1. 02 Jul, 2012 1 commit
  2. 30 Jun, 2012 3 commits
    • fpizlo@apple.com's avatar
      JSObject wastes too much memory on unused property slots · 604d38af
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90255
      
      Reviewed by Mark Hahnenberg.
              
      Rolling back in after applying a simple fix: it appears that
      JSObject::setStructureAndReallocateStorageIfNecessary() was allocating more
      property storage than necessary. Fixing this appears to resolve the crash.
              
      This does a few things:
              
      - JSNonFinalObject no longer has inline property storage.
              
      - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
        or 2x the inline storage for JSFinalObject.
              
      - Property storage is only reallocated if it needs to be. Previously, we
        would reallocate the property storage on any transition where the original
        structure said shouldGrowProperyStorage(), but this led to spurious
        reallocations when doing transitionless property adds and there are
        deleted property slots available. That in turn led to crashes, because we
        would switch to out-of-line storage even if the capacity matched the
        criteria for inline storage.
              
      - Inline JSFunction allocation is killed off because we don't have a good
        way of inlining property storage allocation. This didn't hurt performance.
        Killing off code is better than fixing it if that code wasn't doing any
        good.
              
      This looks like a 1% progression on V8.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_func):
      (JSC):
      (JSC::JIT::emit_op_new_func_exp):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation):
      * runtime/JSObject.h:
      (JSC::JSObject::isUsingInlineStorage):
      (JSObject):
      (JSC::JSObject::finishCreation):
      (JSC):
      (JSC::JSNonFinalObject::hasInlineStorage):
      (JSNonFinalObject):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::hasInlineStorage):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSObject::offsetOfInlineStorage):
      (JSC::JSObject::setPropertyStorage):
      (JSC::Structure::inlineStorageCapacity):
      (JSC::Structure::isUsingInlineStorage):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::nextPropertyStorageCapacity):
      (JSC):
      (JSC::Structure::growPropertyStorageCapacity):
      (JSC::Structure::suggestedNewPropertyStorageSize):
      * runtime/Structure.h:
      (JSC::Structure::putWillGrowPropertyStorage):
      (Structure):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121633 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      604d38af
    • fpizlo@apple.com's avatar
      Webkit crashes in DFG on Google Docs when creating a new document · 3aef57f1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90209
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Don't attempt to short-circuit Phantom(GetLocal) if the GetLocal is for a
      captured variable.
      
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      
      LayoutTests: 
      
      Reviewed by Gavin Barraclough.
      
      * fast/js/dfg-cfg-simplify-phantom-get-local-on-same-block-set-local-expected.txt: Added.
      * fast/js/dfg-cfg-simplify-phantom-get-local-on-same-block-set-local.html: Added.
      * fast/js/script-tests/dfg-cfg-simplify-phantom-get-local-on-same-block-set-local.js: Added.
      (baz):
      (stuff):
      (foo):
      (o.g):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121629 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3aef57f1
    • zandobersek@gmail.com's avatar
      Unreviewed, rolling out r121605. · 069a2d39
      zandobersek@gmail.com authored
      http://trac.webkit.org/changeset/121605
      https://bugs.webkit.org/show_bug.cgi?id=90336
      
      Changes caused flaky crashes in sputnik/Unicode tests on Apple
      WK1 and GTK Linux builders
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC):
      (JSC::JIT::emitAllocateJSFunction):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_func):
      (JSC::JIT::emitSlow_op_new_func):
      (JSC):
      (JSC::JIT::emit_op_new_func_exp):
      (JSC::JIT::emitSlow_op_new_func_exp):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation):
      * runtime/JSObject.h:
      (JSC::JSObject::isUsingInlineStorage):
      (JSObject):
      (JSC::JSObject::finishCreation):
      (JSC):
      (JSNonFinalObject):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSFinalObject):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSObject::offsetOfInlineStorage):
      (JSC::JSObject::setPropertyStorage):
      (JSC::Structure::isUsingInlineStorage):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::JSObject::transitionTo):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC):
      (JSC::Structure::growPropertyStorageCapacity):
      (JSC::Structure::suggestedNewPropertyStorageSize):
      * runtime/Structure.h:
      (JSC::Structure::shouldGrowPropertyStorage):
      (JSC::Structure::propertyStorageSize):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121627 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      069a2d39
  3. 29 Jun, 2012 2 commits
    • mhahnenberg@apple.com's avatar
      Remove warning about protected values when the Heap is being destroyed · 3100b437
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90302
      
      Reviewed by Geoffrey Garen.
      
      Having to do book-keeping about whether values allocated from a certain
      VM are or are not protected makes the JSC API much more difficult to use
      correctly. Clients should be able to throw an entire VM away and not have
      to worry about unprotecting all of the values that they protected earlier.
      
      * heap/Heap.cpp:
      (JSC::Heap::lastChanceToFinalize):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121607 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3100b437
    • fpizlo@apple.com's avatar
      JSObject wastes too much memory on unused property slots · 9243e79b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90255
      
      Reviewed by Mark Hahnenberg.
              
      This does a few things:
              
      - JSNonFinalObject no longer has inline property storage.
              
      - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
        or 2x the inline storage for JSFinalObject.
              
      - Property storage is only reallocated if it needs to be. Previously, we
        would reallocate the property storage on any transition where the original
        structure said shouldGrowProperyStorage(), but this led to spurious
        reallocations when doing transitionless property adds and there are
        deleted property slots available. That in turn led to crashes, because we
        would switch to out-of-line storage even if the capacity matched the
        criteria for inline storage.
              
      - Inline JSFunction allocation is killed off because we don't have a good
        way of inlining property storage allocation. This didn't hurt performance.
        Killing off code is better than fixing it if that code wasn't doing any
        good.
              
      This looks like a 1% progression on V8.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_func):
      (JSC):
      (JSC::JIT::emit_op_new_func_exp):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation):
      * runtime/JSObject.h:
      (JSC::JSObject::isUsingInlineStorage):
      (JSObject):
      (JSC::JSObject::finishCreation):
      (JSC):
      (JSC::JSNonFinalObject::hasInlineStorage):
      (JSNonFinalObject):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::hasInlineStorage):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSObject::offsetOfInlineStorage):
      (JSC::JSObject::setPropertyStorage):
      (JSC::Structure::inlineStorageCapacity):
      (JSC::Structure::isUsingInlineStorage):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::nextPropertyStorageCapacity):
      (JSC):
      (JSC::Structure::growPropertyStorageCapacity):
      (JSC::Structure::suggestedNewPropertyStorageSize):
      * runtime/Structure.h:
      (JSC::Structure::putWillGrowPropertyStorage):
      (Structure):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121605 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9243e79b
  4. 28 Jun, 2012 4 commits
    • fpizlo@apple.com's avatar
      DFG recompilation heuristics should be based on count, not rate · 48a964b5
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90146
      
      Reviewed by Oliver Hunt.
              
      This removes a bunch of code that was previously trying to prevent spurious
      reoptimizations if a large enough majority of executions of a code block did
      not result in OSR exit. It turns out that this code was purely harmful. This
      patch removes all of that logic and replaces it with a dead-simple
      heuristic: if you exit more than N times (where N is an exponential function
      of the number of times the code block has already been recompiled) then we
      will recompile.
              
      This appears to be a broad ~1% win on many benchmarks large and small.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::osrExitCounter):
      (JSC::CodeBlock::countOSRExit):
      (CodeBlock):
      (JSC::CodeBlock::addressOfOSRExitCounter):
      (JSC::CodeBlock::offsetOfOSRExitCounter):
      (JSC::CodeBlock::adjustedExitCountThreshold):
      (JSC::CodeBlock::exitCountThresholdForReoptimization):
      (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
      (JSC::CodeBlock::shouldReoptimizeNow):
      (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
      * bytecode/ExecutionCounter.cpp:
      (JSC::ExecutionCounter::setThreshold):
      * bytecode/ExecutionCounter.h:
      (ExecutionCounter):
      (JSC::ExecutionCounter::clippedThreshold):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileBody):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
      * dfg/DFGOSRExitCompiler.cpp:
      (JSC::DFG::OSRExitCompiler::handleExitCounts):
      * dfg/DFGOperations.cpp:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121511 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48a964b5
    • commit-queue@webkit.org's avatar
      Adding a commenting utility to record BytecodeGenerator comments · 97ee82b8
      commit-queue@webkit.org authored
      with opcodes that are emitted.  Presently, the comments can only
      be constant strings.  Adding comments for opcodes is optional.
      If a comment is added, the comment will be printed following the
      opcode when CodeBlock::dump() is called.
      
      This utility is disabled by default, and is only meant for VM
      development purposes.  It should not be enabled for product builds.
      
      To enable this utility, set ENABLE_BYTECODE_COMMENTS in CodeBlock.h
      to 1.
      
      https://bugs.webkit.org/show_bug.cgi?id=90095
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-06-28
      Reviewed by Geoffrey Garen.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecodeCommentAndNewLine): Dumps the comment.
      (JSC):
      (JSC::CodeBlock::printUnaryOp): Add comment dumps.
      (JSC::CodeBlock::printBinaryOp): Add comment dumps.
      (JSC::CodeBlock::printConditionalJump): Add comment dumps.
      (JSC::CodeBlock::printCallOp): Add comment dumps.
      (JSC::CodeBlock::printPutByIdOp): Add comment dumps.
      (JSC::CodeBlock::dump): Add comment dumps.
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::commentForBytecodeOffset):
          Finds the comment for an opcode if available.
      (JSC::CodeBlock::dumpBytecodeComments):
          For debugging whether comments are collected.
          It is not being called anywhere.
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::bytecodeComments):
      * bytecode/Comment.h: Added.
      (JSC):
      (Comment):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::emitOpcode): Calls emitComment().
      (JSC):
      (JSC::BytecodeGenerator::emitComment): Adds comment to CodeBlock.
      (JSC::BytecodeGenerator::prependComment):
          Registers a comment for emitComemnt() to use later.
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::emitComment):
      (JSC::BytecodeGenerator::prependComment):
          These are inlined versions of these functions that nullify them
          when ENABLE_BYTECODE_COMMENTS is 0.
      (JSC::BytecodeGenerator::comments):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121480 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      97ee82b8
    • oliver@apple.com's avatar
      32bit DFG incorrectly claims an fpr is fillable even if it has not been proven double · 41383bc5
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90127
      
      Reviewed by Filip Pizlo.
      
      The 32-bit version of fillSpeculateDouble doesn't handle Number->fpr loads
      correctly.  This patch fixes this by killing the fill info in the GenerationInfo
      when the spillFormat doesn't guarantee the value is a double.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121466 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      41383bc5
    • tkent@chromium.org's avatar
      Classify form control states by their owner forms · b53db041
      tkent@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=89950
      
      Reviewed by Hajime Morita.
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      Expose WTF::StringBuilder::canShrink()
      
      Source/WebCore:
      
      To improve robustness of the form state restore feature, we classify
      form control states by their owner forms. Owner forms are identified by
      their action URLs and index numbers in forms with the same action URLs.
      
      Implementation approach:
      Extend FormElementKey class to have "formKey" string, which is a
      combination of the action URL and an index number, or a fixed string for
      no form owner.
      FormKeyGenerator class is responsible to generate the "formKey" strings
      
      Test: fast/forms/state-restore-per-form.html
      
      * html/FormController.cpp:
      (FormKeyGenerator):
      (WebCore::FormKeyGenerator::create): A factory function.
      (WebCore::FormKeyGenerator::FormKeyGenerator): A private constructor.
      (WebCore::createKey):
      A helper for formKey(). This makes strings like "<action URL> #<index>".
      (WebCore::FormKeyGenerator::formKey):
      Returns a formKey for the specified HTMLFormElement*.
      (WebCore::FormKeyGenerator::willDeleteForm):
      Unregister HTMLFormElement*. This function is necessary because form
      restore feature works during parsing and a script might delete form
      elements.
      (WebCore::formStateSignature): Bump the version.
      (WebCore::FormController::formElementsState):
      Records a formKey string for each of control state.
      (WebCore::FormController::setStateForNewFormElements):
      Loads formKeys from stateVector, and uses them for FormElementKey.
      (WebCore::FormController::takeStateForFormElement):
      - Construct and destruct FormKeyGenerator if needed.
      - Passing a formKey for the specified form control to FormElementKey.
      (WebCore::FormController::willDeleteForm):
      Delegate to FormKeyGenerator::willDeleteForm.
      
      (WebCore::FormElementKey::FormElementKey): Add formKey argument and member.
      (WebCore::FormElementKey::operator=): ditto.
      (WebCore::FormElementKey::ref): ditto.
      (WebCore::FormElementKey::deref): ditto.
      * html/FormController.h:
      (FormElementKey): Add formKey argument and member.
      (FormController): Add a FormKeyGenerator member which is used during restoring.
      
      * html/HTMLFormElement.cpp:
      (WebCore::HTMLFormElement::~HTMLFormElement): Notify the death to FormController.
      
      LayoutTests:
      
      * fast/forms/resources/state-restore-per-form-back.html: Added.
      * fast/forms/state-restore-per-form-expected.txt:
      Added. This contains some FAIL lines. They are expected and will
      be fixed in webkit.org/b/89962.
      * fast/forms/state-restore-per-form.html: Added.
      * fast/forms/state-restore-broken-state-expected.txt:
      Updated for the serialization format change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b53db041
  5. 27 Jun, 2012 11 commits
    • msaboff@apple.com's avatar
      [Win] jscore-tests flakey · ff14158b
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88118
      
      Reviewed by Jessie Berlin.
      
      jsDriver.pl on windows intermittently doesn't get the returned value from jsc,
      instead it gets 126.  Added a new option to jsc (-x) which prints the exit
      code before exiting.  jsDriver.pl uses this option on Windows and parses the
      exit code output for the exit code, removing it before comparing the actual
      and expected outputs.  Filed a follow on "FIXME" defect:
      [WIN] Intermittent failure for jsc return value to propagate through jsDriver.pl
      https://bugs.webkit.org/show_bug.cgi?id=90119
      
      * jsc.cpp:
      (CommandLine::CommandLine):
      (CommandLine):
      (printUsageStatement):
      (parseArguments):
      (jscmain):
      * tests/mozilla/jsDriver.pl:
      (execute_tests):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121394 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ff14158b
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r121359. · e12e2f34
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/121359
      https://bugs.webkit.org/show_bug.cgi?id=90115
      
      Broke many inspector tests (Requested by jpfau on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-06-27
      
      Source/JavaScriptCore:
      
      * interpreter/Interpreter.h:
      (JSC::StackFrame::toString):
      
      Source/WebCore:
      
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121393 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e12e2f34
    • fpizlo@apple.com's avatar
      Javascript SHA-512 gives wrong hash on second and subsequent runs unless Web... · c01022e7
      fpizlo@apple.com authored
      Javascript SHA-512 gives wrong hash on second and subsequent runs unless Web Inspector Javascript Debugging is on
      https://bugs.webkit.org/show_bug.cgi?id=90053
      <rdar://problem/11764613>
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      The problem is that the code was assuming that the recovery should be Undefined if the source of
      the SetLocal was !shouldGenerate(). But that's wrong, since the DFG optimizer may skip around a
      UInt32ToNumber node (hence making it !shouldGenerate()) and keep the source of that node alive.
      In that case we should base the recovery on the source of the UInt32ToNumber. The logic for this
      was already in place but the fast check for !shouldGenerate() broke it.
      
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
      
      * fast/js/dfg-uint32-to-number-skip-then-exit-expected.txt: Added.
      * fast/js/dfg-uint32-to-number-skip-then-exit.html: Added.
      * fast/js/script-tests/dfg-uint32-to-number-skip-then-exit.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121391 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c01022e7
    • fpizlo@apple.com's avatar
      DFG disassembly should be easier to read · 12c18391
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90106
      
      Reviewed by Mark Hahnenberg.
              
      Did a few things:
              
      - Options::showDFGDisassembly now shows OSR exit disassembly as well.
              
      - Phi node dumping doesn't attempt to do line wrapping since it just made the dump harder
        to read.
              
      - DFG graph disassembly view shows a few additional node types that turn out to be
        essential for understanding OSR exits.
              
      Put together, these changes reinforce the philosophy that anything needed for computing
      OSR exit is just as important as the machine code itself. Of course, we still don't take
      that philosophy to its full extreme - for example Phantom nodes are not dumped. We may
      revisit that in the future.
      
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      * assembler/LinkBuffer.h:
      (JSC):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dump):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dumpBlockHeader):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::willHaveCodeGenOrOSR):
      * dfg/DFGOSRExitCompiler.cpp:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121382 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      12c18391
    • mhahnenberg@apple.com's avatar
      JSLock should be per-JSGlobalData · e16f8096
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89123
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * API/APIShims.h:
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
      determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
      HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
      JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
      its destruction has begun. 
      (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
      Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
      and before we've released it, which can only done in APIEntryShim.
      (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
      * API/JSContextRef.cpp:
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRelease):
      (JSContextCreateBacktrace):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      * heap/Heap.cpp:
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::collect):
      (JSC::Heap::setActivityCallback):
      (JSC::Heap::activityCallback):
      (JSC::Heap::sweeper):
      * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
      are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
      and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
      prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
      (Heap):
      * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
      (JSC::HeapTimer::~HeapTimer):
      (JSC::HeapTimer::invalidate):
      (JSC):
      (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
      that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
      HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
      (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
      out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
      but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
      we were interrupted between releasing our mutex and trying to grab the APILock.
      * heap/HeapTimer.h:
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
      all of that for us. 
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::reap):
      * jsc.cpp:
      (functionGC):
      (functionReleaseExecutableMemory):
      (jscmain):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/GCActivityCallback.h:
      (DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::create):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
      that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
      it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
      APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
      (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
      (JSC::JSGlobalData::sharedInstanceInternal):
      * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
      de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
      (JSGlobalData):
      (JSC::JSGlobalData::apiLock):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::init):
      * runtime/JSLock.cpp:
      (JSC):
      (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
      (JSC::GlobalJSLock::~GlobalJSLock):
      (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
      it can successfully unlock it later without it disappearing from underneath it.
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::~JSLock):
      (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
      actually waiting for long periods. 
      (JSC::JSLock::unlock):
      (JSC::JSLock::currentThreadIsHoldingLock):
      (JSC::JSLock::dropAllLocks):
      (JSC::JSLock::dropAllLocksUnconditionally):
      (JSC::JSLock::grabAllLocks):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (GlobalJSLock):
      (JSLockHolder):
      (JSLock):
      (DropAllLocks):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::set):
      * testRegExp.cpp:
      (realMain):
      
      Source/WebCore: 
      
      No new tests. Current regression tests are sufficient.
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomVoidCallback.cpp:
      (WebCore::JSCustomVoidCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::inspectedObject):
      * bindings/js/JSInjectedScriptManager.cpp:
      (WebCore::InjectedScriptManager::createInjectedScript):
      (WebCore::InjectedScriptManager::canAccessInspectedWindow):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMainThreadExecState.h:
      (WebCore::JSMainThreadExecState::evaluate):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::evaluate):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::windowScriptNPObject):
      (WebCore::ScriptController::jsObjectForPluginElement):
      (WebCore::ScriptController::clearScriptObjects):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptCallArgumentHandler::appendArgument):
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptFunctionCall::construct):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::set):
      (WebCore::ScriptGlobalObject::get):
      (WebCore::ScriptGlobalObject::remove):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::getString):
      (WebCore::ScriptValue::toInspectorValue):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/objc/WebScriptObject.mm:
      (_didExecute):
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject valueForKey:]):
      (-[WebScriptObject removeWebScriptKey:]):
      (-[WebScriptObject hasWebScriptKey:]):
      (-[WebScriptObject stringRepresentation]):
      (-[WebScriptObject webScriptValueAtIndex:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateCallbackImplementation):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bridge/NP_jsobject.cpp:
      (_NPN_InvokeDefault):
      (_NPN_Invoke):
      (_NPN_Evaluate):
      (_NPN_GetProperty):
      (_NPN_SetProperty):
      (_NPN_RemoveProperty):
      (_NPN_HasProperty):
      (_NPN_HasMethod):
      (_NPN_Enumerate):
      (_NPN_Construct):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::~CClass):
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
      (JSC::Bindings::CInstance::invokeMethod):
      (JSC::Bindings::CInstance::invokeDefaultMethod):
      (JSC::Bindings::CInstance::invokeConstruct):
      (JSC::Bindings::CInstance::getPropertyNames):
      * bridge/c/c_runtime.cpp:
      (JSC::Bindings::CField::valueFromInstance):
      (JSC::Bindings::CField::setValueToInstance):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      (JSC::Bindings::convertNPVariantToValue):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::call):
      (JavaJSObject::eval):
      (JavaJSObject::getMember):
      (JavaJSObject::setMember):
      (JavaJSObject::removeMember):
      (JavaJSObject::getSlot):
      (JavaJSObject::setSlot):
      (JavaJSObject::toString):
      (JavaJSObject::convertValueToJObject):
      (JavaJSObject::convertJObjectToValue):
      * bridge/jni/jni_objc.mm:
      (JSC::Bindings::dispatchJNICall):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::JavaClass):
      (JavaClass::~JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaInstance::stringValue):
      * bridge/jni/jsc/JavaMethodJSC.cpp:
      (appendClassName):
      (JavaMethod::signature):
      * bridge/jni/jsc/JavaStringJSC.h:
      (JSC::Bindings::JavaString::JavaString):
      (JSC::Bindings::JavaString::~JavaString):
      (JSC::Bindings::JavaString::utf8):
      (JSC::Bindings::JavaString::init):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      (JSC::Bindings::Instance::newRuntimeObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::moveGlobalExceptionToExecState):
      (ObjcInstance::invokeObjcMethod):
      (ObjcInstance::invokeDefaultMethod):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcField::valueFromInstance):
      (JSC::Bindings::ObjcField::setValueToInstance):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertValueToObjcValue):
      (JSC::Bindings::convertNSStringToString):
      (JSC::Bindings::convertObjcValueToValue):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      (JSC::Bindings::QtInstance::newRuntimeObject):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::QtPixmapInstance::createPixmapRuntimeObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/qt/qt_runtime_qt4.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::gcProtect):
      (JSC::Bindings::RootObject::gcUnprotect):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      (WebCoreTestSupport::resetInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      Source/WebKit/blackberry: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::computedStyleIncludingVisitedInfo):
      
      Source/WebKit/efl: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/gtk: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      Source/WebKit/mac: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * DOM/WebDOMOperations.mm:
      (JSC):
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::invoke):
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      (WebKit::NetscapePluginInstanceProxy::construct):
      (WebKit::NetscapePluginInstanceProxy::getProperty):
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      (WebKit::NetscapePluginInstanceProxy::hasMethod):
      (WebKit::NetscapePluginInstanceProxy::enumerate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebView.mm:
      (+[WebView _reportException:inContext:]):
      (-[WebView aeDescByEvaluatingJavaScriptFromString:]):
      (-[WebView _computedStyleIncludingVisitedInfo:forElement:]):
      
      Source/WebKit/qt: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * Api/qwebframe.cpp:
      (QWebFramePrivate::addQtSenderToGlobalObject):
      (QWebFrame::addToJavaScriptWindowObject):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::injectInternalsObject):
      (DumpRenderTreeSupportQt::resetInternalsObject):
      
      Source/WebKit/win: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      (WebView::reportException):
      (WebView::elementFromJS):
      
      Source/WebKit2: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      (WebKit::InjectedBundle::reportException):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::hasMethod):
      (WebKit::NPJSObject::invoke):
      (WebKit::NPJSObject::invokeDefault):
      (WebKit::NPJSObject::hasProperty):
      (WebKit::NPJSObject::getProperty):
      (WebKit::NPJSObject::setProperty):
      (WebKit::NPJSObject::removeProperty):
      (WebKit::NPJSObject::enumerate):
      (WebKit::NPJSObject::construct):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      * WebProcess/WebPage/WebFrame.cpp:
      (WebKit::WebFrame::jsWrapperForWorld):
      (WebKit::WebFrame::computedStyleIncludingVisitedInfo):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121381 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e16f8096
    • fpizlo@apple.com's avatar
      x86 disassembler confuses immediates with addresses · 4a4978bd
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90099
      
      Reviewed by Mark Hahnenberg.
              
      Prepend "$" to immediates to disambiguate between immediates and addresses. This is in
      accordance with the gas and AT&T syntax.
      
      * disassembler/udis86/udis86_syn-att.c:
      (gen_operand):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4a4978bd
    • fpizlo@apple.com's avatar
      Add a comment clarifying Options::showDisassembly versus Options::showDFGDisassembly. · a8de6ba0
      fpizlo@apple.com authored
      Rubber stamped by Mark Hahnenberg.
      
      * runtime/Options.cpp:
      (JSC::Options::initializeOptions):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121372 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a8de6ba0
    • commit-queue@webkit.org's avatar
      Web Inspector [JSC]: Implement ScriptCallStack::stackTrace · 50c978a0
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=40118
      
      Patch by Anthony Scian <ascian@rim.com> on 2012-06-27
      Reviewed by Yong Li.
      
      Source/JavaScriptCore:
      
      Added member functions to expose function name, urlString, and line #.
      Refactored toString to make use of these member functions to reduce
      duplicated code for future maintenance.
      
      Manually tested refactoring of toString by tracing thrown exceptions.
      
      * interpreter/Interpreter.h:
      (StackFrame):
      (JSC::StackFrame::toString):
      (JSC::StackFrame::friendlySourceURL):
      (JSC::StackFrame::friendlyFunctionName):
      (JSC::StackFrame::friendlyLineNumber):
      
      Source/WebCore:
      
      Implemented stub for createScriptCallStack to call into
      Interpreter and extract the current stack frames, iterate
      through the frames and create the return result required.
      
      No new tests, manually tested thrown exception and inspector
      tracebacks.
      
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121359 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      50c978a0
    • vestbo@webkit.org's avatar
      [Qt] Remove redundant c++11 warning suppression code · 36e47dae
      vestbo@webkit.org authored
      This is already handled in default_post.
      
      Patch by Oswald Buddenhagen <oswald.buddenhagen@nokia.com> on 2012-06-27
      Reviewed by Tor Arne Vestbø.
      
      * Target.pri:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121338 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      36e47dae
    • vestbo@webkit.org's avatar
      [Qt] Add missing heades to HEADERS · caf4d2f1
      vestbo@webkit.org authored
      For JavaScriptCore there aren't any Qt specific files, so we include all
      headers for easy editing in Qt Creator.
      
      Reviewed by Simon Hausmann.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121336 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      caf4d2f1
    • dominicc@chromium.org's avatar
      [Chromium] Remove unused build scripts and empty folders for JavaScriptCore w/ gyp · 5940f727
      dominicc@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=90029
      
      Source/JavaScriptCore: 
      
      Reviewed by Adam Barth.
      
      * gyp: Removed.
      * gyp/generate-derived-sources.sh: Removed.
      * gyp/generate-dtrace-header.sh: Removed.
      * gyp/run-if-exists.sh: Removed.
      * gyp/update-info-plist.sh: Removed.
      
      Source/WebCore: 
      
      * gyp: Removed empty dir.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121334 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5940f727
  6. 26 Jun, 2012 5 commits
    • ggaren@apple.com's avatar
      Reduced (but did not eliminate) use of "berzerker GC" · 6b348075
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89237
      
      Reviewed by Gavin Barraclough.
      
      (PART 2)
      
      ../JavaScriptCore: 
      
      This part turns off "berzerker GC" and turns on incremental shrinking.
      
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doSweep): Free or shrink after sweeping to
      maintain the behavior we used to get from the occasional berzerker GC,
      which would run all finalizers and then free or shrink all blocks
      synchronously.
      
