as the template parameter. Used the first in the fast
4922- path when looking for a JS identifier and the second when scanning regular expressions.
4923-
4924- * parser/Lexer.cpp:
4925- (JSC::::scanRegExp):
4926- * parser/Lexer.h:
4927- (Lexer):
4928- (JSC::::makeIdentifierSameType):
4929- (JSC::::makeLCharIdentifier):
4930- (JSC::::lexExpectIdentifier):
4931-
4932-2012-10-19 Mark Lam <mark.lam@apple.com>
4933-
4934- Added WTF::StackStats mechanism.
4935- https://bugs.webkit.org/show_bug.cgi?id=99805.
4936-
4937- Reviewed by Geoffrey Garen.
4938-
4939- Added StackStats checkpoints and probes.
4940-
4941- * bytecompiler/BytecodeGenerator.h:
4942- (JSC::BytecodeGenerator::emitNode):
4943- (JSC::BytecodeGenerator::emitNodeInConditionContext):
4944- * heap/SlotVisitor.cpp:
4945- (JSC::SlotVisitor::append):
4946- (JSC::visitChildren):
4947- (JSC::SlotVisitor::donateKnownParallel):
4948- (JSC::SlotVisitor::drain):
4949- (JSC::SlotVisitor::drainFromShared):
4950- (JSC::SlotVisitor::mergeOpaqueRoots):
4951- (JSC::SlotVisitor::internalAppend):
4952- (JSC::SlotVisitor::harvestWeakReferences):
4953- (JSC::SlotVisitor::finalizeUnconditionalFinalizers):
4954- * interpreter/Interpreter.cpp:
4955- (JSC::Interpreter::execute):
4956- (JSC::Interpreter::executeCall):
4957- (JSC::Interpreter::executeConstruct):
4958- (JSC::Interpreter::prepareForRepeatCall):
4959- * parser/Parser.h:
4960- (JSC::Parser::canRecurse):
4961- * runtime/StringRecursionChecker.h:
4962- (StringRecursionChecker):
4963-
4964-2012-10-19 Oliver Hunt <oliver@apple.com>
4965-
4966- REGRESSION(r131822): It made 500+ tests crash on 32 bit platforms
4967- https://bugs.webkit.org/show_bug.cgi?id=99814
4968-
4969- Reviewed by Filip Pizlo.
4970-
4971- Call the correct macro in 32bit.
4972-
4973- * llint/LowLevelInterpreter.asm:
4974-
4975-2012-10-19 Dongwoo Joshua Im <dw.im@samsung.com>
4976-
4977- Rename ENABLE_CSS3_TEXT_DECORATION to ENABLE_CSS3_TEXT
4978- https://bugs.webkit.org/show_bug.cgi?id=99804
4979-
4980- Reviewed by Julien Chaffraix.
4981-
4982- CSS3 text related properties will be implemented under this flag,
4983- including text decoration, text-align-last, and text-justify.
4984-
4985- * Configurations/FeatureDefines.xcconfig:
4986-
4987-2012-10-18 Anders Carlsson <andersca@apple.com>
4988-
4989- Clean up RegExpKey
4990- https://bugs.webkit.org/show_bug.cgi?id=99798
4991-
4992- Reviewed by Darin Adler.
4993-
4994- RegExpHash doesn't need to be a class template specialization when the class template is specialized
4995- for JSC::RegExpKey only. Make it a nested class of RegExp instead. Also, make operator== a friend function
4996- so Hash::equal can see it.
4997-
4998- * runtime/RegExpKey.h:
4999- (JSC::RegExpKey::RegExpKey):
5000- (JSC::RegExpKey::operator==):
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches