Merge lp:~mitya57/ubuntu/saucy/qtwebkit-opensource-src/merge into lp:ubuntu/saucy/qtwebkit-opensource-src
- Saucy (13.10)
- merge
- Merge into saucy
Status: | Superseded |
---|---|
Proposed branch: | lp:~mitya57/ubuntu/saucy/qtwebkit-opensource-src/merge |
Merge into: | lp:ubuntu/saucy/qtwebkit-opensource-src |
Diff against target: |
15001 lines (+2249/-10412) 134 files modified
.pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (+2/-2) .pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog (+0/-9047) .pc/add_experimentalDevicePixelRatio.patch/Source/WebKit2/UIProcess/API/qt/qquickwebview.cpp (+16/-0) .pc/add_experimentalDevicePixelRatio.patch/Source/WebKit2/UIProcess/qt/QtWebPageSGNode.cpp (+5/-2) .pc/add_module_version.patch/.qmake.conf (+2/-0) .pc/applied-patches (+0/-1) .pc/disable_geolocation_501.diff/Source/WebKit/qt/WidgetApi/qwebpage.cpp (+6/-2) .pc/no_gc_sections.diff/Source/WebCore/WebCore.pri (+3/-5) .pc/save_memory.diff/Source/WebCore/WebCore.pri (+0/-323) .qmake.conf (+2/-0) Source/JavaScriptCore/ChangeLog (+96/-16) Source/JavaScriptCore/LLIntOffsetsExtractor.pro (+6/-2) Source/JavaScriptCore/dfg/DFGRepatch.cpp (+4/-4) Source/JavaScriptCore/heap/BlockAllocator.h (+7/-1) Source/JavaScriptCore/heap/CopiedBlock.h (+7/-0) Source/JavaScriptCore/heap/CopiedSpace.cpp (+4/-4) Source/JavaScriptCore/heap/CopiedSpace.h (+0/-1) Source/JavaScriptCore/heap/CopiedSpaceInlines.h (+3/-9) Source/JavaScriptCore/heap/CopyVisitor.h (+1/-1) Source/JavaScriptCore/heap/CopyVisitorInlines.h (+5/-8) Source/JavaScriptCore/heap/SlotVisitorInlines.h (+5/-5) Source/JavaScriptCore/runtime/Butterfly.h (+3/-1) Source/JavaScriptCore/runtime/ButterflyInlines.h (+7/-0) Source/JavaScriptCore/runtime/JSObject.cpp (+3/-3) Source/JavaScriptCore/runtime/MathObject.cpp (+0/-16) Source/WTF/ChangeLog (+39/-0) Source/WTF/wtf/MathExtras.h (+22/-0) Source/WebCore/ChangeLog (+448/-0) Source/WebCore/Target.pri (+1/-1) Source/WebCore/WebCore.pri (+3/-7) Source/WebCore/bindings/js/JSDOMBinding.h (+21/-0) Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (+1/-1) Source/WebCore/css/StylePropertySet.cpp (+16/-21) Source/WebCore/css/StylePropertySet.h (+1/-1) Source/WebCore/css/StyleResolver.cpp (+9/-11) Source/WebCore/dom/Document.cpp (+4/-2) Source/WebCore/dom/Element.cpp (+14/-0) Source/WebCore/dom/Element.h (+2/-0) Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp (+4/-4) Source/WebCore/editing/InsertParagraphSeparatorCommand.h (+2/-2) Source/WebCore/history/HistoryItem.h (+1/-1) Source/WebCore/history/qt/HistoryItemQt.cpp (+175/-110) Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp (+7/-2) Source/WebCore/html/parser/HTMLDocumentParser.cpp (+5/-0) Source/WebCore/loader/DocumentLoader.cpp (+3/-3) Source/WebCore/page/FrameView.cpp (+3/-0) Source/WebCore/platform/graphics/FontCache.cpp (+2/-0) Source/WebCore/platform/graphics/qt/GraphicsContextQt.cpp (+3/-3) Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp (+27/-16) Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h (+1/-1) Source/WebCore/platform/graphics/texmap/TextureMapper.cpp (+19/-0) Source/WebCore/platform/graphics/texmap/TextureMapper.h (+4/-2) Source/WebCore/platform/graphics/texmap/TextureMapperBackingStore.cpp (+26/-0) Source/WebCore/platform/graphics/texmap/TextureMapperBackingStore.h (+2/-0) Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp (+18/-7) Source/WebCore/platform/graphics/texmap/TextureMapperGL.h (+2/-1) Source/WebCore/platform/graphics/texmap/TextureMapperImageBuffer.cpp (+22/-0) Source/WebCore/platform/graphics/texmap/TextureMapperImageBuffer.h (+2/-0) Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp (+32/-3) Source/WebCore/platform/graphics/texmap/TextureMapperLayer.h (+14/-3) Source/WebCore/platform/text/TextEncodingRegistry.cpp (+9/-0) Source/WebCore/plugins/PluginPackage.cpp (+1/-3) Source/WebCore/rendering/RenderLayer.cpp (+1/-2) Source/WebCore/rendering/RenderLayer.h (+0/-4) Source/WebCore/rendering/RenderObject.cpp (+3/-1) Source/WebCore/rendering/RenderTableSection.cpp (+6/-1) Source/WebCore/rendering/svg/RenderSVGResourcePattern.cpp (+72/-67) Source/WebCore/rendering/svg/RenderSVGResourcePattern.h (+2/-0) Source/WebCore/svg/graphics/SVGImageCache.cpp (+3/-8) Source/WebCore/xml/parser/XMLDocumentParser.cpp (+5/-0) Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp (+6/-1) Source/WebCore/xml/parser/XMLDocumentParserQt.cpp (+6/-0) Source/WebKit/ChangeLog (+12/-0) Source/WebKit/WebKit1.pro (+1/-2) Source/WebKit/qt/Api/qwebhistory.cpp (+33/-25) Source/WebKit/qt/ChangeLog (+107/-0) Source/WebKit/qt/WebCoreSupport/NotificationPresenterClientQt.cpp (+58/-5) Source/WebKit/qt/WebCoreSupport/NotificationPresenterClientQt.h (+8/-3) Source/WebKit/qt/WebCoreSupport/QWebPageAdapter.cpp (+2/-2) Source/WebKit/qt/WebCoreSupport/QWebPageAdapter.h (+1/-1) Source/WebKit/qt/WidgetApi/qwebinspector.cpp (+7/-5) Source/WebKit/qt/WidgetApi/qwebpage.cpp (+6/-2) Source/WebKit/qt/tests/qgraphicswebview/resources/scrolltest_page.html (+6/-0) Source/WebKit/qt/tests/qwebhistory/tst_qwebhistory.cpp (+134/-7) Source/WebKit/qt/tests/qwebview/resources/scrolltest_page.html (+6/-0) Source/WebKit2/ChangeLog (+130/-0) Source/WebKit2/Target.pri (+3/-0) Source/WebKit2/UIProcess/API/qt/qquickurlschemedelegate.cpp (+27/-0) Source/WebKit2/UIProcess/API/qt/qquickurlschemedelegate_p.h (+11/-0) Source/WebKit2/UIProcess/API/qt/qquickwebview.cpp (+16/-0) Source/WebKit2/UIProcess/API/qt/tests/qmltests/WebView/tst_applicationScheme.qml (+8/-0) Source/WebKit2/UIProcess/API/qt/tests/qmltests/common/qrctest.html (+6/-0) Source/WebKit2/UIProcess/API/qt/tests/qmltests/resources.qrc (+1/-0) Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp (+3/-1) Source/WebKit2/UIProcess/Launcher/qt/ProcessLauncherQt.cpp (+1/-1) Source/WebKit2/UIProcess/PageViewportController.cpp (+26/-23) Source/WebKit2/UIProcess/PageViewportController.h (+3/-5) Source/WebKit2/UIProcess/qt/PageViewportControllerClientQt.cpp (+11/-10) Source/WebKit2/UIProcess/qt/QtWebPageEventHandler.cpp (+0/-1) Source/WebKit2/WebProcess/WebPage/WebPage.cpp (+2/-2) Source/qtwebkit.qdocconf (+2/-2) Tools/ChangeLog (+82/-0) Tools/qmake/config.tests/libjpeg/libjpeg.cpp (+0/-35) Tools/qmake/config.tests/libjpeg/libjpeg.pro (+0/-3) Tools/qmake/config.tests/libpng/libpng.cpp (+0/-33) Tools/qmake/config.tests/libpng/libpng.pro (+0/-3) Tools/qmake/config.tests/libxml2/libxml2.pro (+7/-2) Tools/qmake/config.tests/libxslt/libxslt.pro (+7/-2) Tools/qmake/mkspecs/features/configure.prf (+18/-3) Tools/qmake/mkspecs/features/default_pre.prf (+3/-0) Tools/qmake/mkspecs/features/features.prf (+4/-2) Tools/qmake/mkspecs/features/functions.prf (+19/-0) Tools/qmake/mkspecs/features/unix/default_pre.prf (+0/-3) debian/README.source (+0/-27) debian/TODO.Debian (+0/-4) debian/changelog (+58/-250) debian/control (+38/-8) debian/libqt5webkit5-dev.install (+40/-77) debian/libqt5webkit5.install (+2/-2) debian/patches/05_sparc_unaligned_access.diff (+2/-4) debian/patches/LLIntCLoop32BigEndian.patch (+10/-41) debian/patches/add_experimentalDevicePixelRatio.patch (+26/-37) debian/patches/add_module_version.patch (+4/-5) debian/patches/devicePixelResolution.patch (+4/-4) debian/patches/disable_geolocation_501.diff (+3/-3) debian/patches/hurd.diff (+2/-2) debian/patches/no_gc_sections.diff (+1/-1) debian/patches/save_memory.diff (+0/-11) debian/patches/series (+0/-1) debian/qtwebkit5-doc-html.install (+1/-0) debian/qtwebkit5-doc.install (+1/-0) debian/rules (+29/-8) debian/source/include-binaries (+0/-1) debian/watch (+1/-1) |
To merge this branch: | bzr merge lp:~mitya57/ubuntu/saucy/qtwebkit-opensource-src/merge |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu branches | Pending | ||
Review via email: mp+172094@code.launchpad.net |
This proposal has been superseded by a proposal from 2013-07-10.
Commit message
Description of the change
This is a Debian merge. I've also deleted the old changelog entries, like Debian did.
This is all committed to lp:~kubuntu-packagers/kubuntu-packaging/qtwebkit-opensource-src.
Note that I had to modify dd_experimental
Timo Jyrinki (timo-jyrinki) wrote : | # |
Timo Jyrinki (timo-jyrinki) wrote : | # |
(I meant lp:~kubuntu-packagers/kubuntu-packaging/qtwebkit-opensource-src_5.0.2 of course)
Dmitry Shachnev (mitya57) wrote : | # |
Thanks for the review, even if we stay on 5.0.1, I would still like to merge changes from Debian (i.e. because qtdoc build-depends on qtwebkit5-doc). Please let me know if I should do a separate 5.0.1-based merge.
Timo Jyrinki (timo-jyrinki) wrote : | # |
Dmitry: I haven't gotten the 5.0.2 armhf build working, but the first build log seemed like possibly some random hitch somewhere, so I'm trying another one https:/
The 5.0.2 testing could also take some time better spent on preparing for 5.1.1, so maybe the 5.0.1 + qtdoc merge would be the best route.
Timo Jyrinki (timo-jyrinki) wrote : | # |
(I just noticed the armhf build problems may be caused by toolchain, as even 5.0.1 is failing to build now: https:/
Unmerged revisions
- 4. By Dmitry Shachnev
-
* Merge with Debian experimental, remaining changes:
- Build-depend on qtsensors and qtlocation
- Add patches:
+ add_experimentalDevicePixelRat io.patch
+ add_module_version. patch
+ devicePixelResolution. patch
+ DidFirstLayout.patch
+ disable_geolocation_ 501.diff
+ disabling_jit_for_ arm.patch
+ file_access.patch
+ fix_gcc48.patch
+ fixTriggerOSKonWebPages. patch
+ LLIntCLoop32BigEndian. patch
- Add Vcs-Bzr field
* Refresh patches.
Preview Diff
1 | === modified file '.pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp' |
2 | --- .pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2013-05-20 12:00:17 +0000 |
3 | +++ .pc/DidFirstLayout.patch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2013-06-30 08:18:25 +0000 |
4 | @@ -1018,13 +1018,13 @@ |
5 | // Recalculate the recommended layout size, when the available size (device pixel) changes. |
6 | Settings* settings = m_page->settings(); |
7 | |
8 | - int minimumLayoutFallbackWidth = std::max(settings->layoutFallbackWidth(), int(m_viewportSize.width() / m_page->deviceScaleFactor())); |
9 | + int minimumLayoutFallbackWidth = std::max(settings->layoutFallbackWidth(), m_viewportSize.width()); |
10 | |
11 | // If unset we use the viewport dimensions. This fits with the behavior of desktop browsers. |
12 | int deviceWidth = (settings->deviceWidth() > 0) ? settings->deviceWidth() : m_viewportSize.width(); |
13 | int deviceHeight = (settings->deviceHeight() > 0) ? settings->deviceHeight() : m_viewportSize.height(); |
14 | |
15 | - ViewportAttributes attr = computeViewportAttributes(m_page->viewportArguments(), minimumLayoutFallbackWidth, deviceWidth, deviceHeight, m_page->deviceScaleFactor(), m_viewportSize); |
16 | + ViewportAttributes attr = computeViewportAttributes(m_page->viewportArguments(), minimumLayoutFallbackWidth, deviceWidth, deviceHeight, 1, m_viewportSize); |
17 | attr.initialScale = m_page->viewportArguments().zoom; // Resets auto (-1) if no value was set by user. |
18 | |
19 | // This also takes care of the relayout. |
20 | |
21 | === removed file '.pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog' |
22 | --- .pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog 2013-05-20 12:00:17 +0000 |
23 | +++ .pc/LLIntCLoop32BigEndian.patch/Source/JavaScriptCore/ChangeLog 1970-01-01 00:00:00 +0000 |
24 | @@ -1,9047 +0,0 @@ |
25 | -2012-12-17 Jonathan Liu <net147@gmail.com> |
26 | - |
27 | - Fix Math.pow implementation with MinGW-w64 |
28 | - https://bugs.webkit.org/show_bug.cgi?id=105087 |
29 | - |
30 | - Reviewed by Simon Hausmann. |
31 | - |
32 | - The MinGW-w64 runtime has different behaviour for pow() |
33 | - compared to other C runtimes. This results in the following |
34 | - test262 tests failing with the latest MinGW-w64 runtime: |
35 | - - S15.8.2.13_A14 |
36 | - - S15.8.2.13_A16 |
37 | - - S15.8.2.13_A20 |
38 | - - S15.8.2.13_A22 |
39 | - |
40 | - Handle the special cases that are different with MinGW-w64. |
41 | - |
42 | - * runtime/MathObject.cpp: |
43 | - (JSC::mathPow): |
44 | - |
45 | -2012-12-07 Jonathan Liu <net147@gmail.com> |
46 | - |
47 | - Add missing forward declaration for JSC::ArrayAllocationProfile |
48 | - https://bugs.webkit.org/show_bug.cgi?id=104425 |
49 | - |
50 | - Reviewed by Kentaro Hara. |
51 | - |
52 | - The header for the JSC::ArrayConstructor class is missing a forward |
53 | - declaration for the JSC::ArrayAllocationProfile class which causes |
54 | - compilation to fail when compiling with MinGW-w64. |
55 | - |
56 | - * runtime/ArrayConstructor.h: |
57 | - (JSC): |
58 | - |
59 | -2012-12-07 Jonathan Liu <net147@gmail.com> |
60 | - |
61 | - Add missing const qualifier to JSC::CodeBlock::getJITType() |
62 | - https://bugs.webkit.org/show_bug.cgi?id=104424 |
63 | - |
64 | - Reviewed by Laszlo Gombos. |
65 | - |
66 | - JSC::CodeBlock::getJITType() has the const qualifier when JIT is |
67 | - enabled but is missing the const qualifier when JIT is disabled. |
68 | - |
69 | - * bytecode/CodeBlock.h: |
70 | - (JSC::CodeBlock::getJITType): |
71 | - |
72 | -2012-11-30 Pierre Rossi <pierre.rossi@gmail.com> |
73 | - |
74 | - [Qt] Unreviewed speculative Mac build fix after r136232 |
75 | - |
76 | - Update the include path so that LLIntAssembly.h is picked up. |
77 | - The bot didn't break until later when a clean build was triggered. |
78 | - |
79 | - * JavaScriptCore.pri: |
80 | - |
81 | -2012-11-30 Allan Sandfeld Jensen <allan.jensen@digia.com> |
82 | - |
83 | - Crash in conversion of empty OpaqueJSString to Identifier |
84 | - https://bugs.webkit.org/show_bug.cgi?id=101867 |
85 | - |
86 | - Reviewed by NOBODY (OOPS!). |
87 | - |
88 | - The constructor call used for both null and empty OpaqueJSStrings results |
89 | - in an assertion voilation and crash. This patch instead uses the Identifier |
90 | - constructors which are specifically for null and empty Identifier. |
91 | - |
92 | - * API/OpaqueJSString.cpp: |
93 | - (OpaqueJSString::identifier): |
94 | - |
95 | -2012-11-30 Tor Arne Vestbø <tor.arne.vestbo@digia.com> |
96 | - |
97 | - [Qt] Place the LLIntOffsetsExtractor binaries in debug/release subdirs on Mac |
98 | - |
99 | - Otherwise we'll end up using the same LLIntAssembly.h for both build |
100 | - configs of JavaScriptCore -- one of them which will be for the wrong |
101 | - config. |
102 | - |
103 | - Reviewed by Simon Hausmann. |
104 | - |
105 | - * LLIntOffsetsExtractor.pro: |
106 | - |
107 | -2012-11-30 Julien BRIANCEAU <jbrianceau@nds.com> |
108 | - |
109 | - [sh4] Fix compilation warnings in JavaScriptCore JIT for sh4 arch |
110 | - https://bugs.webkit.org/show_bug.cgi?id=103378 |
111 | - |
112 | - Reviewed by Filip Pizlo. |
113 | - |
114 | - * assembler/MacroAssemblerSH4.h: |
115 | - (JSC::MacroAssemblerSH4::branchTest32): |
116 | - (JSC::MacroAssemblerSH4::branchAdd32): |
117 | - (JSC::MacroAssemblerSH4::branchMul32): |
118 | - (JSC::MacroAssemblerSH4::branchSub32): |
119 | - (JSC::MacroAssemblerSH4::branchOr32): |
120 | - |
121 | -2012-11-29 Rafael Weinstein <rafaelw@chromium.org> |
122 | - |
123 | - [HTMLTemplateElement] Add feature flag |
124 | - https://bugs.webkit.org/show_bug.cgi?id=103694 |
125 | - |
126 | - Reviewed by Adam Barth. |
127 | - |
128 | - This flag will guard the implementation of the HTMLTemplateElement. |
129 | - http://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html |
130 | - |
131 | - * Configurations/FeatureDefines.xcconfig: |
132 | - |
133 | -2012-11-29 Filip Pizlo <fpizlo@apple.com> |
134 | - |
135 | - It should be easy to find code blocks in debug dumps |
136 | - https://bugs.webkit.org/show_bug.cgi?id=103623 |
137 | - |
138 | - Reviewed by Goeffrey Garen. |
139 | - |
140 | - This gives CodeBlock a relatively strong, but also relatively compact, hash. We compute |
141 | - it lazily so that it only impacts run-time when debug support is enabled. We stringify |
142 | - it smartly so that it's short and easy to type. We base it on the source code so that |
143 | - the optimization level is irrelevant. And, we use SHA1 since it's already in our code |
144 | - base. Now, when a piece of code wants to print some debugging to say that it's operating |
145 | - on some code block, it can use this CodeBlockHash instead of memory addresses. |
146 | - |
147 | - This also takes CodeBlock debugging into the new world of print() and dataLog(). In |
148 | - particular, CodeBlock::dump() corresponds to the thing you want printed if you do: |
149 | - |
150 | - dataLog("I heart ", *myCodeBlock); |
151 | - |
152 | - Probably, you want to just print some identifying information at this point rather than |
153 | - the full bytecode dump. So, the existing CodeBlock::dump() has been renamed to |
154 | - CodeBlock::dumpBytecode(), and CodeBlock::dump() now prints the CodeBlockHash plus just |
155 | - a few little tidbits. |
156 | - |
157 | - Here's an example of CodeBlock::dump() output: |
158 | - |
159 | - EkILzr:[0x103883a00, BaselineFunctionCall] |
160 | - |
161 | - EkILzr is the CodeBlockHash. 0x103883a00 is the CodeBlock's address in memory. The other |
162 | - part is self-explanatory. |
163 | - |
164 | - Finally, this new notion of CodeBlockHash is available for other purposes like bisecting |
165 | - breakage. As such CodeBlockHash has all of the comparison operator overloads. When |
166 | - bisecting in DFGDriver.cpp, you can now say things like: |
167 | - |
168 | - if (codeBlock->hash() < CodeBlockHash("CAAAAA")) |
169 | - return false; |
170 | - |
171 | - And yes, CAAAAA is near the median hash, and the largest one is smaller than E99999. Such |
172 | - is life when you use base 62 to encode a 32-bit number. |
173 | - |
174 | - * CMakeLists.txt: |
175 | - * GNUmakefile.list.am: |
176 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
177 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
178 | - * Target.pri: |
179 | - * bytecode/CallLinkInfo.h: |
180 | - (CallLinkInfo): |
181 | - (JSC::CallLinkInfo::specializationKind): |
182 | - * bytecode/CodeBlock.cpp: |
183 | - (JSC::CodeBlock::hash): |
184 | - (JSC): |
185 | - (JSC::CodeBlock::dumpAssumingJITType): |
186 | - (JSC::CodeBlock::dump): |
187 | - (JSC::CodeBlock::dumpBytecode): |
188 | - (JSC::CodeBlock::CodeBlock): |
189 | - (JSC::CodeBlock::finalizeUnconditionally): |
190 | - (JSC::CodeBlock::resetStubInternal): |
191 | - (JSC::CodeBlock::reoptimize): |
192 | - (JSC::ProgramCodeBlock::jettison): |
193 | - (JSC::EvalCodeBlock::jettison): |
194 | - (JSC::FunctionCodeBlock::jettison): |
195 | - (JSC::CodeBlock::shouldOptimizeNow): |
196 | - (JSC::CodeBlock::tallyFrequentExitSites): |
197 | - (JSC::CodeBlock::dumpValueProfiles): |
198 | - * bytecode/CodeBlock.h: |
199 | - (JSC::CodeBlock::specializationKind): |
200 | - (CodeBlock): |
201 | - (JSC::CodeBlock::getJITType): |
202 | - * bytecode/CodeBlockHash.cpp: Added. |
203 | - (JSC): |
204 | - (JSC::CodeBlockHash::CodeBlockHash): |
205 | - (JSC::CodeBlockHash::dump): |
206 | - * bytecode/CodeBlockHash.h: Added. |
207 | - (JSC): |
208 | - (CodeBlockHash): |
209 | - (JSC::CodeBlockHash::CodeBlockHash): |
210 | - (JSC::CodeBlockHash::hash): |
211 | - (JSC::CodeBlockHash::operator==): |
212 | - (JSC::CodeBlockHash::operator!=): |
213 | - (JSC::CodeBlockHash::operator<): |
214 | - (JSC::CodeBlockHash::operator>): |
215 | - (JSC::CodeBlockHash::operator<=): |
216 | - (JSC::CodeBlockHash::operator>=): |
217 | - * bytecode/CodeBlockWithJITType.h: Added. |
218 | - (JSC): |
219 | - (CodeBlockWithJITType): |
220 | - (JSC::CodeBlockWithJITType::CodeBlockWithJITType): |
221 | - (JSC::CodeBlockWithJITType::dump): |
222 | - * bytecode/CodeOrigin.cpp: Added. |
223 | - (JSC): |
224 | - (JSC::CodeOrigin::inlineDepthForCallFrame): |
225 | - (JSC::CodeOrigin::inlineDepth): |
226 | - (JSC::CodeOrigin::inlineStack): |
227 | - (JSC::InlineCallFrame::hash): |
228 | - * bytecode/CodeOrigin.h: |
229 | - (InlineCallFrame): |
230 | - (JSC::InlineCallFrame::specializationKind): |
231 | - (JSC): |
232 | - * bytecode/CodeType.cpp: Added. |
233 | - (WTF): |
234 | - (WTF::printInternal): |
235 | - * bytecode/CodeType.h: |
236 | - (WTF): |
237 | - * bytecode/ExecutionCounter.cpp: |
238 | - (JSC::ExecutionCounter::dump): |
239 | - * bytecode/ExecutionCounter.h: |
240 | - (ExecutionCounter): |
241 | - * dfg/DFGByteCodeParser.cpp: |
242 | - (JSC::DFG::ByteCodeParser::parseCodeBlock): |
243 | - * dfg/DFGDisassembler.cpp: |
244 | - (JSC::DFG::Disassembler::dump): |
245 | - * dfg/DFGGraph.cpp: |
246 | - (JSC::DFG::Graph::dumpCodeOrigin): |
247 | - * dfg/DFGOSRExitCompiler.cpp: |
248 | - * dfg/DFGOperations.cpp: |
249 | - * dfg/DFGRepatch.cpp: |
250 | - (JSC::DFG::generateProtoChainAccessStub): |
251 | - (JSC::DFG::tryCacheGetByID): |
252 | - (JSC::DFG::tryBuildGetByIDList): |
253 | - (JSC::DFG::emitPutReplaceStub): |
254 | - (JSC::DFG::emitPutTransitionStub): |
255 | - (JSC::DFG::dfgLinkClosureCall): |
256 | - * interpreter/Interpreter.cpp: |
257 | - (JSC::Interpreter::dumpCallFrame): |
258 | - * jit/JITCode.cpp: Added. |
259 | - (WTF): |
260 | - (WTF::printInternal): |
261 | - * jit/JITCode.h: |
262 | - (JSC::JITCode::jitType): |
263 | - (WTF): |
264 | - * jit/JITDisassembler.cpp: |
265 | - (JSC::JITDisassembler::dump): |
266 | - (JSC::JITDisassembler::dumpForInstructions): |
267 | - * jit/JITPropertyAccess.cpp: |
268 | - (JSC::JIT::privateCompilePutByIdTransition): |
269 | - (JSC::JIT::privateCompilePatchGetArrayLength): |
270 | - (JSC::JIT::privateCompileGetByIdProto): |
271 | - (JSC::JIT::privateCompileGetByIdSelfList): |
272 | - (JSC::JIT::privateCompileGetByIdProtoList): |
273 | - (JSC::JIT::privateCompileGetByIdChainList): |
274 | - (JSC::JIT::privateCompileGetByIdChain): |
275 | - (JSC::JIT::privateCompileGetByVal): |
276 | - (JSC::JIT::privateCompilePutByVal): |
277 | - * jit/JITPropertyAccess32_64.cpp: |
278 | - (JSC::JIT::privateCompilePutByIdTransition): |
279 | - (JSC::JIT::privateCompilePatchGetArrayLength): |
280 | - (JSC::JIT::privateCompileGetByIdProto): |
281 | - (JSC::JIT::privateCompileGetByIdSelfList): |
282 | - (JSC::JIT::privateCompileGetByIdProtoList): |
283 | - (JSC::JIT::privateCompileGetByIdChainList): |
284 | - (JSC::JIT::privateCompileGetByIdChain): |
285 | - * jit/JITStubs.cpp: |
286 | - (JSC::DEFINE_STUB_FUNCTION): |
287 | - * runtime/CodeSpecializationKind.cpp: Added. |
288 | - (WTF): |
289 | - (WTF::printInternal): |
290 | - * runtime/CodeSpecializationKind.h: |
291 | - (JSC::specializationFromIsCall): |
292 | - (JSC): |
293 | - (JSC::specializationFromIsConstruct): |
294 | - (WTF): |
295 | - * runtime/Executable.cpp: |
296 | - (JSC::ExecutableBase::hashFor): |
297 | - (JSC): |
298 | - (JSC::NativeExecutable::hashFor): |
299 | - (JSC::ScriptExecutable::hashFor): |
300 | - * runtime/Executable.h: |
301 | - (ExecutableBase): |
302 | - (NativeExecutable): |
303 | - (ScriptExecutable): |
304 | - (JSC::ScriptExecutable::source): |
305 | - |
306 | -2012-11-29 Michael Saboff <msaboff@apple.com> |
307 | - |
308 | - Speculative Windows build fix after r136086. |
309 | - |
310 | - Unreviewed build fix. |
311 | - |
312 | - Suspect that ?setDumpsGeneratedCode@BytecodeGenerator@JSC@@SAX_N@Z needs to be removed from Windows |
313 | - export list since the symbol was removed in r136086. |
314 | - |
315 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: |
316 | - |
317 | -2012-11-28 Filip Pizlo <fpizlo@apple.com> |
318 | - |
319 | - SpeculatedType dumping should not use the static char buffer[thingy] idiom |
320 | - https://bugs.webkit.org/show_bug.cgi?id=103584 |
321 | - |
322 | - Reviewed by Michael Saboff. |
323 | - |
324 | - Changed SpeculatedType to be "dumpable" by saying things like: |
325 | - |
326 | - dataLog("thingy = ", SpeculationDump(thingy)) |
327 | - |
328 | - Removed the old stringification functions, and changed all code that referred to them |
329 | - to use the new dataLog()/print() style. |
330 | - |
331 | - * CMakeLists.txt: |
332 | - * GNUmakefile.list.am: |
333 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
334 | - * Target.pri: |
335 | - * bytecode/SpeculatedType.cpp: |
336 | - (JSC::dumpSpeculation): |
337 | - (JSC::speculationToAbbreviatedString): |
338 | - (JSC::dumpSpeculationAbbreviated): |
339 | - * bytecode/SpeculatedType.h: |
340 | - * bytecode/ValueProfile.h: |
341 | - (JSC::ValueProfileBase::dump): |
342 | - * bytecode/VirtualRegister.h: |
343 | - (WTF::printInternal): |
344 | - * dfg/DFGAbstractValue.h: |
345 | - (JSC::DFG::AbstractValue::dump): |
346 | - * dfg/DFGByteCodeParser.cpp: |
347 | - (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation): |
348 | - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): |
349 | - * dfg/DFGGraph.cpp: |
350 | - (JSC::DFG::Graph::dump): |
351 | - (JSC::DFG::Graph::predictArgumentTypes): |
352 | - * dfg/DFGGraph.h: |
353 | - (Graph): |
354 | - * dfg/DFGStructureAbstractValue.h: |
355 | - * dfg/DFGVariableAccessDataDump.cpp: Added. |
356 | - (JSC::DFG::VariableAccessDataDump::VariableAccessDataDump): |
357 | - (JSC::DFG::VariableAccessDataDump::dump): |
358 | - * dfg/DFGVariableAccessDataDump.h: Added. |
359 | - (VariableAccessDataDump): |
360 | - |
361 | -2012-11-28 Michael Saboff <msaboff@apple.com> |
362 | - |
363 | - Change Bytecompiler s_dumpsGeneratedCode to an Options value |
364 | - https://bugs.webkit.org/show_bug.cgi?id=103588 |
365 | - |
366 | - Reviewed by Filip Pizlo. |
367 | - |
368 | - Moved the control of dumping bytecodes to Options::dumpGeneratedBytecodes. |
369 | - |
370 | - * bytecode/CodeBlock.cpp: |
371 | - (JSC::CodeBlock::CodeBlock): |
372 | - * bytecompiler/BytecodeGenerator.cpp: |
373 | - * bytecompiler/BytecodeGenerator.h: |
374 | - * jsc.cpp: |
375 | - (runWithScripts): |
376 | - * runtime/Options.h: |
377 | - |
378 | -2012-11-28 Mark Hahnenberg <mhahnenberg@apple.com> |
379 | - |
380 | - Copying phase should use work lists |
381 | - https://bugs.webkit.org/show_bug.cgi?id=101390 |
382 | - |
383 | - Reviewed by Filip Pizlo. |
384 | - |
385 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
386 | - * heap/BlockAllocator.cpp: |
387 | - (JSC::BlockAllocator::BlockAllocator): |
388 | - * heap/BlockAllocator.h: New RegionSet for CopyWorkListSegments. |
389 | - (BlockAllocator): |
390 | - (JSC::CopyWorkListSegment): |
391 | - * heap/CopiedBlock.h: Added a per-block CopyWorkList to keep track of the JSCells that need to be revisited during the copying |
392 | - phase to copy their backing stores. |
393 | - (CopiedBlock): |
394 | - (JSC::CopiedBlock::CopiedBlock): |
395 | - (JSC::CopiedBlock::didSurviveGC): |
396 | - (JSC::CopiedBlock::didEvacuateBytes): There is now a one-to-one relationship between GCThreads and the CopiedBlocks they're |
397 | - responsible for evacuating, we no longer need any of that fancy compare and swap stuff. |
398 | - (JSC::CopiedBlock::pin): |
399 | - (JSC::CopiedBlock::hasWorkList): |
400 | - (JSC::CopiedBlock::workList): |
401 | - * heap/CopiedBlockInlines.h: Added. |
402 | - (JSC::CopiedBlock::reportLiveBytes): Since we now have to grab a SpinLock to perform operations on the CopyWorkList during marking, |
403 | - we don't need to do any of that fancy compare and swap stuff we were doing for tracking live bytes. |
404 | - * heap/CopiedSpace.h: |
405 | - (CopiedSpace): |
406 | - * heap/CopiedSpaceInlines.h: |
407 | - (JSC::CopiedSpace::pin): |
408 | - * heap/CopyVisitor.cpp: |
409 | - (JSC::CopyVisitor::copyFromShared): We now iterate over a range of CopiedBlocks rather than MarkedBlocks and revisit the cells in those |
410 | - blocks' CopyWorkLists. |
411 | - * heap/CopyVisitor.h: |
412 | - (CopyVisitor): |
413 | - * heap/CopyVisitorInlines.h: |
414 | - (JSC::CopyVisitor::visitCell): The function responsible for calling the correct copyBackingStore() function for each JSCell from |
415 | - a CopiedBlock's CopyWorkList. |
416 | - (JSC::CopyVisitor::didCopy): We no longer need to check if the block is empty here because we know exactly when we're done |
417 | - evacuating a CopiedBlock, which is when we've gone through all of the CopiedBlock's CopyWorkList. |
418 | - * heap/CopyWorkList.h: Added. |
419 | - (CopyWorkListSegment): Individual chunk of a CopyWorkList that is allocated from the BlockAllocator. |
420 | - (JSC::CopyWorkListSegment::create): |
421 | - (JSC::CopyWorkListSegment::size): |
422 | - (JSC::CopyWorkListSegment::isFull): |
423 | - (JSC::CopyWorkListSegment::get): |
424 | - (JSC::CopyWorkListSegment::append): |
425 | - (JSC::CopyWorkListSegment::CopyWorkListSegment): |
426 | - (JSC::CopyWorkListSegment::data): |
427 | - (JSC::CopyWorkListSegment::endOfBlock): |
428 | - (CopyWorkListIterator): Responsible for giving CopyVisitors a contiguous notion of access across the separate CopyWorkListSegments |
429 | - that make up each CopyWorkList. |
430 | - (JSC::CopyWorkListIterator::get): |
431 | - (JSC::CopyWorkListIterator::operator*): |
432 | - (JSC::CopyWorkListIterator::operator->): |
433 | - (JSC::CopyWorkListIterator::operator++): |
434 | - (JSC::CopyWorkListIterator::operator==): |
435 | - (JSC::CopyWorkListIterator::operator!=): |
436 | - (JSC::CopyWorkListIterator::CopyWorkListIterator): |
437 | - (CopyWorkList): Data structure that keeps track of the JSCells that need copying in a particular CopiedBlock. |
438 | - (JSC::CopyWorkList::CopyWorkList): |
439 | - (JSC::CopyWorkList::~CopyWorkList): |
440 | - (JSC::CopyWorkList::append): |
441 | - (JSC::CopyWorkList::begin): |
442 | - (JSC::CopyWorkList::end): |
443 | - * heap/GCThreadSharedData.cpp: |
444 | - (JSC::GCThreadSharedData::GCThreadSharedData): We no longer use the m_blockSnapshot from the Heap during the copying phase. |
445 | - (JSC::GCThreadSharedData::didStartCopying): We now copy the set of all blocks in the CopiedSpace to a separate vector for |
446 | - iterating over during the copying phase since the set stored in the CopiedSpace will change as blocks are evacuated and |
447 | - recycled throughout the copying phase. |
448 | - * heap/GCThreadSharedData.h: |
449 | - (GCThreadSharedData): |
450 | - * heap/Heap.h: |
451 | - (Heap): |
452 | - * heap/SlotVisitor.h: We now need to know the object who is being marked that has a backing store so that we can store it |
453 | - in a CopyWorkList to revisit later during the copying phase. |
454 | - * heap/SlotVisitorInlines.h: |
455 | - (JSC::SlotVisitor::copyLater): |
456 | - * runtime/JSObject.cpp: |
457 | - (JSC::JSObject::visitButterfly): |
458 | - |
459 | -2012-11-28 Filip Pizlo <fpizlo@apple.com> |
460 | - |
461 | - Disassembly methods should be able to disassemble to any PrintStream& rather than always using WTF::dataFile() |
462 | - https://bugs.webkit.org/show_bug.cgi?id=103492 |
463 | - |
464 | - Reviewed by Mark Hahnenberg. |
465 | - |
466 | - Switched disassembly code to use PrintStream&, and to use print() rather than printf(). |
467 | - |
468 | - * dfg/DFGDisassembler.cpp: |
469 | - (JSC::DFG::Disassembler::dump): |
470 | - (DFG): |
471 | - (JSC::DFG::Disassembler::dumpDisassembly): |
472 | - * dfg/DFGDisassembler.h: |
473 | - (Disassembler): |
474 | - * dfg/DFGGraph.cpp: |
475 | - (JSC::DFG::printWhiteSpace): |
476 | - (JSC::DFG::Graph::dumpCodeOrigin): |
477 | - (JSC::DFG::Graph::printNodeWhiteSpace): |
478 | - (JSC::DFG::Graph::dump): |
479 | - (DFG): |
480 | - (JSC::DFG::Graph::dumpBlockHeader): |
481 | - * dfg/DFGGraph.h: |
482 | - (Graph): |
483 | - * jit/JITDisassembler.cpp: |
484 | - (JSC::JITDisassembler::dump): |
485 | - (JSC::JITDisassembler::dumpForInstructions): |
486 | - (JSC::JITDisassembler::dumpDisassembly): |
487 | - * jit/JITDisassembler.h: |
488 | - (JITDisassembler): |
489 | - |
490 | -2012-11-28 Filip Pizlo <fpizlo@apple.com> |
491 | - |
492 | - It should be possible to say dataLog("count = ", count, "\n") instead of dataLogF("count = %d\n", count) |
493 | - https://bugs.webkit.org/show_bug.cgi?id=103009 |
494 | - |
495 | - Reviewed by Michael Saboff. |
496 | - |
497 | - Instead of converting all of JSC to use the new dataLog()/print() methods, I just changed |
498 | - one place: dumping of abstract values. This is mainly just to ensure that the code I |
499 | - added to WTF is actually doing things. |
500 | - |
501 | - * bytecode/CodeBlock.cpp: |
502 | - (JSC::CodeBlock::dump): |
503 | - * dfg/DFGAbstractValue.h: |
504 | - (JSC::DFG::AbstractValue::dump): |
505 | - (WTF): |
506 | - (WTF::printInternal): |
507 | - * dfg/DFGStructureAbstractValue.h: |
508 | - (JSC::DFG::StructureAbstractValue::dump): |
509 | - (WTF): |
510 | - (WTF::printInternal): |
511 | - |
512 | -2012-11-28 Oliver Hunt <oliver@apple.com> |
513 | - |
514 | - Make source cache include more information about the function extent. |
515 | - https://bugs.webkit.org/show_bug.cgi?id=103552 |
516 | - |
517 | - Reviewed by Gavin Barraclough. |
518 | - |
519 | - Add a bit more information to the source cache. |
520 | - |
521 | - * parser/Parser.cpp: |
522 | - (JSC::::parseFunctionInfo): |
523 | - Store the function start offset |
524 | - * parser/SourceProviderCacheItem.h: |
525 | - (JSC::SourceProviderCacheItem::SourceProviderCacheItem): |
526 | - (SourceProviderCacheItem): |
527 | - Add additional field for the start of the real function string, and re-arrange |
528 | - fields to avoid growing the struct. |
529 | - |
530 | -2012-11-27 Filip Pizlo <fpizlo@apple.com> |
531 | - |
532 | - Convert some remaining uses of FILE* to PrintStream&. |
533 | - |
534 | - Rubber stamped by Mark Hahnenberg. |
535 | - |
536 | - * bytecode/ValueProfile.h: |
537 | - (JSC::ValueProfileBase::dump): |
538 | - * bytecode/ValueRecovery.h: |
539 | - (JSC::ValueRecovery::dump): |
540 | - * dfg/DFGByteCodeParser.cpp: |
541 | - (JSC::DFG::ByteCodeParser::parseCodeBlock): |
542 | - * dfg/DFGNode.h: |
543 | - (JSC::DFG::Node::dumpChildren): |
544 | - |
545 | -2012-11-27 Filip Pizlo <fpizlo@apple.com> |
546 | - |
547 | - Fix indentation in JSValue.h |
548 | - |
549 | - Rubber stamped by Mark Hahnenberg. |
550 | - |
551 | - * runtime/JSValue.h: |
552 | - |
553 | -2012-11-26 Filip Pizlo <fpizlo@apple.com> |
554 | - |
555 | - DFG SetLocal should use forwardSpeculationCheck instead of its own half-baked version of same |
556 | - https://bugs.webkit.org/show_bug.cgi?id=103353 |
557 | - |
558 | - Reviewed by Oliver Hunt and Gavin Barraclough. |
559 | - |
560 | - Made it possible to use forward speculations for most of the operand classes. Changed the conditional |
561 | - direction parameter from being 'bool isForward' to an enum (SpeculationDirection). Changed SetLocal |
562 | - to use forward speculations and got rid of its half-baked version of same. |
563 | - |
564 | - Also added the ability to force the DFG's disassembler to dump all nodes, even ones that are dead. |
565 | - |
566 | - * dfg/DFGByteCodeParser.cpp: |
567 | - (JSC::DFG::ByteCodeParser::parseBlock): |
568 | - * dfg/DFGDisassembler.cpp: |
569 | - (JSC::DFG::Disassembler::dump): |
570 | - * dfg/DFGDriver.cpp: |
571 | - (JSC::DFG::compile): |
572 | - * dfg/DFGSpeculativeJIT.cpp: |
573 | - (JSC::DFG::SpeculativeJIT::speculationCheck): |
574 | - (DFG): |
575 | - (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward): |
576 | - (JSC::DFG::SpeculativeJIT::speculationWatchpoint): |
577 | - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): |
578 | - (JSC::DFG::SpeculativeJIT::fillStorage): |
579 | - * dfg/DFGSpeculativeJIT.h: |
580 | - (SpeculativeJIT): |
581 | - (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): |
582 | - (JSC::DFG::SpeculateIntegerOperand::gpr): |
583 | - (SpeculateIntegerOperand): |
584 | - (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): |
585 | - (JSC::DFG::SpeculateDoubleOperand::fpr): |
586 | - (SpeculateDoubleOperand): |
587 | - (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): |
588 | - (JSC::DFG::SpeculateCellOperand::gpr): |
589 | - (SpeculateCellOperand): |
590 | - (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): |
591 | - (JSC::DFG::SpeculateBooleanOperand::gpr): |
592 | - (SpeculateBooleanOperand): |
593 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
594 | - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): |
595 | - (JSC::DFG::SpeculativeJIT::fillSpeculateInt): |
596 | - (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict): |
597 | - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): |
598 | - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): |
599 | - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): |
600 | - (JSC::DFG::SpeculativeJIT::compile): |
601 | - * dfg/DFGSpeculativeJIT64.cpp: |
602 | - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): |
603 | - (JSC::DFG::SpeculativeJIT::fillSpeculateInt): |
604 | - (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict): |
605 | - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): |
606 | - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): |
607 | - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): |
608 | - (JSC::DFG::SpeculativeJIT::compile): |
609 | - * runtime/Options.h: |
610 | - (JSC): |
611 | - |
612 | -2012-11-26 Daniel Bates <dbates@webkit.org> |
613 | - |
614 | - Substitute "allSeparators8Bit" for "allSeperators8Bit" in JSC::jsSpliceSubstringsWithSeparators() |
615 | - <https://bugs.webkit.org/show_bug.cgi?id=103303> |
616 | - |
617 | - Reviewed by Simon Fraser. |
618 | - |
619 | - Fix misspelled word, "Seperators" [sic], in a local variable name in JSC::jsSpliceSubstringsWithSeparators(). |
620 | - |
621 | - * runtime/StringPrototype.cpp: |
622 | - (JSC::jsSpliceSubstringsWithSeparators): |
623 | - |
624 | -2012-11-26 Daniel Bates <dbates@webkit.org> |
625 | - |
626 | - JavaScript fails to handle String.replace() with large replacement string |
627 | - https://bugs.webkit.org/show_bug.cgi?id=102956 |
628 | - <rdar://problem/12738012> |
629 | - |
630 | - Reviewed by Oliver Hunt. |
631 | - |
632 | - Fix an issue where we didn't check for overflow when computing the length |
633 | - of the result of String.replace() with a large replacement string. |
634 | - |
635 | - * runtime/StringPrototype.cpp: |
636 | - (JSC::jsSpliceSubstringsWithSeparators): |
637 | - |
638 | -2012-11-26 Zeno Albisser <zeno@webkit.org> |
639 | - |
640 | - [Qt] Fix the LLInt build on Mac |
641 | - https://bugs.webkit.org/show_bug.cgi?id=97587 |
642 | - |
643 | - Reviewed by Simon Hausmann. |
644 | - |
645 | - * DerivedSources.pri: |
646 | - * JavaScriptCore.pro: |
647 | - |
648 | -2012-11-26 Oliver Hunt <oliver@apple.com> |
649 | - |
650 | - 32-bit build fix. Move the method decalration outside of the X86_64 only section. |
651 | - |
652 | - * assembler/MacroAssembler.h: |
653 | - (MacroAssembler): |
654 | - (JSC::MacroAssembler::shouldConsiderBlinding): |
655 | - |
656 | -2012-11-26 Oliver Hunt <oliver@apple.com> |
657 | - |
658 | - Don't blind all the things. |
659 | - https://bugs.webkit.org/show_bug.cgi?id=102572 |
660 | - |
661 | - Reviewed by Gavin Barraclough. |
662 | - |
663 | - No longer blind all the constants in the instruction stream. We use a |
664 | - simple non-deterministic filter to avoid blinding everything. Also modified |
665 | - the basic integer blinding logic to avoid blinding small negative values. |
666 | - |
667 | - * assembler/MacroAssembler.h: |
668 | - (MacroAssembler): |
669 | - (JSC::MacroAssembler::shouldConsiderBlinding): |
670 | - (JSC::MacroAssembler::shouldBlind): |
671 | - |
672 | -2012-11-26 Mark Hahnenberg <mhahnenberg@apple.com> |
673 | - |
674 | - JSObject::copyButterfly doesn't handle undecided indexing types correctly |
675 | - https://bugs.webkit.org/show_bug.cgi?id=102573 |
676 | - |
677 | - Reviewed by Filip Pizlo. |
678 | - |
679 | - We don't do any copying into the newly allocated vector and we don't zero-initialize CopiedBlocks |
680 | - during the copying phase, so we end up with uninitialized memory in arrays which have undecided indexing |
681 | - types. We should just do the actual memcpy from the old block to the new one. |
682 | - |
683 | - * runtime/JSObject.cpp: |
684 | - (JSC::JSObject::copyButterfly): Just do the same thing that we do for other contiguous indexing types. |
685 | - |
686 | -2012-11-26 Julien BRIANCEAU <jbrianceau@nds.com> |
687 | - |
688 | - [sh4] JavaScriptCore JIT build is broken since r135330 |
689 | - Add missing implementation for sh4 arch. |
690 | - https://bugs.webkit.org/show_bug.cgi?id=103145 |
691 | - |
692 | - Reviewed by Oliver Hunt. |
693 | - |
694 | - * assembler/MacroAssemblerSH4.h: |
695 | - (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranchPtrWithPatch): |
696 | - (MacroAssemblerSH4): |
697 | - (JSC::MacroAssemblerSH4::startOfBranchPtrWithPatchOnRegister): |
698 | - (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): |
699 | - (JSC::MacroAssemblerSH4::startOfPatchableBranchPtrWithPatchOnAddress): |
700 | - (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranchPtrWithPatch): |
701 | - * assembler/SH4Assembler.h: |
702 | - (JSC::SH4Assembler::revertJump): |
703 | - (SH4Assembler): |
704 | - (JSC::SH4Assembler::printInstr): |
705 | - |
706 | -2012-11-26 Yuqiang Xian <yuqiang.xian@intel.com> |
707 | - |
708 | - Use load64 instead of loadPtr to load a JSValue on JSVALUE64 platforms |
709 | - https://bugs.webkit.org/show_bug.cgi?id=100909 |
710 | - |
711 | - Reviewed by Brent Fulgham. |
712 | - |
713 | - This is a (trivial) fix after r132701. |
714 | - |
715 | - * dfg/DFGOSRExitCompiler64.cpp: |
716 | - (JSC::DFG::OSRExitCompiler::compileExit): |
717 | - |
718 | -2012-11-26 Gabor Ballabas <gaborb@inf.u-szeged.hu> |
719 | - |
720 | - [Qt][ARM] REGRESSION(r130826): It made 33 JSC test and 466 layout tests crash |
721 | - https://bugs.webkit.org/show_bug.cgi?id=98857 |
722 | - |
723 | - Reviewed by Zoltan Herczeg. |
724 | - |
725 | - Implement a new version of patchableBranch32 to fix crashing JSC |
726 | - tests. |
727 | - |
728 | - * assembler/MacroAssembler.h: |
729 | - (MacroAssembler): |
730 | - * assembler/MacroAssemblerARM.h: |
731 | - (JSC::MacroAssemblerARM::patchableBranch32): |
732 | - (MacroAssemblerARM): |
733 | - |
734 | -2012-11-21 Filip Pizlo <fpizlo@apple.com> |
735 | - |
736 | - Any function that can log things should be able to easily log them to a memory buffer as well |
737 | - https://bugs.webkit.org/show_bug.cgi?id=103000 |
738 | - |
739 | - Reviewed by Sam Weinig. |
740 | - |
741 | - Change all users of WTF::dataFile() to expect a PrintStream& rather than a FILE*. |
742 | - |
743 | - * bytecode/Operands.h: |
744 | - (JSC::OperandValueTraits::dump): |
745 | - (JSC::dumpOperands): |
746 | - (JSC): |
747 | - * dfg/DFGAbstractState.cpp: |
748 | - (JSC::DFG::AbstractState::dump): |
749 | - * dfg/DFGAbstractState.h: |
750 | - (AbstractState): |
751 | - * dfg/DFGAbstractValue.h: |
752 | - (JSC::DFG::AbstractValue::dump): |
753 | - * dfg/DFGCommon.h: |
754 | - (JSC::DFG::NodeIndexTraits::dump): |
755 | - * dfg/DFGStructureAbstractValue.h: |
756 | - (JSC::DFG::StructureAbstractValue::dump): |
757 | - * dfg/DFGVariableEvent.cpp: |
758 | - (JSC::DFG::VariableEvent::dump): |
759 | - (JSC::DFG::VariableEvent::dumpFillInfo): |
760 | - (JSC::DFG::VariableEvent::dumpSpillInfo): |
761 | - * dfg/DFGVariableEvent.h: |
762 | - (VariableEvent): |
763 | - * disassembler/Disassembler.h: |
764 | - (JSC): |
765 | - (JSC::tryToDisassemble): |
766 | - * disassembler/UDis86Disassembler.cpp: |
767 | - (JSC::tryToDisassemble): |
768 | - |
769 | -2012-11-23 Alexis Menard <alexis@webkit.org> |
770 | - |
771 | - [CSS3 Backgrounds and Borders] Implement new CSS3 background-position parsing. |
772 | - https://bugs.webkit.org/show_bug.cgi?id=102104 |
773 | - |
774 | - Reviewed by Julien Chaffraix. |
775 | - |
776 | - Protect the new feature behind a feature flag. |
777 | - |
778 | - * Configurations/FeatureDefines.xcconfig: |
779 | - |
780 | -2012-11-23 Gabor Ballabas <gaborb@inf.u-szeged.hu> |
781 | - |
782 | - Fix the ARM traditional build after r135330 |
783 | - https://bugs.webkit.org/show_bug.cgi?id=102871 |
784 | - |
785 | - Reviewed by Zoltan Herczeg. |
786 | - |
787 | - Added missing functionality to traditional ARM architecture. |
788 | - |
789 | - * assembler/ARMAssembler.h: |
790 | - (JSC::ARMAssembler::revertJump): |
791 | - (ARMAssembler): |
792 | - * assembler/MacroAssemblerARM.h: |
793 | - (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatchOnAddress): |
794 | - (JSC::MacroAssemblerARM::startOfBranchPtrWithPatchOnRegister): |
795 | - (MacroAssemblerARM): |
796 | - (JSC::MacroAssemblerARM::revertJumpReplacementToBranchPtrWithPatch): |
797 | - |
798 | -2012-11-16 Yury Semikhatsky <yurys@chromium.org> |
799 | - |
800 | - Memory instrumentation: extract MemoryObjectInfo declaration into a separate file |
801 | - https://bugs.webkit.org/show_bug.cgi?id=102510 |
802 | - |
803 | - Reviewed by Pavel Feldman. |
804 | - |
805 | - Added new symbols for the methods that have moved into .../wtf/MemoryInstrumentation.cpp |
806 | - |
807 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: |
808 | - |
809 | -2012-11-23 Julien BRIANCEAU <jbrianceau@nds.com> |
810 | - |
811 | - [sh4] JavaScriptCore JIT build is broken since r130839 |
812 | - Add missing implementation for sh4 arch. |
813 | - https://bugs.webkit.org/show_bug.cgi?id=101479 |
814 | - |
815 | - Reviewed by Filip Pizlo. |
816 | - |
817 | - * assembler/MacroAssemblerSH4.h: |
818 | - (JSC::MacroAssemblerSH4::load8Signed): |
819 | - (MacroAssemblerSH4): |
820 | - (JSC::MacroAssemblerSH4::load16Signed): |
821 | - (JSC::MacroAssemblerSH4::store8): |
822 | - (JSC::MacroAssemblerSH4::store16): |
823 | - (JSC::MacroAssemblerSH4::moveDoubleToInts): |
824 | - (JSC::MacroAssemblerSH4::moveIntsToDouble): |
825 | - (JSC::MacroAssemblerSH4::loadFloat): |
826 | - (JSC::MacroAssemblerSH4::loadDouble): |
827 | - (JSC::MacroAssemblerSH4::storeFloat): |
828 | - (JSC::MacroAssemblerSH4::storeDouble): |
829 | - (JSC::MacroAssemblerSH4::addDouble): |
830 | - (JSC::MacroAssemblerSH4::convertFloatToDouble): |
831 | - (JSC::MacroAssemblerSH4::convertDoubleToFloat): |
832 | - (JSC::MacroAssemblerSH4::urshift32): |
833 | - * assembler/SH4Assembler.h: |
834 | - (JSC::SH4Assembler::sublRegReg): |
835 | - (JSC::SH4Assembler::subvlRegReg): |
836 | - (JSC::SH4Assembler::floatfpulfrn): |
837 | - (JSC::SH4Assembler::fldsfpul): |
838 | - (JSC::SH4Assembler::fstsfpul): |
839 | - (JSC::SH4Assembler::dcnvsd): |
840 | - (SH4Assembler): |
841 | - (JSC::SH4Assembler::movbRegMem): |
842 | - (JSC::SH4Assembler::sizeOfConstantPool): |
843 | - (JSC::SH4Assembler::linkJump): |
844 | - (JSC::SH4Assembler::printInstr): |
845 | - (JSC::SH4Assembler::printBlockInstr): |
846 | - |
847 | -2012-11-22 Balazs Kilvady <kilvadyb@homejinni.com> |
848 | - |
849 | - Fix the MIPS build after r135330 |
850 | - https://bugs.webkit.org/show_bug.cgi?id=102872 |
851 | - |
852 | - Reviewed by Gavin Barraclough. |
853 | - |
854 | - Revert/replace functions added to MIPS port. |
855 | - |
856 | - * assembler/MIPSAssembler.h: |
857 | - (JSC::MIPSAssembler::revertJumpToMove): |
858 | - (MIPSAssembler): |
859 | - (JSC::MIPSAssembler::replaceWithJump): |
860 | - * assembler/MacroAssemblerMIPS.h: |
861 | - (MacroAssemblerMIPS): |
862 | - (JSC::MacroAssemblerMIPS::startOfBranchPtrWithPatchOnRegister): |
863 | - (JSC::MacroAssemblerMIPS::revertJumpReplacementToBranchPtrWithPatch): |
864 | - (JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatchOnAddress): |
865 | - |
866 | -2012-11-21 Filip Pizlo <fpizlo@apple.com> |
867 | - |
868 | - Rename dataLog() and dataLogV() to dataLogF() and dataLogFV() |
869 | - https://bugs.webkit.org/show_bug.cgi?id=103001 |
870 | - |
871 | - Rubber stamped by Dan Bernstein. |
872 | - |
873 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: |
874 | - * assembler/LinkBuffer.cpp: |
875 | - (JSC::LinkBuffer::finalizeCodeWithDisassembly): |
876 | - (JSC::LinkBuffer::dumpLinkStatistics): |
877 | - (JSC::LinkBuffer::dumpCode): |
878 | - * assembler/LinkBuffer.h: |
879 | - (JSC): |
880 | - * assembler/SH4Assembler.h: |
881 | - (JSC::SH4Assembler::vprintfStdoutInstr): |
882 | - * bytecode/CodeBlock.cpp: |
883 | - (JSC::CodeBlock::dumpBytecodeCommentAndNewLine): |
884 | - (JSC::CodeBlock::printUnaryOp): |
885 | - (JSC::CodeBlock::printBinaryOp): |
886 | - (JSC::CodeBlock::printConditionalJump): |
887 | - (JSC::CodeBlock::printGetByIdOp): |
888 | - (JSC::dumpStructure): |
889 | - (JSC::dumpChain): |
890 | - (JSC::CodeBlock::printGetByIdCacheStatus): |
891 | - (JSC::CodeBlock::printCallOp): |
892 | - (JSC::CodeBlock::printPutByIdOp): |
893 | - (JSC::CodeBlock::printStructure): |
894 | - (JSC::CodeBlock::printStructures): |
895 | - (JSC::CodeBlock::dump): |
896 | - (JSC::CodeBlock::dumpStatistics): |
897 | - (JSC::CodeBlock::finalizeUnconditionally): |
898 | - (JSC::CodeBlock::resetStubInternal): |
899 | - (JSC::CodeBlock::reoptimize): |
900 | - (JSC::ProgramCodeBlock::jettison): |
901 | - (JSC::EvalCodeBlock::jettison): |
902 | - (JSC::FunctionCodeBlock::jettison): |
903 | - (JSC::CodeBlock::shouldOptimizeNow): |
904 | - (JSC::CodeBlock::tallyFrequentExitSites): |
905 | - (JSC::CodeBlock::dumpValueProfiles): |
906 | - * bytecode/Opcode.cpp: |
907 | - (JSC::OpcodeStats::~OpcodeStats): |
908 | - * bytecode/SamplingTool.cpp: |
909 | - (JSC::SamplingFlags::stop): |
910 | - (JSC::SamplingRegion::dumpInternal): |
911 | - (JSC::SamplingTool::dump): |
912 | - * dfg/DFGAbstractState.cpp: |
913 | - (JSC::DFG::AbstractState::initialize): |
914 | - (JSC::DFG::AbstractState::endBasicBlock): |
915 | - (JSC::DFG::AbstractState::mergeStateAtTail): |
916 | - (JSC::DFG::AbstractState::mergeToSuccessors): |
917 | - * dfg/DFGAbstractValue.h: |
918 | - (JSC::DFG::AbstractValue::dump): |
919 | - * dfg/DFGArgumentsSimplificationPhase.cpp: |
920 | - (JSC::DFG::ArgumentsSimplificationPhase::run): |
921 | - * dfg/DFGByteCodeParser.cpp: |
922 | - (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation): |
923 | - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): |
924 | - (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks): |
925 | - (JSC::DFG::ByteCodeParser::makeSafe): |
926 | - (JSC::DFG::ByteCodeParser::makeDivSafe): |
927 | - (JSC::DFG::ByteCodeParser::handleCall): |
928 | - (JSC::DFG::ByteCodeParser::handleInlining): |
929 | - (JSC::DFG::ByteCodeParser::parseBlock): |
930 | - (JSC::DFG::ByteCodeParser::processPhiStack): |
931 | - (JSC::DFG::ByteCodeParser::linkBlock): |
932 | - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): |
933 | - (JSC::DFG::ByteCodeParser::parseCodeBlock): |
934 | - (JSC::DFG::ByteCodeParser::parse): |
935 | - * dfg/DFGCFAPhase.cpp: |
936 | - (JSC::DFG::CFAPhase::performBlockCFA): |
937 | - (JSC::DFG::CFAPhase::performForwardCFA): |
938 | - * dfg/DFGCFGSimplificationPhase.cpp: |
939 | - (JSC::DFG::CFGSimplificationPhase::run): |
940 | - (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal): |
941 | - (JSC::DFG::CFGSimplificationPhase::fixPhis): |
942 | - (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors): |
943 | - (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference): |
944 | - (JSC::DFG::CFGSimplificationPhase::mergeBlocks): |
945 | - * dfg/DFGCSEPhase.cpp: |
946 | - (JSC::DFG::CSEPhase::endIndexForPureCSE): |
947 | - (JSC::DFG::CSEPhase::setReplacement): |
948 | - (JSC::DFG::CSEPhase::eliminate): |
949 | - (JSC::DFG::CSEPhase::performNodeCSE): |
950 | - * dfg/DFGCapabilities.cpp: |
951 | - (JSC::DFG::debugFail): |
952 | - * dfg/DFGConstantFoldingPhase.cpp: |
953 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
954 | - (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode): |
955 | - * dfg/DFGDisassembler.cpp: |
956 | - (JSC::DFG::Disassembler::dump): |
957 | - * dfg/DFGDriver.cpp: |
958 | - (JSC::DFG::compile): |
959 | - * dfg/DFGFixupPhase.cpp: |
960 | - (JSC::DFG::FixupPhase::fixupNode): |
961 | - (JSC::DFG::FixupPhase::fixDoubleEdge): |
962 | - * dfg/DFGGraph.cpp: |
963 | - (JSC::DFG::printWhiteSpace): |
964 | - (JSC::DFG::Graph::dumpCodeOrigin): |
965 | - (JSC::DFG::Graph::dump): |
966 | - (JSC::DFG::Graph::dumpBlockHeader): |
967 | - (JSC::DFG::Graph::predictArgumentTypes): |
968 | - * dfg/DFGJITCompiler.cpp: |
969 | - (JSC::DFG::JITCompiler::link): |
970 | - * dfg/DFGOSREntry.cpp: |
971 | - (JSC::DFG::prepareOSREntry): |
972 | - * dfg/DFGOSRExitCompiler.cpp: |
973 | - * dfg/DFGOSRExitCompiler32_64.cpp: |
974 | - (JSC::DFG::OSRExitCompiler::compileExit): |
975 | - * dfg/DFGOSRExitCompiler64.cpp: |
976 | - (JSC::DFG::OSRExitCompiler::compileExit): |
977 | - * dfg/DFGOperations.cpp: |
978 | - * dfg/DFGPhase.cpp: |
979 | - (JSC::DFG::Phase::beginPhase): |
980 | - * dfg/DFGPhase.h: |
981 | - (JSC::DFG::runAndLog): |
982 | - * dfg/DFGPredictionPropagationPhase.cpp: |
983 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
984 | - (JSC::DFG::PredictionPropagationPhase::propagateForward): |
985 | - (JSC::DFG::PredictionPropagationPhase::propagateBackward): |
986 | - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): |
987 | - * dfg/DFGRegisterBank.h: |
988 | - (JSC::DFG::RegisterBank::dump): |
989 | - * dfg/DFGScoreBoard.h: |
990 | - (JSC::DFG::ScoreBoard::use): |
991 | - (JSC::DFG::ScoreBoard::dump): |
992 | - * dfg/DFGSlowPathGenerator.h: |
993 | - (JSC::DFG::SlowPathGenerator::generate): |
994 | - * dfg/DFGSpeculativeJIT.cpp: |
995 | - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): |
996 | - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection): |
997 | - (JSC::DFG::SpeculativeJIT::runSlowPathGenerators): |
998 | - (JSC::DFG::SpeculativeJIT::dump): |
999 | - (JSC::DFG::SpeculativeJIT::checkConsistency): |
1000 | - (JSC::DFG::SpeculativeJIT::compile): |
1001 | - (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32): |
1002 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
1003 | - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): |
1004 | - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): |
1005 | - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): |
1006 | - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): |
1007 | - * dfg/DFGSpeculativeJIT64.cpp: |
1008 | - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): |
1009 | - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): |
1010 | - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): |
1011 | - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): |
1012 | - * dfg/DFGStructureCheckHoistingPhase.cpp: |
1013 | - (JSC::DFG::StructureCheckHoistingPhase::run): |
1014 | - * dfg/DFGValidate.cpp: |
1015 | - (Validate): |
1016 | - (JSC::DFG::Validate::reportValidationContext): |
1017 | - (JSC::DFG::Validate::dumpData): |
1018 | - (JSC::DFG::Validate::dumpGraphIfAppropriate): |
1019 | - * dfg/DFGVariableEventStream.cpp: |
1020 | - (JSC::DFG::VariableEventStream::logEvent): |
1021 | - (JSC::DFG::VariableEventStream::reconstruct): |
1022 | - * dfg/DFGVirtualRegisterAllocationPhase.cpp: |
1023 | - (JSC::DFG::VirtualRegisterAllocationPhase::run): |
1024 | - * heap/Heap.cpp: |
1025 | - * heap/HeapStatistics.cpp: |
1026 | - (JSC::HeapStatistics::logStatistics): |
1027 | - (JSC::HeapStatistics::showObjectStatistics): |
1028 | - * heap/MarkStack.h: |
1029 | - * heap/MarkedBlock.h: |
1030 | - * heap/SlotVisitor.cpp: |
1031 | - (JSC::SlotVisitor::validate): |
1032 | - * interpreter/CallFrame.cpp: |
1033 | - (JSC::CallFrame::dumpCaller): |
1034 | - * interpreter/Interpreter.cpp: |
1035 | - (JSC::Interpreter::dumpRegisters): |
1036 | - * jit/JIT.cpp: |
1037 | - (JSC::JIT::privateCompileMainPass): |
1038 | - (JSC::JIT::privateCompileSlowCases): |
1039 | - (JSC::JIT::privateCompile): |
1040 | - * jit/JITDisassembler.cpp: |
1041 | - (JSC::JITDisassembler::dump): |
1042 | - (JSC::JITDisassembler::dumpForInstructions): |
1043 | - * jit/JITStubRoutine.h: |
1044 | - (JSC): |
1045 | - * jit/JITStubs.cpp: |
1046 | - (JSC::DEFINE_STUB_FUNCTION): |
1047 | - * jit/JumpReplacementWatchpoint.cpp: |
1048 | - (JSC::JumpReplacementWatchpoint::fireInternal): |
1049 | - * llint/LLIntExceptions.cpp: |
1050 | - (JSC::LLInt::interpreterThrowInCaller): |
1051 | - (JSC::LLInt::returnToThrow): |
1052 | - (JSC::LLInt::callToThrow): |
1053 | - * llint/LLIntSlowPaths.cpp: |
1054 | - (JSC::LLInt::llint_trace_operand): |
1055 | - (JSC::LLInt::llint_trace_value): |
1056 | - (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
1057 | - (JSC::LLInt::traceFunctionPrologue): |
1058 | - (JSC::LLInt::jitCompileAndSetHeuristics): |
1059 | - (JSC::LLInt::entryOSR): |
1060 | - (JSC::LLInt::handleHostCall): |
1061 | - (JSC::LLInt::setUpCall): |
1062 | - * profiler/Profile.cpp: |
1063 | - (JSC::Profile::debugPrintData): |
1064 | - (JSC::Profile::debugPrintDataSampleStyle): |
1065 | - * profiler/ProfileNode.cpp: |
1066 | - (JSC::ProfileNode::debugPrintData): |
1067 | - (JSC::ProfileNode::debugPrintDataSampleStyle): |
1068 | - * runtime/JSGlobalData.cpp: |
1069 | - (JSC::JSGlobalData::dumpRegExpTrace): |
1070 | - * runtime/RegExp.cpp: |
1071 | - (JSC::RegExp::matchCompareWithInterpreter): |
1072 | - * runtime/SamplingCounter.cpp: |
1073 | - (JSC::AbstractSamplingCounter::dump): |
1074 | - * runtime/Structure.cpp: |
1075 | - (JSC::Structure::dumpStatistics): |
1076 | - (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger): |
1077 | - * tools/CodeProfile.cpp: |
1078 | - (JSC::CodeProfile::report): |
1079 | - * tools/ProfileTreeNode.h: |
1080 | - (JSC::ProfileTreeNode::dumpInternal): |
1081 | - * yarr/YarrInterpreter.cpp: |
1082 | - (JSC::Yarr::ByteCompiler::dumpDisjunction): |
1083 | - |
1084 | -2012-11-21 Filip Pizlo <fpizlo@apple.com> |
1085 | - |
1086 | - It should be possible to say disassemble(stuff) instead of having to say if (!tryToDisassemble(stuff)) dataLog("I failed") |
1087 | - https://bugs.webkit.org/show_bug.cgi?id=103010 |
1088 | - |
1089 | - Reviewed by Anders Carlsson. |
1090 | - |
1091 | - You can still say tryToDisassemble(), which will tell you if it failed; you can then |
1092 | - decide what to do instead. But it's better to say disassemble(), which will just print |
1093 | - the instruction ranges if tryToDisassemble() failed. This is particularly appropriate |
1094 | - since that's what all previous users of tryToDisassemble() would have done in some |
1095 | - form or another. |
1096 | - |
1097 | - * CMakeLists.txt: |
1098 | - * GNUmakefile.list.am: |
1099 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
1100 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
1101 | - * Target.pri: |
1102 | - * assembler/LinkBuffer.cpp: |
1103 | - (JSC::LinkBuffer::finalizeCodeWithDisassembly): |
1104 | - * dfg/DFGDisassembler.cpp: |
1105 | - (JSC::DFG::Disassembler::dumpDisassembly): |
1106 | - * disassembler/Disassembler.cpp: Added. |
1107 | - (JSC): |
1108 | - (JSC::disassemble): |
1109 | - * disassembler/Disassembler.h: |
1110 | - (JSC): |
1111 | - * jit/JITDisassembler.cpp: |
1112 | - (JSC::JITDisassembler::dumpDisassembly): |
1113 | - |
1114 | -2012-11-21 Filip Pizlo <fpizlo@apple.com> |
1115 | - |
1116 | - dumpOperands() claims that it needs a non-const Operands& when that is completely false |
1117 | - https://bugs.webkit.org/show_bug.cgi?id=103005 |
1118 | - |
1119 | - Reviewed by Eric Carlson. |
1120 | - |
1121 | - * bytecode/Operands.h: |
1122 | - (JSC::dumpOperands): |
1123 | - (JSC): |
1124 | - |
1125 | -2012-11-20 Filip Pizlo <fpizlo@apple.com> |
1126 | - |
1127 | - Baseline JIT's disassembly should be just as pretty as the DFG's |
1128 | - https://bugs.webkit.org/show_bug.cgi?id=102873 |
1129 | - |
1130 | - Reviewed by Sam Weinig. |
1131 | - |
1132 | - Integrated the CodeBlock's bytecode dumper with the JIT's disassembler. Also fixed |
1133 | - some type goof-ups (instructions are not in a Vector<Instruction> so using a Vector |
1134 | - iterator makes no sense) and stream-lined some things (you don't actually need a |
1135 | - full-fledged ExecState* to dump bytecode). |
1136 | - |
1137 | - * CMakeLists.txt: |
1138 | - * GNUmakefile.list.am: |
1139 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
1140 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
1141 | - * Target.pri: |
1142 | - * bytecode/CodeBlock.cpp: |
1143 | - (JSC::CodeBlock::printUnaryOp): |
1144 | - (JSC::CodeBlock::printBinaryOp): |
1145 | - (JSC::CodeBlock::printConditionalJump): |
1146 | - (JSC::CodeBlock::printGetByIdOp): |
1147 | - (JSC::CodeBlock::printCallOp): |
1148 | - (JSC::CodeBlock::printPutByIdOp): |
1149 | - (JSC::CodeBlock::dump): |
1150 | - (JSC): |
1151 | - (JSC::CodeBlock::CodeBlock): |
1152 | - * bytecode/CodeBlock.h: |
1153 | - (CodeBlock): |
1154 | - * interpreter/Interpreter.cpp: |
1155 | - (JSC::Interpreter::dumpCallFrame): |
1156 | - * jit/JIT.cpp: |
1157 | - (JSC::JIT::privateCompileMainPass): |
1158 | - (JSC::JIT::privateCompileSlowCases): |
1159 | - (JSC::JIT::privateCompile): |
1160 | - * jit/JIT.h: |
1161 | - (JIT): |
1162 | - * jit/JITDisassembler.cpp: Added. |
1163 | - (JSC): |
1164 | - (JSC::JITDisassembler::JITDisassembler): |
1165 | - (JSC::JITDisassembler::~JITDisassembler): |
1166 | - (JSC::JITDisassembler::dump): |
1167 | - (JSC::JITDisassembler::dumpForInstructions): |
1168 | - (JSC::JITDisassembler::dumpDisassembly): |
1169 | - * jit/JITDisassembler.h: Added. |
1170 | - (JSC): |
1171 | - (JITDisassembler): |
1172 | - (JSC::JITDisassembler::setStartOfCode): |
1173 | - (JSC::JITDisassembler::setForBytecodeMainPath): |
1174 | - (JSC::JITDisassembler::setForBytecodeSlowPath): |
1175 | - (JSC::JITDisassembler::setEndOfSlowPath): |
1176 | - (JSC::JITDisassembler::setEndOfCode): |
1177 | - |
1178 | -2012-11-21 Daniel Bates <dbates@webkit.org> |
1179 | - |
1180 | - JavaScript fails to concatenate large strings |
1181 | - <https://bugs.webkit.org/show_bug.cgi?id=102963> |
1182 | - |
1183 | - Reviewed by Michael Saboff. |
1184 | - |
1185 | - Fixes an issue where we inadvertently didn't check the length of |
1186 | - a JavaScript string for overflow. |
1187 | - |
1188 | - * runtime/Operations.h: |
1189 | - (JSC::jsString): |
1190 | - (JSC::jsStringFromArguments): |
1191 | - |
1192 | -2012-11-20 Filip Pizlo <fpizlo@apple.com> |
1193 | - |
1194 | - DFG should be able to cache closure calls (part 2/2) |
1195 | - https://bugs.webkit.org/show_bug.cgi?id=102662 |
1196 | - |
1197 | - Reviewed by Gavin Barraclough. |
1198 | - |
1199 | - Added caching of calls where the JSFunction* varies, but the Structure* and ExecutableBase* |
1200 | - stay the same. This is accomplished by replacing the branch that compares against a constant |
1201 | - JSFunction* with a jump to a closure call stub. The closure call stub contains a fast path, |
1202 | - and jumps slow directly to the virtual call thunk. |
1203 | - |
1204 | - Looks like a 1% win on V8v7. |
1205 | - |
1206 | - * CMakeLists.txt: |
1207 | - * GNUmakefile.list.am: |
1208 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
1209 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
1210 | - * Target.pri: |
1211 | - * bytecode/CallLinkInfo.cpp: |
1212 | - (JSC::CallLinkInfo::unlink): |
1213 | - * bytecode/CallLinkInfo.h: |
1214 | - (CallLinkInfo): |
1215 | - (JSC::CallLinkInfo::isLinked): |
1216 | - (JSC::getCallLinkInfoBytecodeIndex): |
1217 | - * bytecode/CodeBlock.cpp: |
1218 | - (JSC::CodeBlock::finalizeUnconditionally): |
1219 | - (JSC): |
1220 | - (JSC::CodeBlock::findClosureCallForReturnPC): |
1221 | - (JSC::CodeBlock::bytecodeOffset): |
1222 | - (JSC::CodeBlock::codeOriginForReturn): |
1223 | - * bytecode/CodeBlock.h: |
1224 | - (JSC::CodeBlock::getCallLinkInfo): |
1225 | - (CodeBlock): |
1226 | - (JSC::CodeBlock::isIncomingCallAlreadyLinked): |
1227 | - * dfg/DFGJITCompiler.cpp: |
1228 | - (JSC::DFG::JITCompiler::link): |
1229 | - * dfg/DFGJITCompiler.h: |
1230 | - (JSC::DFG::JITCompiler::addJSCall): |
1231 | - (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): |
1232 | - (JSCallRecord): |
1233 | - * dfg/DFGOperations.cpp: |
1234 | - * dfg/DFGOperations.h: |
1235 | - * dfg/DFGRepatch.cpp: |
1236 | - (JSC::DFG::linkSlowFor): |
1237 | - (DFG): |
1238 | - (JSC::DFG::dfgLinkFor): |
1239 | - (JSC::DFG::dfgLinkSlowFor): |
1240 | - (JSC::DFG::dfgLinkClosureCall): |
1241 | - * dfg/DFGRepatch.h: |
1242 | - (DFG): |
1243 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
1244 | - (JSC::DFG::SpeculativeJIT::emitCall): |
1245 | - * dfg/DFGSpeculativeJIT64.cpp: |
1246 | - (JSC::DFG::SpeculativeJIT::emitCall): |
1247 | - * dfg/DFGThunks.cpp: |
1248 | - (DFG): |
1249 | - (JSC::DFG::linkClosureCallThunkGenerator): |
1250 | - * dfg/DFGThunks.h: |
1251 | - (DFG): |
1252 | - * heap/Heap.h: |
1253 | - (Heap): |
1254 | - (JSC::Heap::jitStubRoutines): |
1255 | - * heap/JITStubRoutineSet.h: |
1256 | - (JSC::JITStubRoutineSet::size): |
1257 | - (JSC::JITStubRoutineSet::at): |
1258 | - (JITStubRoutineSet): |
1259 | - * jit/ClosureCallStubRoutine.cpp: Added. |
1260 | - (JSC): |
1261 | - (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine): |
1262 | - (JSC::ClosureCallStubRoutine::~ClosureCallStubRoutine): |
1263 | - (JSC::ClosureCallStubRoutine::markRequiredObjectsInternal): |
1264 | - * jit/ClosureCallStubRoutine.h: Added. |
1265 | - (JSC): |
1266 | - (ClosureCallStubRoutine): |
1267 | - (JSC::ClosureCallStubRoutine::structure): |
1268 | - (JSC::ClosureCallStubRoutine::executable): |
1269 | - (JSC::ClosureCallStubRoutine::codeOrigin): |
1270 | - * jit/GCAwareJITStubRoutine.cpp: |
1271 | - (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine): |
1272 | - * jit/GCAwareJITStubRoutine.h: |
1273 | - (GCAwareJITStubRoutine): |
1274 | - (JSC::GCAwareJITStubRoutine::isClosureCall): |
1275 | - * jit/JIT.cpp: |
1276 | - (JSC::JIT::privateCompile): |
1277 | - |
1278 | -2012-11-20 Filip Pizlo <fpizlo@apple.com> |
1279 | - |
1280 | - DFG should be able to cache closure calls (part 1/2) |
1281 | - https://bugs.webkit.org/show_bug.cgi?id=102662 |
1282 | - |
1283 | - Reviewed by Gavin Barraclough. |
1284 | - |
1285 | - Add ability to revert a jump replacement back to |
1286 | - branchPtrWithPatch(Condition, RegisterID, TrustedImmPtr). This is meant to be |
1287 | - a mandatory piece of functionality for all assemblers. I also renamed some of |
1288 | - the functions for reverting jump replacements back to |
1289 | - patchableBranchPtrWithPatch(Condition, Address, TrustedImmPtr), so as to avoid |
1290 | - confusion. |
1291 | - |
1292 | - * assembler/ARMv7Assembler.h: |
1293 | - (JSC::ARMv7Assembler::BadReg): |
1294 | - (ARMv7Assembler): |
1295 | - (JSC::ARMv7Assembler::revertJumpTo_movT3): |
1296 | - * assembler/LinkBuffer.h: |
1297 | - (JSC): |
1298 | - * assembler/MacroAssemblerARMv7.h: |
1299 | - (JSC::MacroAssemblerARMv7::startOfBranchPtrWithPatchOnRegister): |
1300 | - (MacroAssemblerARMv7): |
1301 | - (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch): |
1302 | - (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatchOnAddress): |
1303 | - * assembler/MacroAssemblerX86.h: |
1304 | - (JSC::MacroAssemblerX86::startOfBranchPtrWithPatchOnRegister): |
1305 | - (MacroAssemblerX86): |
1306 | - (JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatchOnAddress): |
1307 | - (JSC::MacroAssemblerX86::revertJumpReplacementToBranchPtrWithPatch): |
1308 | - * assembler/MacroAssemblerX86_64.h: |
1309 | - (JSC::MacroAssemblerX86_64::startOfBranchPtrWithPatchOnRegister): |
1310 | - (JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatchOnAddress): |
1311 | - (MacroAssemblerX86_64): |
1312 | - (JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch): |
1313 | - * assembler/RepatchBuffer.h: |
1314 | - (JSC::RepatchBuffer::startOfBranchPtrWithPatchOnRegister): |
1315 | - (RepatchBuffer): |
1316 | - (JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress): |
1317 | - (JSC::RepatchBuffer::revertJumpReplacementToBranchPtrWithPatch): |
1318 | - * assembler/X86Assembler.h: |
1319 | - (JSC::X86Assembler::revertJumpTo_cmpl_ir_force32): |
1320 | - (X86Assembler): |
1321 | - * dfg/DFGRepatch.cpp: |
1322 | - (JSC::DFG::replaceWithJump): |
1323 | - (JSC::DFG::dfgResetGetByID): |
1324 | - (JSC::DFG::dfgResetPutByID): |
1325 | - |
1326 | -2012-11-20 Yong Li <yoli@rim.com> |
1327 | - |
1328 | - [ARMv7] Neither linkCall() nor linkPointer() should flush code. |
1329 | - https://bugs.webkit.org/show_bug.cgi?id=99213 |
1330 | - |
1331 | - Reviewed by George Staikos. |
1332 | - |
1333 | - LinkBuffer doesn't need to flush code during linking. It will |
1334 | - eventually flush the whole executable. Fixing this gives >%5 |
1335 | - sunspider boost (on QNX). |
1336 | - |
1337 | - Also make replaceWithLoad() and replaceWithAddressComputation() flush |
1338 | - only when necessary. |
1339 | - |
1340 | - * assembler/ARMv7Assembler.h: |
1341 | - (JSC::ARMv7Assembler::linkCall): |
1342 | - (JSC::ARMv7Assembler::linkPointer): |
1343 | - (JSC::ARMv7Assembler::relinkCall): |
1344 | - (JSC::ARMv7Assembler::repatchInt32): |
1345 | - (JSC::ARMv7Assembler::repatchPointer): |
1346 | - (JSC::ARMv7Assembler::replaceWithLoad): Flush only after it did write. |
1347 | - (JSC::ARMv7Assembler::replaceWithAddressComputation): Flush only after it did write. |
1348 | - (JSC::ARMv7Assembler::setInt32): |
1349 | - (JSC::ARMv7Assembler::setPointer): |
1350 | - |
1351 | -2012-11-19 Filip Pizlo <fpizlo@apple.com> |
1352 | - |
1353 | - Remove support for ARMv7 errata from the jump code |
1354 | - https://bugs.webkit.org/show_bug.cgi?id=102759 |
1355 | - |
1356 | - Reviewed by Oliver Hunt. |
1357 | - |
1358 | - The jump replacement code was wrong to begin with since it wasn't doing |
1359 | - a cache flush on the inserted padding. And, to my knowledge, we don't need |
1360 | - this anymore, so this patch removes all errata code from the ARMv7 port. |
1361 | - |
1362 | - * assembler/ARMv7Assembler.h: |
1363 | - (JSC::ARMv7Assembler::computeJumpType): |
1364 | - (JSC::ARMv7Assembler::replaceWithJump): |
1365 | - (JSC::ARMv7Assembler::maxJumpReplacementSize): |
1366 | - (JSC::ARMv7Assembler::canBeJumpT3): |
1367 | - (JSC::ARMv7Assembler::canBeJumpT4): |
1368 | - |
1369 | -2012-11-19 Patrick Gansterer <paroga@webkit.org> |
1370 | - |
1371 | - [CMake] Create JavaScriptCore ForwardingHeaders |
1372 | - https://bugs.webkit.org/show_bug.cgi?id=92665 |
1373 | - |
1374 | - Reviewed by Brent Fulgham. |
1375 | - |
1376 | - When using CMake to build the Windows port, we need |
1377 | - to generate the forwarding headers with it too. |
1378 | - |
1379 | - * CMakeLists.txt: |
1380 | - |
1381 | -2012-11-19 Kihong Kwon <kihong.kwon@samsung.com> |
1382 | - |
1383 | - Add PROXIMITY_EVENTS feature |
1384 | - https://bugs.webkit.org/show_bug.cgi?id=102658 |
1385 | - |
1386 | - Reviewed by Kentaro Hara. |
1387 | - |
1388 | - Add PROXIMITY_EVENTS feature to xcode project for JavaScriptCore. |
1389 | - |
1390 | - * Configurations/FeatureDefines.xcconfig: |
1391 | - |
1392 | -2012-11-18 Dan Bernstein <mitz@apple.com> |
1393 | - |
1394 | - Try to fix the DFG build after r135099. |
1395 | - |
1396 | - * dfg/DFGCommon.h: |
1397 | - (JSC::DFG::shouldShowDisassembly): |
1398 | - |
1399 | -2012-11-18 Filip Pizlo <fpizlo@apple.com> |
1400 | - |
1401 | - Unreviewed, build fix for !ENABLE(DFG_JIT). |
1402 | - |
1403 | - * dfg/DFGCommon.h: |
1404 | - (JSC::DFG::shouldShowDisassembly): |
1405 | - (DFG): |
1406 | - |
1407 | -2012-11-18 Filip Pizlo <fpizlo@apple.com> |
1408 | - |
1409 | - JSC should have more logging in structure-related code |
1410 | - https://bugs.webkit.org/show_bug.cgi?id=102630 |
1411 | - |
1412 | - Reviewed by Simon Fraser. |
1413 | - |
1414 | - - JSValue::description() now tells you if something is a structure, and if so, |
1415 | - what kind of structure it is. |
1416 | - |
1417 | - - Jettisoning logic now tells you why things are being jettisoned. |
1418 | - |
1419 | - - It's now possible to turn off GC-triggered jettisoning entirely. |
1420 | - |
1421 | - * bytecode/CodeBlock.cpp: |
1422 | - (JSC::CodeBlock::finalizeUnconditionally): |
1423 | - (JSC::CodeBlock::reoptimize): |
1424 | - (JSC::ProgramCodeBlock::jettison): |
1425 | - (JSC::EvalCodeBlock::jettison): |
1426 | - (JSC::FunctionCodeBlock::jettison): |
1427 | - * bytecode/CodeBlock.h: |
1428 | - (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan): |
1429 | - * runtime/JSValue.cpp: |
1430 | - (JSC::JSValue::description): |
1431 | - * runtime/Options.h: |
1432 | - (JSC): |
1433 | - |
1434 | -2012-11-18 Filip Pizlo <fpizlo@apple.com> |
1435 | - |
1436 | - DFG constant folding phase should say 'changed = true' whenever it changes the graph |
1437 | - https://bugs.webkit.org/show_bug.cgi?id=102550 |
1438 | - |
1439 | - Rubber stamped by Mark Hahnenberg. |
1440 | - |
1441 | - * dfg/DFGConstantFoldingPhase.cpp: |
1442 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
1443 | - |
1444 | -2012-11-17 Elliott Sprehn <esprehn@chromium.org> |
1445 | - |
1446 | - Expose JSObject removeDirect and PrivateName to WebCore |
1447 | - https://bugs.webkit.org/show_bug.cgi?id=102546 |
1448 | - |
1449 | - Reviewed by Geoffrey Garen. |
1450 | - |
1451 | - Export removeDirect for use in WebCore so JSDependentRetained works. |
1452 | - |
1453 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: |
1454 | - |
1455 | -2012-11-16 Filip Pizlo <fpizlo@apple.com> |
1456 | - |
1457 | - Given a PutById or GetById with a proven structure, the DFG should be able to emit a PutByOffset or GetByOffset instead |
1458 | - https://bugs.webkit.org/show_bug.cgi?id=102327 |
1459 | - |
1460 | - Reviewed by Mark Hahnenberg. |
1461 | - |
1462 | - If the profiler tells us that a GetById or PutById may be polymorphic but our |
1463 | - control flow analysis proves that it isn't, we should trust the control flow |
1464 | - analysis over the profiler. This arises in cases where GetById or PutById were |
1465 | - inlined: the inlined function may have been called from other places that led |
1466 | - to polymorphism, but in the current inlined context, there is no polymorphism. |
1467 | - |
1468 | - * bytecode/CodeBlock.cpp: |
1469 | - (JSC::CodeBlock::dump): |
1470 | - * bytecode/GetByIdStatus.cpp: |
1471 | - (JSC::GetByIdStatus::computeFor): |
1472 | - (JSC): |
1473 | - * bytecode/GetByIdStatus.h: |
1474 | - (JSC::GetByIdStatus::GetByIdStatus): |
1475 | - (GetByIdStatus): |
1476 | - * bytecode/PutByIdStatus.cpp: |
1477 | - (JSC::PutByIdStatus::computeFor): |
1478 | - (JSC): |
1479 | - * bytecode/PutByIdStatus.h: |
1480 | - (JSC): |
1481 | - (JSC::PutByIdStatus::PutByIdStatus): |
1482 | - (PutByIdStatus): |
1483 | - * dfg/DFGAbstractState.cpp: |
1484 | - (JSC::DFG::AbstractState::execute): |
1485 | - * dfg/DFGAbstractValue.h: |
1486 | - (JSC::DFG::AbstractValue::bestProvenStructure): |
1487 | - (AbstractValue): |
1488 | - * dfg/DFGConstantFoldingPhase.cpp: |
1489 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
1490 | - (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck): |
1491 | - (ConstantFoldingPhase): |
1492 | - * dfg/DFGNode.h: |
1493 | - (JSC::DFG::Node::convertToGetByOffset): |
1494 | - (Node): |
1495 | - (JSC::DFG::Node::convertToPutByOffset): |
1496 | - (JSC::DFG::Node::hasStorageResult): |
1497 | - * runtime/JSGlobalObject.h: |
1498 | - (JSC::Structure::prototypeChain): |
1499 | - (JSC): |
1500 | - (JSC::Structure::isValid): |
1501 | - * runtime/Operations.h: |
1502 | - (JSC::isPrototypeChainNormalized): |
1503 | - (JSC): |
1504 | - * runtime/Structure.h: |
1505 | - (Structure): |
1506 | - (JSC::Structure::transitionDidInvolveSpecificValue): |
1507 | - |
1508 | -2012-11-16 Tony Chang <tony@chromium.org> |
1509 | - |
1510 | - Remove ENABLE_CSS_HIERARCHIES since it's no longer in use |
1511 | - https://bugs.webkit.org/show_bug.cgi?id=102554 |
1512 | - |
1513 | - Reviewed by Andreas Kling. |
1514 | - |
1515 | - As mentioned in https://bugs.webkit.org/show_bug.cgi?id=79939#c41 , |
1516 | - we're going to revist this feature once additional vendor support is |
1517 | - achieved. |
1518 | - |
1519 | - * Configurations/FeatureDefines.xcconfig: |
1520 | - |
1521 | -2012-11-16 Patrick Gansterer <paroga@webkit.org> |
1522 | - |
1523 | - Build fix for WinCE after r133688. |
1524 | - |
1525 | - Use numeric_limits<uint32_t>::max() instead of UINT32_MAX. |
1526 | - |
1527 | - * runtime/CodeCache.h: |
1528 | - (JSC::CacheMap::CacheMap): |
1529 | - |
1530 | -2012-11-15 Filip Pizlo <fpizlo@apple.com> |
1531 | - |
1532 | - ClassInfo.h should have correct indentation. |
1533 | - |
1534 | - Rubber stamped by Mark Hahnenberg. |
1535 | - |
1536 | - ClassInfo.h had some true creativity in its use of whitespace. Some things within |
1537 | - the namespace were indented four spaces and others where not. One #define had its |
1538 | - contents indented four spaces, while another didn't. I applied the following rule: |
1539 | - |
1540 | - - Non-macro things in the namespace should not be indented (that's our current |
1541 | - accepted practice). |
1542 | - |
1543 | - - Macros should never be indented but if they are multi-line then their subsequent |
1544 | - bodies should be indented four spaces. I believe that is consistent with what we |
1545 | - do elsewhere. |
1546 | - |
1547 | - * runtime/ClassInfo.h: |
1548 | - (JSC): |
1549 | - (MethodTable): |
1550 | - (ClassInfo): |
1551 | - (JSC::ClassInfo::propHashTable): |
1552 | - (JSC::ClassInfo::isSubClassOf): |
1553 | - (JSC::ClassInfo::hasStaticProperties): |
1554 | - |
1555 | -2012-11-15 Filip Pizlo <fpizlo@apple.com> |
1556 | - |
1557 | - DFG should copy propagate trivially no-op ConvertThis |
1558 | - https://bugs.webkit.org/show_bug.cgi?id=102445 |
1559 | - |
1560 | - Reviewed by Oliver Hunt. |
1561 | - |
1562 | - Copy propagation is always a good thing, since it reveals must-alias relationships |
1563 | - to the CFA and CSE. This accomplishes copy propagation for ConvertThis by first |
1564 | - converting it to an Identity node (which is done by the constant folder since it |
1565 | - has access to CFA results) and then performing substitution of references to |
1566 | - Identity with references to Identity's child in the CSE. |
1567 | - |
1568 | - I'm not aiming for a big speed-up here; I just think that this will be useful for |
1569 | - the work on https://bugs.webkit.org/show_bug.cgi?id=102327. |
1570 | - |
1571 | - * dfg/DFGAbstractState.cpp: |
1572 | - (JSC::DFG::AbstractState::execute): |
1573 | - * dfg/DFGCSEPhase.cpp: |
1574 | - (JSC::DFG::CSEPhase::performNodeCSE): |
1575 | - * dfg/DFGConstantFoldingPhase.cpp: |
1576 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
1577 | - * dfg/DFGNodeType.h: |
1578 | - (DFG): |
1579 | - * dfg/DFGPredictionPropagationPhase.cpp: |
1580 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
1581 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
1582 | - (JSC::DFG::SpeculativeJIT::compile): |
1583 | - * dfg/DFGSpeculativeJIT64.cpp: |
1584 | - (JSC::DFG::SpeculativeJIT::compile): |
1585 | - |
1586 | -2012-11-15 Filip Pizlo <fpizlo@apple.com> |
1587 | - |
1588 | - CallData.h should have correct indentation. |
1589 | - |
1590 | - Rubber stamped by Mark Hahneberg. |
1591 | - |
1592 | - * runtime/CallData.h: |
1593 | - (JSC): |
1594 | - |
1595 | -2012-11-15 Filip Pizlo <fpizlo@apple.com> |
1596 | - |
1597 | - Remove methodCallDummy since it is not used anymore. |
1598 | - |
1599 | - Rubber stamped by Mark Hahnenberg. |
1600 | - |
1601 | - * runtime/JSGlobalObject.cpp: |
1602 | - (JSC::JSGlobalObject::reset): |
1603 | - (JSC): |
1604 | - (JSC::JSGlobalObject::visitChildren): |
1605 | - * runtime/JSGlobalObject.h: |
1606 | - (JSGlobalObject): |
1607 | - |
1608 | -2012-11-14 Filip Pizlo <fpizlo@apple.com> |
1609 | - |
1610 | - Structure should be able to easily tell if the prototype chain might intercept a store |
1611 | - https://bugs.webkit.org/show_bug.cgi?id=102326 |
1612 | - |
1613 | - Reviewed by Geoffrey Garen. |
1614 | - |
1615 | - This improves our ability to reason about the correctness of the more optimized |
1616 | - prototype chain walk in JSObject::put(), while also making it straight forward to |
1617 | - check if the prototype chain will do strange things to a property store by just |
1618 | - looking at the structure. |
1619 | - |
1620 | - * runtime/JSObject.cpp: |
1621 | - (JSC::JSObject::put): |
1622 | - * runtime/Structure.cpp: |
1623 | - (JSC::Structure::prototypeChainMayInterceptStoreTo): |
1624 | - (JSC): |
1625 | - * runtime/Structure.h: |
1626 | - (Structure): |
1627 | - |
1628 | -2012-11-15 Thiago Marcos P. Santos <thiago.santos@intel.com> |
1629 | - |
1630 | - [CMake] Do not regenerate LLIntAssembly.h on every incremental build |
1631 | - https://bugs.webkit.org/show_bug.cgi?id=102248 |
1632 | - |
1633 | - Reviewed by Kenneth Rohde Christiansen. |
1634 | - |
1635 | - Update LLIntAssembly.h's mtime after running asm.rb to make the build |
1636 | - system dependency tracking consistent. |
1637 | - |
1638 | - * CMakeLists.txt: |
1639 | - |
1640 | -2012-11-15 Thiago Marcos P. Santos <thiago.santos@intel.com> |
1641 | - |
1642 | - Fix compiler warnings about signed/unsigned comparison on i386 |
1643 | - https://bugs.webkit.org/show_bug.cgi?id=102249 |
1644 | - |
1645 | - Reviewed by Kenneth Rohde Christiansen. |
1646 | - |
1647 | - Add casting to unsigned to shut up gcc warnings. Build was broken on |
1648 | - JSVALUE32_64 ports compiling with -Werror. |
1649 | - |
1650 | - * llint/LLIntData.cpp: |
1651 | - (JSC::LLInt::Data::performAssertions): |
1652 | - |
1653 | -2012-11-14 Brent Fulgham <bfulgham@webkit.org> |
1654 | - |
1655 | - [Windows, WinCairo] Unreviewed build fix. |
1656 | - |
1657 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: |
1658 | - Missed one of the exports that was part of the WebKit2.def. |
1659 | - |
1660 | -2012-11-14 Brent Fulgham <bfulgham@webkit.org> |
1661 | - |
1662 | - [Windows, WinCairo] Correct build failure. |
1663 | - https://bugs.webkit.org/show_bug.cgi?id=102302 |
1664 | - |
1665 | - WebCore symbols were mistakenly added to the JavaScriptCore |
1666 | - library definition file. |
1667 | - |
1668 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove |
1669 | - WebCore symbols that were incorrectly added to the export file. |
1670 | - |
1671 | -2012-11-14 Mark Lam <mark.lam@apple.com> |
1672 | - |
1673 | - Change JSEventListener::m_jsFunction to be a weak ref. |
1674 | - https://bugs.webkit.org/show_bug.cgi?id=101989. |
1675 | - |
1676 | - Reviewed by Geoffrey Garen. |
1677 | - |
1678 | - Added infrastructure for scanning weak ref slots. |
1679 | - |
1680 | - * heap/SlotVisitor.cpp: Added #include "SlotVisitorInlines.h". |
1681 | - * heap/SlotVisitor.h: |
1682 | - (SlotVisitor): Added SlotVisitor::appendUnbarrieredWeak(). |
1683 | - * heap/SlotVisitorInlines.h: Added #include "Weak.h". |
1684 | - (JSC::SlotVisitor::appendUnbarrieredWeak): Added. |
1685 | - * heap/Weak.h: |
1686 | - (JSC::operator==): Added operator==() for Weak. |
1687 | - * runtime/JSCell.h: Removed #include "SlotVisitorInlines.h". |
1688 | - * runtime/JSObject.h: Added #include "SlotVisitorInlines.h". |
1689 | - |
1690 | -2012-11-14 Filip Pizlo <fpizlo@apple.com> |
1691 | - |
1692 | - Read-only properties created with putDirect() should tell the structure that there are read-only properties |
1693 | - https://bugs.webkit.org/show_bug.cgi?id=102292 |
1694 | - |
1695 | - Reviewed by Gavin Barraclough. |
1696 | - |
1697 | - This mostly affects things like function.length. |
1698 | - |
1699 | - * runtime/JSObject.h: |
1700 | - (JSC::JSObject::putDirectInternal): |
1701 | - |
1702 | -2012-11-13 Filip Pizlo <fpizlo@apple.com> |
1703 | - |
1704 | - Don't access Node& after adding nodes to the graph. |
1705 | - https://bugs.webkit.org/show_bug.cgi?id=102005 |
1706 | - |
1707 | - Reviewed by Oliver Hunt. |
1708 | - |
1709 | - * dfg/DFGFixupPhase.cpp: |
1710 | - (JSC::DFG::FixupPhase::fixupNode): |
1711 | - |
1712 | -2012-11-14 Valery Ignatyev <valery.ignatyev@ispras.ru> |
1713 | - |
1714 | - Replace (typeof(x) != <"object", "undefined", ...>) with |
1715 | - !(typeof(x) == <"object",..>). Later is_object, is_<...> bytecode operation |
1716 | - will be used. |
1717 | - |
1718 | - https://bugs.webkit.org/show_bug.cgi?id=98893 |
1719 | - |
1720 | - Reviewed by Filip Pizlo. |
1721 | - |
1722 | - This eliminates expensive typeof implementation and |
1723 | - allows to use DFG optimizations, which doesn't support 'typeof'. |
1724 | - |
1725 | - * bytecompiler/NodesCodegen.cpp: |
1726 | - (JSC::BinaryOpNode::emitBytecode): |
1727 | - |
1728 | -2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu> |
1729 | - |
1730 | - [Qt][ARM]REGRESSION(r133985): It broke the build |
1731 | - https://bugs.webkit.org/show_bug.cgi?id=101740 |
1732 | - |
1733 | - Reviewed by Csaba Osztrogonác. |
1734 | - |
1735 | - Changed the emitGenericContiguousPutByVal to accept the additional IndexingType argument. |
1736 | - This information was passed as a template parameter. |
1737 | - |
1738 | - * jit/JIT.h: |
1739 | - (JSC::JIT::emitInt32PutByVal): |
1740 | - (JSC::JIT::emitDoublePutByVal): |
1741 | - (JSC::JIT::emitContiguousPutByVal): |
1742 | - (JIT): |
1743 | - * jit/JITPropertyAccess.cpp: |
1744 | - (JSC::JIT::emitGenericContiguousPutByVal): |
1745 | - * jit/JITPropertyAccess32_64.cpp: |
1746 | - (JSC::JIT::emitGenericContiguousPutByVal): |
1747 | - |
1748 | -2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu> |
1749 | - |
1750 | - Fix the MIPS build after r134332 |
1751 | - https://bugs.webkit.org/show_bug.cgi?id=102227 |
1752 | - |
1753 | - Reviewed by Csaba Osztrogonác. |
1754 | - |
1755 | - Added missing methods for the MacroAssemblerMIPS, based on the MacroAssemblerARMv7. |
1756 | - |
1757 | - * assembler/MacroAssemblerMIPS.h: |
1758 | - (JSC::MacroAssemblerMIPS::canJumpReplacePatchableBranchPtrWithPatch): |
1759 | - (MacroAssemblerMIPS): |
1760 | - (JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatch): |
1761 | - (JSC::MacroAssemblerMIPS::revertJumpReplacementToPatchableBranchPtrWithPatch): |
1762 | - |
1763 | -2012-11-14 Peter Gal <galpeter@inf.u-szeged.hu> |
1764 | - |
1765 | - Fix the [-Wreturn-type] warning in JavaScriptCore/assembler/MacroAssemblerARM.h |
1766 | - https://bugs.webkit.org/show_bug.cgi?id=102206 |
1767 | - |
1768 | - Reviewed by Csaba Osztrogonác. |
1769 | - |
1770 | - Add a return value for the function to suppress the warning. |
1771 | - |
1772 | - * assembler/MacroAssemblerARM.h: |
1773 | - (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch): |
1774 | - |
1775 | -2012-11-14 Sheriff Bot <webkit.review.bot@gmail.com> |
1776 | - |
1777 | - Unreviewed, rolling out r134599. |
1778 | - http://trac.webkit.org/changeset/134599 |
1779 | - https://bugs.webkit.org/show_bug.cgi?id=102225 |
1780 | - |