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::needsSweeping): Sweep zapped blocks, too. It's always
      safe to sweep a zapped block (that's the point of zapping), and it's
      sometimes profitable. For example, consider this case: Block A does some
      allocation (transitioning Block A from Marked to FreeListed), then GC
      happens (transitioning Block A to Zapped), then all objects in Block A
      are free, then the incremental sweeper visits Block A. If we skipped
      Zapped blocks, we'd skip Block A, even though it would be profitable to
      run its destructors and free its memory.
      
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::doWork): Don't sweep eagerly; we'll do
      this incrementally.
      
      ../WebCore: 
      
      Don't ASSERT that RootObject's destructor runs and invalidates all
      RuntimeObjects before their destructors run.
      
      We don't guarantee this behavior because some RuntimeObjects may already
      be garbage by the time RootObject's destructor runs, in which case
      RootObject's weak pointers will be NULL, and RootObject will not call
      invalidate() on them.
      
      It's been theoretically possible for this ASSERT to fire for a while now.
      This patch makes it fire all the time.
      
      Luckily, we only needed the behavior guarded by this ASSERT for WebKit1
      in Safari on Windows (cf. https://bugs.webkit.org/show_bug.cgi?id=61317),
      to handle the way WebKit1 would unload plugin DLLs. If this ever becomes
      an issue again, we can fix it by (a) not unloading plugin DLLs,
      (b) migrating WebKit1 to the WebKit2 JS-plugin binding model, (c) making
      the Instance pointer in a RuntimeObject an indirect pointer through
      RootObject, or (c) giving RuntimeObject some sort of special way to
      access a zombie weak pointer.
      
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::destroy): ASSERT removed. Anders said so.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121316 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6b348075
    • fpizlo@apple.com's avatar
      DFG PutByValAlias is too aggressive · 580d9d77
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90026
      <rdar://problem/11751830>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      For CSE on normal arrays, we now treat PutByVal as impure. This does not appear to affect
      performance by much.
              
      For CSE on typed arrays, we fix PutByValAlias by making GetByVal speculate that the access
      is within bounds. This also has the effect of making our out-of-bounds handling consistent
      with WebCore.
      
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      
      LayoutTests: 
      
      Reviewed by Gavin Barraclough.
      
      * fast/js/dfg-put-by-val-setter-then-get-by-val-expected.txt: Added.
      * fast/js/dfg-put-by-val-setter-then-get-by-val.html: Added.
      * fast/js/dfg-uint8clampedarray-out-of-bounds-put-by-val-alias-expected.txt: Added.
      * fast/js/dfg-uint8clampedarray-out-of-bounds-put-by-val-alias.html: Added.
      * fast/js/script-tests/dfg-put-by-val-setter-then-get-by-val.js: Added.
      (foo):
      (for):
      * fast/js/script-tests/dfg-uint8clampedarray-out-of-bounds-put-by-val-alias.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121307 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      580d9d77
    • commit-queue@webkit.org's avatar
      [BlackBerry] Add JSC statistics into about:memory · 63a25eb0
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=89779
      
      Patch by Yong Li <yoli@rim.com> on 2012-06-26
      Reviewed by Rob Buis.
      
      Fix non-JIT build on BlackBerry broken by r121196.
      
      * runtime/MemoryStatistics.cpp:
      (JSC::globalMemoryStatistics):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121282 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      63a25eb0
    • fpizlo@apple.com's avatar
      DFG::operationNewArray is unnecessarily slow, and may use the wrong array · 6c89cd3f
      fpizlo@apple.com authored
      prototype when inlined
      https://bugs.webkit.org/show_bug.cgi?id=89821
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Fixes all array allocations to use the right structure, and hence the right prototype. Adds
      inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
      empty arrays.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/JSArray.h:
      (JSC):
      (JSC::constructArray):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSC::constructArray):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
      
      * fast/js/dfg-cross-global-object-inline-new-array-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-elements-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-elements.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-size-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-size.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array.html: Added.
      * fast/js/script-tests/cross-global-object-inline-global-var.js:
      (done):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal-with-variables.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-elements.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-size.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array.js: Added.
      (foo):
      (done):
      (doit):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6c89cd3f
    • fpizlo@apple.com's avatar
      New fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit.html fails on 32 bit · 0b6ad507
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89953
      
      Reviewed by Zoltan Herczeg.
      
      DFG 32-bit JIT was confused about the difference between a predicted type and a
      proven type. This is easy to get confused about, since a local that is predicted int32
      almost always means that the local must be an int32 since speculations are hoisted to
      stores to locals. But that is less likely to be the case for arguments, where there is
      an additional least-upper-bounding step: any store to an argument with a weird type
      may force the argument to be any type.
      
      This patch basically duplicates the functionality in DFGSpeculativeJIT64.cpp for
      GetLocal: the decision of whether to load a local as an int32 (or as an array, or as
      a boolean) is made based on the AbstractValue::m_type, which is a type proof, rather
      than the VariableAccessData::prediction(), which is a predicted type.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0b6ad507
  7. 25 Jun, 2012 3 commits
    • fpizlo@apple.com's avatar
      JSC should try to make profiling deterministic because otherwise reproducing failures is · 41a1f0ea
      fpizlo@apple.com authored
      nearly impossible
      https://bugs.webkit.org/show_bug.cgi?id=89940
      
      Rubber stamped by Gavin Barraclough.
              
      This rolls out the part of http://trac.webkit.org/changeset/121215 that introduced randomness
      into the system. Now, instead of randomizing the tier-up threshold, we always set it to an
      artificially low (and statically predetermined!) value. This gives most of the benefit of
      threshold randomization without actually making the system behave completely differently on
      each invocation.
      
      * bytecode/ExecutionCounter.cpp:
      (JSC::ExecutionCounter::setThreshold):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121218 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      41a1f0ea
    • fpizlo@apple.com's avatar
      Value profiling should use tier-up threshold randomization to get more coverage · 3745dbcf
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89802
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      This patch causes both LLInt and Baseline JIT code to take the OSR slow path several
      times before actually doing OSR. If we take the OSR slow path before the execution
      count threshold is reached, then we just call CodeBlock::updateAllPredictions() to
      compute the current latest least-upper-bound SpecType of all values seen in each
      ValueProfile.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC):
      (JSC::CodeBlock::updateAllPredictions):
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::llintExecuteCounter):
      (JSC::CodeBlock::jitExecuteCounter):
      (CodeBlock):
      (JSC::CodeBlock::updateAllPredictions):
      * bytecode/ExecutionCounter.cpp:
      (JSC::ExecutionCounter::setThreshold):
      (JSC::ExecutionCounter::status):
      (JSC):
      * bytecode/ExecutionCounter.h:
      (JSC::ExecutionCounter::count):
      (ExecutionCounter):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::weakRandomInteger):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/WeakRandom.h:
      (WeakRandom):
      (JSC::WeakRandom::seedUnsafe):
      
      LayoutTests: 
      
      Reviewed by Gavin Barraclough.
              
      * fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit-expected.txt: Added.
      * fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit.html: Added.
      * fast/js/script-tests/dfg-store-unexpected-value-into-argument-and-osr-exit.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121215 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3745dbcf
    • commit-queue@webkit.org's avatar
      [BlackBerry] Add JSC statistics into about:memory · d379091d
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=89779
      
      Patch by Yong Li <yoli@rim.com> on 2012-06-25
      Reviewed by Rob Buis.
      
      Source/JavaScriptCore:
      
      Add MemoryStatistics.cpp into build, and fill JITBytes for BlackBerry port.
      
      * PlatformBlackBerry.cmake:
      * runtime/MemoryStatistics.cpp:
      (JSC::globalMemoryStatistics):
      
      Source/WebKit/blackberry:
      
      Add detailed JS memory statistics to about:memory page.
      
      * WebCoreSupport/AboutData.cpp:
      (WebCore::dumpJSCTypeCountSetToTableHTML):
      (WebCore):
      (WebCore::memoryPage):
      
      Source/WTF:
      
      Turn on WTF_USE_EXPORT_MACROS for BlackBerry port.
      This will make macros like JS_EXPORT_PRIVATE work without
      extra porting.
      
      * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121196 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d379091d
  8. 23 Jun, 2012 1 commit
    • zandobersek@gmail.com's avatar
      Unreviewed, rolling out r121058. · a6460e15
      zandobersek@gmail.com authored
      http://trac.webkit.org/changeset/121058
      https://bugs.webkit.org/show_bug.cgi?id=89809
      
      Patch causes plugins tests to crash in GTK debug builds
      (Requested by zdobersek on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-06-23
      
      Source/JavaScriptCore: 
      
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APICallbackShim::~APICallbackShim):
      * API/JSContextRef.cpp:
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRelease):
      (JSContextCreateBacktrace):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      * heap/Heap.cpp:
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::collect):
      (JSC::Heap::setActivityCallback):
      (JSC::Heap::activityCallback):
      (JSC::Heap::sweeper):
      * heap/Heap.h:
      (Heap):
      * heap/HeapTimer.cpp:
      (JSC::HeapTimer::~HeapTimer):
      (JSC::HeapTimer::invalidate):
      (JSC::HeapTimer::timerDidFire):
      (JSC):
      * heap/HeapTimer.h:
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doWork):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::reap):
      * jsc.cpp:
      (functionGC):
      (functionReleaseExecutableMemory):
      (jscmain):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/GCActivityCallback.h:
      (DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::create):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      (JSC::JSGlobalData::sharedInstance):
      (JSC::JSGlobalData::sharedInstanceInternal):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::init):
      * runtime/JSLock.cpp:
      (JSC):
      (JSC::createJSLockCount):
      (JSC::JSLock::lockCount):
      (JSC::setLockCount):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::lock):
      (JSC::JSLock::unlock):
      (JSC::JSLock::currentThreadIsHoldingLock):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (JSLock):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::~JSLock):
      (DropAllLocks):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::set):
      * testRegExp.cpp:
      (realMain):
      
      Source/WebCore: 
      
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomVoidCallback.cpp:
      (WebCore::JSCustomVoidCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::inspectedObject):
      * bindings/js/JSInjectedScriptManager.cpp:
      (WebCore::InjectedScriptManager::createInjectedScript):
      (WebCore::InjectedScriptManager::canAccessInspectedWindow):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMainThreadExecState.h:
      (WebCore::JSMainThreadExecState::evaluate):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::evaluate):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::windowScriptNPObject):
      (WebCore::ScriptController::jsObjectForPluginElement):
      (WebCore::ScriptController::clearScriptObjects):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptCallArgumentHandler::appendArgument):
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptFunctionCall::construct):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::set):
      (WebCore::ScriptGlobalObject::get):
      (WebCore::ScriptGlobalObject::remove):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::getString):
      (WebCore::ScriptValue::toInspectorValue):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/objc/WebScriptObject.mm:
      (_didExecute):
      (-[WebScriptObject _setImp:originRootObject:rootObject:]):
      (-[WebScriptObject _setOriginRootObject:andRootObject:]):
      (-[WebScriptObject dealloc]):
      (-[WebScriptObject finalize]):
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject valueForKey:]):
      (-[WebScriptObject removeWebScriptKey:]):
      (-[WebScriptObject hasWebScriptKey:]):
      (-[WebScriptObject stringRepresentation]):
      (-[WebScriptObject webScriptValueAtIndex:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateCallbackImplementation):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bridge/NP_jsobject.cpp:
      (_NPN_InvokeDefault):
      (_NPN_Invoke):
      (_NPN_Evaluate):
      (_NPN_GetProperty):
      (_NPN_SetProperty):
      (_NPN_RemoveProperty):
      (_NPN_HasProperty):
      (_NPN_HasMethod):
      (_NPN_Enumerate):
      (_NPN_Construct):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::~CClass):
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
      (JSC::Bindings::CInstance::invokeMethod):
      (JSC::Bindings::CInstance::invokeDefaultMethod):
      (JSC::Bindings::CInstance::invokeConstruct):
      (JSC::Bindings::CInstance::getPropertyNames):
      * bridge/c/c_runtime.cpp:
      (JSC::Bindings::CField::valueFromInstance):
      (JSC::Bindings::CField::setValueToInstance):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      (JSC::Bindings::convertNPVariantToValue):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::call):
      (JavaJSObject::eval):
      (JavaJSObject::getMember):
      (JavaJSObject::setMember):
      (JavaJSObject::removeMember):
      (JavaJSObject::getSlot):
      (JavaJSObject::setSlot):
      (JavaJSObject::toString):
      (JavaJSObject::convertValueToJObject):
      (JavaJSObject::convertJObjectToValue):
      * bridge/jni/jni_objc.mm:
      (JSC::Bindings::dispatchJNICall):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::JavaClass):
      (JavaClass::~JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaInstance::stringValue):
      * bridge/jni/jsc/JavaMethodJSC.cpp:
      (appendClassName):
      (JavaMethod::signature):
      * bridge/jni/jsc/JavaStringJSC.h:
      (JSC::Bindings::JavaString::JavaString):
      (JSC::Bindings::JavaString::~JavaString):
      (JSC::Bindings::JavaString::utf8):
      (JSC::Bindings::JavaString::init):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      (JSC::Bindings::Instance::newRuntimeObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::moveGlobalExceptionToExecState):
      (ObjcInstance::invokeObjcMethod):
      (ObjcInstance::invokeDefaultMethod):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcField::valueFromInstance):
      (JSC::Bindings::ObjcField::setValueToInstance):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertValueToObjcValue):
      (JSC::Bindings::convertNSStringToString):
      (JSC::Bindings::convertObjcValueToValue):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      (JSC::Bindings::QtInstance::newRuntimeObject):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::QtPixmapInstance::createPixmapRuntimeObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/qt/qt_runtime_qt4.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      (WebCoreTestSupport::resetInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      Source/WebKit/blackberry: 
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::computedStyleIncludingVisitedInfo):
      
      Source/WebKit/efl: 
      
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/gtk: 
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      Source/WebKit/mac: 
      
      * DOM/WebDOMOperations.mm:
      (JSC):
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::invoke):
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      (WebKit::NetscapePluginInstanceProxy::construct):
      (WebKit::NetscapePluginInstanceProxy::getProperty):
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      (WebKit::NetscapePluginInstanceProxy::hasMethod):
      (WebKit::NetscapePluginInstanceProxy::enumerate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebView.mm:
      (+[WebView _reportException:inContext:]):
      (-[WebView aeDescByEvaluatingJavaScriptFromString:]):
      (-[WebView _computedStyleIncludingVisitedInfo:forElement:]):
      