1781 | - It broke the 32 bit EFL build (Requested by Ossy on #webkit). |
1782 | - |
1783 | - * jit/JITPropertyAccess.cpp: |
1784 | - * jit/JITPropertyAccess32_64.cpp: |
1785 | - (JSC): |
1786 | - (JSC::JIT::emitGenericContiguousPutByVal): |
1787 | - |
1788 | -2012-11-14 Balazs Kilvady <kilvadyb@homejinni.com> |
1789 | - |
1790 | - [Qt][ARM]REGRESSION(r133985): It broke the build |
1791 | - https://bugs.webkit.org/show_bug.cgi?id=101740 |
1792 | - |
1793 | - Reviewed by Csaba Osztrogonác. |
1794 | - |
1795 | - Template function body moved to fix VALUE_PROFILER disabled case. |
1796 | - |
1797 | - * jit/JITPropertyAccess.cpp: |
1798 | - (JSC): |
1799 | - (JSC::JIT::emitGenericContiguousPutByVal): |
1800 | - * jit/JITPropertyAccess32_64.cpp: |
1801 | - |
1802 | -2012-11-13 Filip Pizlo <fpizlo@apple.com> |
1803 | - |
1804 | - DFG CreateThis should be able to statically account for the structure of the object it creates, if profiling indicates that this structure is always the same |
1805 | - https://bugs.webkit.org/show_bug.cgi?id=102017 |
1806 | - |
1807 | - Reviewed by Geoffrey Garen. |
1808 | - |
1809 | - This adds a watchpoint in JSFunction on the cached inheritor ID. It also changes |
1810 | - NewObject to take a structure as an operand (previously it implicitly used the owning |
1811 | - global object's empty object structure). Any GetCallee where the callee is predictable |
1812 | - is turned into a CheckFunction + WeakJSConstant, and any CreateThis on a WeakJSConstant |
1813 | - where the inheritor ID watchpoint is still valid is turned into an InheritorIDWatchpoint |
1814 | - followed by a NewObject. NewObject already accounts for the structure it uses for object |
1815 | - creation in the CFA. |
1816 | - |
1817 | - * dfg/DFGAbstractState.cpp: |
1818 | - (JSC::DFG::AbstractState::execute): |
1819 | - * dfg/DFGByteCodeParser.cpp: |
1820 | - (JSC::DFG::ByteCodeParser::parseBlock): |
1821 | - * dfg/DFGCSEPhase.cpp: |
1822 | - (JSC::DFG::CSEPhase::checkFunctionElimination): |
1823 | - * dfg/DFGGraph.cpp: |
1824 | - (JSC::DFG::Graph::dump): |
1825 | - * dfg/DFGNode.h: |
1826 | - (JSC::DFG::Node::hasFunction): |
1827 | - (JSC::DFG::Node::function): |
1828 | - (JSC::DFG::Node::hasStructure): |
1829 | - * dfg/DFGNodeType.h: |
1830 | - (DFG): |
1831 | - * dfg/DFGOperations.cpp: |
1832 | - * dfg/DFGOperations.h: |
1833 | - * dfg/DFGPredictionPropagationPhase.cpp: |
1834 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
1835 | - * dfg/DFGSpeculativeJIT.h: |
1836 | - (JSC::DFG::SpeculativeJIT::callOperation): |
1837 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
1838 | - (JSC::DFG::SpeculativeJIT::compile): |
1839 | - * dfg/DFGSpeculativeJIT64.cpp: |
1840 | - (JSC::DFG::SpeculativeJIT::compile): |
1841 | - * runtime/Executable.h: |
1842 | - (JSC::JSFunction::JSFunction): |
1843 | - * runtime/JSBoundFunction.cpp: |
1844 | - (JSC): |
1845 | - * runtime/JSFunction.cpp: |
1846 | - (JSC::JSFunction::JSFunction): |
1847 | - (JSC::JSFunction::put): |
1848 | - (JSC::JSFunction::defineOwnProperty): |
1849 | - * runtime/JSFunction.h: |
1850 | - (JSC::JSFunction::tryGetKnownInheritorID): |
1851 | - (JSFunction): |
1852 | - (JSC::JSFunction::addInheritorIDWatchpoint): |
1853 | - |
1854 | -2012-11-13 Filip Pizlo <fpizlo@apple.com> |
1855 | - |
1856 | - JSFunction and its descendants should be destructible |
1857 | - https://bugs.webkit.org/show_bug.cgi?id=102062 |
1858 | - |
1859 | - Reviewed by Mark Hahnenberg. |
1860 | - |
1861 | - This will make it easy to place an InlineWatchpointSet inside JSFunction. In the |
1862 | - future, we could make JSFunction non-destructible again by making a version of |
1863 | - WatchpointSet that is entirely GC'd, but this seems like overkill for now. |
1864 | - |
1865 | - This is performance-neutral. |
1866 | - |
1867 | - * runtime/JSBoundFunction.cpp: |
1868 | - (JSC::JSBoundFunction::destroy): |
1869 | - (JSC): |
1870 | - * runtime/JSBoundFunction.h: |
1871 | - (JSBoundFunction): |
1872 | - * runtime/JSFunction.cpp: |
1873 | - (JSC): |
1874 | - (JSC::JSFunction::destroy): |
1875 | - * runtime/JSFunction.h: |
1876 | - (JSFunction): |
1877 | - |
1878 | -2012-11-13 Cosmin Truta <ctruta@rim.com> |
1879 | - |
1880 | - Uninitialized fields in class JSLock |
1881 | - https://bugs.webkit.org/show_bug.cgi?id=101695 |
1882 | - |
1883 | - Reviewed by Mark Hahnenberg. |
1884 | - |
1885 | - Initialize JSLock::m_ownerThread and JSLock::m_lockDropDepth. |
1886 | - |
1887 | - * runtime/JSLock.cpp: |
1888 | - (JSC::JSLock::JSLock): |
1889 | - |
1890 | -2012-11-13 Peter Gal <galpeter@inf.u-szeged.hu> |
1891 | - |
1892 | - Fix the ARM traditional build after r134332 |
1893 | - https://bugs.webkit.org/show_bug.cgi?id=102044 |
1894 | - |
1895 | - Reviewed by Zoltan Herczeg. |
1896 | - |
1897 | - Added missing methods for the MacroAssemblerARM, based on the MacroAssemblerARMv7. |
1898 | - |
1899 | - * assembler/MacroAssemblerARM.h: |
1900 | - (JSC::MacroAssemblerARM::canJumpReplacePatchableBranchPtrWithPatch): |
1901 | - (MacroAssemblerARM): |
1902 | - (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch): |
1903 | - (JSC::MacroAssemblerARM::revertJumpReplacementToPatchableBranchPtrWithPatch): |
1904 | - |
1905 | -2012-11-12 Filip Pizlo <fpizlo@apple.com> |
1906 | - |
1907 | - op_get_callee should have value profiling |
1908 | - https://bugs.webkit.org/show_bug.cgi?id=102047 |
1909 | - |
1910 | - Reviewed by Sam Weinig. |
1911 | - |
1912 | - This will allow us to detect if the callee is always the same, which is probably |
1913 | - the common case for a lot of constructors. |
1914 | - |
1915 | - * bytecode/CodeBlock.cpp: |
1916 | - (JSC::CodeBlock::CodeBlock): |
1917 | - * bytecode/Opcode.h: |
1918 | - (JSC): |
1919 | - (JSC::padOpcodeName): |
1920 | - * bytecompiler/BytecodeGenerator.cpp: |
1921 | - (JSC::BytecodeGenerator::BytecodeGenerator): |
1922 | - * jit/JITOpcodes.cpp: |
1923 | - (JSC::JIT::emit_op_get_callee): |
1924 | - * jit/JITOpcodes32_64.cpp: |
1925 | - (JSC::JIT::emit_op_get_callee): |
1926 | - * llint/LowLevelInterpreter32_64.asm: |
1927 | - * llint/LowLevelInterpreter64.asm: |
1928 | - |
1929 | -2012-11-12 Filip Pizlo <fpizlo@apple.com> |
1930 | - |
1931 | - The act of getting the callee during 'this' construction should be explicit in bytecode |
1932 | - https://bugs.webkit.org/show_bug.cgi?id=102016 |
1933 | - |
1934 | - Reviewed by Michael Saboff. |
1935 | - |
1936 | - This is mostly a rollout of http://trac.webkit.org/changeset/116673, but also includes |
1937 | - changes to have create_this use the result of get_callee. |
1938 | - |
1939 | - No performance or behavioral impact. This is just meant to allow us to profile |
1940 | - get_callee in the future. |
1941 | - |
1942 | - * bytecode/CodeBlock.cpp: |
1943 | - (JSC::CodeBlock::dump): |
1944 | - * bytecode/Opcode.h: |
1945 | - (JSC): |
1946 | - (JSC::padOpcodeName): |
1947 | - * bytecompiler/BytecodeGenerator.cpp: |
1948 | - (JSC::BytecodeGenerator::BytecodeGenerator): |
1949 | - * dfg/DFGByteCodeParser.cpp: |
1950 | - (JSC::DFG::ByteCodeParser::parseBlock): |
1951 | - * dfg/DFGCapabilities.h: |
1952 | - (JSC::DFG::canCompileOpcode): |
1953 | - * jit/JIT.cpp: |
1954 | - (JSC::JIT::privateCompileMainPass): |
1955 | - * jit/JIT.h: |
1956 | - (JIT): |
1957 | - * jit/JITOpcodes.cpp: |
1958 | - (JSC::JIT::emit_op_get_callee): |
1959 | - (JSC): |
1960 | - (JSC::JIT::emit_op_create_this): |
1961 | - * jit/JITOpcodes32_64.cpp: |
1962 | - (JSC::JIT::emit_op_get_callee): |
1963 | - (JSC): |
1964 | - (JSC::JIT::emit_op_create_this): |
1965 | - * llint/LLIntSlowPaths.cpp: |
1966 | - (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
1967 | - * llint/LowLevelInterpreter32_64.asm: |
1968 | - * llint/LowLevelInterpreter64.asm: |
1969 | - |
1970 | -2012-11-12 Filip Pizlo <fpizlo@apple.com> |
1971 | - |
1972 | - Unreviewed, fix ARMv7 build. |
1973 | - |
1974 | - * assembler/MacroAssemblerARMv7.h: |
1975 | - (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch): |
1976 | - (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch): |
1977 | - |
1978 | -2012-11-12 Filip Pizlo <fpizlo@apple.com> |
1979 | - |
1980 | - Patching of jumps to stubs should use jump replacement rather than branch destination overwrite |
1981 | - https://bugs.webkit.org/show_bug.cgi?id=101909 |
1982 | - |
1983 | - Reviewed by Geoffrey Garen. |
1984 | - |
1985 | - This saves a few instructions in inline cases, on those architectures where it is |
1986 | - easy to figure out where to put the jump replacement. Sub-1% speed-up across the |
1987 | - board. |
1988 | - |
1989 | - * assembler/MacroAssemblerARMv7.h: |
1990 | - (MacroAssemblerARMv7): |
1991 | - (JSC::MacroAssemblerARMv7::canJumpReplacePatchableBranchPtrWithPatch): |
1992 | - (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch): |
1993 | - (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch): |
1994 | - * assembler/MacroAssemblerX86.h: |
1995 | - (JSC::MacroAssemblerX86::canJumpReplacePatchableBranchPtrWithPatch): |
1996 | - (MacroAssemblerX86): |
1997 | - (JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatch): |
1998 | - (JSC::MacroAssemblerX86::revertJumpReplacementToPatchableBranchPtrWithPatch): |
1999 | - * assembler/MacroAssemblerX86_64.h: |
2000 | - (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranchPtrWithPatch): |
2001 | - (MacroAssemblerX86_64): |
2002 | - (JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatch): |
2003 | - (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranchPtrWithPatch): |
2004 | - * assembler/RepatchBuffer.h: |
2005 | - (JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatch): |
2006 | - (RepatchBuffer): |
2007 | - (JSC::RepatchBuffer::replaceWithJump): |
2008 | - (JSC::RepatchBuffer::revertJumpReplacementToPatchableBranchPtrWithPatch): |
2009 | - * assembler/X86Assembler.h: |
2010 | - (X86Assembler): |
2011 | - (JSC::X86Assembler::revertJumpTo_movq_i64r): |
2012 | - (JSC::X86Assembler::revertJumpTo_cmpl_im_force32): |
2013 | - (X86InstructionFormatter): |
2014 | - * bytecode/StructureStubInfo.h: |
2015 | - * dfg/DFGRepatch.cpp: |
2016 | - (JSC::DFG::replaceWithJump): |
2017 | - (DFG): |
2018 | - (JSC::DFG::tryCacheGetByID): |
2019 | - (JSC::DFG::tryBuildGetByIDList): |
2020 | - (JSC::DFG::tryBuildGetByIDProtoList): |
2021 | - (JSC::DFG::tryCachePutByID): |
2022 | - (JSC::DFG::dfgResetGetByID): |
2023 | - (JSC::DFG::dfgResetPutByID): |
2024 | - |
2025 | -2012-11-11 Filip Pizlo <fpizlo@apple.com> |
2026 | - |
2027 | - DFG ArithMul overflow check elimination is too aggressive |
2028 | - https://bugs.webkit.org/show_bug.cgi?id=101871 |
2029 | - |
2030 | - Reviewed by Oliver Hunt. |
2031 | - |
2032 | - The code was ignoring the fact that ((a * b) | 0) == (((a | 0) * (b | 0)) | 0) |
2033 | - only holds if a * b < 2^53. So, I changed it to only enable the optimization |
2034 | - when a < 2^22 and b is an int32 (and vice versa), using a super trivial peephole |
2035 | - analysis to prove the inequality. I considered writing an epic forward flow |
2036 | - formulation that tracks the ranges of integer values but then I thought better |
2037 | - of it. |
2038 | - |
2039 | - This also rewires the ArithMul integer speculation logic. Previously, we would |
2040 | - assume that an ArithMul was only UsedAsNumber if it escaped, and separately we |
2041 | - would decide whether to speculate integer based on a proof of the <2^22 |
2042 | - inequality. Now, we treat the double rounding behavior of ArithMul as if the |
2043 | - result was UsedAsNumber even if it did not escape. Then we try to prove that |
2044 | - double rounding cannot happen by attemping to prove that a < 2^22. This then |
2045 | - feeds back into the decision of whether or not to speculate integer (if we fail |
2046 | - to prove a < 2^22 then we're UsedAsNumber, and if we're also MayOverflow then |
2047 | - that forces double speculation). |
2048 | - |
2049 | - No performance impact. It just fixes a bug. |
2050 | - |
2051 | - * dfg/DFGGraph.h: |
2052 | - (JSC::DFG::Graph::mulShouldSpeculateInteger): |
2053 | - * dfg/DFGPredictionPropagationPhase.cpp: |
2054 | - (PredictionPropagationPhase): |
2055 | - (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant): |
2056 | - (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive): |
2057 | - (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo): |
2058 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
2059 | - |
2060 | -2012-11-11 Filip Pizlo <fpizlo@apple.com> |
2061 | - |
2062 | - DFG should not emit function checks if we've already proved that the operand is that exact function |
2063 | - https://bugs.webkit.org/show_bug.cgi?id=101885 |
2064 | - |
2065 | - Reviewed by Oliver Hunt. |
2066 | - |
2067 | - * dfg/DFGAbstractState.cpp: |
2068 | - (JSC::DFG::AbstractState::execute): |
2069 | - * dfg/DFGAbstractValue.h: |
2070 | - (JSC::DFG::AbstractValue::filterByValue): |
2071 | - (AbstractValue): |
2072 | - * dfg/DFGConstantFoldingPhase.cpp: |
2073 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
2074 | - |
2075 | -2012-11-12 Kentaro Hara <haraken@chromium.org> |
2076 | - |
2077 | - [V8][JSC] ScriptProfileNode::callUID needs not to be [Custom] |
2078 | - https://bugs.webkit.org/show_bug.cgi?id=101892 |
2079 | - |
2080 | - Reviewed by Adam Barth. |
2081 | - |
2082 | - Added callUID(), which enables us to kill custom bindings for ScriptProfileNode::callUID. |
2083 | - |
2084 | - * profiler/ProfileNode.h: |
2085 | - (JSC::ProfileNode::callUID): |
2086 | - |
2087 | -2012-11-12 Carlos Garcia Campos <cgarcia@igalia.com> |
2088 | - |
2089 | - Unreviewed. Fix make distcheck. |
2090 | - |
2091 | - * GNUmakefile.list.am: Add missing header. |
2092 | - |
2093 | -2012-11-11 Michael Pruett <michael@68k.org> |
2094 | - |
2095 | - Fix assertion failure in JSObject::tryGetIndexQuickly() |
2096 | - https://bugs.webkit.org/show_bug.cgi?id=101869 |
2097 | - |
2098 | - Reviewed by Filip Pizlo. |
2099 | - |
2100 | - Currently JSObject::tryGetIndexQuickly() triggers an assertion |
2101 | - failure when the object has an undecided indexing type. This |
2102 | - case should be treated the same as a blank indexing type. |
2103 | - |
2104 | - * runtime/JSObject.h: |
2105 | - (JSC::JSObject::tryGetIndexQuickly): |
2106 | - |
2107 | -2012-11-11 Filip Pizlo <fpizlo@apple.com> |
2108 | - |
2109 | - DFG register allocation should be greedy rather than round-robin |
2110 | - https://bugs.webkit.org/show_bug.cgi?id=101870 |
2111 | - |
2112 | - Reviewed by Geoffrey Garen. |
2113 | - |
2114 | - This simplifies the code, reduces some code duplication, and shows some slight |
2115 | - performance improvements in a few places, likely due to the fact that lower-numered |
2116 | - registers also typically have smaller encodings. |
2117 | - |
2118 | - * dfg/DFGRegisterBank.h: |
2119 | - (JSC::DFG::RegisterBank::RegisterBank): |
2120 | - (JSC::DFG::RegisterBank::tryAllocate): |
2121 | - (JSC::DFG::RegisterBank::allocate): |
2122 | - (JSC::DFG::RegisterBank::allocateInternal): |
2123 | - (RegisterBank): |
2124 | - |
2125 | -2012-11-11 Kenichi Ishibashi <bashi@chromium.org> |
2126 | - |
2127 | - WTFString::utf8() should have a mode of conversion to use replacement character |
2128 | - https://bugs.webkit.org/show_bug.cgi?id=101678 |
2129 | - |
2130 | - Reviewed by Alexey Proskuryakov. |
2131 | - |
2132 | - Follow the change on String::utf8() |
2133 | - |
2134 | - * runtime/JSGlobalObjectFunctions.cpp: |
2135 | - (JSC::encode): Pass String::StrictConversion instead of true to String::utf8(). |
2136 | - |
2137 | -2012-11-10 Filip Pizlo <fpizlo@apple.com> |
2138 | - |
2139 | - DFG should optimize out the NaN check on loads from double arrays if the array prototype chain is having a great time |
2140 | - https://bugs.webkit.org/show_bug.cgi?id=101718 |
2141 | - |
2142 | - Reviewed by Geoffrey Garen. |
2143 | - |
2144 | - If we're reading from a JSArray in double mode, where the array's structure is |
2145 | - primordial (all aspects of the structure are unchanged except for indexing type), |
2146 | - and the result of the load is used in arithmetic that is known to not distinguish |
2147 | - between NaN and undefined, then we should not emit a NaN check. Looks like a 5% |
2148 | - win on navier-stokes. |
2149 | - |
2150 | - Also fixed an OpInfo initialization goof for String ops that was revealed by this |
2151 | - change. |
2152 | - |
2153 | - * dfg/DFGAbstractState.cpp: |
2154 | - (JSC::DFG::AbstractState::execute): |
2155 | - * dfg/DFGArrayMode.cpp: |
2156 | - (JSC::DFG::arraySpeculationToString): |
2157 | - * dfg/DFGArrayMode.h: |
2158 | - (JSC::DFG::ArrayMode::isSaneChain): |
2159 | - (ArrayMode): |
2160 | - (JSC::DFG::ArrayMode::isInBounds): |
2161 | - * dfg/DFGByteCodeParser.cpp: |
2162 | - (JSC::DFG::ByteCodeParser::handleIntrinsic): |
2163 | - * dfg/DFGFixupPhase.cpp: |
2164 | - (JSC::DFG::FixupPhase::fixupNode): |
2165 | - * dfg/DFGNodeFlags.cpp: |
2166 | - (JSC::DFG::nodeFlagsAsString): |
2167 | - * dfg/DFGNodeFlags.h: |
2168 | - (DFG): |
2169 | - * dfg/DFGPredictionPropagationPhase.cpp: |
2170 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
2171 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
2172 | - (JSC::DFG::SpeculativeJIT::compile): |
2173 | - * dfg/DFGSpeculativeJIT64.cpp: |
2174 | - (JSC::DFG::SpeculativeJIT::compile): |
2175 | - * runtime/JSGlobalObject.cpp: |
2176 | - (JSC::JSGlobalObject::arrayPrototypeChainIsSane): |
2177 | - (JSC): |
2178 | - * runtime/JSGlobalObject.h: |
2179 | - (JSGlobalObject): |
2180 | - |
2181 | -2012-11-10 Filip Pizlo <fpizlo@apple.com> |
2182 | - |
2183 | - DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true |
2184 | - https://bugs.webkit.org/show_bug.cgi?id=101511 |
2185 | - |
2186 | - Reviewed by Geoffrey Garen. |
2187 | - |
2188 | - This is the second attempt at this patch, which fixes the !"" case. |
2189 | - |
2190 | - To make life easier, this moves BranchDirection into BasicBlock so that after |
2191 | - running the CFA, we always know, for each block, what direction the CFA |
2192 | - proved. CFG simplification now both uses and preserves cfaBranchDirection in |
2193 | - its transformations. |
2194 | - |
2195 | - Also made both LogicalNot and Branch check whether the operand is a known cell |
2196 | - with a known structure, and if so, made them do the appropriate folding. |
2197 | - |
2198 | - 5% speed-up on V8/raytrace because it makes raytrace's own null checks |
2199 | - evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact |
2200 | - that we were already doing structure check hoisting. |
2201 | - |
2202 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
2203 | - * dfg/DFGAbstractState.cpp: |
2204 | - (JSC::DFG::AbstractState::endBasicBlock): |
2205 | - (JSC::DFG::AbstractState::execute): |
2206 | - (JSC::DFG::AbstractState::mergeToSuccessors): |
2207 | - * dfg/DFGAbstractState.h: |
2208 | - (AbstractState): |
2209 | - * dfg/DFGBasicBlock.h: |
2210 | - (JSC::DFG::BasicBlock::BasicBlock): |
2211 | - (BasicBlock): |
2212 | - * dfg/DFGBranchDirection.h: Added. |
2213 | - (DFG): |
2214 | - (JSC::DFG::branchDirectionToString): |
2215 | - (JSC::DFG::isKnownDirection): |
2216 | - (JSC::DFG::branchCondition): |
2217 | - * dfg/DFGCFGSimplificationPhase.cpp: |
2218 | - (JSC::DFG::CFGSimplificationPhase::run): |
2219 | - (JSC::DFG::CFGSimplificationPhase::mergeBlocks): |
2220 | - |
2221 | -2012-11-10 Sheriff Bot <webkit.review.bot@gmail.com> |
2222 | - |
2223 | - Unreviewed, rolling out r133971. |
2224 | - http://trac.webkit.org/changeset/133971 |
2225 | - https://bugs.webkit.org/show_bug.cgi?id=101839 |
2226 | - |
2227 | - Causes WebProcess to hang at 100% on www.apple.com (Requested |
2228 | - by kling on #webkit). |
2229 | - |
2230 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
2231 | - * dfg/DFGAbstractState.cpp: |
2232 | - (JSC::DFG::AbstractState::endBasicBlock): |
2233 | - (JSC::DFG::AbstractState::execute): |
2234 | - (JSC::DFG::AbstractState::mergeToSuccessors): |
2235 | - * dfg/DFGAbstractState.h: |
2236 | - (JSC::DFG::AbstractState::branchDirectionToString): |
2237 | - (AbstractState): |
2238 | - * dfg/DFGBasicBlock.h: |
2239 | - (JSC::DFG::BasicBlock::BasicBlock): |
2240 | - (BasicBlock): |
2241 | - * dfg/DFGBranchDirection.h: Removed. |
2242 | - * dfg/DFGCFGSimplificationPhase.cpp: |
2243 | - (JSC::DFG::CFGSimplificationPhase::run): |
2244 | - (JSC::DFG::CFGSimplificationPhase::mergeBlocks): |
2245 | - |
2246 | -2012-11-09 Filip Pizlo <fpizlo@apple.com> |
2247 | - |
2248 | - If the DFG ArrayMode says that an access is on an OriginalArray, then the checks should always enforce this |
2249 | - https://bugs.webkit.org/show_bug.cgi?id=101720 |
2250 | - |
2251 | - Reviewed by Mark Hahnenberg. |
2252 | - |
2253 | - Previously, "original" arrays was just a hint that we could find the structure |
2254 | - of the array if we needed to even if the array profile didn't have it due to |
2255 | - polymorphism. Now, "original" arrays are a property that is actually checked: |
2256 | - if an array access has ArrayMode::arrayClass() == Array::OriginalArray, then we |
2257 | - can be sure that the code performing the access is dealing with not just a |
2258 | - JSArray, but a JSArray that has no named properties, no indexed accessors, and |
2259 | - the ArrayPrototype as its prototype. This will be useful for optimizations that |
2260 | - are being done as part of https://bugs.webkit.org/show_bug.cgi?id=101720. |
2261 | - |
2262 | - * dfg/DFGAbstractState.cpp: |
2263 | - (JSC::DFG::AbstractState::execute): |
2264 | - * dfg/DFGArrayMode.cpp: |
2265 | - (JSC::DFG::ArrayMode::originalArrayStructure): |
2266 | - (DFG): |
2267 | - (JSC::DFG::ArrayMode::alreadyChecked): |
2268 | - * dfg/DFGArrayMode.h: |
2269 | - (JSC): |
2270 | - (DFG): |
2271 | - (JSC::DFG::ArrayMode::withProfile): |
2272 | - (ArrayMode): |
2273 | - (JSC::DFG::ArrayMode::benefitsFromOriginalArray): |
2274 | - * dfg/DFGConstantFoldingPhase.cpp: |
2275 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
2276 | - * dfg/DFGFixupPhase.cpp: |
2277 | - (JSC::DFG::FixupPhase::checkArray): |
2278 | - * dfg/DFGSpeculativeJIT.cpp: |
2279 | - (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): |
2280 | - (JSC::DFG::SpeculativeJIT::checkArray): |
2281 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnString): |
2282 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): |
2283 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): |
2284 | - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): |
2285 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): |
2286 | - (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength): |
2287 | - |
2288 | -2012-11-09 Filip Pizlo <fpizlo@apple.com> |
2289 | - |
2290 | - Fix indentation of BooleanPrototype.h |
2291 | - |
2292 | - Rubber stamped by Mark Hahnenberg. |
2293 | - |
2294 | - * runtime/BooleanPrototype.h: |
2295 | - |
2296 | -2012-11-09 Filip Pizlo <fpizlo@apple.com> |
2297 | - |
2298 | - Fix indentation of BooleanObject.h |
2299 | - |
2300 | - Rubber stamped by Mark Hahnenberg. |
2301 | - |
2302 | - * runtime/BooleanObject.h: |
2303 | - |
2304 | -2012-11-09 Filip Pizlo <fpizlo@apple.com> |
2305 | - |
2306 | - Fix indentation of BooleanConstructor.h |
2307 | - |
2308 | - Rubber stamped by Mark Hahnenberg. |
2309 | - |
2310 | - * runtime/BooleanConstructor.h: |
2311 | - |
2312 | -2012-11-09 Filip Pizlo <fpizlo@apple.com> |
2313 | - |
2314 | - Fix indentation of BatchedTransitionOptimizer.h |
2315 | - |
2316 | - Rubber stamped by Mark Hahnenberg. |
2317 | - |
2318 | - * runtime/BatchedTransitionOptimizer.h: |
2319 | - |
2320 | -2012-11-09 Oliver Hunt <oliver@apple.com> |
2321 | - |
2322 | - So Thingy probably isn't the best name for a class, so |
2323 | - renamed to CacheMap. |
2324 | - |
2325 | - RS=Geoff |
2326 | - |
2327 | - * runtime/CodeCache.h: |
2328 | - (JSC::CacheMap::CacheMap): |
2329 | - |
2330 | -2012-11-09 Filip Pizlo <fpizlo@apple.com> |
2331 | - |
2332 | - ArrayPrototype should start out with a blank indexing type |
2333 | - https://bugs.webkit.org/show_bug.cgi?id=101719 |
2334 | - |
2335 | - Reviewed by Mark Hahnenberg. |
2336 | - |
2337 | - This allows us to track if the array prototype ever ends up with indexed |
2338 | - properties. |
2339 | - |
2340 | - * runtime/ArrayPrototype.cpp: |
2341 | - (JSC::ArrayPrototype::create): |
2342 | - (JSC::ArrayPrototype::ArrayPrototype): |
2343 | - * runtime/ArrayPrototype.h: |
2344 | - (ArrayPrototype): |
2345 | - (JSC::ArrayPrototype::createStructure): |
2346 | - |
2347 | -2012-11-08 Mark Hahnenberg <mhahnenberg@apple.com> |
2348 | - |
2349 | - MarkStackArray should use the BlockAllocator instead of the MarkStackSegmentAllocator |
2350 | - https://bugs.webkit.org/show_bug.cgi?id=101642 |
2351 | - |
2352 | - Reviewed by Filip Pizlo. |
2353 | - |
2354 | - MarkStackSegmentAllocator is like a miniature version of the BlockAllocator. Now that the BlockAllocator has support |
2355 | - for a variety of block sizes, we should get rid of the MarkStackSegmentAllocator in favor of the BlockAllocator. |
2356 | - |
2357 | - * heap/BlockAllocator.h: Add new specializations of regionSetFor for the new MarkStackSegments. |
2358 | - (JSC): |
2359 | - (JSC::MarkStackSegment): |
2360 | - * heap/GCThreadSharedData.cpp: |
2361 | - (JSC::GCThreadSharedData::GCThreadSharedData): |
2362 | - (JSC::GCThreadSharedData::reset): |
2363 | - * heap/GCThreadSharedData.h: |
2364 | - (GCThreadSharedData): |
2365 | - * heap/MarkStack.cpp: |
2366 | - (JSC::MarkStackArray::MarkStackArray): We now have a doubly linked list of MarkStackSegments, so we need to refactor |
2367 | - all the places that used the old custom tail/previous logic. |
2368 | - (JSC::MarkStackArray::~MarkStackArray): |
2369 | - (JSC::MarkStackArray::expand): |
2370 | - (JSC::MarkStackArray::refill): |
2371 | - (JSC::MarkStackArray::donateSomeCellsTo): Refactor to use the new linked list. |
2372 | - (JSC::MarkStackArray::stealSomeCellsFrom): Ditto. |
2373 | - * heap/MarkStack.h: |
2374 | - (JSC): |
2375 | - (MarkStackSegment): |
2376 | - (JSC::MarkStackSegment::MarkStackSegment): |
2377 | - (JSC::MarkStackSegment::sizeFromCapacity): |
2378 | - (MarkStackArray): |
2379 | - * heap/MarkStackInlines.h: |
2380 | - (JSC::MarkStackSegment::create): |
2381 | - (JSC): |
2382 | - (JSC::MarkStackArray::postIncTop): |
2383 | - (JSC::MarkStackArray::preDecTop): |
2384 | - (JSC::MarkStackArray::setTopForFullSegment): |
2385 | - (JSC::MarkStackArray::setTopForEmptySegment): |
2386 | - (JSC::MarkStackArray::top): |
2387 | - (JSC::MarkStackArray::validatePrevious): |
2388 | - (JSC::MarkStackArray::append): |
2389 | - (JSC::MarkStackArray::removeLast): |
2390 | - (JSC::MarkStackArray::isEmpty): |
2391 | - (JSC::MarkStackArray::size): |
2392 | - * heap/SlotVisitor.cpp: |
2393 | - (JSC::SlotVisitor::SlotVisitor): |
2394 | - |
2395 | -2012-11-09 Gabor Ballabas <gaborb@inf.u-szeged.hu> |
2396 | - |
2397 | - [Qt] r133953 broke the ARM_TRADITIONAL build |
2398 | - https://bugs.webkit.org/show_bug.cgi?id=101706 |
2399 | - |
2400 | - Reviewed by Csaba Osztrogonác. |
2401 | - |
2402 | - Fix for both hardfp and softfp. |
2403 | - |
2404 | - * dfg/DFGCCallHelpers.h: |
2405 | - (CCallHelpers): |
2406 | - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): |
2407 | - |
2408 | -2012-11-09 Sheriff Bot <webkit.review.bot@gmail.com> |
2409 | - |
2410 | - Unreviewed, rolling out r134051. |
2411 | - http://trac.webkit.org/changeset/134051 |
2412 | - https://bugs.webkit.org/show_bug.cgi?id=101757 |
2413 | - |
2414 | - It didn't fix the build (Requested by Ossy on #webkit). |
2415 | - |
2416 | - * dfg/DFGCCallHelpers.h: |
2417 | - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): |
2418 | - |
2419 | -2012-11-09 Gabor Ballabas <gaborb@inf.u-szeged.hu> |
2420 | - |
2421 | - [Qt] r133953 broke the ARM_TRADITIONAL build |
2422 | - https://bugs.webkit.org/show_bug.cgi?id=101706 |
2423 | - |
2424 | - Reviewed by Csaba Osztrogonác. |
2425 | - |
2426 | - Fix the ARM_TRADITIONAL build after r133953 |
2427 | - |
2428 | - * dfg/DFGCCallHelpers.h: |
2429 | - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): |
2430 | - (CCallHelpers): |
2431 | - |
2432 | -2012-11-09 Csaba Osztrogonác <ossy@webkit.org> |
2433 | - |
2434 | - [Qt] Fix the LLINT build from ARMv7 platform |
2435 | - https://bugs.webkit.org/show_bug.cgi?id=101712 |
2436 | - |
2437 | - Reviewed by Simon Hausmann. |
2438 | - |
2439 | - Enable generating of LLIntAssembly.h on ARM platforms. |
2440 | - |
2441 | - * DerivedSources.pri: |
2442 | - * JavaScriptCore.pro: |
2443 | - |
2444 | -2012-11-08 Filip Pizlo <fpizlo@apple.com> |
2445 | - |
2446 | - ArrayPrototype.h should have correct indentation |
2447 | - |
2448 | - Rubber stamped by Sam Weinig. |
2449 | - |
2450 | - * runtime/ArrayPrototype.h: |
2451 | - |