      Source/WebKit/qt: 
      
      * Api/qwebframe.cpp:
      (QWebFramePrivate::addQtSenderToGlobalObject):
      (QWebFrame::addToJavaScriptWindowObject):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::injectInternalsObject):
      (DumpRenderTreeSupportQt::resetInternalsObject):
      
      Source/WebKit/win: 
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      (WebView::reportException):
      (WebView::elementFromJS):
      
      Source/WebKit2: 
      
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      (WebKit::InjectedBundle::reportException):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::hasMethod):
      (WebKit::NPJSObject::invoke):
      (WebKit::NPJSObject::invokeDefault):
      (WebKit::NPJSObject::hasProperty):
      (WebKit::NPJSObject::getProperty):
      (WebKit::NPJSObject::setProperty):
      (WebKit::NPJSObject::removeProperty):
      (WebKit::NPJSObject::enumerate):
      (WebKit::NPJSObject::construct):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      * WebProcess/WebPage/WebFrame.cpp:
      (WebKit::WebFrame::jsWrapperForWorld):
      (WebKit::WebFrame::computedStyleIncludingVisitedInfo):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121098 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a6460e15
  9. 22 Jun, 2012 4 commits
    • achicu@adobe.com's avatar
      [CSS Shaders] Re-enable the CSS Shaders compile time flag on Safari Mac · cead7611
      achicu@adobe.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89781
      
      Reviewed by Dean Jackson.
      
      Source/JavaScriptCore:
      
      Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore:
      
      Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
      
      No new tests, just re-enabled existing tests.
      
      * css/CSSValueKeywords.in: Added empty line to force a rebuild of the file on the EWS.
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit/mac:
      
      Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Tools:
      
      Added CSS Shaders as enabled by default on Safari for Mac.
      
      * Scripts/webkitperl/FeatureList.pm:
      
      LayoutTests:
      
      Renabled CSS Shaders tests on Safari for Mac.
      
      * platform/mac/Skipped:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121083 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cead7611
    • fpizlo@apple.com's avatar
      DFG tier-up should happen in prologues, not epilogues · 16e2cbf7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89752
      
      Reviewed by Geoffrey Garen.
      
      This change has two outcomes:
              
      1) Slightly reduces the likelihood that a function will be optimized both
      standalone and via inlining.  Previously, if you had a call sequence like foo() 
      calls bar() exactly once, and nobody else calls bar(), then bar() would get
      optimized first (because it returns first) and then foo() gets optimized.  If foo()
      can inline bar() then that means that bar() gets optimized twice.  But now, if we
      optimize in prologues, then foo() will be optimized first.  If it inlines bar(),
      that means that there will no longer be any calls to bar().
              
      2) It lets us kill some code in JITStubs.  Epilogue tier-up was very different from
      loop tier-up, since epilogue tier-up should not attempt OSR.  But prologue tier-up
      requires OSR (albeit really easy OSR since it's the top of the compilation unit),
      so it becomes just like loop tier-up.  As a result, we now have one optimization
      hook (cti_optimize) instead of two (cti_optimize_from_loop and
      cti_optimize_from_ret).
              
      As a consequence of not having an optimization check in epilogues, the OSR exit
      code must now trigger reoptimization itself instead of just signaling the epilogue
      check to fire.
              
      This also adds the ability to count the number of DFG compilations, which was
      useful for debugging this patch and might be useful for other things in the future.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::reoptimize):
      (JSC):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGDriver.cpp:
      (DFG):
      (JSC::DFG::getNumCompilations):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (DFG):
      * dfg/DFGOSRExitCompiler.cpp:
      (JSC::DFG::OSRExitCompiler::handleExitCounts):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      * jit/JIT.h:
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      (JSC::JIT::emit_op_enter):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_enter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121073 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      16e2cbf7
    • mhahnenberg@apple.com's avatar
      JSLock should be per-JSGlobalData · 6d9f86d9
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89123
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * API/APIShims.h:
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
      determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
      HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
      JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
      its destruction has begun. 
      (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock): Now derefs if it also refed.
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
      Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
      and before we've released it, which can only done in APIEntryShim.
      (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
      * API/JSContextRef.cpp:
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRelease):
      (JSContextCreateBacktrace):
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      * heap/Heap.cpp:
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::collect):
      (JSC::Heap::setActivityCallback):
      (JSC::Heap::activityCallback):
      (JSC::Heap::sweeper):
      * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
      are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
      and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
      prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
      (Heap):
      * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
      (JSC::HeapTimer::~HeapTimer):
      (JSC::HeapTimer::invalidate):
      (JSC):
      (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
      that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
      HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
      (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
      out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
      but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
      we were interrupted between releasing our mutex and trying to grab the APILock.
      * heap/HeapTimer.h: 
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
      all of that for us. 
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::reap):
      * jsc.cpp:
      (functionGC):
      (functionReleaseExecutableMemory):
      (jscmain):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/GCActivityCallback.h:
      (DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::create):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
      that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
      it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
      APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
      (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
      (JSC::JSGlobalData::sharedInstanceInternal):
      * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
      de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
      (JSGlobalData):
      (JSC::JSGlobalData::apiLock):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::init):
      * runtime/JSLock.cpp:
      (JSC):
      (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
      (JSC::GlobalJSLock::~GlobalJSLock):
      (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
      it can successfully unlock it later without it disappearing from underneath it.
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::~JSLock):
      (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
      actually waiting for long periods. 
      (JSC::JSLock::unlock):
      (JSC::JSLock::currentThreadIsHoldingLock): 
      (JSC::JSLock::dropAllLocks):
      (JSC::JSLock::dropAllLocksUnconditionally):
      (JSC::JSLock::grabAllLocks):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (GlobalJSLock):
      (JSLockHolder):
      (JSLock):
      (DropAllLocks):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::set):
      * testRegExp.cpp:
      (realMain):
      
      Source/WebCore: 
      
      No new tests. Current regression tests are sufficient.
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomVoidCallback.cpp:
      (WebCore::JSCustomVoidCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::inspectedObject):
      * bindings/js/JSInjectedScriptManager.cpp:
      (WebCore::InjectedScriptManager::createInjectedScript):
      (WebCore::InjectedScriptManager::canAccessInspectedWindow):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMainThreadExecState.h:
      (WebCore::JSMainThreadExecState::evaluate):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::evaluate):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::windowScriptNPObject):
      (WebCore::ScriptController::jsObjectForPluginElement):
      (WebCore::ScriptController::clearScriptObjects):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptCallArgumentHandler::appendArgument):
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptFunctionCall::construct):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::set):
      (WebCore::ScriptGlobalObject::get):
      (WebCore::ScriptGlobalObject::remove):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::getString):
      (WebCore::ScriptValue::toInspectorValue):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/objc/WebScriptObject.mm:
      (_didExecute):
      (-[WebScriptObject _setImp:originRootObject:rootObject:]):
      (-[WebScriptObject _setOriginRootObject:andRootObject:]):
      (-[WebScriptObject dealloc]):
      (-[WebScriptObject finalize]):
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject valueForKey:]):
      (-[WebScriptObject removeWebScriptKey:]):
      (-[WebScriptObject hasWebScriptKey:]):
      (-[WebScriptObject stringRepresentation]):
      (-[WebScriptObject webScriptValueAtIndex:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateCallbackImplementation):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bridge/NP_jsobject.cpp:
      (_NPN_InvokeDefault):
      (_NPN_Invoke):
      (_NPN_Evaluate):
      (_NPN_GetProperty):
      (_NPN_SetProperty):
      (_NPN_RemoveProperty):
      (_NPN_HasProperty):
      (_NPN_HasMethod):
      (_NPN_Enumerate):
      (_NPN_Construct):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::~CClass):
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
      (JSC::Bindings::CInstance::invokeMethod):
      (JSC::Bindings::CInstance::invokeDefaultMethod):
      (JSC::Bindings::CInstance::invokeConstruct):
      (JSC::Bindings::CInstance::getPropertyNames):
      * bridge/c/c_runtime.cpp:
      (JSC::Bindings::CField::valueFromInstance):
      (JSC::Bindings::CField::setValueToInstance):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      (JSC::Bindings::convertNPVariantToValue):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::call):
      (JavaJSObject::eval):
      (JavaJSObject::getMember):
      (JavaJSObject::setMember):
      (JavaJSObject::removeMember):
      (JavaJSObject::getSlot):
      (JavaJSObject::setSlot):
      (JavaJSObject::toString):
      (JavaJSObject::convertValueToJObject):
      (JavaJSObject::convertJObjectToValue):
      * bridge/jni/jni_objc.mm:
      (JSC::Bindings::dispatchJNICall):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::JavaClass):
      (JavaClass::~JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaInstance::stringValue):
      * bridge/jni/jsc/JavaMethodJSC.cpp:
      (appendClassName):
      (JavaMethod::signature):
      * bridge/jni/jsc/JavaStringJSC.h:
      (JSC::Bindings::JavaString::JavaString):
      (JSC::Bindings::JavaString::~JavaString):
      (JSC::Bindings::JavaString::utf8):
      (JSC::Bindings::JavaString::init):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      (JSC::Bindings::Instance::newRuntimeObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::moveGlobalExceptionToExecState):
      (ObjcInstance::invokeObjcMethod):
      (ObjcInstance::invokeDefaultMethod):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcField::valueFromInstance):
      (JSC::Bindings::ObjcField::setValueToInstance):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertValueToObjcValue):
      (JSC::Bindings::convertNSStringToString):
      (JSC::Bindings::convertObjcValueToValue):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      (JSC::Bindings::QtInstance::newRuntimeObject):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::QtPixmapInstance::createPixmapRuntimeObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/qt/qt_runtime_qt4.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      (WebCoreTestSupport::resetInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      Source/WebKit/blackberry: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::computedStyleIncludingVisitedInfo):
      
      Source/WebKit/efl: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/gtk: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      Source/WebKit/mac: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * DOM/WebDOMOperations.mm:
      (JSC):
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::invoke):
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      (WebKit::NetscapePluginInstanceProxy::construct):
      (WebKit::NetscapePluginInstanceProxy::getProperty):
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      (WebKit::NetscapePluginInstanceProxy::hasMethod):
      (WebKit::NetscapePluginInstanceProxy::enumerate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebView.mm:
      (+[WebView _reportException:inContext:]):
      (-[WebView aeDescByEvaluatingJavaScriptFromString:]):
      (-[WebView _computedStyleIncludingVisitedInfo:forElement:]):
      
      Source/WebKit/qt: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * Api/qwebframe.cpp:
      (QWebFramePrivate::addQtSenderToGlobalObject):
      (QWebFrame::addToJavaScriptWindowObject):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::injectInternalsObject):
      (DumpRenderTreeSupportQt::resetInternalsObject):
      
      Source/WebKit/win: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      (WebView::reportException):
      (WebView::elementFromJS):
      
      Source/WebKit2: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      (WebKit::InjectedBundle::reportException):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::hasMethod):
      (WebKit::NPJSObject::invoke):
      (WebKit::NPJSObject::invokeDefault):
      (WebKit::NPJSObject::hasProperty):
      (WebKit::NPJSObject::getProperty):
      (WebKit::NPJSObject::setProperty):
      (WebKit::NPJSObject::removeProperty):
      (WebKit::NPJSObject::enumerate):
      (WebKit::NPJSObject::construct):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      * WebProcess/WebPage/WebFrame.cpp:
      (WebKit::WebFrame::jsWrapperForWorld):
      (WebKit::WebFrame::computedStyleIncludingVisitedInfo):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121058 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6d9f86d9
    • peter@chromium.org's avatar
      [Chromium] Disable c++0x compatibility warnings in JavaScriptCore.gyp when building for Android · 166f5bb2
      peter@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=88853
      
      Reviewed by Steve Block.
      
      The Android exclusions were necessary to fix a gyp generation error, as
      the gcc_version variable wasn't being defined for Android. Remove these
      exceptions when Chromium is able to define the gcc_version variable.
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.gyp/JavaScriptCore.gyp:
      
      Source/WebCore:
      
      * WebCore.gyp/WebCore.gyp:
      
      Source/WebKit/chromium:
      
      * WebKit.gyp:
      * WebKitUnitTests.gyp:
      
      Source/WTF:
      
      * WTF.gyp/WTF.gyp:
      
      Tools:
      
      * DumpRenderTree/DumpRenderTree.gyp/DumpRenderTree.gyp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121028 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      166f5bb2
  10. 21 Jun, 2012 5 commits
  11. 20 Jun, 2012 1 commit
    • ggaren@apple.com's avatar
      Reduced (but did not eliminate) use of "berzerker GC" · 4b67d0d8
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89237
      
      Reviewed by Gavin Barraclough.
      
      (PART 1)
      
      This patch turned out to be crashy, so I'm landing the non-crashy bits
      first.
      
      This part is pre-requisite refactoring. I didn't actually turn off
      "berzerker GC" or turn on incremental shrinking.
      
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::removeBlock): Make sure to clear the free list when
      we throw away the block we're currently allocating out of. Otherwise, we'll
      allocate out of a stale free list.
      
      * heap/MarkedSpace.cpp:
      (JSC::Free::Free):
      (JSC::Free::operator()):
      (JSC::Free::returnValue): Refactored this functor to use a shared helper
      function, so we can share our implementation with the incremental sweeper.
      
      Also changed to freeing individual blocks immediately instead of linking
      them into a list for later freeing. This makes the programming interface
      simpler, and it's slightly more efficient to boot.
      
      (JSC::MarkedSpace::~MarkedSpace): Updated for rename.
      
      (JSC::MarkedSpace::freeBlock):
      (JSC::MarkedSpace::freeOrShrinkBlock): New helper functions to share behavior
      with the incremental sweeper.
      
      (JSC::MarkedSpace::shrink): Updated for new functor behavior.
      
      * heap/MarkedSpace.h: Statically typed languages are awesome.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120898 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4b67d0d8