2452 | -2012-11-08 Mark Lam <mark.lam@apple.com> |
2453 | - |
2454 | - Renamed ...InlineMethods.h files to ...Inlines.h. |
2455 | - https://bugs.webkit.org/show_bug.cgi?id=101145. |
2456 | - |
2457 | - Reviewed by Geoffrey Garen. |
2458 | - |
2459 | - This is only a refactoring effort to rename the files. There are no |
2460 | - functionality changes. |
2461 | - |
2462 | - * API/JSObjectRef.cpp: |
2463 | - * GNUmakefile.list.am: |
2464 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
2465 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
2466 | - * bytecode/CodeBlock.cpp: |
2467 | - * dfg/DFGOperations.cpp: |
2468 | - * heap/ConservativeRoots.cpp: |
2469 | - * heap/CopiedBlock.h: |
2470 | - * heap/CopiedSpace.cpp: |
2471 | - * heap/CopiedSpaceInlineMethods.h: Removed. |
2472 | - * heap/CopiedSpaceInlines.h: Copied from Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h. |
2473 | - * heap/CopyVisitor.cpp: |
2474 | - * heap/CopyVisitorInlineMethods.h: Removed. |
2475 | - * heap/CopyVisitorInlines.h: Copied from Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h. |
2476 | - * heap/GCThread.cpp: |
2477 | - * heap/GCThreadSharedData.cpp: |
2478 | - * heap/HandleStack.cpp: |
2479 | - * heap/Heap.cpp: |
2480 | - * heap/HeapRootVisitor.h: |
2481 | - * heap/MarkStack.cpp: |
2482 | - * heap/MarkStackInlineMethods.h: Removed. |
2483 | - * heap/MarkStackInlines.h: Copied from Source/JavaScriptCore/heap/MarkStackInlineMethods.h. |
2484 | - * heap/SlotVisitor.cpp: |
2485 | - * heap/SlotVisitor.h: |
2486 | - * heap/SlotVisitorInlineMethods.h: Removed. |
2487 | - * heap/SlotVisitorInlines.h: Copied from Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h. |
2488 | - * jit/HostCallReturnValue.cpp: |
2489 | - * jit/JIT.cpp: |
2490 | - * jit/JITArithmetic.cpp: |
2491 | - * jit/JITArithmetic32_64.cpp: |
2492 | - * jit/JITCall.cpp: |
2493 | - * jit/JITCall32_64.cpp: |
2494 | - * jit/JITInlineMethods.h: Removed. |
2495 | - * jit/JITInlines.h: Copied from Source/JavaScriptCore/jit/JITInlineMethods.h. |
2496 | - * jit/JITOpcodes.cpp: |
2497 | - * jit/JITOpcodes32_64.cpp: |
2498 | - * jit/JITPropertyAccess.cpp: |
2499 | - * jit/JITPropertyAccess32_64.cpp: |
2500 | - * jsc.cpp: |
2501 | - * runtime/ArrayConstructor.cpp: |
2502 | - * runtime/ArrayPrototype.cpp: |
2503 | - * runtime/ButterflyInlineMethods.h: Removed. |
2504 | - * runtime/ButterflyInlines.h: Copied from Source/JavaScriptCore/runtime/ButterflyInlineMethods.h. |
2505 | - * runtime/IndexingHeaderInlineMethods.h: Removed. |
2506 | - * runtime/IndexingHeaderInlines.h: Copied from Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h. |
2507 | - * runtime/JSActivation.h: |
2508 | - * runtime/JSArray.cpp: |
2509 | - * runtime/JSArray.h: |
2510 | - * runtime/JSCell.h: |
2511 | - * runtime/JSObject.cpp: |
2512 | - * runtime/JSValueInlineMethods.h: Removed. |
2513 | - * runtime/JSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlineMethods.h. |
2514 | - * runtime/LiteralParser.cpp: |
2515 | - * runtime/ObjectConstructor.cpp: |
2516 | - * runtime/Operations.h: |
2517 | - * runtime/RegExpMatchesArray.cpp: |
2518 | - * runtime/RegExpObject.cpp: |
2519 | - * runtime/StringPrototype.cpp: |
2520 | - |
2521 | -2012-11-08 Filip Pizlo <fpizlo@apple.com> |
2522 | - |
2523 | - ArrayConstructor.h should have correct indentation |
2524 | - |
2525 | - Rubber stamped by Sam Weinig. |
2526 | - |
2527 | - * runtime/ArrayConstructor.h: |
2528 | - |
2529 | -2012-11-08 Filip Pizlo <fpizlo@apple.com> |
2530 | - |
2531 | - DFG should know that int == null is always false |
2532 | - https://bugs.webkit.org/show_bug.cgi?id=101665 |
2533 | - |
2534 | - Reviewed by Oliver Hunt. |
2535 | - |
2536 | - * dfg/DFGAbstractState.cpp: |
2537 | - (JSC::DFG::AbstractState::execute): |
2538 | - |
2539 | -2012-11-08 Filip Pizlo <fpizlo@apple.com> |
2540 | - |
2541 | - Arguments.h should have correct indentation |
2542 | - |
2543 | - Rubber stamped by Sam Weinig. |
2544 | - |
2545 | - * runtime/Arguments.h: |
2546 | - |
2547 | -2012-11-08 Filip Pizlo <fpizlo@apple.com> |
2548 | - |
2549 | - It should be possible to JIT compile get_by_vals and put_by_vals even if the DFG is disabled. |
2550 | - |
2551 | - Reviewed by Oliver Hunt. |
2552 | - |
2553 | - * jit/JITInlineMethods.h: |
2554 | - (JSC::JIT::chooseArrayMode): |
2555 | - |
2556 | -2012-11-08 Filip Pizlo <fpizlo@apple.com> |
2557 | - |
2558 | - op_call should have LLInt call link info even if the DFG is disabled |
2559 | - https://bugs.webkit.org/show_bug.cgi?id=101672 |
2560 | - |
2561 | - Reviewed by Oliver Hunt. |
2562 | - |
2563 | - Get rid of the evil uses of fall-through. |
2564 | - |
2565 | - * bytecode/CodeBlock.cpp: |
2566 | - (JSC::CodeBlock::CodeBlock): |
2567 | - |
2568 | -2012-11-08 Oliver Hunt <oliver@apple.com> |
2569 | - |
2570 | - Improve effectiveness of function-level caching |
2571 | - https://bugs.webkit.org/show_bug.cgi?id=101667 |
2572 | - |
2573 | - Reviewed by Filip Pizlo. |
2574 | - |
2575 | - Added a random-eviction based cache for unlinked functions, and switch |
2576 | - UnlinkedFunctionExecutable's code references to Weak<>, thereby letting |
2577 | - us remove the explicit UnlinkedFunctionExecutable::clearCode() calls that |
2578 | - were being triggered by GC. |
2579 | - |
2580 | - Refactored the random eviction part of the CodeCache into a separate data |
2581 | - structure so that I didn't have to duplicate the code again, and then used |
2582 | - that for the new function cache. |
2583 | - |
2584 | - * bytecode/UnlinkedCodeBlock.cpp: |
2585 | - (JSC::UnlinkedFunctionExecutable::visitChildren): |
2586 | - (JSC::UnlinkedFunctionExecutable::codeBlockFor): |
2587 | - * bytecode/UnlinkedCodeBlock.h: |
2588 | - (JSC::UnlinkedFunctionExecutable::clearCodeForRecompilation): |
2589 | - (UnlinkedFunctionExecutable): |
2590 | - * debugger/Debugger.cpp: |
2591 | - * runtime/CodeCache.cpp: |
2592 | - (JSC::CodeCache::getCodeBlock): |
2593 | - (JSC::CodeCache::generateFunctionCodeBlock): |
2594 | - (JSC::CodeCache::getFunctionExecutableFromGlobalCode): |
2595 | - (JSC::CodeCache::usedFunctionCode): |
2596 | - (JSC): |
2597 | - * runtime/Executable.cpp: |
2598 | - (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilationIfNotCompiling): |
2599 | - (JSC::FunctionExecutable::clearCode): |
2600 | - * runtime/Executable.h: |
2601 | - (FunctionExecutable): |
2602 | - |
2603 | -2012-11-07 Filip Pizlo <fpizlo@apple.com> |
2604 | - |
2605 | - DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true |
2606 | - https://bugs.webkit.org/show_bug.cgi?id=101511 |
2607 | - |
2608 | - Reviewed by Oliver Hunt. |
2609 | - |
2610 | - To make life easier, this moves BranchDirection into BasicBlock so that after |
2611 | - running the CFA, we always know, for each block, what direction the CFA |
2612 | - proved. CFG simplification now both uses and preserves cfaBranchDirection in |
2613 | - its transformations. |
2614 | - |
2615 | - Also made both LogicalNot and Branch check whether the operand is a known cell |
2616 | - with a known structure, and if so, made them do the appropriate folding. |
2617 | - |
2618 | - 5% speed-up on V8/raytrace because it makes raytrace's own null checks |
2619 | - evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact |
2620 | - that we were already doing structure check hoisting. |
2621 | - |
2622 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
2623 | - * dfg/DFGAbstractState.cpp: |
2624 | - (JSC::DFG::AbstractState::endBasicBlock): |
2625 | - (JSC::DFG::AbstractState::execute): |
2626 | - (JSC::DFG::AbstractState::mergeToSuccessors): |
2627 | - * dfg/DFGAbstractState.h: |
2628 | - (AbstractState): |
2629 | - * dfg/DFGBasicBlock.h: |
2630 | - (JSC::DFG::BasicBlock::BasicBlock): |
2631 | - (BasicBlock): |
2632 | - * dfg/DFGBranchDirection.h: Added. |
2633 | - (DFG): |
2634 | - (JSC::DFG::branchDirectionToString): |
2635 | - (JSC::DFG::isKnownDirection): |
2636 | - (JSC::DFG::branchCondition): |
2637 | - * dfg/DFGCFGSimplificationPhase.cpp: |
2638 | - (JSC::DFG::CFGSimplificationPhase::run): |
2639 | - (JSC::DFG::CFGSimplificationPhase::mergeBlocks): |
2640 | - |
2641 | -2012-11-08 Christophe Dumez <christophe.dumez@intel.com> |
2642 | - |
2643 | - [JSC] HTML extensions to String.prototype should escape " as " in argument values |
2644 | - https://bugs.webkit.org/show_bug.cgi?id=90667 |
2645 | - |
2646 | - Reviewed by Benjamin Poulain. |
2647 | - |
2648 | - Escape quotation mark as " in argument values to: |
2649 | - - String.prototype.anchor(name) |
2650 | - - String.prototype.fontcolor(color) |
2651 | - - String.prototype.fontsize(size) |
2652 | - - String.prototype.link(href) |
2653 | - |
2654 | - This behavior matches Chromium/V8 and Firefox/Spidermonkey |
2655 | - implementations and is requited by: |
2656 | - http://mathias.html5.org/specs/javascript/#escapeattributevalue |
2657 | - |
2658 | - This also fixes a potential security risk (XSS vector). |
2659 | - |
2660 | - * runtime/StringPrototype.cpp: |
2661 | - (JSC::stringProtoFuncFontcolor): |
2662 | - (JSC::stringProtoFuncFontsize): |
2663 | - (JSC::stringProtoFuncAnchor): |
2664 | - (JSC::stringProtoFuncLink): |
2665 | - |
2666 | -2012-11-08 Anders Carlsson <andersca@apple.com> |
2667 | - |
2668 | - HeapStatistics::s_pauseTimeStarts and s_pauseTimeEnds should be Vectors |
2669 | - https://bugs.webkit.org/show_bug.cgi?id=101651 |
2670 | - |
2671 | - Reviewed by Andreas Kling. |
2672 | - |
2673 | - HeapStatistics uses Deques when Vectors would work just as good. |
2674 | - |
2675 | - * heap/HeapStatistics.cpp: |
2676 | - * heap/HeapStatistics.h: |
2677 | - (HeapStatistics): |
2678 | - |
2679 | -2012-11-07 Filip Pizlo <fpizlo@apple.com> |
2680 | - |
2681 | - DFG should not assume that something is a double just because it might be undefined |
2682 | - https://bugs.webkit.org/show_bug.cgi?id=101438 |
2683 | - |
2684 | - Reviewed by Oliver Hunt. |
2685 | - |
2686 | - This changes all non-bitop arithmetic to (a) statically expect that variables are |
2687 | - defined prior to use in arithmetic and (b) not fall off into double paths just |
2688 | - because a value may not be a number. This is accomplished with two new notions of |
2689 | - speculation: |
2690 | - |
2691 | - shouldSpeculateIntegerExpectingDefined: Should we speculate that the value is an |
2692 | - integer if we ignore undefined (i.e. SpecOther) predictions? |
2693 | - |
2694 | - shouldSpeculateIntegerForArithmetic: Should we speculate that the value is an |
2695 | - integer if we ignore non-numeric predictions? |
2696 | - |
2697 | - This is a ~2x speed-up on programs that seem to our prediction propagator to have |
2698 | - paths in which otherwise numeric variables are undefined. |
2699 | - |
2700 | - * bytecode/SpeculatedType.h: |
2701 | - (JSC::isInt32SpeculationForArithmetic): |
2702 | - (JSC): |
2703 | - (JSC::isInt32SpeculationExpectingDefined): |
2704 | - (JSC::isDoubleSpeculationForArithmetic): |
2705 | - (JSC::isNumberSpeculationExpectingDefined): |
2706 | - * dfg/DFGAbstractState.cpp: |
2707 | - (JSC::DFG::AbstractState::execute): |
2708 | - * dfg/DFGFixupPhase.cpp: |
2709 | - (JSC::DFG::FixupPhase::fixupNode): |
2710 | - * dfg/DFGGraph.h: |
2711 | - (JSC::DFG::Graph::addShouldSpeculateInteger): |
2712 | - (JSC::DFG::Graph::mulShouldSpeculateInteger): |
2713 | - (JSC::DFG::Graph::negateShouldSpeculateInteger): |
2714 | - (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): |
2715 | - (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger): |
2716 | - * dfg/DFGNode.h: |
2717 | - (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic): |
2718 | - (Node): |
2719 | - (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined): |
2720 | - (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic): |
2721 | - (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined): |
2722 | - * dfg/DFGPredictionPropagationPhase.cpp: |
2723 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
2724 | - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): |
2725 | - * dfg/DFGSpeculativeJIT.cpp: |
2726 | - (JSC::DFG::SpeculativeJIT::compileAdd): |
2727 | - (JSC::DFG::SpeculativeJIT::compileArithMod): |
2728 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
2729 | - (JSC::DFG::SpeculativeJIT::compile): |
2730 | - * dfg/DFGSpeculativeJIT64.cpp: |
2731 | - (JSC::DFG::SpeculativeJIT::compile): |
2732 | - * jit/JITArithmetic.cpp: |
2733 | - (JSC::JIT::emit_op_div): |
2734 | - |
2735 | -2012-11-06 Filip Pizlo <fpizlo@apple.com> |
2736 | - |
2737 | - JSC should infer when indexed storage contains only integers or doubles |
2738 | - https://bugs.webkit.org/show_bug.cgi?id=98606 |
2739 | - |
2740 | - Reviewed by Oliver Hunt. |
2741 | - |
2742 | - This adds two new indexing types: int32 and double. It also adds array allocation profiling, |
2743 | - which allows array allocations to converge to allocating arrays using those types to which |
2744 | - those arrays would have been converted. |
2745 | - |
2746 | - 20% speed-up on navier-stokes. 40% speed-up on various Kraken DSP tests. Some slow-downs too, |
2747 | - but a performance win overall on all benchmarks we track. |
2748 | - |
2749 | - * API/JSObjectRef.cpp: |
2750 | - (JSObjectMakeArray): |
2751 | - * CMakeLists.txt: |
2752 | - * GNUmakefile.list.am: |
2753 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: |
2754 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
2755 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
2756 | - * Target.pri: |
2757 | - * assembler/AbstractMacroAssembler.h: |
2758 | - (JumpList): |
2759 | - (JSC::AbstractMacroAssembler::JumpList::JumpList): |
2760 | - * assembler/MacroAssemblerX86Common.h: |
2761 | - (JSC::MacroAssemblerX86Common::branchDouble): |
2762 | - * assembler/X86Assembler.h: |
2763 | - (JSC::X86Assembler::jnp): |
2764 | - (X86Assembler): |
2765 | - (JSC::X86Assembler::X86InstructionFormatter::emitRex): |
2766 | - * bytecode/ArrayAllocationProfile.cpp: Added. |
2767 | - (JSC): |
2768 | - (JSC::ArrayAllocationProfile::updateIndexingType): |
2769 | - * bytecode/ArrayAllocationProfile.h: Added. |
2770 | - (JSC): |
2771 | - (ArrayAllocationProfile): |
2772 | - (JSC::ArrayAllocationProfile::ArrayAllocationProfile): |
2773 | - (JSC::ArrayAllocationProfile::selectIndexingType): |
2774 | - (JSC::ArrayAllocationProfile::updateLastAllocation): |
2775 | - (JSC::ArrayAllocationProfile::selectIndexingTypeFor): |
2776 | - (JSC::ArrayAllocationProfile::updateLastAllocationFor): |
2777 | - * bytecode/ArrayProfile.cpp: |
2778 | - (JSC::ArrayProfile::updatedObservedArrayModes): |
2779 | - (JSC): |
2780 | - * bytecode/ArrayProfile.h: |
2781 | - (JSC): |
2782 | - (JSC::arrayModesInclude): |
2783 | - (JSC::shouldUseSlowPutArrayStorage): |
2784 | - (JSC::shouldUseFastArrayStorage): |
2785 | - (JSC::shouldUseContiguous): |
2786 | - (JSC::shouldUseDouble): |
2787 | - (JSC::shouldUseInt32): |
2788 | - (ArrayProfile): |
2789 | - * bytecode/ByValInfo.h: |
2790 | - (JSC::isOptimizableIndexingType): |
2791 | - (JSC::jitArrayModeForIndexingType): |
2792 | - * bytecode/CodeBlock.cpp: |
2793 | - (JSC::CodeBlock::dump): |
2794 | - (JSC::CodeBlock::CodeBlock): |
2795 | - (JSC::CodeBlock::updateAllPredictionsAndCountLiveness): |
2796 | - (JSC): |
2797 | - (JSC::CodeBlock::updateAllValueProfilePredictions): |
2798 | - (JSC::CodeBlock::updateAllArrayPredictions): |
2799 | - (JSC::CodeBlock::updateAllPredictions): |
2800 | - (JSC::CodeBlock::shouldOptimizeNow): |
2801 | - * bytecode/CodeBlock.h: |
2802 | - (CodeBlock): |
2803 | - (JSC::CodeBlock::numberOfArrayAllocationProfiles): |
2804 | - (JSC::CodeBlock::addArrayAllocationProfile): |
2805 | - (JSC::CodeBlock::updateAllValueProfilePredictions): |
2806 | - (JSC::CodeBlock::updateAllArrayPredictions): |
2807 | - * bytecode/DFGExitProfile.h: |
2808 | - (JSC::DFG::exitKindToString): |
2809 | - * bytecode/Instruction.h: |
2810 | - (JSC): |
2811 | - (JSC::Instruction::Instruction): |
2812 | - * bytecode/Opcode.h: |
2813 | - (JSC): |
2814 | - (JSC::padOpcodeName): |
2815 | - * bytecode/SpeculatedType.h: |
2816 | - (JSC): |
2817 | - (JSC::isRealNumberSpeculation): |
2818 | - * bytecode/UnlinkedCodeBlock.cpp: |
2819 | - (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): |
2820 | - * bytecode/UnlinkedCodeBlock.h: |
2821 | - (JSC): |
2822 | - (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): |
2823 | - (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): |
2824 | - (UnlinkedCodeBlock): |
2825 | - * bytecompiler/BytecodeGenerator.cpp: |
2826 | - (JSC::BytecodeGenerator::newArrayAllocationProfile): |
2827 | - (JSC): |
2828 | - (JSC::BytecodeGenerator::emitNewArray): |
2829 | - (JSC::BytecodeGenerator::emitExpectedFunctionSnippet): |
2830 | - * bytecompiler/BytecodeGenerator.h: |
2831 | - (BytecodeGenerator): |
2832 | - * dfg/DFGAbstractState.cpp: |
2833 | - (JSC::DFG::AbstractState::execute): |
2834 | - * dfg/DFGArrayMode.cpp: |
2835 | - (JSC::DFG::ArrayMode::fromObserved): |
2836 | - (JSC::DFG::ArrayMode::refine): |
2837 | - (DFG): |
2838 | - (JSC::DFG::ArrayMode::alreadyChecked): |
2839 | - (JSC::DFG::arrayTypeToString): |
2840 | - * dfg/DFGArrayMode.h: |
2841 | - (JSC::DFG::ArrayMode::withType): |
2842 | - (ArrayMode): |
2843 | - (JSC::DFG::ArrayMode::withTypeAndConversion): |
2844 | - (JSC::DFG::ArrayMode::usesButterfly): |
2845 | - (JSC::DFG::ArrayMode::isSpecific): |
2846 | - (JSC::DFG::ArrayMode::supportsLength): |
2847 | - (JSC::DFG::ArrayMode::arrayModesThatPassFiltering): |
2848 | - * dfg/DFGByteCodeParser.cpp: |
2849 | - (JSC::DFG::ByteCodeParser::getArrayMode): |
2850 | - (ByteCodeParser): |
2851 | - (JSC::DFG::ByteCodeParser::handleIntrinsic): |
2852 | - (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): |
2853 | - (JSC::DFG::ByteCodeParser::parseBlock): |
2854 | - * dfg/DFGCCallHelpers.h: |
2855 | - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): |
2856 | - (CCallHelpers): |
2857 | - * dfg/DFGCallArrayAllocatorSlowPathGenerator.h: |
2858 | - (JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal): |
2859 | - (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal): |
2860 | - * dfg/DFGFixupPhase.cpp: |
2861 | - (JSC::DFG::FixupPhase::fixupNode): |
2862 | - (JSC::DFG::FixupPhase::checkArray): |
2863 | - * dfg/DFGGraph.cpp: |
2864 | - (JSC::DFG::Graph::dump): |
2865 | - * dfg/DFGGraph.h: |
2866 | - (JSC::DFG::Graph::byValIsPure): |
2867 | - * dfg/DFGNode.h: |
2868 | - (NewArrayBufferData): |
2869 | - (JSC::DFG::Node::hasIndexingType): |
2870 | - (Node): |
2871 | - (JSC::DFG::Node::indexingType): |
2872 | - (JSC::DFG::Node::setIndexingType): |
2873 | - * dfg/DFGOperations.cpp: |
2874 | - * dfg/DFGOperations.h: |
2875 | - * dfg/DFGPredictionPropagationPhase.cpp: |
2876 | - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): |
2877 | - * dfg/DFGSpeculativeJIT.cpp: |
2878 | - (JSC::DFG::SpeculativeJIT::emitAllocateJSArray): |
2879 | - (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): |
2880 | - (DFG): |
2881 | - (JSC::DFG::SpeculativeJIT::checkArray): |
2882 | - (JSC::DFG::SpeculativeJIT::arrayify): |
2883 | - (JSC::DFG::SpeculativeJIT::compileDoublePutByVal): |
2884 | - (JSC::DFG::SpeculativeJIT::compileGetArrayLength): |
2885 | - * dfg/DFGSpeculativeJIT.h: |
2886 | - (JSC::DFG::SpeculativeJIT::callOperation): |
2887 | - (SpeculativeJIT): |
2888 | - (SpeculateIntegerOperand): |
2889 | - (JSC::DFG::SpeculateIntegerOperand::use): |
2890 | - (SpeculateDoubleOperand): |
2891 | - (JSC::DFG::SpeculateDoubleOperand::use): |
2892 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
2893 | - (DFG): |
2894 | - (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal): |
2895 | - (JSC::DFG::SpeculativeJIT::compile): |
2896 | - * dfg/DFGSpeculativeJIT64.cpp: |
2897 | - (JSC::DFG::SpeculativeJIT::compile): |
2898 | - * jit/JIT.h: |
2899 | - (JSC::JIT::emitInt32GetByVal): |
2900 | - (JIT): |
2901 | - (JSC::JIT::emitInt32PutByVal): |
2902 | - (JSC::JIT::emitDoublePutByVal): |
2903 | - (JSC::JIT::emitContiguousPutByVal): |
2904 | - * jit/JITExceptions.cpp: |
2905 | - (JSC::genericThrow): |
2906 | - * jit/JITInlineMethods.h: |
2907 | - (JSC::arrayProfileSaw): |
2908 | - (JSC::JIT::chooseArrayMode): |
2909 | - * jit/JITOpcodes.cpp: |
2910 | - (JSC::JIT::emit_op_new_array): |
2911 | - (JSC::JIT::emit_op_new_array_with_size): |
2912 | - (JSC::JIT::emit_op_new_array_buffer): |
2913 | - * jit/JITPropertyAccess.cpp: |
2914 | - (JSC::JIT::emit_op_get_by_val): |
2915 | - (JSC::JIT::emitDoubleGetByVal): |
2916 | - (JSC): |
2917 | - (JSC::JIT::emitContiguousGetByVal): |
2918 | - (JSC::JIT::emit_op_put_by_val): |
2919 | - (JSC::JIT::emitGenericContiguousPutByVal): |
2920 | - (JSC::JIT::emitSlow_op_put_by_val): |
2921 | - (JSC::JIT::privateCompileGetByVal): |
2922 | - (JSC::JIT::privateCompilePutByVal): |
2923 | - * jit/JITPropertyAccess32_64.cpp: |
2924 | - (JSC::JIT::emit_op_get_by_val): |
2925 | - (JSC::JIT::emitContiguousGetByVal): |
2926 | - (JSC::JIT::emitDoubleGetByVal): |
2927 | - (JSC): |
2928 | - (JSC::JIT::emit_op_put_by_val): |
2929 | - (JSC::JIT::emitGenericContiguousPutByVal): |
2930 | - (JSC::JIT::emitSlow_op_put_by_val): |
2931 | - * jit/JITStubs.cpp: |
2932 | - (JSC::DEFINE_STUB_FUNCTION): |
2933 | - * jit/JITStubs.h: |
2934 | - (JSC): |
2935 | - * jsc.cpp: |
2936 | - (GlobalObject::finishCreation): |
2937 | - * llint/LLIntSlowPaths.cpp: |
2938 | - (JSC::LLInt::jitCompileAndSetHeuristics): |
2939 | - (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
2940 | - * llint/LowLevelInterpreter.asm: |
2941 | - * llint/LowLevelInterpreter32_64.asm: |
2942 | - * llint/LowLevelInterpreter64.asm: |
2943 | - * offlineasm/x86.rb: |
2944 | - * runtime/ArrayConstructor.cpp: |
2945 | - (JSC::constructArrayWithSizeQuirk): |
2946 | - * runtime/ArrayConstructor.h: |
2947 | - (JSC): |
2948 | - * runtime/ArrayPrototype.cpp: |
2949 | - (JSC::arrayProtoFuncConcat): |
2950 | - (JSC::arrayProtoFuncSlice): |
2951 | - (JSC::arrayProtoFuncSplice): |
2952 | - (JSC::arrayProtoFuncFilter): |
2953 | - (JSC::arrayProtoFuncMap): |
2954 | - * runtime/Butterfly.h: |
2955 | - (JSC::Butterfly::contiguousInt32): |
2956 | - (JSC::Butterfly::contiguousDouble): |
2957 | - (JSC::Butterfly::fromContiguous): |
2958 | - * runtime/ButterflyInlineMethods.h: |
2959 | - (JSC::Butterfly::createUninitializedDuringCollection): |
2960 | - * runtime/FunctionPrototype.cpp: |
2961 | - (JSC::functionProtoFuncBind): |
2962 | - * runtime/IndexingHeaderInlineMethods.h: |
2963 | - (JSC::IndexingHeader::indexingPayloadSizeInBytes): |
2964 | - * runtime/IndexingType.cpp: |
2965 | - (JSC::leastUpperBoundOfIndexingTypes): |
2966 | - (JSC): |
2967 | - (JSC::leastUpperBoundOfIndexingTypeAndType): |
2968 | - (JSC::leastUpperBoundOfIndexingTypeAndValue): |
2969 | - (JSC::indexingTypeToString): |
2970 | - * runtime/IndexingType.h: |
2971 | - (JSC): |
2972 | - (JSC::hasUndecided): |
2973 | - (JSC::hasInt32): |
2974 | - (JSC::hasDouble): |
2975 | - * runtime/JSArray.cpp: |
2976 | - (JSC::JSArray::setLength): |
2977 | - (JSC::JSArray::pop): |
2978 | - (JSC::JSArray::push): |
2979 | - (JSC::JSArray::shiftCountWithAnyIndexingType): |
2980 | - (JSC::JSArray::unshiftCountWithAnyIndexingType): |
2981 | - (JSC::compareNumbersForQSortWithInt32): |
2982 | - (JSC): |
2983 | - (JSC::compareNumbersForQSortWithDouble): |
2984 | - (JSC::JSArray::sortNumericVector): |
2985 | - (JSC::JSArray::sortNumeric): |
2986 | - (JSC::JSArray::sortCompactedVector): |
2987 | - (JSC::JSArray::sort): |
2988 | - (JSC::JSArray::sortVector): |
2989 | - (JSC::JSArray::fillArgList): |
2990 | - (JSC::JSArray::copyToArguments): |
2991 | - (JSC::JSArray::compactForSorting): |
2992 | - * runtime/JSArray.h: |
2993 | - (JSArray): |
2994 | - (JSC::createContiguousArrayButterfly): |
2995 | - (JSC::JSArray::create): |
2996 | - (JSC::JSArray::tryCreateUninitialized): |
2997 | - * runtime/JSGlobalObject.cpp: |
2998 | - (JSC::JSGlobalObject::reset): |
2999 | - (JSC): |
3000 | - (JSC::JSGlobalObject::haveABadTime): |
3001 | - (JSC::JSGlobalObject::visitChildren): |
3002 | - * runtime/JSGlobalObject.h: |
3003 | - (JSGlobalObject): |
3004 | - (JSC::JSGlobalObject::originalArrayStructureForIndexingType): |
3005 | - (JSC::JSGlobalObject::arrayStructureForIndexingTypeDuringAllocation): |
3006 | - (JSC::JSGlobalObject::arrayStructureForProfileDuringAllocation): |
3007 | - (JSC::JSGlobalObject::isOriginalArrayStructure): |
3008 | - (JSC::constructEmptyArray): |
3009 | - (JSC::constructArray): |
3010 | - * runtime/JSObject.cpp: |
3011 | - (JSC::JSObject::copyButterfly): |
3012 | - (JSC::JSObject::getOwnPropertySlotByIndex): |
3013 | - (JSC::JSObject::putByIndex): |
3014 | - (JSC::JSObject::enterDictionaryIndexingMode): |
3015 | - (JSC::JSObject::createInitialIndexedStorage): |
3016 | - (JSC): |
3017 | - (JSC::JSObject::createInitialUndecided): |
3018 | - (JSC::JSObject::createInitialInt32): |
3019 | - (JSC::JSObject::createInitialDouble): |
3020 | - (JSC::JSObject::createInitialContiguous): |
3021 | - (JSC::JSObject::convertUndecidedToInt32): |
3022 | - (JSC::JSObject::convertUndecidedToDouble): |
3023 | - (JSC::JSObject::convertUndecidedToContiguous): |
3024 | - (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements): |
3025 | - (JSC::JSObject::convertUndecidedToArrayStorage): |
3026 | - (JSC::JSObject::convertInt32ToDouble): |
3027 | - (JSC::JSObject::convertInt32ToContiguous): |
3028 | - (JSC::JSObject::convertInt32ToArrayStorage): |
3029 | - (JSC::JSObject::convertDoubleToContiguous): |
3030 | - (JSC::JSObject::convertDoubleToArrayStorage): |
3031 | - (JSC::JSObject::convertContiguousToArrayStorage): |
3032 | - (JSC::JSObject::convertUndecidedForValue): |
3033 | - (JSC::JSObject::convertInt32ForValue): |
3034 | - (JSC::JSObject::setIndexQuicklyToUndecided): |
3035 | - (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex): |
3036 | - (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex): |
3037 | - (JSC::JSObject::ensureInt32Slow): |
3038 | - (JSC::JSObject::ensureDoubleSlow): |
3039 | - (JSC::JSObject::ensureContiguousSlow): |
3040 | - (JSC::JSObject::ensureArrayStorageSlow): |
3041 | - (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode): |
3042 | - (JSC::JSObject::switchToSlowPutArrayStorage): |
3043 | - (JSC::JSObject::deletePropertyByIndex): |
3044 | - (JSC::JSObject::getOwnPropertyNames): |
3045 | - (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes): |
3046 | - (JSC::JSObject::putByIndexBeyondVectorLength): |
3047 | - (JSC::JSObject::putDirectIndexBeyondVectorLength): |
3048 | - (JSC::JSObject::getNewVectorLength): |
3049 | - (JSC::JSObject::countElements): |
3050 | - (JSC::JSObject::ensureLengthSlow): |
3051 | - (JSC::JSObject::getOwnPropertyDescriptor): |
3052 | - * runtime/JSObject.h: |
3053 | - (JSC::JSObject::getArrayLength): |
3054 | - (JSC::JSObject::getVectorLength): |
3055 | - (JSC::JSObject::canGetIndexQuickly): |
3056 | - (JSC::JSObject::getIndexQuickly): |
3057 | - (JSC::JSObject::tryGetIndexQuickly): |
3058 | - (JSC::JSObject::canSetIndexQuickly): |
3059 | - (JSC::JSObject::canSetIndexQuicklyForPutDirect): |
3060 | - (JSC::JSObject::setIndexQuickly): |
3061 | - (JSC::JSObject::initializeIndex): |
3062 | - (JSC::JSObject::hasSparseMap): |
3063 | - (JSC::JSObject::inSparseIndexingMode): |
3064 | - (JSObject): |
3065 | - (JSC::JSObject::ensureInt32): |
3066 | - (JSC::JSObject::ensureDouble): |
3067 | - (JSC::JSObject::ensureLength): |
3068 | - (JSC::JSObject::indexingData): |
3069 | - (JSC::JSObject::currentIndexingData): |
3070 | - (JSC::JSObject::getHolyIndexQuickly): |
3071 | - (JSC::JSObject::relevantLength): |
3072 | - (JSC::JSObject::currentRelevantLength): |
3073 | - * runtime/JSValue.cpp: |
3074 | - (JSC::JSValue::description): |
3075 | - * runtime/LiteralParser.cpp: |
3076 | - (JSC::::parse): |
3077 | - * runtime/ObjectConstructor.cpp: |
3078 | - (JSC::objectConstructorGetOwnPropertyNames): |
3079 | - (JSC::objectConstructorKeys): |
3080 | - * runtime/StringPrototype.cpp: |
3081 | - (JSC::stringProtoFuncMatch): |
3082 | - (JSC::stringProtoFuncSplit): |
3083 | - * runtime/Structure.cpp: |
3084 | - (JSC::Structure::nonPropertyTransition): |
3085 | - * runtime/StructureTransitionTable.h: |
3086 | - (JSC::newIndexingType): |
3087 | - |
3088 | -2012-11-08 Balazs Kilvady <kilvadyb@homejinni.com> |
3089 | - |
3090 | - ASSERT problem on MIPS |
3091 | - https://bugs.webkit.org/show_bug.cgi?id=100589 |
3092 | - |
3093 | - Reviewed by Oliver Hunt. |
3094 | - |
3095 | - ASSERT fix for MIPS arch. |
3096 | - |
3097 | - * jit/JITOpcodes.cpp: |
3098 | - (JSC::JIT::emit_resolve_operations): |
3099 | - |
3100 | -2012-11-08 Michael Saboff <msaboff@apple.com> |
3101 | - |
3102 | - OpaqueJSClassContextData() should use StringImpl::isolatedCopy() to make string copies |
3103 | - https://bugs.webkit.org/show_bug.cgi?id=101507 |
3104 | - |
3105 | - Reviewed by Andreas Kling. |
3106 | - |
3107 | - Changed to use isolatedCopy() for key Strings. |
3108 | - |
3109 | - * API/JSClassRef.cpp: |
3110 | - (OpaqueJSClassContextData::OpaqueJSClassContextData): |
3111 | - |
3112 | -2012-11-07 Mark Hahnenberg <mhahnenberg@apple.com> |
3113 | - |
3114 | - WeakBlocks should be HeapBlocks |
3115 | - https://bugs.webkit.org/show_bug.cgi?id=101411 |
3116 | - |
3117 | - Reviewed by Oliver Hunt. |
3118 | - |
3119 | - Currently WeakBlocks use fastMalloc memory. They are very similar to the other HeapBlocks, however, |
3120 | - so we should change them to being allocated with the BlockAllocator. |
3121 | - |
3122 | - * heap/BlockAllocator.cpp: |
3123 | - (JSC::BlockAllocator::BlockAllocator): |
3124 | - * heap/BlockAllocator.h: Added a new RegionSet for WeakBlocks. |
3125 | - (JSC): |
3126 | - (BlockAllocator): |
3127 | - (JSC::WeakBlock): |
3128 | - * heap/Heap.h: Friended WeakSet to allow access to the BlockAllocator. |
3129 | - (Heap): |
3130 | - * heap/WeakBlock.cpp: |
3131 | - (JSC::WeakBlock::create): Refactored to use HeapBlocks rather than fastMalloc. |
3132 | - (JSC::WeakBlock::WeakBlock): |
3133 | - * heap/WeakBlock.h: Changed the WeakBlock size to 4 KB so that it divides evenly into the Region size. |
3134 | - (JSC): |
3135 | - (WeakBlock): |
3136 | - * heap/WeakSet.cpp: |
3137 | - (JSC::WeakSet::~WeakSet): |
3138 | - (JSC::WeakSet::addAllocator): |
3139 | - |
3140 | -2012-11-07 Filip Pizlo <fpizlo@apple.com> |
3141 | - |
3142 | - Indentation of ArgList.h is wrong |
3143 | - https://bugs.webkit.org/show_bug.cgi?id=101441 |
3144 | - |
3145 | - Reviewed by Andreas Kling. |
3146 | - |
3147 | - Just unindented by 4 spaces. |
3148 | - |
3149 | - * runtime/ArgList.h: |
3150 | - |
3151 | -2012-11-07 Gabor Ballabas <gaborb@inf.u-szeged.hu> |
3152 | - |
3153 | - [Qt][ARM] REGRESSION(r133688): It made all JSC and layout tests crash on ARM traditional platform |
3154 | - https://bugs.webkit.org/show_bug.cgi?id=101465 |
3155 | - |
3156 | - Reviewed by Oliver Hunt. |
3157 | - |
3158 | - Fix failing javascriptcore tests on ARM after r133688 |
3159 | - |
3160 | - * bytecode/CodeBlock.cpp: |
3161 | - (JSC::CodeBlock::CodeBlock): |
3162 | - |
3163 | -2012-11-06 Oliver Hunt <oliver@apple.com> |
3164 | - |
3165 | - Reduce parser overhead in JSC |
3166 | - https://bugs.webkit.org/show_bug.cgi?id=101127 |
3167 | - |
3168 | - Reviewed by Filip Pizlo. |
3169 | - |
3170 | - An exciting journey into the world of architecture in which our hero |
3171 | - adds yet another layer to JSC codegeneration. |
3172 | - |
3173 | - This patch adds a marginally more compact form of bytecode that is |
3174 | - free from any data specific to a given execution context, and that |
3175 | - does store any data structures necessary for execution. To actually |
3176 | - execute this UnlinkedBytecode we still need to instantiate a real |
3177 | - CodeBlock, but this is a much faster linear time operation than any |
3178 | - of the earlier parsing or code generation passes. |
3179 | - |
3180 | - As the unlinked code is context free we can then simply use a cache |
3181 | - from source to unlinked code mapping to completely avoid all of the |
3182 | - old parser overhead. The cache is currently very simple and memory |
3183 | - heavy, using the complete source text as a key (rather than SourceCode |
3184 | - or equivalent), and a random eviction policy. |
3185 | - |
3186 | - This seems to produce a substantial win when loading identical content |
3187 | - in different contexts. |
3188 | - |
3189 | - * API/tests/testapi.c: |
3190 | - (main): |
3191 | - * CMakeLists.txt: |
3192 | - * GNUmakefile.list.am: |
3193 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
3194 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
3195 | - * bytecode/CodeBlock.cpp: |
3196 | - * bytecode/CodeBlock.h: |
3197 | - Moved a number of fields, and a bunch of logic to UnlinkedCodeBlock.h/cpp |
3198 | - * bytecode/Opcode.h: |
3199 | - Added a global const init no op instruction needed to get correct |
3200 | - behaviour without any associated semantics. |
3201 | - * bytecode/UnlinkedCodeBlock.cpp: Added. |
3202 | - * bytecode/UnlinkedCodeBlock.h: Added. |
3203 | - A fairly shallow, GC allocated version of the old CodeBlock |
3204 | - classes with a 32bit instruction size, and just metadata |
3205 | - size tracking. |
3206 | - * bytecompiler/BytecodeGenerator.cpp: |
3207 | - * bytecompiler/BytecodeGenerator.h: |
3208 | - Replace direct access to m_symbolTable with access through |
3209 | - symbolTable(). ProgramCode no longer has a symbol table at |
3210 | - all so some previously unconditional (and pointless) uses |
3211 | - of symbolTable get null checks. |
3212 | - A few other changes to deal with type changes due to us generating |
3213 | - unlinked code (eg. pointer free, so profile indices rather than |
3214 | - pointers). |
3215 | - * dfg/DFGByteCodeParser.cpp: |
3216 | - * dfg/DFGCapabilities.h: |
3217 | - Support global_init_nop |
3218 | - * interpreter/Interpreter.cpp: |
3219 | - Now get the ProgramExecutable to initialise new global properties |
3220 | - before starting execution. |
3221 | - * jit/JIT.cpp: |
3222 | - * jit/JITDriver.h: |
3223 | - * jit/JITStubs.cpp: |
3224 | - * llint/LLIntData.cpp: |
3225 | - * llint/LLIntSlowPaths.cpp: |
3226 | - * llint/LowLevelInterpreter.asm: |
3227 | - * llint/LowLevelInterpreter32_64.asm: |
3228 | - * llint/LowLevelInterpreter64.asm: |
3229 | - Adding init_global_const_nop everywhere else |
3230 | - * parser/Parser.h: |
3231 | - * parser/ParserModes.h: Added. |
3232 | - * parser/ParserTokens.h: |
3233 | - Parser no longer needs a global object or callframe to function |
3234 | - * runtime/CodeCache.cpp: Added. |
3235 | - * runtime/CodeCache.h: Added. |
3236 | - A simple, random eviction, Source->UnlinkedCode cache |
3237 | - * runtime/Executable.cpp: |
3238 | - * runtime/Executable.h: |
3239 | - Executables now reference their unlinked counterparts, and |
3240 | - request code specifically for the target global object. |
3241 | - * runtime/JSGlobalData.cpp: |
3242 | - * runtime/JSGlobalData.h: |
3243 | - GlobalData now owns a CodeCache and a set of new structures |
3244 | - for the unlinked code types. |
3245 | - * runtime/JSGlobalObject.cpp: |
3246 | - * runtime/JSGlobalObject.h: |
3247 | - Utility functions used by executables to perform compilation |
3248 | - |
3249 | - * runtime/JSType.h: |
3250 | - Add new JSTypes for unlinked code |
3251 | - |
3252 | -2012-11-06 Michael Saboff <msaboff@apple.com> |
3253 | - |
3254 | - JSStringCreateWithCFString() Should create an 8 bit String if possible |
3255 | - https://bugs.webkit.org/show_bug.cgi?id=101104 |
3256 | - |
3257 | - Reviewed by Darin Adler. |
3258 | - |
3259 | - Try converting the CFString to an 8 bit string using CFStringGetBytes(..., |
3260 | - kCFStringEncodingISOLatin1, ...) and return the 8 bit string if successful. |
3261 | - If not proceed with 16 bit conversion. |
3262 | - |
3263 | - * API/JSStringRefCF.cpp: |
3264 | - (JSStringCreateWithCFString): |
3265 | - |
3266 | -2012-11-06 Oliver Hunt <oliver@apple.com> |
3267 | - |
3268 | - Reduce direct m_symbolTable usage in CodeBlock |
3269 | - https://bugs.webkit.org/show_bug.cgi?id=101391 |
3270 | - |
3271 | - Reviewed by Sam Weinig. |
3272 | - |
3273 | - Simple refactoring. |
3274 | - |
3275 | - * bytecode/CodeBlock.cpp: |
3276 | - (JSC::CodeBlock::dump): |
3277 | - (JSC::CodeBlock::dumpStatistics): |
3278 | - (JSC::CodeBlock::nameForRegister): |
3279 | - * bytecode/CodeBlock.h: |
3280 | - (JSC::CodeBlock::isCaptured): |
3281 | - |
3282 | -2012-11-06 Michael Saboff <msaboff@apple.com> |
3283 | - |
3284 | - Lexer::scanRegExp, create 8 bit pattern and flag Identifiers from 16 bit source when possible |
3285 | - https://bugs.webkit.org/show_bug.cgi?id=101013 |
3286 | - |
3287 | - Reviewed by Darin Adler. |
3288 | - |
3289 | - Changed scanRegExp so that it will create 8 bit identifiers from 8 bit sources and from 16 bit sources |
3290 | - whan all the characters are 8 bit. Using two templated helpers, the "is all 8 bit" check is only performed |
3291 | - on 16 bit sources. The first helper is orCharacter() that will accumulate the or value of all characters |
3292 | - only for 16 bit sources. Replaced the helper Lexer::makeIdentifierSameType() with Lexer::makeRightSizedIdentifier(). |
3293 | - |
3294 | - * parser/Lexer.cpp: |
3295 | - (JSC::orCharacter<LChar>): Explicit template that serves as a placeholder. |
3296 | - (JSC::orCharacter<UChar>): Explicit template that actually or accumulates characters. |
3297 | - (JSC::Lexer::scanRegExp): |
3298 | - * parser/Lexer.h: |
3299 | - (Lexer): |
3300 | - (JSC::Lexer::makeRightSizedIdentifier<LChar>): New template that always creates an 8 bit Identifier. |
3301 | - (JSC::Lexer::makeRightSizedIdentifier<UChar>): New template that creates an 8 bit Identifier for 8 bit |
3302 | - data in a 16 bit source. |
3303 | - |
3304 | -2012-11-06 Filip Pizlo <fpizlo@apple.com> |
3305 | - |
3306 | - Indentation of JSCell.h is wrong |
3307 | - https://bugs.webkit.org/show_bug.cgi?id=101379 |
3308 | - |
3309 | - Rubber stamped by Alexey Proskuryakov. |
3310 | - |
3311 | - Just removed four spaces on a bunch of lines. |
3312 | - |
3313 | - * runtime/JSCell.h: |
3314 | - |
3315 | -2012-11-05 Filip Pizlo <fpizlo@apple.com> |
3316 | - |
3317 | - Indentation of JSObject.h is wrong |
3318 | - https://bugs.webkit.org/show_bug.cgi?id=101313 |
3319 | - |
3320 | - Rubber stamped by Alexey Proskuryakov. |
3321 | - |
3322 | - Just unindented code, since namespace bodies shouldn't be indented. |
3323 | - |
3324 | - * runtime/JSObject.h: |
3325 | - |
3326 | -2012-11-05 Filip Pizlo <fpizlo@apple.com> |
3327 | - |
3328 | - Indentation of JSArray.h is wrong |
3329 | - https://bugs.webkit.org/show_bug.cgi?id=101314 |
3330 | - |
3331 | - Rubber stamped by Alexey Proskuryakov. |
3332 | - |
3333 | - Just removing the indentation inside the namespace body. |
3334 | - |
3335 | - * runtime/JSArray.h: |
3336 | - |
3337 | -2012-11-05 Filip Pizlo <fpizlo@apple.com> |
3338 | - |
3339 | - DFG should not fall down to patchable GetById just because a prototype had things added to it |
3340 | - https://bugs.webkit.org/show_bug.cgi?id=101299 |
3341 | - |
3342 | - Reviewed by Geoffrey Garen. |
3343 | - |
3344 | - This looks like a slight win on V8v7 and SunSpider. |
3345 | - |
3346 | - * bytecode/DFGExitProfile.h: |
3347 | - (JSC::DFG::exitKindToString): |
3348 | - * dfg/DFGSpeculativeJIT64.cpp: |
3349 | - (JSC::DFG::SpeculativeJIT::compile): |
3350 | - |
3351 | -2012-11-05 Filip Pizlo <fpizlo@apple.com> |
3352 | - |
3353 | - Get rid of method_check |
3354 | - https://bugs.webkit.org/show_bug.cgi?id=101147 |
3355 | - |
3356 | - Reviewed by Geoffrey Garen. |
3357 | - |
3358 | - op_method_check no longer buys us anything, since get_by_id proto caching |
3359 | - gives just as much profiling information and the DFG inlines monomorphic |
3360 | - proto accesses anyway. |
3361 | - |
3362 | - This also has the potential for a speed-up since it makes parsing of |
3363 | - profiling data easier. No longer do we have to deal with the confusion of |
3364 | - the get_by_id portion of a method_check appearing monomorphic even though |
3365 | - we're really dealing with a bimorphic access (method_check specializes for |
3366 | - one case and get_by_id for another). |
3367 | - |
3368 | - This looks like a 1% speed-up on both SunSpider and V8v7. |
3369 | - |
3370 | - * CMakeLists.txt: |
3371 | - * GNUmakefile.list.am: |
3372 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: |
3373 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
3374 | - * Target.pri: |
3375 | - * bytecode/CodeBlock.cpp: |
3376 | - (JSC::CodeBlock::printGetByIdCacheStatus): |
3377 | - (JSC::CodeBlock::dump): |
3378 | - (JSC::CodeBlock::finalizeUnconditionally): |
3379 | - (JSC::CodeBlock::shrinkToFit): |
3380 | - (JSC::CodeBlock::unlinkCalls): |
3381 | - * bytecode/CodeBlock.h: |
3382 | - (JSC::CodeBlock::getCallLinkInfo): |
3383 | - (JSC::CodeBlock::callLinkInfo): |
3384 | - (CodeBlock): |
3385 | - * bytecode/GetByIdStatus.cpp: |
3386 | - (JSC::GetByIdStatus::computeFromLLInt): |
3387 | - * bytecode/MethodCallLinkInfo.cpp: Removed. |
3388 | - * bytecode/MethodCallLinkInfo.h: Removed. |
3389 | - * bytecode/MethodCallLinkStatus.cpp: Removed. |
3390 | - * bytecode/MethodCallLinkStatus.h: Removed. |
3391 | - * bytecode/Opcode.h: |
3392 | - (JSC): |
3393 | - (JSC::padOpcodeName): |
3394 | - * bytecompiler/BytecodeGenerator.cpp: |
3395 | - (JSC): |
3396 | - * bytecompiler/BytecodeGenerator.h: |
3397 | - (BytecodeGenerator): |
3398 | - * bytecompiler/NodesCodegen.cpp: |
3399 | - (JSC::FunctionCallDotNode::emitBytecode): |
3400 | - * dfg/DFGByteCodeParser.cpp: |
3401 | - (JSC::DFG::ByteCodeParser::parseBlock): |
3402 | - * dfg/DFGCapabilities.h: |
3403 | - (JSC::DFG::canCompileOpcode): |
3404 | - * jit/JIT.cpp: |
3405 | - (JSC::JIT::privateCompileMainPass): |
3406 | - (JSC::JIT::privateCompileSlowCases): |
3407 | - (JSC::PropertyStubCompilationInfo::copyToStubInfo): |
3408 | - (JSC::JIT::privateCompile): |
3409 | - * jit/JIT.h: |
3410 | - (JSC::PropertyStubCompilationInfo::slowCaseInfo): |
3411 | - (PropertyStubCompilationInfo): |
3412 | - (JSC): |
3413 | - (JIT): |
3414 | - * jit/JITPropertyAccess.cpp: |
3415 | - (JSC): |
3416 | - (JSC::JIT::emitSlow_op_get_by_id): |
3417 | - (JSC::JIT::compileGetByIdSlowCase): |
3418 | - * jit/JITPropertyAccess32_64.cpp: |
3419 | - (JSC): |
3420 | - (JSC::JIT::compileGetByIdSlowCase): |
3421 | - * jit/JITStubs.cpp: |
3422 | - (JSC): |
3423 | - * jit/JITStubs.h: |
3424 | - * llint/LowLevelInterpreter.asm: |
3425 | - |
3426 | -2012-11-05 Yuqiang Xian <yuqiang.xian@intel.com> |
3427 | - |
3428 | - Refactor LLInt64 to distinguish the pointer operations from the 64-bit integer operations |
3429 | - https://bugs.webkit.org/show_bug.cgi?id=100321 |
3430 | - |
3431 | - Reviewed by Filip Pizlo. |
3432 | - |
3433 | - We have refactored the MacroAssembler and JIT compilers to distinguish |
3434 | - the pointer operations from the 64-bit integer operations (see bug #99154). |
3435 | - Now we want to do the similar work for LLInt, and the goal is same as |
3436 | - the one mentioned in 99154. |
3437 | - |
3438 | - This is the second part of the modification: in the low level interpreter, |
3439 | - changing the operations on 64-bit integers to use the "<foo>q" instructions. |
3440 | - This also removes some unused/meaningless "<foo>p" instructions. |
3441 | - |
3442 | - * llint/LowLevelInterpreter.asm: |
3443 | - * llint/LowLevelInterpreter.cpp: |
3444 | - (JSC::CLoop::execute): |
3445 | - * llint/LowLevelInterpreter64.asm: |
3446 | - * offlineasm/armv7.rb: |
3447 | - * offlineasm/cloop.rb: |
3448 | - * offlineasm/instructions.rb: |
3449 | - * offlineasm/x86.rb: |
3450 | - |
3451 | -2012-11-05 Filip Pizlo <fpizlo@apple.com> |
3452 | - |
3453 | - Prototype chain caching should check that the path from the base object to the slot base involves prototype hops only |
3454 | - https://bugs.webkit.org/show_bug.cgi?id=101276 |
3455 | - |
3456 | - Reviewed by Gavin Barraclough. |
3457 | - |
3458 | - Changed normalizePrototypeChain() to report an invalid prototype chain if any object is a proxy. |
3459 | - This catches cases where our prototype chain checks would have been insufficient to guard against |
3460 | - newly introduced properties, despecialized properties, or deleted properties in the chain of |
3461 | - objects involved in the access. |
3462 | - |
3463 | - * dfg/DFGRepatch.cpp: |
3464 | - (JSC::DFG::tryCacheGetByID): |
3465 | - (JSC::DFG::tryBuildGetByIDProtoList): |
3466 | - (JSC::DFG::tryCachePutByID): |
3467 | - (JSC::DFG::tryBuildPutByIdList): |
3468 | - * jit/JITStubs.cpp: |
3469 | - (JSC::JITThunks::tryCachePutByID): |
3470 | - (JSC::JITThunks::tryCacheGetByID): |
3471 | - (JSC::DEFINE_STUB_FUNCTION): |
3472 | - * llint/LLIntSlowPaths.cpp: |
3473 | - (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
3474 | - * runtime/Operations.h: |
3475 | - (JSC): |
3476 | - (JSC::normalizePrototypeChain): |
3477 | - |
3478 | -2012-11-05 Dima Gorbik <dgorbik@apple.com> |
3479 | - |
3480 | - Back out controversial changes from Bug 98665. |
3481 | - https://bugs.webkit.org/show_bug.cgi?id=101244 |
3482 | - |
3483 | - Reviewed by David Kilzer. |
3484 | - |
3485 | - Backing out changes from Bug 98665 until further discussions take place on rules for including Platform.h in Assertions.h. |
3486 | - |
3487 | - * API/tests/minidom.c: |
3488 | - * API/tests/testapi.c: |
3489 | - |
3490 | -2012-11-04 Filip Pizlo <fpizlo@apple.com> |
3491 | - |
3492 | - Reduce the verbosity of referring to QNaN in JavaScriptCore |
3493 | - https://bugs.webkit.org/show_bug.cgi?id=101174 |
3494 | - |
3495 | - Reviewed by Geoffrey Garen. |
3496 | - |
3497 | - Introduces a #define QNaN in JSValue.h, and replaces all previous uses of |
3498 | - std::numeric_limits<double>::quiet_NaN() with QNaN. |
3499 | - |
3500 | - * API/JSValueRef.cpp: |
3501 | - (JSValueMakeNumber): |
3502 | - (JSValueToNumber): |
3503 | - * dfg/DFGSpeculativeJIT.cpp: |
3504 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): |
3505 | - * jit/JITPropertyAccess.cpp: |
3506 | - (JSC::JIT::emitFloatTypedArrayGetByVal): |
3507 | - * runtime/CachedTranscendentalFunction.h: |
3508 | - (JSC::CachedTranscendentalFunction::initialize): |
3509 | - * runtime/DateConstructor.cpp: |
3510 | - (JSC::constructDate): |
3511 | - * runtime/DateInstanceCache.h: |
3512 | - (JSC::DateInstanceData::DateInstanceData): |
3513 | - (JSC::DateInstanceCache::reset): |
3514 | - * runtime/ExceptionHelpers.cpp: |
3515 | - (JSC::InterruptedExecutionError::defaultValue): |
3516 | - (JSC::TerminatedExecutionError::defaultValue): |
3517 | - * runtime/JSCell.h: |
3518 | - (JSC::JSValue::getPrimitiveNumber): |
3519 | - * runtime/JSDateMath.cpp: |
3520 | - (JSC::parseDateFromNullTerminatedCharacters): |
3521 | - * runtime/JSGlobalData.cpp: |
3522 | - (JSC::JSGlobalData::JSGlobalData): |
3523 | - (JSC::JSGlobalData::resetDateCache): |
3524 | - * runtime/JSGlobalObjectFunctions.cpp: |
3525 | - (JSC::parseInt): |
3526 | - (JSC::jsStrDecimalLiteral): |
3527 | - (JSC::toDouble): |
3528 | - (JSC::jsToNumber): |
3529 | - (JSC::parseFloat): |
3530 | - * runtime/JSValue.cpp: |
3531 | - (JSC::JSValue::toNumberSlowCase): |
3532 | - * runtime/JSValue.h: |
3533 | - (JSC): |
3534 | - * runtime/JSValueInlineMethods.h: |
3535 | - (JSC::jsNaN): |
3536 | - * runtime/MathObject.cpp: |
3537 | - (JSC::mathProtoFuncMax): |
3538 | - (JSC::mathProtoFuncMin): |
3539 | - |
3540 | -2012-11-03 Filip Pizlo <fpizlo@apple.com> |
3541 | - |
3542 | - Baseline JIT should use structure watchpoints whenever possible |
3543 | - https://bugs.webkit.org/show_bug.cgi?id=101146 |
3544 | - |
3545 | - Reviewed by Sam Weinig. |
3546 | - |
3547 | - No speed-up yet except on toy programs. I think that it will start to show |
3548 | - speed-ups with https://bugs.webkit.org/show_bug.cgi?id=101147, which this is |
3549 | - a step towards. |
3550 | - |
3551 | - * jit/JIT.h: |
3552 | - (JIT): |
3553 | - * jit/JITPropertyAccess.cpp: |
3554 | - (JSC::JIT::privateCompilePutByIdTransition): |
3555 | - (JSC::JIT::privateCompileGetByIdProto): |
3556 | - (JSC::JIT::privateCompileGetByIdProtoList): |
3557 | - (JSC::JIT::privateCompileGetByIdChainList): |
3558 | - (JSC::JIT::privateCompileGetByIdChain): |
3559 | - (JSC::JIT::addStructureTransitionCheck): |
3560 | - (JSC): |
3561 | - (JSC::JIT::testPrototype): |
3562 | - * jit/JITPropertyAccess32_64.cpp: |
3563 | - (JSC::JIT::privateCompilePutByIdTransition): |
3564 | - (JSC::JIT::privateCompileGetByIdProto): |
3565 | - (JSC::JIT::privateCompileGetByIdProtoList): |
3566 | - (JSC::JIT::privateCompileGetByIdChainList): |
3567 | - (JSC::JIT::privateCompileGetByIdChain): |
3568 | - |
3569 | -2012-11-04 Csaba Osztrogonác <ossy@webkit.org> |
3570 | - |
3571 | - [Qt] udis86_itab.c is always regenerated |
3572 | - https://bugs.webkit.org/show_bug.cgi?id=100756 |
3573 | - |
3574 | - Reviewed by Simon Hausmann. |
3575 | - |
3576 | - * DerivedSources.pri: Generate sources to the generated directory. |
3577 | - * disassembler/udis86/differences.txt: |
3578 | - * disassembler/udis86/itab.py: Add --outputDir option. |
3579 | - (UdItabGenerator.__init__): |
3580 | - (genItabH): |
3581 | - (genItabC): |
3582 | - (main): |
3583 | - |
3584 | -2012-11-02 Filip Pizlo <fpizlo@apple.com> |
3585 | - |
3586 | - LLInt 32-bit put_by_val ArrayStorage case should use the right register (t3, not t2) for the index in the publicLength updating path |
3587 | - https://bugs.webkit.org/show_bug.cgi?id=101118 |
3588 | - |
3589 | - Reviewed by Gavin Barraclough. |
3590 | - |
3591 | - * llint/LowLevelInterpreter32_64.asm: |
3592 | - |
3593 | -2012-11-02 Filip Pizlo <fpizlo@apple.com> |
3594 | - |
3595 | - DFG::Node::converToStructureTransitionWatchpoint should take kindly to ArrayifyToStructure |
3596 | - https://bugs.webkit.org/show_bug.cgi?id=101117 |
3597 | - |
3598 | - Reviewed by Gavin Barraclough. |
3599 | - |
3600 | - We have logic to convert ArrayifyToStructure to StructureTransitionWatchpoint, which is awesome, except |
3601 | - that previously convertToStructureTransitionWatchpoint was (a) asserting that it never saw an |
3602 | - ArrayifyToStructure and (b) would incorrectly create a ForwardStructureTransitionWatchpoint if it did. |
3603 | - |
3604 | - * dfg/DFGNode.h: |
3605 | - (JSC::DFG::Node::convertToStructureTransitionWatchpoint): |
3606 | - |
3607 | -2012-11-02 Filip Pizlo <fpizlo@apple.com> |
3608 | - |
3609 | - DFG::SpeculativeJIT::typedArrayDescriptor should use the Float64Array descriptor for Float64Arrays |
3610 | - https://bugs.webkit.org/show_bug.cgi?id=101114 |
3611 | - |
3612 | - Reviewed by Gavin Barraclough. |
3613 | - |
3614 | - As in https://bugs.webkit.org/show_bug.cgi?id=101112, this was only wrong when Float64Array descriptors |
3615 | - hadn't been initialized yet. That happens rarely, but when it does happen, we would crash. |
3616 | - |
3617 | - This would also become much more wrong if we ever put type size info (num bytes, etc) in the descriptor |
3618 | - and used that directly. So it's good to fix it. |
3619 | - |
3620 | - * dfg/DFGSpeculativeJIT.cpp: |
3621 | - (JSC::DFG::SpeculativeJIT::typedArrayDescriptor): |
3622 | - |
3623 | -2012-11-02 Filip Pizlo <fpizlo@apple.com> |
3624 | - |
3625 | - JIT::privateCompileGetByVal should use the uint8ClampedArrayDescriptor for compiling accesses to Uint8ClampedArrays |
3626 | - https://bugs.webkit.org/show_bug.cgi?id=101112 |
3627 | - |
3628 | - Reviewed by Gavin Barraclough. |
3629 | - |
3630 | - The only reason why the code was wrong to use uint8ArrayDescriptor instead is that if we're just using |
3631 | - Uint8ClampedArrays then the descriptor for Uint8Array may not have been initialized. |
3632 | - |
3633 | - * jit/JITPropertyAccess.cpp: |
3634 | - (JSC::JIT::privateCompileGetByVal): |
3635 | - |
3636 | -2012-11-02 Mark Hahnenberg <mhahnenberg@apple.com> |
3637 | - |
3638 | - MarkedBlocks should use something other than the mark bits to indicate liveness for newly allocated objects |
3639 | - https://bugs.webkit.org/show_bug.cgi?id=100877 |
3640 | - |
3641 | - Reviewed by Filip Pizlo. |
3642 | - |
3643 | - Currently when we canonicalize cell liveness data in MarkedBlocks, we set the mark bit for every cell in the |
3644 | - block except for those in the free list. This allows us to consider objects that were allocated since the |
3645 | - previous collection to be considered live until they have a chance to be properly marked by the collector. |
3646 | - |
3647 | - If we want to use the mark bits to signify other types of information, e.g. using sticky mark bits for generational |
3648 | - collection, we will have to keep track of newly allocated objects in a different fashion when we canonicalize cell liveness. |
3649 | - |
3650 | - One method would be to allocate a separate set of bits while canonicalizing liveness data. These bits would |
3651 | - track the newly allocated objects in the block separately from those objects who had already been marked. We would |
3652 | - then check these bits, along with the mark bits, when determining liveness. |
3653 | - |
3654 | - * heap/Heap.h: |
3655 | - (Heap): |
3656 | - (JSC::Heap::isLive): We now check for the presence of the newlyAllocated Bitmap. |
3657 | - (JSC): |
3658 | - * heap/MarkedBlock.cpp: |
3659 | - (JSC::MarkedBlock::specializedSweep): We clear the newlyAllocated Bitmap if we're creating a free list. This |
3660 | - will happen if we canonicalize liveness data for some other reason than collection (e.g. forEachCell) and |
3661 | - then start allocating again. |
3662 | - (JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor): |
3663 | - (SetNewlyAllocatedFunctor): |
3664 | - (JSC::SetNewlyAllocatedFunctor::operator()): We set the newlyAllocated bits for all the objects |
3665 | - that aren't already marked. We undo the bits for the objects in the free list later in canonicalizeCellLivenessData. |
3666 | - (JSC::MarkedBlock::canonicalizeCellLivenessData): We should never have a FreeListed block with a newlyAllocated Bitmap. |
3667 | - We allocate the new Bitmap, set the bits for all the objects that aren't already marked, and then unset all of the |
3668 | - bits for the items currently in the FreeList. |
3669 | - * heap/MarkedBlock.h: |
3670 | - (JSC::MarkedBlock::clearMarks): We clear the newlyAllocated bitmap if it exists because at this point we don't need it |
3671 | - any more. |
3672 | - (JSC::MarkedBlock::isEmpty): If we have some objects that are newlyAllocated, we are not empty. |
3673 | - (JSC::MarkedBlock::isNewlyAllocated): |
3674 | - (JSC): |
3675 | - (JSC::MarkedBlock::setNewlyAllocated): |
3676 | - (JSC::MarkedBlock::clearNewlyAllocated): |
3677 | - (JSC::MarkedBlock::isLive): We now check the newlyAllocated Bitmap, if it exists, when determining liveness of a cell in |
3678 | - a block that is Marked. |
3679 | - * heap/WeakBlock.cpp: |
3680 | - (JSC::WeakBlock::visit): We need to make sure we don't finalize objects that are in the newlyAllocated Bitmap. |
3681 | - (JSC::WeakBlock::reap): Ditto. |
3682 | - |
3683 | -2012-11-02 Filip Pizlo <fpizlo@apple.com> |
3684 | - |
3685 | - JIT::privateCompileGetByVal should use MacroAssemblerCodePtr::createFromExecutableAddress like JIT::privateCompilePutByVal |
3686 | - https://bugs.webkit.org/show_bug.cgi?id=101109 |
3687 | - |
3688 | - Reviewed by Gavin Barraclough. |
3689 | - |
3690 | - This fixes crashes on ARMv7 resulting from the return address already being tagged with the THUMB2 bit. |
3691 | - |
3692 | - * jit/JITPropertyAccess.cpp: |
3693 | - (JSC::JIT::privateCompileGetByVal): |
3694 | - |
3695 | -2012-11-02 Simon Fraser <simon.fraser@apple.com> |
3696 | - |
3697 | - Enable SUBPIXEL_LAYOUT on Mac |
3698 | - https://bugs.webkit.org/show_bug.cgi?id=101076 |
3699 | - |
3700 | - Reviewed by Dave Hyatt. |
3701 | - |
3702 | - Define ENABLE_SUBPIXEL_LAYOUT and include it in FEATURE_DEFINES. |
3703 | - |
3704 | - * Configurations/FeatureDefines.xcconfig: |
3705 | - |
3706 | -2012-11-02 Michael Saboff <msaboff@apple.com> |
3707 | - |
3708 | - RegExp.prototype.toString Should Produce an 8 bit JSString if possible. |
3709 | - https://bugs.webkit.org/show_bug.cgi?id=101003 |
3710 | - |
3711 | - Reviewed by Geoffrey Garen. |
3712 | - |
3713 | - Took the logic of regExpObjectSource() and created two templated helpers that uses the |
3714 | - source character type when appending to the StringBuilder. |
3715 | - |
3716 | - * runtime/RegExpObject.cpp: |
3717 | - (JSC::appendLineTerminatorEscape): Checks line terminate type to come up with escaped version. |
3718 | - (JSC::regExpObjectSourceInternal): Templated version of original. |
3719 | - (JSC::regExpObjectSource): Wrapper function. |
3720 | - |
3721 | -2012-11-02 Adam Barth <abarth@webkit.org> |
3722 | - |
3723 | - ENABLE(UNDO_MANAGER) is disabled everywhere and is not under active development |
3724 | - https://bugs.webkit.org/show_bug.cgi?id=100711 |
3725 | - |
3726 | - Reviewed by Eric Seidel. |
3727 | - |
3728 | - * Configurations/FeatureDefines.xcconfig: |
3729 | - |
3730 | -2012-11-02 Simon Hausmann <simon.hausmann@digia.com> |
3731 | - |
3732 | - [Qt] Fix build on Windows when Qt is configured with -release |
3733 | - https://bugs.webkit.org/show_bug.cgi?id=101041 |
3734 | - |
3735 | - Reviewed by Jocelyn Turcotte. |
3736 | - |
3737 | - When Qt is configured with -debug or -release, the release/debug build of for example |
3738 | - QtCore is not available by default. For LLIntExtractor we always need to build debug |
3739 | - _and_ release versions, but we do not actually need any Qt libraries nor qtmain(d).lib. |
3740 | - Therefore we can disable all these features but need to keep $$QT.core.includes in the |
3741 | - INCLUDEPATH for some defines from qglobal.h. |
3742 | - |
3743 | - * LLIntOffsetsExtractor.pro: |
3744 | - |
3745 | -2012-11-01 Mark Lam <mark.lam@apple.com> |
3746 | - |
3747 | - A llint workaround for a toolchain issue. |
3748 | - https://bugs.webkit.org/show_bug.cgi?id=101012. |
3749 | - |
3750 | - Reviewed by Michael Saboff. |
3751 | - |
3752 | - * llint/LowLevelInterpreter.asm: |
3753 | - - use a local label to workaround the toolchain issue with undeclared |
3754 | - global labels. |
3755 | - |
3756 | -2012-11-01 Oliver Hunt <oliver@apple.com> |
3757 | - |
3758 | - Remove GlobalObject constant register that is typically unused |
3759 | - https://bugs.webkit.org/show_bug.cgi?id=101005 |
3760 | - |
3761 | - Reviewed by Geoffrey Garen. |
3762 | - |
3763 | - The GlobalObject constant register is frequently allocated even when it |
3764 | - is not used, it is also getting in the way of some other optimisations. |
3765 | - |
3766 | - * bytecode/CodeBlock.cpp: |
3767 | - (JSC::CodeBlock::CodeBlock): |
3768 | - * bytecode/CodeBlock.h: |
3769 | - (CodeBlock): |
3770 | - * bytecompiler/BytecodeGenerator.cpp: |
3771 | - (JSC::BytecodeGenerator::BytecodeGenerator): |
3772 | - * dfg/DFGByteCodeParser.cpp: |
3773 | - (JSC::DFG::ByteCodeParser::parseResolveOperations): |
3774 | - |
3775 | -2012-10-31 Filip Pizlo <fpizlo@apple.com> |
3776 | - |
3777 | - DFG optimized string access code should be enabled |
3778 | - https://bugs.webkit.org/show_bug.cgi?id=100825 |
3779 | - |
3780 | - Reviewed by Oliver Hunt. |
3781 | - |
3782 | - - Removes prediction checks from the parser. |
3783 | - |
3784 | - - Fixes the handling of array mode refinement for strings. I.e. we don't do |
3785 | - any refinement - we already know it's going to be a string. We could |
3786 | - revisit this in the future, but for now the DFG lacks the ability to |
3787 | - handle any array modes other than Array::String for string intrinsics, so |
3788 | - this is as good as it gets. |
3789 | - |
3790 | - - Removes uses of isBlahSpeculation for checking if a mode is already |
3791 | - checked. isBlahSpeculation implicitly checks if the SpeculatedType is not |
3792 | - BOTTOM ("empty"), which breaks for checking if a mode is already checked |
3793 | - since a mode may already be "checked" in the sense that we've proven that |
3794 | - the code is unreachable. |
3795 | - |
3796 | - ~1% speed-up on V8v7, mostly from a speed-up on crypto, which uses string |
3797 | - intrinsics in one of the hot functions. |
3798 | - |
3799 | - * bytecode/SpeculatedType.h: |
3800 | - (JSC::speculationChecked): |
3801 | - (JSC): |
3802 | - * dfg/DFGArrayMode.cpp: |
3803 | - (JSC::DFG::ArrayMode::alreadyChecked): |
3804 | - * dfg/DFGByteCodeParser.cpp: |
3805 | - (JSC::DFG::ByteCodeParser::handleIntrinsic): |
3806 | - * dfg/DFGFixupPhase.cpp: |
3807 | - (JSC::DFG::FixupPhase::fixupNode): |
3808 | - * dfg/DFGSpeculativeJIT.cpp: |
3809 | - (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): |
3810 | - |
3811 | -2012-10-31 Filip Pizlo <fpizlo@apple.com> |
3812 | - |
3813 | - Sparse array size threshold should be increased to 100000 |
3814 | - https://bugs.webkit.org/show_bug.cgi?id=100827 |
3815 | - |
3816 | - Reviewed by Oliver Hunt. |
3817 | - |
3818 | - This enables the use of contiguous arrays in programs that previously |
3819 | - couldn't use them. And I so far can't see any examples of this being |
3820 | - a downside. To the extent that there is a downside, it ought to be |
3821 | - addressed by GC: https://bugs.webkit.org/show_bug.cgi?id=100828 |
3822 | - |
3823 | - * runtime/ArrayConventions.h: |
3824 | - (JSC): |
3825 | - |
3826 | -2012-10-31 Mark Lam <mark.lam@apple.com> |
3827 | - |
3828 | - C++ llint 64-bit backend needs to zero extend results of int32 operations. |
3829 | - https://bugs.webkit.org/show_bug.cgi?id=100899. |
3830 | - |
3831 | - Reviewed by Filip Pizlo. |
3832 | - |
3833 | - llint asm instructions ending in "i" for a 64-bit machine expects the |
3834 | - high 32-bit of registers to be zero'ed out when a 32-bit instruction |
3835 | - writes into a register. Fixed the C++ llint to honor this. |
3836 | - |
3837 | - Fixed the index register used in BaseIndex addressing to be of size |
3838 | - intptr_t as expected. |
3839 | - |
3840 | - Updated CLoopRegister to handle different endiannesss configurations. |
3841 | - |
3842 | - * llint/LowLevelInterpreter.cpp: |
3843 | - (JSC::CLoopRegister::clearHighWord): |
3844 | - - new method to clear the high 32-bit of a 64-bit register. |
3845 | - It's a no-op for the 32-bit build. |
3846 | - (CLoopRegister): |
3847 | - - CLoopRegister now takes care of packing and byte endianness order. |
3848 | - (JSC::CLoop::execute): - Added an assert. |
3849 | - * offlineasm/cloop.rb: |
3850 | - - Add calls to clearHighWord() wherever needed. |
3851 | - |
3852 | -2012-10-31 Mark Lam <mark.lam@apple.com> |
3853 | - |
3854 | - A JSC printf (support for %J+s and %b). |
3855 | - https://bugs.webkit.org/show_bug.cgi?id=100566. |
3856 | - |
3857 | - Reviewed by Michael Saboff. |
3858 | - |
3859 | - Added VMInspector::printf(), fprintf(), sprintf(), and snprintf(). |
3860 | - - %b prints ints as boolean TRUE (non-zero) or FALSE (zero). |
3861 | - - %Js prints a WTF::String* like a %s prints a char*. |
3862 | - Also works for 16bit WTF::Strings (prints wchar_t* using %S). |
3863 | - - '+' is a modifier meaning 'use verbose mode', and %J+s is an example |
3864 | - of its use. |
3865 | - |
3866 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
3867 | - * interpreter/VMInspector.cpp: |
3868 | - (FormatPrinter): |
3869 | - (JSC::FormatPrinter::~FormatPrinter): |
3870 | - (JSC::FormatPrinter::print): |
3871 | - (JSC::FormatPrinter::printArg): |
3872 | - (JSC::FormatPrinter::printWTFString): |
3873 | - (JSC::FileFormatPrinter::FileFormatPrinter): |
3874 | - (JSC::FileFormatPrinter::printArg): |
3875 | - (JSC::StringFormatPrinter::StringFormatPrinter): |
3876 | - (JSC::StringFormatPrinter::printArg): |
3877 | - (JSC::StringNFormatPrinter::StringNFormatPrinter): |
3878 | - (JSC::StringNFormatPrinter::printArg): |
3879 | - (JSC::VMInspector::fprintf): |
3880 | - (JSC::VMInspector::printf): |
3881 | - (JSC::VMInspector::sprintf): |
3882 | - (JSC::VMInspector::snprintf): |
3883 | - * interpreter/VMInspector.h: |
3884 | - (VMInspector): |
3885 | - |
3886 | -2012-10-31 Mark Lam <mark.lam@apple.com> |
3887 | - |
3888 | - 64-bit llint PC offset can be negative: using an unsigned shift is a bug. |
3889 | - https://bugs.webkit.org/show_bug.cgi?id=100896. |
3890 | - |
3891 | - Reviewed by Filip Pizlo. |
3892 | - |
3893 | - Fixed the PC offset divisions in the 64-bit llint asm to use rshift instead of urshift. |
3894 | - |
3895 | - * llint/LowLevelInterpreter64.asm: |
3896 | - |
3897 | -2012-10-30 Yuqiang Xian <yuqiang.xian@intel.com> |
3898 | - |
3899 | - glsl-function-atan.html WebGL conformance test fails after https://bugs.webkit.org/show_bug.cgi?id=99154 |
3900 | - https://bugs.webkit.org/show_bug.cgi?id=100789 |
3901 | - |
3902 | - Reviewed by Filip Pizlo. |
3903 | - |
3904 | - We accidently missed a bitwise double to int64 conversion. |
3905 | - |
3906 | - * dfg/DFGSpeculativeJIT.h: |
3907 | - (JSC::DFG::SpeculativeJIT::silentFill): |
3908 | - |
3909 | -2012-10-30 Joseph Pecoraro <pecoraro@apple.com> |
3910 | - |
3911 | - [Mac] Sync up FeatureDefine Configuration Files |
3912 | - https://bugs.webkit.org/show_bug.cgi?id=100171 |
3913 | - |
3914 | - Reviewed by David Kilzer. |
3915 | - |
3916 | - Follow up to better coordinate with iOS feature defines. Make: |
3917 | - |
3918 | - - ENABLE_FILTERS always on |
3919 | - - ENABLE_INPUT_* iphonesimulator values point to the iphoneos values |
3920 | - |
3921 | - * Configurations/FeatureDefines.xcconfig: |
3922 | - |
3923 | -2012-10-30 Joseph Pecoraro <pecoraro@apple.com> |
3924 | - |
3925 | - [Mac] Sync up FeatureDefine Configuration Files |
3926 | - https://bugs.webkit.org/show_bug.cgi?id=100171 |
3927 | - |
3928 | - Reviewed by David Kilzer. |
3929 | - |
3930 | - Ensure an identical FeatureDefine files across all projects. Changes: |
3931 | - |
3932 | - - ENABLE_CSS_BOX_DECORATION_BREAK should be in all |
3933 | - - ENABLE_PDFKIT_PLUGIN should be in all |
3934 | - - ENABLE_RESOLUTION_MEDIA_QUERY should be in all |
3935 | - - ENABLE_ENCRYPTED_MEDIA should be in all |
3936 | - - ENABLE_HIDDEN_PAGE_DOM_TIMER_THROTTLING with corrected value |
3937 | - - Some alphabetical ordering cleanup |
3938 | - |
3939 | - * Configurations/FeatureDefines.xcconfig: |
3940 | - |
3941 | -2012-10-30 Mark Hahnenberg <mhahnenberg@apple.com> |
3942 | - |
3943 | - Arrays can change IndexingType in the middle of sorting |
3944 | - https://bugs.webkit.org/show_bug.cgi?id=100773 |
3945 | - |
3946 | - Reviewed by Filip Pizlo. |
3947 | - |
3948 | - Instead of giving up, we just fetch the appropriate vector based on the current |
3949 | - IndexingType of the array. |
3950 | - |
3951 | - * runtime/JSArray.cpp: |
3952 | - (JSC::JSArray::sortVector): |
3953 | - * runtime/JSObject.h: |
3954 | - (JSObject): |
3955 | - (JSC::JSObject::currentIndexingData): |
3956 | - (JSC::JSObject::currentRelevantLength): |
3957 | - |
3958 | -2012-10-29 Anders Carlsson <andersca@apple.com> |
3959 | - |
3960 | - Build WebKit as C++11 on Mac |
3961 | - https://bugs.webkit.org/show_bug.cgi?id=100720 |
3962 | - |
3963 | - Reviewed by Daniel Bates. |
3964 | - |
3965 | - * Configurations/Base.xcconfig: |
3966 | - Add CLANG_CXX_LANGUAGE_STANDARD=gnu++0x. |
3967 | - |
3968 | - * bytecompiler/BytecodeGenerator.cpp: |
3969 | - (JSC::BytecodeGenerator::generate): |
3970 | - (JSC::BytecodeGenerator::pushFinallyContext): |
3971 | - (JSC::BytecodeGenerator::beginSwitch): |
3972 | - * llint/LLIntOffsetsExtractor.cpp: |
3973 | - * runtime/Identifier.cpp: |
3974 | - (JSC::Identifier::add8): |
3975 | - * runtime/Identifier.h: |
3976 | - (JSC::Identifier::add): |
3977 | - * runtime/JSONObject.cpp: |
3978 | - (JSC::appendStringToStringBuilder): |
3979 | - * runtime/StringPrototype.cpp: |
3980 | - (JSC::replaceUsingStringSearch): |
3981 | - Add static_casts to prevent implicit type conversions in non-constant initializer lists. |
3982 | - |
3983 | -2012-10-28 Mark Rowe <mrowe@apple.com> |
3984 | - |
3985 | - Simplify Xcode configuration settings that used to vary between OS versions. |
3986 | - |
3987 | - Reviewed by Dan Bernstein. |
3988 | - |
3989 | - * Configurations/Base.xcconfig: |
3990 | - * Configurations/DebugRelease.xcconfig: |
3991 | - * Configurations/JavaScriptCore.xcconfig: |
3992 | - |
3993 | -2012-10-28 Mark Rowe <mrowe@apple.com> |
3994 | - |
3995 | - Remove references to unsupported OS and Xcode versions. |
3996 | - |
3997 | - Reviewed by Anders Carlsson. |
3998 | - |
3999 | - * Configurations/Base.xcconfig: |
4000 | - * Configurations/CompilerVersion.xcconfig: Removed. |
4001 | - * Configurations/DebugRelease.xcconfig: |
4002 | - * Configurations/Version.xcconfig: |
4003 | - * JavaScriptCore.xcodeproj/project.pbxproj: |
4004 | - |
4005 | -2012-10-29 Michael Saboff <msaboff@apple.com> |
4006 | - |
4007 | - Non-special escape character sequences cause JSC::Lexer::parseString to create 16 bit strings |
4008 | - https://bugs.webkit.org/show_bug.cgi?id=100576 |
4009 | - |
4010 | - Reviewed by Darin Adler. |
4011 | - |
4012 | - Changed singleEscape() processing to be based on a lookup of a static table. The table |
4013 | - covers ASCII characters SPACE through DEL. If a character can be a single character escape, |
4014 | - then the table provides the non-zero result of that escape. Updated the result of |
4015 | - singleEscape to be an LChar to make the table as small as possible. |
4016 | - Added a new test fast/js/normal-character-escapes-in-string-literals.html to validated |
4017 | - the behavior. |
4018 | - |
4019 | - * parser/Lexer.cpp: |
4020 | - (JSC::singleEscape): |
4021 | - (JSC::Lexer::parseString): |
4022 | - (JSC::Lexer::parseStringSlowCase): |
4023 | - |
4024 | -2012-10-29 Enrica Casucci <enrica@apple.com> |
4025 | - |
4026 | - Add ENABLE_USERSELECT_ALL feature flag. |
4027 | - https://bugs.webkit.org/show_bug.cgi?id=100559 |
4028 | - |
4029 | - Reviewed by Eric Seidel. |
4030 | - |
4031 | - * Configurations/FeatureDefines.xcconfig: |
4032 | - |
4033 | -2012-10-28 Filip Pizlo <fpizlo@apple.com> |
4034 | - |
4035 | - DFG should be able to emit effectful structure checks |
4036 | - https://bugs.webkit.org/show_bug.cgi?id=99260 |
4037 | - |
4038 | - Reviewed by Oliver Hunt. |
4039 | - |
4040 | - This change allows us to find out if an array access that has gone polymorphic |
4041 | - is operating over known structures - i.e. the primordial array structures of the |
4042 | - global object that the code block containing the array access belongs to. We |
4043 | - term this state "OriginalArray" for short. The fact that the access has gone |
4044 | - polymorphic means that the array profile will not be able to report the set of |
4045 | - structures it had seen - but if it can tell us that all of the structures were |
4046 | - primordial then it just so happens that we can deduce what the structure set |
4047 | - would have been by just querying the code block's global object. This allows us |
4048 | - to emit an ArrayifyToStructure instead of an Arrayify if we find that we need to |
4049 | - do conversions. The fast path of an ArrayifyToStructure is exactly like the fast |
4050 | - path of a CheckStructure and is mostly subject to the same optimizations. It |
4051 | - also burns one fewer registers. |
4052 | - |
4053 | - Essentially the notion of OriginalArray is a super cheap way of getting the |
4054 | - array profile to tell us a structure set instead of a singleton structure. |
4055 | - Currently, the array profile can only tell us the structure seen at an array |
4056 | - access if there was exactly one structure. If there were multiple structures, it |
4057 | - won't tell us anything other than the array modes and other auxiliary profiling |
4058 | - data (whether there were stores to holes, for example). With OriginalArray, we |
4059 | - cheaply get a structure set if all of the structures were primordial for the |
4060 | - code block's global object, since in that case the array mode set (ArrayModes) |
4061 | - can directly tell us the structure set. In the future, we might consider adding |
4062 | - complete structure sets to the array profiles, but I suspect that we would hit |
4063 | - diminishing returns if we did so - it would only help if we have array accesses |
4064 | - that are both polymorphic and are cross-global-object accesses (rare) or if the |
4065 | - arrays had named properties or other structure transitions that are unrelated to |
4066 | - indexing type (also rare). |
4067 | - |
4068 | - This also does away with Arrayify (and the new ArrayifyToStructure) returning |
4069 | - the butterfly pointer. This turns out to be faster and easier to CSE. |
4070 | - |
4071 | - And, this also changes constant folding to be able to eliminate CheckStructure, |
4072 | - ForwardCheckStructure, and ArrayifyToStructure in addition to being able to |
4073 | - transform them into structure transition watchpoints. This is great for |
4074 | - ArrayifyToStructure because then CSE and CFA know that there is no side effect. |
4075 | - Converting CheckStructure and ForwardCheckStructure to also behave this way is |
4076 | - just a matter of elegance. |
4077 | - |
4078 | - This has no performance impact right now. It's intended to alleviate some of the |
4079 | - regressions seen in the early implementation of |
4080 | - https://bugs.webkit.org/show_bug.cgi?id=98606. |
4081 | - |
4082 | - * bytecode/ArrayProfile.cpp: |
4083 | - (JSC::ArrayProfile::computeUpdatedPrediction): |
4084 | - * bytecode/ArrayProfile.h: |
4085 | - (JSC): |
4086 | - (JSC::ArrayProfile::ArrayProfile): |
4087 | - (ArrayProfile): |
4088 | - (JSC::ArrayProfile::usesOriginalArrayStructures): |
4089 | - * bytecode/CodeBlock.cpp: |
4090 | - (JSC::CodeBlock::updateAllPredictionsAndCountLiveness): |
4091 | - * dfg/DFGAbstractState.cpp: |
4092 | - (JSC::DFG::AbstractState::execute): |
4093 | - * dfg/DFGArrayMode.cpp: |
4094 | - (JSC::DFG::ArrayMode::fromObserved): |
4095 | - (JSC::DFG::ArrayMode::alreadyChecked): |
4096 | - (JSC::DFG::arrayClassToString): |
4097 | - * dfg/DFGArrayMode.h: |
4098 | - (JSC::DFG::ArrayMode::withProfile): |
4099 | - (JSC::DFG::ArrayMode::isJSArray): |
4100 | - (ArrayMode): |
4101 | - (JSC::DFG::ArrayMode::isJSArrayWithOriginalStructure): |
4102 | - (JSC::DFG::ArrayMode::supportsLength): |
4103 | - (JSC::DFG::ArrayMode::arrayModesWithIndexingShape): |
4104 | - * dfg/DFGByteCodeParser.cpp: |
4105 | - (JSC::DFG::ByteCodeParser::getArrayMode): |
4106 | - (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks): |
4107 | - (JSC::DFG::ByteCodeParser::handleGetByOffset): |
4108 | - * dfg/DFGCSEPhase.cpp: |
4109 | - (JSC::DFG::CSEPhase::checkStructureElimination): |
4110 | - (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination): |
4111 | - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): |
4112 | - (JSC::DFG::CSEPhase::checkArrayElimination): |
4113 | - (JSC::DFG::CSEPhase::getScopeRegistersLoadElimination): |
4114 | - * dfg/DFGConstantFoldingPhase.cpp: |
4115 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
4116 | - * dfg/DFGFixupPhase.cpp: |
4117 | - (JSC::DFG::FixupPhase::fixupNode): |
4118 | - (JSC::DFG::FixupPhase::checkArray): |
4119 | - * dfg/DFGNode.h: |
4120 | - (JSC::DFG::Node::hasStructure): |
4121 | - (JSC::DFG::Node::hasArrayMode): |
4122 | - (JSC::DFG::Node::arrayMode): |
4123 | - * dfg/DFGNodeType.h: |
4124 | - (DFG): |
4125 | - * dfg/DFGPredictionPropagationPhase.cpp: |
4126 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
4127 | - * dfg/DFGSpeculativeJIT.cpp: |
4128 | - (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): |
4129 | - (JSC::DFG::SpeculativeJIT::arrayify): |
4130 | - * dfg/DFGSpeculativeJIT.h: |
4131 | - (SpeculativeJIT): |
4132 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
4133 | - (JSC::DFG::SpeculativeJIT::compile): |
4134 | - * dfg/DFGSpeculativeJIT64.cpp: |
4135 | - (JSC::DFG::SpeculativeJIT::compile): |
4136 | - * runtime/JSGlobalObject.h: |
4137 | - (JSC::JSGlobalObject::isOriginalArrayStructure): |
4138 | - * runtime/Structure.cpp: |
4139 | - (JSC::Structure::nonPropertyTransition): |
4140 | - |
4141 | -2012-10-28 Filip Pizlo <fpizlo@apple.com> |
4142 | - |
4143 | - There should not be blind spots in array length array profiling |
4144 | - https://bugs.webkit.org/show_bug.cgi?id=100620 |
4145 | - |
4146 | - Reviewed by Oliver Hunt. |
4147 | - |
4148 | - I don't think this has any performance impact. But it's good to not have random |
4149 | - programs occasionally emit a GetById for array length accesses. |
4150 | - |
4151 | - * jit/JITPropertyAccess.cpp: |
4152 | - (JSC::JIT::compileGetByIdHotPath): |
4153 | - (JSC::JIT::privateCompilePatchGetArrayLength): |
4154 | - * jit/JITPropertyAccess32_64.cpp: |
4155 | - (JSC::JIT::compileGetByIdHotPath): |
4156 | - (JSC::JIT::privateCompilePatchGetArrayLength): |
4157 | - |
4158 | -2012-10-28 Filip Pizlo <fpizlo@apple.com> |
4159 | - |
4160 | - Unreviewed, make always-true enum-to-int comparisons use casts. |
4161 | - |
4162 | - * dfg/DFGFPRInfo.h: |
4163 | - (JSC::DFG::FPRInfo::debugName): |
4164 | - * dfg/DFGGPRInfo.h: |
4165 | - (JSC::DFG::JSValueSource::tagGPR): |
4166 | - (JSC::DFG::GPRInfo::toIndex): |
4167 | - (JSC::DFG::GPRInfo::debugName): |
4168 | - * runtime/JSTypeInfo.h: |
4169 | - (JSC::TypeInfo::TypeInfo): |
4170 | - |
4171 | -2012-10-27 Filip Pizlo <fpizlo@apple.com> |
4172 | - |
4173 | - OSR exit compilation should defend against argument recoveries from code blocks that are no longer on the inline stack |
4174 | - https://bugs.webkit.org/show_bug.cgi?id=100601 |
4175 | - |
4176 | - Reviewed by Oliver Hunt. |
4177 | - |
4178 | - This happened to me while I was fixing bugs for https://bugs.webkit.org/show_bug.cgi?id=100599. |
4179 | - I'm not sure how to reproduce this. |
4180 | - |
4181 | - * dfg/DFGAssemblyHelpers.h: |
4182 | - (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): |
4183 | - (AssemblyHelpers): |
4184 | - * dfg/DFGOSRExitCompiler32_64.cpp: |
4185 | - (JSC::DFG::OSRExitCompiler::compileExit): |
4186 | - * dfg/DFGOSRExitCompiler64.cpp: |
4187 | - (JSC::DFG::OSRExitCompiler::compileExit): |
4188 | - |
4189 | -2012-10-27 Filip Pizlo <fpizlo@apple.com> |
4190 | - |
4191 | - DFG::Array::Mode needs to be cleaned up |
4192 | - https://bugs.webkit.org/show_bug.cgi?id=100599 |
4193 | - |
4194 | - Reviewed by Oliver Hunt. |
4195 | - |
4196 | - Turn the previous massive Array::Mode enum into a class that contains four |
4197 | - fields, the type, whether it's a JSArray, the level of speculation, and the |
4198 | - kind of conversion to perform. |
4199 | - |
4200 | - No performance or behavioral change. |
4201 | - |
4202 | - * dfg/DFGAbstractState.cpp: |
4203 | - (JSC::DFG::AbstractState::execute): |
4204 | - * dfg/DFGArgumentsSimplificationPhase.cpp: |
4205 | - (JSC::DFG::ArgumentsSimplificationPhase::run): |
4206 | - * dfg/DFGArrayMode.cpp: |
4207 | - (JSC::DFG::ArrayMode::fromObserved): |
4208 | - (JSC::DFG::ArrayMode::refine): |
4209 | - (JSC::DFG::ArrayMode::alreadyChecked): |
4210 | - (JSC::DFG::arrayTypeToString): |
4211 | - (JSC::DFG::arrayClassToString): |
4212 | - (DFG): |
4213 | - (JSC::DFG::arraySpeculationToString): |
4214 | - (JSC::DFG::arrayConversionToString): |
4215 | - (JSC::DFG::ArrayMode::toString): |
4216 | - * dfg/DFGArrayMode.h: |
4217 | - (DFG): |
4218 | - (ArrayMode): |
4219 | - (JSC::DFG::ArrayMode::ArrayMode): |
4220 | - (JSC::DFG::ArrayMode::type): |
4221 | - (JSC::DFG::ArrayMode::arrayClass): |
4222 | - (JSC::DFG::ArrayMode::speculation): |
4223 | - (JSC::DFG::ArrayMode::conversion): |
4224 | - (JSC::DFG::ArrayMode::asWord): |
4225 | - (JSC::DFG::ArrayMode::fromWord): |
4226 | - (JSC::DFG::ArrayMode::withSpeculation): |
4227 | - (JSC::DFG::ArrayMode::usesButterfly): |
4228 | - (JSC::DFG::ArrayMode::isJSArray): |
4229 | - (JSC::DFG::ArrayMode::isInBounds): |
4230 | - (JSC::DFG::ArrayMode::mayStoreToHole): |
4231 | - (JSC::DFG::ArrayMode::isOutOfBounds): |
4232 | - (JSC::DFG::ArrayMode::isSlowPut): |
4233 | - (JSC::DFG::ArrayMode::canCSEStorage): |
4234 | - (JSC::DFG::ArrayMode::lengthNeedsStorage): |
4235 | - (JSC::DFG::ArrayMode::modeForPut): |
4236 | - (JSC::DFG::ArrayMode::isSpecific): |
4237 | - (JSC::DFG::ArrayMode::supportsLength): |
4238 | - (JSC::DFG::ArrayMode::benefitsFromStructureCheck): |
4239 | - (JSC::DFG::ArrayMode::doesConversion): |
4240 | - (JSC::DFG::ArrayMode::arrayModesThatPassFiltering): |
4241 | - (JSC::DFG::ArrayMode::operator==): |
4242 | - (JSC::DFG::ArrayMode::operator!=): |
4243 | - (JSC::DFG::ArrayMode::arrayModesWithIndexingShape): |
4244 | - (JSC::DFG::canCSEStorage): |
4245 | - (JSC::DFG::lengthNeedsStorage): |
4246 | - * dfg/DFGByteCodeParser.cpp: |
4247 | - (JSC::DFG::ByteCodeParser::getArrayMode): |
4248 | - (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks): |
4249 | - (JSC::DFG::ByteCodeParser::handleIntrinsic): |
4250 | - (JSC::DFG::ByteCodeParser::parseBlock): |
4251 | - * dfg/DFGCSEPhase.cpp: |
4252 | - (JSC::DFG::CSEPhase::getArrayLengthElimination): |
4253 | - (JSC::DFG::CSEPhase::checkArrayElimination): |
4254 | - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): |
4255 | - (JSC::DFG::CSEPhase::performNodeCSE): |
4256 | - * dfg/DFGConstantFoldingPhase.cpp: |
4257 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
4258 | - * dfg/DFGFixupPhase.cpp: |
4259 | - (JSC::DFG::FixupPhase::fixupNode): |
4260 | - (JSC::DFG::FixupPhase::checkArray): |
4261 | - (JSC::DFG::FixupPhase::blessArrayOperation): |
4262 | - * dfg/DFGGraph.cpp: |
4263 | - (JSC::DFG::Graph::dump): |
4264 | - * dfg/DFGGraph.h: |
4265 | - (JSC::DFG::Graph::byValIsPure): |
4266 | - * dfg/DFGNode.h: |
4267 | - (JSC::DFG::Node::arrayMode): |
4268 | - (JSC::DFG::Node::setArrayMode): |
4269 | - * dfg/DFGSpeculativeJIT.cpp: |
4270 | - (JSC::DFG::SpeculativeJIT::typedArrayDescriptor): |
4271 | - (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): |
4272 | - (JSC::DFG::SpeculativeJIT::checkArray): |
4273 | - (JSC::DFG::SpeculativeJIT::arrayify): |
4274 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnString): |
4275 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): |
4276 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): |
4277 | - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): |
4278 | - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): |
4279 | - (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): |
4280 | - (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength): |
4281 | - (JSC::DFG::SpeculativeJIT::compileGetArrayLength): |
4282 | - (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal): |
4283 | - * dfg/DFGSpeculativeJIT.h: |
4284 | - (JSC::DFG::SpeculativeJIT::putByValWillNeedExtraRegister): |
4285 | - (SpeculativeJIT): |
4286 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
4287 | - (JSC::DFG::SpeculativeJIT::compile): |
4288 | - * dfg/DFGSpeculativeJIT64.cpp: |
4289 | - (JSC::DFG::SpeculativeJIT::compile): |
4290 | - |
4291 | -2012-10-27 Dan Bernstein <mitz@apple.com> |
4292 | - |
4293 | - REAL_PLATFORM_NAME build setting is no longer needed |
4294 | - https://bugs.webkit.org/show_bug.cgi?id=100587 |
4295 | - |
4296 | - Reviewed by Mark Rowe. |
4297 | - |
4298 | - Removed the definition of REAL_PLATFORM_NAME and replaced references to it with references |
4299 | - to PLATFORM_NAME. |
4300 | - |
4301 | - * Configurations/Base.xcconfig: |
4302 | - * Configurations/CompilerVersion.xcconfig: |
4303 | - * Configurations/DebugRelease.xcconfig: |
4304 | - * Configurations/FeatureDefines.xcconfig: |
4305 | - * Configurations/JSC.xcconfig: |
4306 | - * Configurations/JavaScriptCore.xcconfig: |
4307 | - * Configurations/ToolExecutable.xcconfig: |
4308 | - |
4309 | -2012-10-25 Filip Pizlo <fpizlo@apple.com> |
4310 | - |
4311 | - Forward OSR calculation is wrong in the presence of multiple SetLocals, or a mix of SetLocals and Phantoms |
4312 | - https://bugs.webkit.org/show_bug.cgi?id=100461 |
4313 | - |
4314 | - Reviewed by Oliver Hunt and Gavin Barraclough. |
4315 | - |
4316 | - This does a couple of things. First, it removes the part of the change in r131822 that made the forward |
4317 | - OSR exit calculator capable of handling multiple SetLocals. That change was wrong, because it would |
4318 | - blindly assume that all SetLocals had the same ValueRecovery, and would ignore the possibility that if |
4319 | - there is no value recovery then a ForwardCheckStructure on the first SetLocal would not know how to |
4320 | - recover the state associated with the second SetLocal. Then, it introduces the invariant that any bytecode |
4321 | - op that decomposes into multiple SetLocals must first emit dead SetLocals as hints and then emit a second |
4322 | - set of SetLocals to actually do the setting of the locals. This means that if a ForwardCheckStructure (or |
4323 | - any other hoisted forward speculation) is inserted, it will always be inserted on the second set of |
4324 | - SetLocals (since hoisting only touches the live ones), at which point OSR will already know about the |
4325 | - mov hints implied by the first set of (dead) SetLocals. This gives us the behavior we wanted, namely, that |
4326 | - a ForwardCheckStructure applied to a variant set by a resolve_with_base-like operation can correctly do a |
4327 | - forward exit while also ensuring that prior to exiting we set the appropriate locals. |
4328 | - |
4329 | - * dfg/DFGByteCodeParser.cpp: |
4330 | - (JSC::DFG::ByteCodeParser::parseBlock): |
4331 | - * dfg/DFGOSRExit.cpp: |
4332 | - (JSC::DFG::OSRExit::OSRExit): |
4333 | - * dfg/DFGOSRExit.h: |
4334 | - (OSRExit): |
4335 | - * dfg/DFGOSRExitCompiler.cpp: |
4336 | - * dfg/DFGOSRExitCompiler32_64.cpp: |
4337 | - (JSC::DFG::OSRExitCompiler::compileExit): |
4338 | - * dfg/DFGOSRExitCompiler64.cpp: |
4339 | - (JSC::DFG::OSRExitCompiler::compileExit): |
4340 | - * dfg/DFGSpeculativeJIT.cpp: |
4341 | - (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward): |
4342 | - |
4343 | -2012-10-26 Simon Hausmann <simon.hausmann@digia.com> |
4344 | - |
4345 | - [Qt] Fix the LLInt build on Windows |
4346 | - https://bugs.webkit.org/show_bug.cgi?id=97648 |
4347 | - |
4348 | - Reviewed by Tor Arne Vestbø. |
4349 | - |
4350 | - The main change for the port on Windows is changing the way offsets are extracted |
4351 | - and the LLIntAssembly.h is generated to accomodate release and debug configurations. |
4352 | - |
4353 | - Firstly the LLIntOffsetsExtractor binary is now built as-is (no DESTDIR set) and |
4354 | - placed into debug\LLIntOffsetsExtractor.exe and release\LLIntOffsetsExtractor.exe |
4355 | - on Windows debug_and_release builds. On other patforms it remainds in the regular |
4356 | - out directory. |
4357 | - |
4358 | - Secondly the LLIntAssembly.h files must be different for different build types, |
4359 | - so the LLIntAssembly.h generator in DerivedSources.pri operates no on the extractor |
4360 | - binary files as input. Using a simple exists() check we verify the presence of either |
4361 | - a regular, a debug\LLIntOffsetsExtractor and a release\LLIntOffsetsExtractor binary |
4362 | - and process all of them. The resulting assembly files consequently end up in |
4363 | - generated\debug\LLIntAssembly.h and generated\release\LLIntAssembly.h. |
4364 | - |
4365 | - In Target.pri we have to also make sure that those directories are in the include |
4366 | - path according to the release or debug configuration. |
4367 | - |
4368 | - Lastly a small tweak - swapping WTF.pri and JSC.pri inclusions - in the |
4369 | - LLIntOffsetsExtractor build was needed to make sure that we include |
4370 | - JavaScriptCore/config.h instead of WTF/config.h, required to fix the |
4371 | - build issues originally pasted in bug #97648. |
4372 | - |
4373 | - * DerivedSources.pri: |
4374 | - * JavaScriptCore.pro: |
4375 | - * LLIntOffsetsExtractor.pro: |
4376 | - * Target.pri: |
4377 | - |
4378 | -2012-10-26 Gabor Ballabas <gaborb@inf.u-szeged.hu> |
4379 | - |
4380 | - [Qt] Enable JSC's disassembler on x86, x86_64 Linux |
4381 | - https://bugs.webkit.org/show_bug.cgi?id=100386 |
4382 | - |
4383 | - Reviewed by Simon Hausmann. |
4384 | - |
4385 | - It works fine on Linux x86, x86_64 just needs to be enabled in the |
4386 | - QtWebKit build system. |
4387 | - |
4388 | - * DerivedSources.pri: |
4389 | - * JavaScriptCore.pri: |
4390 | - * Target.pri: |
4391 | - |
4392 | -2012-10-26 Thiago Marcos P. Santos <thiago.santos@intel.com> |
4393 | - |
4394 | - Add feature flags for CSS Device Adaptation |
4395 | - https://bugs.webkit.org/show_bug.cgi?id=95960 |
4396 | - |
4397 | - Reviewed by Kenneth Rohde Christiansen. |
4398 | - |
4399 | - * Configurations/FeatureDefines.xcconfig: |
4400 | - |
4401 | -2012-10-26 Simon Hausmann <simon.hausmann@digia.com> |
4402 | - |
4403 | - [WIN] Make LLInt offsets extractor work on Windows |
4404 | - https://bugs.webkit.org/show_bug.cgi?id=100369 |
4405 | - |
4406 | - Reviewed by Kenneth Rohde Christiansen. |
4407 | - |
4408 | - Open the input file explicitly in binary mode to prevent ruby/Windows from thinking that |
4409 | - it's a text mode file that needs even new line conversions. The binary mode parameter is |
4410 | - ignored on other platforms. |
4411 | - |
4412 | - * offlineasm/offsets.rb: |
4413 | - |
4414 | -2012-10-25 Michael Saboff <msaboff@apple.com> |
4415 | - |
4416 | - SymbolTableIndexHashTraits::needsDestruction should be set to true |
4417 | - https://bugs.webkit.org/show_bug.cgi?id=100437 |
4418 | - |
4419 | - Reviewed by Mark Hahnenberg. |
4420 | - |
4421 | - For correctness, set SymbolTableIndexHashTraits::needsDestruction to true since SymbolTableEntry's do |
4422 | - need to have their destructor called due to the possibility of rare data. |
4423 | - |
4424 | - * runtime/SymbolTable.h: |
4425 | - (SymbolTableIndexHashTraits): |
4426 | - |
4427 | -2012-10-25 Filip Pizlo <fpizlo@apple.com> |
4428 | - |
4429 | - DFG Arrayify elimination should replace it with GetButterfly rather than Phantom |
4430 | - https://bugs.webkit.org/show_bug.cgi?id=100441 |
4431 | - |
4432 | - Reviewed by Oliver Hunt and Gavin Barraclough. |
4433 | - |
4434 | - Made array profiler's to-string helper behave correctly. |
4435 | - |
4436 | - Made Arrayify elimination do the right thing (convert to GetButterfly). |
4437 | - |
4438 | - Made CFA's interference analysis track clobbered array modes correctly, mostly by |
4439 | - simplifying the machinery. |
4440 | - |
4441 | - * bytecode/ArrayProfile.cpp: |
4442 | - (JSC::arrayModesToString): |
4443 | - * dfg/DFGAbstractState.cpp: |
4444 | - (JSC::DFG::AbstractState::execute): |
4445 | - * dfg/DFGAbstractValue.h: |
4446 | - (JSC::DFG::AbstractValue::clobberArrayModes): |
4447 | - (AbstractValue): |
4448 | - * dfg/DFGConstantFoldingPhase.cpp: |
4449 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
4450 | - |
4451 | -2012-10-25 Filip Pizlo <fpizlo@apple.com> |
4452 | - |
4453 | - REGRESSION (r131793-r131826): Crash going to wikifonia.org |
4454 | - https://bugs.webkit.org/show_bug.cgi?id=100281 |
4455 | - |
4456 | - Reviewed by Oliver Hunt. |
4457 | - |
4458 | - Restore something that got lost in the resolve refactoring: the ability to give up on life if |
4459 | - we see a resolve of 'arguments'. |
4460 | - |
4461 | - * runtime/JSScope.cpp: |
4462 | - (JSC::JSScope::resolveContainingScopeInternal): |
4463 | - |
4464 | -2012-10-25 Dominik Röttsches <dominik.rottsches@intel.com> |
4465 | - |
4466 | - Conditionalize XHR timeout support |
4467 | - https://bugs.webkit.org/show_bug.cgi?id=100356 |
4468 | - |
4469 | - Reviewed by Adam Barth. |
4470 | - |
4471 | - Adding XHR_TIMEOUT feature to conditionalize this on ports without network backend support. |
4472 | - |
4473 | - * Configurations/FeatureDefines.xcconfig: |
4474 | - |
4475 | -2012-10-25 Michael Saboff <msaboff@apple.com> |
4476 | - |
4477 | - REGRESSION (r131836): failures in list styles tests on EFL, GTK |
4478 | - https://bugs.webkit.org/show_bug.cgi?id=99824 |
4479 | - |
4480 | - Reviewed by Oliver Hunt. |
4481 | - |
4482 | - Saved start of string since it is modified by call convertUTF8ToUTF16(). |
4483 | - |
4484 | - * API/JSStringRef.cpp: |
4485 | - (JSStringCreateWithUTF8CString): |
4486 | - |
4487 | -2012-10-24 Filip Pizlo <fpizlo@apple.com> |
4488 | - |
4489 | - DFG NewArrayBuffer node should keep its data in a structure on the side to free up one of the opInfos |
4490 | - https://bugs.webkit.org/show_bug.cgi?id=100328 |
4491 | - |
4492 | - Reviewed by Oliver Hunt. |
4493 | - |
4494 | - * dfg/DFGByteCodeParser.cpp: |
4495 | - (JSC::DFG::ByteCodeParser::parseBlock): |
4496 | - * dfg/DFGGraph.h: |
4497 | - (Graph): |
4498 | - * dfg/DFGNode.h: |
4499 | - (NewArrayBufferData): |
4500 | - (DFG): |
4501 | - (JSC::DFG::Node::newArrayBufferData): |
4502 | - (Node): |
4503 | - (JSC::DFG::Node::startConstant): |
4504 | - (JSC::DFG::Node::numConstants): |
4505 | - |
4506 | -2012-10-25 Mark Lam <mark.lam@apple.com> |
4507 | - |
4508 | - Update the C++ llint to work with the latest op_resolve... changes. |
4509 | - https://bugs.webkit.org/show_bug.cgi?id=100345. |
4510 | - |
4511 | - Reviewed by Oliver Hunt. |
4512 | - |
4513 | - * llint/LowLevelInterpreter.cpp: |
4514 | - (JSC::CLoop::execute): |
4515 | - - emit opcode name as label when not using COMPUTED_GOTOs. The new op_resolve |
4516 | - opcodes have jumps to these labels. |
4517 | - - declare all opcode labels as UNUSED_LABEL()s to keep the compiler happy |
4518 | - for opcodes that are not referenced by anyone. |
4519 | - * offlineasm/asm.rb: |
4520 | - - strip llint_ prefix from opcode names used as labels. |
4521 | - |
4522 | -2012-10-24 Yuqiang Xian <yuqiang.xian@intel.com> |
4523 | - |
4524 | - Refactor LLInt64 to distinguish the pointer operations from the 64-bit integer operations |
4525 | - https://bugs.webkit.org/show_bug.cgi?id=100321 |
4526 | - |
4527 | - Reviewed by Filip Pizlo. |
4528 | - |
4529 | - We have refactored the MacroAssembler and JIT compilers to distinguish |
4530 | - the pointer operations from the 64-bit integer operations (see bug #99154). |
4531 | - Now we want to do the similar work for LLInt, and the goal is same as |
4532 | - the one mentioned in 99154. |
4533 | - |
4534 | - This is the first part of the modification: in the offline assembler, |
4535 | - adding the support of the "<foo>q" instructions which will be used for |
4536 | - 64-bit integer operations. |
4537 | - |
4538 | - * llint/LowLevelInterpreter.cpp: |
4539 | - (JSC::CLoop::execute): |
4540 | - * offlineasm/cloop.rb: |
4541 | - * offlineasm/instructions.rb: |
4542 | - * offlineasm/x86.rb: |
4543 | - |
4544 | -2012-10-24 Filip Pizlo <fpizlo@apple.com> |
4545 | - |
4546 | - DFG compileBlahBlahByVal methods for Contiguous and ArrayStorage have only one caller and should be removed |
4547 | - https://bugs.webkit.org/show_bug.cgi?id=100311 |
4548 | - |
4549 | - Reviewed by Mark Hahnenberg. |
4550 | - |
4551 | - Just trying to simplify things before I make them more complicated again. |
4552 | - |
4553 | - * dfg/DFGSpeculativeJIT.h: |
4554 | - (SpeculativeJIT): |
4555 | - (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal): |
4556 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
4557 | - (DFG): |
4558 | - (JSC::DFG::SpeculativeJIT::compile): |
4559 | - * dfg/DFGSpeculativeJIT64.cpp: |
4560 | - (DFG): |
4561 | - (JSC::DFG::SpeculativeJIT::compile): |
4562 | - |
4563 | -2012-10-23 Andreas Kling <kling@webkit.org> |
4564 | - |
4565 | - CodeBlock: Give m_putToBaseOperations an inline capacity. |
4566 | - <http://webkit.org/b/100190> |
4567 | - <rdar://problem/12562466> |
4568 | - |
4569 | - Reviewed by Oliver Hunt. |
4570 | - |
4571 | - Since the CodeBlock constructor always inserts a single PutToBaseOperation, but there's no |
4572 | - guarantee that more will follow, give the m_putToBaseOperations vector an inline capacity of 1. |
4573 | - There are 4009 of these Vectors on Membuster3, and only 126 of them have more than a single entry. |
4574 | - |
4575 | - This change yields a 1.90MB reduction in memory usage. |
4576 | - |
4577 | - * bytecode/CodeBlock.h: |
4578 | - (CodeBlock): |
4579 | - |
4580 | -2012-10-23 Christophe Dumez <christophe.dumez@intel.com> |
4581 | - |
4582 | - Regression(r132143): Assertion hit in JSC::Interpreter::StackPolicy::StackPolicy(JSC::Interpreter&, const WTF::StackBounds&) |
4583 | - https://bugs.webkit.org/show_bug.cgi?id=100109 |
4584 | - |
4585 | - Reviewed by Oliver Hunt. |
4586 | - |
4587 | - Fix possible integer overflow in StackPolicy constructor by |
4588 | - using size_t type instead of int for stack sizes. The value |
4589 | - returned by StackBounds::size() is of type size_t but was |
4590 | - assigned to an int, which may overflow. |
4591 | - |
4592 | - * interpreter/Interpreter.cpp: |
4593 | - (JSC): |
4594 | - (JSC::Interpreter::StackPolicy::StackPolicy): |
4595 | - |
4596 | -2012-10-23 Carlos Garcia Campos <cgarcia@igalia.com> |
4597 | - |
4598 | - Unreviewed. Fix make distcheck. |
4599 | - |
4600 | - * GNUmakefile.list.am: Add missing header file. |
4601 | - |
4602 | -2012-10-23 Mark Lam <mark.lam@apple.com> |
4603 | - |
4604 | - Make topCallFrame reliable. |
4605 | - https://bugs.webkit.org/show_bug.cgi?id=98928. |
4606 | - |
4607 | - Reviewed by Geoffrey Garen. |
4608 | - |
4609 | - - VM entry points and the GC now uses topCallFrame. |
4610 | - - The callerFrame value in CallFrames are now always the previous |
4611 | - frame on the stack, except for the first frame which has a |
4612 | - callerFrame of 0 (not counting the HostCallFrameFlag). |
4613 | - Hence, we can now traverse every frame on the stack all the way |
4614 | - back to the first frame. |
4615 | - - GlobalExec's will no longer be used as the callerFrame values in |
4616 | - call frames. |
4617 | - - Added fences and traps for debugging the JSStack in debug builds. |
4618 | - |
4619 | - * bytecode/SamplingTool.h: |
4620 | - (SamplingTool): |
4621 | - (JSC::SamplingTool::CallRecord::CallRecord): |
4622 | - * dfg/DFGOperations.cpp: |
4623 | - - Fixed 2 DFG helper functions to flush topCallFrame as expected. |
4624 | - * dfg/DFGSpeculativeJIT.h: |
4625 | - (JSC::DFG::SpeculativeJIT::prepareForExternalCall): |
4626 | - * interpreter/CallFrame.h: |
4627 | - (JSC::ExecState::callerFrameNoFlags): |
4628 | - (ExecState): |
4629 | - (JSC::ExecState::argIndexForRegister): |
4630 | - (JSC::ExecState::getArgumentUnsafe): |
4631 | - * interpreter/CallFrameClosure.h: |
4632 | - (CallFrameClosure): |
4633 | - * interpreter/Interpreter.cpp: |
4634 | - (JSC): |
4635 | - (JSC::eval): |
4636 | - (JSC::Interpreter::Interpreter): |
4637 | - (JSC::Interpreter::throwException): |
4638 | - (JSC::Interpreter::execute): |
4639 | - (JSC::Interpreter::executeCall): |
4640 | - (JSC::Interpreter::executeConstruct): |
4641 | - (JSC::Interpreter::prepareForRepeatCall): |
4642 | - (JSC::Interpreter::endRepeatCall): |
4643 | - * interpreter/Interpreter.h: |
4644 | - (JSC): |
4645 | - (Interpreter): |
4646 | - * interpreter/JSStack.cpp: |
4647 | - (JSC::JSStack::JSStack): |
4648 | - (JSC::JSStack::gatherConservativeRoots): |
4649 | - (JSC::JSStack::disableErrorStackReserve): |
4650 | - * interpreter/JSStack.h: |
4651 | - (JSC): |
4652 | - (JSStack): |
4653 | - (JSC::JSStack::installFence): |
4654 | - (JSC::JSStack::validateFence): |
4655 | - (JSC::JSStack::installTrapsAfterFrame): |
4656 | - * interpreter/JSStackInlines.h: Added. |
4657 | - (JSC): |
4658 | - (JSC::JSStack::getTopOfFrame): |
4659 | - (JSC::JSStack::getTopOfStack): |
4660 | - (JSC::JSStack::getStartOfFrame): |
4661 | - (JSC::JSStack::pushFrame): |
4662 | - (JSC::JSStack::popFrame): |
4663 | - (JSC::JSStack::generateFenceValue): |
4664 | - (JSC::JSStack::installFence): |
4665 | - (JSC::JSStack::validateFence): |
4666 | - (JSC::JSStack::installTrapsAfterFrame): |
4667 | - * jit/JITStubs.cpp: |
4668 | - (JSC::jitCompileFor): |
4669 | - (JSC::lazyLinkFor): |
4670 | - - Set frame->codeBlock to 0 for both the above because they are called |
4671 | - with partially intitialized frames (cb uninitialized), but may |
4672 | - trigger a GC. |
4673 | - (JSC::DEFINE_STUB_FUNCTION): |
4674 | - * runtime/JSGlobalData.cpp: |
4675 | - (JSC::JSGlobalData::JSGlobalData): |
4676 | - |
4677 | -2012-10-22 Filip Pizlo <fpizlo@apple.com> |
4678 | - |
4679 | - DFG::Array::Undecided should be called DFG::Array::SelectUsingPredictions |
4680 | - https://bugs.webkit.org/show_bug.cgi?id=100052 |
4681 | - |
4682 | - Reviewed by Oliver Hunt. |
4683 | - |
4684 | - No functional change, just renaming. It's a clearer name that more accurately |
4685 | - reflects the meaning, and it eliminates the namespace confusion that will happen |
4686 | - with the Undecided indexing type in https://bugs.webkit.org/show_bug.cgi?id=98606 |
4687 | - |
4688 | - * dfg/DFGAbstractState.cpp: |
4689 | - (JSC::DFG::AbstractState::execute): |
4690 | - * dfg/DFGArrayMode.cpp: |
4691 | - (JSC::DFG::fromObserved): |
4692 | - (JSC::DFG::refineArrayMode): |
4693 | - (JSC::DFG::modeAlreadyChecked): |
4694 | - (JSC::DFG::modeToString): |
4695 | - * dfg/DFGArrayMode.h: |
4696 | - (JSC::DFG::canCSEStorage): |
4697 | - (JSC::DFG::modeIsSpecific): |
4698 | - (JSC::DFG::modeSupportsLength): |
4699 | - (JSC::DFG::benefitsFromStructureCheck): |
4700 | - * dfg/DFGFixupPhase.cpp: |
4701 | - (JSC::DFG::FixupPhase::fixupNode): |
4702 | - (JSC::DFG::FixupPhase::blessArrayOperation): |
4703 | - * dfg/DFGSpeculativeJIT.cpp: |
4704 | - (JSC::DFG::SpeculativeJIT::arrayify): |
4705 | - * dfg/DFGSpeculativeJIT32_64.cpp: |
4706 | - (JSC::DFG::SpeculativeJIT::compile): |
4707 | - * dfg/DFGSpeculativeJIT64.cpp: |
4708 | - (JSC::DFG::SpeculativeJIT::compile): |
4709 | - |
4710 | -2012-10-22 Mark Lam <mark.lam@apple.com> |
4711 | - |
4712 | - Change stack recursion checks to be based on stack availability. |
4713 | - https://bugs.webkit.org/show_bug.cgi?id=99872. |
4714 | - |
4715 | - Reviewed by Filip Pizlo and Geoffrey Garen. |
4716 | - |
4717 | - - Remove m_reentryDepth, ThreadStackType which are now obsolete. |
4718 | - - Replaced the reentryDepth checks with a StackBounds check. |
4719 | - - Added the Interpreter::StackPolicy class to compute a reasonable |
4720 | - stack capacity requirement given the native stack that the |
4721 | - interpreter is executing on at that time. |
4722 | - - Reserved an amount of JSStack space for the use of error handling |
4723 | - and enable its use (using Interpreter::ErrorHandlingMode) when |
4724 | - we're about to throw or report an exception. |
4725 | - - Interpreter::StackPolicy also allows more native stack space |
4726 | - to be used when in ErrorHandlingMode. This is needed in the case |
4727 | - of native stack overflows. |
4728 | - - Fixed the parser so that it throws a StackOverflowError instead of |
4729 | - a SyntaxError when it encounters a stack overflow. |
4730 | - |
4731 | - * API/JSContextRef.cpp: |
4732 | - (JSContextGroupCreate): |
4733 | - (JSGlobalContextCreateInGroup): |
4734 | - * JavaScriptCore.order: |
4735 | - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: |
4736 | - * interpreter/Interpreter.cpp: |
4737 | - (JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode): |
4738 | - (JSC): |
4739 | - (JSC::Interpreter::ErrorHandlingMode::~ErrorHandlingMode): |
4740 | - (JSC::Interpreter::StackPolicy::StackPolicy): |
4741 | - (JSC::Interpreter::Interpreter): |
4742 | - (JSC::Interpreter::execute): |
4743 | - (JSC::Interpreter::executeCall): |
4744 | - (JSC::Interpreter::executeConstruct): |
4745 | - (JSC::Interpreter::prepareForRepeatCall): |
4746 | - * interpreter/Interpreter.h: |
4747 | - (JSC): |
4748 | - (Interpreter): |
4749 | - (ErrorHandlingMode): |
4750 | - (StackPolicy): |
4751 | - (JSC::Interpreter::StackPolicy::requiredCapacity): |
4752 | - * interpreter/JSStack.cpp: |
4753 | - (JSC): |
4754 | - (JSC::JSStack::JSStack): |
4755 | - (JSC::JSStack::growSlowCase): |
4756 | - (JSC::JSStack::enableErrorStackReserve): |
4757 | - (JSC::JSStack::disableErrorStackReserve): |
4758 | - * interpreter/JSStack.h: |
4759 | - (JSStack): |
4760 | - (JSC::JSStack::reservationEnd): |
4761 | - (JSC): |
4762 | - * jsc.cpp: |
4763 | - (jscmain): |
4764 | - * parser/Parser.cpp: |
4765 | - (JSC::::Parser): |
4766 | - * parser/Parser.h: |
4767 | - (Parser): |
4768 | - (JSC::::parse): |
4769 | - * runtime/ExceptionHelpers.cpp: |
4770 | - (JSC::throwStackOverflowError): |
4771 | - * runtime/JSGlobalData.cpp: |
4772 | - (JSC::JSGlobalData::JSGlobalData): |
4773 | - (JSC::JSGlobalData::createContextGroup): |
4774 | - (JSC::JSGlobalData::create): |
4775 | - (JSC::JSGlobalData::createLeaked): |
4776 | - (JSC::JSGlobalData::sharedInstance): |
4777 | - * runtime/JSGlobalData.h: |
4778 | - (JSC): |
4779 | - (JSGlobalData): |
4780 | - * runtime/StringRecursionChecker.h: |
4781 | - (JSC::StringRecursionChecker::performCheck): |
4782 | - * testRegExp.cpp: |
4783 | - (realMain): |
4784 | - |
4785 | -2012-10-20 Martin Robinson <mrobinson@igalia.com> |
4786 | - |
4787 | - Fix 'make dist' for the GTK+ port |
4788 | - |
4789 | - * GNUmakefile.list.am: Add missing files to the source list. |
4790 | - |
4791 | -2012-10-21 Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com> |
4792 | - |
4793 | - [CMake][JSC] Depend on risc.rb to decide when to run the LLInt scripts. |
4794 | - https://bugs.webkit.org/show_bug.cgi?id=99917 |
4795 | - |
4796 | - Reviewed by Geoffrey Garen. |
4797 | - |
4798 | - Depend on the newly-added risc.rb to make sure we always run the |
4799 | - LLInt scripts when one of them changes. |
4800 | - |
4801 | - * CMakeLists.txt: |
4802 | - |
4803 | -2012-10-20 Filip Pizlo <fpizlo@apple.com> |
4804 | - |
4805 | - LLInt backends of non-ARM RISC platforms should be able to share code with the existing ARMv7 backend |
4806 | - https://bugs.webkit.org/show_bug.cgi?id=99745 |
4807 | - |
4808 | - Reviewed by Geoffrey Garen. |
4809 | - |
4810 | - This moves all of the things in armv7.rb that I thought are generally useful out |
4811 | - into risc.rb. It also separates some phases (branch ops is separated into one |
4812 | - phase that does sensible things, and another that does things that are painfully |
4813 | - ARM-specific), and removes ARM assumptions from others by using a callback to |
4814 | - drive exactly what lowering must happen. The goal here is to minimize the future |
4815 | - maintenance burden of LLInt by ensuring that the various platforms share as much |
4816 | - lowering code as possible. |
4817 | - |
4818 | - * offlineasm/armv7.rb: |
4819 | - * offlineasm/risc.rb: Added. |
4820 | - |
4821 | -2012-10-19 Filip Pizlo <fpizlo@apple.com> |
4822 | - |
4823 | - DFG should have some facility for recognizing redundant CheckArrays and Arrayifies |
4824 | - https://bugs.webkit.org/show_bug.cgi?id=99287 |
4825 | - |
4826 | - Reviewed by Mark Hahnenberg. |
4827 | - |
4828 | - Adds reasoning about indexing type sets (i.e. ArrayModes) to AbstractValue, which |
4829 | - then enables us to fold away CheckArray's and Arrayify's that are redundant. |
4830 | - |
4831 | - * bytecode/ArrayProfile.cpp: |
4832 | - (JSC::arrayModesToString): |
4833 | - (JSC): |
4834 | - * bytecode/ArrayProfile.h: |
4835 | - (JSC): |
4836 | - (JSC::mergeArrayModes): |
4837 | - (JSC::arrayModesAlreadyChecked): |
4838 | - * bytecode/StructureSet.h: |
4839 | - (JSC::StructureSet::arrayModesFromStructures): |
4840 | - (StructureSet): |
4841 | - * dfg/DFGAbstractState.cpp: |
4842 | - (JSC::DFG::AbstractState::execute): |
4843 | - * dfg/DFGAbstractValue.h: |
4844 | - (JSC::DFG::AbstractValue::AbstractValue): |
4845 | - (JSC::DFG::AbstractValue::clear): |
4846 | - (JSC::DFG::AbstractValue::isClear): |
4847 | - (JSC::DFG::AbstractValue::makeTop): |
4848 | - (JSC::DFG::AbstractValue::clobberStructures): |
4849 | - (AbstractValue): |
4850 | - (JSC::DFG::AbstractValue::setMostSpecific): |
4851 | - (JSC::DFG::AbstractValue::set): |
4852 | - (JSC::DFG::AbstractValue::operator==): |
4853 | - (JSC::DFG::AbstractValue::merge): |
4854 | - (JSC::DFG::AbstractValue::filter): |
4855 | - (JSC::DFG::AbstractValue::filterArrayModes): |
4856 | - (JSC::DFG::AbstractValue::validate): |
4857 | - (JSC::DFG::AbstractValue::checkConsistency): |
4858 | - (JSC::DFG::AbstractValue::dump): |
4859 | - (JSC::DFG::AbstractValue::clobberArrayModes): |
4860 | - (JSC::DFG::AbstractValue::clobberArrayModesSlow): |
4861 | - (JSC::DFG::AbstractValue::setFuturePossibleStructure): |
4862 | - (JSC::DFG::AbstractValue::filterFuturePossibleStructure): |
4863 | - * dfg/DFGArrayMode.cpp: |
4864 | - (JSC::DFG::modeAlreadyChecked): |
4865 | - * dfg/DFGArrayMode.h: |
4866 | - (JSC::DFG::arrayModesFor): |
4867 | - (DFG): |
4868 | - * dfg/DFGConstantFoldingPhase.cpp: |
4869 | - (JSC::DFG::ConstantFoldingPhase::foldConstants): |
4870 | - * dfg/DFGSpeculativeJIT.cpp: |
4871 | - (JSC::DFG::SpeculativeJIT::arrayify): |
4872 | - |
4873 | -2012-10-19 Filip Pizlo <fpizlo@apple.com> |
4874 | - |
4875 | - Baseline JIT should not inline array allocations, to make them easier to instrument |
4876 | - https://bugs.webkit.org/show_bug.cgi?id=99905 |
4877 | - |
4878 | - Reviewed by Mark Hahnenberg. |
4879 | - |
4880 | - This will make it easier to instrument array allocations for the purposes of profiling. |
4881 | - It also allows us to kill off a bunch of code. And, this doesn't appear to hurt |
4882 | - performance at all. That's expected because these days any hot allocation will end up |
4883 | - in the DFG JIT, which does inline these allocations. |
4884 | - |
4885 | - * jit/JIT.cpp: |
4886 | - (JSC::JIT::privateCompileSlowCases): |
4887 | - * jit/JIT.h: |
4888 | - (JIT): |
4889 | - * jit/JITInlineMethods.h: |
4890 | - (JSC): |
4891 | - * jit/JITOpcodes.cpp: |
4892 | - (JSC::JIT::emit_op_new_array): |
4893 | - |
4894 | -2012-10-19 Oliver Hunt <oliver@apple.com> |
4895 | - |
4896 | - Fix some of the regression cause by the non-local variable reworking |
4897 | - https://bugs.webkit.org/show_bug.cgi?id=99896 |
4898 | - |
4899 | - Reviewed by Filip Pizlo. |
4900 | - |
4901 | - The non0local variable reworking led to some of the optimisations performed by |
4902 | - the bytecode generator being dropped. This in turn put more pressure on the DFG |
4903 | - optimisations. This exposed a short coming in our double speculation propogation. |
4904 | - Now we try to distinguish between places where we should SpecDoubleReal vs generic |
4905 | - SpecDouble. |
4906 | - |
4907 | - * dfg/DFGPredictionPropagationPhase.cpp: |
4908 | - (PredictionPropagationPhase): |
4909 | - (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction): |
4910 | - (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPredictions): |
4911 | - (JSC::DFG::PredictionPropagationPhase::propagate): |
4912 | - |
4913 | -2012-10-19 Michael Saboff <msaboff@apple.com> |
4914 | - |
4915 | - Lexer should create 8 bit Identifiers for RegularExpressions and ASCII identifiers |
4916 | - https://bugs.webkit.org/show_bug.cgi?id=99855 |
4917 | - |
4918 | - Reviewed by Filip Pizlo. |
4919 | - |
4920 | - Added makeIdentifier helpers that will always make an 8 bit Identifier or make an |
4921 | - Identifier that is the same size as the template parameter. Used the first in the fast |
4922 | - path when looking for a JS identifier and the second when scanning regular expressions. |
4923 | - |
4924 | - * parser/Lexer.cpp: |
4925 | - (JSC::::scanRegExp): |
4926 | - * parser/Lexer.h: |
4927 | - (Lexer): |
4928 | - (JSC::::makeIdentifierSameType): |
4929 | - (JSC::::makeLCharIdentifier): |
4930 | - (JSC::::lexExpectIdentifier): |
4931 | - |
4932 | -2012-10-19 Mark Lam <mark.lam@apple.com> |
4933 | - |
4934 | - Added WTF::StackStats mechanism. |
4935 | - https://bugs.webkit.org/show_bug.cgi?id=99805. |
4936 | - |
4937 | - Reviewed by Geoffrey Garen. |
4938 | - |
4939 | - Added StackStats checkpoints and probes. |
4940 | - |
4941 | - * bytecompiler/BytecodeGenerator.h: |
4942 | - (JSC::BytecodeGenerator::emitNode): |
4943 | - (JSC::BytecodeGenerator::emitNodeInConditionContext): |
4944 | - * heap/SlotVisitor.cpp: |
4945 | - (JSC::SlotVisitor::append): |
4946 | - (JSC::visitChildren): |
4947 | - (JSC::SlotVisitor::donateKnownParallel): |
4948 | - (JSC::SlotVisitor::drain): |
4949 | - (JSC::SlotVisitor::drainFromShared): |
4950 | - (JSC::SlotVisitor::mergeOpaqueRoots): |
4951 | - (JSC::SlotVisitor::internalAppend): |
4952 | - (JSC::SlotVisitor::harvestWeakReferences): |
4953 | - (JSC::SlotVisitor::finalizeUnconditionalFinalizers): |
4954 | - * interpreter/Interpreter.cpp: |
4955 | - (JSC::Interpreter::execute): |
4956 | - (JSC::Interpreter::executeCall): |
4957 | - (JSC::Interpreter::executeConstruct): |
4958 | - (JSC::Interpreter::prepareForRepeatCall): |
4959 | - * parser/Parser.h: |
4960 | - (JSC::Parser::canRecurse): |
4961 | - * runtime/StringRecursionChecker.h: |
4962 | - (StringRecursionChecker): |
4963 | - |
4964 | -2012-10-19 Oliver Hunt <oliver@apple.com> |
4965 | - |
4966 | - REGRESSION(r131822): It made 500+ tests crash on 32 bit platforms |
4967 | - https://bugs.webkit.org/show_bug.cgi?id=99814 |
4968 | - |
4969 | - Reviewed by Filip Pizlo. |
4970 | - |
4971 | - Call the correct macro in 32bit. |
4972 | - |
4973 | - * llint/LowLevelInterpreter.asm: |
4974 | - |
4975 | -2012-10-19 Dongwoo Joshua Im <dw.im@samsung.com> |
4976 | - |
4977 | - Rename ENABLE_CSS3_TEXT_DECORATION to ENABLE_CSS3_TEXT |
4978 | - https://bugs.webkit.org/show_bug.cgi?id=99804 |
4979 | - |
4980 | - Reviewed by Julien Chaffraix. |
4981 | - |
4982 | - CSS3 text related properties will be implemented under this flag, |
4983 | - including text decoration, text-align-last, and text-justify. |
4984 | - |
4985 | - * Configurations/FeatureDefines.xcconfig: |
4986 | - |
4987 | -2012-10-18 Anders Carlsson <andersca@apple.com> |
4988 | - |
4989 | - Clean up RegExpKey |
4990 | - https://bugs.webkit.org/show_bug.cgi?id=99798 |
4991 | - |
4992 | - Reviewed by Darin Adler. |
4993 | - |
4994 | - RegExpHash doesn't need to be a class template specialization when the class template is specialized |
4995 | - for JSC::RegExpKey only. Make it a nested class of RegExp instead. Also, make operator== a friend function |
4996 | - so Hash::equal can see it. |
4997 | - |
4998 | - * runtime/RegExpKey.h: |
4999 | - (JSC::RegExpKey::RegExpKey): |
5000 | - (JSC::RegExpKey::operator==): |
Thanks a lot for the merge, and also the 5.1 adaptation of it committed to the packaging branch.
We have been conservative with qtwebkit so far, because of that add_experimenta lDevicePixelRat io.patch which is going away with 5.1 and which the author hasn't rebased himself (bug #1178443). Your modification at least on a first glance looks similar to what I did at http:// bazaar. launchpad. net/~kubuntu- packagers/ kubuntu- packaging/ qtwebkit- opensource- src/revision/ 27, which was proven to be faulty.
The fix for bug #1171553 also shouldn't be dropped, so I took your branch, added it back and rebuilt. I'm now also building it at qt5-beta2 PPA (although using orig tarball plus packaging branch lp:~kubuntu-packagers/kubuntu-packaging/qtbase-opensource-src_5.0.2, which should be identical). It may then be tested, but if the DPR is still broken it would be best if we stayed at qtwebkit 5.0.1 until Qt 5.1.x, unless a correct rebasing of that patch is done by someone.